Hello, Jarrett Lu of Sun was able to set up a mailing list to discuss topics related to the BOF[1]. The main objective at the moment is to clearly define DOIs with respect to MAC Labeling. The traditional view of MAC is purely MLS but from our perspective MAC also contains things like Domain Type Enforcement (DTE). SELinux also includes an MLS field in its security context but there are larger issues to consider. For instance how do you handle negotiation of translations between domains? If a system provides more fine grained protections than the receiver on the other end or vice versa how do you handle this? How do we organize the DOI space? Do we share this space among all protocols or do we create separate spaces for each? In terms of things like Labeled NFS and Labeled IPSec is seems reasonable to maintain the same DOI namespace for both of them. Another issue to consider is should we define a standard internal structure for a security context? Also, some people have mentioned their work with security labels in other spaces within the IETF. If you have anything you would like to discuss with respect to work outside of the realm of DOIs (still MAC related of course) feel free to bring it to the list's attention. [1]http://mail.opensolaris.org/mailman/listinfo/doi-discuss _______________________________________________ saag mailing list saag at ietf.org https://www.ietf.org/mailman/listinfo/saag
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.