RE: [Nea] privacy: exposing information to owner

To: "Pekka Savola" <pekkas at netcore.fi>, "Keith Moore" <moore at cs.utk.edu>
Subject: RE: [Nea] privacy: exposing information to owner
From: "Stephen Hanna" <shanna at juniper.net>
Date: Wed, 15 Nov 2006 08:25:20 -0500
Cc: nea at ietf.org
In-reply-to: <Pine.LNX.4.64.0611151049030.3879@netcore.fi>
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
Thread-index: AccIlAApueMwf8X4SLWDaF9wxiB0ugAIvS6A
Thread-topic: [Nea] privacy: exposing information to owner

This comment highlights the fact that there is a lot of
variation in what information should be disclosed.

On military networks, it's entirely appropriate for the
network to require a complete and verifiable inventory
of software on the endpoint (maybe also information about
recent activity, configuration, etc.). The network will
probably not be willing to divulge its access policies.

On open access networks, no information should be
required from the endpoint. Any participation in NEA
should be purely voluntary and can involve the network
sending its latest policy to the endpoint, which may
respond at its discretion. No enforcement involved.

Commercial networks lie somewhere in between. They may
be willing to grant Internet access if no information
is available on the endpoint. Access to corporate resources
will probably require some information and the amount
of information required will probably depend on the
sensitivity of the resources to be accessed (and on
local regulations, as Pekka points out).

It seems clear to me that this is an areas for local
policy. The endpoint should have a policy about what
information it is willing to disclose and to whom.
The network should have a policy about what information
it requests, whether it will divulge its policies,
and what access it is willing to grant. The requirement
for the NEA standards should be that they describe the
security and privacy concerns inherent in this system,
describe how those concerns can be addressed, and require
the protocols to include features that enable the endpoint
and network to implement whatever policy they want. Then
the endpoint and network owners can configure their
policies with confidence. One endpoint owner may disable
NEA. Another may configure a policy of "Tell nothing
but accept advice from my ISP". Others may decide to
disclose OS patch info to their corporate servers only.
The military owner may configure a policy to disclose
a full inventory but ONLY to authorized servers.

For us to decide on a one-size-fits-all policy in this
area would be impossible. If we're concerned about naive
users, we can require that endpoints ship with NEA disabled
and require explicit approval and administrative privileges
to enable it or configure policy.

Thanks,

Steve

-----Original Message-----
From: Pekka Savola [mailto:pekkas at netcore.fi] 
Sent: Wednesday, November 15, 2006 2:56 AM
To: Keith Moore
Cc: nea at ietf.org
Subject: [Nea] privacy: exposing information to owner

On Tue, 14 Nov 2006, Keith Moore wrote:
> 1. NEA MUST NOT expose information about a host to any party other
than the
> owner of that host.   (and a host has at most one owner)
> 
> (an alternative would be that NEA can only expose details about a
host's
> configuration to host's owner, but that it could expose yes/no
information in
> the sense of "I do/don't meet the requirements of your network" to
parties
> other than the host's owner.  which might make NEA more broadly
applicable,
> but might also open up a big can of worms and/or be out of scope for
this WG's
> current charter.)

Actually, I think in some contexts this might need to be stronger than 
this.  For example, even if an employee's laptop is owned by the 
enterprise, some legislations (at least here in Finland) there are 
prohibitions on what the employer may (or may not) do e.g., to track 
the employee or employee's usage.

For example, it would be illegal to track which websites the user 
surfs to ("to ensure productive use of working time"), the amount of 
time keyboard/mouse is idle ("the user is not doing anything at work") 
etc.

It is not clear to me to what extent this would need to be reflected 
in the NEA protocol or requirements.  Nonetheless 'only the owner can 
get full information' might be too much in some cases.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: [Nea] privacy: exposing information to owner
  - From: Keith Moore

References:
- [Nea] privacy: exposing information to owner
  - From: Pekka Savola

Prev by Date: RE: [Nea] IETF67 NEA WG Meeting summary
Next by Date: Re: [Nea] IETF67 NEA WG Meeting summary
Previous by thread: [Nea] privacy: exposing information to owner
Next by thread: Re: [Nea] privacy: exposing information to owner
Index(es):
- Date
- Thread

RE: [Nea] privacy: exposing information to owner

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.