Sam, > -----Original Message----- > From: Sam Hartman [mailto:hartmans-ietf@xxxxxxx] > Sent: Friday, October 13, 2006 12:43 PM > To: Frank Yeh Jr > Cc: Hardie, Ted; nea@xxxxxxxx; ietf@xxxxxxxx > Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea) > > >>>>> "Frank" == Frank Yeh <fyeh@xxxxxxxxxx> writes: > > Frank> Standardized VS vendor-specific attributes is not > something that needs to be > Frank> solved today. Solutions can start with > vendor-specific and migrate toward a > Frank> standard, if one develops, without changing the > protocol. The specification > Frank> should not preclude the addition of standardized > attributes. IE the > Frank> specification is like an alphabet, attributes are > like vocabulary. You can add > Frank> new words without changing the letters. > > > One of the things coming out of the most recent BOF was a > strong desire for PA-level interoperability. That can be > accomplished through standardized attributes or > vendor-specific attributes that are sufficiently well > documented (and not subject to patents) that third parties > can implement collectors or analysis tools that interoperate > with the vendor tools for the vendor attributes. > > Will we be able to meet these interoperability goals? Why or why not? > I am very apprehensive of achieving any meaningful PA-level interoperability. I am not sure what minimum set of PA attributes will be standardized, but, whatever that set is, I doubt will be sufficient to provide any acceptable level of security, even for the endpoints. Even assuming ongoing standardization of vendor specific attributes, it is not totally realistic to assume that all applications will support the appropriate attributes. The rate of standardization is also very likely to be much slower than the rate of the growth in the number of attributes needed for any continued meaningful protection. Regards, Vidya _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf