ACL-0.5 release

[chris stillson]

On Tue, Dec 05, 2000 at 09:13:20AM +0300, Ilmar S. Habibulin wrote:
> On Mon, 4 Dec 2000, richard offer wrote:
> 
> > * How do you provide network labeling support? Do you use RIPSO or
> > * CIPSO? How about interoperability with other trusted systems?
> > CIPSO and SAMP would be nice :-)
> Where can i find protocol descriptions? I managed to find only CIPSO
> option number 134 (i suppose). 
> 

fips-188. Cipso never made it to being a real standard (like ripso, rfc1108).
It's just a government standard.


> > In theory, the SAMP code could be shared between BSD and Linux, its a
> > deamon, and if I looked there's probably Trusted Irix code on oss.sgi.com.
> Does SAMP code included in ob1?
> 
> > I (we) don't have a design for the linux version yet, but initial thoughts
> > are to hook it into the kernel via netfilter...
> As i understand, SAMP is something above TCP/IP, maybe session layer
> protocol, am i right? And the problem is how to transmit security
> attributes over TCP/IP. Casey said few months ago, that "ipv6 maybe a
> reasonable alternative". I didn't looked through this standart yet, but i
> know that it has DOI, and this idea was derived from TSIG work.
> 
> > Thoughts ? Comments ?
if it's still up, www.tsig.org. SAMP is a daemon and kernel code living
between tcp and a socket. Not much fun. Less evil than dnsix, but still
no fun.

As someone who has implemented ripso and cipso, I would say get ipsec working
first. It's a lot more useful. then, cipso should be all you need. ripso
is too scary once you get it all working.

chris

"don't even bother trying
to say something clever  
clever is as clever does 
mo matter what it says" 
-Ani DiFranco 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message