Hello, I wanted to send a quick note to the list in support of the latest SIPSO/CALIPSO draft. I've been reviewing several versions of this specification and feel it addresses an important (albeit small) need for an IPv6 security label specification. I would gladly support publishing the CALIPSO specification as an RFC so that the labeled security community has a well defined, interoperable spec it can use to move forward with IPv6.
As the labeled networking maintainer for the Linux Kernel I've been responsible for the implementation and support of IPv4 labeled networking protocols, FIPS-188 aka CIPSO, and I know how important this functionality is for the labeled security mechanisms (SELinux, Smack) which rely on it. Linux currently lacks an interoperable form of labeled networking for IPv6 due to a lack of a recognized specification; the SIPSO/CALIPSO spec could change that if published. I have started a prototype implementation of the CALIPSO spec with the intent of adding it to future Linux Kernel releases, assuming the spec is published. Thanks. -- paul moore linux @ hp -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
