"Michael" == Michael StJohns <mstjohns(_at_)comcast(_dot_)net> writes:
Michael> At 03:30 PM 10/2/2008, Sam Hartman wrote:
>> You're proposing a huge complexity increase for the TCP stack
>> in order to get this covert channel protection.
Michael> Hi Sam -
Michael> The guys at Honeywell who did the fix for Multics back in
Michael> '87 took about 2 days to do the fix. The complexity was
Michael> pretty much limited to a single module and a few internal
Michael> structures which described the TCP context. Basically
Michael> tagging the TCP connection structure with the security
Michael> level of the process and changing the matching logic
Michael> already in place to do the right thing with respect to
Michael> security.
I consider that a huge change to what is a fairly public interface.
From an implementation standpoint I expect you will find that is more
work on a modern TCP implementation as well.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf