ietf
[Top] [All Lists]

Re: Secdir Review of draft-stjohns-sipso-05

2008-10-02 21:07:34
On Thu, 02 Oct 2008 17:48:07 -0700
Joe Touch <touch(_at_)ISI(_dot_)EDU> wrote:


The point I'm making is that there seems like there should be a way to
prevent the covert channel without mucking up TCP's definition of what
an endpoint is.

I think this belongs elsewhere than either the secdir list or the main
IETF list, but I think you're wrong -- there doesn't have to be a way.
Certainly, I don't think your suggestion of filtering SYNs will do it.

MLS security is a very different creature than regular security.  We've
seen very little of MLS in the IETF (and for that matter, it's not used
all that much even in the DoD world), but there's a lot of literature
on the subject.  The questions for the IETF are (a) is this TCP issue
worth doing at all in the IETF, given the limited market, and (b) if it
is, how is it best done?

I don't think a WG is needed -- the subject is too narrow -- but I do
think we need one or more I-Ds, and probably a mls-tcp mailing list.
Clearly, any resulting document will have to pass muster by TSV as well
as SEC; probably, that means TCPM and SAAG.  It might pay for someone
to write an assumptions and threat model I-D first -- to give just one
example of what might be discussed in it, should we assume that the OS
has any role at all?  Given how few operating systems are even
MLS-capable these days (let alone evaluated for that purpose), perhaps
all of the MLS processing will be done (in the real world) on outboard
NICs or IPsec boxes.  What is the scope, then, of host MLS processing?


                --Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf