[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris // entities

To: ipsec@ans.net
Subject: Re: Photuris // entities
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Mon, 23 Oct 95 18:58:04 GMT

> From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
> Could we have a "terminology check" here?
>
> By "MLS", do you mean "Multi Level Secure" (aka military/orange
> book/nondiscretionary access control), or something else?
>
The former.


> [I see systems with multiple initiator and responder identities as
> "multi user" systems, not "multi level" systems. While MLS systems are fairly
> rare outside government, multi-user systems (especially in "server" roles) are
> quite common.  Am I completely off-base here?]
>
A lot of such systems exist.  They aren't secure systems.  Therefore,
they do not fall within our scope.

If the "multi-user" node isn't secure, why do you think Photuris will
make it more secure?  Why would you expect Photuris to do something that
you cannot hand configure, a facility which is already required?

Finally, specifying that any multi-user system must meet MLS
requirements obviates all the "what if another process takes over the
UDP port" queries....

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Re: Nodes and Users
Next by Date: Re: Nodes and Users
Prev by thread: Re: Photuris // entities
Next by thread: I-D ACTION:draft-ietf-ipsec-skip-03.txt
Index(es):
- Main
- Thread