[fmac-discuss] Zones and Flask

Stephen Smalley sds at tycho.nsa.gov
Tue Apr 22 08:17:58 PDT 2008 

On Tue, 2008-04-22 at 10:27 -0400, Paul Moore wrote:
> On Tuesday 22 April 2008 10:08:40 am Stephen Smalley wrote:
> > On Mon, 2008-04-21 at 22:50 -0400, Paul Moore wrote:
> > > To me, IPsec is a poor choice for a labeling protocol; there are
> > > the reasons that have already been mentioned as well as a few other
> > > reasons related to implementation details and the loose connection
> > > of IPsec SAs to application layer sockets.  In my mind fixing the
> > > IPsec management problem helps but it doesn't solve the underlying
> > > problem that IPsec is ill suited for labeling.
> >
> > Just to clarify - the above is Paul's view, and not necessarily
> > shared by the rest of us (not by me, in particular).  I'll certainly
> > agree that the implementation of labeled IPSEC was complicated to get
> > right in Linux, but I think coupling protection and labeling is the
> > right model.
> 
> I can only speak for myself and what I believe is the right way forward; 
> I've never claimed otherwise.

Sure - but I'm not sure it was clear to the other participants whether
it was only your view or the view of the SELinux project as a whole.
Now, admittedly, your view is pretty important since you are now the
labeled networking maintainer for Linux ;)

>   I'm also sticking with the labeling-only 
> protocol not to be difficult but because I truly feel it is the best 
> solution to the problems that users are facing.  There are obviously 
> some rather smart people (Stephen, Bill, and others) who disagree with 
> me and I think this is a good thing.  Debate, while sometimes painful, 
> creates better designs in the end.

Agreed.  And it isn't that I think that IPSEC was designed or
implemented in a manner that makes it well suited to labeling, but just
that I believe that coupling protection and labeling is desirable, as
we've previously discussed.    Both to enable selection of cryptographic
protection suites based on label and to ensure real separation of data
of differing labels.

-- 
Stephen Smalley
National Security Agency

More information about the fmac-discuss mailing list