At 09:44 PM 10/20/2008, Nicolas Williams wrote:
So if I understand correctly then this document would have an
implementation of, say, NFSv4[0] over TCP[1] send TCP packets for the
same TCP connection with different labels, *and* ensure that each packet
contains parts of no more than one (exactly one) NFSv4 RPC.
Classified documents have this thing called paragraph marking. Each paragraph
within a document is marked with the highest level of data within the
paragraph. A page is marked with the highest level of data in any paragraph on
that page. The overall document is marked with and protected at the highest
level of data within the document.
For your example, what would probably happen is that the NFS processes on both
sides would create a connection at the highest level of data they expect to
exchange. The NFS processes would be responsible for the labeling and
segregation of data exchanged over that connection. E.g. the IP packets would
ALL be labeled at the high level, even if some of them carried data at a level
below.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf