Re: [Nea] Re: WG Review: Network Endpoint Assessment (nea)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lakshminath Dondeti wrote:
At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
<snip>
Noting the scenarios above, I claim that NEA-like functionality has proved useful already in protecting "the computing environment of an enterprise". I have not seen compelling evidence that it has any use in "the layer 3 infrastructure used to carry customer traffic at an ISP".

But I think that's beside the point - the use cases for which we know that NEA may be useful are already compelling enough that we should stop debating whether or not to charter the group and get on with the work.

It seems that there are a number of people believing that NEA might be useful in Enterprise networks where the network and the endpoints attaching to the network are owned and "controlled" by the same entity. I know your words are "proved" useful; but perhaps we might agree that it's an arms race, so to speak. Note that the notion of "proved" useful is unlike the type of guarantees we are used to in the Security area.

The charter currently says in part "There is an open issue with respect to NEA applicability in deployment scenarios where the endpoint is owned by a party that is different from the organization providing network access."

That is ambiguous. I suggested adding the following applicability statement before:

"NEA is applicable to networks where endpoints accessing the network are owned and tightly controlled by the organization that owns and operates the network. In all other cases, NEA and associated procedures and protocols are ineffective."

That also seems ambiguous as per the recent discussions, so I propose the following revision, based on your words Harald:

"NEA is applicable to computing environments of enterprises where endpoints accessing the enterprise's network are owned and/or expected to conform to the policies set forth by the organization that owns and operates the network. In all other cases, NEA and associated procedures and protocols are ineffective."

Let us make that change so it is clear to everyone as to what NEA might and might not do.
I don't think we have any proof that this statement is true. I can think of scenarios where NEA would be useful, but they depend on various circumstances that either would be very specialized or require a great deal of faith in order to believe they would happen.

I suggest:

"All other cases are outside the scope of the NEA charter, since we do not know that NEA would be useful in such cases."


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]