What's the status of the project?
chris stillson
fluffy at snowden.catch22.org
Mon Jun 11 12:00:50 GMT 2001
On Wed, Jun 13, 2001 at 10:43:22PM +0400, Ilmar S. Habibulin wrote:
> BLM - Bell-Lapadula Model. There is no description of new fields in
> extended security option of IP. FIPS specifies a number of binary formats
> for different label passing. The main problem with all these protocol
> options is - they are in clear text form, not encripted and can be
> spoofed.
Ah, yes. Yep. ripso is all BLM.
Yep, unless you have ipsec or a secured network, it's kinda silly.
(of course, my day job is ipsec so i'm a bit biased).
>
> > Sure, mac can be other things. And a full ripso implementation can handle
> > that. Problem is, a full implementation is pretty big and mostly useless.
> Highly configurable implementation with MAC plug-ins is not useless, i
> suppose. ;-) BLM based MAC systems are useless for commercial
> applications, because there is no hierarchical information division. So
> DAC schimes are commonly used.
No hierarchical info divisions?
TS > S > C > U, seems hierarchical to me.
compartments to tighten it up more.
I agree that MAC is more than BLM, but BLM is far from useless...
chris
"don't even bother trying
to say something clever
clever is as clever does
mo matter what it says"
-Ani DiFranco
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list