> Whether a company manageing a network demands that all hosts meet a > specific policy is a local policy issue and the charter specifically > addresses this concern: > > "An organization may make a range of policy decisions based on the > posture of an endpoint. NEA is not intended to be prescriptive in > this regard. "
what the WG charter says and how the WG output is used are different things. IMHO we need to consider the potential unintended consequences of our efforts in IETF, not just what we intend.
Keith, I have two big problems with this position. First of all, I have grave doubts our crystal ball is up to the task of forseeing all unintended consequences of the protocol we develope. So while I think some consideration of consequences is OK, we also need to keep in mind that we collectively pretty much suck at predicting the future. Second, consequences don't just attach to the roads we take, they also attach to the roads not taken. When we say "no" to something it often ends up being done in an ad hoc way that can potentially be far more damaging to the network than had we created a standard with the proper security mechanisms, applicability statements, and so on. I also think NEA is a good example of something that will cause a lot less problems if we do it right than if it is done in a bad and proprietary way. I started hearing talk about implementating NEA-like mechanisms at several large sites long before I ever heard of NEA. I therefroe believe that mechanisms to do this are going to be developed and deployed no matter what the IETF does. The only question is whether or not we're going to have a say in what gets done. I really don't want to see a situation arise where I can't use, say, my Linux laptop somwhere because the necessary secret handshake is some proprietary glop that only Windoze boxes can do. Ned _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf