Sorry - for both of these - the date was '83, not '87.... Mike At 03:49 PM 10/2/2008, Michael StJohns wrote: >At 03:30 PM 10/2/2008, Sam Hartman wrote: >>You're proposing a huge complexity increase for the TCP stack in order >>to get this covert channel protection. > >Hi Sam - > >The guys at Honeywell who did the fix for Multics back in '87 took about 2 days to do the fix. The complexity was pretty much limited to a single module and a few internal structures which described the TCP context. Basically tagging the TCP connection structure with the security level of the process and changing the matching logic already in place to do the right thing with respect to security. > >Note that this treatment of multiple networks only has to happen on hosts which are multi-level. And the multi-level stuff is already a bit of cruft and complexity. This just gets thrown in to the other stuff you have to do to have a secure multi-level system. > >For your suggestions with multiple addresses... its possible, but all you're doing is moving the complexity from implementation (where you do it once and test the hell out of it) to administration (where you have to do it for each system and hope you get it right). I know what I'd choose... :-) > >Mike _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf