[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[3]: (IPng) More Endpoint Attributes

To: Dean.Jagels@sciatl.com
Subject: Re[3]: (IPng) More Endpoint Attributes
From: throop@dg-rtp.dg.com (Dean D. Throop)
Date: Thu, 16 Mar 1995 15:46:00 -0500
Cc: ipsec@ans.net, bayerl@zk3.dec.com

> From: Dean.Jagels@Sciatl.COM
> Subject: Re[2]: (IPng) More Endpoint Attributes
> To: bayerl@zk3.dec.com

...
> header.  On first consideration, I don't feel at all uncomfortable 
> with a different SAID for different sensitivity labels.

That was my first thought.  However someone pointed out that maybe the
MAC label should be encoded.  If the MAC label is in plain text, that
lets attackers concentrate their efforts on messages with the higher
classification.  The SAID would more correctly imply a range of MAC
labels.  Routers should restrict some SAIDs from some lines and thus
restrict all data in that range from those lines.

We may lose some routing flexability this way.  A router might get a
secret message with a SAID that means secret or top secret and not be
able to send it on the secret line.  However by abstracting all the MAC
info into the SAID, off the shelf routers that know about SAIDs can be
used.

Dean Throop		throop@dg-rtp.dg.com

Follow-Ups:

Re: Re[3]: (IPng) More Endpoint Attributes

From: Steve Kent <kent@BBN.COM>

Prev by Date: Re: Diffie's comments on Photuris
Next by Date: Re: (IPng) More Endpoint Attributes
Next by thread: Re: (IPng) Proposed Standard or no?
Index(es):
- Main
- Thread