[redhat-lspp] [PATCH] lsm-secpeer for IPSec labels
Stephen Smalley
sds at tycho.nsa.gov
Fri Sep 16 20:15:22 UTC 2005
On Fri, 2005-09-16 at 15:49 -0400, Roe, William H. wrote:
> Stephen,
>
> Not including the list was an oversight on my part.
>
> So, are you convinced that this scheme will allow for a PL4
> accreditation? E.g. Secret cleared users on the same network.
Again, I am not an accreditor. But I don't see technical obstacles that
prevent this approach from providing the same security functionality as
an explicit labeling mechanism like CIPSO, and it seems that this
approach has technical advantages in terms of the overall security that
is provided.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list