On Fri, Apr 03, 2009 at 12:44:30PM -0400, Russ Housley wrote: > I really do not have time to write about all of my > concerns. However, once you get beyond the basic classifications, > the SPIF model breaks. They are markings that are only to be known > to people that have the clearance for those markings, this leads to a > SPIF distribution nightmare, as a subset of the real SPIF must be > given out based on access (or not) to various compartments and > such. It just does not scale. I'm aware of the fact that labels can themselves be labeled. But I don't think that implies that we can't make a SPIF-like solution scale. Peers that have access to different subsets of the policy should still be able to interop if care is taken to specify what happens when a node sees a label that falls outside its policy subset, and provided, of course, that the peers can agree that they have subsets of the *same* master policy. Peers can check whether they do have subsets of the *same* master policy by exchanging [for each DOI to both] a master policy URI that includes a version number. Nico -- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
