Douglas Otis wrote:
If an application happens to be malware, it seems it would
be unlikely stop these applications. How about:
vi) Provide application level advisory information pertaining to
available services.
Points that seem to be missing are:
vii) Notification of non-compliance. (Perhaps this could become a
restatement of i.)
viii) Time or sequence sensitive compliance certificates provided
following a remediation process or service.
Often bad behavior is detected, such as scanning or sending
spam which may violate AUPs. These violations may trigger a
requirement for the endpoint to use a service that offers
remedies the endpoint might use.
There could then be a time-sensitive certificate of
compliance offered following completion of a check-list and
an agreement to comply with the recommendations.
Those that remain infected after remediation, or that ignore
the AUPs and are again detected, may find this process a
reason to correct the situation or their behavior, or the
provider may wish to permanently disable the account.
Am I mistaken or is NEA intended to be a compliance check before a node is
allowed onto the network? As such, observed behaviour and application abuse
would seem to be issues that would be dealt with by other tools. NEA may be
used to ensure certain applications are installed and some other
characteristics of the node but actual behaviour may not be evident until
such time as the node has joined the network and would be beyond the scope
of detection by NEA IMHO. NEA may be used to assist in limiting the risk of
such behaviour but that is about the extent of it that I see.
My reading of the charter gives me the impression NEA is only intended for a
specific task and some of what we have been discussing seems to extend well
beyond the limited scope proposed.
Darryl (Dassa) Lynch
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf