Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-------- Original Message --------


All,

This charter is definitely clearer on some of the points that were
discussed based on the last version, but a couple of things still remain
to be clarified. Based on several discussions that we've had lately, I
have two suggestions for further clarity: 
1. Let's add the text suggested by Harald and Lakshminath (there seemed
to be agreement on this text on the list). Quoting the change proposed: 
Replace:

"NEA can be limited in its applicability when the endpoint and the
organization providing network access are owned by different parties."

with

"NEA is applicable to computing environments of enterprises where
endpoints accessing the enterprise's network are owned and/or expected
to conform to the policies set forth by the organization that owns and
operates the network.
That seems overbroad, in particular because a laptop that connects to multiple networks cannot in general be expected to adhere to conflicting policies of the networks to which it connects.
As far as I can tell, this is the crux of the problem with NEA - that in general it's simply unreasonable for a network to demand that every host that connect to it conform to arbitrary policies for configuration of those hosts. IETF should not be standardizing unreasonable expectations. And even if the behavior is in some limited set of circumstances reasonable (which is debatable), IMHO IETF should hesitate to define standards for corner cases.
(I do sympathize with the notion that the biggest threats to an enterprise network are from the hosts that connect directly to it, and so it makes sense to concentrate efforts for protecting the network at the points where those hosts attach to the network)
The other problem I have with this charter is one that I have with many charters these days - it presupposes a particular design or architecture before the working group has actually met, when this should be an engineering decision taken by the consensus of the working group AFTER analysis of the problem space. 

Keith


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]