policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)]

To: "Hallam-Baker, Phillip" <pbaker at verisign.com>
Subject: policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)]
From: Pekka Savola <pekkas at netcore.fi>
Date: Tue, 16 May 2006 08:04:28 +0300 (EEST)
Cc: ietf at ietf.org, Keith Moore <moore at cs.utk.edu>, iesg at ietf.org, ietf-behave at list.sipfoundry.org
In-reply-to: <198A730C2044DE4A96749D13E167AD37ABA694@MOU1WNEXMB04.vcorp.ad.vrsn.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <198A730C2044DE4A96749D13E167AD37ABA694@MOU1WNEXMB04.vcorp.ad.vrsn.com>

On Mon, 15 May 2006, Hallam-Baker, Phillip wrote:

From: Jeffrey Hutzelman [mailto:jhutz at cmu.edu]
Sure.  But a policy enforcement point must necessarily be
configured; otherwise, how is it going to know what policy to enforce?
The policy can be generated automatically from the network configuration and the authorized hosts and applications authorized to run on those hosts.

...

I think the discussion about policy enforcement points and their management is out of scope for this work.

On the other hand, there is a proposed WG (they had a BoF at the last IETF) -- NEA (Network End-point Assessment) which aims to do something about this space.

I'd recommend folks interested in it go take a look:

  http://www1.ietf.org/mailman/listinfo/nea

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)
  - From: Hallam-Baker, Phillip

Prev by Date: RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)
Next by Date: RE: policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)]
Previous by thread: RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)
Next by thread: RE: policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)]
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

policy enforcement points and management [RE: Last Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP (draft-ietf-behave-nat-udp)]

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.