Lakshminath Dondeti wrote:
At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
<snip>
Noting the scenarios above, I claim that NEA-like functionality has
proved useful already in protecting "the computing environment of an
enterprise". I have not seen compelling evidence that it has any use
in "the layer 3 infrastructure used to carry customer traffic at an
ISP".
But I think that's beside the point - the use cases for which we know
that NEA may be useful are already compelling enough that we should
stop debating whether or not to charter the group and get on with the
work.
It seems that there are a number of people believing that NEA might be
useful in Enterprise networks where the network and the endpoints
attaching to the network are owned and "controlled" by the same
entity. I know your words are "proved" useful; but perhaps we might
agree that it's an arms race, so to speak. Note that the notion of
"proved" useful is unlike the type of guarantees we are used to in the
Security area.
The charter currently says in part "There is an open issue with
respect to NEA applicability in deployment scenarios where the
endpoint is owned by a party that is different from the organization
providing network access."
That is ambiguous. I suggested adding the following applicability
statement before:
"NEA is applicable to networks where endpoints accessing the network
are owned and tightly controlled by the organization that owns and
operates the network. In all other cases, NEA and associated
procedures and protocols are ineffective."
That also seems ambiguous as per the recent discussions, so I propose
the following revision, based on your words Harald:
"NEA is applicable to computing environments of enterprises where
endpoints accessing the enterprise's network are owned and/or expected
to conform to the policies set forth by the organization that owns and
operates the network. In all other cases, NEA and associated
procedures and protocols are ineffective."
Let us make that change so it is clear to everyone as to what NEA
might and might not do.
I don't think we have any proof that this statement is true. I can think
of scenarios where NEA would be useful, but they depend on various
circumstances that either would be very specialized or require a great
deal of faith in order to believe they would happen.
I suggest:
"All other cases are outside the scope of the NEA charter, since we do
not know that NEA would be useful in such cases."
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf