[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSP & Labels

To: Paul_Lambert@poncho.phx.sectel.mot.com
Subject: Re: IPSP & Labels
From: atkinson@itd.nrl.navy.mil (Ran Atkinson)
Date: Fri, 9 Jul 93 02:33:20 EDT
Cc: ipsec@ans.net

Paul,

  I don't think I was very clear.  Please permit me to try to clarify
my view...

  IPSP should permit the use of Internet Standard IP options to carry
labels.  IPSP should not include a field within the IPSP protocol that
is a sensitivity label field.  This way we decouple the security
mechanism from the sensitivity label mechanism somewhat and thereby
permit innovation and improvement in IP labelling through the lifetime
of IPSP without having to modify IPSP.  Also, different communities
might have different views on what kinds of labels are useful to
have/use.  

  This decoupling of labelling from protection also promotes the
ability to have labelled IPv4 traffic be sent through an IPSP engine
for protection and then reappear on the far end, be unprotected, and
have the original labels be intact so that the protection mechanism is
less obtrusive into ordinary users (thinking mainly of the
subnet--subnet protection model as an example here).

Ran
atkinson@itd.nrl.navy.mil

Prev by Date: Re: >IPSEC Agenda
Next by Date: Internet Drafts & IPSP work
Prev by thread: IPSP & Labels
Next by thread: Re: IPSP & Labels
Index(es):
- Main
- Thread