[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPv4 Security & MLS
To give an example from a previous life, GE uses 6 vertical levels
("Class 1" thru "Class 6") for company information. The lowest level
is releasable information, as I recall, and the highest is very very
closely held trade secrets.
We should not get locked into using CIPSO because it is not the only
game in town. In particular, most of the DoD has invested in IPSO
(RFC-1108). We need to avoid getting locked into any particular IP
labelling scheme. Actually, there are very serious trust issues with
any unprotected IP option in this context. We need to be careful to
distinguish "trusted" from "trustworthy".
I'm not advocating CIPSO as a syntax, or even as a model. I'm merely
citing it as an example of how the commercial world is moving towards
sensitivity labels, too, and that we should not standardize on an encryption
format that does not recognize that.
Hmm -- I think GE needs a new label, Class 0, for ``information we want
to leak''. The encryptor should pass the data through a Clipper chip....