Bill Sommerfeld wrote: > I've revised the project proposal based on the first round of comments. > I would like endorsement of this project by the security and networking > communities under the current project creation policy [1]. > > Despite not asking for it in the first round, I got explicit endorsement > from: > James.Hughes at sun.com > Darren.Moffat at sun.com > > - Bill >
Add me to the list. I'm particularly interested in the changes to the key mgmt code to allow for that bit to be reimplemented later. -Wyllys > -- OPENSOLARIS PROJECT PROPOSAL -- > > Project Name: Labeled IPsec (txipsec) > > Project Synopsis: > > Bring together IPsec and Trusted Networking. > > Project Purpose (and commentary): > > Currently OpenSolaris contains an IPsec component and a Trusted > Networking component that solve closely related problems but which > currently operate entirely independently of each other. > > This project proposes to bring the two together in a way which > preserves all existing capabilities of the individual components but > which allows the capabilities to be combined to increase the > usefulness, applicability, and security of both components. > > Trusted Networking will gain on-the-wire integrity and > confidentiality protection of sensitivity labels and an optional > more-compact on-the-wire representation of the label (as an implicit > property of the security association), making it less reliant on > physically secured network paths. Implicit labelling will be able > to be used both with other MLS systems, and also with non-MLS > systems using a single label per system assigned by policy. > > IPsec will gain from be able to use network repositories for policy > configuration, allowing even unlabelled networks (which is to say, > those not using TX) to benefit from this project. > > Note: > > On Solaris, IPsec key management is considered a modular, > replaceable component, with open interfaces. > > The IKE key management daemon for IPsec, in.iked, is not open > source. Correcting this is not part of this project. Changes > to interfaces used by key management will be specified by this > project to permit an open reimplementation of key management. > > Proposed Sponsors: Networking and Security > > Participants: > > Initial set of proposed project leads: > > Bill Sommerfeld <sommerfeld at sun.com> [point of contact] > Dan McDonald <danmcd at sun.com> > > Other Participants: > Jarrett Lu <jarrett.lu at sun.com> > > Other interested participants: please speak up, or join the project > list once we have it running. Contributions of both code and review > time are obviously quite welcome; there's a lot of work to be done > here. > > [1] > http://www.opensolaris.org/os/community/ogb/policies/project-instantiation.t > xt > > > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org >
