RE: Regarding the Type Enforcement Licensing Discussion

RE: Regarding the Type Enforcement Licensing Discussion

[Westerman, Mark]

[-- Attachment #1: Type: text/plain, Size: 2849 bytes --]

Dear Tom,
 
I have notice that you have remove the web link from you web site. That
which states
Quoting for your web site page that was removed FAQ Question Number 6.
"There will be no restrictions on the use of TE be the Linux open source
community"
 
It is clear from you comment below that Secure Computing is try to pull a
fast one
on the open source community. It is obvious that the Licensing question has
allready 
been answered by the web page your web site stated. Once you put that remark

into the public domain YOU CANNOT RETRACT IT. 
 
 
>From the NSA WEB site
 
 Secure Computing Corporation (SCC) 
     Secure Computing Corporation developed a preliminary security policy
     configuration for the system that was used as a starting point for NAI
Labs'
     configuration. They have also developed several new or modified
utilities. 
 
also form the WEB PAGE YOU TOOK OFF YOUR SITE.
 
"We will release source code for all the modifications to the existing
kernel and for a 
general-purpose security policy engine under the GPL. We are still defining
the exact 
functionality of this engine, but it will support a broad set of basic
applications, it will 
be functional, and it will be complete enough to enable the Linux community
to develop 
other policy engines. We expect that others will choose to enhance this code
and return 
their enhancements to the community. "
 
 
All the code that NAI Labs used was release under the GPL Licensing.
 

I think I need to perform a FREEDOM OF INFORMATION REQUEST to
request a copy of the contract you had with the NSA
 
 
WHY DID YOU REMOVE THIS PAGE FROM YOUR WEB SITE.
 
I have  a saved copy and a copy of you search page that pointed to 
the web page you removed
 
Mark Westerman
 
Any body who would like a copy let me know and I will send it to you.
 
 
 -----Original Message-----
From: Haigh, Tom [mailto:tom_haigh@securecomputing.com]
Sent: Friday, June 07, 2002 11:14 AM
To: linux-security-module@wirex.com; 'selinux@tycho.nsa.gov'
Subject: Regarding the Type Enforcement Licensing Discussion



We have been reviewing all the discussion on this topic, and it is obvious
that we are dealing with complex issues, which require some careful
consideration.  We would

like to set the record straight with a clear statement, and we will do that 
soon.  However, we want to avoid creating more confusion, so we are going to
take a little time to reflect before we respond.  My initial response was
intended to let people know that the licensing issues have not yet been
resolved.  I apologize for the confusion it has caused.  We want to be sure
that our next statement is both clear and definitive.    

Your insights, concerns and opinions are helpful to us, and they are an
important consideration as we think this through.  Thanks for your patience
and understanding.

Tom Haigh 


[-- Attachment #2: Type: text/html, Size: 9146 bytes --]

RE: Regarding the Type Enforcement Licensing Discussion

[Westerman, Mark]

Crispin Cowan wrote:


> Now lets just calm down. While that is possible, it is not 
> clear that is the case, and I dare say it is not even likely. 
> What's likely happening is that SCC geeks are having it out 
> with SCC legal, and they  don't want to say ANYTHING until 
> they can say something definitive. In this context, removing 
> the previous vague & confusing statement just seems responsible.
> 
> Crispin

What is vague or confusing about:
"There will be no restrictions on the use of TE be the Linux
open source community."

Or

"We will release source code for all the modifications to the 
existing kernel and for a general-purose security policy engine
under the GPL"

Which they did. That is what the NAI based there work on.

Mark

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Regarding the Type Enforcement Licensing Discussion

[Don Marti]

begin Westerman, Mark quotation of Fri, Jun 07, 2002 at 01:02:00PM -0500:

> What is vague or confusing about:
> "There will be no restrictions on the use of TE be the Linux
> open source community."

A web page, policy or promise is not necessarily a legally valid
patent license.

"Unisys does not require licensing, or fees to be paid, for
non-commercial, non-profit GIF-based applications, including those
for use on the on-line services." 

-- Unisys Clarifies Policy Regarding Patent Use in On-Line Service
   Offerings (1995)

-- 
Don Marti                                          
http://zgp.org/~dmarti                       Help spread accurate information 
dmarti@zgp.org                      about Xenu and the Church of Scientology.
KG6INA           <a href="http://xenu.net/">Scientology</a> on your web site.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Regarding the Type Enforcement Licensing Discussion

[Kylus]

On Fri, Jun 07, 2002 at 12:43:05PM -0500, Westerman, Mark [Mark.Westerman@csoconline.com] wrote:
>    been  answered by the web page your web site stated. Once you put that
>    remark
> 
>    into the public domain YOU CANNOT RETRACT IT.


And for anyone who'd like to verify it, take a look at Google's cache:

http://216.239.51.100/search?q=cache:qN9rph0m6RYC:www.securecomputing.com/archive/press/2000/nsa_faq_secure_linux.html+securecomputing+linux&hl=en&ie=UTF8

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Regarding the Type Enforcement Licensing Discussion

[Westerman, Mark]

[-- Attachment #1: Type: text/plain, Size: 5634 bytes --]

Tom,
 
 
It seem that you post a similar message to the nl.linux.org mailing list in
Jan 2000. http://mail.nl.linux.org/securedistros/2000-01/msg00012.html
<http://mail.nl.linux.org/securedistros/2000-01/msg00012.html> 
 
Quote "When we have figured out just how to handle this, I will post the
resolution here." From the selinux mailing list, Jun 2002 
 
Quote "However, we want to avoid creating more confusion, so we are going to
take 
a little time to reflect before we respond."
 
 
I have clam down since my last post on this subject and I apologize
for the Flame. 
 
Questions:
Did you resolve this issue two years ago?
   If so, could you please post the results here.
Did the contract you accepted from the NSA resolve this issue?
   If so, could you please post the results here 

We really need to put this issue to bed. To prevent statements 
like 
 
"Our company will not be using the SELinux for clients because, our
management has determined the situation is to confusing and will not place
our business at risk.
 
Pamela Patterson
OpenDNS Crop
 "
 
Thanks,
Mark Westerman
 
>From you post 
http://mail.nl.linux.org/securedistros/2000-01/msg00012.html
<http://mail.nl.linux.org/securedistros/2000-01/msg00012.html> 
Secure Computing's Plans for Type Enforced Linux
 
 
 
     To: securedistros@nl.linux.org <mailto:securedistros@nl.linux.org>  
     Subject: Secure Computing's Plans for Type Enforced Linux 
     From: Tom Haigh < tom_haigh@securecomputing.com
<mailto:tom_haigh@securecomputing.com> > 
     Date: Fri, 21 Jan 2000 10:48:25 -0600 
     References: < CMM.0.90.4.948178145.neumann@chiron.csl.sri.com
<mailto:CMM.0.90.4.948178145.neumann@chiron.csl.sri.com> > <
200001191057.DAA21079@aztec.santafe.edu
<mailto:200001191057.DAA21079@aztec.santafe.edu> >
     < 3885FB0D.FC3BFC95@darpa.mil <mailto:3885FB0D.FC3BFC95@darpa.mil> > <
200001200629.XAA22118@aztec.santafe.edu
<mailto:200001200629.XAA22118@aztec.santafe.edu> > 
     Reply-To: securedistros@nl.linux.org
<mailto:securedistros@nl.linux.org>  
     Sender: owner-securedistros@nl.linux.org
<mailto:owner-securedistros@nl.linux.org>  
 
 
 
I just posted the following message to the open-source discussion group
at SRI.  It belongs here as well.
 
--Tom 
 
It is past time for me to jump into this discussion.  Secure Computing
is commited to being a responsible, contributing member of the open source 
community.  One of the conditions of accepting the contract from NSA was
that 
we be able to make the results of the contract available to the community.
I have 
appended a portion of a FAQ that we released internally on the topic.
 
I will also say that our legal folks are still looking at the best way
to do this. Needless to say, we are not excited about other vendors coming 
up with proprietary versions of type enforcement.  We believe that opening 
up the TE work to the broader community will be a win for all of us.  The 
proposals made by Brian Witten and Richard Stallman are very interesting 
to us, and I want to explore those more out of band with
anyone who is interested.
 
When we have figured out just how to handle this, I will post the
resolution here.  We appreciate the interest that you all have shown and 
the good suggestions that have been
made.  Thanks very much.
 
Tom Haigh, CTO
Secure Computing Corp.
2675 Long Lake Road
Roseville, MN 55343
651-628-2738
haigh@securecomputing.com <mailto:haigh@securecomputing.com> 
 
Question 5: What about the open source licensing?  What does this mean
for your Type Enforcement technology on Linux?
 
It is our intention to be an active, responsible member of the open source
community.
We will work with partners to develop new product offerings that will
benefit our
customers, our partners, and us.
Our modifications to Linux will consist of:
  - strong policy enforcement code which is in the kernel itself,
  - a flexible policy engine which is structured as a separate module
 
We will open source all the modifications to the kernel as well as deliver a
general-purpose security policy engine.  We are still defining the exact
functionality
of this engine, but it will support a broad set of basic applications,
it will be functional and it will be complete enough to enable the Linux
community
to develop other policy engines.  We hope that others will choose to enhance
this
engine and/or develop their own policy engines that are optimized for their
purposes.
 
Separately, we will use Linux and develop Linux policy engines for our
own products, such as Sidewinder.  These policy engines will remain
proprietary to
Secure Computing.
 

-----Original Message-----
From: Haigh, Tom [mailto:tom_haigh@securecomputing.com]
Sent: Friday, June 07, 2002 11:14 AM
To: linux-security-module@wirex.com; 'selinux@tycho.nsa.gov'
Subject: Regarding the Type Enforcement Licensing Discussion



We have been reviewing all the discussion on this topic, and it is obvious
that we are dealing with complex issues, which require some careful
consideration.  We would

like to set the record straight with a clear statement, and we will do that 
soon.  However, we want to avoid creating more confusion, so we are going to
take a little time to reflect before we respond.  My initial response was
intended to let people know that the licensing issues have not yet been
resolved.  I apologize for the confusion it has caused.  We want to be sure
that our next statement is both clear and definitive.    

Your insights, concerns and opinions are helpful to us, and they are an
important consideration as we think this through.  Thanks for your patience
and understanding.

Tom Haigh 


[-- Attachment #2: Type: text/html, Size: 11936 bytes --]