Specifications for managing labels on sockets

Bengt Richter bokr at accessone.com
Tue Dec 18 00:43:25 GMT 2001 

Is this of any relevance or use?
(Just volunteering some googling results :)

http://www-jta.itsi.disa.mil/jta/jta-v1.0/sect6.html#S6_3_3_1
(in 6.3.3.1.1.1 Security Protocols) says,
"It is expected that the Trusted Systems Interoperability Group (TSIG) 
Trusted Information for Exchange for Restricted Environments (TSIX (RE) 
1.1) will adopt MIL-STD-2045-48501 as a replacement for its Common Internet 
Protocol Security Options (CIPSO) labeling standard."

The MIL standard itself can be found via
http://assist.daps.mil/eAccess/index.cfm?ident_number=115367
(links to actual .pdf doc, changes, and cancellation notice)
Apparently the standard was "canceled" 22 March 2001, whatever
that means.

FWIW, it says "approved for unlimited distribution."

HTH
Regards,
Bengt Richter

At 22:13 2001-12-14 -0500, you (Trish Lynch) wrote:
>On Fri, 14 Dec 2001, George W. Dinolt wrote:
>
> > Robert:
> >
> > As you mentioned, there are the TSIX labels now "taken over" by Sun. Sun
> > calls them "tsol" labels. They are partially defined by a "label
> > encodings" file whose format was originally specified by Mitre as part
> > of the "Compartmented Mode Workstation" (CMW) development (198?). Those
> > labels are normally added at the "session" level. For networking, they
> > are represented as a new option in both tcp and udp protocols. (Many
> > complications omitted) They are also normally kept for all subjects and
> > objects in some internal format. The encodings file is used to define
> > the organization of the labels and how they should appear to users.
> >
> > Sun uses the tsol labels to define more than just the label hierarchy.
> > The tsol labels include process and user privileges and other security
> > related information.
> >
>
>so I guess that TSIG has dissolved and Sun took over the spec for TSIX,
>and everyone else (who was part of TSIG) started diverging from the spec?
>
>So pretty much everyone is stuck at the "how do we implement this, since
>there are 200,000 different ways out there now" stage again.
>
>Gods, I love this industry :)
>
>-Trish
>
>--
>
>Trish Lynch                             trish at bsdunix.net
>FreeBSD                                 The Power to Serve
>Ecartis Core Team                       http://www.ecartis.org
>formerly Listar                         http://www.listar.org
>Network Security Engineer               tlynch at camelotta.com
>Camelot Technical Advisors              http://www.camelotta.com
>
>
>To Unsubscribe: send mail to majordomo at trustedbsd.org
>with "unsubscribe trustedbsd-discuss" in the body of the message


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list