From: Sam Hartman [mailto:hartmans-ietf(_at_)mit(_dot_)edu]
Sent: Friday, October 13, 2006 12:43 PM
To: Frank Yeh Jr
Cc: Hardie, Ted; nea(_at_)ietf(_dot_)org; ietf(_at_)ietf(_dot_)org
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
"Frank" == Frank Yeh <fyeh(_at_)us(_dot_)ibm(_dot_)com> writes:
Frank> Standardized VS vendor-specific attributes is not
something that needs to be
Frank> solved today. Solutions can start with
vendor-specific and migrate toward a
Frank> standard, if one develops, without changing the
protocol. The specification
Frank> should not preclude the addition of standardized
attributes. IE the
Frank> specification is like an alphabet, attributes are
like vocabulary. You can add
Frank> new words without changing the letters.
One of the things coming out of the most recent BOF was a
strong desire for PA-level interoperability. That can be
accomplished through standardized attributes or
vendor-specific attributes that are sufficiently well
documented (and not subject to patents) that third parties
can implement collectors or analysis tools that interoperate
with the vendor tools for the vendor attributes.
Will we be able to meet these interoperability goals? Why or why not?
I am very apprehensive of achieving any meaningful PA-level
interoperability. I am not sure what minimum set of PA attributes will
be standardized, but, whatever that set is, I doubt will be sufficient
to provide any acceptable level of security, even for the endpoints.
Even assuming ongoing standardization of vendor specific attributes, it
is not totally realistic to assume that all applications will support
the appropriate attributes. The rate of standardization is also very
likely to be much slower than the rate of the growth in the number of
attributes needed for any continued meaningful protection.
Ietf mailing list