On Mon, 2008-10-20 at 20:44 -0500, Nicolas Williams wrote: > But then: > > | In order to > | maintain data Sensitivity Labeling for such applications, in > | order to be able to implement routing and Mandatory Access > | Control decisions in routers and guards on a per-IP-packet basis, > | and for other reasons, there is a need to have a mechanism for > | explicitly labeling the sensitivity information for each IPv6 > | packet. > > > So if I understand correctly then this document would have an > implementation of, say, NFSv4[0] over TCP[1] send TCP packets for the > same TCP connection with different labels, *and* ensure that each packet > contains parts of no more than one (exactly one) NFSv4 RPC. You do not understand correctly. See section 6.2.1 of that document, which reads in part: NOTE WELL: A connection-oriented transport-layer protocol session (e.g. TCP session, SCTP session) MUST have the same DOI and same Sensitivity Label for the life of that connection. The DOI is selected at connection initiation and MUST NOT change during the session. - Bill _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf