James Morris wrote: > On Thu, 19 Oct 2006, Venkat Yekkirala wrote: > > >>I am not sure encoding multiple secids on the secmark is feasible >>or desirable. I will have to rely on Stephen and others to weigh in >>here. > > I don't see why not -- would a system really need more that 64k distinct > security contexts over the wire?
Thinking strictly from a TE point of view 64k is quite a bit, however if we throw in MLS it shrinks really quickly when you add all of the possibile combinations of sensitivity level plus categories. Maybe somebody from TCS or the Lenny/Joe/Ted team can describe a typical scenario, but from the limited label encodings I have seen 15/16 bits just doesn't seem like enough. -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
