I'm happy to announce the start of a two-week design review for the first phase of the labeled IPsec project.
This project adds a minimal Labeled IPsec capability to the kernel IPsec code, and a related set of changes to the (closed-source) Solaris IKE to provide minimal support for managing and negotiating sensitivity labels between systems under common management. This project is intended to lay the groundwork for follow-on work involving greater flexibility both in label policy and in the types of labels handled; however, support for other types of labels is out of scope for this phase. Pointers to review materials can be found at: http://www.opensolaris.org/os/project/txipsec/Design/ This is an open design review. Please send questions about the material and review comments to security-discuss at opensolaris.org. Please do not cross-post review comments to any other alias. If you believe other communities should be invited to participate in the review, please contact the project lead (Bill Sommerfeld; sommerfeld at sun.com) to avoid duplicate invitations. If the level of email discussion warrants it, we will hold a concall mid-way through the review period.
