[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Draft for explicit security labels in IPv6.



I'm not sure what problem you're trying to solve, but:

 - The assumption in the draft seems to be that SA's are heavy-weight
objects.  this is not the case and it is certainly my intent to ensure
that they are as lightweight as possible within Sun's ipsec
implementation..

 - I agree with what Steve Kent's analysis -- if you are exchanging
multi-level tagged data over an transport connection, the processes on
both end had better be highly trusted to bypass MLS and thus you
should be able to get by labelling the connection as "system high" (or
some other appropriate concept) and using application-layer tagging
for the data inside.

I'd hate to see what you'd need to do to a TCP implementation and API
to carry through security label markings on arbitrary byte boundaries
within the streams on both ends.

 - I can see a couple different ways to handle communicating the label
through IKE.  As Steve Bellovin suggested, the simplest way is for the
appropriate label to end up in the certificate.  That clearly doesn't
scale in the case of the trusted multi-level applications you
described; in that case, it makes sense for the certificate to
describe a range of possible labels, and for an additional attribute
to show up in the IKE phase 2 exchange containing a specific label to
use for the traffic.

					- Bill


References: