Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)

Sean Turner <turners@ieca.com> Sun, 05 April 2009 01:33 UTC

Return-Path: <turners@ieca.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C43273A69D3 for <saag@core3.amsl.com>; Sat, 4 Apr 2009 18:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.42
X-Spam-Level:
X-Spam-Status: No, score=-2.42 tagged_above=-999 required=5 tests=[AWL=0.179, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9IKS7Ivi5Kgy for <saag@core3.amsl.com>; Sat, 4 Apr 2009 18:33:44 -0700 (PDT)
Received: from smtp103.biz.mail.re2.yahoo.com (smtp103.biz.mail.re2.yahoo.com [68.142.229.217]) by core3.amsl.com (Postfix) with SMTP id 72F9C3A69A1 for <saag@ietf.org>; Sat, 4 Apr 2009 18:33:44 -0700 (PDT)
Received: (qmail 7449 invoked from network); 5 Apr 2009 01:28:07 -0000
Received: from unknown (HELO sean-turners-macbook.local) (turners@96.231.127.114 with plain) by smtp103.biz.mail.re2.yahoo.com with SMTP; 5 Apr 2009 01:28:06 -0000
X-Yahoo-SMTP: qPTWNAeswBAtDTSn9GKlmmL3C90ke7grn_5n9To-
X-YMail-OSG: 4EMMffAVM1m9gDbmkuI2vcIlO5cP6zFIHh5nu5Ib1aDZ0aSIDhLnNrqU_GOQD9kmWSsWdr.63QxHwtX9oLZA7iPvICICjmB3hTikl_VQU.OV806jpwp_3293FG7o9FHWeKSRANYPJ3sMHA0NgrCwc_05A5MDoErcYkU3e_f1Vyhht.qHZsM5_vSZK_45Eygeri7.iR1X810YdHGYxGL15HWnFdS1IqAFAR3PL5Tvrsa.d2zTXVhZCHed.TOkhTw95xRQfzUg8upoW4j73GuER0oRZF1DRcfrJZ5zrQcvR9x5fSolywNzQdi0Vt3HT4W4VmKwB5f85gEIbGRj71E-
X-Yahoo-Newman-Property: ymail-3
Message-ID: <49D80922.9050700@ieca.com>
Date: Sat, 04 Apr 2009 21:28:02 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: Nicolas Williams <Nicolas.Williams@sun.com>
References: <20090402154402.GM1500@Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FF82@scygexch1.cygnacom.com> <20090403154253.GZ1500@Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FF9E@scygexch1.cygnacom.com> <20090403173655.GK1500@Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FFAF@scygexch1.cygnacom.com> <20090403191838.GM1500@Sun.COM> <FAD1CF17F2A45B43ADE04E140BA83D48A9FFBE@scygexch1.cygnacom.com> <20090403195704.GT1500@Sun.COM>
In-Reply-To: <20090403195704.GT1500@Sun.COM>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: selinux@tycho.nsa.gov, labeled-nfs@linux-nfs.org, nfsv4@ietf.org, saag@ietf.org, nfs-discuss@opensolaris.org, Santosh Chokhani <SChokhani@cygnacom.com>
Subject: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Apr 2009 01:33:44 -0000

Nico,

I usually try to find the corresponding ITU spec because I think ITU 
gives out all of it's ASN.1 modules freely?  Anyway, here's a link to 
the ITU-T X.841 Spec:
http://www.itu.int/ITU-T/asn1/database/itu-t/x/x841/2000/index.html

The one thing that's missing from the module is definitions for security 
categories.  Some suggested categories were defined in Annex B, but it's 
an informative annex so there's no ASN.1 freely available (they wouldn't 
allow them in the normative text/module).  Those categories are based on 
FIPS 188 (the syntax is not the same).

Note that some of the syntax for labels has made it's way to some 
IDs/RFCs notably RFC 2634.

spt

Nicolas Williams wrote:
> On Fri, Apr 03, 2009 at 03:51:46PM -0400, Santosh Chokhani wrote:
>> NSA document on SPIF also had ASN.1 module for SPIF.
> 
> Ah, good!  A link would be great.
> 
>> May be you can use the applicable concepts to get a head start on XML. 
> 
> If the ASN.1 module can be obtained freely then the XML follows
> trivially (and, as I said, has already been done).
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>