On Mon, 2008-10-20 at 20:44 -0500, Nicolas Williams wrote:
But then:
| In order to
| maintain data Sensitivity Labeling for such applications, in
| order to be able to implement routing and Mandatory Access
| Control decisions in routers and guards on a per-IP-packet basis,
| and for other reasons, there is a need to have a mechanism for
| explicitly labeling the sensitivity information for each IPv6
| packet.
So if I understand correctly then this document would have an
implementation of, say, NFSv4[0] over TCP[1] send TCP packets for the
same TCP connection with different labels, *and* ensure that each packet
contains parts of no more than one (exactly one) NFSv4 RPC.
You do not understand correctly.
See section 6.2.1 of that document, which reads in part:
NOTE WELL:
A connection-oriented transport-layer protocol session
(e.g. TCP session, SCTP session) MUST have the same DOI and
same Sensitivity Label for the life of that connection. The
DOI is selected at connection initiation and MUST NOT change
during the session.
- Bill
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf