On Mon, Mar 30, 2009 at 03:01:21PM -0500, Nicolas Williams wrote: > I believe that certificate extensions and Kerberos V authorization-data > could be used to ensure that the client and server both know the correct > "label encodings" for their shared DOIs. Of course, this does nothing for deployments that don't use PKIX or Kerberos V. We can do something like this for all trusted third-party distributed authentication systems. But for simple pre-shared key (PSK) and simpler schemes (e.g., AUTH_SYS) there's nothing we can do: the client and server will have to agree on a DOI and label encodings a priori. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
