Re: draft-stjohns-sipso-05 & transport protocols

On Fri, 2008-10-03 at 06:58 -0700, Joe Touch wrote:

> There appears to be at least one change that might be required by all
> Internet hosts; current behavior upon receipt of an IP packet at a
> security level not supported is to send a TCP RST. This document
> indicates that such hosts MUST silently drop such packets.

In a securely-configured MLS environment, systems not running an MLS
operating system will never receive a packet with an MLS label -- if
they did, that inherently means that an MLS system somewhere is
misconfigured and information is flowing in violation of the MLS policy.

It is IMHO not necessary to specify what a label-unaware system should
do with a labeled packet -- if they get one at all, it's a serious error
on the part of the sender.

> > 2) MLS operating systems have different requirements:
> >   In turn, this specification *only* applies to Multi-Level
> >   Secure (MLS) operating systems that choose to implement
> >   this particular IPv6 labelling specification.  The draft
> >   is very clear about this.
> 
> The draft does not appear to indicate how an MLS system would interact
> with legacy systems that are not updated.

are you asking about labeled or unlabeled interoperability?

the MLS systems I'm familiar with are configured with policy indicating
the clearances of other hosts.  That policy can indicate whether or not
packets to the other system should contain an explicit MLS label. 

non-MLS systems will typically never see a label.

> > 3) The MLS-specific proposal is accepted by long-term
> >    members of the Transport community:
> >    Please see Dave Borman's note to the IETF discuss
> >    list from yesterday.  Dave has about as much TCP
> >    experience as anyone.
> 
> I consider it very incomplete with regard to the impact of the changes
> proposed on the architecture of MLS endpoints.

I have a modest amount of MLS implementation experience.  I believe the
spec is complete enough to publish in its current form.