[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sensitivity Labels

To: ipsec@TIS.COM
Subject: Re: Sensitivity Labels
From: William Allen Simpson <wsimpson@greendragon.com>
Date: Mon, 26 Feb 96 19:17:29 GMT
Sender: ipsec-request@neptune.tis.com

> From: Ran Atkinson <rja@cisco.com>
> %  C) Sensitivity Labels are ill-defined.
>
> Hardly.  See RFC-1108.
>
I re-read RFC-1108, just to make sure my memory wasn't utterly failing,
and I found this statement at the very top, in the title:

                       U.S. Department of Defense
               Security Options for the Internet Protocol

How does that apply to commercial implementations?

How does that apply to international implementations?

                                ----

Moreover, these are examples of facilities for "explicit" labels, rather
than "implicit" labels (indicated per SPI) used for IP Security.

I find that the application of these labels are used for
particular objectives (from RFC-1108 page 2):

   This option is used by end systems and intermediate systems of an
   internet to:

        a.  Transmit from source to destination in a network standard
        representation the common security labels required by computer
        security models,

        b.  Validate the datagram as appropriate for transmission from
        the source and delivery to the destination,

        c.  Ensure that the route taken by the datagram is protected to
        the level required by all protection authorities indicated on
        the datagram.  In order to provide this facility in a general
        Internet environment, interior and exterior gateway protocols
        must be augmented to include security label information in
        support of routing control.

What Internet routing protocols support this routing control?

How exactly are the proposed IP Security Sensitivity Labels used in
"network layer" routing without this routing control?

                                ----

See also RFC-1457, which complains that there is no standard network
label format, discusses translation problems, and examines the current
status of labels in the protocol stack (including IEEE and ISO).

Indeed, RFC-1457 recommendations appear to indicate that implicit labels
are best applied at the link and transport layers, not the network layer.

                                ----

Again, the RFC-1825 Sensitivity Label recommendations were misguided and
ill-defined, and implementation experience has shown that we have no
need of them.

I urge the WG to clearly indicate that they should be removed.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Follow-Ups:

Re: Sensitivity Labels

From: Howard Weiss <hsw@columbia.sparta.com>

Prev by Date: Re: Sensitivity Labels
Next by Date: Call for AH-MD5 and ESP-DES to move forward
Prev by thread: Re: Sensitivity Labels
Next by thread: Re: Sensitivity Labels
Index(es):
- Main
- Thread