Re: [secdir] Secdir Review of draft-stjohns-sipso-05

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2008-10-20 at 20:44 -0500, Nicolas Williams wrote:
> But then:
> 
> |                                                    In order to
> |   maintain data Sensitivity Labeling for such applications, in
> |   order to be able to implement routing and Mandatory Access
> |   Control decisions in routers and guards on a per-IP-packet basis,
> |   and for other reasons, there is a need to have a mechanism for
> |   explicitly labeling the sensitivity information for each IPv6
> |   packet.
> 
> 
> So if I understand correctly then this document would have an
> implementation of, say, NFSv4[0] over TCP[1] send TCP packets for the
> same TCP connection with different labels, *and* ensure that each packet
> contains parts of no more than one (exactly one) NFSv4 RPC.

You do not understand correctly.

See section 6.2.1 of that document, which reads in part:

   NOTE WELL:
        A connection-oriented transport-layer protocol session
     (e.g. TCP session, SCTP session) MUST have the same DOI and
     same Sensitivity Label for the life of that connection.  The
     DOI is selected at connection initiation and MUST NOT change
     during the session.

						- Bill

_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]