Re: help, I need info

Gary Winiger <> Sat, 11 April 1992 01:48 UTC

Received: from by ietf.NRI.Reston.VA.US id aa04892; 10 Apr 92 21:48 EDT
Received: from by NRI.Reston.VA.US id aa11063; 10 Apr 92 21:51 EDT
Received: by (5.61+++/WDL-3.10) id AA25155; Fri, 10 Apr 92 17:46:15 -0700
Received: from Sun.COM by (5.61+++/WDL-3.10) id AA25148; Fri, 10 Apr 92 17:46:09 -0700
Received: from EBay.Sun.COM (female.EBay.Sun.COM) by Sun.COM (4.1/SMI-4.1) id AA11560; Fri, 10 Apr 92 17:45:57 PDT
Received: from marduk.Sun.COM by EBay.Sun.COM (4.1/SMI-4.1) id AA19275; Fri, 10 Apr 92 17:45:56 PDT
Received: by marduk.Sun.COM (4.1/SMI-4.1) id AA01839; Fri, 10 Apr 92 17:48:36 PDT
Date: Fri, 10 Apr 92 17:48:36 PDT
From: Gary Winiger <>
Message-Id: <9204110048.AA01839@marduk.Sun.COM>
Subject: Re: help, I need info

>>> Submissions to the tsig list:
>>> Additions/deletions/questions:
>>> Archive Server:

>Vendor name:

	Sun Microsystems

>What is the status of your CIPSO work?

	As you know Sun developed the CIPSO for use in SunOS MLS well before
TSIG even existed.  The principle participants were: Katie Addison, John 
Sancho, Olin Sibert, and myself (Gary Winiger).  We presented our Networking
work at the October 1988 NCSC conference in a paper by Katie and John.  At that
time we had a running implementation based on the CIPSO.  We started proposing
it to the internet community for acceptance as a new standard when Olin Sibert`
in the fall of 1988 sent mail to Joyce Reynolds or Jon Postel (I don't remember
which and can't find my mail archive of those transactions) requesting guidance
on getting an IP option number.  Through that set of conversations and
subsequent ones and a subsequent meeting with Steve Kent in January of 1989 we
refined the design and presented it to TSIG (Before TSIG had a name).  I also
authored a paper for InterOP 89 which became the basis for the RFC that TSIG
has proposed (this was formatted by Mark Powers -- also Sun).

	Sun has used the CIPSO in its SunOS MLS product.  It continues
to use it in its SunOS CMW product (based on SecureWare's MAXSIX 1.0).
Code is implemented.  SunOS MLS 1.0 went through official customer release
and was a standard Sun product.  Its first customer ship was in December of
1989.  It is no longer supported or orderable.  It has been superseded by
SunOS CMW 1.0.  Developer's releases of SunOS CMW have been shipped.  We are
in the process of completing the Beta release which is scheduled to be
available in May.  FCS is scheduled for late 1992 with a follow on 1.0.1
product to pick up new hardware.

	The next follow on SunOS CMW products will be based on the CIPSO as
used in SecureWare's MAXSIX 2.x.

	The NCSC/DIA evaluation of SunOS CMW 1.0 includes the use of the CIPSO
to pass various ``security attributes,'' including Sensitivity Label, at the
IP layer.

	Sun is committed to the appropriate use of the CIPSO.

>What type of customers do you have that are using CIPSO?  (i.e. US
>Government, Foreign government, DOD, commercial)

	All those listed.

>Can I report at the meeting, unofficially, the status of your CIPSO work using
>your company name? 

	I guess so.  We've never made a secret of our support for the CIPSO --
after all it started here in 1987/1988 when we were totally unsuccessful
getting information from the DCA on how to use the IPSO/RIPSO at all much less
for our needs in SunOS MLS.


P.S.	Since I've been involved in other parts of the SunOS CMW product, I've
been out of the loop on where things stand, but have tried to follow along as
time has permitted.  Good luck with the meeting.  I wish I could be there
to see how they can continue to argue that only the DoD can use IP options.