[anonsec] BYPASS OR PROTECT
Stephen Kent
kent at bbn.com
Mon Apr 9 05:28:35 PDT 2007
At 4:23 PM -0500 4/6/07, Nicolas Williams wrote:
>On Fri, Apr 06, 2007 at 05:14:42PM -0400, Stephen Kent wrote:
>> >That's the nature of policies consisting of ordered rulesets.
>>
>> This is not true for many access control models. We adopted the
>> ordered rule model because it was commonly employed in other
>> contexts, e.g., firewall filter rule, and because, with caching, it
>> works very well at layer 3.
>>
>> Also, recall that the 4301 processing model uses caches and that
>> calls for the SPD to be de-correlated, which implies no ordering. So,
>
>However, the access control semantics of RFC4301 depend on the SPD being
>ordered, and SPD de-correlation is intended to preserve the access
>control semantics of a pre-de-correlation, ordered SPD. N'est ce pas?
right.
> > although it still makes sense to offer an interface for an ordered
>> SPD to a human user to administer, if we talk about making changes to
>> an SPD dynamically, from an app, we are assuming that the correlated
>> SPD is used as the reference, and then we have to de-correlate it,
>> see what impact that has on extant SPD cache and SAD entries, etc.
>
>My view was that app-driven rules, in the model we'll describe, are
>inserted into a normal SPD and then de-correlation is done again in
>order to install the new SPD.
OK, then let's say so explicitly in our description of the nominal model.
>Implementors may choose to do this differently, provided that they
>maintain the same semantics.
right, but we need a precise nominal model, like 4301, to provide a
testable reference.
Steve
More information about the ANONSEC
mailing list