[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question regarding sensitivity check in RFC 2401



At 9:27 AM +0530 10/11/01, Raghunath Tilak wrote:
>Hello experts,
>
>I have some questions regarding Sensitivity Level & check on it.
>
>1. RFC 2401 (Security Arch) gives references to RFC 1108 for senitivity
>     levels associated with a packet.
>     RFC 1108 (IPSO) suggests use of option fields in IP header to associate
>     security levels to the packets. These labels can then be used in
>     MLS capable implementation of IPsec. The RFC 1108 assumes IPv4 case.
>     What is the equivalent of this in IPv6 world? I did not find any reference
>     in RFC 2460 (IP v6).
>
>2. This is regarding the sensitivity check.
>     How does one determine the value to be compared against 
>sensitivity information
>     that is extracted from the packet? The paragraph 8.2 in RFC 2401 
>gives 3 options.
>
>         Sensitivity level associated with a particular output interface
>         Sensitivity level associated with the IP source address of the packet
>         Sensitivity level associated with the IP destination address 
>of the final
>         IP packet.
>
>    Can an implementation use any one of them or say the least 
>sensitive of the three
>    for security check?
>
>I appreciate your help in this regard.
>
>Raghu Tilak
>Amber Networks India Pvt Ltd
>
>
the selection of a sensitivity level source for reference depends on 
your environment. only if you are operating in an information flow 
security policy environment does any of this apply. if you operate in 
such an environment, you will be able to figure out the answer to 
your question.

steve


References: