3 Oct 2008 18:15
Re: draft-stjohns-sipso-05 & transport protocols
Steven M. Bellovin <smb <at> cs.columbia.edu>
2008-10-03 16:15:30 GMT
2008-10-03 16:15:30 GMT
On Fri, 03 Oct 2008 07:32:44 -0700 Bill Sommerfeld <sommerfeld <at> sun.com> wrote: > In a securely-configured MLS environment, systems not running an MLS > operating system will never receive a packet with an MLS label -- if > they did, that inherently means that an MLS system somewhere is > misconfigured and information is flowing in violation of the MLS > policy. > > It is IMHO not necessary to specify what a label-unaware system should > do with a labeled packet -- if they get one at all, it's a serious > error on the part of the sender. > Actually, 793 disagrees: The security paramaters may be used even in a non-secure environment (the values would indicate unclassified data), thus hosts in non-secure environments must be prepared to receive the security parameters, though they need not send them. The question is how realistic that statement is. --Steve Bellovin, http://www.cs.columbia.edu/~smb
RSS Feed