Keith Moore <moore@xxxxxxxxxx> wrote: > I don't think it's a good analogy because modem pools are very > special-purpose devices, whereas a host can potentially do anything that > needs to communicate with something else. For that matter, RADIUS > doesn't have the intent of preventing some kinds of modem pools from > connecting to the network. No, but it has the explicit intent of preventing some kinds of hosts from connecting to the network. Current RADIUS deployments implement almost anything you can imagine to control network access for hosts and/or users, down to filtering the users network traffic. Current RADIUS deployments *already* do ad-hoc posture assessment, there are a number of startups implementing this today. I don't see how NEA is such a big philosophical change from existing RADIUS practices. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf