Re: [Nea] IETF67 NEA WG Meeting summary

To: Stephen Hanna <shanna at juniper.net>
Subject: Re: [Nea] IETF67 NEA WG Meeting summary
From: Keith Moore <moore at cs.utk.edu>
Date: Tue, 14 Nov 2006 10:45:27 -0500
Cc: nea at ietf.org
In-reply-to: <A6398B0DB62A474C82F61554EE93728701A6BFBA@proton.jnpr.net>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A6398B0DB62A474C82F61554EE93728701A6BFBA@proton.jnpr.net>
User-agent: Thunderbird 1.5.0.8 (Macintosh/20061025)

If there are legitimate risks to deploying NEA protocols,
then I'm perfectly OK with discussing those. But I think
those discussions must happen in the proper context.
We should not be debating whether IETF should do NEA.
Instead, we should be discussing what risks arise from
the use of NEA protocols and how those risks can be addressed.

at some point it is necessary to assess whether NEA can be designed and implemented in such a way that it ameliorates more risks than it introduces. balance of risk is the right way to assess this, I think. though there's sort of a problem in that NEA might ameliorate risks for the network while introducing new risks for the user.

again, I think it's impossible to have a constructive discussion about requirements without honestly considering the possibility that a reasonable set of requirements results in a null solution space. artificially relaxing the requirements (in other words, overlooking known problems) so that the solution space is non-null is dishonest and doesn't serve the interests of the internet.

so I don't accept the constraint on debate that we shouldn't consider whether IETF should do NEA. and my guess is that the reason we're only chartered to do requirements at this stage is that IESG hasn't yet decided whether we should do NEA.

our primary concern is to to do what's best for the Internet as a whole, not to justify NEA if after analysis it doesn't turn out to make sense. that said, I do believe that the greatest risk to access networks is from the hosts that connect to them, and I am interested in understanding what mechanisms can be devised to ameliorate those risks. I want to have an open mind about NEA, not to shoot it down preemptively. but I want NEA proponents to have open minds also.

Would it be best to step back and try to enumerate the
risks that can arise from the use of NEA protocols?

that might be useful. though I also think we need to have some less structured discussion so that everyone understands that these risks are real.

Keith


_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- RE: [Nea] IETF67 NEA WG Meeting summary
  - From: Stephen Hanna

References:
- RE: [Nea] IETF67 NEA WG Meeting summary
  - From: Stephen Hanna

Prev by Date: RE: [Nea] IETF67 NEA WG Meeting summary
Next by Date: [Nea] Requirements specifications
Previous by thread: RE: [Nea] IETF67 NEA WG Meeting summary
Next by thread: RE: [Nea] IETF67 NEA WG Meeting summary
Index(es):
- Date
- Thread

Re: [Nea] IETF67 NEA WG Meeting summary

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.