Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

To: "Keith Moore" <moore at cs.utk.edu>
Subject: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
From: "Mike Fratto" <mfratto at gmail.com>
Date: Tue, 19 Dec 2006 13:26:56 -0500
Cc: nea at ietf.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qBaO9pIPdYY4yVWjK27oaLaNsMjbsqV5dXa3kUMZ6OoyBtM39QmeiJQTfNEG8Layow690mY8OCV1l2puQQgc0Si4fQmCK53KIttKj9lD50rr7Al2Rov+ynbO6VpdvSbVtu2Joa2oj3L3qyXuEI9nSQVMen5rTlKx/1gAcL9V9rI=
In-reply-to: <4587F272.8020701@cs.utk.edu>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A6398B0DB62A474C82F61554EE93728701DB40C6@proton.jnpr.net> <4580A0C4.2000605@cs.utk.edu> <a96eb4980612131715w22400d97j80624eab057ed24e@mail.gmail.com> <4586D002.3050800@deployingradius.com> <a96eb4980612181108j4c1f31fcia092c120e8ce0485@mail.gmail.com> <4586F499.10101@deployingradius.com> <a96eb4980612181814y7292309erc93af6ea2f16d20b@mail.gmail.com> <a96eb4980612190545j1582c919y5191875499bf453d@mail.gmail.com> <a96eb4980612190547g31081a42v3cbe44891f246029@mail.gmail.com> <4587F272.8020701@cs.utk.edu>

> So what does an NEA server make a decision on?
who says the NEA server has to make a (nontrivial) decision?


who said the decision is trivial or non-trivial? I don't even know
what that means.

> if the

client presents a statement, signed by a key that is traceable to a host
and a product, that says that the host conforms to a certain level of a
profile, what more does the server need to do other than to tell the
network to give the host whatever level of access corresponds to that
profile?


Ok, I am going to pass on the key signing for the moment. It's an
implementation issue and can be discussed later. Your general point,
one where the client sends a statement that it conforms to a level of
profile makes sense make sense but I have two questions.

1) How do you propose the handshake happen?
2) What happens in the case where a NEA client doesn't send sufficient
information to the NEA server for the NEA server to make a decision?


> That could be a query/response or it could be notification mechanism,
> though the latter is highly inflexible and severly limiting.

yes, but that's the point - the limitations are highly desirable in
reducing the threat of NEA to privacy, and they don't get in the way of
letting NEA do the job that it is designed to do.  they also have the
advantage of making NEA a fairly trivial protocol to design and
implement, allowing the standard to get to market much more quickly.


I was not referring to privacy limitations. Remember, I don't think
privacy is much of an issue. The limitations in a notification
mechanism is that the communication is one-way with no chance for the
two system to converge. The policy decision comes down to "Did the NEA
client send me what I need to know?" and "Does that fit my policy?" If
the exchange fails at question 1 and there is no recourse for the NEA
server to query the NEA client for more information, then the exchange
ends. That is inflexible and a non-starter.

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Keith Moore
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Alan DeKok

References:
- [Nea] Draft minutes from IETF 67 NEA WG meeting
  - From: Stephen Hanna
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Alan DeKok
- Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Mike Fratto
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Keith Moore

Prev by Date: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Next by Date: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Previous by thread: Re: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Next by thread: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Index(es):
- Date
- Thread

Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.