RE: [Nea] IETF67 NEA WG Meeting summary

To: "Keith Moore" <moore at cs.utk.edu>
Subject: RE: [Nea] IETF67 NEA WG Meeting summary
From: "Stephen Hanna" <shanna at juniper.net>
Date: Tue, 14 Nov 2006 10:56:30 -0500
Cc: nea at ietf.org
In-reply-to: <4559E497.70806@cs.utk.edu>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
Thread-index: AccIA/QhLDj1c46JQL26vabDB/QqhwAALRyg
Thread-topic: [Nea] IETF67 NEA WG Meeting summary

OK, good. Let's talk about requirements. In the end, if we find
(or the IESG finds) that our requirements cannot be met then
it won't make sense to do any more NEA work in IETF. In the context
of a requirements discussion, I have no problem with having an
open discussion about risks introduced by NEA.

Thanks,

Steve

-----Original Message-----
From: Keith Moore [mailto:moore at cs.utk.edu] 
Sent: Tuesday, November 14, 2006 9:45 AM
To: Stephen Hanna
Cc: Blumenthal, Uri; nea at ietf.org
Subject: Re: [Nea] IETF67 NEA WG Meeting summary

> If there are legitimate risks to deploying NEA protocols,
> then I'm perfectly OK with discussing those. But I think
> those discussions must happen in the proper context.
> We should not be debating whether IETF should do NEA.
> Instead, we should be discussing what risks arise from
> the use of NEA protocols and how those risks can be addressed.

at some point it is necessary to assess whether NEA can be designed and 
implemented in such a way that it ameliorates more risks than it 
introduces.  balance of risk is the right way to assess this, I think. 
though there's sort of a problem in that NEA might ameliorate risks for 
the network while introducing new risks for the user.

again, I think it's impossible to have a constructive discussion about 
requirements without honestly considering the possibility that a 
reasonable set of requirements results in a null solution space. 
artificially relaxing the requirements (in other words, overlooking 
known problems) so that the solution space is non-null is dishonest and 
doesn't serve the interests of the internet.

so I don't accept the constraint on debate that we shouldn't consider 
whether IETF should do NEA.  and my guess is that the reason we're only 
chartered to do requirements at this stage is that IESG hasn't yet 
decided whether we should do NEA.

our primary concern is to to do what's best for the Internet as a whole,

not to justify NEA if after analysis it doesn't turn out to make sense. 
  that said, I do believe that the greatest risk to access networks is 
from the hosts that connect to them, and I am interested in 
understanding what mechanisms can be devised to ameliorate those risks. 
  I want to have an open mind about NEA, not to shoot it down 
preemptively.  but I want NEA proponents to have open minds also.

> Would it be best to step back and try to enumerate the
> risks that can arise from the use of NEA protocols?

that might be useful.  though I also think we need to have some less 
structured discussion so that everyone understands that these risks are 
real.

Keith

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: [Nea] IETF67 NEA WG Meeting summary
  - From: Keith Moore

References:
- Re: [Nea] IETF67 NEA WG Meeting summary
  - From: Keith Moore

Prev by Date: [Nea] Re: Requirements specifications
Next by Date: Re: [Nea] IETF67 NEA WG Meeting summary
Previous by thread: Re: [Nea] IETF67 NEA WG Meeting summary
Next by thread: Re: [Nea] IETF67 NEA WG Meeting summary
Index(es):
- Date
- Thread

RE: [Nea] IETF67 NEA WG Meeting summary

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.