NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1.

Slides:



Advertisements
Similar presentations
IETF Calsify.
Advertisements

STRAW IETF#91, Honolulu, USA. Victor Pascual Christer Holmberg.
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, Webex: participation.html.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
CCAMP Working Group Online Agenda and Slides at: Tools start page:
DRINKS Interim („77.5“) Reston, VA Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.
IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.
L3VPN WG IETF 78 09/11/ :00-15:00 Chairs: Marshall Eubanks Danny McPherson Ben Niven-Jenkins.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
SIPCLF Working Group Spencer Dawkins Theo Zourzouvillys IETF 76 – November 2009 Hiroshima, Japan.
IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th
EAP Method Update (EMU) IETF-79 Chairs Joe Salowey Alan DeKok.
IETF #81 DRINKS WG Meeting Québec City, QC, Canada Tue, July 26 th, 2011.
PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.
NEA Working Group IETF 80 March 29, 2011 Mar 29, 2011IETF NEA Meeting1.
GROW IETF 78 Maastricht, Netherlands. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.
Authority To Citizen Alerts IETF 81 Quebec. Note: Note Well the Note Well Any submission to the IETF intended by the Contributor for publication as all.
IETF 86 PIM wg meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC.
Source Packet Routing in Networking WG (spring) IETF 91 – Honolulu Chairs: John Scudder Alvaro Retana
IETF 79 - Beijing, China1 Martini Working Group IETF 79 Beijing Chairs: Bernard Spencer
EAP Method Update (EMU) IETF-80 Chairs: Joe Salowey Alan DeKok.
Extensible Messaging and Presence Protocol (XMPP) WG Interim Meeting, Monday, January 7,
IPPM WG IETF 79. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and.
Audio/Video Transport Core Maintenance Working Group Magnus Westerlund Roni Even Jabber room:
NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna
Tictoc working group Thursday, 28 July – 1720 EDT (1920 – 2120 UTC) Karen O’Donoghue and Yaakov Stein, co-chairs.
SIPREC WG, IETF# , GMT+2 John Elwell (WG co-chair) Brian Rosen (WG co-chair)
PAWS Protocol to Access White Space DB IETF 83, Paris Gabor Bajko, Brian Rosen.
CCAMP Working Group Online Agenda and Slides at: Data tracker:
Web Authorization Protocol (oauth) IETF 90, Toronto Chairs: Hannes Tschofenig, Derek Atkins Responsible AD: Kathleen Moriarty Mailing List:
Web Authorization Protocol (oauth) Hannes Tschofenig.
IETF #86 - NETCONF WG session 1 NETCONF WG IETF 86 - Orlando, FL, USA MONDAY, March 11, Bert Wijnen Mehmet Ersue.
Transport Service (TAPS) Aaron Falk
IETF DRINKS Interim Meeting (#82.5) Virtual Interim Meeting Wed, Feb 1 st p-6p UTC/9a-1p Eastern.
Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.
IETF 851 Chairs: Flemming Andreasen Miguel A. Garcia [Paul Kyzivat substitute for this meeting]
Transport Layer Security (TLS) Chairs: Eric Rescorla Joe Salowey.
Lemonade IETF 70 Eric Burger Glenn Parsons
Authentication and Authorization for Constrained Environment (ACE) WG Chairs: Kepeng Li, Hannes
IETF 89, LONDON, UK LISP Working Group. 2 Agenda and slides:  lisp.html Audio Stream 
Audio/Video Transport Extensions (AVTEXT). Administrivia Notetakers? Jabber scribe? Jabber ChatRoom
MPTCP – MULTIPATH TCP WG meeting #5 Nov 8 th & 10 th 2010 Beijing, ietf-79 Yoshifumi Nishida Philip Eardley.
DMM WG IETF 84 DMM WG Agenda & Status Tuesday, July 31 st, 2012 Jouni Korhonen, Julien Laganier.
LMAP WG IETF 92, Dallas, TX Dan Romascanu Jason Weil.
Transport Layer Security (TLS) IETF-84 Chairs: Eric Rescorla Joe Salowey.
Interface to the Routing System (IRS) BOF IETF 85, Atlanta November 2012.
IPR WG IETF 62 Minneapolis. IPR WG: Administrivia Blue sheets Scribes Use the microphones Note Well.
IETF #81 - NETCONF WG session 1 NETCONF WG IETF 81, Quebec City, Canada MONDAY, July 25, Bert Wijnen Mehmet Ersue.
3 August th IETF - San Diego, CA, USA1 SPEECHSC Eric Burger Dave Oran
Transport Layer Security (TLS) IETF 73 Thursday, November Chairs: Eric Rescorla Joe Salowey.
IETF #73 - NETMOD WG session1 NETMOD WG IETF 73, Minneapolis, MN, USA November 20, David Harrington David Partain.
AVTEXT Keith Drage Magnus Westerlund
Transport Layer Security (TLS) IETF-78 Chairs Joe Salowey Eric Rescorla
HIP WG Gonzalo Camarillo David Ward IETF 80, Prague, Czech Republic THURSDAY, March 31, 2011, Barcelona/Berlin.
OPSREA Open Meeting Area Directors: Dan Romascanu and Ron Bonica Monday, March 28, 2011 Morning Session, 10:30 – 11:30, Room Barcelona/Berlin Discussion.
Agenda Behcet Sarikaya Dirk von Hugo November 2012 FMC BOF IETF
IETF #82 - NETCONF WG session 1 NETCONF WG IETF 82, Taipei, Taiwan TUESDAY, November 15, Afternoon Session III Bert Wijnen Mehmet Ersue.
NETWORK-BASED MOBILITY EXTENSIONS WG (NETEXT) July 28 th, 2011 IETF81 1.
Agenda Stig Venaas Behcet Sarikaya November 2011 Multimob WG IETF
Alternatives to Content Classification for Operator Resource Deployment (ACCORD) BOF Chairs: Gonzalo Camarillo & Pete Resnick.
TSVAREA IETF84 - Vancouver. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.
Source Packet Routing in Networking WG (spring) IETF 89 – London Chairs: John Scudder Alvaro Retana
OPSAWG chairs: Scott Bradner Christopher Liljenstolpe.
Agenda Wednesday, July 29, :00 – 15:00 Congresshall B Please join the Jabber room: LEDBAT WG IETF 75.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
SIPREC WG, Interim virtual meeting , GMT
Presentation transcript:

NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: The IETF plenary session The IESG, or any member thereof on behalf of the IESG Any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices Any IETF working group or portion thereof The IAB or any member thereof on behalf of the IAB The RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879).RFC 5378RFC 3979RFC 4879 Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 5378 and RFC 3979 for details.RFC 5378RFC 3979 A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements. A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public. Jul 27, 20112IETF 81 - NEA Meeting

Agenda Review 1300 Administrivia Jabber & Minute scribes Agenda bashing 1305 WG Status 1310 NEA Reference Model 1315 Discuss and Resolve Open PT-TLS Comments Discuss and Resolve EAP vs. TLVs for L2 PT Adjourn Jul 27, 2011IETF 81 - NEA Meeting3

WG Status PT-TLS WG I-D published No consensus on EAP transport –Architectural differences on EAP method/TLV approaches discussed on mailing list Jul 27, 2011IETF 81 - NEA Meeting4

NEA Reference Model Jul 27, 2011IETF 81 - NEA Meeting5

NEA Reference Model from RFC 5209 Posture Collectors Posture Validators Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server Jul 27, 20116IETF 81 - NEA Meeting

PA-TNC Within PB-TNC Within PT PT PB-TNC Header PB-TNC Message (Type=PB-Batch-Type, Batch-Type=CDATA) PB-TNC Message (Type=PB-PA, PA Vendor ID=0, PA Subtype= OS) PA-TNC Message PA-TNC Attribute (Type=Product Info, Product ID=Windows XP) PA-TNC Attribute (Type=Numeric Version, Major=5, Minor=3,...) Jul 27, 20117IETF 81 - NEA Meeting

8 PT-TLS Evaluation Jul 27, 2011IETF 81 - NEA Meeting

Agenda 9 Summarize PT-TLS Creation of -00 I-D  Integration of PT-TLS and PT-TCP  Use of SASL for client authentication  Reduced mention of TCG Questions Next Steps IETF 81 - NEA MeetingJul 27, 2011

10 PT-TLS Message Format | Reserved | Message Type Vendor ID | | Message Type | | Message Length | | Message Identifier | | Message Value (e.g. PB-TNC Batch)... | IETF 81 - NEA Meeting Format matches PB-TNC Message header (plus Message Identifier) Jul 27, 2011

11 Three Phases of PT-TLS 1.TLS Handshake –Unmodified 2.Pre-Negotiation –Version negotiation –Optional Entity authentication 3.Data Transport –NEA assessments IETF 81 - NEA MeetingJul 27, 2011

SASL Entity Authentication 12 Five SASL oriented messages  Request SASL Mechanisms  SASL Mechanisms  SASL Mechanism Selection  SASL Authentication Data  SASL Result MUST support SASL mechanisms  PLAIN and EXTERNAL One mechanism at a time (multiple allowed) IETF 81 - NEA Meeting Jul 27, 2011

13 PT-TLS SASL Message Flow PT-TLS Initiator PT-TLS Responder Request SASL Mechanisms (Optional) SASL Mechanisms (Optional) SASL Mechanism Selection SASL Mechanism Data … SASL Result IETF 81 - NEA MeetingJul 27, 2011

Either Side Can Start 14 Client goes first, can send:  Request SASL Mechanisms to discover list  SASL Mechanism Selection to pick one proactively Server goes first, can send:  SASL Mechanisms proactively Synchronization  Client ignores unrequested SASL Mechanisms unless to trigger selection IETF 81 - NEA MeetingJul 27, 2011

15 Request SASL Mechanisms Payload Empty (zero length) value field Optionally sent by TLS Client (unauthenticated party) TLV requests list of SASL mechanisms offered by recipient Can be requested at any time IETF 81 - NEA MeetingJul 27, 2011

SASL Mechanisms Payload | Rsvd| Mech-Len| Mechanism-Name (1-20 bytes) | | Rsvd| Mech-Len| Mechanism-Name (1-20 bytes) | ~ ~ Sent in response to Request SASL Mechanisms  Server can proactively send mechanism list  Client ignore unexpected mechanism lists Includes prioritized list of SASL mechanisms offered IETF 81 - NEA Meeting Jul 27, 2011

SASL Mechanism Selection Payload | Rsvd| Mech-Len| Mechanism-Name (1-20 bytes) | | Optional Initial Mechanism Response | Sent in response to SASL Mechanisms  TLS Client can proactively select mechanism TLS client selects mechanism to use IETF 81 - NEA Meeting Jul 27, 2011

SASL Mechanism Data Payload ~ SASL Mechanism Message (Variable Length) ~ Sent by SASL mechanisms (both sides) Not interpreted by PT-TLS layer Not sent after SASL Mechanism Result unless additional mechanism to be used IETF 81 - NEA MeetingJul 27, 2011

SASL Result Payload 19 Result of SASL exchange Success, Abort, Mechanism Failure, Not Authorized Optional additional result data Completes SASL mechanism exchange IETF 81 - NEA Meeting | Result Code | Optional Result Data | | | Jul 27, 2011

Questions 20 SASL TLVs are mandatory to implement, optional to use OK? PLAIN and External SASL Mechanisms are mandatory to implement  Do we need any other mechanisms? IETF 81 - NEA Meeting Jul 27, 2011

21 PT-TLS Message Format | Reserved | Message Type Vendor ID | | Message Type | | Message Length | | Message Identifier | | Message Value (e.g. PB-TNC Batch)... | IETF 81 - NEA Meeting Format matches PB-TNC Message header (plus Message Identifier) Jul 27, 2011

Next Steps IETF 81 - NEA Meeting22 Publish -01 I-D based on feedback Request WG last call for comments Final PT-TLS discussion at IETF 82 Jul 27, 2011

23 L2 PT Evaluation Jul 27, 2011IETF 81 - NEA Meeting

L2 PT Comparison PT-EAPNEA-TLV EncapsulationEAP method inside EAP tunnelTLV inside EAP tunnel ProxySupported, but needs protectionNot defined Implementations91 ArchitectureNon-authenticating EAP methodDoes not use EAP method Authentication, NEA sequencing SerialSerial and Parallel Key exportOptional, but value unclearNot supported StandardsTCGNew I-D Jul 27, 2011IETF 81 - NEA Meeting24

Consensus Check Question Prefer PT-EAP approach ? Prefer NEA-TLV approach? Neither Jul 27, 2011IETF 81 - NEA Meeting25

Milestones Jun 2011Publish -00 NEA WG PT-TLS I-D Jul 2011Resolve issues with PT proposals Aug 2011 Publish -01 NEA WG PT-TLS I-D Publish -00 NEA WG EAP-based PT Sept 2011WGLC on NEA WG PT I-Ds Nov 2011Resolve issues from WG LC at IETF 82 Dec 2011Send to IESG for IETF Last Call Jul 27, 2011IETF 81 - NEA Meeting26

Adjourn Jul 27, IETF 81 - NEA Meeting

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.