Re: [proxies] [IETF Proxy] Next Steps

Stefan Winter <> Tue, 06 May 2008 19:32 UTC

Return-Path: <>
Received: from (localhost []) by (Postfix) with ESMTP id 6DED028C34D; Tue, 6 May 2008 12:32:15 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id F03A828C451 for <>; Tue, 6 May 2008 12:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.392
X-Spam-Status: No, score=-1.392 tagged_above=-999 required=5 tests=[AWL=1.207, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1bHDSLWxmXYs for <>; Tue, 6 May 2008 12:32:13 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 0A28128C298 for <>; Tue, 6 May 2008 12:32:13 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id BBA3430276FD; Tue, 6 May 2008 21:32:10 +0200 (CEST)
Received: from [] (unknown []) by (Postfix) with ESMTP id DB3F430276F1; Tue, 6 May 2008 21:32:09 +0200 (CEST)
Message-ID: <>
Date: Tue, 06 May 2008 21:36:54 +0200
From: Stefan Winter <>
User-Agent: Thunderbird (X11/20080226)
MIME-Version: 1.0
To: Klaas Wierenga <>
References: <><200804171550.48931.stefan.winter@><><4820> <> <> <>
In-Reply-To: <>
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [proxies] [IETF Proxy] Next Steps
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion list for ad hoc group interested in security and proxies <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

>>> I guess you could say that the proxy's are a policy enforcement
>>> point... 
>> I suppose you could, but I wish you wouldn't ;-).
>> ...
> ;-)
> but that is what it does, doesn't it? It either or not forwards 
> authentication requests based on the forwarding policies that have 
> been set.... The point I wanted to make is that the proxy in this case 
> is about policies, not about politics.

Well concept is correct, but the term of policy enforcement point is a 
bit problematic these days, because it is used in a different context 
and with a different meaning already: NEA. In NEA, the PEP has 
approximately the role of a NAS. While what we are talking about here is 
not about stuff that happens on a NAS, but on a AAA server behind that 
NAS. So, if we were to use terms from the NEA world, I would rather say 
that a policy-driven proxy should be termed Policy Decision Point - 
after all, forwarding-or-not is a decision, not an enforcement. Anyway, 
thanks for the pointer in the general NEA direction - a NEA PDP is 
indeed quite an analogous thing to a AAA policy-motivated proxy IMHO.

Enough acronyms for a day,

Proxies mailing list