[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv4 Security & MLS

To: karn@qualcomm.com (Phil Karn)
Subject: Re: IPv4 Security & MLS
From: smb@research.att.com
Date: Fri, 23 Apr 93 09:36:32 EDT
Cc: atkinson@tengwar.itd.nrl.navy.mil (Ran Atkinson), ipsec@ans.net

	 I don't know much about how labeling and encryption interact,
	 but isn't it the case that once you encrypt something it
	 becomes unclassified?  Otherwise you would never be able to
	 send ciphertext over radio, open phone lines, etc. Once you
	 decrypt the information, of course, it again becomes
	 classified.

	 So it seems that any security labels would be logically part
	 of the data "inside" an encrypting security protocol, and thus
	 not a direct concern of the security protocol itself.

Yes and no.  In an environment where labels exist, the key management
protocol has to generate keys for each label and host pair, and the
host encryption software has to know that there is a key per label
and destination or source.

Prev by Date: Re: IPv4 Security redux
Next by Date: Re: IPv4 Security & MLS
Prev by thread: Re: IPv4 Security & MLS
Next by thread: Re: IPv4 Security & MLS
Index(es):
- Main
- Thread