[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: (IPng) More Endpoint Attributes
Date: Wed, 15 Mar 95 16:12:07 -0500
From: Andy Bayerl <bayerl@zk3.dec.com>
But that still means that a given transaction carries only a single
SAID which addresses a specific SA. In the MLS CMW world, any or all
of the attributes associates with one or both ends of a connections
may modulate. This means that we need a SAID for all the
attribute combinations that are used during a session. For
example, in our (DEC MLS) world using trusted X-windows, the
process privilege set may modulate at a fairly high frequency.
In addition Information Labels may float based upon the data
accessed and visible in a window at any given time. Now for
any given session there may not be a *lot* of different privileges
and/or information labels, but we still would need a SAID to represent
each combination used and the total number is multiplicative as we add
more users with different privileges, more sensitivity levels, etc.
I'm sorry. I think that I missed why we're considering privileges or
information labels as attributes that should be carried in an IP-level
header. I see them both as data that are unnecessary for IP to do its
work. They should be carried by a higher-level protocol. As far as I
can tell, only sensitivity labels would be useful in an IP-level
header. On first consideration, I don't feel at all uncomfortable
with a different SAID for different sensitivity labels.
Dean Jagels
Scientific Atlanta
Dean.Jagels@sciatl.com