Jeff -
----- Original Message -----
From: "Jeffrey Hutzelman" <jhutz(_at_)cmu(_dot_)edu>
To: "todd glassey" <tglassey(_at_)earthlink(_dot_)net>; "Narayanan, Vidya"
<vidyan(_at_)qualcomm(_dot_)com>; <iesg(_at_)ietf(_dot_)org>;
<ietf(_at_)ietf(_dot_)org>
Cc: <nea(_at_)ietf(_dot_)org>; "Jeffrey Hutzelman" <jhutz(_at_)cmu(_dot_)edu>
Sent: Monday, October 09, 2006 1:48 PM
Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea)
Ah two new terms of Art - "Posture" and "Devices".
I only see one. I believe "device" is a fairly well-understood term,
though perhaps "node" would have been more appropriate in this context.
However, I completely agree that this proposed charter uses the term
"posture" far too often not to define it. I fail to see how whether my
computer is sitting upright or lying on its side is relevant to whether it
should be allowed access to the network.
-- Jeff
OK Devices is really well defined in both a technical and legal sense per
the Device based Frauds Act - the little brother of the CFAA. But in this
instance I wanted to bring out the use of the misnomer "Posture" relative to
a Device.
The Device is what it is. The Posture is clearly a term for Operating Policy
which includes change management, security/integrity proofing, and the
general state-response policies that make up the controls and processes for
the Entity in question.
The problem we both saw was the indiscriminant use of the term Posture to
define a group of policies which were specific to a number of things that
the Charter was trying to lay claim to.
I don't necessarily think the NEA is a bad idea - but its about auditing and
so it needs to be crafted as an audit tool and use audit speak in the
process IMHO.
Todd Glassey
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf