[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on IPSO and AH/ESP
Ran:
I really like the idea of an implicit security label. The
security association can be established for one particular
security label. Multi-level systems simply establish multiple
security associations, protected in different keys (and maybe
different algorithms), one for each label. This way, all of
the overhead associated with labels falls on the key
management protocol, not each datagram.
Russ
That's certainly my preference as well.