Keith Moore moore@cs.utk.edu wrote:
I don't think it's a good analogy because modem pools are very
special-purpose devices, whereas a host can potentially do anything that
needs to communicate with something else. For that matter, RADIUS
doesn't have the intent of preventing some kinds of
Mike Fratto [EMAIL PROTECTED] wrote:
At a very high level, this isn't much different than RADIUS, which
defines the data formats and protocols between a network access device
such as modem pool and the RADIUS server. Vendor specific attributes
are supported and the standards don't attempt to
Keith Moore moore@cs.utk.edu wrote:
do you have actual statistics to back that up?
It's not meant to be an exact number, but it's pretty close to being
correct, in my experience.
there are better (more reliable, more secure, more effective,
cheaper) ways of providing a set of functions at a
Keith Moore moore@cs.utk.edu wrote:
That seems overbroad, in particular because a laptop that connects to
multiple networks cannot in general be expected to adhere to conflicting
policies of the networks to which it connects.
Exactly. That's why there are provisions for non-conforming
PROTECTED]
Subject: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)
A new IETF working group has been proposed in the Security Area.
The IESG has not made any determination as yet. The following
UPDATED draft charter was submitted, and is provided for
informational purposes only
Original Message
All,
This charter is definitely clearer on some of the points that were
discussed based on the last version, but a couple of things still remain
to be clarified. Based on several discussions that we've had lately, I
have two suggestions for further clarity:
From: Keith Moore [mailto:[EMAIL PROTECTED]
As far as I can tell, this is the crux of the problem with
NEA - that in general it's simply unreasonable for a network
to demand that every host that connect to it conform to
arbitrary policies for configuration of those hosts. IETF
should
My network, my rules. If you don't like them go to the nearest Panera and use
their free WiFi.
If you want to connect to my network, my rules apply. That's not arbitrary,
that's my right and my choice.
perhaps. but I don't see why the IETF should provide tools to help you
impose those
As far as I can tell, this is the crux of the problem with
NEA - that in general it's simply unreasonable for a network
to demand that every host that connect to it conform to
arbitrary policies for configuration of those hosts. IETF
should not be standardizing unreasonable expectations. And
From: Keith Moore [mailto:[EMAIL PROTECTED]
that's my understanding also. but nothing you said here
contradicts my statement. if connection of the host to the
network is predicated on having the host conform to whatever
arbitrary policy the network wishes to impose on how the host
From: Keith Moore [mailto:[EMAIL PROTECTED]
My network, my rules. If you don't like them go to the
nearest Panera and use their free WiFi.
If you want to connect to my network, my rules apply.
That's not arbitrary, that's my right and my choice.
perhaps. but I don't see why the
Hallam-Baker, Phillip wrote:
The best way to stop such nonsense is to recognize what every mainstream
security specialist working in the field recognized long ago - there is a
difference between the network and the inter-network and connection to either
is a privilege that should only be
From: Marcus Leech [mailto:[EMAIL PROTECTED]
I think the problem that Keith is talking about is the
problem of unreasonable policies, which will instantly create
a criminal subculture in any networks that have such
unreasonable policies.
The people talking about NEA are generally
Hi Vidya
Inline ...
-Original Message-
From: Narayanan, Vidya [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 24, 2006 2:15 AM
To: iesg@ietf.org; ietf@ietf.org
Cc: [EMAIL PROTECTED]
Subject: RE: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea)
All
My network, my rules. If you don't like them go to the
nearest Panera and use their free WiFi.
If you want to connect to my network, my rules apply.
That's not arbitrary, that's my right and my choice.
perhaps. but I don't see why the IETF should provide tools
to help you impose those rules
Hallam-Baker, Phillip wrote:
Trying to enforce that a Turing-complete machine have
capabilities no greater than X might seem to an IT senior manager
to be a really good idea, but in practical terms, it can't
be done.
Of course it can.
Simply put a trustworthy computing partition
Whether a company manageing a network demands that all hosts meet a
specific policy is a local policy issue and the charter specifically
addresses this concern:
An organization may make a range of policy decisions based on the
posture of an endpoint. NEA is not intended to be prescriptive in
From: Keith Moore [mailto:[EMAIL PROTECTED]
Because the architecture you propose is failed and unworkable.
I didn't propose anything resembling an architecture. and
the proposal at hand is an anti-architecture - it's something
that destroys the possibility of a unifying theme.
So you
: [EMAIL PROTECTED]
Subject: RE: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea)
All,
This charter is definitely clearer on some of the points that were
discussed based on the last version, but a couple of things
still remain
to be clarified. Based on several discussions
Keith Moore writes...
what the WG charter says and how the WG output is used are
different things. IMHO we need to consider the potential
unintended consequences of our efforts in IETF, not just what
we intend. network operators do not limit their use of
technology to what we write in
Keith Moore moore@cs.utk.edu wrote:
That seems overbroad, in particular because a laptop that connects to
multiple networks cannot in general be expected to adhere to conflicting
policies of the networks to which it connects.
Exactly. That's why there are provisions for non-conforming
Hallam-Baker, Phillip wrote:
From: Keith Moore [mailto:[EMAIL PROTECTED]
that's my understanding also. but nothing you said here
contradicts my statement. if connection of the host to the
network is predicated on having the host conform to whatever
arbitrary policy the network wishes to
what the WG charter says and how the WG output is used are
different things. IMHO we need to consider the potential
unintended consequences of our efforts in IETF, not just what
we intend. network operators do not limit their use of
technology to what we write in applicability statements.
: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea)
All,
This charter is definitely clearer on some of the points that
were discussed based on the last version, but a couple of
things still remain to be clarified. Based on several
discussions
-Original Message-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 24, 2006 10:28 AM
To: Susan Thomson (sethomso)
Cc: Narayanan, Vidya; [EMAIL PROTECTED]; iesg@ietf.org; ietf@ietf.org
Subject: Re: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea
I don't see how NEA is such a big philosophical change from existing
RADIUS practices.
perhaps not, but I don't see how past mistakes are a justification for
future ones.
Keith
___
Ietf mailing list
Ietf@ietf.org
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 24, 2006 11:29 AM
To: Keith Moore
Cc: [EMAIL PROTECTED]; iesg@ietf.org; ietf@ietf.org
Subject: Re: [Nea] UPDATED: WG Review: Network Endpoint
Assessment (nea)
Keith Moore moore@cs.utk.edu
Whether a company manageing a network demands that all hosts meet a
specific policy is a local policy issue and the charter specifically
addresses this concern:
An organization may make a range of policy decisions based on the
posture of an endpoint. NEA is not intended to be prescriptive
what the WG charter says and how the WG output is used are
different things. IMHO we need to consider the potential
unintended consequences of our efforts in IETF, not just what we
intend.
Keith, I have two big problems with this position.
First of all, I have grave doubts our crystal ball is
Douglas Otis [EMAIL PROTECTED] wrote:
It seems impractical to specify system requirements or expect a
suitable examination be done realtime prior to obtaining access.
Maybe you're saying that a complete systems check would take too
long. That is true, but that isn't how the NEA variants
Ted Hardie wrote:
For the charter discussions, I want to know whether it will
be an aim of the working group to standardize:
* a way of carrying this information
* the structure of this information (but not its content)
* a standard representation of the content, so that access to the
vendor
Lets not forget that when (not if) NEA/NAP/NAC is deployed the IDSen
people have deployed today to
solve the lying-client-problem by scanning for common/current
vulnerabilities as part of the network admission
process will have to interface with PDPs part of a NEA intfrastructure.
Could
Noting the scenarios above, I claim that NEA-like functionality has
proved useful already in protecting the computing environment of an
enterprise. I have not seen compelling evidence that it has any use in
the layer 3 infrastructure used to carry customer traffic at an ISP.
But I think that's
Sam Hartman wrote:
One of the things coming out of the most recent BOF was a
strong desire for PA-level interoperability. That can be
accomplished through standardized attributes or
vendor-specific attributes that are sufficiently well
documented (and not subject to patents) that third
Narayanan, Vidya wrote:
Harald,
This seems to be missing the point. I think there is a general sense
that NEA could be helpful for some level of protection to complying
endpoints in an enterprise scenario, which is exactly what you have
described below. The disagreement seems to be on the topics
@ietf.org
Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea)
Sam,
-Original Message-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Friday, October 13, 2006 12:43 PM
To: Frank Yeh Jr
Cc: Hardie, Ted; [EMAIL PROTECTED]; ietf@ietf.org
Subject: Re: [Nea] WG Review
At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
snip
Noting the scenarios above, I claim that NEA-like functionality has
proved useful already in protecting the computing environment of an
enterprise. I have not seen compelling evidence that it has any use
in
At 12:00 AM 10/17/2006, Khosravi, Hormuzd M wrote:
Sam,
I believe if we move 'quickly' in this WG we will be able to meet
interoperability goals to certain extent atleast. The bottom-line is
this technology is already being deployed by different vendors in
academia and enterprises. The question
Lakshminath Dondeti wrote:
At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
snip
Noting the scenarios above, I claim that NEA-like functionality has
proved useful already in protecting the computing environment of an
enterprise. I have not seen compelling
At 12:29 AM 10/17/2006, Harald Alvestrand wrote:
Lakshminath Dondeti wrote:
At 11:06 PM 10/16/2006, Harald Alvestrand wrote:
Narayanan, Vidya wrote:
Harald,
snip
snip
NEA is applicable to computing environments of enterprises where
endpoints accessing the enterprise's network are owned
Ted,
As I understand your concerns expressed below, you are concerned
that standardizing attributes for NEA would be redundant and
pointless: redundant because vendor-specific attributes will
cover the same information in more detail and pointless because
remediation will not be possible given
At 2:04 AM -0400 10/17/06, Stephen Hanna wrote:
Will we be able to meet these interoperability goals? Why or why not?
Yes, we can. If we define a small set of standardized attributes
(OS and app version, AV status, etc.) and make them mandatory to
implement,
Sorry, but doesn't AV status above
Ted,
Sorry, but doesn't AV status above refer to the existing, proprietary
anti-virus
systems? How does standardizing an attribute for carrying that help
create a standardized understanding of what it means?Don't I still
have to treat that as, essentially, a vendor attribute, since I have
At 8:22 PM +0200 10/17/06, Eliot Lear wrote:
would think that five or six values are appropriate:
1. Vendor name (string)
2. Vendor engine version (integer)
3. Vendor virus definitions version (integer)
4. Enabled? (binary)
5. Buggered? (binary)
6. Other gobbledigook the vendor wants
On Oct 17, 2006, at 11:22 AM, Eliot Lear wrote:
I would think that five or six values are appropriate:
1. Vendor name (string)
2. Vendor engine version (integer)
3. Vendor virus definitions version (integer)
4. Enabled? (binary)
5. Buggered? (binary)
6. Other gobbledigook the
Andy Bierman wrote:
I don't agree that this is low-hanging fruit.
The server component of this system seems like a wonderful
new target for DDoS and masquerade attacks.
Well, first of all I don't see why this is any different than a radius
server. In fact it could be that the access box
Lakshminath Dondeti wrote:
At 01:42 AM 10/7/2006, Harald Alvestrand wrote:
snip
Many universities require their students to buy their own laptops,
but prohibit certain types of activity from those laptops (like
spamming, DDOS-attacks and the like). They would love to have the
ability to run
Extreme clipping below:
v) IDS/IPS to detect and prevent intrusions
NEA might help here by providing a common semantics for communicating the
result of IDS scans of hosts to policy decision points.
Cheers Leif
___
Ietf mailing list
At 01:46 AM 10/16/2006, Leif Johansson wrote:
Lakshminath Dondeti wrote:
At 01:42 AM 10/7/2006, Harald Alvestrand wrote:
snip
Many universities require their students to buy their own laptops,
but prohibit certain types of activity from those laptops (like
spamming, DDOS-attacks and the
Eliot Lear wrote:
Andy Bierman wrote:
I don't agree that this is low-hanging fruit.
The server component of this system seems like a wonderful
new target for DDoS and masquerade attacks.
Well, first of all I don't see why this is any different than a radius
server. In fact it could be that
.
Regards,
Frank Yeh
- Original Message -
From: Frank Yeh Jr
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED] ; ietf@ietf.org
Sent: Thursday, October 12, 2006 3:32 PM
Subject: RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
Greetings,
Both of the existing flavors of NEA-type
Sam,
-Original Message-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Friday, October 13, 2006 12:43 PM
To: Frank Yeh Jr
Cc: Hardie, Ted; [EMAIL PROTECTED]; ietf@ietf.org
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
Frank == Frank Yeh [EMAIL PROTECTED
To: Alan DeKok
Cc: [EMAIL PROTECTED]; ietf@ietf.org
Subject: Re: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
A typical NEA case (taken out of what Cisco's NAC is supposed
to be good
for):
- Worker goes on holiday, takes laptop
- New attack is discovered that exploits a newly
On Oct 12, 2006, at 2:27 PM, Darryl ((Dassa)) Lynch wrote:
Am I mistaken or is NEA intended to be a compliance check before a
node is allowed onto the network?
It seems impractical to specify system requirements or expect a
suitable examination be done realtime prior to obtaining access.
Harald Alvestrand wrote:
A typical NEA case (taken out of what Cisco's NAC is supposed to be good
for):
- Worker goes on holiday, takes laptop
- New attack is discovered that exploits a newly discovered Windows
vulnerability
- Patch is created, distributed and installed
- NEA posture
Brian E Carpenter [EMAIL PROTECTED] wrote:
What if your contractor has carefully configured the laptop to
give all the right answers? What if it has already been infected with
a virus that causes it to give all the right answers?
Yes, that's a problem with NEA. No, it's not a problem for
: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
Douglas Otis wrote:
If an application happens to be malware, it seems it would
be unlikely stop these applications. How about:
vi) Provide application level advisory information pertaining to
available services.
Points
I have a very basic fear that this working group is getting chartered
with a bunch of aims added by people who will not take on the
task of doing the work. After private discussion with folks
involved, my sense is that the very core of this work is a
perceived
need to be able to pass
Ted Hardie [EMAIL PROTECTED] wrote on 10/08/2006 11:45:37 PM:
[snip]
my sense is that the very core of this work is a perceived
need to be able to pass opaque strings between a host and the network
prior to the host attaching.
Yes, that is the essence of this work which is what we need
Alan DeKok writes:
The people I talk with plan on using NEA to catch the 99% case of a
misconfigured/unknown system that is used by a well-meaning but
perhaps less clueful employee or contractor. The purpose of NEA is to
enhance network security by allowing fewer insecure end hosts in the
Frank == Frank Yeh [EMAIL PROTECTED] writes:
Frank Standardized VS vendor-specific attributes is not something that
needs to be
Frank solved today. Solutions can start with vendor-specific and migrate
toward a
Frank standard, if one develops, without changing the protocol. The
Noel Chiappa wrote:
From: Steven M. Bellovin [EMAIL PROTECTED]
it is better that we aren't copied because to do so would be unfair to
the complainer(s).
As much as I've sparred with Glassey in the past ... I think he's right
in this case. In my opinion, any sort of
PROTECTED]
To: ietf@ietf.org
Sent: Thursday, October 12, 2006 2:55 AM
Subject: Due process [Re: [Nea] WG Review: Network Endpoint Assessment
(nea)]
Noel Chiappa wrote:
From: Steven M. Bellovin [EMAIL PROTECTED]
it is better that we aren't copied because to do so would be
unfair
On Tue, 2006-10-10 at 20:01 -0700, Narayanan, Vidya wrote:
I am rather confused by this attempt to make NEA fit into some kind of
a network protection mechanism. I keep hearing that NEA is *one* of a
suite of protocols that may be used for protecting networks. Let's dig
a bit deeper into what
Douglas Otis wrote:
If an application happens to be malware, it seems it would
be unlikely stop these applications. How about:
vi) Provide application level advisory information pertaining to
available services.
Points that seem to be missing are:
vii) Notification of
On Tue, 10 Oct 2006 17:10:50 -0700, Fleischman, Eric
[EMAIL PROTECTED] wrote:
I'm sorry to enter this fray, but I'd like to point out that while I
respect Todd's request to know who is accusing him and why, the rest of
us don't need to be copied that information. In fact, it is better that
we
Vidya:
I'm not sure that the charter actually needs to get into the modes at
all - I'm guessing what happens after NEA (i.e., what is done with the
results from NEA) has zero impact on any work being done in NEA itself.
So, why not simply state something like Once NEA is conducted on an
Just FTR (and changing the subject, since this is not about NEA at all):
I agree with the principle that the sergeants-at-arms are obliged to
make up their own minds about whether or not a posting is inappropriate,
and that they are responsible for their own decisions.
Complaints are a
From: Steven M. Bellovin [EMAIL PROTECTED]
it is better that we aren't copied because to do so would be unfair to
the complainer(s).
As much as I've sparred with Glassey in the past ... I think he's right
in this case. In my opinion, any sort of disciplinary action needs
I run a very closed network, ports are closed and not opened unless there is
a validated request, external drives are disabled etc etc. A contractor
comes in with a notebook and needs to work on some files located on our
internal secure network. A trusted staff member rings in with the
- Original Message -
From: Steven M. Bellovin [EMAIL PROTECTED]
To: Fleischman, Eric [EMAIL PROTECTED]
Cc: todd glassey [EMAIL PROTECTED]; [EMAIL PROTECTED];
ietf@ietf.org
Sent: Wednesday, October 11, 2006 7:09 AM
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
On Tue
At 7:55 PM +1000 10/11/06, Darryl \(Dassa\) Lynch wrote:
I run a very closed network, ports are closed and not opened unless there is
a validated request, external drives are disabled etc etc. A contractor
comes in with a notebook and needs to work on some files located on our
internal secure
: Network Endpoint Assessment (nea)
Narayanan, Vidya wrote:
SNIP
I continue to remain puzzled on the above points!
Hello Vidya
Perhaps if I put forward an example of how NEA may benefit me
it would go some way to clear the puzzle.
I run a very closed network, ports are closed
, 2006 7:18 AM
Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea)
Vidya:
I'm not sure that the charter actually needs to get into the modes at
all - I'm guessing what happens after NEA (i.e., what is done with the
results from NEA) has zero impact on any work being done in NEA itself
Hi Russ,
-Original Message-
From: Russ Housley [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 11, 2006 7:19 AM
To: Narayanan, Vidya
Cc: [EMAIL PROTECTED]; iesg@ietf.org; ietf@ietf.org
Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea)
Vidya:
I'm not sure
Vidya,
Thanks for your response. I think we may be getting closer to
understanding each other's perspectives. That's a good thing.
Let me respond to your comments inline below. I hope you won't
mind if I clip a bit since this thread is starting to get long.
Vidya Narayanan wrote:
A. Any
In the end, I believe all NEA can do is help good hosts stay good. Bad
hosts will stay bad, and may or may not be identifyable as such. Still,
the former ain't nothing. But I agree with Ted at least in part that a
standardization effort for the content within NEA is challenging. I do
not think
Brian E Carpenter wrote:
I run a very closed network, ports are closed and not opened unless
there is a validated request, external drives are disabled etc etc.
A contractor comes in with a notebook and needs to work on some
files located on our internal secure network. A trusted staff
Hello Ted
Comments inline as appropriate.
Ted Hardie wrote:
At 7:55 PM +1000 10/11/06, Darryl \(Dassa\) Lynch wrote:
I run a very closed network, ports are closed and not opened unless
there is a validated request, external drives are disabled etc etc.
A contractor comes in with a notebook
Hi Vidya
Comments inline as appropriate.
Narayanan, Vidya wrote:
Your email indicates that you would:
a) somehow require that a visitor's laptop run an NEA client,
b) expect the device to support PAs that the server requires to be
checked, and c) trust data coming out of it,
rather
PROTECTED]
-- Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
--
-- From: Steven M. Bellovin [EMAIL PROTECTED]
--
-- it is better that we aren't copied because to do so
-- would be unfair to
-- the complainer(s).
--
-- As much as I've sparred with Glassey
, and personally after
NETWORK was shutdown I thought that this was it.
Todd Glassey
- Original Message -
From: Theodore Tso [EMAIL PROTECTED]
To: todd glassey [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; ietf@ietf.org
Sent: Monday, October 09, 2006 3:16 PM
Subject: Re: [Nea] WG Review: Network
09, 2006 3:16 PM
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
On Mon, Oct 09, 2006 at 02:39:46PM -0700, todd glassey wrote:
So then Ted are you formally saying that it is inappropriate to discuss
IETF
operations or its processes on the IETF@IETF.ORG mailing list
, 2006 12:34 PM
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
Todd,
I've received several complains from people that think that you are
crossing
the limit again and being off-topic with this thread and I seriously agree
with them.
Consequently I warn you. If you keep going
I have seen a lot of discussion about whether NEA provides
network protection. In fact, it has been suggested that
the charter be revised to say NEA must not be considered
a protection mechanism for networks. I don't agree.
Let's start by examining this concept of network protection.
It's an
]
Responder a: [EMAIL PROTECTED]
Fecha: Tue, 10 Oct 2006 12:42:30 -0700
Para: [EMAIL PROTECTED], ietf@ietf.org, Contreras, Jorge
[EMAIL PROTECTED]
Asunto: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
Who filed the complaints? if you are accusing me of something I have the
right to know
Glassey
- Original Message -
From: JORDI PALET MARTINEZ [EMAIL PROTECTED]
To: todd glassey [EMAIL PROTECTED]; ietf@ietf.org
Sent: Tuesday, October 10, 2006 2:11 PM
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
Todd,
People got very irritated with this type
PROTECTED]; ietf@ietf.org
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
Yes actually you do -how does anyone complained against know who is
complaining or why? - if the complaints are not public then the
oversight is not real - its a paper fiction - a lie in print.
Speaking of lies
[EMAIL PROTECTED]
Responder a: [EMAIL PROTECTED]
Fecha: Tue, 10 Oct 2006 17:10:50 -0700
Para: todd glassey [EMAIL PROTECTED], [EMAIL PROTECTED],
ietf@ietf.org
Conversación: [Nea] WG Review: Network Endpoint Assessment (nea)
Asunto: RE: [Nea] WG Review: Network Endpoint Assessment (nea)
I'm
.
Some further comments inline.
-Original Message-
From: Stephen Hanna [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 10, 2006 1:30 PM
To: ietf@ietf.org; [EMAIL PROTECTED]; iesg@ietf.org
Subject: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
I have seen a lot
On Tue, Oct 10, 2006 at 07:45:48PM -0500, JORDI PALET MARTINEZ wrote:
Hi Eric,
I don't really agree with that. I've first the obligation to keep the
privacy about any email received in private. Of course, I can always suggest
that the people which complained in private speak up in the list,
I have a very basic fear that this working group is getting chartered
with a bunch of aims added by people who will not take on the
task of doing the work. After private discussion with folks
involved, my sense is that the very core of this work is a perceived
need to be able to pass opaque
This is what I meant when I said that the charter is unclear
and it must explicitly state that NEA is not meant as a
protection mechanism of any sort for the network.
I don't believe the Charter needs to delve into this at all. If some people
see it as part of their protection mechanisms,
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
This is what I meant when I said that the charter is unclear
and it must explicitly state that NEA is not meant as a
protection mechanism of any sort for the network.
I don't believe the Charter needs to delve into this at all
, October 09, 2006 2:07 AM
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
This is what I meant when I said that the charter is unclear
and it must explicitly state that NEA is not meant as a
protection mechanism of any sort for the network.
I don't believe the Charter needs
Agreed, we should work to fix that.
...
The IETF has an obligation to WIPO and to the DMCA
...
I can only assume this was intended as some form of joke.
Brian
___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
The IETF has an obligation to WIPO and to the DMCA
...
I can only assume this was intended as some form of joke.
regardless of intent, it should be treated as such.
Keith
___
Ietf mailing list
Ietf@ietf.org
and
can pretty much do anything they want.
Todd Glassey
- Original Message -
From: Brian E Carpenter [EMAIL PROTECTED]
To: ietf@ietf.org
Cc: [EMAIL PROTECTED]
Sent: Monday, October 09, 2006 7:31 AM
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
Agreed, we should work to fix
: [Nea] WG Review: Network Endpoint Assessment (nea)
Tood,
Agreed, we should work to fix that.
Fritz.
- Original Message -
From: todd glassey [EMAIL PROTECTED]
To: Brian E Carpenter [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; ietf@ietf.org
Sent: Monday
Hi Darrly,
snip
It appears that the NEA charter is completely misleading to some
people from what is stated in this email. As the NEA
charter alludes
to, NEA does nothing to protect against compromised
devices. Also, as
has been agreed, NEA is not a protection mechanism for
1 - 100 of 126 matches
Mail list logo
