Scott Brickner writes:
Steve Reid writes:
Really, the apropriate place for content filtering is at the application layer. It *could* be done at the transport layer, but that's really not the place for it.
Izzat so? So explain to me what the difference between the PICS type ratings and security classifications is.
Clearly the IETF believed that the network layer was an appropriate place for general classification when they developed IPv4. I haven't verified it, but I suspect that IPv6 has (or will have) an appropriate mechanism for indicating security classification.
That's not at all clear. The IETF did not sit down in committee and "develop IPv4" (thank god). And I've not seen any evidence that it was designed with support for security labels in mind. Personally, I agree with Steve that, even though IP *may* be used to propagate security options, it isn't the "right" place. One problem with labeling things at the transport level is that this requires support for the labels throughout the operating system(s) on which the "content" is generated (at least for a "real" multi-user system with a potentially mixed adult/child user base) or through which it flows. The operating system has to carry labels around in conjunction with each and every process and file on the system in order that the low-level software will be able to accurately label IP datagrams. And this OS support is both difficult to implement and onerous to the users and applications running on that platform -- otherwise, we'd all be running on TCSEC B-level operating systems right now. Fundamentally, the decision boils down to whether you want the labeling to be mandatory (as with DoD security labels) or voluntary as with PICS. -- Jeff