-------- Original Message --------
All,
This charter is definitely clearer on some of the points that were
discussed based on the last version, but a couple of things still remain
to be clarified. Based on several discussions that we've had lately, I
have two suggestions for further clarity:
1. Let's add the text suggested by Harald and Lakshminath (there seemed
to be agreement on this text on the list). Quoting the change proposed:
Replace:
"NEA can be limited in its applicability when the endpoint and the
organization providing network access are owned by different parties."
with
"NEA is applicable to computing environments of enterprises where
endpoints accessing the enterprise's network are owned and/or expected
to conform to the policies set forth by the organization that owns and
operates the network.
That seems overbroad, in particular because a laptop that connects to
multiple networks cannot in general be expected to adhere to conflicting
policies of the networks to which it connects.
As far as I can tell, this is the crux of the problem with NEA - that in
general it's simply unreasonable for a network to demand that every host
that connect to it conform to arbitrary policies for configuration of
those hosts. IETF should not be standardizing unreasonable
expectations. And even if the behavior is in some limited set of
circumstances reasonable (which is debatable), IMHO IETF should hesitate
to define standards for corner cases.
(I do sympathize with the notion that the biggest threats to an
enterprise network are from the hosts that connect directly to it, and
so it makes sense to concentrate efforts for protecting the network at
the points where those hosts attach to the network)
The other problem I have with this charter is one that I have with many
charters these days - it presupposes a particular design or architecture
before the working group has actually met, when this should be an
engineering decision taken by the consensus of the working group AFTER
analysis of the problem space.
Keith
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf