On Monday 26 June 2006 8:33 pm, James Morris wrote: > On Mon, 26 Jun 2006, Joe Nall wrote: > > For all of the EAL4 LSPP Linux evaluation work is being done by Red > > Hat/IBM/HP/atsec and others to be useful to integrators, there has to be > > basic (e.g. CIPSO) multilevel network interoperability with existing > > multilevel systems and good (e.g IPSec) multilevel networking between > > SELinux systems. > > Just to be clear, my understanding is that the native xfrm labeling is > suitable for LSPP evaluation, as distinct from CIPSO being desired by > system integrators from an interoperability point of view. >
True, but I believe the point Joe was trying to make was that providing support for only one labeling mechanism would limit the usefulness of the evaluated configuration. What good is a Common Criteria evaluation if it doesn't contain the features that user's require? -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
