James Morris wrote: > On Fri, 29 Sep 2006, Paul Moore wrote: > > >>Unless I'm confusing something, there still may be a need for transitions >>if we want to support both IPsec and NetLabel labeling on the same >>connection. > > I'd prefer not to support this, as it's too complicated, and CIPSO is a > legacy protocol. > > Normal IPsec protection applied to CIPSO: yes, but not IPsec labeling and > CIPSO labeling on the same connection.
I tend to agree, I just can't see it being all that useful in the real world. However, each time it comes up (including the conference call earlier this week) it seems that people would prefer to use both at the same time. The good news is that it sounds like there is a reasonable solution (see the last email exchance between Venkat and myself). -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
