On Mon, 15 May 2006, Hallam-Baker, Phillip wrote:
From: Jeffrey Hutzelman [mailto:jhutz@xxxxxxx]
Sure. But a policy enforcement point must necessarily be
configured; otherwise, how is it going to know what policy to enforce?
The policy can be generated automatically from the network
configuration and the authorized hosts and applications authorized
to run on those hosts.
...
I think the discussion about policy enforcement points and their
management is out of scope for this work.
On the other hand, there is a proposed WG (they had a BoF at the last
IETF) -- NEA (Network End-point Assessment) which aims to do something
about this space.
I'd recommend folks interested in it go take a look:
http://www1.ietf.org/mailman/listinfo/nea
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf