Keith Moore <moore@xxxxxxxxxx> wrote:
That seems overbroad, in particular because a laptop that connects to
multiple networks cannot in general be expected to adhere to conflicting
policies of the networks to which it connects.
Exactly. That's why there are provisions for non-conforming
systems. Network access can be denied entirely, or limited to the
public (and unprotected) network. However, 99% of systems don't move
networks, so those systems don't have a problem conforming to the
local requirements.
do you have actual statistics to back that up? are 99% of hosts
produced servers or desktops rather than laptops? and how are you
defining a host, anyway? sorry, it just looks like a number picked out
of thin air.
even if the 99% figure is true today, will it be true in general in the
future? personally I think that desktops as we know them are dinosaurs.
they are too much of a security threat, too expensive to maintain,
offer more flexibility than is needed, and are becoming a vector by
which extortionist licensing fees can be extracted from owners. and the
trend seems to be toward more and more mobile devices and special
purpose devices. standards take a long time to produce and need to last
a long time, so it make sense to define them in such a way as to be
likely to continue to be useful for the foreseeable future.
As far as I can tell, this is the crux of the problem with NEA - that in
general it's simply unreasonable for a network to demand that every host
that connect to it conform to arbitrary policies for configuration of
those hosts.
I'm not sure how to take this. It's unreasonable... OK, why?
because the very nature of a personal computer is one in which every
machine is customizable to suit the needs of the individual user. if
the network takes away that flexibility, it also obviates the need for a
user-programmable personal computer. there are better (more reliable,
more secure, more effective, cheaper) ways of providing a set of
functions at a user terminal than to give everyone user-programmable
machines and then have the network insist that they all have a rigidly
controlled configuration...and the only way to really get security out
of PCs is to rigidly control their configurations.
and furthermore if PCs continue to be user-programmable then it becomes
possible to make NEA meaningless. (though the protocol could make it
difficult for a host to forge assertions about itself by having the host
sign the assertions with a key signed by the NEA software vendor, it
would take some significant cleverness to prevent that key from being
exposed to an attacker on that host, particularly one with physical
access to the host).
NEA isn't about knowing "who" is on your network in the sense of
determining identity, it's about being able to delve into arbitrary
details of host configuration.
The other problem I have with this charter is one that I have with many
charters these days - it presupposes a particular design or architecture
before the working group has actually met, when this should be an
engineering decision taken by the consensus of the working group AFTER
analysis of the problem space.
I think it presupposes a particular problem, not an architecture.
The problem is:
a) knowing who is on my network
b) controlling who is on my network
c) controlling the behavior of the hosts on my network.
If any of those problems are unreasonable to solve, then I would be
*very* confused.
The proposed NEA architecture derives directly from that problem
statement.
to me it seems to presuppose much more than that, by naming the kinds of
actors and their roles.
Keith
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf