Re: Secdir Review of draft-stjohns-sipso-05

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 02 Oct 2008 17:48:07 -0700
Joe Touch <touch@xxxxxxx> wrote:

> 
> The point I'm making is that there seems like there should be a way to
> prevent the covert channel without mucking up TCP's definition of what
> an endpoint is.

I think this belongs elsewhere than either the secdir list or the main
IETF list, but I think you're wrong -- there doesn't have to be a way.
Certainly, I don't think your suggestion of filtering SYNs will do it.

MLS security is a very different creature than regular security.  We've
seen very little of MLS in the IETF (and for that matter, it's not used
all that much even in the DoD world), but there's a lot of literature
on the subject.  The questions for the IETF are (a) is this TCP issue
worth doing at all in the IETF, given the limited market, and (b) if it
is, how is it best done?

I don't think a WG is needed -- the subject is too narrow -- but I do
think we need one or more I-Ds, and probably a mls-tcp mailing list.
Clearly, any resulting document will have to pass muster by TSV as well
as SEC; probably, that means TCPM and SAAG.  It might pay for someone
to write an assumptions and threat model I-D first -- to give just one
example of what might be discussed in it, should we assume that the OS
has any role at all?  Given how few operating systems are even
MLS-capable these days (let alone evaluated for that purpose), perhaps
all of the MLS processing will be done (in the real world) on outboard
NICs or IPsec boxes.  What is the scope, then, of host MLS processing?


		--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]