> > Unless I'm confusing something, there still may be a need > for transitions > > if we want to support both IPsec and NetLabel labeling on the same > > connection. > > I'd prefer not to support this, as it's too complicated,
Actually, from my vantage point, it actually seems "natural". > and > CIPSO is a > legacy protocol. Sure. > > Normal IPsec protection applied to CIPSO: yes, but not IPsec > labeling and > CIPSO labeling on the same connection. One use case example can be one SA for Secret in combination with any/all/none of the compartments. And another SA for Top Secret ... - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html