Re: [Nea] Charter language on compromised endpoints

To: "Khosravi, Hormuzd M" <hormuzd.m.khosravi at intel.com>
Subject: Re: [Nea] Charter language on compromised endpoints
From: "Sean Convery" <sconvery at gmail.com>
Date: Fri, 26 May 2006 23:15:05 -0700
Cc: nea at ietf.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fvsN9Tck1fUcHKCzK6NJ3g1xGEOXsG7dECkpRMEfATemhWawoPkJxBTHw2Q7hy92e5jkoofKOmortqLv3MBbFgYTyqIJq4YtufWzQq9/O6n4U38/mZZSQ3Ka/nJMC5oCFEhCqezBM0UDUhTB8ZusyRxMPBEkb0RywcLG9NzEIQ4=
In-reply-to: <F50A4280B6033741B1DD2B4E902258B1E72D3F@orsmsx411.amr.corp.intel.com>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <F50A4280B6033741B1DD2B4E902258B1E72D3F@orsmsx411.amr.corp.intel.com>

Would it be appropriate to extend this wording to include some basic
statements that we, as a group, agree that there is value conferred on
the system even if some elements (the compromised ones) don't
accurately report their health? The wording as written seems to beg
the question, "Well why isn't it in scope?"

Thanks,

Sean

On 5/26/06, Khosravi, Hormuzd M <hormuzd.m.khosravi at intel.com> wrote:

Looks good to me, Steve.

We'll also add some text around this in the Requirements draft as you
suggested.

Thanks
Hormuzd

-----Original Message-----
From: Stephen Hanna [mailto:shanna at juniper.net]
Sent: Friday, May 26, 2006 1:35 PM
To: nea at ietf.org
Subject: [Nea] Charter language on compromised endpoints

Since several people on the NEA list have asked to have
the charter address the matter of compromised endpoints
but nobody has suggested that this should be in scope
for NEA (except that it will be addressed in the overall
security analysis), I propose adding the following text
to the current draft charter just before the milestones:

-----

One commonly discussed issue with NEA systems is how to
handle compromised endpoints, whose reports of their own
posture may not be accurate. This issue is out of scope
for the NEA working group except in the security analysis
section of the Requirements document.

-----

I invite comments on this proposal.

Thanks,

Steve

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea


_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

References:
- RE: [Nea] Charter language on compromised endpoints
  - From: Khosravi, Hormuzd M

Prev by Date: RE: [Nea] Revised draft NEA charter
Next by Date: RE: [Nea] RE: Detecting Compromised Endpoints
Previous by thread: RE: [Nea] Charter language on compromised endpoints
Next by thread: RE: [Nea] Charter language on compromised endpoints
Index(es):
- Date
- Thread

Re: [Nea] Charter language on compromised endpoints

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.