IDS> FW: [Nea] Consensus check on attributes suggested by Randy Turner

IDS> FW: [Nea] Consensus check on attributes suggested by Randy Turner

Farrell, Lee Lee.Farrell at cda.canon.com
Fri Sep 19 17:13:16 EDT 2008


For those of you that aren't already on the NEA mail list... 

-----Original Message-----
From: nea-bounces at ietf.org [mailto:nea-bounces at ietf.org] On Behalf Of
Randy Turner
Sent: Friday, September 19, 2008 2:02 PM
To: Stephen Hanna
Cc: nea at ietf.org
Subject: Re: [Nea] Consensus check on attributes suggested by Randy
Turner


Hi Steve,

Thanks for the "level-set" email...

Your last email comments on the proposal indicated that we had "basic
agreement" on the inclusion of the "Forwarding Enabled/Disabled"
attribute as well.  Can we include this in your "proposed consensus" ?

Thanks!
Randy


On Sep 19, 2008, at 1:55 PM, Stephen Hanna wrote:

> I have not seen any more dialog on the attributes that Randy Turner 
> proposed. The PA-TNC editors need to prepare the next version of that 
> draft and I think that we had pretty much reached consensus on how to 
> handle these attributes so I propose a resolution below. I invite NEA 
> participants to indicate whether you agree with this resolution. 
> Please respond within one week (by Friday, September 26). If there is 
> WG consensus in favor of this resolution, the editors will put it into

> the next PA-TNC draft.
>
> Thanks,
>
> Steve
>
> Forwarding Enabled
> ------------------
> Most fixed-function endpoints can easily determine whether they are 
> forwarding traffic between interfaces. Extensible endpoints may not be

> sure if they have multiple interfaces since application software can 
> forward traffic. There is some security value in determining this 
> value since it may indicate that a device which should not be 
> forwarding traffic is doing so. Therefore, an IETF Standard PA-TNC 
> Attribute Type will be defined, named "Forwarding Enabled". The 
> Attribute Value for this attribute will be a single octet with one of 
> three values:
> 0 ("Disabled") if the endpoint is not forwarding traffic between 
> network interfaces, 1 ("Enabled") if the endpoint is forwarding 
> traffic between network interfaces, and 2
> ("Unknown") if it is not known whether the endpoint is forwarding 
> traffic between network interfaces.
>
> Secure Time Enabled
> -------------------
> This attribute is complex and we have not yet seen a proposal for it 
> so we will not standardize it yet. It can come later, maybe using our 
> process for defining new IETF Standard PA-TNC Attribute Types.
>
> Minimum Cipher Suite
> --------------------
> We did not reach consensus in favor of standardizing this attribute.
>
> Configuration State
> -------------------
> We did not reach consensus in favor of standardizing this attribute.
>
> PSTN_Fax_Enabled
> ----------------
> This attribute is mainly for hard copy devices so it will be defined 
> by the Printer Working Group <http://www.pwg.org>.
>
> Factory Default Password Enabled
> --------------------------------
> Many embedded devices include a default static password for 
> administration. If this password is not changed before the device is 
> placed in service, it's often easy to compromise the device. 
> Therefore, it's desirable to identify devices that still have a 
> factory default password enabled via NEA.
> A new PA-TNC attribute named "Factory Default Password Enabled"
> should be defined. The Attribute Value for this attribute will be a 
> single octet with a value of 0 if the endpoint does not have a factory

> default password enabled and 1 if the endpoint does have such a 
> password enabled.
> _______________________________________________
> Nea mailing list
> Nea at ietf.org
> https://www.ietf.org/mailman/listinfo/nea
>

-------------- next part --------------
_______________________________________________
Nea mailing list
Nea at ietf.org
https://www.ietf.org/mailman/listinfo/nea


More information about the Ids mailing list