Re: [Nea] IETF67 NEA WG Meeting summary

To: Khaja Ahmed <khaja at windows.microsoft.com>
Subject: Re: [Nea] IETF67 NEA WG Meeting summary
From: Keith Moore <moore at cs.utk.edu>
Date: Wed, 15 Nov 2006 01:20:05 -0500
Cc: nea at ietf.org
In-reply-to: <A07B77F32153944CA64E551D7C23674E02E7CC67@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
References: <A07B77F32153944CA64E551D7C23674E02E7CC67@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
User-agent: Thunderbird 1.5.0.8 (Macintosh/20061025)

Would you be OK with the following amendment to the first requirement?
	NEA MUST NOT expose information about a host to any party other than
	the owner of that host or to parties authorized by the owner.

no, I'm not okay with that. the problem is that people can be coerced into giving up their privacy if the protocol makes it easy for them to do that.

I'll give an example: HTTP cookies. they weren't intended to be used as a means to track user behavior. they ended up being used that way because (a) they were not designed with due concern for privacy and (b) many implementations didn't bother implementing the protections specified by the standards. instead they gave users a yes or no switch: "do you want to enable cookies or not?" and a lot of web sites also gave users a yes or no option: "either enable arbitrary cookies or don't use our web site". and the web sites didn't adhere to the rules for using cookies either.

what I conclude from the cookie experience is that when the server and host don't have the same owner, the server (i.e. the network) can't be trusted to not abuse the ability to query hosts for fine-grained information if NEA gives it that ability, and NEA client (i.e. host) implementors can't be trusted to implement appropriate privacy safeguards for clients if the protocol itself isn't designed in such a way as to make it unlikely that networks will be able to demand such information from clients.

regarding NEA: what I might be okay with is giving authorized third-parties yes or no assurance that the host meets or does not meet their policies, without giving them fine-grained detail about what is installed on the host. so the owner of a host could get details about why a host did or did not fit within a particular network's policy, but the network (if owned by another party than the owner of the host) could only get yes or no information. I would like to see this option examined further.

Keith


_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: [Nea] third-party assurances
  - From: Douglas Otis
- Re: [Nea] IETF67 NEA WG Meeting summary
  - From: Mike Fratto
- RE: [Nea] IETF67 NEA WG Meeting summary
  - From: Darryl \(Dassa\) Lynch

References:
- RE: [Nea] IETF67 NEA WG Meeting summary
  - From: Khaja Ahmed

Prev by Date: Re: [Nea] IETF67 NEA WG Meeting summary
Next by Date: [Nea] privacy: exposing information to owner
Previous by thread: RE: [Nea] IETF67 NEA WG Meeting summary
Next by thread: RE: [Nea] IETF67 NEA WG Meeting summary
Index(es):
- Date
- Thread

Re: [Nea] IETF67 NEA WG Meeting summary

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.