July 27, 2009 IETF NEA Meeting 1

NEA Working GroupIETF 75

nea[-request]@ietf.org

http://tools.ietf.org/wg/nea

Co-chairs: Steve Hanna shanna@juniper.net

Susan Thomson sethomso@cisco.com

July 27, 2009 IETF NEA Meeting 2

Agenda Review1740 Administrivia

Blue SheetsJabber & Minute scribesAgenda bashing

1745 WG Status1750 Addressing IETF LC and IESG comments for PB-TNC:

http://www.ietf.org/internet-drafts/draft-ietf-nea-pb-tnc-04.txt1820 Addressing IETF LC and IESG comments for PA-TNC:

http://www.ietf.org/internet-drafts/draft-ietf-nea-pb-tnc-04.txt 1850 Discuss proposed charter updates1915 Process for soliciting proposals for PT1930 Next Steps1940 Adjourn

July 27, 2009 IETF NEA Meeting 3

WG Status• Internet Drafts

– PA-TNC -04 I-D (Apr 2009)http://www.ietf.org/internet-drafts/draft-ietf-nea-pa-tnc-04.txt

– PB-TNC -04 I-D (Apr 2009)http://www.ietf.org/internet-drafts/draft-ietf-nea-pb-tnc-04.txt

• IETF Last Call (Jun 9-23, 2009). Comments received from:– IANA– Gen-Art– Other

• PA-TNC and PB-TNC in IESG evaluation now– Several IESG members have made comments– Completes last milestone in current charter

• WG Charter Revision Being Discussed– Proposed charter updates sent to mailing list for review (Jun 12)

July 27, 2009 IETF NEA Meeting 4

NEA Protocol Overview

July 27, 2009 IETF NEA Meeting 5

NEA Reference Modelfrom RFC 5209

Posture Collectors

Posture Validators

PostureTransportServer

Posture Attribute (PA) protocol

Posture Broker (PB) protocol

NEA Client NEA Server

Posture Transport (PT) protocolsPostureTransportClient

PostureBrokerClient

PostureBrokerServer

July 27, 2009 IETF NEA Meeting 6

PA-TNC Within PB-TNCPT

PB-TNC Header (Batch-Type=CDATA)

PB-TNC Message (Type=PB-PA, PA Vendor ID=0, PA Subtype= OS)

PA-TNC Message

PA-TNC Attribute (Type=Product Info, Product ID=Windows XP)

PA-TNC Attribute (Type=Numeric Version, Major=5, Minor=3, ...)

July 27, 2009 IETF NEA Meeting 7

Addressing IETF LC and IESG Comments for PB-TNC

July 27, 2009 IETF NEA Meeting 8

Summary of Changes indraft-ietf-nea-pb-tnc-04.txt

• Changes discussed at IETF 74 with WG consensus confirmed on NEA email list– PB-TNC version handling changed to match PA-TNC

– PB-Assessment-Result and PB-Access-Recommendation MUST NOT appear in a batch of type other than RESULT

– RESULT batches MAY include PB-Access-Recommendation (was SHOULD)

July 27, 2009 IETF NEA Meeting 9

IETF LC Comments ondraft-ietf-nea-pb-tnc-04.txt

• Concern re TCG text– Propose: Remove section 1.1, add

acknowledgement

July 27, 2009 IETF NEA Meeting 10

IANA Comments ondraft-ietf-nea-pb-tnc-04.txt

• Several values listed in the specification differ from contents of IANA Considerations– PB-TNC Message Types 2-7 with PEN 0– PB-TNC Message Type 0xFFFFFFFF (reserved for

all PEN values)– Propose: Fix IANA Considerations

• Concern re archiving specs for registered vendor-specific values and making these publicly available if vendor stops doing so– Resolved: IANA has agreed to do this

July 27, 2009 IETF NEA Meeting 11

Susan Thomson’s Comments ondraft-ietf-nea-pb-tnc-04.txt

• Remove Retry-Acknowledge– Not needed with new state machine– Propose: Accept

• Version should be 2 for Version Not Supported in section 4.1– Already says 2 in section 4.9.2– Propose: Accept

July 27, 2009 IETF NEA Meeting 12

Some IESG Comments ondraft-ietf-nea-pb-tnc-04.txt

• Add language tag to Remediation-String– Propose: Add language tag

• No way to indicate reserved versions with Min/Max– Propose: Reserved versions always subtracted from

range

• Description of Posture Collector Identifier and Posture Validator Identifier does not reflect decision to allow several IDs per PC/PV– Propose: Fix this text

July 27, 2009 IETF NEA Meeting 13

More IESG Comments ondraft-ietf-nea-pb-tnc-04.txt

• Tighten up error handling, changing SHOULDs to MUSTs, etc.– Propose: Examine and change as needed

• Minor changes (typos, clarifications, inconsistencies, missing references)– Propose: Make these changes

July 27, 2009 IETF NEA Meeting 14

Addressing IETF LC and IESG Comments for PA-TNC

July 27, 2009 IETF NEA Meeting 15

Summary of Changes indraf-ietf-nea-pa-tnc-04

• Changes discussed at IETF 74 with WG consensus confirmed on NEA email list– MUST use same version number in response– MUST use and parse version 1 for Version

Not Supported errors– Dropped version 0 for version discovery– Minor wording changes

July 27, 2009 IETF NEA Meeting 16

IETF LC Comments ondraft-ietf-nea-pa-tnc-04.txt

• Concern re TCG text– Propose: Remove section 1.1, add

acknowledgement

July 27, 2009 IETF NEA Meeting 17

IANA Comments ondraft-ietf-nea-pa-tnc-04.txt

• Several values listed in the specification are missing from IANA Considerations– PA-TNC Attribute Types 9-12 with PEN 0– PA-TNC Attribute Type 0xFFFFFFFF (reserved for all

PEN values)– PA-TNC Error Code 0 with PEN 0– Propose: Add to IANA Considerations

• Concern re archiving specs for registered vendor-specific values and making these publicly available if vendor stops doing so– Resolved: IANA has agreed to do this

July 27, 2009 IETF NEA Meeting 18

Some IESG Comments ondraft-ietf-nea-pa-tnc-04.txt

• Add language tag to Remediation-String– Propose: Add language tag

• Clarify Posture Collector behavior when receiving Attribute-Request– Propose: Say MUST respond with an attribute or an error

• Add Security Considerations text re dangers of automated remediation– Propose: Add such text

• Question re status of PA-TNC Security draft– Propose: Remove text relating to this since no longer active

July 27, 2009 IETF NEA Meeting 19

More IESG Comments ondraft-ietf-nea-pa-tnc-04.txt

• Tighten up error handling, changing SHOULDs to MUSTs, etc.– Propose: Examine and change as needed

• Field Types defined in section 3.6 not used elsewhere– Propose: Editors will try using them throughout. Not sure

whether complexity will exceed benefit.

• Please provide suggested list of Designated Experts– Propose: WG chairs will seek volunteers and select nominees.

IESG will officially designate experts, as required by RFC 5226

• Minor changes (typos, clarifications, inconsistencies)– Propose: Make these changes

July 27, 2009 IETF NEA Meeting 20

Discuss ProposedCharter Updates

July 27, 2009 IETF NEA Meeting 21

Proposed Charter Updates• Goal: Allow WG to define PT

– Allow specification of one or more PTs to encapsulate PB, preferably leveraging existing transport protocols

– Require at least one mandatory to implement PT

– Updated milestones

• Already reviewed on list with positive response

• Any concerns?

July 27, 2009 IETF NEA Meeting 22

Process forDeveloping PT

July 27, 2009 IETF NEA Meeting 23

Proposed Process for PT

• Same process as for PA and PB

• Solicit proposals as individual submissions• WG reviews proposals• WG determines contents of -00 NEA WG I-Ds• Normal IETF development process from there

July 27, 2009 IETF NEA Meeting 24

Next Steps

July 27, 2009 IETF NEA Meeting 25

Next Steps for NEA-WG

• PA-TNC and PB-TNC I-Ds:– Resolve IESG comments with IESG– Post -05 versions– Perform another WGLC– Submit to AD for IESG evaluation

• Re-charter to work on PT– Revise proposed charter based on comments– Submit charter to AD for IESG Evaluation