[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2401bis Issue # 90 -- Remove the selector "data sensitivity level"



Folks,

Here's a description and proposed approach for:

IPsec Issue #:	90

Title:		Remove the selector "data sensitivity level"


Description
===========
In the interest of simplifying things, we propose to remove the 
selector "data sensitivity level".  Is anyone using this selector?


Proposed approach
=================
Remove text such as the following:

    [From Section 4.4.2 "Selectors"]
    "- Data sensitivity level: (IPSO/CIPSO labels)

       [REQUIRED for all systems providing information flow
       security as per Section 8, OPTIONAL for all other
       systems.]"

    "8.1 Relationship Between Security Associations and Data
     Sensitivity

       Both the Encapsulating Security Payload and the
       Authentication Header can be combined with appropriate
       Security Association policies to provide multi-level
       secure networking.  In this case each SA (or SA
       bundle) is normally used for only a single instance of
       sensitivity information.  For example, "PROPRIETARY -
       Internet Engineering" must be associated with a
       different SA (or SA bundle) from "PROPRIETARY -
       Finance"."

Thank you,
Karen