Originally posted by mSparks
View Post
ISO/IEC 27000-series covers many aspects of secure design.
Do notice that 27001 is part of the 27000-series.
mSparks someone is not secure by design because they cannot read before quoting something and that someone is you mSparks.
Secure by design what is written in 27001 about how screen lock should work is how screen locking should work or You don't have have a secure designed screen locker. Same applies to GPU memory security being linked to OS security again you don't have a secure by design solution because parties will be able to get access to data they should not be able to get access to.
Why we have to move way from X11 is lot of core things about X11 once you look closer is broken.
Do note the recent bug where Selinux information inside X11 server was not processed correctly. Yes X11 server has duplicated up selinux handling leading to a code bug in x11 causing security separation not work right. Secure by design does not particularly like duplicating security processing as this normally leads to bugs.
Yes a lot of people want to claim windows and wayland are insecure by design. There is a old saying when "people who live in glass houses shouldn't throw stones"
Please note X11 does not just fail 27001 out the ISO 27000 series either. Fails many of them.
Yes you are right you cannot tack security on to a insecure design. X11 protocol when it was first design it was designed to be insecure. X11 protocol when it comes to security is lipstick on a pig of course you don't want to have to admit this. That no matter how many protocol extensions have been added to X11 due to the core X11 protocol being flaws this has never made X11 protocol usage secure.
Comment