Russ - I agree that something like a global NEA is necessary - just not that a new protocol is necessary to implement it. So let me ask... So then why not pass a new configuration mode model with SNMP - the point is that while the idea of some agent that could actually collect these separate logs and service records from the various 'aspects of compliance' built into the operating models of the system in question, is no new one. Tripwire's does this already. COPS and FREMONT can be made to with CRON and their configuration files. SNORT, AIDE, Heck they can even use SysLogNG as the transport for their log data which might also make sense as an addition... Or SCP/SFTP if they wanted to. The point is that while NEA is a good collective idea at the altitude the idea was hatched at, there are already things that do the NEA component functions today, and that can be aggregated together into a homogeneous utility environment without redesigning the wheel again. I don't dispute that the end goal of what the Creator's of the NEA idea wanted to accomplish is not good. It is clearly. But the issue is whether its necessary to have in the form they have proposed so far when other very similar and more widely deployed transports exist for the Inter-Nodal Communications Model that NEA purports to want to create. Again - SNMP and Syslog/SysLogNG can do allot of this already. Why not just add an Node-Integrity Reporting Process to either of them. From an Audit Perspective this would be a powerful addition to the SysLog protocols since it would better anchor them Just my 35c. Todd Glassey ----- Original Message ----- From: "Russ Housley" <housley@xxxxxxxxxxxx> To: "Narayanan, Vidya" <vidyan@xxxxxxxxxxxx> Cc: <nea@xxxxxxxx>; <iesg@xxxxxxxx>; <ietf@xxxxxxxx> Sent: Wednesday, October 11, 2006 7:18 AM Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea) > Vidya: > > >I'm not sure that the charter actually needs to get into the modes at > >all - I'm guessing what happens after NEA (i.e., what is done with the > >results from NEA) has zero impact on any work being done in NEA itself. > >So, why not simply state something like "Once NEA is conducted on an > >endpoint, the results may be used by an organization in accordance with > >any policies of the organization itself."? > > Discussions with the IAB and IESG prior to external review lead to > the addition of the modes discussion. The point is that some > networks will demand compliance to grant full access, and other > networks will simply notify that host that they are not in > compliance. A host my not want to change the configuration to gain > compliance. That is acceptable in the second case, but not the first. > > Russ > > > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf