Jeff - ----- Original Message ----- From: "Jeffrey Hutzelman" <jhutz@xxxxxxx> To: "todd glassey" <tglassey@xxxxxxxxxxxxx>; "Narayanan, Vidya" <vidyan@xxxxxxxxxxxx>; <iesg@xxxxxxxx>; <ietf@xxxxxxxx> Cc: <nea@xxxxxxxx>; "Jeffrey Hutzelman" <jhutz@xxxxxxx> Sent: Monday, October 09, 2006 1:48 PM Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea) > > > > Ah two new terms of Art - "Posture" and "Devices". > > I only see one. I believe "device" is a fairly well-understood term, > though perhaps "node" would have been more appropriate in this context. > > However, I completely agree that this proposed charter uses the term > "posture" far too often not to define it. I fail to see how whether my > computer is sitting upright or lying on its side is relevant to whether it > should be allowed access to the network. > > -- Jeff OK Devices is really well defined in both a technical and legal sense per the Device based Frauds Act - the little brother of the CFAA. But in this instance I wanted to bring out the use of the misnomer "Posture" relative to a Device. The Device is what it is. The Posture is clearly a term for Operating Policy which includes change management, security/integrity proofing, and the general state-response policies that make up the controls and processes for the Entity in question. The problem we both saw was the indiscriminant use of the term Posture to define a group of policies which were specific to a number of things that the Charter was trying to lay claim to. I don't necessarily think the NEA is a bad idea - but its about auditing and so it needs to be crafted as an audit tool and use audit speak in the process IMHO. Todd Glassey _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf