IETF Logo Mail Archive

Re: [Nea] Congrats on Job Well Done

Andreas Steffen <andreas.steffen@strongswan.org> Mon, 12 May 2014 12:55 UTC

Return-Path: <andreas.steffen@strongswan.org>
X-Original-To: nea@ietfa.amsl.com
Delivered-To: nea@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 447491A0694 for <nea@ietfa.amsl.com>; Mon, 12 May 2014 05:55:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.955
X-Spam-Level:
X-Spam-Status: No, score=0.955 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.793] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EThLQQwF6YZj for <nea@ietfa.amsl.com>; Mon, 12 May 2014 05:55:41 -0700 (PDT)
Received: from mail.strongswan.org (unknown [152.96.80.46]) by ietfa.amsl.com (Postfix) with ESMTP id 513981A068E for <nea@ietf.org>; Mon, 12 May 2014 05:55:41 -0700 (PDT)
Received: from [152.96.15.58] (unknown [152.96.15.58]) by mail.strongswan.org (Postfix) with ESMTPSA id 8A58C40541; Mon, 12 May 2014 14:55:27 +0200 (CEST)
Message-ID: <5370C4C4.9050909@strongswan.org>
Date: Mon, 12 May 2014 14:55:32 +0200
From: Andreas Steffen <andreas.steffen@strongswan.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Steve Hanna <steve@hannas.com>, Joe Klein <jsklein@gmail.com>
References: <20140508061524.81DEC180095@rfc-editor.org> <536CEFFA.40509@hannas.com> <536CFB32.7010704@earthlink.net> <536D35C1.10303@hannas.com> <CAP032Tsc50jdnzqrWQtckSbVrqW4hgedd_+jOmNAfWo47yrYBA@mail.gmail.com> <536D3F1B.1070005@hannas.com>
In-Reply-To: <536D3F1B.1070005@hannas.com>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms010604010106050004060605"
Archived-At: http://mailarchive.ietf.org/arch/msg/nea/aWlqXNZ5VTZnrsfboNyjQM1ya4U
Cc: nea@ietf.org
Subject: Re: [Nea] Congrats on Job Well Done
X-BeenThere: nea@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nea/>
List-Post: <mailto:nea@ietf.org>
List-Help: <mailto:nea-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 12:55:43 -0000

Hi,

a strongSwan developers release is available which implements
the RFC 7171 PT-EAP transport protocol:

  http://download.strongswan.org/strongswan-5.2.0dr3.tar.bz2

As the outer EAP tunnel method protecting the PT-EAP protocol
EAP-TTLS is currently used because we haven't implemented
RFC 7170 TEAP yet.

An example scenario with two strongSwan IPsec Access Requestors (ARs)
connecting to a strongSwan VPN Policy Enforcement Point (PEP) via
IKEv2 which in turn has an EAP-RADIUS connection to a strongSwan
Policy Decision Point (PDP) is shown here:

http://www.strongswan.org/uml/testresults5dr/tnc/tnccs-20-pdp-eap/

The complete IETF NEA stack is used:

   - RFC 5792 PA-TNC
   - RFC 5793 PB-TNC
   - RFC 7181 PT-EAP

Alternatively the strongSwan pt-tls-client which implements the
RFC 6876 PT-TLS transport protocol can connect directly to
the strongSwan Policy Decision Point over a TLS socket:

http://www.strongswan.org/uml/testresults5dr/tnc/tnccs-20-pdp-pt-tls/

In this alternative scenario the stack is

   - RFC 5792 PA-TNC
   - RFC 5793 PB-TNC
   - RFC 6876 PT-TLS

Best regards

Andreas

On 09.05.2014 22:48, Steve Hanna wrote:
> According to this web page, StrongSwan supports an earlier draft:
> 
> http://wiki.strongswan.org/issues/342
> 
> I'm sure that Andreas would love to have another independent
> implementation to test against so please let him (and the nea
> list) know if you do an implementation.
> 
> Thanks,
> 
> Steve
> 
> On 5/9/2014 4:40 PM, Joe Klein wrote:
>> Does anyone have working code for this protocol?  I would like to
>> validate a few assumptions.
>>
>> Joe Klein
>> "Inveniam viam aut faciam"
>>
>>
>> On Fri, May 9, 2014 at 4:08 PM, Steve Hanna <steve@hannas.com
>> <mailto:steve@hannas.com>> wrote:
>>
>>     Todd,
>>
>>     I presume that you're referring to this IPR disclosure:
>>
>>     https://datatracker.ietf.org/__ipr/1889/
>>     <https://datatracker.ietf.org/ipr/1889/>
>>
>>     If that's the case, you should refer to Cisco's statement
>>     in the IPR disclosure linked to above.
>>
>>     Speaking only for myself and noting that I'm not a lawyer,
>>     I don't think there's any reason to worry about that IPR.
>>     In layman's terms, the Cisco statement says that anyone can
>>     use their IPR to implement the spec. However, if you sue
>>     them, they'll sue you back.
>>
>>     Are you planning to implement the spec or just asking?
>>
>>     Thanks,
>>
>>     Steve
>>
>>
>>     On 5/9/2014 11:58 AM, TGLASSEY wrote:
>>
>>         What is the status of the Cisco Patent here?
>>
>>         Todd
>>
>>         On 5/9/2014 8:10 AM, Steve Hanna wrote:
>>
>>             I'm happy to say that the nea working group has completed
>>             our last
>>             milestone: publishing PT-EAP as a Standards Track RFC. TCG
>> has
>>             published a document bringing their corresponding standard
>>             (IF-T/EAP) into alignment with the published version of
>> PT-EAP:
>>
>>            
>> http://www.__trustedcomputinggroup.org/__community/2014/05/complete___set_of_nac_standards_from___ietf_and_tcg
>>
>>            
>> <http://www.trustedcomputinggroup.org/community/2014/05/complete_set_of_nac_standards_from_ietf_and_tcg>
>>
>>
>>
>>             So we have achieved our goal of getting one set of
>> standards for
>>             posture assessment.
>>
>>             This WG will now be closed. The email list will stay open for
>>             any needed discussions.
>>
>>             Thanks to all who have worked on the NEA protocols over the
>>             years.
>>
>>             Good work!
>>
>>             Steve Hanna
>>
>>             -------- Original Message --------
>>             Subject: [Nea] RFC 7171 on PT-EAP: Posture Transport (PT)
>>             Protocol for
>>             Extensible Authentication Protocol (EAP) Tunnel Methods
>>             Date: Wed,  7 May 2014 23:15:24 -0700 (PDT)
>>             From: rfc-editor@rfc-editor.org
>>             <mailto:rfc-editor@rfc-editor.org>
>>             To: ietf-announce@ietf.org <mailto:ietf-announce@ietf.org>,
>>             rfc-dist@rfc-editor.org <mailto:rfc-dist@rfc-editor.org>
>>             CC: drafts-update-ref@iana.org
>>             <mailto:drafts-update-ref@iana.org>, nea@ietf.org
>>             <mailto:nea@ietf.org>, rfc-editor@rfc-editor.org
>>             <mailto:rfc-editor@rfc-editor.org>
>>
>>             A new Request for Comments is now available in online RFC
>>             libraries.
>>
>>
>>                      RFC 7171
>>
>>                      Title:      PT-EAP: Posture Transport (PT) Protocol
>>                                  for Extensible Authentication Protocol
>>             (EAP) Tunnel
>>                                  Methods
>>                      Author:     N. Cam-Winget, P. Sangster
>>                      Status:     Standards Track
>>                      Stream:     IETF
>>                      Date:       May 2014
>>                      Mailbox: ncamwing@cisco.com
>>             <mailto:ncamwing@cisco.com>,
>>             paul_sangster@symantec.com
>> <mailto:paul_sangster@symantec.com>
>>                      Pages:      19
>>                      Characters: 45604
>>                      Updates/Obsoletes/SeeAlso:   None
>>
>>                      I-D Tag:    draft-ietf-nea-pt-eap-09.txt
>>
>>                      URL: http://www.rfc-editor.org/rfc/__rfc7171.txt
>>             <http://www.rfc-editor.org/rfc/rfc7171.txt>
>>
>>             This document specifies PT-EAP, a Posture Transport (PT)
>>             protocol
>>             based on the Extensible Authentication Protocol (EAP) and
>>             designed to
>>             be used only inside an EAP tunnel method protected by
>>             Transport Layer
>>             Security (TLS).  The document also describes the intended
>>             applicability of PT-EAP.
>>
>>             This document is a product of the Network Endpoint
>>             Assessment Working
>>             Group of the IETF.
>>
>>             This is now a Proposed Standard.
>>
>>             STANDARDS TRACK: This document specifies an Internet
>>             standards track
>>             protocol for the Internet community,and requests
>> discussion and
>>             suggestions
>>             for improvements.  Please refer to the current edition of
>>             the Internet
>>             Official Protocol Standards (STD 1) for the standardization
>>             state and
>>             status of this protocol.  Distribution of this memo is
>>             unlimited.
>>
>>             This announcement is sent to the IETF-Announce and rfc-dist
>>             lists.
>>             To subscribe or unsubscribe, see
>>             http://www.ietf.org/mailman/__listinfo/ietf-announce
>>             <http://www.ietf.org/mailman/listinfo/ietf-announce>
>>             http://mailman.rfc-editor.org/__mailman/listinfo/rfc-dist
>>             <http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist>
>>
>>             For searching the RFC series, see
>>             http://www.rfc-editor.org/__search
>>             <http://www.rfc-editor.org/search>
>>             For downloading RFCs, see
>>             http://www.rfc-editor.org/rfc.__html
>>             <http://www.rfc-editor.org/rfc.html>
>>
>>             Requests for special distribution should be addressed to
>>             either the
>>             author of the RFC in question, or to
>>             rfc-editor@rfc-editor.org
>>             <mailto:rfc-editor@rfc-editor.org>. Unless
>>             specifically noted otherwise on the RFC itself, all RFCs
>> are for
>>             unlimited distribution.
>>
>>
>>             The RFC Editor Team
>>             Association Management Solutions, LLC
>>
>>
>>             _________________________________________________
>>             Nea mailing list
>>             Nea@ietf.org <mailto:Nea@ietf.org>
>>             https://www.ietf.org/mailman/__listinfo/nea
>>             <https://www.ietf.org/mailman/listinfo/nea>
>>
>>
>>             _________________________________________________
>>             Nea mailing list
>>             Nea@ietf.org <mailto:Nea@ietf.org>
>>             https://www.ietf.org/mailman/__listinfo/nea
>>             <https://www.ietf.org/mailman/listinfo/nea>
>>
>>
>>             -----
>>             No virus found in this message.
>>             Checked by AVG - www.avg.com <http://www.avg.com>
>>             Version: 2014.0.4577 / Virus Database: 3931/7462 - Release
>>             Date: 05/08/14
>>
>>
>>
>>
>>     _________________________________________________
>>     Nea mailing list
>>     Nea@ietf.org <mailto:Nea@ietf.org>
>>     https://www.ietf.org/mailman/__listinfo/nea
>>     <https://www.ietf.org/mailman/listinfo/nea>
>>
>>
> 
> _______________________________________________
> Nea mailing list
> Nea@ietf.org
> https://www.ietf.org/mailman/listinfo/nea

-- 
======================================================================
Andreas Steffen                         andreas.steffen@strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

v2.23.0 | Report a Bug | By Email