Chris, STs and CCs and that's only part of the problem with this complex thing. My main hatred (hmmm, no that's not to strong a word) of the CC is that it easily fools the unsuspecting into thinking that it is *the* solution to their problems. It sounds so wonderful. A common, government blessed criteria. So they envision a single firewall criteria set that all firewalls have to achieve making their selection job much easier. But that is not what they get. In fact, I think it makes their selection harder because first they have to understand security targets and criteria sets and all the other stuff. I've been on record in supporting ICSA Labs certification. I supported it when a vendor, and still do. But if you don't like ICSA then go with some other private sector certification. Or come up with your own with a simpler criteria set. Not one that covers every possible computer-based product that might need some kind of certification (ah ha! but it isn't even a certification, is it). The Common Criteria is cumbersome and looks like it was invented by government committee. And son-of-a-gun, it was... Sorry. I guess I'm ranting (though not raving.. yet). Better adjust my medication. Fred - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
