Re: [Fed-Talk] [EXTERNAL] ATO for Notarization?
Re: [Fed-Talk] [EXTERNAL] ATO for Notarization?
- Subject: Re: [Fed-Talk] [EXTERNAL] ATO for Notarization?
- From: Jonathan Hess via Fed-talk <email@hidden>
- Date: Tue, 9 Jul 2019 20:07:05 -0700
To state the obvious, there is nothing simple or easy about our modern cyber
security environment. And, it will get worse.
Asking developers to send their apps to Apple for review is like Apple asking
end users to send their personal data through Apple if they wish to send it to
other users. Apple would have a stance against anything that sounds like the
latter but that is what they are asking in the former case. And worse, the
"data" in the former case may not even "belong" to the developer -- they may be
entrusted with it with associated restrictions and penalties.
Apple has put in a lot of effort to be CSfC certified and hopefully this is
paying off. Unfortunately, this notarization topic is running counter.
A web browser handling sensitive information is one application use case -- the
application itself has no inherent sensitive data. The browser is only routing
and protecting sensitive information.
But a web browser is only one such use case. There are many cases where an
application itself may be sensitive. The reasons are varied and could include
actual restricted algorithms, workflow hints, and hard coded sensitive
information and parameters. Yes, the hard coded parameters could be extracted
to external configuration files but that takes effort when a "developer" may
not have the time, budget, or schedule to do so.
Commercial industry has an increasing mentality that unclassified internet
connectivity is always available. This is simply not the case. There are many
disconnected networks and they are disconnected by design. If any data is
allowed to be moved between them it is repleat with process, checks and
balances, signatures, piles of paperwork, and media that gets shredded. If an
"unclassified" application has been developed or debugged on one of these
networks, having to get it off just to get a required notarization is an
implicit call to use a completely different platform. If that application is
sensitive (classified), requiring it to come off to get notarized is an
explicit requirement to use a different platform.
An "enterprise" developer signing certificate only goes so far. This is
because the concept of "developer enterprise" and "use enterprise" simply don't
match -- the "use enterprise" is potentially much larger (but possibly still
not on the world wide internet). The "use enterprise" is also much more
nebulous and I suspect making it possible for Apple to map out the "use
enterprise" is unacceptable.
Even for "unclassified applications" that are on internet connected intranets
behind firewalls, where are the legal certifications and agreements that let
developers transmit US "FOUO" or "ITAR Restricted" data to Apple. The
certifications that Apple will similiary restrict that information and
understand how to do so.
But wait, Apple is a US firm with a world wide reach so... is Apple going to
support similar agreements for other countries?
Notarization through Apple is a topic that is not going help Apple market share
in sensitive environments. Especially if it is released prematurely and
without understanding of sensitive environments.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden