Re: Fwd: [Nea] Re: use of a design team to develop requirements
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: [Nea] Re: use of a design team to develop requirements

Well, let's look at an analogy.  Let's say that you work for me, and I
want to establish whether you're trustworthy.  So I require you to
consent to have your house searched, at any time, for evidence of
anything that you might have or do that would cause me to question my
trust in you.  Would that be well within my rights as an employer?  And
if it's not okay for me to search your house, why is it okay for me to
search your laptop?


  As noted earlier on this list, both kinds of searches may be illegal
in certain jurisdictions.

whether the search is illegal is irrelevant to this discussion. if you put a lock on your house, and it's easily defeated, the fact that it's illegal for a spy to defeat the lock and enter your house doesn't mean that the lock was doing its job.

... And if you can reduce NEA to a protocol that just gives
a host a way to say to a network "XYZ virus scanner certifies that this
host is good up to version X.Y of its virus tests" then I wouldn't have
a problem with it.

And that's probably not too hard to do, or to retrofit on existing
protocols. On the other hand, allowing open-ended queries means that
the queries will probably be turing complete.

you don't need Turing completeness to be extremely invasive. for example, a way to ask "tell me what the value of octet X at offset Y in file Z" is sufficient to download the entire file system.

Keith



_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea



Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.