This is a multi-part message in MIME format. --------------8FCEC75548522E67EA0A55CA Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Josef Pojsl wrote: > Jerald, > > many thanks for your input. I was especially concerned about the version > of FreeBSD that is your product based on. I was not able to find > any reference about it on your web site - have I missed something? > I don't believe that it is posted on our web site. That was my contribution from within. > > To restate my position, it comes from my strong belief that open systems > are more secure. I did not mean to impeach anyone's competence personally. > Still, IMHO, fixes and enhancements given to public are likely to be > more secure. For any security fixes and/or enhancements made by Nokia, > I would expect one of the following to happen: > > 1) You send them to the FreeBSD team that will eventually create patches > or, in the case of new features, (a) port(s). This is my favourite > as the authors of the OS know their system better than anyone. > It is possible that the FreeBSD team might be able to integrate the changes that we make to IPSO, but I sincerely doubt it. The core of IPSO's TCP/IP deviates from the FreeBSD code base since 2.2.6. IPSO is an operating that is different from FreeBSD as much as SunOS is. > > 2) If you want to keep your changes private and base your business > on them, you transparently explain what exactly has been changed > or added and how (ideally, you would make the sources public, > eventually still keeping your intelectual property). > Not a bad suggestion, but certainly one that would be made by others within the organization. :-) > > With full respect to the skills and commitment of your team, > I can't fully trust general statements about higher > security of your product unless there is a chance to look at it in detail. > That makes sense to me. Perhaps I would have been wiser to state that IPSO is a hardened operating system that could be compared to what you would have if you installed the Solaris Core + enough packages, in order to run ASET and BSM, preparing the system to be a firewall. I would like to refer to this as a hardened OS. This, and the known FreeBSD TCP/IP security holes that have been plugged up, are the two things that I was thinking of when I made my statement that IPSO is more secure than FreeBSD. Cheers, Jerald > > With regards, > Josef > > On Fri, Feb 04, 2000 at 09:02:17PM -0800, Jerald Josephs wrote: > > IPSO is based upon FreeBSD 2.2.6. > > All known security issues in FreeBSD have been incorporated into IPSO > > as we have become aware of them. > > > > Whereas FreeBSD is an effort supported by contributions from many sources, > > IPSO development is a concerted effort under the focused attention of a group > > of engineers that include some who have been involved in UNIX development > > since the beginning of UNIX. > > > > I respect your concern, Josef, however, IPSO is MORE SECURE than any > > implementation of FreeBSD that you can obtain. > > > > You suggest that Nokia is not competent when it comes to OS development > > because you assume that the Security Platforms are engineered by those who > > are responsible for other Nokia products, such as mobile phones. Perhaps you > > don't recall that Nokia acquired Ipsilon Networks in 1997 and the IP in IP650 > > means Ipsilon. The Nokia Security Platform continues to be developed under > > the direct supervision of the original core group that made up Ipsilon Networks. > > > > I am one of them. > > > > Sincerely, > > > > --- Jerald Josephs -- Jerald.Josephsat_private (650) 625-2175 (office) Manager Proactive Services Nokia IP Routing Group http://www.iprg.nokia.com Customer Support (888)477-9824 or (650)625-2525 --------------8FCEC75548522E67EA0A55CA Content-Type: text/x-vcard; charset=us-ascii; name="jerald.josephs.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Jerald Josephs Content-Disposition: attachment; filename="jerald.josephs.vcf" begin:vcard n:Josephs;Jerald tel;fax:650-625-2903 tel;work:650-625-2175 x-mozilla-html:TRUE url:http://www.iprg.nokia.com org:Nokia IP Routing Group;Customer Services adr:;;313 Fairchild Ave;Mountain View;California;94043;USA version:2.1 email;internet:Jerald.Josephsat_private title:Manager Proactive Services x-mozilla-cpt:;0 fn:Jerald Josephs end:vcard --------------8FCEC75548522E67EA0A55CA--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:33 PDT