ietf
[Top] [All Lists]

Re: [secdir] Secdir Review of draft-stjohns-sipso-05

2008-10-21 16:57:51
At 09:44 PM 10/20/2008, Nicolas Williams wrote:
So if I understand correctly then this document would have an
implementation of, say, NFSv4[0] over TCP[1] send TCP packets for the
same TCP connection with different labels, *and* ensure that each packet
contains parts of no more than one (exactly one) NFSv4 RPC.

Classified documents have this thing called paragraph marking.  Each paragraph 
within a document is marked with the highest level of data within the 
paragraph.  A page is marked with the highest level of data in any paragraph on 
that page.  The overall document is marked with and protected at the highest 
level of data within the document.

For your example, what would probably happen is that the NFS processes on both 
sides would create a connection at the highest level of data they expect to 
exchange.  The NFS processes would be responsible for the labeling and 
segregation of data exchanged over that connection.  E.g. the IP packets would 
ALL be labeled at the high level, even if some of them carried data at a level 
below.



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>