Harald Alvestrand wrote: <SNIP> >> Posture checking is certainly a leaky bucket. It doesn't >> protect all kinds of endpoint, it doesn't protect the >> endpoints against all kinds of threats, and it doesn't >> protect much of anything against a smart, resourceful >> attacker who is deeply familiar with the NEA system in use >> and is interested in investing considerable resources in >> attacking or circumventing it. NEA itself may not offer any protection, it is more an informational tool from my perspective. How that information may be used could lead to some protection but that would vary with each deployment. >> But (to recycle a very old simile) the fact that I can open >> the locks of most doors with a crowbar doesn't mean that locks are >> not useful. Organizations that have deployed products that do >> something like what NEA is talking about have reported that their >> TCO is reduced. In these days of information overload I still maintain, the more information available the better it is. Darryl (Dassa) Lynch _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf