[Labeled-nfs] Labeled RPC & NFS
J. Bruce Fields
bfields at fieldses.org
Mon Dec 3 10:37:04 EST 2007
On Fri, Nov 30, 2007 at 11:45:54AM +1100, James Morris wrote:
> It does not have to be the only possible mechanism. A distinct security
> flavor as you have proposed may be useful when other security mechanisms
> are in place (e.g. labeled IPsec, trusted networks), and it may also be
> useful to try and add provisions for MAC labeling to v3 of GSS_API as a
> future option.
>
> However, I think that to get something practical up and running soon which
> is also acceptable to the IETF, I think we need to first determine if a
> security OP approach:
>
> a) can meet our needs, and
> b) will be acceptable to IETF and NFS maintainers.
>
> If anyone with more understanding of IETF thinking in these areas has some
> comments, please let us know your thoughts.
>
> Btw, my feeling on the IETF process is that we need to reach broad
> consensus on major aspects of this project first within the Linux security
> and Linux NFS communities before officially engaging in the IETF process
> Does this seem correct?
The ietf group is extremely focused on getting 4.1 done (and they
haven't been accepting new features for 4.1 for a long time), so I
wouldn't expect a lot of interest at this point.
On the other hand, it can be good to make everyone feel they're in the
loop from the beginning. So I guess you might consider sending that
list the occasional heads up. I just wouldn't expect much attention at
this point.
Well, who knows.
--b.
More information about the Labeled-nfs
mailing list