Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
Sean Turner <turners@ieca.com> Sun, 05 April 2009 01:33 UTC
Return-Path: <turners@ieca.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C43273A69D3 for <saag@core3.amsl.com>; Sat, 4 Apr 2009 18:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.42
X-Spam-Level:
X-Spam-Status: No, score=-2.42 tagged_above=-999 required=5 tests=[AWL=0.179, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9IKS7Ivi5Kgy for <saag@core3.amsl.com>; Sat, 4 Apr 2009 18:33:44 -0700 (PDT)
Received: from smtp103.biz.mail.re2.yahoo.com (smtp103.biz.mail.re2.yahoo.com [68.142.229.217]) by core3.amsl.com (Postfix) with SMTP id 72F9C3A69A1 for <saag@ietf.org>; Sat, 4 Apr 2009 18:33:44 -0700 (PDT)
Received: (qmail 7449 invoked from network); 5 Apr 2009 01:28:07 -0000
Received: from unknown (HELO sean-turners-macbook.local) (turners@96.231.127.114 with plain) by smtp103.biz.mail.re2.yahoo.com with SMTP; 5 Apr 2009 01:28:06 -0000
X-Yahoo-SMTP: qPTWNAeswBAtDTSn9GKlmmL3C90ke7grn_5n9To-
X-YMail-OSG: 4EMMffAVM1m9gDbmkuI2vcIlO5cP6zFIHh5nu5Ib1aDZ0aSIDhLnNrqU_GOQD9kmWSsWdr.63QxHwtX9oLZA7iPvICICjmB3hTikl_VQU.OV806jpwp_3293FG7o9FHWeKSRANYPJ3sMHA0NgrCwc_05A5MDoErcYkU3e_f1Vyhht.qHZsM5_vSZK_45Eygeri7.iR1X810YdHGYxGL15HWnFdS1IqAFAR3PL5Tvrsa.d2zTXVhZCHed.TOkhTw95xRQfzUg8upoW4j73GuER0oRZF1DRcfrJZ5zrQcvR9x5fSolywNzQdi0Vt3HT4W4VmKwB5f85gEIbGRj71E-
X-Yahoo-Newman-Property: ymail-3
Message-ID: <49D80922.9050700@ieca.com>
Date: Sat, 04 Apr 2009 21:28:02 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: Nicolas Williams <Nicolas.Williams@sun.com>
References: <20090402154402.GM1500@Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FF82@scygexch1.cygnacom.com> <20090403154253.GZ1500@Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FF9E@scygexch1.cygnacom.com> <20090403173655.GK1500@Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FFAF@scygexch1.cygnacom.com> <20090403191838.GM1500@Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FFBE@scygexch1.cygnacom.com> <20090403195704.GT1500@Sun.COM>
In-Reply-To: <20090403195704.GT1500@Sun.COM>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: selinux@tycho.nsa.gov, labeled-nfs@linux-nfs.org, nfsv4@ietf.org, saag@ietf.org, nfs-discuss@opensolaris.org, Santosh Chokhani <SChokhani@cygnacom.com>
Subject: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Apr 2009 01:33:44 -0000
Nico, I usually try to find the corresponding ITU spec because I think ITU gives out all of it's ASN.1 modules freely? Anyway, here's a link to the ITU-T X.841 Spec: http://www.itu.int/ITU-T/asn1/database/itu-t/x/x841/2000/index.html The one thing that's missing from the module is definitions for security categories. Some suggested categories were defined in Annex B, but it's an informative annex so there's no ASN.1 freely available (they wouldn't allow them in the normative text/module). Those categories are based on FIPS 188 (the syntax is not the same). Note that some of the syntax for labels has made it's way to some IDs/RFCs notably RFC 2634. spt Nicolas Williams wrote: > On Fri, Apr 03, 2009 at 03:51:46PM -0400, Santosh Chokhani wrote: >> NSA document on SPIF also had ASN.1 module for SPIF. > > Ah, good! A link would be great. > >> May be you can use the applicable concepts to get a head start on XML. > > If the ASN.1 module can be obtained freely then the XML follows > trivially (and, as I said, has already been done). > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- [saag] Common labeled security (comment on CALIPS… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Shawn Campbell
- Re: [saag] Common labeled security (comment on CA… Russ Housley
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Kurt Zeilenga
- Re: [saag] Common labeled security (comment on CA… Russ Housley
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Kurt Zeilenga
- Re: [saag] Common labeled security (comment on CA… Sean Turner
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Santosh Chokhani
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] Common labeled security (comment on CA… Russ Housley
- Re: [saag] Common labeled security (comment on CA… Nicolas Williams
- Re: [saag] [Labeled-nfs] Common labeled security … Santosh Chokhani
- Re: [saag] [Labeled-nfs] Common labeled security … Nicolas Williams
- Re: [saag] [Labeled-nfs] Common labeled security … Casey Schaufler
- Re: [saag] [Labeled-nfs] Common labeled security … Casey Schaufler
- Re: [saag] [Labeled-nfs] Common labeled security … Nicolas Williams
- Re: [saag] [nfsv4] [Labeled-nfs] Common labeled s… James Morris
- Re: [saag] [Labeled-nfs] Common labeled security … Santosh Chokhani
- Re: [saag] [Labeled-nfs] Common labeled security … Casey Schaufler
- Re: [saag] [nfsv4] [Labeled-nfs] Common labeled s… Nicolas Williams
- Re: [saag] [Labeled-nfs] Common labeled security … Santosh Chokhani
- Re: [saag] [Labeled-nfs] Common labeled security … Nicolas Williams
- Re: [saag] [Labeled-nfs] Common labeled security … Jarrett Lu
- Re: [saag] [Labeled-nfs] Common labeled security … James Morris
- Re: [saag] [Labeled-nfs] Common labeled security … Nicolas Williams
- Re: [saag] [Labeled-nfs] Common labeled security … Casey Schaufler