What's the status of the project?
chris stillson
fluffy at snowden.catch22.org
Mon Jun 11 08:40:21 GMT 2001
On Wed, Jun 13, 2001 at 09:37:38AM +0400, Ilmar S. Habibulin wrote:
> On Sun, 10 Jun 2001, chris stillson wrote:
>
> > CIPSO is just a matter of making sure you use the same binary
> > labels. RIPSO (rfc1108) is a little more clever. SAMPD does all
> RIPSO is clever? Why? It's just some revision of IPSO, but only BLM based.
> MAC is not only Top Secret/Secret/Unclassified.
RIPSO (rfc1108), includes some provisions for translations. CIPSO, which
came later, is just a stripped down version. BLM(bit level map?)
Sure, mac can be other things. And a full ripso implementation can handle
that. Problem is, a full implementation is pretty big and mostly useless.
> > trusted routing is ugly...
> Why do think so?
You have 2 routes to a destination. they have different SL's.
Not too bad. But, do you add trusted RIP? Dynamic discovery of
trusted routes? How dow you deal with the fact that IPSEC tunnels
or their equivelent make data "Non-sensitive".
It's probably not too hard to do the basics, but I suspect you could
do a PhD thesis on some of the details...
chris
"don't even bother trying
to say something clever
clever is as clever does
mo matter what it says"
-Ani DiFranco
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list