NEA Working Group IETF meeting July 27, 2010 Co-chairs: Steve Hanna

Slides:



Advertisements
Similar presentations
IETF Calsify.
Advertisements

STRAW IETF#91, Honolulu, USA. Victor Pascual Christer Holmberg.
STRAW IETF#84, Vancouver, Canada Victor Pascual Christer Holmberg.
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
L2VPN WG “NVO3” Meeting IETF 82 Taipei, Taiwan. Agenda Administrivia Framing Today’s Discussions (5 minutes) Cloud Networking: Framework and VPN Applicability.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, Webex: participation.html.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
CCAMP Working Group Online Agenda and Slides at: Tools start page:
DRINKS Interim („77.5“) Reston, VA Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF.
IETF 90: NetExt WG Meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet- Draft.
L3VPN WG IETF 78 09/11/ :00-15:00 Chairs: Marshall Eubanks Danny McPherson Ben Niven-Jenkins.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
SIPCLF Working Group Spencer Dawkins Theo Zourzouvillys IETF 76 – November 2009 Hiroshima, Japan.
Emergency Context Resolution with Internet Technologies Marc Linsner Roger Marshall IETF 87 Berlin July 29, 2013.
IETF #82 DRINKS WG Meeting Taipei, Taiwan Fri, Nov 18 th
EAP Method Update (EMU) IETF-79 Chairs Joe Salowey Alan DeKok.
1 NOTE WELL Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
IETF #81 DRINKS WG Meeting Québec City, QC, Canada Tue, July 26 th, 2011.
PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.
GROW IETF 78 Maastricht, Netherlands. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.
IETF 79 - Beijing, China1 Martini Working Group IETF 79 Beijing Chairs: Bernard Spencer
EAP Method Update (EMU) IETF-80 Chairs: Joe Salowey Alan DeKok.
Extensible Messaging and Presence Protocol (XMPP) WG Interim Meeting, Monday, January 7,
IPPM WG IETF 79. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and.
Tictoc working group Thursday, 28 July – 1720 EDT (1920 – 2120 UTC) Karen O’Donoghue and Yaakov Stein, co-chairs.
SIPREC WG, IETF# , GMT+2 John Elwell (WG co-chair) Brian Rosen (WG co-chair)
CCAMP Working Group Online Agenda and Slides at: Data tracker:
Web Authorization Protocol (oauth) IETF 90, Toronto Chairs: Hannes Tschofenig, Derek Atkins Responsible AD: Kathleen Moriarty Mailing List:
Web Authorization Protocol (oauth) Hannes Tschofenig.
IETF #86 - NETCONF WG session 1 NETCONF WG IETF 86 - Orlando, FL, USA MONDAY, March 11, Bert Wijnen Mehmet Ersue.
Transport Service (TAPS) Aaron Falk
IETF DRINKS Interim Meeting (#82.5) Virtual Interim Meeting Wed, Feb 1 st p-6p UTC/9a-1p Eastern.
Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.
December 2007IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list: Website:
Mary Barnes (WG co-chair) Cullen Jennings (WG co-chair) DISPATCH WG IETF 90.
Transport Layer Security (TLS) Chairs: Eric Rescorla Joe Salowey.
Lemonade IETF 70 Eric Burger Glenn Parsons
Authentication and Authorization for Constrained Environment (ACE) WG Chairs: Kepeng Li, Hannes
IETF 89, LONDON, UK LISP Working Group. 2 Agenda and slides:  lisp.html Audio Stream 
NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1.
MPTCP – MULTIPATH TCP WG meeting #5 Nov 8 th & 10 th 2010 Beijing, ietf-79 Yoshifumi Nishida Philip Eardley.
DMM WG IETF 84 DMM WG Agenda & Status Tuesday, July 31 st, 2012 Jouni Korhonen, Julien Laganier.
LMAP WG IETF 92, Dallas, TX Dan Romascanu Jason Weil.
Transport Layer Security (TLS) IETF-84 Chairs: Eric Rescorla Joe Salowey.
Interface to the Routing System (IRS) BOF IETF 85, Atlanta November 2012.
IPR WG IETF 62 Minneapolis. IPR WG: Administrivia Blue sheets Scribes Use the microphones Note Well.
IETF #81 - NETCONF WG session 1 NETCONF WG IETF 81, Quebec City, Canada MONDAY, July 25, Bert Wijnen Mehmet Ersue.
3 August th IETF - San Diego, CA, USA1 SPEECHSC Eric Burger Dave Oran
Transport Layer Security (TLS) IETF 73 Thursday, November Chairs: Eric Rescorla Joe Salowey.
IETF #73 - NETMOD WG session1 NETMOD WG IETF 73, Minneapolis, MN, USA November 20, David Harrington David Partain.
Transport Layer Security (TLS) IETF-78 Chairs Joe Salowey Eric Rescorla
HIP WG Gonzalo Camarillo David Ward IETF 80, Prague, Czech Republic THURSDAY, March 31, 2011, Barcelona/Berlin.
OPSREA Open Meeting Area Directors: Dan Romascanu and Ron Bonica Monday, March 28, 2011 Morning Session, 10:30 – 11:30, Room Barcelona/Berlin Discussion.
Agenda Behcet Sarikaya Dirk von Hugo November 2012 FMC BOF IETF
IETF #82 - NETCONF WG session 1 NETCONF WG IETF 82, Taipei, Taiwan TUESDAY, November 15, Afternoon Session III Bert Wijnen Mehmet Ersue.
NETWORK-BASED MOBILITY EXTENSIONS WG (NETEXT) July 28 th, 2011 IETF81 1.
Agenda Stig Venaas Behcet Sarikaya November 2011 Multimob WG IETF
Alternatives to Content Classification for Operator Resource Deployment (ACCORD) BOF Chairs: Gonzalo Camarillo & Pete Resnick.
TSVAREA IETF84 - Vancouver. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.
OPSAWG chairs: Scott Bradner Christopher Liljenstolpe.
Emergency Context Resolution with Internet Technologies (ECRIT) Chairs: Marc Linsner & Roger Marshall Standing In for the Chairs: Brian Rosen IETF 94.
STIR Secure Telephone Identity Revisited
SIPREC WG, Interim virtual meeting , GMT-4
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
Agenda OAuth WG IETF 87 July, 2013.
MODERN Working Group IETF 97 November 14, 2016.
Thursday, 20th of July 2017.
SIPREC WG, Interim virtual meeting , GMT
Presentation transcript:

NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna Susan Jul 27, 2010IETF NEA Meeting1

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to: The IETF plenary session The IESG, or any member thereof on behalf of the IESG Any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices Any IETF working group or portion thereof The IAB or any member thereof on behalf of the IAB The RFC Editor or the Internet-Drafts function All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879).RFC 5378RFC 3979RFC 4879 Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice. Please consult RFC 5378 and RFC 3979 for details.RFC 5378RFC 3979 A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements. A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public.

Agenda Review 1300 Administrivia Jabber & Minute scribes Agenda bashing 1305 WG Status 1310 NEA Reference Model 1315 Description of NEA Asokan attack 1345 Open Discussion 1435 Consensus Questions 1450 Next Steps 1455 Milestones 1500 Adjourn Jul 27, 2010IETF NEA Meeting3

WG Status – No change from last IETF Published as RFC: –PA-TNC: RFC 5792 (Mar 2010) –PB-TNC: RFC 5793 (Mar 2010) Individual PT proposals submitted (Jan 4) Virtual interim NEA WG meeting held (Jan 28) Jul 27, 2010IETF NEA Meeting4

NEA Reference Model Jul 27, 2010IETF NEA Meeting5

NEA Reference Model from RFC 5209 Posture Collectors Posture Validators Posture Transport Server Posture Attribute (PA) protocol Posture Broker (PB) protocol NEA ClientNEA Server Posture Transport (PT) protocols Posture Transport Client Posture Broker Client Posture Broker Server IETF NEA MeetingJul 27, 20106

PA-TNC Within PB-TNC Within PT PT PB-TNC Header PB-TNC Message (Type=PB-Batch-Type, Batch-Type=CDATA) PB-TNC Message (Type=PB-PA, PA Vendor ID=0, PA Subtype= OS) PA-TNC Message PA-TNC Attribute (Type=Product Info, Product ID=Windows XP) PA-TNC Attribute (Type=Numeric Version, Major=5, Minor=3,...) Jul 27, 20107IETF NEA Meeting

NEA Asokan Attack Jul 27, 2010IETF NEA Meeting8

Jul 27, 2010IETF NEA Meeting9 PT Trust Model NEA Server NEA Client Tunnel Establishment If the NEA client is configured to only talk to trusted/authorized NEA Servers, then MiTM attacks are mitigated If the NEA client is configured to allow it to talk to untrustworthy NEA Servers, then a MiTM can access and intercept the conversation.

Jul 27, 2010IETF NEA Meeting10 PA Trust Model NEA Server NEA Client PA conversation To address the lying endpoint problem, the trusted party at the endpoint can establish the authenticity of the Posture Attributes in a way that the Posture Validator can verify them.

SpyLaptop SpyUser Asokan Attack on NEA Jul 27, 2010IETF NEA Meeting11 Preconditions 1.NEA Assessment 2.CorpLaptop Infection 3.Lying Endpoint Detection (PA Trust Model) 4.SpyLaptop configured to allow communication with untrustworthy SpyServer (PT Trust Model) 5.PA Forwarding attack CorpLaptopCorpServer CorpUser ! SpyServer Any questions? ! ☺ ☺

Consensus Check Question NEA Asokan attack needs to be addressed? –Yes –No –Don’t know Jul 27, 2010IETF NEA Meeting12

Proposed Next Steps Address PT trust model in base PT protocol I-Ds Address PA trust model in PT extension I-D –PT-independent Jul 27, 2010IETF NEA Meeting13

Milestones Aug 2010Set up design team to work on PT extension I-D Oct 2010Output of Design team due Nov 2010Review and Resolve issues with PT I-Ds at IETF 79 Dec 2010Publish -00 NEA WG PT I-Ds Jan 2011Resolve issues with -00 NEA WG PT I-Ds Feb 2011Publish -01 NEA WG PT I-Ds Mar 2011Resolve issues with -01 NEA WG PT I-Ds at IETF 80 Apr 2011WGLC on -01 NEA WG I-Ds May 2012Publish -02 NEA WG I-Ds Jun 2012IETF LC Jul 27, 2010IETF NEA Meeting14

Adjourn Jul 27, IETF NEA Meeting

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.