July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 nea[-request]@ietf.org Co-chairs: Steve...
-
Upload
lauren-rogers -
Category
Documents
-
view
226 -
download
0
Transcript of July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 nea[-request]@ietf.org Co-chairs: Steve...
July 27, 2009 IETF NEA Meeting 1
NEA Working GroupIETF 75
nea[-request]@ietf.org
http://tools.ietf.org/wg/nea
Co-chairs: Steve Hanna [email protected]
Susan Thomson [email protected]
July 27, 2009 IETF NEA Meeting 2
Agenda Review1740 Administrivia
Blue SheetsJabber & Minute scribesAgenda bashing
1745 WG Status1750 Addressing IETF LC and IESG comments for PB-TNC:
http://www.ietf.org/internet-drafts/draft-ietf-nea-pb-tnc-04.txt1820 Addressing IETF LC and IESG comments for PA-TNC:
http://www.ietf.org/internet-drafts/draft-ietf-nea-pb-tnc-04.txt 1850 Discuss proposed charter updates1915 Process for soliciting proposals for PT1930 Next Steps1940 Adjourn
July 27, 2009 IETF NEA Meeting 3
WG Status• Internet Drafts
– PA-TNC -04 I-D (Apr 2009)http://www.ietf.org/internet-drafts/draft-ietf-nea-pa-tnc-04.txt
– PB-TNC -04 I-D (Apr 2009)http://www.ietf.org/internet-drafts/draft-ietf-nea-pb-tnc-04.txt
• IETF Last Call (Jun 9-23, 2009). Comments received from:– IANA– Gen-Art– Other
• PA-TNC and PB-TNC in IESG evaluation now– Several IESG members have made comments– Completes last milestone in current charter
• WG Charter Revision Being Discussed– Proposed charter updates sent to mailing list for review (Jun 12)
July 27, 2009 IETF NEA Meeting 4
NEA Protocol Overview
July 27, 2009 IETF NEA Meeting 5
NEA Reference Modelfrom RFC 5209
Posture Collectors
Posture Validators
PostureTransportServer
Posture Attribute (PA) protocol
Posture Broker (PB) protocol
NEA Client NEA Server
Posture Transport (PT) protocolsPostureTransportClient
PostureBrokerClient
PostureBrokerServer
July 27, 2009 IETF NEA Meeting 6
PA-TNC Within PB-TNCPT
PB-TNC Header (Batch-Type=CDATA)
PB-TNC Message (Type=PB-PA, PA Vendor ID=0, PA Subtype= OS)
PA-TNC Message
PA-TNC Attribute (Type=Product Info, Product ID=Windows XP)
PA-TNC Attribute (Type=Numeric Version, Major=5, Minor=3, ...)
July 27, 2009 IETF NEA Meeting 7
Addressing IETF LC and IESG Comments for PB-TNC
July 27, 2009 IETF NEA Meeting 8
Summary of Changes indraft-ietf-nea-pb-tnc-04.txt
• Changes discussed at IETF 74 with WG consensus confirmed on NEA email list– PB-TNC version handling changed to match PA-TNC
– PB-Assessment-Result and PB-Access-Recommendation MUST NOT appear in a batch of type other than RESULT
– RESULT batches MAY include PB-Access-Recommendation (was SHOULD)
July 27, 2009 IETF NEA Meeting 9
IETF LC Comments ondraft-ietf-nea-pb-tnc-04.txt
• Concern re TCG text– Propose: Remove section 1.1, add
acknowledgement
July 27, 2009 IETF NEA Meeting 10
IANA Comments ondraft-ietf-nea-pb-tnc-04.txt
• Several values listed in the specification differ from contents of IANA Considerations– PB-TNC Message Types 2-7 with PEN 0– PB-TNC Message Type 0xFFFFFFFF (reserved for
all PEN values)– Propose: Fix IANA Considerations
• Concern re archiving specs for registered vendor-specific values and making these publicly available if vendor stops doing so– Resolved: IANA has agreed to do this
July 27, 2009 IETF NEA Meeting 11
Susan Thomson’s Comments ondraft-ietf-nea-pb-tnc-04.txt
• Remove Retry-Acknowledge– Not needed with new state machine– Propose: Accept
• Version should be 2 for Version Not Supported in section 4.1– Already says 2 in section 4.9.2– Propose: Accept
July 27, 2009 IETF NEA Meeting 12
Some IESG Comments ondraft-ietf-nea-pb-tnc-04.txt
• Add language tag to Remediation-String– Propose: Add language tag
• No way to indicate reserved versions with Min/Max– Propose: Reserved versions always subtracted from
range
• Description of Posture Collector Identifier and Posture Validator Identifier does not reflect decision to allow several IDs per PC/PV– Propose: Fix this text
July 27, 2009 IETF NEA Meeting 13
More IESG Comments ondraft-ietf-nea-pb-tnc-04.txt
• Tighten up error handling, changing SHOULDs to MUSTs, etc.– Propose: Examine and change as needed
• Minor changes (typos, clarifications, inconsistencies, missing references)– Propose: Make these changes
July 27, 2009 IETF NEA Meeting 14
Addressing IETF LC and IESG Comments for PA-TNC
July 27, 2009 IETF NEA Meeting 15
Summary of Changes indraf-ietf-nea-pa-tnc-04
• Changes discussed at IETF 74 with WG consensus confirmed on NEA email list– MUST use same version number in response– MUST use and parse version 1 for Version
Not Supported errors– Dropped version 0 for version discovery– Minor wording changes
July 27, 2009 IETF NEA Meeting 16
IETF LC Comments ondraft-ietf-nea-pa-tnc-04.txt
• Concern re TCG text– Propose: Remove section 1.1, add
acknowledgement
July 27, 2009 IETF NEA Meeting 17
IANA Comments ondraft-ietf-nea-pa-tnc-04.txt
• Several values listed in the specification are missing from IANA Considerations– PA-TNC Attribute Types 9-12 with PEN 0– PA-TNC Attribute Type 0xFFFFFFFF (reserved for all
PEN values)– PA-TNC Error Code 0 with PEN 0– Propose: Add to IANA Considerations
• Concern re archiving specs for registered vendor-specific values and making these publicly available if vendor stops doing so– Resolved: IANA has agreed to do this
July 27, 2009 IETF NEA Meeting 18
Some IESG Comments ondraft-ietf-nea-pa-tnc-04.txt
• Add language tag to Remediation-String– Propose: Add language tag
• Clarify Posture Collector behavior when receiving Attribute-Request– Propose: Say MUST respond with an attribute or an error
• Add Security Considerations text re dangers of automated remediation– Propose: Add such text
• Question re status of PA-TNC Security draft– Propose: Remove text relating to this since no longer active
July 27, 2009 IETF NEA Meeting 19
More IESG Comments ondraft-ietf-nea-pa-tnc-04.txt
• Tighten up error handling, changing SHOULDs to MUSTs, etc.– Propose: Examine and change as needed
• Field Types defined in section 3.6 not used elsewhere– Propose: Editors will try using them throughout. Not sure
whether complexity will exceed benefit.
• Please provide suggested list of Designated Experts– Propose: WG chairs will seek volunteers and select nominees.
IESG will officially designate experts, as required by RFC 5226
• Minor changes (typos, clarifications, inconsistencies)– Propose: Make these changes
July 27, 2009 IETF NEA Meeting 20
Discuss ProposedCharter Updates
July 27, 2009 IETF NEA Meeting 21
Proposed Charter Updates• Goal: Allow WG to define PT
– Allow specification of one or more PTs to encapsulate PB, preferably leveraging existing transport protocols
– Require at least one mandatory to implement PT
– Updated milestones
• Already reviewed on list with positive response
• Any concerns?
July 27, 2009 IETF NEA Meeting 22
Process forDeveloping PT
July 27, 2009 IETF NEA Meeting 23
Proposed Process for PT
• Same process as for PA and PB
• Solicit proposals as individual submissions• WG reviews proposals• WG determines contents of -00 NEA WG I-Ds• Normal IETF development process from there
July 27, 2009 IETF NEA Meeting 24
Next Steps
July 27, 2009 IETF NEA Meeting 25
Next Steps for NEA-WG
• PA-TNC and PB-TNC I-Ds:– Resolve IESG comments with IESG– Post -05 versions– Perform another WGLC– Submit to AD for IESG evaluation
• Re-charter to work on PT– Revise proposed charter based on comments– Submit charter to AD for IESG Evaluation