Re: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)

To: "Blumenthal, Uri" <uri.blumenthal at intel.com>
Subject: Re: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)
From: Alan DeKok <aland at deployingradius.com>
Date: Mon, 18 Dec 2006 14:03:18 -0800
Cc: nea at ietf.org
In-reply-to: <279DDDAFA85EC74C9300A0598E704056011D1227@hdsmsx412.amr.corp.intel.com>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <279DDDAFA85EC74C9300A0598E704056011D1227@hdsmsx412.amr.corp.intel.com>
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)

Blumenthal, Uri wrote:

> Perhaps NEA server will be able to mention everything it 
> wants in one request, and the client might be able to 
> pack all the data into one response. Or perhaps NEA
> client will just shove everything it can get about
> the system and send it in one bunch, without being
> specific - in response to a generic request.

  What I see is something along the following lines:

Client -> Server: I'm client FOO
Server -> Client: I'm network BAR
Client -> Server: Here's my posture information for BAR
...

> Perhaps based upon the first response to small and generic query, 
> the server will choose to send more specific queries to learn 
> about some particulars of the client machine.

  Again, I don't see a need for this.  Ever.

>>> The result on the user side might be to only allow
>>> the user to connect to a particular web site. 
>>> The point is that policy exists at both places.
>> Of course.
> 
> What's that "second place" where the policy exists?

  The client.  It can be configured to tell network A one thing, and
network B another.

  e.g. It tells my workplace that its virus scanner is up to date, but
doesn't tell my broadband provider that information.

> Do you mean a small set of generic posture attributes that 
> every host is supposed to carry? 
> Regardless, it doesn't seem to be the main focus of this WG. :-)

  It seems so.  I would like to start off knowing use-cases, scenarios,
and the intent of the administrator.  From that, we determine what
information is needed in order for the administrator to make an informed
decision.  We then determine how to design a protocol that carries that
information.

  i.e. *concrete* use-cases.  "Assessing posture" is a nice phrase, but
I don't know how it translates to real-world decisions.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- RE: NEA requirements (was Re: [Nea] Re: use of a design teamto developrequirements)
  - From: Khaja Ahmed

References:
- RE: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)
  - From: Blumenthal, Uri

Prev by Date: RE: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)
Next by Date: RE: NEA requirements (was Re: [Nea] Re: use of a design teamto developrequirements)
Previous by thread: RE: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)
Next by thread: RE: NEA requirements (was Re: [Nea] Re: use of a design teamto developrequirements)
Index(es):
- Date
- Thread

Re: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.