Thursday November 15, 2007 Bill Sommerfeld's Weblog
Still Under Construction. Watch for falling objects
Thursday November 15, 2007 I'm in the midst of building our own flavor of labelled IPsec for Trusted Extensions, and took a look at what the "competition" (specifically, SELinux) is doing. I was surprised to notice that (at least if the ipsec-tools-0.7 source is to be believed) they've grabbed a codepoint assigned to RFC 3168 (Explicit Congestion Negotiation) rather than actually asking for one to be assigned via the normal IANA processes, or using the long-defined but rarely used capabilities of ikev1 to carry a sensitivity label.
It looks like racoon2 gets this right (but doesn't have the SElinux security context support).
I can't be the first person to notice this, can I?
Post a Comment:
Comments are closed for this entry.
Calendar
| « October 2009 | ||||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 | 29 | 30 | 31 |
| Today | ||||||
RSS Feeds
All
/General
/IETF
/IPsec
/Music
/OpenSolaris
/Solaris
Search
Links
- Team IPsec
- Bill Sommerfeld
- Dan McDonald
Probably not, but its linux. Your standard is wrong, you should change to take into account that were are now using it - have a good day
Posted by kangcool on November 15, 2007 at 04:31 PM EST #
Assuming your observations are correct (and I don't doubt that they are), this wouldn't be the first time the Linux community has side-stepped standards. Hence their use of the same fdisk partition type that was assigned to Solaris for their swap partitions...
Posted by Rich Teer on November 16, 2007 at 10:24 AM EST #