Nicolas Williams wrote:
> On Tue, Oct 30, 2007 at 10:05:47AM +0000, Darren J Moffat wrote:
>> will young wrote:
>>> [description of MLP client and server]
>> That is way beyond what the problem I'm attempting to solve needs. I
>> think it is also unnecessary and doesn't actually gain us a huge amount
>> given how ssh is used and how TX tends to be used. In my opinion an
>> MPL ware ssh client/server pair is high risk for low benefit (only TX to
>> TX systems would use this), but an MLP aware ssh server solves real
>> trusted path authentication problems.
>
> I think we have consensus now that an MLP server is what we need. MLP
> connections, and, therefore MLP clients, are not a requirement, but
> exploring those was useful in figuring out that having an MLP server
> will not preclude having MLP connections, should we ever need them.
Yes, by would be appropriate I meant it is the correct model involving
something that does prompt the user for label, i.e. multilevel X. I do
not see a good reason to implement a privileged and aware client side in
the case of ssh.
I would like to see it implemented using SO_ALLZONES and be able to
pick out the zoneid by the local address. That would make it applicable
to Solaris (and TX without ALL_ZONES interfaces) as well.
-Will
