Subject: Re: Fwd: Re: Microsoft: Closed source is more secure
From: "Jonathan S. Shapiro" <>
Date: Sun, 6 May 2001 07:25:15 -0400

> [I'm Ccing Dan to give him a chance to rebut my comments...]

Then by all means let us also give him some context.

Dan: I have sent about three notes to FSB at this point trying to clarify
what it means to say that something is high-assurance software. This
followed a discussion about djbdns in which several unusual attributes of
the implementation and documentation were outlined by others. Most of these
unusual attributes have now been explained on the list.

I have said nothing negative about the security of djbdns. In fact, I've
agreed that based on the reported bugs it looks pretty good, and that the
reward offer is certainly a good and useful thing to have.

What I *have* said is that based on the descriptions on FSB to date, [and
also based on my own examination of the qmail package at one point, though I
didn't mention this on the list,] I am aware of no evidence that would
support a claim for high assurance. In particular, I am not aware that any
rigorous and proper evaluation process has been done for either piece of
software. If I am mistaken about this, I would be *delighted*, and I hope
that you will correct me.

I want to emphasize that when I use the term "high assurance", I am speaking
in the context of security standards and processes such as Common Criteria
(and friends). I am not trying to make any claim about djbdns. Rather, I am
trying to point out some deficiencies in people's understanding of the term