[redhat-lspp] LSPP Development Telecon 10/16/2006 Minutes
Paul Moore
paul.moore at hp.com
Thu Oct 19 21:08:24 UTC 2006
James Morris wrote:
> On Thu, 19 Oct 2006, Venkat Yekkirala wrote:
>
>
>>I am not sure encoding multiple secids on the secmark is feasible
>>or desirable. I will have to rely on Stephen and others to weigh in
>>here.
>
> I don't see why not -- would a system really need more that 64k distinct
> security contexts over the wire?
Thinking strictly from a TE point of view 64k is quite a bit, however if we
throw in MLS it shrinks really quickly when you add all of the possibile
combinations of sensitivity level plus categories. Maybe somebody from TCS or
the Lenny/Joe/Ted team can describe a typical scenario, but from the limited
label encodings I have seen 15/16 bits just doesn't seem like enough.
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list