On Thu, 02 Oct 2008 17:48:07 -0700 Joe Touch <touch@xxxxxxx> wrote: > > The point I'm making is that there seems like there should be a way to > prevent the covert channel without mucking up TCP's definition of what > an endpoint is. I think this belongs elsewhere than either the secdir list or the main IETF list, but I think you're wrong -- there doesn't have to be a way. Certainly, I don't think your suggestion of filtering SYNs will do it. MLS security is a very different creature than regular security. We've seen very little of MLS in the IETF (and for that matter, it's not used all that much even in the DoD world), but there's a lot of literature on the subject. The questions for the IETF are (a) is this TCP issue worth doing at all in the IETF, given the limited market, and (b) if it is, how is it best done? I don't think a WG is needed -- the subject is too narrow -- but I do think we need one or more I-Ds, and probably a mls-tcp mailing list. Clearly, any resulting document will have to pass muster by TSV as well as SEC; probably, that means TCPM and SAAG. It might pay for someone to write an assumptions and threat model I-D first -- to give just one example of what might be discussed in it, should we assume that the OS has any role at all? Given how few operating systems are even MLS-capable these days (let alone evaluated for that purpose), perhaps all of the MLS processing will be done (in the real world) on outboard NICs or IPsec boxes. What is the scope, then, of host MLS processing? --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf