Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)

To: Keith Moore <moore at cs.utk.edu>
Subject: Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)
From: "Alan DeKok" <aland at deployingradius.com>
Date: Thu, 26 Oct 2006 17:53:48 -0400
Cc: ned.freed at mrochek.com, nea at ietf.org
In-reply-to: Your message of "Thu, 26 Oct 2006 17:29:01 EDT." <4541289D.1090204@cs.utk.edu>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>

Keith Moore <moore at cs.utk.edu> wrote:
> my argument is that standardization of NEA as it is currently understood 
> (whether through IETF or as a vendor de facto standard) would be a bad 
> thing for the Internet community because it would enable more networks 
> to impose draconian policies that were harmful to users.

  Again, what about the owners of the networks involved?  Or the
people who own the machines the users are using?  It is perfectly
reasonable for an enterprise to control access to its network.  Doing
so across heterogeneous platforms requires standards-based solutions.

  Forcing people to authenticate themselves through PPP before they
access an ISP's services can be viewed as a draconian limitation on
their freedoms.  So?  There's a gray area... where do we draw the line?

> for instance, if NEA were defined in such a way that the protocol was 
> incapable of asking any questions of a host that were not themselves 
> standardized, or were defined in such a way that there was no way for a 
> host to sign its answers to questions (so that any host would be capable 
> of lying).  but I have a hard time seeing IETF defining NEA in that way.

  Hmm... those requirements would effectively define NEA to be useless.

> >   I'm not sure any NEA variant will be applied to access networks.
> 
> yup.  pretend it's not a problem, and maybe the problem will go away.

  Let's turn of all network access controls, then.  No relationship
with an ISP?  No problem! The IETF says authenticating yourself is a
bad idea, go ahead, surf the net without paying!  Asking via DHCP to
be allocated the IP of the local DNS server?  No problem!  Allowing
the network admin to control the network he owns is a bad idea,
allocate away!

  There has to be a happy medium in between completely open and
completely locked down.  Likewise, there has to be a happy medium
between fact-based discussion and ridicule.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)
  - From: Keith Moore
- Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)
  - From: yinhan

References:
- Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)
  - From: Keith Moore

Prev by Date: [Nea] NEA WG Chartered by the IESG
Next by Date: Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)
Previous by thread: Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)
Next by thread: Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)
Index(es):
- Date
- Thread

Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.