IDS> FW: [Nea] Consensus check on attributes suggested by Randy Turner

From: Farrell, Lee (Lee.Farrell@cda.canon.com)
Date: Fri Sep 19 2008 - 17:13:16 EDT

  • Next message: Ron.Bergman@ricoh-usa.com: "IDS> Reminder - Telecon Thursday, October 2nd, at 1:00 PM EDT"

    For those of you that aren't already on the NEA mail list...

    -----Original Message-----
    From: nea-bounces@ietf.org [mailto:nea-bounces@ietf.org] On Behalf Of
    Randy Turner
    Sent: Friday, September 19, 2008 2:02 PM
    To: Stephen Hanna
    Cc: nea@ietf.org
    Subject: Re: [Nea] Consensus check on attributes suggested by Randy
    Turner

    Hi Steve,

    Thanks for the "level-set" email...

    Your last email comments on the proposal indicated that we had "basic
    agreement" on the inclusion of the "Forwarding Enabled/Disabled"
    attribute as well. Can we include this in your "proposed consensus" ?

    Thanks!
    Randy

    On Sep 19, 2008, at 1:55 PM, Stephen Hanna wrote:

    > I have not seen any more dialog on the attributes that Randy Turner
    > proposed. The PA-TNC editors need to prepare the next version of that
    > draft and I think that we had pretty much reached consensus on how to
    > handle these attributes so I propose a resolution below. I invite NEA
    > participants to indicate whether you agree with this resolution.
    > Please respond within one week (by Friday, September 26). If there is
    > WG consensus in favor of this resolution, the editors will put it into

    > the next PA-TNC draft.
    >
    > Thanks,
    >
    > Steve
    >
    > Forwarding Enabled
    > ------------------
    > Most fixed-function endpoints can easily determine whether they are
    > forwarding traffic between interfaces. Extensible endpoints may not be

    > sure if they have multiple interfaces since application software can
    > forward traffic. There is some security value in determining this
    > value since it may indicate that a device which should not be
    > forwarding traffic is doing so. Therefore, an IETF Standard PA-TNC
    > Attribute Type will be defined, named "Forwarding Enabled". The
    > Attribute Value for this attribute will be a single octet with one of
    > three values:
    > 0 ("Disabled") if the endpoint is not forwarding traffic between
    > network interfaces, 1 ("Enabled") if the endpoint is forwarding
    > traffic between network interfaces, and 2
    > ("Unknown") if it is not known whether the endpoint is forwarding
    > traffic between network interfaces.
    >
    > Secure Time Enabled
    > -------------------
    > This attribute is complex and we have not yet seen a proposal for it
    > so we will not standardize it yet. It can come later, maybe using our
    > process for defining new IETF Standard PA-TNC Attribute Types.
    >
    > Minimum Cipher Suite
    > --------------------
    > We did not reach consensus in favor of standardizing this attribute.
    >
    > Configuration State
    > -------------------
    > We did not reach consensus in favor of standardizing this attribute.
    >
    > PSTN_Fax_Enabled
    > ----------------
    > This attribute is mainly for hard copy devices so it will be defined
    > by the Printer Working Group <http://www.pwg.org>.
    >
    > Factory Default Password Enabled
    > --------------------------------
    > Many embedded devices include a default static password for
    > administration. If this password is not changed before the device is
    > placed in service, it's often easy to compromise the device.
    > Therefore, it's desirable to identify devices that still have a
    > factory default password enabled via NEA.
    > A new PA-TNC attribute named "Factory Default Password Enabled"
    > should be defined. The Attribute Value for this attribute will be a
    > single octet with a value of 0 if the endpoint does not have a factory

    > default password enabled and 1 if the endpoint does have such a
    > password enabled.
    > _______________________________________________
    > Nea mailing list
    > Nea@ietf.org
    > https://www.ietf.org/mailman/listinfo/nea
    >


    _______________________________________________
    Nea mailing list
    Nea@ietf.org
    https://www.ietf.org/mailman/listinfo/nea



    This archive was generated by hypermail 2.1.4 : Fri Sep 19 2008 - 17:13:54 EDT