-----Original Message-----
From: Pekka Savola [mailto:pekkas(_at_)netcore(_dot_)fi]
Sent: Tuesday, May 16, 2006 8:04 AM
To: Hallam-Baker, Phillip
Cc: ietf(_at_)ietf(_dot_)org; Keith Moore; iesg(_at_)ietf(_dot_)org;
ietf-behave(_at_)list(_dot_)sipfoundry(_dot_)org; Jeffrey Hutzelman
Subject: policy enforcement points and management [RE: Last
Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP
(draft-ietf-behave-nat-udp)]
On Mon, 15 May 2006, Hallam-Baker, Phillip wrote:
From: Jeffrey Hutzelman [mailto:jhutz(_at_)cmu(_dot_)edu]
Sure. But a policy enforcement point must necessarily be
configured;
otherwise, how is it going to know what policy to enforce?
The policy can be generated automatically from the network
configuration and the authorized hosts and applications
authorized to
run on those hosts.
...
I think the discussion about policy enforcement points and
their management is out of scope for this work.
On the other hand, there is a proposed WG (they had a BoF at the last
IETF) -- NEA (Network End-point Assessment) which aims to do
something about this space.
I'd recommend folks interested in it go take a look:
http://www1.ietf.org/mailman/listinfo/nea
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Is not NEA dealing with a different set of problems mainly related
assessing the hardware or software configuration of an endpoint as it
pertains to an organization's security policy for access control
purposes - called 'posture' in the NEA language? I am not sure how this
would apply.
Dan
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf