Re: [Nea] IETF67 NEA WG Meeting summary

[Keith Moore <moore at cs.utk.edu>]

> OK, good. Let's talk about requirements. In the end, if we find
> (or the IESG finds) that our requirements cannot be met then
> it won't make sense to do any more NEA work in IETF. In the context
> of a requirements discussion, I have no problem with having an
> open discussion about risks introduced by NEA.

okay, here are concrete suggestions for the first couple of 
requirements.  my guess is that this is too much precision too soon, but 
we'll see how it goes.

1. NEA MUST NOT expose information about a host to any party other than 
the owner of that host.   (and a host has at most one owner)

(an alternative would be that NEA can only expose details about a host's 
configuration to host's owner, but that it could expose yes/no 
information in the sense of "I do/don't meet the requirements of your 
network" to parties other than the host's owner.  which might make NEA 
more broadly applicable, but might also open up a big can of worms 
and/or be out of scope for this WG's current charter.)

2. The NEA protocol MUST take reasonable action to ensure that 
information about the host being transmitted via the NEA protocol is not 
 disclosed to third parties who have access to the information 
presented on the wire.  (e.g. the NEA protocol exchange must be encrypted)



_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea