Re[2]: (IPng) More Endpoint Attributes

[Dean.Jagels@sciatl.com]

        Date: Wed, 15 Mar 95 16:12:07 -0500
        From: Andy Bayerl <bayerl@zk3.dec.com>
        
        But that still means that a given transaction carries only a single 
        SAID which addresses a specific SA. In the MLS CMW world, any or all 
        of the attributes associates with one or both ends of a connections 
        may modulate. This means that we need a SAID for all the 
        attribute combinations that are used during a session. For 
        example, in our (DEC MLS) world using trusted X-windows, the 
        process privilege set may modulate at a fairly high frequency. 
        In addition Information Labels may float based upon the data 
        accessed and visible in a window at any given time. Now for 
        any given session there may not be a *lot* of different privileges 
        and/or information labels, but we still would need a SAID to represent 
        each combination used and the total number is multiplicative as we add 
        more users with different privileges, more sensitivity levels, etc.
        
I'm sorry.  I think that I missed why we're considering privileges or 
information labels as attributes that should be carried in an IP-level 
header.  I see them both as data that are unnecessary for IP to do its 
work.  They should be carried by a higher-level protocol.  As far as I 
can tell, only sensitivity labels would be useful in an IP-level 
header.  On first consideration, I don't feel at all uncomfortable 
with a different SAID for different sensitivity labels.

Dean Jagels
Scientific Atlanta
Dean.Jagels@sciatl.com

---

• Prev by Date: Re: (IPng) More Endpoint Attributes
• Next by Date: Re: (IPng) More Endpoint Attributes
• Next by thread: Re: (IPng) Proposed Standard or no?
• Index(es):
  • Main
  • Thread