Hi Susan, > -----Original Message----- > From: Susan Thomson (sethomso) [mailto:sethomso@xxxxxxxxx] > Sent: Sunday, October 08, 2006 3:27 PM > To: Narayanan, Vidya > Cc: nea@xxxxxxxx; iesg@xxxxxxxx; ietf@xxxxxxxx > Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea) > > > Hi Vidya > > Inline ... > > <snip> > > > > How about adding this text - "It should be noted that the > networks at > > large are exposed to attacks from lying endpoints and external > > entities attaching to the networks as well as any problems arising > > from unknown vulnerabilities on NEA compliant endpoints. Hence, NEA > > must not be considered a protection mechanism for networks. > Further, > > mechanisms needed to protect the network from all kinds of > > vulnerabilities are expected to be a superset of any > protection that > > may be achieved by employing NEA"? > > > > It seems to me that this better belongs in a security > considerations section of the NEA spec, especially given > where we are in the review cycle and the amount of time spent > on this specific section already. > No, this text definitely needs to be on the charter. From the number of discussions even at this stage, it is clear that the charter lacks the clarity in this space. This is not text about a particular draft in NEA - it is about the scope of the WG. <snip> > > That is not necessarily putting any requirements in the > choice of the > > mandatory to implement protocol itself, as I see it. I believe that > > stating something like "The mandatory to implement PT > protocol must be > > generic enough to allow the execution of the NEA procedure without > > forcing the need to re-execute network access procedures". > > > > I think protocol requirements belong in the requirements I-D. > The charter text elsewhere does get into performing NEA procedures at network access. Perhaps that could be removed from the charter too? If the charter only specified that the PT protocol was out of scope and left out any text about the timing of execution of the PT protcol w.r.t. network access, that would be fine. > <snip> > > Not only do I not see anything in the charter or milestones that > > indicates that the WG is going to spend time exploring this, I > > strongly believe this WG should not be spending any time looking at > > this. The trust models for the cases where the devices are > not owned > > by the organization performing NEA are hugely different and > can take > > up its own WG to actually find something that applies there, if at > > all. For one, this could be considered a violation of > privacy by the > > user of the device. Secondly, the end user's perspective of attacks > > may be entirely different from the organization's > perspective in this > > case. Third, I simply can't see what the organization's interests > > would be in protecting a device that doesn't even belong to > it. Last > > but not the least, this requires the endpoint to be running an NEA > > client (that is interoperable with the NEA server of the > organization) > > - which in itself is often an unrealistic requirement. > > > > Organizations that provide services in their networks to > end users are > > worried about protecting their resources (i.e., networks, servers, > > etc.). As we have agreed, NEA does not protect such > resources anyway. > > Plus, there is absolutely no reason such organizations > should believe > > that devices they don't own are in fact, truthful endpoints. > > > > So, thinking that this WG must be looking into resolving this seems > > flawed at several levels. In the interest of having a > focused WG that > > can get something useful accomplished, this does not make sense. > > > No argument with your gist here. The point I was trying to > make is that I think applicability may not be quite as "black > and white" as your original text suggests, and it would be > better if the applicability and security considerations > associated with NEA be addressed in the WG and specified in > the appropriate NEA documents. > This again is not necessarily a document-specific issue. It applies in general to anything that will be produced by this WG. > The charter could express itself better in this regard. If > the last sentence was replaced with something like: "NEA can > be limited in its applicability when the endpoint and the > organization providing network access are owned by different > parties. NEA applicability and security considerations will > be described in the appropriate NEA documents." > Would this work? > Why would the charter not be limited to producing solutions that may be relevant to the case where the organization owns the end devices? As long as we agree that NEA is not intending to protect the network and is only meant to protect endpoints, keeping the scope to this would allow for more focussed and useful work. To that effect, here is some modified text: "NEA can be limited in its applicability when the endpoint and the organization providing network access are owned by different parties. The resources and threat models in these cases can be vastly different and such cases are outside the scope of this WG. NEA applicability and security considerations will also be described in the appropriate NEA documents." Vidya _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf