On Wed, 1 Oct 2008 22:12:17 -0400
"Steven M. Bellovin" <[EMAIL PROTECTED]> wrote:
> > Steven> Note 7.3.1 on
> > Steven> TCP considerations. (Also note that 7.3.1 disagrees
> > Steven> with 793 on the treatment of security labels in section
> > Steven> 3.6 of 793. At the least, this shoudl be noted.
> >
> > I had completely missed this. I'll call out the section to the
> > transport ADs
> >
> I should have added: I think the new document is in fact more correct
> than 793 -- the 793 scheme would permit various forms of
> high-bandwidth covert channels to be set up. This is an issue that
> was not nearly that well understood when 793 was written. That said,
> it is a change to TCP, and needs to be treated as such.
>
Thinking further -- I suspect that the right thing to do here is for
someone to write a short, simple draft amending 793 -- it's handling of
the security option is simply wrong, independent of this draft. I
wonder -- what TCPs actually implement even 793? NetBSD doesn't; I
strongly suspect that no BSDs do. Does Solaris? Linux?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
