Keith Moore moore@cs.utk.edu wrote:
I don't think it's a good analogy because modem pools are very
special-purpose devices, whereas a host can potentially do anything that
needs to communicate with something else. For that matter, RADIUS
doesn't have the intent of preventing some kinds of
Mike Fratto [EMAIL PROTECTED] wrote:
At a very high level, this isn't much different than RADIUS, which
defines the data formats and protocols between a network access device
such as modem pool and the RADIUS server. Vendor specific attributes
are supported and the standards don't attempt to
Keith Moore moore@cs.utk.edu wrote:
do you have actual statistics to back that up?
It's not meant to be an exact number, but it's pretty close to being
correct, in my experience.
there are better (more reliable, more secure, more effective,
cheaper) ways of providing a set of functions at a
Keith Moore moore@cs.utk.edu wrote:
That seems overbroad, in particular because a laptop that connects to
multiple networks cannot in general be expected to adhere to conflicting
policies of the networks to which it connects.
Exactly. That's why there are provisions for non-conforming
All,
This charter is definitely clearer on some of the points that were
discussed based on the last version, but a couple of things still remain
to be clarified. Based on several discussions that we've had lately, I
have two suggestions for further clarity:
1. Let's add the text suggested by
Original Message
All,
This charter is definitely clearer on some of the points that were
discussed based on the last version, but a couple of things still remain
to be clarified. Based on several discussions that we've had lately, I
have two suggestions for further clarity:
From: Keith Moore [mailto:[EMAIL PROTECTED]
As far as I can tell, this is the crux of the problem with
NEA - that in general it's simply unreasonable for a network
to demand that every host that connect to it conform to
arbitrary policies for configuration of those hosts. IETF
should
My network, my rules. If you don't like them go to the nearest Panera and use
their free WiFi.
If you want to connect to my network, my rules apply. That's not arbitrary,
that's my right and my choice.
perhaps. but I don't see why the IETF should provide tools to help you
impose those
As far as I can tell, this is the crux of the problem with
NEA - that in general it's simply unreasonable for a network
to demand that every host that connect to it conform to
arbitrary policies for configuration of those hosts. IETF
should not be standardizing unreasonable expectations. And
From: Keith Moore [mailto:[EMAIL PROTECTED]
that's my understanding also. but nothing you said here
contradicts my statement. if connection of the host to the
network is predicated on having the host conform to whatever
arbitrary policy the network wishes to impose on how the host
From: Keith Moore [mailto:[EMAIL PROTECTED]
My network, my rules. If you don't like them go to the
nearest Panera and use their free WiFi.
If you want to connect to my network, my rules apply.
That's not arbitrary, that's my right and my choice.
perhaps. but I don't see why the
Hallam-Baker, Phillip wrote:
The best way to stop such nonsense is to recognize what every mainstream
security specialist working in the field recognized long ago - there is a
difference between the network and the inter-network and connection to either
is a privilege that should only be
From: Marcus Leech [mailto:[EMAIL PROTECTED]
I think the problem that Keith is talking about is the
problem of unreasonable policies, which will instantly create
a criminal subculture in any networks that have such
unreasonable policies.
The people talking about NEA are generally
Hi Vidya
Inline ...
-Original Message-
From: Narayanan, Vidya [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 24, 2006 2:15 AM
To: iesg@ietf.org; ietf@ietf.org
Cc: [EMAIL PROTECTED]
Subject: RE: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea)
All
My network, my rules. If you don't like them go to the
nearest Panera and use their free WiFi.
If you want to connect to my network, my rules apply.
That's not arbitrary, that's my right and my choice.
perhaps. but I don't see why the IETF should provide tools
to help you impose those rules
Hallam-Baker, Phillip wrote:
Trying to enforce that a Turing-complete machine have
capabilities no greater than X might seem to an IT senior manager
to be a really good idea, but in practical terms, it can't
be done.
Of course it can.
Simply put a trustworthy computing partition
Whether a company manageing a network demands that all hosts meet a
specific policy is a local policy issue and the charter specifically
addresses this concern:
An organization may make a range of policy decisions based on the
posture of an endpoint. NEA is not intended to be prescriptive in
From: Keith Moore [mailto:[EMAIL PROTECTED]
Because the architecture you propose is failed and unworkable.
I didn't propose anything resembling an architecture. and
the proposal at hand is an anti-architecture - it's something
that destroys the possibility of a unifying theme.
So you
: [EMAIL PROTECTED]
Subject: RE: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea)
All,
This charter is definitely clearer on some of the points that were
discussed based on the last version, but a couple of things
still remain
to be clarified. Based on several discussions
Keith Moore writes...
what the WG charter says and how the WG output is used are
different things. IMHO we need to consider the potential
unintended consequences of our efforts in IETF, not just what
we intend. network operators do not limit their use of
technology to what we write in
Keith Moore moore@cs.utk.edu wrote:
That seems overbroad, in particular because a laptop that connects to
multiple networks cannot in general be expected to adhere to conflicting
policies of the networks to which it connects.
Exactly. That's why there are provisions for non-conforming
Hallam-Baker, Phillip wrote:
From: Keith Moore [mailto:[EMAIL PROTECTED]
that's my understanding also. but nothing you said here
contradicts my statement. if connection of the host to the
network is predicated on having the host conform to whatever
arbitrary policy the network wishes to
what the WG charter says and how the WG output is used are
different things. IMHO we need to consider the potential
unintended consequences of our efforts in IETF, not just what
we intend. network operators do not limit their use of
technology to what we write in applicability statements.
: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea)
All,
This charter is definitely clearer on some of the points that
were discussed based on the last version, but a couple of
things still remain to be clarified. Based on several
discussions
-Original Message-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 24, 2006 10:28 AM
To: Susan Thomson (sethomso)
Cc: Narayanan, Vidya; [EMAIL PROTECTED]; iesg@ietf.org; ietf@ietf.org
Subject: Re: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea
I don't see how NEA is such a big philosophical change from existing
RADIUS practices.
perhaps not, but I don't see how past mistakes are a justification for
future ones.
Keith
___
Ietf mailing list
Ietf@ietf.org
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 24, 2006 11:29 AM
To: Keith Moore
Cc: [EMAIL PROTECTED]; iesg@ietf.org; ietf@ietf.org
Subject: Re: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea)
Keith Moore moore@cs.utk.edu
Whether a company manageing a network demands that all hosts meet a
specific policy is a local policy issue and the charter specifically
addresses this concern:
An organization may make a range of policy decisions based on the
posture of an endpoint. NEA is not intended to be prescriptive
what the WG charter says and how the WG output is used are
different things. IMHO we need to consider the potential
unintended consequences of our efforts in IETF, not just what we
intend.
Keith, I have two big problems with this position.
First of all, I have grave doubts our crystal ball is
29 matches
Mail list logo
