What's the status of the project?
Ilmar S. Habibulin
ilmar at ints.ru
Wed Jun 13 18:43:22 GMT 2001
On Mon, 11 Jun 2001, chris stillson wrote:
> > RIPSO is clever? Why? It's just some revision of IPSO, but only BLM based.
> > MAC is not only Top Secret/Secret/Unclassified.
> RIPSO (rfc1108), includes some provisions for translations. CIPSO, which
> came later, is just a stripped down version. BLM(bit level map?)
BLM - Bell-Lapadula Model. There is no description of new fields in
extended security option of IP. FIPS specifies a number of binary formats
for different label passing. The main problem with all these protocol
options is - they are in clear text form, not encripted and can be
spoofed.
> Sure, mac can be other things. And a full ripso implementation can handle
> that. Problem is, a full implementation is pretty big and mostly useless.
Highly configurable implementation with MAC plug-ins is not useless, i
suppose. ;-) BLM based MAC systems are useless for commercial
applications, because there is no hierarchical information division. So
DAC schimes are commonly used.
> > > trusted routing is ugly...
> > Why do think so?
...
> It's probably not too hard to do the basics, but I suspect you could
> do a PhD thesis on some of the details...
Ok, i understand. I was thinking only about static routes.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list