[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SAs and SPIs
[Hmm, I see that one must speak very carefully and precisely on this
list. I figured I was safely educated after reading all of the 1977
postings. Well, you only earn your wings in the IETF by getting them
singed...]
My first response was obviously too absolute. Or maybe too glib? I
didn't make it clear that supporting the IP features for MLS (IPSO,
CIPSO) are an important part of IPsec, which is obvious from the
I-D's.
Or, maybe I misread the intent of Thomas' message?
But, if:
Amgen employees working on one project only in selected cases are
allowed to receive results from other projects.
To me, first you have to solve that problem on one shared computer. I
think that takes B2 or C2 security at that level. (I don't remember
which is stricter: I'll assume B2 from here. I'm sure David knows,
given his ncsc.mil e-mail address!)
Then, you add IP security labeling to extend that to connections
between two B2 secure computers over a non-tappable network. (Say
hardware link encryption.)
Then, finally, you add IPsec AH and/or ESP to make that connection
secure on a tappable network.
That's the layering I see.
I think that IPsec, AH, ESP, and ISAKMP/Oakley are fundamentally about
making a given network connection secure. They are not about ensuring
that the data passed over that connection is the data that user is
allowed to pass to the peer. (If I'm wrong on this, Randall's
description of the Security Policy Database is going to grow...)
Obviously, they must dovetail into the existing protocols and
extensions that have been developed for TCP/IP to solve that problem.
Or, is Thomas' message about inadequate integration between the needs
of MLS (IP security option) and IPsec? It's possible that that is the
case, that's not an area I've paid much attention to! Thomas? Have I
mis-interpreted you?
Follow-Ups:
References: