Sorry - for both of these - the date was '83, not '87.... Mike
At 03:49 PM 10/2/2008, Michael StJohns wrote:
At 03:30 PM 10/2/2008, Sam Hartman wrote:
You're proposing a huge complexity increase for the TCP stack in order
to get this covert channel protection.
Hi Sam -
The guys at Honeywell who did the fix for Multics back in '87 took about 2
days to do the fix. The complexity was pretty much limited to a single module
and a few internal structures which described the TCP context. Basically
tagging the TCP connection structure with the security level of the process
and changing the matching logic already in place to do the right thing with
respect to security.
Note that this treatment of multiple networks only has to happen on hosts
which are multi-level. And the multi-level stuff is already a bit of cruft
and complexity. This just gets thrown in to the other stuff you have to do to
have a secure multi-level system.
For your suggestions with multiple addresses... its possible, but all you're
doing is moving the complexity from implementation (where you do it once and
test the hell out of it) to administration (where you have to do it for each
system and hope you get it right). I know what I'd choose... :-)
Mike
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf