LOL Do you know what the core of ISO/IEC 27001 is.

On the page you pointed to.



Do notice that 27001 is part of the 27000-series.

mSparks someone is not secure by design because they cannot read before quoting something and that someone is you mSparks.

Secure by design what is written in 27001 about how screen lock should work is how screen locking should work or You don't have have a secure designed screen locker. Same applies to GPU memory security being linked to OS security again you don't have a secure by design solution because parties will be able to get access to data they should not be able to get access to.

Why we have to move way from X11 is lot of core things about X11 once you look closer is broken.

Do note the recent bug where Selinux information inside X11 server was not processed correctly. Yes X11 server has duplicated up selinux handling leading to a code bug in x11 causing security separation not work right. Secure by design does not particularly like duplicating security processing as this normally leads to bugs.

Yes a lot of people want to claim windows and wayland are insecure by design. There is a old saying when "people who live in glass houses shouldn't throw stones"

Please note X11 does not just fail 27001 out the ISO 27000 series either. Fails many of them.

Yes you are right you cannot tack security on to a insecure design. X11 protocol when it was first design it was designed to be insecure. X11 protocol when it comes to security is lipstick on a pig of course you don't want to have to admit this. That no matter how many protocol extensions have been added to X11 due to the core X11 protocol being flaws this has never made X11 protocol usage secure.

Yes, its an audit, where you pay a company to give you a certificate.

If I hired such a company required that systems didn't use X11 I would fire them for gross incompetence, call in the lawyers to rip them apart for gross incompetence, while finding a company not grossly incompetent.

Not new, there have been auditors claim any use of open source software is grounds to fail the audit, although they probably aren't in business any more.
Unlike these guys I wouldn't be paying to give them powerpoint training on how to do their job.



Because it is. so sayeth the thousands of breaches as evidence it is.

If X11 fails 27001, then so does HTTPS, SSH, TCP/IP, definitely xwayland (which is just a proxy for X11), RDP, UDP and telnet and every other protocol that is less secure.
So I guess they're all going back to pen and paper over a redphone.
Or you are talking bullshit.
I'm going with you talking bullshit.

i really don't know what is your goal here... sounds not helpfull for me.

Design and implementation are two different things. Breaches is only evidence of flawed implementation.

xwayland does not implement all of the X11 protocol this is intentional. The lock screen extension of X11 is missing from xwayland because it does not work so you cannot run a insecure lock screen..

HTTPS does in fact support doing a secure lock screen as you do with RDP now if your HTTP application implements that correctly that a different matter. SSH not transporting
I gave you this for a reason. Yes you are right ssh you cannot do this its old technology you don't have the means to send absolutely please clear displayed items and lock screen.. You should be able with how smart you are claiming to be mSparks implement the RDP method using HTMLS application. You see government made HTML applications doing this all the time when they log you out for inactivity.

Do note that RDP server is like XFreeRDP in the Wslg example. Its a proxy between the RDP location generation the output and the RDP client. So screen can be locked independent to what going on.

telnet has failed security audits forever.

Both X11 and ssh protocols have got the the point they don't have the features to keep on passing 27001. Microsoft has been progressively improving RDP design to keep up with 27001 standard changes as well as other standards.

Lack developer rot is really starting to show with X11 protocol and ssh protocol.

mSparks
I did not say you could not use X11 at all at this point. To have a working screenlocker to current 27001:2022 you would most likely be force to use a Wayland compositor with xwayland inside.

Yes running your X11 application in individual xwayland servers allows you to get you applications graphical data correctly covers by the platform MLS so that all data of the application is always correctly tagged in memory. Yes this is still using a loophole in the current 27001:2022.

Yes the trusted extensions in X11 by current 27001:2022 don't pass either because this should be the platform MLS not code inside the xserver. Wayland protocol has this right.

mSparks I am not talking bullshit you wish I was. No one has been working on the X11 or SSH protocols making sure that you can implemented everything you require to meet 27001 as the standard has evolved over time. Please note I am only picking on 27001 but there are others in the 27000 series that should have caused alterations to the ssh/X11 protocol that neither protocol has been extended or altered so you can make a 27000 series conforming solution..

This is the serous elephant in the room. X11 bare metal with the current X11 protocol you can not make a solution that passes what you need for 27000 series the 2022 and new versions this is fact.

At some point lack of investment in x.org bare metal server was going to start causing problems. It started with 27000:2018 drafts and most people did not pay attention..​

secure by design provides security assuming the implementation is flawed, which it pretty much always will be.

insecurities arise from assuming an implementation isnt flawed when it, of course, is.

probably the worst example I have seen with that is posits that wayland allows you to run insecure apps in what should be a secure environment. Nope, that breaks every rule in the book. google just spent about a decade learning that with android the hard way.

the main problem for linux desktop was always that is was too secure for most organisations.

The funniest example I found today. DGI drones transmit the operators gps location unencrypted.

You need to start quoting what you are talking about, because so far all you have shown is you talk a lot of bullshit and say lots of things that not just simply arent true, but that you know are not true.

here is some reference material for you to start with



Are you employed by software pirates maybe?

You asked why should you be swapping from steamos to paying for rhel10.

I dont know, you dont know. therefore what I was saying about the consequences of rhel10 switching to xwayland and wayland stand on their own merits.

Please give me the example of this. I 100 percent bet someone did not setup their LSM policy correctly..

Can you connect to a wayland compositor without the LSM approval the answer is no. Can data transfer between wayland clients without LSM approval again no.


LOL because someone will not put up with you garbage they have to be paid.



By the way I already gave you stuff written as training.

ISO 27001 Control A.7.7

Requires a correctly functional screen locker.



mSparks simple task write a post countering the exact above blog how X11 server has working screen locking instead of what this blog says that is clear X11 does not have working screen-locking with examples that prove it. Please note it detailed it does not. If you don't have functional screen locking you don't pass ISO 27001:2022 Control A7.7

The reality is KDE Wayland passes ISO 27001:2022 Control A7.7 but KDE X11 does not. You find the same with gnome as well.

I had already in prior posts given you the iso27001 stuff just ask for in links just not had read it. So lose the idea of trying to cover me in garbage documents.

mSparks if you cannot write how X11 has a functional correct screen locker then X11 bare metal server cannot be used on desktop systems once you have to pass ISO 27001:2022.

there is a different section in ISO27001:2022 that covers process separation but lets keep this next set of posts simple restricted to ISO 27001 Control A.7.7 we will move on to the one that makes Nvidia current drivers not pass if you are able to pass the screen locker requirement.

It was you?

Along the lines of X11 is no good for installing any old applications from unknown sources, therefore we need wayland.

since both wayland and Xorg use libinput and mesa, either both can work or neither can work.

X11 does work, google had it ISO 27001 certified, your 2015 is very outdated.

The post you just replied to has links to the certs.





There are no wayland screen lockers, screen locking is not part of the wayland specification.

Im sure that is one of the reasons wayland compositors are not a supported config for google employees.

"wayland breaks everything and offers nothing", last I heard the only screenlocking for wayland was provided by KDE and gnome (rather than wayland) and both suffer from the "turn themselves off if you plug a second screen in" issue.

So if that really was certified then iso27001 is pretty worthless no?

Mind you, we knew that already, since windows is certified and the windows screenlocker is the easiest way to gain admin access to a machine you only have user rights for.

Thanks for the offer, but no thanks, not interested.

Try again.
ISO27001 has had loopholes. Google has attempted to update that certificate on xsecurelock and has been told no way in hell. Once you do the tests the KDE lays out turns out xsecurelock fails.



List of why ​xsecurelock cannot get newer certificate than 2015.

The google developer admits it unfix-able without stopping using X11.

I asked for ISO27001:2022 and here you attempt to using 2015 certification that the developer of the program admits is broken.

Please try again to pass "ISO 27001:2022 Control A7.7" I have asked for a particular version or newer mSparks.

As noted Wayland compositors don't have 100 percent good time with "ISO 27001:2022 Control A7.7" either but they are more successful than X11.

mSparks; hopefully you next post is not a stack of garbage caused by you failing to read the developer notes on the program you a quoting and noticing the failure equals do not get a new ISO27001 certificate.

Do remember at this point google and other can still use old certificates the problem is they cannot get new certificates issued so they are on a count down because when the government requirement increases in ISO20001 year past 2015 they cannot keep on using the xsecurelock program either.

mSparks googling for ISO27001 certificates is pointless against the problem because old certificates had lower requirements to jump over.

It started with 27000:2018 drafts and most people did not pay attention..​

It pays to check what changed in 2018 drafts compared to 2017. Yes google xsecurelock if google had applied for a certificate in 2017 they could have got it. But in 2018 applying for a certificate equals rejection. 2018 adds a define for a functional screen locker so near enough is no longer good enough.

Note the 27000:2018 drafts were first published in 2017 so yes you could have see opps they are restricting this and applied for 2017 certification and got it.

rofl

according to what source?