[ previous ] [ next ] [ threads ]
 
 From:  Jean Everson Martina <everson at inf dot ufsc dot br>
 To:  Jim Thompson <jim at netgate dot com>
 Cc:  "Sancho2k.net Lists" <lists at sancho2k dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] icsa certified
 Date:  Thu, 24 Mar 2005 05:25:56 -0300
Jim Thompson wrote:
> 
> On Mar 23, 2005, at 12:04 PM, Sancho2k.net Lists wrote:
> 
>> Chris Buechler wrote:
>>
>>> If anybody is willing to pay the $25K USD per classification per year
>>>  to certify it, I'm sure it could be done.  The only certified 
>>> firewalls on their list [1] are commercial, since no open source 
>>> project has the cash for certification.
>>
>>
>> Or since no one really cares?
>>
>> I see too many products on their list that meet their criteria that I 
>> wouldn't touch with a 40-foot pole. It reminds me of the security 
>> criteria that OS vendors are expected to meet in order to be certifed 
>> on one of the U.S. government's various security safe lists. When I 
>> don't see BSD on the list but I do see Windows 2000 I have a hard time 
>> taking it seriously.
> 
> 
> ICSA is one of those remnants of the "firewall wars", circa 1995 or so. 
>   (Netgate was originally the name
> of the firewall/ipsec product that smallworks(.com, now my blog) produced.)
> 
> Likely that if you want to sell to corporations, you'll want it.  If 
> you're inside the corp, deploy m0n0 (or pfsense) and be done with it.

I was the one who started the movement to have m0n0 ICSA certified 
sometime ago. I got all the specs needed by ICSA and developed a bunch 
of patches to make m0n0 (1.1) get it. The problem was discussed a lot in 
this mailing list. I had the money to start it (U$ 50k), but to 
acomplish that, there should happen some modifications on the project 
directions, and Developers didn't want some of them. My intent never was 
to start a new fork, so I gave up.


Jean
smime.p7s (5.8 KB, application/x-pkcs7-signature)