From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.4 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_00
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,85034d1ac78a66eb
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-03-26 20:39:48 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!newsfeed.cwix.com!newsfeed.icl.net!colt.net!newspeer.clara.net!news.clara.net!psiuk-p2!psiuk-p3!uknet!psiuk-n!news.pace.co.uk!nh.pace.co.uk!not-for-mail
From: "Marin David Condic" <dont.bother.mcondic.auntie.spam@[acm.org>
Newsgroups: comp.lang.ada
Subject: Re: Ada Operating System
Date: Tue, 26 Mar 2002 13:01:44 -0500
Organization: Posted on a server owned by Pace Micro Technology plc
Message-ID: <a7qd2a$b8u$1@nh.pace.co.uk>
References: <a62kmf$giv$1@nh.pace.co.uk>
 <o2td8ug1chantij2e6j80kk56mrafp6e78@4ax.com> <a6825a$75c$1@nh.pace.co.uk>
 <3C88E0D1.89161C16@despammed.com> <a6m8h5$rpb$1@helle.btinternet.com>
 <a6nld6$i4n$1@nh.pace.co.uk> <jgo59u49ro74pbfvoek6ruqqa5o790mq90@4ax.com>
 <wcc8z8se0oe.fsf@shell01.TheWorld.com>
 <v30a9usnp895obfnu6ef8t9h6nnn9fkp1r@4ax.com> <3C9514DD.9CF1F84A@san.rr.com>
 <99da9u0909rsblfdcc1ru7jd2r9q461qhk@4ax.com>
 <a76lbh$8i42@news.cis.okstate.edu>
 <436o9uc7jg590rv5rb1l9v6be8vk49s278@4ax.com> <a7ntns$7hh$1@nh.pace.co.uk>
 <3CA0A0EA.F0CEEC89@despammed.com>
NNTP-Posting-Host: dhcp-200-133.miami.pace.co.uk
X-Trace: nh.pace.co.uk 1017165706 11550 136.170.200.133 (26 Mar 2002 18:01:46
 GMT)
X-Complaints-To: newsmaster@news.cam.pace.co.uk
NNTP-Posting-Date: 26 Mar 2002 18:01:46 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Xref: archiver1.google.com comp.lang.ada:21711
Date: 2002-03-26T18:01:46+00:00
List-Id: <comp.lang.ada>

I know that you believe you understood what you think I said, but I'm not
sure you realize that what you heard is not what I meant... :-)

What I meant was that there would be some process by which the OS could be
booted or otherwise put into a mode that said "I don't care about security -
let me have the machine" and still have some OS services available to you.
There would obviously be a need to make sure that the process by which this
was done would not be so simple as to let it happen accidentally, nor should
it be allowed without some confirmation that the person doing it was
actually allowed to do so. Hence the notion of a "Secret Handshake".

Clearly if this, as yet hypothetical OS, were to be produced and made
available in source code, someone would find any back doors & make them
known. That actually brings up another problem: Assuming you were billing
the system as "secure" by some definition, how would you be sure that any
given distribution *didn't* include a back door? That would be one heck of
an audit process, eh? :-)

MDC
--
Marin David Condic
Senior Software Engineer
Pace Micro Technology Americas    www.pacemicro.com
Enabling the digital revolution
e-Mail:    marin.condic@pacemicro.com


"Wes Groleau" <wesgroleau@despammed.com> wrote in message
news:3CA0A0EA.F0CEEC89@despammed.com...
> You probably didn't mean what it sounds like you mean,
> but I'll argue anyway.  :-)
>
> The change of modes idea is good, but it should be by
> a documented process with security controls.
>
> A "secret handshake" will not stay secret.  Even if it
> is secret, some user somewhere some day will be lucky enough
> or unlucky enough to do it by accident.
>
> Murphy has spoken!
>