At 09:44 PM 10/20/2008, Nicolas Williams wrote: >So if I understand correctly then this document would have an >implementation of, say, NFSv4[0] over TCP[1] send TCP packets for the >same TCP connection with different labels, *and* ensure that each packet >contains parts of no more than one (exactly one) NFSv4 RPC. Classified documents have this thing called paragraph marking. Each paragraph within a document is marked with the highest level of data within the paragraph. A page is marked with the highest level of data in any paragraph on that page. The overall document is marked with and protected at the highest level of data within the document. For your example, what would probably happen is that the NFS processes on both sides would create a connection at the highest level of data they expect to exchange. The NFS processes would be responsible for the labeling and segregation of data exchanged over that connection. E.g. the IP packets would ALL be labeled at the high level, even if some of them carried data at a level below. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf