ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Nea] WG Review: Network Endpoint Assessment (nea)

2006-10-09 11:27:51
from [Narayanan, Vidya] [Permanent Link] 
Hi Susan, 


-----Original Message-----
From: Susan Thomson (sethomso) [mailto:sethomso(_at_)cisco(_dot_)com] 
Sent: Sunday, October 08, 2006 3:27 PM
To: Narayanan, Vidya
Cc: nea(_at_)ietf(_dot_)org; iesg(_at_)ietf(_dot_)org; 
ietf(_at_)ietf(_dot_)org
Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea) 


Hi Vidya

Inline ...

<snip>


How about adding this text - "It should be noted that the 

networks at 

large are exposed to attacks from lying endpoints and external 
entities attaching to the networks as well as any problems arising 
from unknown vulnerabilities on NEA compliant endpoints. Hence, NEA 
must not be considered a protection mechanism for networks. 

Further, 

mechanisms needed to protect the network from all kinds of 
vulnerabilities are expected to be a superset of any 

protection that 

may be achieved by employing NEA"?



It seems to me that this better belongs in a security 
considerations section of the NEA spec, especially given 
where we are in the review cycle and the amount of time spent 
on this specific section already.



No, this text definitely needs to be on the charter. From the number of
discussions even at this stage, it is clear that the charter lacks the
clarity in this space. This is not text about a particular draft in NEA
- it is about the scope of the WG. 


<snip>


That is not necessarily putting any requirements in the 

choice of the 

mandatory to implement protocol itself, as I see it. I believe that 
stating something like "The mandatory to implement PT 

protocol must be 

generic enough to allow the execution of the NEA procedure without 
forcing the need to re-execute network access procedures".



I think protocol requirements belong in the requirements I-D.



The charter text elsewhere does get into performing NEA procedures at
network access. Perhaps that could be removed from the charter too? If
the charter only specified that the PT protocol was out of scope and
left out any text about the timing of execution of the PT protcol w.r.t.
network access, that would be fine. 


<snip>

Not only do I not see anything in the charter or milestones that 
indicates that the WG is going to spend time exploring this, I 
strongly believe this WG should not be spending any time looking at 
this. The trust models for the cases where the devices are 

not owned 

by the organization performing NEA are hugely different and 

can take 

up its own WG to actually find something that applies there, if at 
all. For one, this could be considered a violation of 

privacy by the 

user of the device. Secondly, the end user's perspective of attacks 
may be entirely different from the organization's 

perspective in this 

case. Third, I simply can't see what the organization's interests 
would be in protecting a device that doesn't even belong to 

it. Last 

but not the least, this requires the endpoint to be running an NEA 
client (that is interoperable with the NEA server of the 

organization) 

- which in itself is often an unrealistic requirement.

Organizations that provide services in their networks to 

end users are 

worried about protecting their resources (i.e., networks, servers, 
etc.). As we have agreed, NEA does not protect such 

resources anyway.

Plus, there is absolutely no reason such organizations 

should believe 

that devices they don't own are in fact, truthful endpoints.

So, thinking that this WG must be looking into resolving this seems 
flawed at several levels. In the interest of having a 

focused WG that 

can get something useful accomplished, this does not make sense.


No argument with your gist here.  The point I was trying to 
make is that I think applicability may not be quite as "black 
and white" as your original text suggests, and it would be 
better if the applicability and security considerations 
associated with NEA be addressed in the WG and specified in 
the appropriate NEA documents.



This again is not necessarily a document-specific issue. It applies in
general to anything that will be produced by this WG. 


The charter could express itself  better in this regard. If 
the last sentence was replaced with something like: "NEA can 
be limited in its applicability when the endpoint and the 
organization providing network access are owned by different 
parties. NEA applicability and security considerations will 
be described in the appropriate NEA documents."
Would this work? 



Why would the charter not be limited to producing solutions that may be
relevant to the case where the organization owns the end devices? As
long as we agree that NEA is not intending to protect the network and is
only meant to protect endpoints, keeping the scope to this would allow
for more focussed and useful work. To that effect, here is some modified
text: 

"NEA can be limited in its applicability when the endpoint and the
organization providing network access are owned by different parties.
The resources and threat models in these cases can be vastly different
and such cases are outside the scope of this WG. NEA applicability and
security considerations will also be described in the appropriate NEA
documents."

Vidya

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Nea] WG Review: Network Endpoint Assessment (nea), David W. Hankins
Next by Date:  Re: [Nea] WG Review: Network Endpoint Assessment (nea), Theodore Tso
Previous by Thread:  RE: [Nea] WG Review: Network Endpoint Assessment (nea), Susan Thomson \(sethomso\)
Next by Thread:  RE: [Nea] WG Review: Network Endpoint Assessment (nea), Narayanan, Vidya
Indexes:  [Date] [Thread] [Top] [All Lists]