[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
2401bis Issue # 90 -- Remove the selector "data sensitivity level"
Folks,
Here's a description and proposed approach for:
IPsec Issue #: 90
Title: Remove the selector "data sensitivity level"
Description
===========
In the interest of simplifying things, we propose to remove the
selector "data sensitivity level". Is anyone using this selector?
Proposed approach
=================
Remove text such as the following:
[From Section 4.4.2 "Selectors"]
"- Data sensitivity level: (IPSO/CIPSO labels)
[REQUIRED for all systems providing information flow
security as per Section 8, OPTIONAL for all other
systems.]"
"8.1 Relationship Between Security Associations and Data
Sensitivity
Both the Encapsulating Security Payload and the
Authentication Header can be combined with appropriate
Security Association policies to provide multi-level
secure networking. In this case each SA (or SA
bundle) is normally used for only a single instance of
sensitivity information. For example, "PROPRIETARY -
Internet Engineering" must be associated with a
different SA (or SA bundle) from "PROPRIETARY -
Finance"."
Thank you,
Karen