SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: A question on integrating IPSec to Selinux This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] From: Joy Latten <latten_at_austin.ibm.com> Date: Thu, 03 Nov 2005 12:41:34 -0600 The current implementation does not accommodate for MLS, in regards to your example of different levels. But I do think someone is looking into it. Regards, Joy On Thu, 2005-11-03 at 11:04 +0800, Wei Shen wrote: > Dear Remmolt, > > I do not quite understand your reply. Do you mean the space in a > playload is too precious to insert in any other information? > > I know the contents of a payload. Now that a local MAC label is > already added in current implementation, why will an "optional" remote > label cause significant problems? If one desires not to request a > expected label, the responder just chooses a default one for him as in > current way. > > In fact, I think it's a cheap method comparing to in which a client > must prepare different payloads to meet the requirement of his > expected label in the server side (he then must know more details > about the IPSec policy configuration of the server), or modifying each > application protocol and server individually. > > Thanks! > > Wei > > On 11/3/05, Remmolt Zwartsenberg <remmolt.zwartsenberg@silkroadtech.com> wrote: > > > > You need to backtrack to the bowels of the origin of the TCP/IP protocol! > > > > A payload inside an IP packet can get as small as a datagram... > > > > The datagram may be a very significant public or private key in a 2, 3 or 4 > > way constellation. > > > > Of course the protocol is important, but equally so are the peers behind > > the handshakes. > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 3 Nov 2005 - 13:50:05 EST This message: [ Message body ] Next message: Jonathan Kim: "[PATCH] libselinux" Previous message: shintarou_fujiwara: "antivir policy" In reply to: Wei Shen: "Re: A question on integrating IPSec to Selinux" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom