[ih] Gateway Issue: Certification (was Re: booting linux on a 4004)

Sun Oct 6 19:28:30 PDT 2024

Several years ago, I suggested to someone on the ISOC Board that ISOC 
consider developing some kind of "ISOC Approved" logo, and of course 
associated testing mechanisms and bureaucracy.   I'm not sure what if 
anything happened afterwards though.

Jack

On 10/6/24 19:20, Greg Skinner wrote:
> On Oct 4, 2024, at 1:37 PM, Jack Haverty via Internet-history<internet-history at elists.isoc.org>  wrote:
>> Thanks, Greg and Barbara.   I hadn't heard of UNH's lab or NIST's test suites.  It's good to see that somebody's doing something.
>>
>> I think a real measure of such testing and certification is the extent to which organizations, or even individuals, are using such tests and certificates to influence their purchasing decisions.    I don't recall ever seeing a NIST or UNH logo or other indication that a product passed their tests or that an ISP I might sign up with provides some specific certified "capability".   But of course I wasn't really looking for such labelling either.  I wonder if Copilot has any info on that...?
>>
>> NIST's states that certain "IPV6 capabilities ... have since failed to achieve significant support ..."   That statement implies that NIST has data about what "capabilities" are in fact present in products and/or actually used in operational networks.   I wonder what they know, how they learned it, and whether or not they certified it by testing.
>>
>> I haven't used Copilot, but I've been playing a bit with GPT4All running on my desktop.  So far, I'm not impressed much.  I fed it a large folder of "network stuff" I've collected over the decades - emails, papers, reports, documents, and anything else I've gleaned from the email forums or the Web.   I then asked it when was the first gateway on the Internet.  It reported back that the first gateway on the Internet was the Arpanet circa 1970.   Not quite what I expected.
>>
>> Jack
>>
> I put the question “Which networking equipment bears NIST logos?” to Bing Copilot, and here’s what it had to say:
>
> ====
>
> Networking equipment itself typically doesn't bear NIST logos. However, NIST (National Institute of Standards and Technology) provides guidelines and standards for securing network equipment and infrastructure. For example, NIST's Special Publication 800-215 offers guidance on securing enterprise network landscapes, covering technologies like firewalls, VPNs, and secure access service edge (SASE) solutions¹².
>
> If you're looking for equipment that complies with NIST standards, you might want to check if the equipment meets specific NIST guidelines or certifications rather than looking for a NIST logo on the hardware itself. Is there a particular type of networking equipment you're interested in?
>
> Source: Conversation with Copilot, 10/6/2024
> (1) Guide to a Secure Enterprise Network Landscape - NIST Computer Security ....https://csrc.nist.gov/pubs/sp/800/215/final.
> (2) NIST Publishes SP 800-215: Guide to a Secure Enterprise Network ....https://csrc.nist.gov/News/2022/sp-800-215-secure-enterprise-network-landscape.
> (3) Networking - NIST.https://www.nist.gov/networking.
>
> ====
>
> For some of the things we’ve been discussing, such as ECN, I don’t think a certification logo would be of much use to end users.  I could make an argument for certification logos for standards that are more visible to end users, such as HTTPS, SSL/TLS, and a few others.
>
> --gregbo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20241006/b2e5780c/attachment.asc>