>>
>> >
>> Lets not forget that when (not if) NEA/NAP/NAC is deployed the IDSen
>> people have deployed today to
>> solve the lying-client-problem by scanning for common/current
>> vulnerabilities as part of the network admission
>> process will have to interface with PDPs part of a NEA intfrastructure.
>
> Could you rephrase please? I am afraid I don't understand what you
> are saying.
>
It has been pointed out on this list that the main deliverable from NEA
might well turn out to
be the way host postures are described - the schema if you will. I'm
positive that if someone
deployes NEA/NAP/NAC etc the admin will want to combine data from the
on-client
posture client with information from external IDS (etc) services to a
common Policy Decision
Point. That means that a reason to do NEA is to get this schema
standardized even if some
people who care about lying clients to never use and/or trust client
posture clients.
> Oh, and lying endpoint problem cannot be solved by scanning for common
> vulnerabilities! In fact, the two have no relation whatsoever.
They have the single relation of both expressing claims about the state
of a host.
Cheers Leif
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf