Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)

Nicolas Williams <> Mon, 06 April 2009 17:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8682D3A6CDB; Mon, 6 Apr 2009 10:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.817
X-Spam-Status: No, score=-5.817 tagged_above=-999 required=5 tests=[AWL=0.229, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6VwAKV3DArst; Mon, 6 Apr 2009 10:00:39 -0700 (PDT)
Received: from (brmea-mail-1.Sun.COM []) by (Postfix) with ESMTP id C92893A6CB6; Mon, 6 Apr 2009 10:00:39 -0700 (PDT)
Received: from ([]) by (8.13.6+Sun/8.12.9) with ESMTP id n36H1j46013703; Mon, 6 Apr 2009 17:01:45 GMT
Received: from binky.Central.Sun.COM (binky.Central.Sun.COM []) by (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id n36H1jdF030595; Mon, 6 Apr 2009 11:01:45 -0600 (MDT)
Received: from binky.Central.Sun.COM (localhost []) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3) with ESMTP id n36GMQAG004527; Mon, 6 Apr 2009 11:22:26 -0500 (CDT)
Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.3+Sun/8.14.3/Submit) id n36GMQP1004526; Mon, 6 Apr 2009 11:22:26 -0500 (CDT)
X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to using -f
Date: Mon, 6 Apr 2009 11:22:26 -0500
From: Nicolas Williams <>
To: Santosh Chokhani <>
Message-ID: <20090406162226.GX1500@Sun.COM>
References: <20090402154402.GM1500@Sun.COM> <> <> <> <> <> <> <20090406151606.GQ1500@Sun.COM> <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.7i
Cc:,, Kurt Zeilenga <>,,,
Subject: Re: [saag] Common labeled security (comment on CALIPSO, labeled NFSv4)
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Apr 2009 17:00:40 -0000

On Mon, Apr 06, 2009 at 11:51:38AM -0400, Santosh Chokhani wrote:
> Either you need equivalency or not.
> If you do not, that part of SPIF can be stripped off.
> If you do need one, the complexity, scalability, and interoperability of
> other alternatives should be assessed against SPIF approach.

Indeed.  I think, however, that it will be necessary to support policies
parts of which are classified differently from each other.  It'd be nice
to be able to get rid of such a complication.

But you can see why this is needed.  Remember that during WWII very few
people on the Allied side knew about some of the cryptanalysis efforts
being made, and, IIRC, all such information was classified as "Ultra"
and no one who didn't have Ultra clearance was allowed to know that
Ultra existed (presumably because public knowledge of such a
classification might have caused the enemy to wonder).

Today the names and existence of specific compartments rather than
specific sensitivity level, are likley to be the cause of thie