Re: [Nea] WG Review: Network Endpoint Assessment (nea)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




The reason we left it open is to allow the working group to spend more
> time exploring the range of use cases in this area to better determine
> requirements and applicability. For example, it may be useful to
> classify endpoints as network-managed versus user-managed versus
> 3rd-party managed. A user-managed endpoint may want the > choice to opt in
> or opt out, say.
>
Not only do I not see anything in the charter or milestones that
indicates that the WG is going to spend time exploring this, I strongly
believe this WG should not be spending any time looking at this. The
trust models for the cases where the devices are not owned by the
organization performing NEA are hugely different and can take up its own
WG to actually find something that applies there, if at all. For one,
this could be considered a violation of privacy by the user of the
device. Secondly, the end user's perspective of attacks may be entirely
different from the organization's perspective in this case. Third, I
simply can't see what the organization's interests would be in
protecting a device that doesn't even belong to it. Last but not the
least, this requires the endpoint to be running an NEA client (that is
interoperable with the NEA server of the organization) - which in itself
is often an unrealistic requirement.
Many universities require their students to buy their own laptops, but prohibit certain types of activity from those laptops (like spamming, DDOS-attacks and the like). They would love to have the ability to run some kind of NEA procedure to ensure that laptops are reasonably virus-free and free from known vulnerabilities, and are important enough in their students' lives that they can probably enforce it without a complaint about "violation of privacy".

Just pointing out that there's one use case with user-managed endpoints where NEA is not obviously a bad idea.

                   Harald


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]