Re: [Nea] Re: use of a design team to develop requirements

To: Keith Moore <moore at cs.utk.edu>
Subject: Re: [Nea] Re: use of a design team to develop requirements
From: Alan DeKok <aland at deployingradius.com>
Date: Tue, 12 Dec 2006 11:40:12 -0800
Cc: nea at ietf.org, Sam Hartman <hartmans-ietf at mit.edu>
In-reply-to: <457ECD5D.8040906@cs.utk.edu>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A6398B0DB62A474C82F61554EE93728701DB40C6@proton.jnpr.net> <4579EDA2.1050104@cs.utk.edu> <tslbqm9i40a.fsf@cz.mit.edu> <457ECD5D.8040906@cs.utk.edu>
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)

Keith Moore wrote:

> I also think that is is contrary to good engineering practice and common
> sense to try to define requirements of a solution before the problem
> itself is well understood.  the chairs and the design team may believe
> that they understand the problem well, but they haven't bothered to get
> much input from the larger group before starting to draft requirements.

  Then let's discuss the requirements here.

  Personally, I think that there are many kinds of endpoint assessment
that can be done simply by leveraging information in existing protocols.
 e.g. MAC address filtering in DHCP, to allow only known hosts onto the
network.  None of those steps to a full-blown NEA are perfect, but NEA
won't be perfect, either.

  I would like to see the requirements stated as a series of stages,
from "anyone is allowed on the network with no checks", to "you must
submit to invasive probes", with a graduated range of assessments in
between.

  The main problem I see with that approach is the extremes are easy to
document, but the grey area in the middle is difficult to quantify.
Maybe even before requirements, we should discuss what information
exists where, and who is willing to exchange what information.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

References:
- [Nea] Draft minutes from IETF 67 NEA WG meeting
  - From: Stephen Hanna
- [Nea] use of a design team to develop requirements
  - From: Keith Moore
- [Nea] Re: use of a design team to develop requirements
  - From: Sam Hartman
- [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore

Prev by Date: [Nea] Re: use of a design team to develop requirements
Next by Date: Fwd: [Nea] Re: use of a design team to develop requirements
Previous by thread: [Nea] Re: use of a design team to develop requirements
Next by thread: Fwd: [Nea] Re: use of a design team to develop requirements
Index(es):
- Date
- Thread

Re: [Nea] Re: use of a design team to develop requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.