Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

To: Alan DeKok <aland at deployingradius.com>
Subject: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
From: Keith Moore <moore at cs.utk.edu>
Date: Tue, 19 Dec 2006 20:50:55 -0500
Cc: nea at ietf.org
In-reply-to: <4588604D.7030101@deployingradius.com>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A6398B0DB62A474C82F61554EE93728701DB40C6@proton.jnpr.net> <4580993D.1070405@deployingradius.com> <a96eb4980612131635y15836e24n48d43d2b6bfa0814@mail.gmail.com> <4580A0C4.2000605@cs.utk.edu> <a96eb4980612131715w22400d97j80624eab057ed24e@mail.gmail.com> <4586D002.3050800@deployingradius.com> <a96eb4980612181108j4c1f31fcia092c120e8ce0485@mail.gmail.com> <4586F499.10101@deployingradius.com> <a96eb4980612181814y7292309erc93af6ea2f16d20b@mail.gmail.com> <a96eb4980612190545j1582c919y5191875499bf453d@mail.gmail.com> <a96eb4980612190547g31081a42v3cbe44891f246029@mail.gmail.com> <4587F272.8020701@cs.utk.edu> <45882DDB.6060901@deployingradius.com> <4588350B.9030008@cs.utk.edu> <458843D7.3020205@deployingradius.com> <458847C2.7060808@cs.utk.edu> <4588604D.7030101@deployingradius.com>
User-agent: Thunderbird 1.5.0.8 (Macintosh/20061025)

-------- Original Message --------

Keith Moore wrote:

not clear.  at least the format of the profiles needs to be
standardized, IMHO, otherwise there's no capability for interoperation
and no point to having an NEA standard.


  Yes.

...  that
implies to me that the profile downloading should be able to happen via
NEA, rather than introduce a situation where NEA can't tell whether a
client is trustworthy or not because the client doesn't have a current
profile.


  My main concern with this is that NEA is *before* the machine obtains
full network access.  So... how does it download potentially megabytes
of updates?  IP tunneling inside of NEA?  Yuck...

I assume the network supports IP to the extent that it needs to implement NEA. It doesn't have to route IP packets anywhere other than between the host and the NEA server(s), but it does have to do that much.

what do you mean by "real networks"?  do you assume that NEA will
operate over something besides TCP/IP? TCP seems perfectly capable of
carrying enough data to transmit an NEA profile.

No, I mean TCP/IP shouldn't operate over NEA. That way lies madness.


perhaps, but nobody has suggested doing that.

Remediation must use TCP/IP to download updates, but it can't use a public/open network (otherwise you wouldn't be using NEA).

I'm not talking about remediation, I'm only talking about downloading the information that the NEA client needs to make the checks. This should be a list of generic tests, NOT arbitrary code.

Keith


_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

References:
- [Nea] Draft minutes from IETF 67 NEA WG meeting
  - From: Stephen Hanna
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Keith Moore
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Mike Fratto
- Re: Fwd: [Nea] Re: use of a design team to develop requirements
  - From: Alan DeKok
- NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Alan DeKok
- Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Mike Fratto
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Keith Moore
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Alan DeKok
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Keith Moore
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Alan DeKok
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Keith Moore
- Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
  - From: Alan DeKok

Prev by Date: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Next by Date: [Nea] NEA charter query
Previous by thread: Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Next by thread: Re: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)
Index(es):
- Date
- Thread

Re: Fwd: NEA requirements (was Re: Fwd: [Nea] Re: use of a design team to develop requirements)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.