At 03:30 PM 10/2/2008, Sam Hartman wrote:
You're proposing a huge complexity increase for the TCP stack in order
to get this covert channel protection.
Hi Sam -
The guys at Honeywell who did the fix for Multics back in '87 took about 2 days
to do the fix. The complexity was pretty much limited to a single module and a
few internal structures which described the TCP context. Basically tagging the
TCP connection structure with the security level of the process and changing
the matching logic already in place to do the right thing with respect to
security.
Note that this treatment of multiple networks only has to happen on hosts which
are multi-level. And the multi-level stuff is already a bit of cruft and
complexity. This just gets thrown in to the other stuff you have to do to have
a secure multi-level system.
For your suggestions with multiple addresses... its possible, but all you're
doing is moving the complexity from implementation (where you do it once and
test the hell out of it) to administration (where you have to do it for each
system and hope you get it right). I know what I'd choose... :-)
Mike
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf