At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
<snip>
Noting the scenarios above, I claim that NEA-like functionality has
proved useful already in protecting "the computing environment of an
enterprise". I have not seen compelling evidence that it has any use
in "the layer 3 infrastructure used to carry customer traffic at an ISP".
But I think that's beside the point - the use cases for which we
know that NEA may be useful are already compelling enough that we
should stop debating whether or not to charter the group and get on
with the work.
It seems that there are a number of people believing that NEA might
be useful in Enterprise networks where the network and the endpoints
attaching to the network are owned and "controlled" by the same
entity. I know your words are "proved" useful; but perhaps we might
agree that it's an arms race, so to speak. Note that the notion of
"proved" useful is unlike the type of guarantees we are used to in
the Security area.
The charter currently says in part "There is an open issue with
respect to NEA applicability in deployment scenarios where the
endpoint is owned by a party that is different from the organization
providing network access."
That is ambiguous. I suggested adding the following applicability
statement before:
"NEA is applicable to networks where endpoints accessing the network
are owned and tightly controlled by the organization that owns and
operates the network. In all other cases, NEA and associated
procedures and protocols are ineffective."
That also seems ambiguous as per the recent discussions, so I propose
the following revision, based on your words Harald:
"NEA is applicable to computing environments of enterprises where
endpoints accessing the enterprise's network are owned and/or
expected to conform to the policies set forth by the organization
that owns and operates the network. In all other cases, NEA and
associated procedures and protocols are ineffective."
Let us make that change so it is clear to everyone as to what NEA
might and might not do.
Lakshminath
My opinion.
Harald
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf