Fwd: [Nea] Re: use of a design team to develop requirements

To: nea at ietf.org
Subject: Fwd: [Nea] Re: use of a design team to develop requirements
From: "Mike Fratto" <mfratto at gmail.com>
Date: Wed, 13 Dec 2006 12:50:41 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=eFhZZ65JEjRymKzXziU1JP7ADu02Rx1doH8ieoCUuuVHM760FFbus1SceSW/KvgADdLhMC0uuQA9nKDgIyFQjnFPPMJmvg2UN9xpGaU3YtPBeuMfmTAO/j7qkylaG0DntU0z6nVe2Lc4SauXW5u/VhCV93SAoemWvXxUxoEQvzs=
In-reply-to: <a96eb4980612130657t3ea507fbv64de2c8f630c0438@mail.gmail.com>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A6398B0DB62A474C82F61554EE93728701DB40C6@proton.jnpr.net> <4579EDA2.1050104@cs.utk.edu> <tslbqm9i40a.fsf@cz.mit.edu> <457ECD5D.8040906@cs.utk.edu> <457F059C.2010200@deployingradius.com> <a96eb4980612130657t3ea507fbv64de2c8f630c0438@mail.gmail.com>

  I would like to see the requirements stated as a series of stages,
from "anyone is allowed on the network with no checks", to "you must
submit to invasive probes", with a graduated range of assessments in
between.


Alan, this needs to be generalized to something like "products must
have configurable actions based on posture assessment" but this is a
policy or action statement that will be defined by oranganizations and
is beyond the scope of the working group. It's important and perhaps
an informational RFC on best practices would be a good spot for those
types of discussions.

At this point, it looks like the requirements are focusing on features
that should be in PA and PB.

For example, I think it is critical:

1) that a set of basic attributes such as MAC, IP, and NEA client
time, be defined that MUST be exchanged between a NEA client and NEA
server

2) that the NEA attributes sent to the NEA server from the NEA client
be secured in such a way that only the NEA server can open and view
them

3) that prior to attribute exchange there is a mechanism in place
where the NEA server requests attributes and the NEA client makes a
choice according to it's local policy whether to send those attributes
or not.  Perhaps a negotiation MUST take place even if that means the
server policy dictates all attributes must be returned. (default NAK).
I am thinking of something similar to PPP.

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok

References:
- [Nea] Draft minutes from IETF 67 NEA WG meeting
  - From: Stephen Hanna
- [Nea] use of a design team to develop requirements
  - From: Keith Moore
- [Nea] Re: use of a design team to develop requirements
  - From: Sam Hartman
- [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore
- Re: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok

Prev by Date: Re: [Nea] Re: use of a design team to develop requirements
Next by Date: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Previous by thread: Re: [Nea] Re: use of a design team to develop requirements
Next by thread: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Index(es):
- Date
- Thread

Fwd: [Nea] Re: use of a design team to develop requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.