---------- Forwarded message ---------- Date: Wed, 7 May 1997 14:17:55 -0400 From: Craig Nulan <Craig.Nulan@ccmail.irs.gov> To: Bill Stout <stoutb@pios.com>, ntsecurity@iss.net Subject: Re: [NTSEC] 64-bit En/Decryption speed 577 Mghz No hardware abstraction layer The native platform on which NT was developed No need to validate beyond this. 10 times or faster. The DEC marketing rhetoric re: Alphas, is fairly reliable, unlike Microsoft's representations re: NT security. Has anyone else on this list examined the apparent demise of TCSEC product evaluations? Anyone else questioned why MS failed to keep NT in the RAMP process subsequent to getting version 3.5 C2 certified in a workstation configuration? Does it strike anyone else as odd that the U.K.'s ITSEC product evaluations are vendor sponsored, vendor scheduled, and conducted in private test environments? Does anyone believe that NT can ever be restructured into a general purpose operating system? A secure, general purpose O/S? Two URL's you'll want to remember. csrc.nist.gov - here you'll want to look at the the `94 and `95 annual reports (and meeting minutes) of the Computer Security and Privacy Advisory Board www.ecma.ch - where you can read first hand how security evaluation criteria are evolving Could it be that it's time to consider NT security from the perspective of the forest rather than from the perspective of endless little leaves on endless expanses of trees?