Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

To: nea at ietf.org
Subject: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
From: "Mike Fratto" <mfratto at gmail.com>
Date: Tue, 19 Dec 2006 08:47:35 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=E/JhFkjAhyrRh4hfLiWE4/YSHxli9Ndx/i62bKoUTHBnyCF7EpM6veiIWiIw/HnRYxr7U18zNPYG38kWDAzQeezANa79mlfp5IpjyZXJSTN1tkB/vzdVUwoC9E9W8wcmNeo7PF++rk1PW12UCXE1kyAs0bZlfRDv9r6VoBx51l4=
In-reply-to: <a96eb4980612190545j1582c919y5191875499bf453d@mail.gmail.com>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A6398B0DB62A474C82F61554EE93728701DB40C6@proton.jnpr.net> <4580993D.1070405@deployingradius.com> <a96eb4980612131635y15836e24n48d43d2b6bfa0814@mail.gmail.com> <4580A0C4.2000605@cs.utk.edu> <a96eb4980612131715w22400d97j80624eab057ed24e@mail.gmail.com> <4586D002.3050800@deployingradius.com> <a96eb4980612181108j4c1f31fcia092c120e8ce0485@mail.gmail.com> <4586F499.10101@deployingradius.com> <a96eb4980612181814y7292309erc93af6ea2f16d20b@mail.gmail.com> <a96eb4980612190545j1582c919y5191875499bf453d@mail.gmail.com>

To: Alan DeKok <aland at deployingradius.com>

  In fact, the NEA server has little use for that information to make
any decision independent of the manufacturer of product X.  If the NEA
server gets told product X is at version Y, what does that mean?  Is it
a good thing?  Is that version vulnerable?  Is it newer than the version
the NEA server knows about?


So what does an NEA server make a decision on? It can't make a
decision in a vacuum. Reporting product X, version y, update
DD-MM-YYYY-hh:mm:ss, tells the NEA server the current status of that
piece of software. This is used to make a decision based on local
policy. The NEA server doesn't need to know about vulns or exploits.
The human administring the local policy does, however. Some person has
to say that products prior to version Z are unacceptable and configure
a policy decision.

That could be a query/response or it could be notification mechanism,
though the latter is highly inflexible and severly limiting. Now ask
me why.

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Keith Moore

References:
- [Nea] Draft minutes from IETF 67 NEA WG meeting
  - From: Stephen Hanna
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Alan DeKok

Prev by Date: Re: NEA requirements (was Re: [Nea] Re: use of a design teamto developrequirements)
Next by Date: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Previous by thread: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Next by thread: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Index(es):
- Date
- Thread

Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.