Hi Russ,
-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Wednesday, October 11, 2006 7:19 AM
To: Narayanan, Vidya
Cc: nea(_at_)ietf(_dot_)org; iesg(_at_)ietf(_dot_)org;
ietf(_at_)ietf(_dot_)org
Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea)
Vidya:
I'm not sure that the charter actually needs to get into the
modes at
all - I'm guessing what happens after NEA (i.e., what is
done with the
results from NEA) has zero impact on any work being done in
NEA itself.
So, why not simply state something like "Once NEA is conducted on an
endpoint, the results may be used by an organization in
accordance with
any policies of the organization itself."?
Discussions with the IAB and IESG prior to external review
lead to the addition of the modes discussion. The point is
that some networks will demand compliance to grant full
access, and other networks will simply notify that host that
they are not in compliance. A host my not want to change the
configuration to gain compliance. That is acceptable in the
second case, but not the first.
I don't disagree with the above. But, I was mainly wondering what impact
any of these decisions may have on NEA itself? Aren't these just
post-NEA actions?
In general though, I have far less problems with this text than I do
with the idea of NEA somehow protecting networks or NEA being performed
on endpoints that is not owned by the organization performing NEA.
Regards,
Vidya
Russ
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf