RE: [Nea] IETF67 NEA WG Meeting summary

[Khaja Ahmed <khaja at windows.microsoft.com>]

Would you be OK with the following amendment to the first requirement?
	NEA MUST NOT expose information about a host to any party other
than
	the owner of that host or to parties authorized by the owner.

Khaja

-----Original Message-----
From: Keith Moore [mailto:moore at cs.utk.edu] 
Sent: Tuesday, November 14, 2006 8:10 AM
To: Stephen Hanna
Cc: nea at ietf.org
Subject: Re: [Nea] IETF67 NEA WG Meeting summary

> OK, good. Let's talk about requirements. In the end, if we find
> (or the IESG finds) that our requirements cannot be met then
> it won't make sense to do any more NEA work in IETF. In the context
> of a requirements discussion, I have no problem with having an
> open discussion about risks introduced by NEA.

okay, here are concrete suggestions for the first couple of 
requirements.  my guess is that this is too much precision too soon, but

we'll see how it goes.

1. NEA MUST NOT expose information about a host to any party other than 
the owner of that host.   (and a host has at most one owner)

(an alternative would be that NEA can only expose details about a host's

configuration to host's owner, but that it could expose yes/no 
information in the sense of "I do/don't meet the requirements of your 
network" to parties other than the host's owner.  which might make NEA 
more broadly applicable, but might also open up a big can of worms 
and/or be out of scope for this WG's current charter.)

2. The NEA protocol MUST take reasonable action to ensure that 
information about the host being transmitted via the NEA protocol is not

  disclosed to third parties who have access to the information 
presented on the wire.  (e.g. the NEA protocol exchange must be
encrypted)



_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea