ietf
[Top] [All Lists]

RE: [Nea] WG Review: Network Endpoint Assessment (nea)

2006-10-11 12:01:05
Hi Russ, 

-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com] 
Sent: Wednesday, October 11, 2006 7:19 AM
To: Narayanan, Vidya
Cc: nea(_at_)ietf(_dot_)org; iesg(_at_)ietf(_dot_)org; 
ietf(_at_)ietf(_dot_)org
Subject: RE: [Nea] WG Review: Network Endpoint Assessment (nea) 

Vidya:

I'm not sure that the charter actually needs to get into the 
modes at 
all - I'm guessing what happens after NEA (i.e., what is 
done with the 
results from NEA) has zero impact on any work being done in 
NEA itself.
So, why not simply state something like "Once NEA is conducted on an 
endpoint, the results may be used by an organization in 
accordance with 
any policies of the organization itself."?

Discussions with the IAB and IESG prior to external review 
lead to the addition of the modes discussion.  The point is 
that some networks will demand compliance to grant full 
access, and other networks will simply notify that host that 
they are not in compliance.  A host my not want to change the 
configuration to gain compliance.  That is acceptable in the 
second case, but not the first.


I don't disagree with the above. But, I was mainly wondering what impact
any of these decisions may have on NEA itself? Aren't these just
post-NEA actions? 

In general though, I have far less problems with this text than I do
with the idea of NEA somehow protecting networks or NEA being performed
on endpoints that is not owned by the organization performing NEA. 

Regards,
Vidya

Russ




_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>