[Nea] Detecting Compromised Endpoints

["Stephen Hanna" <shanna at juniper.net>]

Let's start a new thread on detecting compromised endpoints.
Can trusted hardware help? Other ideas? This is really a
separate topic worthy of a full discussion. Also, it keeps
coming up. Let's thrash this thing out thoroughly and then
we can ask people who raise this issue to start by reading
this thread (or a summary of it).

I think we should probably start the discussion by agreeing
that we're not going to standardize any of this stuff in
IETF. However, it is sort of within scope for NEA since
we're supposed to do a security analysis of the whole
problem and this issue ALWAYS comes up (for good reason).

I call this the "lying endpoint problem". What good is
an NEA system if a compromised endpoint can just lie about
its health? In my view, there are two answers:

1) Even if NEA only works for healthy endpoints, it's
   a good thing because it will make them keep their
   defenses up: get patches, turn on the firewall, etc.
   You can think of it as a public health campaign for
   the endpoints.

2) With trusted hardware (and maybe some systems with
   a tiny trusted hypervisor or such), endpoint compromise
   can be reliably detected.

I think the main area of debate is the item 2). Does it
actually work? So I'll send a separate email on that,
responding to this email. But I'd like to invite anyone
with more general comments to respond to this email directly.
I hope we can keep all the emails on this topic under
this thread so they will be easy to find 2-3 years
from now.

Thanks,

Steve

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea