[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Routing
> From: Andy Bayerl <bayerl@zk3.dec.com>
> I think Dean was using yet a 3rd meaning to MAC which is very familiar
> to the MLS CMW world, namely "Mandatory Access Control", which refers
> to using sensitivity labels to strictly control access to data.
> The security architecture document itself refers to *MAC* in that context:
>
I'm not in that world, so the acronym went right by me. Heck, I don't
know what CMW is either. The term is not used in Ran's draft. Damn
militarism.
> There is a paragraph in there that I think may have Dean (and I also)
> to infer that the document implied overloading the SAID with *MAC*
> information.
>
> The Encapsulating Security Payload can be combined with appropriate
> key policies to provide full multi-level secure networking. In this
> case each key must be used only at a single sensitivity level and
> compartment. For example, Key "A" might be used only for sensitive
> Unclassified packets, while Key "B" is used only for
> Secret/No-compartments traffic, and Key "C" is used only for
> Secret/No-Foreign traffic.
>
Ran proposes using different session key material for each such access
type, not _routing_ based on each access type.
> I (at least) had equated the *key* in this paragraph to the SAID.
Each session key is indicated by a different SAID. The SAID is not a key.
> >From Ran's comments on the subject and a closer rereading of the this
> section I believe I now understand it much more clearly in the sense that
> is strictly referring to the authentication strength of the key and is not
> in any way related to the *MAC* dominance rules of CMW sensitivity
> labels.
>
Yes.
Bill.Simpson@um.cc.umich.edu