ietf
[Top] [All Lists]

Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)

2006-10-24 10:16:37
Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> wrote:
That seems overbroad, in particular because a laptop that connects to multiple networks cannot in general be expected to adhere to conflicting policies of the networks to which it connects.

  Exactly.  That's why there are provisions for non-conforming
systems.  Network access can be denied entirely, or limited to the
public (and unprotected) network.  However, 99% of systems don't move
networks, so those systems don't have a problem conforming to the
local requirements.

do you have actual statistics to back that up? are 99% of hosts produced servers or desktops rather than laptops? and how are you defining a host, anyway? sorry, it just looks like a number picked out of thin air.

even if the 99% figure is true today, will it be true in general in the future? personally I think that desktops as we know them are dinosaurs. they are too much of a security threat, too expensive to maintain, offer more flexibility than is needed, and are becoming a vector by which extortionist licensing fees can be extracted from owners. and the trend seems to be toward more and more mobile devices and special purpose devices. standards take a long time to produce and need to last a long time, so it make sense to define them in such a way as to be likely to continue to be useful for the foreseeable future.

As far as I can tell, this is the crux of the problem with NEA - that in general it's simply unreasonable for a network to demand that every host that connect to it conform to arbitrary policies for configuration of those hosts.

  I'm not sure how to take this.  It's unreasonable... OK, why?

because the very nature of a personal computer is one in which every machine is customizable to suit the needs of the individual user. if the network takes away that flexibility, it also obviates the need for a user-programmable personal computer. there are better (more reliable, more secure, more effective, cheaper) ways of providing a set of functions at a user terminal than to give everyone user-programmable machines and then have the network insist that they all have a rigidly controlled configuration...and the only way to really get security out of PCs is to rigidly control their configurations.

and furthermore if PCs continue to be user-programmable then it becomes possible to make NEA meaningless. (though the protocol could make it difficult for a host to forge assertions about itself by having the host sign the assertions with a key signed by the NEA software vendor, it would take some significant cleverness to prevent that key from being exposed to an attacker on that host, particularly one with physical access to the host).

NEA isn't about knowing "who" is on your network in the sense of determining identity, it's about being able to delve into arbitrary details of host configuration.

The other problem I have with this charter is one that I have with many charters these days - it presupposes a particular design or architecture before the working group has actually met, when this should be an engineering decision taken by the consensus of the working group AFTER analysis of the problem space.

  I think it presupposes a particular problem, not an architecture.
The problem is:

  a) knowing who is on my network
  b) controlling who is on my network
  c) controlling the behavior of the hosts on my network.

  If any of those problems are unreasonable to solve, then I would be
*very* confused.

  The proposed NEA architecture derives directly from that problem
statement.

to me it seems to presuppose much more than that, by naming the kinds of actors and their roles.

Keith


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>