Re: Fwd: [Nea] Re: use of a design team to develop requirements

To: "Keith Moore" <moore at cs.utk.edu>
Subject: Re: Fwd: [Nea] Re: use of a design team to develop requirements
From: "Mike Fratto" <mfratto at gmail.com>
Date: Wed, 13 Dec 2006 17:42:20 -0500
Cc: nea at ietf.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IPJ3OFRF3LEGaKzvrp6bDgoMNSN/P8432gfj7MlEDFYMw3o2IM8iuW96KfMwCDWty5kvw7Ma4l5EIAWUab+Oken2MUrwlvS0cu8g3yiTKnG7KtSu5pQW3n+1kloDhH4fEtxWA3p+CvM+Df4UyY6hXqHOBiNfhl4Qwv9cEoCB5JA=
In-reply-to: <20061213155159.b457af48.moore@cs.utk.edu>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A6398B0DB62A474C82F61554EE93728701DB40C6@proton.jnpr.net> <4579EDA2.1050104@cs.utk.edu> <tslbqm9i40a.fsf@cz.mit.edu> <457ECD5D.8040906@cs.utk.edu> <457F059C.2010200@deployingradius.com> <a96eb4980612130657t3ea507fbv64de2c8f630c0438@mail.gmail.com> <a96eb4980612130950l6f7bbebbhefa294c3d735f75a@mail.gmail.com> <45804574.9040400@deployingradius.com> <a96eb4980612131139m17843741vd73034cc07e0b229@mail.gmail.com> <20061213155159.b457af48.moore@cs.utk.edu>

Why in the world should IETF standardize a protocol that enables
networks to impose whatever policies they wish on hosts, given that we
already understand how this could be harmful to the Internet and
counter to IETF's organizational goals?


I think I can safely say that the purpose of NAC is NOT to impose
anything on a host. The purpose of NAC is to allow a network owner to
control access to it's resources, which is well within the network
owner's right. Nothing more and nothing less. If a host is not upto
snuff and the network owner requires certain actions to take place,
the host can *choose* not to participate in the network. There is no
forcing anything. There is no other social, racial, national, or
political agenda. And no, I don't agree with your claim that NAC is
harmful to anyone

I can't speak for the IETF at large, but off the top of my noggin here
are some other examples of potentially draconian standards,

1) RADIUS is an IETF standard that past muster and is used to control
user access. RADIUS imposes the rule that if you can't authenticate,
you don't get access. If a user can't authenticate to a RADIUS server
for any reason, including not supporting any required authentication
mechanisms, then they are denied access. Heck, if you do authenticate
and are part of a group, the network can segment you.

2) PKIX is a whole suite of standards. It too can be used to grant or
deny access to a number of resource via the presence or absense of
attributes or heck, knowledge, or lack of knowlege, of the signing
certificate.

3) PPP.  Is that also the tool of oppression? Ya know, if a host
doesn't accept an offered IP address or other configuration option,
they don't attach the network. To think a network owner might want to
enforce that!

4) IKE V1 maybe the worst offender of all. If the peers don't find
agreement on proposals in the first round of offers, communications
stops. Period. There is no negotiation.

By your reasoning, none of them should have been in the IETF either.

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore

References:
- [Nea] Draft minutes from IETF 67 NEA WG meeting
  - From: Stephen Hanna
- [Nea] use of a design team to develop requirements
  - From: Keith Moore
- [Nea] Re: use of a design team to develop requirements
  - From: Sam Hartman
- [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore
- Re: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore

Prev by Date: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Next by Date: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Previous by thread: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Next by thread: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Index(es):
- Date
- Thread

Re: Fwd: [Nea] Re: use of a design team to develop requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.