headers
Pasi.Eronen | 2 Apr 2009 08:57
Picon

Pasi's AD Notes for March 2009


Here's again a short status update about what things are going on from
my point-of-view. If you notice anything that doesn't look right, let
me know -- miscommunication and mix-ups do happen.

Best regards,
Pasi

MISC NOTES
- I and Tim need to edit the SAAG minutes and post them [since 2009-03-26]
- We have received a liaison statement from ITU-T SG 17; I and Tim 
  need to organize a response.
- (not wearing AD hat): Errata #1628 (for RFC 4742): waiting for
  NETCONF WG chairs/Dan to confirm this [since 2009-02-26]

WORKING GROUPS

DKIM
- draft-ietf-dkim-rfc4871-errata: lots of emails that I haven't read yet.
- draft-ietf-dkim-ssp: waiting for the errata dust to settle 
  (probably small changes to Section 2.7, either editorial or technical, 
  are needed no matter how this turns out)
- draft-ietf-dkim-overview: waiting for authors to submit a revised
  ID addressing my AD review comments (except perhaps the first 
  one -- that may require more discussion) and Barry's editorial 
  nits (off-list 2008-10-28...2008-11-12) [since 2009-02-27]
- Waiting for WG to send list of RFC errata IDs (the non-controversial
  ones, not related to d=/i=) the WG agrees on.

EMU
(Continue reading)

Permalink | Reply | 0 comments |
headers
Nicolas Williams | 2 Apr 2009 17:44
Picon

Common labeled security (comment on CALIPSO, labeled NFSv4)

Over at the NFSv4 WG we've been having a discussion of a labeled NFSv4
proposal.  [Note: NFSv4 WG and others cc'ed, Reply-To: set to SAAG.]

An interop issue has arisen that we believe applies equally to CALIPSO
(draft-stjohns-sipso-11.txt)and requires input from the IETF security
area.

The issue is: how do do nodes in a labeled network/application know if
they agree on a common labeled security policy for a given DOI?

Agreeing on a DOI is accomplished easily enough -- that's not an issue.
Agreeing on what a given numeric sensitivity level or compartment bit
means in a given DOI is quite another.  Without a solution to this we're
left with out-of-band agreement, which leaves interop in a lurch.

I think we need a generic MLS and DTE labeled security policy document
format that allows a DOI to define the names and numeric assignments of
sensitivity levels, compartments, etcetera.

We also need a way for nodes to agree that they have the same policy for
a given DOI, or that they agree on a common subset of a DOI's policy.

This last problem can be solved by use of a labeled security policy URI
scheme that includes a version number (+ a requirement that changes be
in the form of additions and obsolescence of old assignments, but not
removals).

To recap: I think we need a) a common MLS and DTE labeled security
policy document format, b) a labeled security policy URI scheme to refer
to such documents by.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Thomas Roessler | 2 Apr 2009 18:57
Picon
Favicon

Fwd: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31

FYI.

Note that the document is referencing an upcoming version of XML Signature, which is currently in Working Draft status.

There is an expectation that this profile (not the base spec) might undergo a W3C last call relatively soon, so this would be a good time to review the specification.

--
Thomas Roessler, W3C  <tlr <at> w3.org>






Begin forwarded message:

From: Arthur Barstow <art.barstow <at> nokia.com>
Date: 2 April 2009 18:21:19 GMT+02:00
To: public-webapps <public-webapps <at> w3.org>
Subject: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31

On March 31 a new WD of the Widgets 1.0 Digital Signature spec was published and announced on the W3C's home page:

[[
2009-03-31: The Web Applications Working Group has published a Working Draft of Widgets 1.0: Digital Signatures. This document defines a profile of the XML Signature Syntax and Processing 1.1 specification to allow a widget package to be digitally signed. Widget authors and distributors can digitally sign widgets as a trust and quality assurance mechanism. Prior to instantiation, a user agent can use the digital signature to verify the integrity of the widget package and perform source authentication. This document specifies conformance requirements on both widget packages and user agents.
]]

Please review this new WD as soon as possible, preferably within the next two weeks:

<http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/>

-Regards, Art Barstow


<div>FYI.<div><br></div>
<div>Note that the document is referencing an upcoming version of XML Signature, which is currently in Working Draft status.</div>
<div><br></div>
<div>There is an expectation that this profile (not the base spec) might undergo a W3C last call relatively soon, so this would be a good time to review the specification.</div>
<div><br></div>
<div>--</div>
<div><div>
<div apple-content-edited="true"><span class="Apple-style-span"><div><span class="Apple-style-span"><div><span class="Apple-style-span"><div>
<div>Thomas Roessler, W3C &nbsp;&lt;<a href="mailto:tlr <at> w3.org">tlr <at> w3.org</a>&gt;</div>
<div><br></div>
<div><br></div>
</div></span></div></span></div></span></div>
<div apple-content-edited="true">
<span class="Apple-style-span"><div><span class="Apple-style-span"><div><span class="Apple-style-span"><div>
<div><br></div>
<div><br></div>
</div></span></div></span></div></span><br class="Apple-interchange-newline">
</div>
<div>
<br><div>Begin forwarded message:</div>
<br class="Apple-interchange-newline"><blockquote type="cite">
<div>
<div>From: Arthur Barstow &lt;<a href="mailto:art.barstow <at> nokia.com">art.barstow <at> nokia.com</a>&gt;</div>
<div>Date: 2 April 2009 18:21:19 GMT+02:00</div>
<div>To: public-webapps &lt;<a href="mailto:public-webapps <at> w3.org">public-webapps <at> w3.org</a>&gt;</div>
<div>Subject: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31</div>
<div>Archived-At: &lt;<a href="http://www.w3.org/mid/120077F4-0B65-4032-B5A2-FA8FA1330695 <at> nokia.com">http://www.w3.org/mid/120077F4-0B65-4032-B5A2-FA8FA1330695 <at> nokia.com</a>&gt;</div>
<div><br></div> </div>
<div>On March 31 a new WD of the Widgets 1.0 Digital Signature spec was published and announced on the W3C's home page:<br><br>[[<br>2009-03-31: The Web Applications Working Group has published a Working Draft of Widgets 1.0: Digital Signatures. This document defines a profile of the XML Signature Syntax and Processing 1.1 specification to allow a widget package to be digitally signed. Widget authors and distributors can digitally sign widgets as a trust and quality assurance mechanism. Prior to instantiation, a user agent can use the digital signature to verify the integrity of the widget package and perform source authentication. This document specifies conformance requirements on both widget packages and user agents.<br>]]<br><br>Please review this new WD as soon as possible, preferably within the next two weeks:<br><br> &lt;<a href="http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/">http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/</a>&gt;<br><br>-Regards, Art Barstow<br><br>
</div>
</blockquote>
</div>
<br>
</div></div>
</div>
Permalink | Reply | 4 comments |
headers
Santosh Chokhani | 3 Apr 2009 17:22
Favicon

Re: Common labeled security (comment on CALIPSO, labeled NFSv4)

As part of MISSI and DMS, in mid to late 90's we did work on something
called Security Policy Information File (SPIF).

At high level SPIF entailed the following:

1.  It was ASN.1 based.
2.  It permitted you to convert the machine representation to human
readable representation.
3.  It permitted you to convert the human readable input to machine
representation.
4.  It mapped labels (hierarchical sensitivity levels and
non-hierarchical categories) from one labeling policy to another (i.e.,
establish equivalency mapping)
5.  It allowed you to constrain labels since for some policies,
existence of a category may mean some categories, levels, may be
included and/or excluded.

Different labeling policies were indicated by different policy OID.

Some of the concept from that work may be applicable here. 

> -----Original Message-----
> From: saag-bounces <at> ietf.org [mailto:saag-bounces <at> ietf.org] On 
> Behalf Of Nicolas Williams
> Sent: Thursday, April 02, 2009 11:44 AM
> To: saag <at> ietf.org
> Cc: labeled-nfs <at> linux-nfs.org; selinux <at> tycho.nsa.gov; 
> nfsv4 <at> ietf.org; nfs-discuss <at> opensolaris.org
> Subject: [saag] Common labeled security (comment on CALIPSO, 
> labeled NFSv4)
> 
> Over at the NFSv4 WG we've been having a discussion of a 
> labeled NFSv4 proposal.  [Note: NFSv4 WG and others cc'ed, 
> Reply-To: set to SAAG.]
> 
> An interop issue has arisen that we believe applies equally 
> to CALIPSO (draft-stjohns-sipso-11.txt)and requires input 
> from the IETF security area.
> 
> The issue is: how do do nodes in a labeled 
> network/application know if they agree on a common labeled 
> security policy for a given DOI?
> 
> Agreeing on a DOI is accomplished easily enough -- that's not 
> an issue.
> Agreeing on what a given numeric sensitivity level or 
> compartment bit means in a given DOI is quite another.  
> Without a solution to this we're left with out-of-band 
> agreement, which leaves interop in a lurch.
> 
> I think we need a generic MLS and DTE labeled security policy 
> document format that allows a DOI to define the names and 
> numeric assignments of sensitivity levels, compartments, etcetera.
> 
> We also need a way for nodes to agree that they have the same 
> policy for a given DOI, or that they agree on a common subset 
> of a DOI's policy.
> 
> This last problem can be solved by use of a labeled security 
> policy URI scheme that includes a version number (+ a 
> requirement that changes be in the form of additions and 
> obsolescence of old assignments, but not removals).
> 
> To recap: I think we need a) a common MLS and DTE labeled 
> security policy document format, b) a labeled security policy 
> URI scheme to refer to such documents by.
> 
> Given (a) and (b) NFSv4.x clients and servers would only have 
> to exchange {DOI #, policy URI} tuples to determine whether 
> they agree on a common policy.
> 
> Note that CALIPSO describes how to encode and compare MLS 
> labels on the wire, but it does not describe how nodes agree 
> on the meaning of particular sensitivity levels or 
> compartments.  Therefore CALIPSO is going to have much the 
> same problem as NFSv4.
> 
> Nico
> --
> _______________________________________________
> saag mailing list
> saag <at> ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
Permalink | Reply | 0 comments |
headers
Nicolas Williams | 3 Apr 2009 17:42
Picon

Re: Common labeled security (comment on CALIPSO, labeled NFSv4)

On Fri, Apr 03, 2009 at 11:22:38AM -0400, Santosh Chokhani wrote:
> As part of MISSI and DMS, in mid to late 90's we did work on something
> called Security Policy Information File (SPIF).

Oh, very nice!  Thanks for the pointer.  That would be ISO15816.  I've
found the spec, though it's non-free (hadn't they learned the lesson
with ASN.1??  will they ever learn it??).

> At high level SPIF entailed the following:
> 
> 1.  It was ASN.1 based.

Not surprisingly :)  Converting that to XML is probably the correct
first step in order to ensure adoption, sadly.  (Actually, apparently
that has already been done once, though outside the ISO/ITU-T.)

> 2.  It permitted you to convert the machine representation to human
> readable representation.
> 3.  It permitted you to convert the human readable input to machine
> representation.
> 4.  It mapped labels (hierarchical sensitivity levels and
> non-hierarchical categories) from one labeling policy to another (i.e.,
> establish equivalency mapping)
> 5.  It allowed you to constrain labels since for some policies,
> existence of a category may mean some categories, levels, may be
> included and/or excluded.
> 
> Different labeling policies were indicated by different policy OID.
> 
> Some of the concept from that work may be applicable here. 

I think so!  Except for the part about this spec being non-free.  I
think that means: start over in the IETF.

Nico
--

--
Permalink | Reply | 0 comments |
headers
Shawn Campbell | 3 Apr 2009 18:34

Re: Common labeled security (comment on CALIPSO, labeled NFSv4)

Similar activity with SILS 802.10 work involved SDE security labels.  Though that has been disbanded, some
of that may be a help in this area.

________________________________________
From: saag-bounces <at> ietf.org [saag-bounces <at> ietf.org] On Behalf Of Santosh Chokhani [SChokhani <at> cygnacom.com]
Sent: Friday, April 03, 2009 11:22 AM
To: saag <at> ietf.org
Cc: labeled-nfs <at> linux-nfs.org; nfs-discuss <at> opensolaris.org; nfsv4 <at> ietf.org; selinux <at> tycho.nsa.gov
Subject: Re: [saag] Common labeled security (comment on CALIPSO,        labeled NFSv4)

As part of MISSI and DMS, in mid to late 90's we did work on something
called Security Policy Information File (SPIF).

At high level SPIF entailed the following:

1.  It was ASN.1 based.
2.  It permitted you to convert the machine representation to human
readable representation.
3.  It permitted you to convert the human readable input to machine
representation.
4.  It mapped labels (hierarchical sensitivity levels and
non-hierarchical categories) from one labeling policy to another (i.e.,
establish equivalency mapping)
5.  It allowed you to constrain labels since for some policies,
existence of a category may mean some categories, levels, may be
included and/or excluded.

Different labeling policies were indicated by different policy OID.

Some of the concept from that work may be applicable here.

> -----Original Message-----
> From: saag-bounces <at> ietf.org [mailto:saag-bounces <at> ietf.org] On
> Behalf Of Nicolas Williams
> Sent: Thursday, April 02, 2009 11:44 AM
> To: saag <at> ietf.org
> Cc: labeled-nfs <at> linux-nfs.org; selinux <at> tycho.nsa.gov;
> nfsv4 <at> ietf.org; nfs-discuss <at> opensolaris.org
> Subject: [saag] Common labeled security (comment on CALIPSO,
> labeled NFSv4)
>
> Over at the NFSv4 WG we've been having a discussion of a
> labeled NFSv4 proposal.  [Note: NFSv4 WG and others cc'ed,
> Reply-To: set to SAAG.]
>
> An interop issue has arisen that we believe applies equally
> to CALIPSO (draft-stjohns-sipso-11.txt)and requires input
> from the IETF security area.
>
> The issue is: how do do nodes in a labeled
> network/application know if they agree on a common labeled
> security policy for a given DOI?
>
> Agreeing on a DOI is accomplished easily enough -- that's not
> an issue.
> Agreeing on what a given numeric sensitivity level or
> compartment bit means in a given DOI is quite another.
> Without a solution to this we're left with out-of-band
> agreement, which leaves interop in a lurch.
>
> I think we need a generic MLS and DTE labeled security policy
> document format that allows a DOI to define the names and
> numeric assignments of sensitivity levels, compartments, etcetera.
>
> We also need a way for nodes to agree that they have the same
> policy for a given DOI, or that they agree on a common subset
> of a DOI's policy.
>
> This last problem can be solved by use of a labeled security
> policy URI scheme that includes a version number (+ a
> requirement that changes be in the form of additions and
> obsolescence of old assignments, but not removals).
>
> To recap: I think we need a) a common MLS and DTE labeled
> security policy document format, b) a labeled security policy
> URI scheme to refer to such documents by.
>
> Given (a) and (b) NFSv4.x clients and servers would only have
> to exchange {DOI #, policy URI} tuples to determine whether
> they agree on a common policy.
>
> Note that CALIPSO describes how to encode and compare MLS
> labels on the wire, but it does not describe how nodes agree
> on the meaning of particular sensitivity levels or
> compartments.  Therefore CALIPSO is going to have much the
> same problem as NFSv4.
>
> Nico
> --
> _______________________________________________
> saag mailing list
> saag <at> ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
_______________________________________________
saag mailing list
saag <at> ietf.org
https://www.ietf.org/mailman/listinfo/saag
Permalink | Reply | 0 comments |
headers
Russ Housley | 3 Apr 2009 18:44

Re: Common labeled security (comment on CALIPSO, labeled NFSv4)

I really do not have time to write about all of my 
concerns.  However, once you get beyond the basic classifications, 
the SPIF model breaks.  They are markings that are only to be known 
to people that have the clearance for those markings, this leads to a 
SPIF distribution nightmare, as a subset of the real SPIF must be 
given out based on access (or not) to various compartments and 
such.  It just does not scale.

Russ

At 11:22 AM 4/3/2009, Santosh Chokhani wrote:
>As part of MISSI and DMS, in mid to late 90's we did work on something
>called Security Policy Information File (SPIF).
>
>At high level SPIF entailed the following:
>
>1.  It was ASN.1 based.
>2.  It permitted you to convert the machine representation to human
>readable representation.
>3.  It permitted you to convert the human readable input to machine
>representation.
>4.  It mapped labels (hierarchical sensitivity levels and
>non-hierarchical categories) from one labeling policy to another (i.e.,
>establish equivalency mapping)
>5.  It allowed you to constrain labels since for some policies,
>existence of a category may mean some categories, levels, may be
>included and/or excluded.
>
>Different labeling policies were indicated by different policy OID.
>
>Some of the concept from that work may be applicable here.
>
> > -----Original Message-----
> > From: saag-bounces <at> ietf.org [mailto:saag-bounces <at> ietf.org] On
> > Behalf Of Nicolas Williams
> > Sent: Thursday, April 02, 2009 11:44 AM
> > To: saag <at> ietf.org
> > Cc: labeled-nfs <at> linux-nfs.org; selinux <at> tycho.nsa.gov;
> > nfsv4 <at> ietf.org; nfs-discuss <at> opensolaris.org
> > Subject: [saag] Common labeled security (comment on CALIPSO,
> > labeled NFSv4)
> >
> > Over at the NFSv4 WG we've been having a discussion of a
> > labeled NFSv4 proposal.  [Note: NFSv4 WG and others cc'ed,
> > Reply-To: set to SAAG.]
> >
> > An interop issue has arisen that we believe applies equally
> > to CALIPSO (draft-stjohns-sipso-11.txt)and requires input
> > from the IETF security area.
> >
> > The issue is: how do do nodes in a labeled
> > network/application know if they agree on a common labeled
> > security policy for a given DOI?
> >
> > Agreeing on a DOI is accomplished easily enough -- that's not
> > an issue.
> > Agreeing on what a given numeric sensitivity level or
> > compartment bit means in a given DOI is quite another.
> > Without a solution to this we're left with out-of-band
> > agreement, which leaves interop in a lurch.
> >
> > I think we need a generic MLS and DTE labeled security policy
> > document format that allows a DOI to define the names and
> > numeric assignments of sensitivity levels, compartments, etcetera.
> >
> > We also need a way for nodes to agree that they have the same
> > policy for a given DOI, or that they agree on a common subset
> > of a DOI's policy.
> >
> > This last problem can be solved by use of a labeled security
> > policy URI scheme that includes a version number (+ a
> > requirement that changes be in the form of additions and
> > obsolescence of old assignments, but not removals).
> >
> > To recap: I think we need a) a common MLS and DTE labeled
> > security policy document format, b) a labeled security policy
> > URI scheme to refer to such documents by.
> >
> > Given (a) and (b) NFSv4.x clients and servers would only have
> > to exchange {DOI #, policy URI} tuples to determine whether
> > they agree on a common policy.
> >
> > Note that CALIPSO describes how to encode and compare MLS
> > labels on the wire, but it does not describe how nodes agree
> > on the meaning of particular sensitivity levels or
> > compartments.  Therefore CALIPSO is going to have much the
> > same problem as NFSv4.
> >
> > Nico
> > --
> > _______________________________________________
> > saag mailing list
> > saag <at> ietf.org
> > https://www.ietf.org/mailman/listinfo/saag
> >
>_______________________________________________
>saag mailing list
>saag <at> ietf.org
>https://www.ietf.org/mailman/listinfo/saag
Permalink | Reply | 0 comments |
headers
Nicolas Williams | 3 Apr 2009 18:51
Picon

Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)

On Fri, Apr 03, 2009 at 12:44:30PM -0400, Russ Housley wrote:
> I really do not have time to write about all of my 
> concerns.  However, once you get beyond the basic classifications, 
> the SPIF model breaks.  They are markings that are only to be known 
> to people that have the clearance for those markings, this leads to a 
> SPIF distribution nightmare, as a subset of the real SPIF must be 
> given out based on access (or not) to various compartments and 
> such.  It just does not scale.

I'm aware of the fact that labels can themselves be labeled.  But I
don't think that implies that we can't make a SPIF-like solution scale.

Peers that have access to different subsets of the policy should still
be able to interop if care is taken to specify what happens when a node
sees a label that falls outside its policy subset, and provided, of
course, that the peers can agree that they have subsets of the *same*
master policy.  Peers can check whether they do have subsets of the
*same* master policy by exchanging [for each DOI to both] a master
policy URI that includes a version number.

Nico
--

-- 
_______________________________________________
nfsv4 mailing list
nfsv4 <at> ietf.org
https://www.ietf.org/mailman/listinfo/nfsv4
Permalink | Reply | 0 comments |
headers
Santosh Chokhani | 3 Apr 2009 19:34
Favicon

Re: Common labeled security (comment on CALIPSO, labeled NFSv4)

The work I am mentioning was done for NSA and can be released if NSA is
ok with it.

I suspect NSA will be ok with it. 

> -----Original Message-----
> From: Nicolas Williams [mailto:Nicolas.Williams <at> sun.com] 
> Sent: Friday, April 03, 2009 11:43 AM
> To: Santosh Chokhani
> Cc: saag <at> ietf.org; labeled-nfs <at> linux-nfs.org; 
> nfs-discuss <at> opensolaris.org; nfsv4 <at> ietf.org; selinux <at> tycho.nsa.gov
> Subject: Re: [saag] Common labeled security (comment on 
> CALIPSO, labeled NFSv4)
> 
> On Fri, Apr 03, 2009 at 11:22:38AM -0400, Santosh Chokhani wrote:
> > As part of MISSI and DMS, in mid to late 90's we did work 
> on something 
> > called Security Policy Information File (SPIF).
> 
> Oh, very nice!  Thanks for the pointer.  That would be 
> ISO15816.  I've found the spec, though it's non-free (hadn't 
> they learned the lesson with ASN.1??  will they ever learn it??).
> 
> > At high level SPIF entailed the following:
> > 
> > 1.  It was ASN.1 based.
> 
> Not surprisingly :)  Converting that to XML is probably the 
> correct first step in order to ensure adoption, sadly.  
> (Actually, apparently that has already been done once, though 
> outside the ISO/ITU-T.)
> 
> > 2.  It permitted you to convert the machine representation to human 
> > readable representation.
> > 3.  It permitted you to convert the human readable input to machine 
> > representation.
> > 4.  It mapped labels (hierarchical sensitivity levels and 
> > non-hierarchical categories) from one labeling policy to another 
> > (i.e., establish equivalency mapping) 5.  It allowed you to 
> constrain 
> > labels since for some policies, existence of a category may 
> mean some 
> > categories, levels, may be included and/or excluded.
> > 
> > Different labeling policies were indicated by different policy OID.
> > 
> > Some of the concept from that work may be applicable here. 
> 
> I think so!  Except for the part about this spec being 
> non-free.  I think that means: start over in the IETF.
> 
> Nico
> -- 
>
Permalink | Reply | 0 comments |
headers
Santosh Chokhani | 3 Apr 2009 19:36
Favicon

Re: Common labeled security (comment on CALIPSO, labeled NFSv4)

Russ,

My thinking was that the features of SPIF that are not needed could be
discarded.

I was hoping that we could help the group save the baby and throw out
the bath water. 

> -----Original Message-----
> From: Russ Housley [mailto:housley <at> vigilsec.com] 
> Sent: Friday, April 03, 2009 12:45 PM
> To: Santosh Chokhani; saag <at> ietf.org
> Cc: labeled-nfs <at> linux-nfs.org; nfs-discuss <at> opensolaris.org; 
> nfsv4 <at> ietf.org; selinux <at> tycho.nsa.gov
> Subject: Re: [saag] Common labeled security (comment on 
> CALIPSO, labeled NFSv4)
> 
> I really do not have time to write about all of my concerns.  
> However, once you get beyond the basic classifications, the 
> SPIF model breaks.  They are markings that are only to be 
> known to people that have the clearance for those markings, 
> this leads to a SPIF distribution nightmare, as a subset of 
> the real SPIF must be given out based on access (or not) to 
> various compartments and such.  It just does not scale.
> 
> Russ
> 
> At 11:22 AM 4/3/2009, Santosh Chokhani wrote:
> >As part of MISSI and DMS, in mid to late 90's we did work on 
> something 
> >called Security Policy Information File (SPIF).
> >
> >At high level SPIF entailed the following:
> >
> >1.  It was ASN.1 based.
> >2.  It permitted you to convert the machine representation to human 
> >readable representation.
> >3.  It permitted you to convert the human readable input to machine 
> >representation.
> >4.  It mapped labels (hierarchical sensitivity levels and 
> >non-hierarchical categories) from one labeling policy to 
> another (i.e., 
> >establish equivalency mapping) 5.  It allowed you to 
> constrain labels 
> >since for some policies, existence of a category may mean some 
> >categories, levels, may be included and/or excluded.
> >
> >Different labeling policies were indicated by different policy OID.
> >
> >Some of the concept from that work may be applicable here.
> >
> > > -----Original Message-----
> > > From: saag-bounces <at> ietf.org 
> [mailto:saag-bounces <at> ietf.org] On Behalf 
> > > Of Nicolas Williams
> > > Sent: Thursday, April 02, 2009 11:44 AM
> > > To: saag <at> ietf.org
> > > Cc: labeled-nfs <at> linux-nfs.org; selinux <at> tycho.nsa.gov; 
> > > nfsv4 <at> ietf.org; nfs-discuss <at> opensolaris.org
> > > Subject: [saag] Common labeled security (comment on 
> CALIPSO, labeled 
> > > NFSv4)
> > >
> > > Over at the NFSv4 WG we've been having a discussion of a labeled 
> > > NFSv4 proposal.  [Note: NFSv4 WG and others cc'ed,
> > > Reply-To: set to SAAG.]
> > >
> > > An interop issue has arisen that we believe applies equally to 
> > > CALIPSO (draft-stjohns-sipso-11.txt)and requires input 
> from the IETF 
> > > security area.
> > >
> > > The issue is: how do do nodes in a labeled 
> network/application know 
> > > if they agree on a common labeled security policy for a given DOI?
> > >
> > > Agreeing on a DOI is accomplished easily enough -- that's not an 
> > > issue.
> > > Agreeing on what a given numeric sensitivity level or compartment 
> > > bit means in a given DOI is quite another.
> > > Without a solution to this we're left with out-of-band agreement, 
> > > which leaves interop in a lurch.
> > >
> > > I think we need a generic MLS and DTE labeled security policy 
> > > document format that allows a DOI to define the names and numeric 
> > > assignments of sensitivity levels, compartments, etcetera.
> > >
> > > We also need a way for nodes to agree that they have the 
> same policy 
> > > for a given DOI, or that they agree on a common subset of a DOI's 
> > > policy.
> > >
> > > This last problem can be solved by use of a labeled 
> security policy 
> > > URI scheme that includes a version number (+ a requirement that 
> > > changes be in the form of additions and obsolescence of old 
> > > assignments, but not removals).
> > >
> > > To recap: I think we need a) a common MLS and DTE labeled 
> security 
> > > policy document format, b) a labeled security policy URI 
> scheme to 
> > > refer to such documents by.
> > >
> > > Given (a) and (b) NFSv4.x clients and servers would only have to 
> > > exchange {DOI #, policy URI} tuples to determine whether 
> they agree 
> > > on a common policy.
> > >
> > > Note that CALIPSO describes how to encode and compare MLS 
> labels on 
> > > the wire, but it does not describe how nodes agree on the 
> meaning of 
> > > particular sensitivity levels or compartments.  Therefore 
> CALIPSO is 
> > > going to have much the same problem as NFSv4.
> > >
> > > Nico
> > > --
> > > _______________________________________________
> > > saag mailing list
> > > saag <at> ietf.org
> > > https://www.ietf.org/mailman/listinfo/saag
> > >
> >_______________________________________________
> >saag mailing list
> >saag <at> ietf.org
> >https://www.ietf.org/mailman/listinfo/saag
> 
>
Permalink | Reply | 0 comments |

Gmane