RE: [Nea] heads-up on distsec

To: "'Pekka Savola'" <pekkas at netcore.fi>
Subject: RE: [Nea] heads-up on distsec
From: "Thomas Hardjono" <THardjono at SignaCert.com>
Date: Sun, 19 Mar 2006 17:35:22 -0800
Cc: "'Hardjono, Thomas'" <thomas at SignaCert.com>, nea at ietf.org
In-reply-to: <Pine.LNX.4.64.0603191845190.29696@netcore.fi>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
Organization: SignaCert
Reply-to: THardjono at signacert.com
Thread-index: AcZLdl8Tu0BpBASWT5CePvepgjOF7QARw8jg

Understood, Pekka.  The BOF/WG would have to decide if these issues (such
that mentioned in Section 9.3) and their solution would be in-scope for NEA.

I think it is useful for NEA to be aware of the spectrum of issues
surrounding (a) end-point trust and integrity, and (b) mechanisms to report
(a).  This was one of the purposes of Section 9.  In this way, NEA can focus
on a clear subset of issues out of the entire spectrum.

Regards.

/thomas/

-----Original Message-----
From: Pekka Savola [mailto:pekkas at netcore.fi] 
Sent: Sunday, March 19, 2006 8:59 AM
To: Thomas Hardjono
Cc: 'Hardjono, Thomas'; nea at ietf.org
Subject: RE: [Nea] heads-up on distsec

Hi,

On Sun, 19 Mar 2006, Thomas Hardjono wrote:
> My personal opinion on this matter is that something trustworthy needs 
> to attest to the goodness (trustworthiness) the NEA Client 
> code/binary. This in-turn requires something that malicious code 
> cannot modify (namely trusted hardware).

Is it enough to have trusted NEA client code?  The client will collect
information from the programs, file systems, and/or the kernel.  So, each of
those (except maybe the programs themselves) would need to be "trusted".

I'm personally a bit skeptical how we could get there, given that kernels
will always have bugs, etc.

Of course, security mechanisms don't necessarily need to be perfect; getting
e.g., 95% assurance might be enough, given that's acceptable for your threat
model..

(That was one of the reasons why distsec was refined to also look at
minimizing the effect and maximizing the detection of a security breach
that's bound to happen sooner or later.)

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

References:
- RE: [Nea] heads-up on distsec
  - From: Pekka Savola

Prev by Date: RE: [Nea] heads-up on distsec
Next by Date: [Nea] meet to review BOF at IETF?
Previous by thread: RE: [Nea] heads-up on distsec
Next by thread: RE: [Nea] heads-up on distsec
Index(es):
- Date
- Thread

RE: [Nea] heads-up on distsec

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.