ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Nea] WG Review: Network Endpoint Assessment (nea)

2006-10-07 08:21:37
from [todd glassey] [Permanent Link] 
Harald - get Microsoft to buy into this idea and its done.

Todd Glassey
----- Original Message ----- 
From: "Harald Alvestrand" <harald(_at_)alvestrand(_dot_)no>
To: "Narayanan, Vidya" <vidyan(_at_)qualcomm(_dot_)com>
Cc: <nea(_at_)ietf(_dot_)org>; <iesg(_at_)ietf(_dot_)org>; 
<ietf(_at_)ietf(_dot_)org>
Sent: Saturday, October 07, 2006 1:42 AM
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)





Not only do I not see anything in the charter or milestones that
indicates that the WG is going to spend time exploring this, I strongly
believe this WG should not be spending any time looking at this. The
trust models for the cases where the devices are not owned by the
organization performing NEA are hugely different and can take up its own
WG to actually find something that applies there, if at all. For one,
this could be considered a violation of privacy by the user of the
device. Secondly, the end user's perspective of attacks may be entirely
different from the organization's perspective in this case. Third, I
simply can't see what the organization's interests would be in
protecting a device that doesn't even belong to it. Last but not the
least, this requires the endpoint to be running an NEA client (that is
interoperable with the NEA server of the organization) - which in itself
is often an unrealistic requirement.


Many universities require their students to buy their own laptops, but
prohibit certain types of activity from those laptops (like spamming,
DDOS-attacks and the like). They would love to have the ability to run
some kind of NEA procedure to ensure that laptops are reasonably
virus-free and free from known vulnerabilities, and are important enough
in their students' lives that they can probably enforce it without a
complaint about "violation of privacy".

Just pointing out that there's one use case with user-managed endpoints
where NEA is not obviously a bad idea.

                    Harald


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Nea] WG Review: Network Endpoint Assessment (nea), Harald Alvestrand
Next by Date:  Re: [Nea] WG Review: Network Endpoint Assessment (nea), Lakshminath Dondeti
Previous by Thread:  Re: [Nea] WG Review: Network Endpoint Assessment (nea), Harald Alvestrand
Next by Thread:  Re: [Nea] WG Review: Network Endpoint Assessment (nea), Lakshminath Dondeti
Indexes:  [Date] [Thread] [Top] [All Lists]