policy enforcement points and management [RE: Last Call: 'NAT Behavioral

On Mon, 15 May 2006, Hallam-Baker, Phillip wrote:

From: Jeffrey Hutzelman [mailto:jhutz(_at_)cmu(_dot_)edu]
Sure.  But a policy enforcement point must necessarily be
configured; otherwise, how is it going to know what policy to enforce?
The policy can be generated automatically from the networkconfiguration and the authorized hosts and applications authorizedto run on those hosts.

...

I think the discussion about policy enforcement points and theirmanagement is out of scope for this work.

On the other hand, there is a proposed WG (they had a BoF at the lastIETF) -- NEA (Network End-point Assessment) which aims to do somethingabout this space.


I'd recommend folks interested in it go take a look:

  http://www1.ietf.org/mailman/listinfo/nea

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp), Hallam-Baker, Phillip

Next by Date:

RE: policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)], Romascanu, Dan \(Dan\)

Previous by Thread:

RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp), Hallam-Baker, Phillip

Next by Thread:

RE: policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)], Romascanu, Dan \(Dan\)

Indexes:

[Date] [Thread] [Top] [All Lists]