Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)

[yinhan <ayinhan at huawei.com>]

----- Original Message ----- 
From: "Alan DeKok" <aland at deployingradius.com>
To: "Keith Moore" <moore at cs.utk.edu>
Cc: <ned.freed at mrochek.com>; <nea at ietf.org>
Sent: Friday, October 27, 2006 5:53 AM
Subject: Re: [Nea] UPDATED: WG Review: Network Endpoint Assessment (nea)


> Keith Moore <moore at cs.utk.edu> wrote:
>> my argument is that standardization of NEA as it is currently understood 
>> (whether through IETF or as a vendor de facto standard) would be a bad 
>> thing for the Internet community because it would enable more networks 
>> to impose draconian policies that were harmful to users.
> 
>  Again, what about the owners of the networks involved?  Or the
> people who own the machines the users are using?  It is perfectly
> reasonable for an enterprise to control access to its network.  Doing
> so across heterogeneous platforms requires standards-based solutions.
> 
>  Forcing people to authenticate themselves through PPP before they
> access an ISP's services can be viewed as a draconian limitation on
> their freedoms.  So?  There's a gray area... where do we draw the line?
> 
>> for instance, if NEA were defined in such a way that the protocol was 
>> incapable of asking any questions of a host that were not themselves 
>> standardized, or were defined in such a way that there was no way for a 
>> host to sign its answers to questions (so that any host would be capable 
>> of lying).  but I have a hard time seeing IETF defining NEA in that way.
> 
>  Hmm... those requirements would effectively define NEA to be useless.
> 
>> >   I'm not sure any NEA variant will be applied to access networks.
>> 
>> yup.  pretend it's not a problem, and maybe the problem will go away.
> 
>  Let's turn of all network access controls, then.  No relationship
> with an ISP?  No problem! The IETF says authenticating yourself is a
> bad idea, go ahead, surf the net without paying!  Asking via DHCP to
> be allocated the IP of the local DNS server?  No problem!  Allowing
> the network admin to control the network he owns is a bad idea,
> allocate away!

 Ok, a user can get access to network through a and only one ISP access network.
 But, NEA should allow a host access to more than one enterprise network
 at the same time.


> 
>  There has to be a happy medium in between completely open and
> completely locked down.  Likewise, there has to be a happy medium
> between fact-based discussion and ridicule.
> 
>  Alan DeKok.
> --
>  http://deployingradius.com       - The web site of the book
>  http://deployingradius.com/blog/ - The blog
> 
> _______________________________________________
> Nea mailing list
> Nea at ietf.org
> https://www1.ietf.org/mailman/listinfo/nea

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea