From: Marcus Leech [mailto:mleech(_at_)nortel(_dot_)com]
I think the problem that Keith is talking about is the
problem of "unreasonable" policies, which will instantly create
a "criminal" subculture in any networks that have such
"unreasonable" policies.
The people talking about NEA are generally talking about securing corporate
networks.
For example, if the only ISPs that
are available to me insist that the machine I connect to
their precious network run Windows XP SP > foo, but I'm actually
a Linux user, then techniques will emerge that allow me to
fool the ISP into thinking that I'm a Windows XP SP > foo
machine.
And what if the cable company decides to only broadcast Fox News?
This is a political issue and not a technical one. This is not the purpose for
which the specification is being proposed. The fact that some people might use
it for that purpose is irrelevant.
Trying to enforce that a Turing-complete machine have
capabilities "no greater than X" might seem to an IT senior manager
to be a really good idea, but in practical terms, it can't
be done.
Of course it can.
Simply put a trustworthy computing partition on the machine. Palladium is more
than capable of providing a proof that would be prohibitively expensive to
defeat.
And if you try to do this in any but the most tightly-purposed
networks, rebellion will be the inevitable result.
So you accept that the abuse scenario is not credible.
Some companies have an emerging draconian policy about users
running only "authorized" software on their machines, with
a cumbersome "approvals" process for any new software that
someone might want to run on their machine.
True, I expect this to become the default.
Which includes
software written by the user themselves. That type of
policy might be "reasonable" in a call-center, or some other
tightly-purposed network, but it fails in the general case,
and true enforcement is impossible. This emerging draconian
policy is subtly re-defining that which constitutes "useful
work" in many places such that the only authorized things
you can do with your machine are to shuffle Word,
PowerPoint, and Excel documents around, surf the Web,
and e-mail your co-workers.
That is a matter for you to discuss with your employer. It is not something
that a standards body should consider.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf