policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 15 May 2006, Hallam-Baker, Phillip wrote:
From: Jeffrey Hutzelman [mailto:jhutz@xxxxxxx]

Sure.  But a policy enforcement point must necessarily be
configured; otherwise, how is it going to know what policy to enforce?

The policy can be generated automatically from the network configuration and the authorized hosts and applications authorized to run on those hosts.
...

I think the discussion about policy enforcement points and their management is out of scope for this work.

On the other hand, there is a proposed WG (they had a BoF at the last IETF) -- NEA (Network End-point Assessment) which aims to do something about this space.

I'd recommend folks interested in it go take a look:

  http://www1.ietf.org/mailman/listinfo/nea

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]