Yaron Sheffer wrote:
This work item proposes to extend IKEv2 (and IKEv1) so as to allow IPsec to be
used in environments that require Mandatory Access Control. It is envisioned
that this will be used by modern high-security operating systems, that go
beyond the currently supported Multilevel Security (MLS).
Proposed starting point:
http://tools.ietf.org/html/draft-jml-ipsec-ikev2-security-context-01 and
http://tools.ietf.org/html/draft-jml-ipsec-ikev1-security-context-01.
Please reply to the list:
I have no interest in this work.
I am not convinced that this work has very broad interest. I think that
in most cases, this work can be done with vendor extensions until it is
finished, at which point an Informational RFC could ask for IANA
assigned values, and be published.
I am unclear if this work has any mainstream value without an IPsec API.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
