[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [redhat-lspp] Re: [RFC 3/7] NetLabel: CIPSOv4 engine
- From: Paul Moore <paul moore hp com>
- To: James Morris <jmorris namei org>
- Cc: Joe Nall <joe nall com>, jmorris redhat com, Stephen Smalley <sds epoch ncsc mil>, RedHat LSPP <redhat-lspp redhat com>, linux-security-module vger kernel org, SELinux List <selinux tycho nsa gov>, netdev vger kernel org, Steve Grubb <sgrubb redhat com>, David Miller <davem davemloft net>
- Subject: Re: [redhat-lspp] Re: [RFC 3/7] NetLabel: CIPSOv4 engine
- Date: Mon, 26 Jun 2006 22:45:02 -0400
On Monday 26 June 2006 8:33 pm, James Morris wrote:
> On Mon, 26 Jun 2006, Joe Nall wrote:
> > For all of the EAL4 LSPP Linux evaluation work is being done by Red
> > Hat/IBM/HP/atsec and others to be useful to integrators, there has to be
> > basic (e.g. CIPSO) multilevel network interoperability with existing
> > multilevel systems and good (e.g IPSec) multilevel networking between
> > SELinux systems.
>
> Just to be clear, my understanding is that the native xfrm labeling is
> suitable for LSPP evaluation, as distinct from CIPSO being desired by
> system integrators from an interoperability point of view.
>
True, but I believe the point Joe was trying to make was that providing
support for only one labeling mechanism would limit the usefulness of the
evaluated configuration. What good is a Common Criteria evaluation if it
doesn't contain the features that user's require?
--
paul moore
linux security @ hp
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]