[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Routing



> From: Andy Bayerl <bayerl@zk3.dec.com>
> I think Dean was using yet a 3rd meaning to MAC which is very familiar
> to the MLS CMW world, namely "Mandatory Access Control", which refers
> to using sensitivity labels to strictly control access to data.
> The security architecture document itself refers to *MAC* in that context:
>
I'm not in that world, so the acronym went right by me.  Heck, I don't
know what CMW is either.  The term is not used in Ran's draft.  Damn
militarism.


> There is a paragraph in there that I think may have Dean (and I also)
> to infer that the document implied overloading the SAID with *MAC*
> information.
>
>     The Encapsulating Security Payload can be combined with appropriate
>     key policies to provide full multi-level secure networking.  In this
>     case each key must be used only at a single sensitivity level and
>     compartment.  For example, Key "A" might be used only for sensitive
>     Unclassified packets, while Key "B" is used only for
>     Secret/No-compartments traffic, and Key "C" is used only for
>     Secret/No-Foreign traffic.
>
Ran proposes using different session key material for each such access
type, not _routing_ based on each access type.


> I (at least) had equated the *key* in this paragraph to the SAID.

Each session key is indicated by a different SAID.  The SAID is not a key.


> >From Ran's comments on the subject and a closer rereading of the this
> section I believe I now understand it much more clearly in the sense that
> is strictly referring to the authentication strength of the key and is not
> in any way related to the *MAC* dominance rules of CMW sensitivity
> labels.
>
Yes.

Bill.Simpson@um.cc.umich.edu