-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RJ Atkinson wrote: > > On 3 Oct 2008, at 11:10, Joe Touch wrote: ... >> I'm asking that the document explain how MLS systems' view of 793 and >> 1122 rules for TCP change as well. Others pointed out the potential need >> to "update" 793 regarding TCP changes; IMO this is needed for other >> network architecture docs as well. > > I am confused how the above would translate into a specific edit. You can't just redefine TCP's notion of an endpoint. You need to address how this propagates through the protocol stack, notably: - ICMP handling does the ICMP carry the security level of the packet in its payload? does ICMP processing match the level of the incoming packet to the transport protocol? - forwarding should there be multiple forwarding entries, just as there are multiple TCPs for a socket pair? i.e., how much is the network really virtualized, or are you virtualizing only the host - and only for certain transport protocols (if so, then say that rather than virtualizing the net) - routing are there routing protocols that carry reachability only for certain levels? are those levels encoded in the routing protocol's packet headers, or in the routing protocol content (i.e., application data) itself? - similarly for multicast... - similarly for DHCP... - similarly for IPv6 neighbor discovery... - similarly for other items listed in response to Bill's email I.e., if this is really a virtual network, there's a LOT of work left to be done. If this is restricted to only TCP, then ICMP needs to be addressed (or else PMTUD won't work), at least (perhaps also DNS, e.g., SRV responses might need to be at the appropriate level as well), and the description of what is virtualized should be scoped down. (I presume the latter is where you'd prefer to go with this, though correct me if that's not the case). Joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjmlKEACgkQE5f5cImnZrvUJACfeWmREXShZZP+aCse/V3g5gKG 6a8An0TjueMBb4WYWLIiB2yHYJ+lOgOG =Hw6t -----END PGP SIGNATURE----- _______________________________________________ saag mailing list saag at ietf.org https://www.ietf.org/mailman/listinfo/saag
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.