Presentation is loading. Please wait.

Presentation is loading. Please wait.

NEA Working Group IETF meeting July 27, 2010 Co-chairs: Steve Hanna

Published byJudith Bond Modified over 8 years ago

Similar presentations

Presentation on theme: "NEA Working Group IETF meeting July 27, 2010 Co-chairs: Steve Hanna"— Presentation transcript:

1 NEA Working Group IETF meeting July 27, 2010 nea[-request]@ietf.org http://tools.ietf.org/wg/nea Co-chairs: Steve Hanna shanna@juniper.netshanna@juniper.net Susan Thomsonsethomso@cisco.comsethomso@cisco.com Jul 27, 2010IETF NEA Meeting1

2 Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: The IETF plenary session The IESG, or any member thereof on behalf of the IESG Any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices Any IETF working group or portion thereof The IAB or any member thereof on behalf of the IAB The RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879).RFC 5378RFC 3979RFC 4879 Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 5378 and RFC 3979 for details.RFC 5378RFC 3979 A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements. A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public.

3 Agenda Review 1300 Administrivia Jabber & Minute scribes Agenda bashing 1305 WG Status 1310 NEA Reference Model 1315 Description of NEA Asokan attack 1345 Open Discussion 1435 Consensus Questions 1450 Next Steps 1455 Milestones 1500 Adjourn Jul 27, 2010IETF NEA Meeting3

4 WG Status – No change from last IETF Published as RFC: –PA-TNC: RFC 5792 (Mar 2010) –PB-TNC: RFC 5793 (Mar 2010) Individual PT proposals submitted (Jan 4) http://www.ietf.org/id/draft-sangster-nea-pt-tls-00.txt http://www.ietf.org/id/draft-hanna-nea-pt-eap-00.txt http://www.ietf.org/id/draft-cam-winget-eap-nea-tlv-00.txt http://www.ietf.org/id/draft-cam-winget-eap-tlv-00.txt Virtual interim NEA WG meeting held (Jan 28) Jul 27, 2010IETF NEA Meeting4

5 NEA Reference Model Jul 27, 2010IETF NEA Meeting5

6 NEA Reference Model from RFC 5209 Posture Collectors Posture Validators Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server IETF NEA MeetingJul 27, 20106

7 PA-TNC Within PB-TNC Within PT PT PB-TNC Header PB-TNC Message (Type=PB-Batch-Type, Batch-Type=CDATA) PB-TNC Message (Type=PB-PA, PA Vendor ID=0, PA Subtype= OS) PA-TNC Message PA-TNC Attribute (Type=Product Info, Product ID=Windows XP) PA-TNC Attribute (Type=Numeric Version, Major=5, Minor=3,...) Jul 27, 20107IETF NEA Meeting

8 NEA Asokan Attack Jul 27, 2010IETF NEA Meeting8

9 Jul 27, 2010IETF NEA Meeting9 PT Trust Model NEA Server NEA Client Tunnel Establishment If the NEA client is configured to only talk to trusted/authorized NEA Servers, then MiTM attacks are mitigated If the NEA client is configured to allow it to talk to untrustworthy NEA Servers, then a MiTM can access and intercept the conversation.

10 Jul 27, 2010IETF NEA Meeting10 PA Trust Model NEA Server NEA Client PA conversation To address the lying endpoint problem, the trusted party at the endpoint can establish the authenticity of the Posture Attributes in a way that the Posture Validator can verify them.

11 SpyLaptop SpyUser Asokan Attack on NEA Jul 27, 2010IETF NEA Meeting11 Preconditions 1.NEA Assessment 2.CorpLaptop Infection 3.Lying Endpoint Detection (PA Trust Model) 4.SpyLaptop configured to allow communication with untrustworthy SpyServer (PT Trust Model) 5.PA Forwarding attack CorpLaptopCorpServer CorpUser ! SpyServer Any questions? ! ☺ ☺

12 Consensus Check Question NEA Asokan attack needs to be addressed? –Yes –No –Don’t know Jul 27, 2010IETF NEA Meeting12

13 Proposed Next Steps Address PT trust model in base PT protocol I-Ds Address PA trust model in PT extension I-D –PT-independent Jul 27, 2010IETF NEA Meeting13

14 Milestones Aug 2010Set up design team to work on PT extension I-D Oct 2010Output of Design team due Nov 2010Review and Resolve issues with PT I-Ds at IETF 79 Dec 2010Publish -00 NEA WG PT I-Ds Jan 2011Resolve issues with -00 NEA WG PT I-Ds Feb 2011Publish -01 NEA WG PT I-Ds Mar 2011Resolve issues with -01 NEA WG PT I-Ds at IETF 80 Apr 2011WGLC on -01 NEA WG I-Ds May 2012Publish -02 NEA WG I-Ds Jun 2012IETF LC Jul 27, 2010IETF NEA Meeting14

15 Adjourn Jul 27, 201015IETF NEA Meeting

Download ppt "NEA Working Group IETF meeting July 27, 2010 Co-chairs: Steve Hanna"

Similar presentations

IETF Calsify.

IETF Calsify.
STRAW IETF#91, Honolulu, USA. Victor Pascual Christer Holmberg.

STRAW IETF#91, Honolulu, USA. Victor Pascual Christer Holmberg.
STRAW IETF#84, Vancouver, Canada Victor Pascual Christer Holmberg.

STRAW IETF#84, Vancouver, Canada Victor Pascual Christer Holmberg.
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.

OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.

L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, 2014-3-4 Webex:http://www.ietf.org/meeting/89/remote- participation.html.

PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, Webex: participation.html.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.

NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
CCAMP Working Group Online Agenda and Slides at: Tools start page:

CCAMP Working Group Online Agenda and Slides at: Tools start page:
DRINKS Interim („77.5“) Reston, VA 05.05.2010. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.

DRINKS Interim („77.5“) Reston, VA Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.
IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.

IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.
L3VPN WG IETF 78 09/11/2010 13:00-15:00 Chairs: Marshall Eubanks Danny McPherson Ben Niven-Jenkins.

L3VPN WG IETF 78 09/11/ :00-15:00 Chairs: Marshall Eubanks Danny McPherson Ben Niven-Jenkins.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
SIPCLF Working Group Spencer Dawkins Theo Zourzouvillys IETF 76 – November 2009 Hiroshima, Japan.

SIPCLF Working Group Spencer Dawkins Theo Zourzouvillys IETF 76 – November 2009 Hiroshima, Japan.
Emergency Context Resolution with Internet Technologies Marc Linsner Roger Marshall IETF 87 Berlin July 29, 2013.

Emergency Context Resolution with Internet Technologies Marc Linsner Roger Marshall IETF 87 Berlin July 29, 2013.
IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th 2011 0.

IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th
EAP Method Update (EMU) IETF-79 Chairs Joe Salowey Alan DeKok.

EAP Method Update (EMU) IETF-79 Chairs Joe Salowey Alan DeKok.
1 NOTE WELL Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

1 NOTE WELL Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
IETF #81 DRINKS WG Meeting Québec City, QC, Canada Tue, July 26 th, 2011.

IETF #81 DRINKS WG Meeting Québec City, QC, Canada Tue, July 26 th, 2011.
PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.

PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.

Similar presentations

Ads by Google