[CentOS] SELinux - way of the future or good idea but !!!

Tue Nov 30 15:45:38 UTC 2010
Ben McGinnes <ben at adversary.org>

On 1/12/10 2:32 AM, m.roth at 5-cent.us wrote:
> Ben McGinnes wrote:
>>
>> The reason for the second one is pretty obvious, though, they know
>> that SELinux would be (and is) used by non-Americans and they don't
>> want to protect foreign secrets, they want to discover them.
> 
> Um, not quite: there *are* export controls on encryption, and even
> if they wanted it, they couldn't.

With the crypto that is already included by default in Linux
(e.g. OpenSSH, OpenSSL, etc.), US companies are already unable to
distribute their products to those few countries left on the list that
those export controls apply to (not that that actually stops those
countries from obtaining it anyway).  You won't find any RHEL service
contracts in Syria, Cuba, Iran, North Korea and whichever other
countries are on the list (I can't be bothered looking it up).

It's more likely that the NSA reasoning is operational rather than
legal.  There are already enough suppliers of cryptographic software
within the United States to show that compliance with that legislation
is still possible.  The NSA know that the crypto genie is out of the
bottle, they're just not willing to share their own advances.  Which
makes sense considering what they do, it's not like GCHQ shares its
advances with UK firms or the DSD shares theirs with Australian firms.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101201/8de07258/attachment-0005.sig>