[11:28:54] dquigley joins the room
[13:15:38] trondmy joins the room
[13:16:23] <dquigley> Good afternoon Trond.
[13:17:38] <trondmy> Hi Dave!
[13:18:11] spencer joins the room
[13:18:29] <spencer> oh, hey, I am here
[13:18:36] <trondmy> Who's Spencer?
[13:19:24] <spencer> hello, trond
[13:19:37] <trondmy> :-)
[13:20:09] <dquigley> I think I've seen this Spencer once or twice. I think he is some guy who hangs around IETF NFSv4 meetings.
[13:20:51] <trondmy> I never see him outside them any more...
[13:23:37] beepy joins the room
[13:38:19] <spencer> I bet that was a fun sound
[13:39:10] <dquigley> Yea it was nice on the ears.
[13:40:02] <dquigley> He makes it sound so horrible :)
[13:41:00] <dquigley> Who is this?
[13:41:11] <trondmy> Tom Haynes...
[13:41:12] <spencer> tom is talking now
[13:41:25] <dquigley> haha
[13:41:47] <spencer> david black
[13:42:02] <dquigley> Yea I can recognize his voice now. I've just never heard Tom before.
[13:42:11] <spencer> :-)
[13:42:48] <dquigley> He is absolutely correct there.
[13:42:58] <dquigley> But that is how all MAC methods work
[13:43:03] <dquigley> thats is how TX works
[13:43:08] <dquigley> That is how SELinux works
[13:43:13] <dquigley> That is how SMACK works
[13:43:17] <dquigley> That is how everything out there is.
[13:43:42] <spencer> I will pass it along
[13:43:51] <dquigley> That is also how the BSD MAC mechanisms work as well
[13:43:58] <dquigley> so its the reality of the way the world works.
[13:44:29] <dquigley> Minor correction trond. Apparmor and Tomoyo are not label based
[13:44:37] <dquigley> A better comparison would be SELinux and SMACK
[13:44:50] <dquigley> Apparmor and Tomoyo would never use this
[13:45:45] <dquigley> Exactly
[13:47:43] <dquigley> Do you have examples of such organizations?
[13:48:14] <dquigley> I'm interested in addressing her concerns I'd just like to have a good idea.
[13:48:27] <dquigley> Can she not name them because they are unnamed govt people?
[13:48:32] <spencer> yes
[13:48:34] <dquigley> if so she can give me a POC
[13:48:40] <dquigley> I can talk to them on the inside if necessary
[13:49:21] <dquigley> ahh I think I'm starting to get the idea.
[13:51:36] <dquigley> So to partially answer her question. I think she has a situation where you have things like labeled databases and she wants to know if we are attempting to use a unified labeling scheme between other labeled entities and nfs? Am I correct in that?
[13:52:25] <dquigley> Eisler right?
[13:52:30] <beepy> yes
[13:52:37] <spencer> we may want to get the two of you connect, quigly
[13:52:44] <dquigley> Yea I think that would be a good idea
[13:53:01] <dquigley> I'm interested in talking with her and figuring out what some other usecases are
[13:53:11] <spencer> okay; will pass it along
[13:53:27] <beepy> spencer driving. i'm a passenger on this bus.
[13:53:39] <dquigley> But thats security policy
[13:54:05] <dquigley> Sounds good
[13:54:28] <dquigley> Well that is if the the server wants to implement an enforcement mechanism
[13:54:46] <dquigley> Yea the LFS
[13:55:01] <dquigley> That is true
[13:57:08] <dquigley> Yea
[13:57:17] <dquigley> there is DOE vs DOD MLS labels
[13:58:12] <dquigley> That sounds like another really good use of the labels
[13:58:39] <dquigley> I could definitely see someone using the label field to hold that information and registering a LFS for it
[13:58:50] <dquigley> and then having an enforcement mechanism on their machines to process them
[13:59:19] <dquigley> one thing I considered with the labels and presented at Anaheim was some sort of regulatory compliance 
[13:59:25] <dquigley> which is the use case that she is touching on there
[13:59:40] <spencer> okay, good input overall today
[13:59:42] <dquigley> I think 4.2 from the Labeled NFS perspective should be what I typed in an earlier email
[13:59:44] <beepy> got it. 
[13:59:50] <dquigley> let me copy and paste it here really quick for the record
[14:00:05] <dquigley> Ok
[14:00:07] <dquigley> Yea I agree
[14:00:26] <dquigley> Well without RPCSEC_GSSv3 the server can't enforce policy in any reasonable way
[14:00:46] <dquigley> So this is what we should add into 4.2
[14:01:02] <dquigley> For now I agree with David Black
[14:01:05] <dquigley> I think thats a good approach
[14:01:15] <dquigley> I agree
[14:01:36] <dquigley> For now that is absolutely tre
[14:01:37] <dquigley> true
[14:01:39] <dquigley> later on we can fix that
[14:01:40] <dquigley> but
[14:01:47] <dquigley> for an initial pass I think that is an acceptabl
[14:01:50] <dquigley> solution
[14:02:03] <dquigley> Yea they do that by mapping labels from connections
[14:03:40] <dquigley> What was the Lady's name that was speaking earlier?
[14:03:55] <spencer> uh, will need to get that
[14:03:59] <trondmy> Not from connections but from RPCSEC_GSSv3 sessions
[14:04:21] <trondmy> You can certainly add info in the filehandle to tell the server whether or not the
[14:04:36] <trondmy> client went through the labeled nfs path or not.
[14:04:37] <dquigley> We have use cases for that inside the DoD
[14:05:01] <dquigley> We have someone authenticate with certain credentials so we want to say that they operate at a certain MLS level
[14:05:13] <dquigley> so they have access to certain MLS levels on the system
[14:05:40] <dquigley> The thing is though this is why we separated enforcement from mechaism
[14:05:47] <dquigley> this is why its a tenant of SELinux as well
[14:05:49] <beepy> Kathleen Moriarty - EMC (RSA?)
[14:05:56] <dquigley> Cool
[14:05:57] <dquigley> Thanks
[14:06:46] <dquigley> Computers work so much better with Car analogies :)
[14:07:58] <dquigley> Yea there are quite a few nits and clarifications that need to be made
[14:08:02] <dquigley> do we want one draft?
[14:08:04] <dquigley> if so what is in it?
[14:08:08] <dquigley> is it just the NFSv4.1 changes?
[14:08:21] <dquigley> should it have any enforcement mode details or does it punt to another document
[14:08:37] <beepy> discuss on dive in call
[14:08:40] <spencer> thanks dave
[14:08:43] <dquigley> Cool
[14:09:06] <dquigley> is there some sort of virtual blue sheet for remote people?
[14:09:16] nacho319 joins the room
[14:09:32] <dquigley> nacho?
[14:09:38] <nacho319> hi
[14:10:48] <dquigley> Trying to hear David black in the background :)
[14:11:01] <nacho319> Are the labels really authority based or classification based?
[14:11:18] <dquigley> So it depends on the enforcing mechism
[14:11:26] <nacho319> If we work on a set of "standard" labels, how much are you willing to contribute to that?
[14:11:53] <dquigley> I'm willing to write and contribute review to drafts
[14:12:04] <dquigley> I would need to see specific details about it.
[14:12:24] beepy leaves the room
[14:12:24] <dquigley> If it also helps I'm fully cleared so I can talk with internal customers about classified details as well
[14:12:35] <dquigley> if you have such customers
[14:13:03] <dquigley> any chance of asking david black to talk a bit closer to the microphone?
[14:13:42] <nacho319> done
[14:13:44] <dquigley> yea 
[14:13:44] <spencer> oh, you guys are having the after meeting; like the after party
[14:13:46] <dquigley> Thank you :)
[14:14:00] <nacho319> not sure if it will help
[14:14:10] <dquigley> So back to label type
[14:14:22] <dquigley> SELinux labels are a combination of both.
[14:14:36] <dquigley> SELinux labels really enforce several different models
[14:14:38] <dquigley> one is an MLS component
[14:14:46] <dquigley> so there is a sensitivity classification there.
[14:14:47] <nacho319> I also work with the cloudbase folks and the CDS people related to that effort - they might have some interest here
[14:14:54] <dquigley> Cool
[14:16:21] <dquigley> The main aspect of SELinux is type enforcement though
[14:16:40] <dquigley> which is a mechaism of describing program behavior within a system
[14:16:51] <dquigley> so security labels for selinux have this form
[14:17:04] <dquigley> user_component:role_component:type_component:MLS
[14:17:45] <dquigley> David Black is 100% accureate with that statement
[14:17:56] <dquigley> that something else is something like an EMC or NetApp storage appliance
[14:18:11] <nacho319> Dave: I or T or something else?
[14:18:35] <dquigley> I'm not sure I understand the question?
[14:18:57] <dquigley> are you asking divisions?
[14:19:32] <dquigley> Use to be R but now green.
[14:19:38] <nacho319> R
[14:19:41] <nacho319> ahhh
[14:19:43] <dquigley> R23
[14:19:47] <dquigley> SELinux Team
[14:19:48] <nacho319> really?
[14:19:50] <dquigley> yea
[14:19:57] <nacho319> okay
[14:20:02] <dquigley> You blue?
[14:20:11] <nacho319> SEI/CERT
[14:20:11] <dquigley> or green as well working for blue?
[14:20:15] <dquigley> Cool
[14:20:26] <dquigley> Yea I use to be on the SELinux team at the agency
[14:20:33] <nacho319> got it
[14:20:41] <dquigley> I still work with them on this work
[14:20:44] <dquigley> just on my own time instead
[14:20:49] <nacho319> ahhh
[14:21:12] <nacho319> I gotta run - good luck
[14:21:12] trondmy leaves the room
[14:21:16] <dquigley> Thanks
[14:21:43] <nacho319> Drop me a note if I can help later; I used to work for someone NetApp acquired and I can drop by and visit you too
[14:21:49] <dquigley> I agree with David black on the label translation part
[14:21:51] <dquigley> it isn't easy
[14:21:57] <dquigley> its semantic data as well
[14:22:04] <dquigley> Cool
[14:22:09] <dquigley> do you have an email I can use?
[14:22:26] <dquigley> shoot me an email at dpquigl@davequigley.com and we can figure something out.
[14:22:45] <dquigley> Label translation in SELinux will be more difficult
[14:23:18] <nacho319> inacio@cert.org <mailto:inacio@cert.org>
[14:24:12] nacho319 leaves the room
[14:31:20] spencer leaves the room: Computer went to sleep
[15:50:01] nico joins the room
[15:50:11] <nico> hi Dave
[17:18:29] nico leaves the room