[redhat-lspp] LSPP Development Telecon 10/16/2006 Minutes
Paul Moore
paul.moore at hp.com
Thu Oct 19 21:35:27 UTC 2006
James Morris wrote:
> On Thu, 19 Oct 2006, Paul Moore wrote:
>
>>Thinking strictly from a TE point of view 64k is quite a bit, however if we
>>throw in MLS it shrinks really quickly when you add all of the possibile
>>combinations of sensitivity level plus categories. Maybe somebody from TCS or
>>the Lenny/Joe/Ted team can describe a typical scenario, but from the limited
>>label encodings I have seen 15/16 bits just doesn't seem like enough.
>
> It can be an arbitrary split, so that e.g. internal labels have 2^10 and
> external 2^22 or something. I really doubt that there will be many
> internal labels. Generally, they're only going to carry information about
> well known services (ports) and perhaps some node & netif info.
That might work out a little better. I wonder how hard it would be to make the
split configurable and if it would even be worth it?
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list