> -----Original Message----- > From: Pekka Savola [mailto:pekkas@xxxxxxxxxx] > Sent: Tuesday, May 16, 2006 8:04 AM > To: Hallam-Baker, Phillip > Cc: ietf@xxxxxxxx; Keith Moore; iesg@xxxxxxxx; > ietf-behave@xxxxxxxxxxxxxxxxxxx; Jeffrey Hutzelman > Subject: policy enforcement points and management [RE: Last > Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP > (draft-ietf-behave-nat-udp)] > > On Mon, 15 May 2006, Hallam-Baker, Phillip wrote: > >> From: Jeffrey Hutzelman [mailto:jhutz@xxxxxxx] > > > >> Sure. But a policy enforcement point must necessarily be > configured; > >> otherwise, how is it going to know what policy to enforce? > > > > The policy can be generated automatically from the network > > configuration and the authorized hosts and applications > authorized to > > run on those hosts. > ... > > I think the discussion about policy enforcement points and > their management is out of scope for this work. > > On the other hand, there is a proposed WG (they had a BoF at the last > IETF) -- NEA (Network End-point Assessment) which aims to do > something about this space. > > I'd recommend folks interested in it go take a look: > > http://www1.ietf.org/mailman/listinfo/nea > > -- > Pekka Savola "You each name yourselves king, yet the > Netcore Oy kingdom bleeds." > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > > Is not NEA dealing with a different set of problems mainly related assessing the hardware or software configuration of an endpoint as it pertains to an organization's security policy for access control purposes - called 'posture' in the NEA language? I am not sure how this would apply. Dan _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf