I think that there has been insufficient discussion of whether those who wish to make use of IPsec to enforce mandatory access controls require the facilities described by the folks who have proposed this. At the WG meeting 2 weeks ago I made two observations:
- possible use of CIPSO for carrying labels had not been fully discussed - use of tunnel mode to protect such labels in the inner header did not appear to have been considered
I think it is incumbent on those who wish to pursue this work to provide more persuasive arguments. It also seems appropriate to have a discussion of whether mandatory, label-based controls are sufficiently mainstream to warrant bringing them back into IPsec at this time, or whether this is more of a research topic.
Steve _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
