[redhat-lspp] Re: [RFC 3/7] NetLabel: CIPSOv4 engine
Paul Moore
paul.moore at hp.com
Tue Jun 27 02:45:02 UTC 2006
On Monday 26 June 2006 8:33 pm, James Morris wrote:
> On Mon, 26 Jun 2006, Joe Nall wrote:
> > For all of the EAL4 LSPP Linux evaluation work is being done by Red
> > Hat/IBM/HP/atsec and others to be useful to integrators, there has to be
> > basic (e.g. CIPSO) multilevel network interoperability with existing
> > multilevel systems and good (e.g IPSec) multilevel networking between
> > SELinux systems.
>
> Just to be clear, my understanding is that the native xfrm labeling is
> suitable for LSPP evaluation, as distinct from CIPSO being desired by
> system integrators from an interoperability point of view.
>
True, but I believe the point Joe was trying to make was that providing
support for only one labeling mechanism would limit the usefulness of the
evaluated configuration. What good is a Common Criteria evaluation if it
doesn't contain the features that user's require?
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list