> -----Original Message----- > From: Lakshminath Dondeti [mailto:[EMAIL PROTECTED] > Sent: Saturday, October 07, 2006 10:43 AM > To: Harald Alvestrand; Narayanan, Vidya > Cc: [EMAIL PROTECTED]; iesg@ietf.org; ietf@ietf.org > Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea) > > At 01:42 AM 10/7/2006, Harald Alvestrand wrote: > >><snip> > >Many universities require their students to buy their own > laptops, but > >prohibit certain types of activity from those laptops (like > spamming, > >DDOS-attacks and the like). They would love to have the > ability to run > >some kind of NEA procedure to ensure that laptops are reasonably > >virus-free and free from known vulnerabilities, and are important > >enough in their students' lives that they can probably enforce it > >without a complaint about "violation of privacy". > > > >Just pointing out that there's one use case with > user-managed endpoints > >where NEA is not obviously a bad idea. > > My email ventures into a bit of non-IETF territory, but we > are discussing use cases, and so I guess it's on topic. > Universities should be the last places to try antics like > NEA. Whereas an operational network would be a priority to > them, it is also important that they allow students to > experiment with new applications. If we are believing that > general purpose computing will be taken away from college > students, we are indeed talking about a different world. >
I agree. Even in a controlled environment, there is bound to be software/hardware that does not quite support NEA or specific posture attributes. In a university environment, while some basic posture reporting is feasible, there is bound to be a lot of software/hardware that does not support any NEA parameters. The protection that even the endhost may be getting from NEA is quite limited. > In any event, the bottomline is NEA as a solution to "network > protection" is a leaky bucket at best. > The charter must be clarified to dispel this myth about NEA protecting the network from anything. Vidya > NEA at best *may* raise the bar in attacking a "closed" > network where endpoints are owned and tightly controlled by > the organization that owns the network. > > Lakshminath > > > > Harald > > > > > >_______________________________________________ > >Ietf mailing list > >Ietf@ietf.org > >https://www1.ietf.org/mailman/listinfo/ietf > > _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf