-----Original Message-----
From: Lakshminath Dondeti [mailto:ldondeti(_at_)qualcomm(_dot_)com]
Sent: Saturday, October 07, 2006 10:43 AM
To: Harald Alvestrand; Narayanan, Vidya
Cc: nea(_at_)ietf(_dot_)org; iesg(_at_)ietf(_dot_)org;
ietf(_at_)ietf(_dot_)org
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
At 01:42 AM 10/7/2006, Harald Alvestrand wrote:
<snip>
Many universities require their students to buy their own
laptops, but
prohibit certain types of activity from those laptops (like
spamming,
DDOS-attacks and the like). They would love to have the
ability to run
some kind of NEA procedure to ensure that laptops are reasonably
virus-free and free from known vulnerabilities, and are important
enough in their students' lives that they can probably enforce it
without a complaint about "violation of privacy".
Just pointing out that there's one use case with
user-managed endpoints
where NEA is not obviously a bad idea.
My email ventures into a bit of non-IETF territory, but we
are discussing use cases, and so I guess it's on topic.
Universities should be the last places to try antics like
NEA. Whereas an operational network would be a priority to
them, it is also important that they allow students to
experiment with new applications. If we are believing that
general purpose computing will be taken away from college
students, we are indeed talking about a different world.
I agree. Even in a controlled environment, there is bound to be
software/hardware that does not quite support NEA or specific posture
attributes. In a university environment, while some basic posture
reporting is feasible, there is bound to be a lot of software/hardware
that does not support any NEA parameters. The protection that even the
endhost may be getting from NEA is quite limited.
In any event, the bottomline is NEA as a solution to "network
protection" is a leaky bucket at best.
The charter must be clarified to dispel this myth about NEA protecting
the network from anything.
Vidya
NEA at best *may* raise the bar in attacking a "closed"
network where endpoints are owned and tightly controlled by
the organization that owns the network.
Lakshminath
Harald
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf