[LWN Logo]

Date:   Fri, 21 Jan 2000 10:48:25 -0600
From:   Tom Haigh <tom_haigh@securecomputing.com>
To:     securedistros@nl.linux.org
Subject: Secure Computing's Plans for Type Enforced Linux

I just posted the following message to the open-source discussion group
at SRI.  It belongs here as well.

--Tom 

It is past time for me to jump into this discussion.  Secure Computing
is commited to
being a responsible, contributing member of the open source community. 
One of the
conditions of accepting the contract from NSA was that we be able to
make the results
of the contract available to the community.  I have appended a portion
of a FAQ that we
released internally on the topic.

I will also say that our legal folks are still looking at the best way
to do this.
Needless to say, we are not excited about other vendors coming up with
proprietary
versions of type enforcement.  We believe that opening up the TE work to
the broader
community will be a win for all of us.  The proposals made by Brian
Witten and Richard
Stallman are very interesting to us, and I want to explore those more
out of band with
anyone who is interested.

When we have figured out just how to handle this, I will post the
resolution here.  We
appreciate the interest that you all have shown and the good suggestions
that have been
made.  Thanks very much.

Tom Haigh, CTO
Secure Computing Corp.
2675 Long Lake Road
Roseville, MN 55343
651-628-2738
haigh@securecomputing.com

Question 5: What about the open source licensing?  What does this mean
for your Type
Enforcement technology on Linux?

It is our intention to be an active, responsible member of the open
source community.
We will work with partners to develop new product offerings that will
benefit our
customers, our partners, and us.
Our modifications to Linux will consist of:
  - strong policy enforcement code which is in the kernel itself,
  - a flexible policy engine which is structured as a separate module

We will open source all the modifications to the kernel as well as
deliver a
general-purpose security policy engine.  We are still defining the exact
functionality
of this engine, but it will support a broad set of basic applications,
it will be
functional and it will be complete enough to enable the Linux community
to develop
other policy engines.  We hope that others will choose to enhance this
engine and/or
develop their own policy engines that are optimized for their purposes.

Separately, we will use Linux and develop Linux policy engines for our
own products,
such as Sidewinder.  These policy engines will remain proprietary to
Secure Computing.
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/