Hello experts,
I have some questions regarding Sensitivity Level & check on it.
1. RFC 2401 (Security Arch) gives references to RFC 1108 for senitivity
levels associated with a packet.
RFC 1108 (IPSO) suggests use of option fields in IP header to associate
security levels to the packets. These labels can then be used in
MLS capable implementation of IPsec. The RFC 1108 assumes IPv4 case.
What is the equivalent of this in IPv6 world? I did not find any reference
in RFC 2460 (IP v6).
2. This is regarding the sensitivity check.
How does one determine the value to be compared against sensitivity information
that is extracted from the packet? The paragraph 8.2 in RFC 2401 gives 3 options.
Sensitivity level associated with a particular output interface
Sensitivity level associated with the IP source address of the packet
Sensitivity level associated with the IP destination address of the final
IP packet.
Can an implementation use any one of them or say the least sensitive of the three
for security check?
I appreciate your help in this regard.
Raghu Tilak
Amber Networks India Pvt Ltd