Re: IPsec near term work

[Steve Kent <kent@BBN.COM>]

Steve B.,

	There is a considerable body of work on lattice models of
security, which is based on a formal model of a sensitivity or
integrity policy plus rigorous labelling of sensitivity of information
or of the integrity of information.  Sensitivity labelling has been
found to be quite useful in modelling real world security concerns in
some contexts and thus we have systems today that embody that
labelling and are used in these contexts.  The integrity aspect of
labelling has not been found to generally useful and we have few if
any systems that make use of such facilities.

	The PGP web lacks a formal model that relates it to the real
world.  My personal view is that individuals have great difficulty
codifying their model of trust and making it rigorous enough to fit
this sort of model, especially since PGP calls for each individual to
do this on a local basis.  In contrast, the formal model for
sensitivity is trivially intuitive (yet the formal rendition of it is
hardly trivial).  Superficially, one might argue that the integrity
model is closer to the web of trust, but I think that too will not
stand up to close scrutiny.

	So, by all means, have someone knowledgable about the long
history of lattice model security look at the issues here and try to
connect them, but my prediction is that this will not be fruitful.

Steve

---

Follow-Ups:

• Re: IPsec near term work
• From: "Perry E. Metzger" <pmetzger@lehman.com>

References:

• Re: IPsec near term work
• From: smb@research.att.com

---

• Prev by Date: Re: IPSEC Charter - New Draft for review
• Next by Date: Re: IPsec near term work
• Prev by thread: Re: IPsec near term work
• Next by thread: Re: IPsec near term work
• Index(es):
  • Main
  • Thread