On Fri, Mar 27, 2009 at 10:03:35AM -0700, Jarrett Lu wrote: > I agree with your statements on TE vs. MLS/BLP. The problem we try to > solve is whether a DOI field + an opaque string is sufficient to solve > the interoperability problem. My opinion is that it's insufficient as it > doesn't take the "how to interpret MAC attribute agreement among all > communicating peers" into account. The current proposal seems to assume > when a node sees a DOI value of 5, it knows how to interpret the opaque > field. This may not be true. In MLS, one also needs to know which agreed > upon label encoding file to use in order to interpret label in the > opaque filed. I believe the same is true for TE -- one needs to know the > security policy being used in order to correctly interpret security > context string in the opaque field. DOI + opaque field doesn't say which > label encoding scheme or which security policy. What would you add or remove on the wire to solve this problem? My guess: a registry of per-DOI rules, like CALIPSO does. I don't think a registry of DOI rules is strictly necessary for NFS (though I can see how it helps in the case of IP), but I certainly don't object. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
