Re: Fwd: [Nea] Re: use of a design team to develop requirements

To: Mike Fratto <mfratto at gmail.com>
Subject: Re: Fwd: [Nea] Re: use of a design team to develop requirements
From: Keith Moore <moore at cs.utk.edu>
Date: Wed, 13 Dec 2006 18:22:42 -0500
Cc: nea at ietf.org
In-reply-to: <a96eb4980612131442s6c09d2deg74aa68322941968a@mail.gmail.com>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A6398B0DB62A474C82F61554EE93728701DB40C6@proton.jnpr.net> <4579EDA2.1050104@cs.utk.edu> <tslbqm9i40a.fsf@cz.mit.edu> <457ECD5D.8040906@cs.utk.edu> <457F059C.2010200@deployingradius.com> <a96eb4980612130657t3ea507fbv64de2c8f630c0438@mail.gmail.com> <a96eb4980612130950l6f7bbebbhefa294c3d735f75a@mail.gmail.com> <45804574.9040400@deployingradius.com> <a96eb4980612131139m17843741vd73034cc07e0b229@mail.gmail.com> <20061213155159.b457af48.moore@cs.utk.edu> <a96eb4980612131442s6c09d2deg74aa68322941968a@mail.gmail.com>
User-agent: Thunderbird 1.5.0.8 (Macintosh/20061025)

I think I can safely say that the purpose of NAC is NOT to impose anything on a host.

It's not the explicit purpose, but it is certainly a consequence of NEA if it is successful. If you know something is going to do harm, and you do it anyway, you're still culpable for the harm even if doing harm wasn't your explicit purpose.

The purpose of NAC is to allow a network owner to control access to it's resources, which is well within the network owner's right. Nothing more and nothing less.


Well, let's look at an analogy.  Let's say that you work for me, and I
want to establish whether you're trustworthy.  So I require you to
consent to have your house searched, at any time, for evidence of
anything that you might have or do that would cause me to question my
trust in you.  Would that be well within my rights as an employer?  And
if it's not okay for me to search your house, why is it okay for me to
search your laptop?

The real question is something like this - how invasive a search is
reasonable?

If a host is not upto snuff and the network owner requires certain
actions to take place, the host can *choose* not to participate in
the network. There is no forcing anything. There is no other social,
racial, national, or political agenda. And no, I don't agree with
your claim that NAC is harmful to anyone

I strongly disagree. Saying that a host can choose whether to use a particular network is like saying that a person can choose whether or not to breathe the local air, drink the local water, buy electricity from the local power company. In many cases you have to use a particular network in order to function. So the choice is to a large degree already taken away from the user. When the user doesn't have choice other mechanisms are needed to protect the user's privacy.

I can't speak for the IETF at large, but off the top of my noggin here are some other examples of potentially draconian standards,


(RADIUS, PKIX, PPP, IKE)

None of these requires arbitrary information from a host - only a small amount of information that specifically exists for the purpose of authentication. And if you can reduce NEA to a protocol that just gives a host a way to say to a network "XYZ virus scanner certifies that this host is good up to version X.Y of its virus tests" then I wouldn't have a problem with it. The problems come from the potential that NEA can be used by a network to ask arbitrary questions of a host. Standardizing spyware is not in the best interest of the Internet community.

Keith


_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok

References:
- [Nea] Draft minutes from IETF 67 NEA WG meeting
  - From: Stephen Hanna
- [Nea] use of a design team to develop requirements
  - From: Keith Moore
- [Nea] Re: use of a design team to develop requirements
  - From: Sam Hartman
- [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore
- Re: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto

Prev by Date: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Next by Date: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Previous by thread: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Next by thread: Re: Fwd: [Nea] Re: use of a design team to develop requirements
Index(es):
- Date
- Thread

Re: Fwd: [Nea] Re: use of a design team to develop requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.