IDS> NEA action item

IDS> NEA action item

Randy Turner rturner at amalfisystems.com
Mon Aug 11 23:47:59 EDT 2008


Hi All,

I took an action item in Arizona to review our list of "generic" IDS  
attributes against current thinking in the IETF NEA working group.

Prior to the Dublin IETF meeting, I posted an email to the authors of  
the Posture Attribute (PA) protocol draft, briefly listing our "generic"
set of attributes discussed in Phoenix. As it turns out, the NEA  
working group had not been spending a lot of time on either attribute  
"categories" or the
set of actual attributes themselves. Much of the previous discussions  
around the PA protocol had been about other facets of the design.  
After the plenary, I exchanged
email with Steve Hanna, the chair of the WG, and he said that my email  
generated a lot of discussion and highlighted the need for the PA  
draft authors
to solicit the email list for proposals for additional attribute  
categories as well as the actual attributes themselves.

There will be a "standard" set of attributes documented in an RFC, and  
some type of registry for additional attributes (as long as the base  
protocol has a way to encode/decode the attribute datatype on the wire).

Just after the plenary in Dublin, the PA protocol draft authors posted  
a solicitation on the NEA email list for attribute category and  
attribute values to be included in
the "standard" (base) set of attributes that will be included as part  
of the NEA WG activity.

I was asked by Steve Hanna to re-submit a more formal proposal to the  
NEA list regarding our proposed ideas for attributes. This will still  
be just an email to the NEA list, but with better descriptions of the  
attributes being proposed.

The set I'm initially including in the proposal includes:

- Time Source (and/or quality thereof)
- Minimum cipher suite
- Bridging (layer-2 forwarding) enabled or disabled
- Minimum encryption key length
- I'll speak about port filtering as well, comparing our perspective  
with what is already in the PA doc.
- I may mention something about layer-3 forwarding, since I don't  
think it's in the PA doc yet.

I apologize for the short notice, but if you can reply with any other  
"generic" attributes that I have left out or you think that need
inclusion, please let me know. I would like to send this out on  
Wednesday 8/13.

Thanks!
Randy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2433 bytes
Desc: not available
Url : http://www.pwg.org/archives/ids/attachments/20080811/13d7916a/smime.bin


More information about the Ids mailing list