The Network Endpoint Assessment (NEA) Working Group worked on this problem: https://datatracker.ietf.org/wg/nea/about/
Josh > -----Original Message----- > From: Emu <emu-boun...@ietf.org> On Behalf Of Hannes Tschofenig > Sent: Friday, October 13, 2023 9:16 AM > To: emu@ietf.org > Subject: [Emu] Network Access Authentication and Attestation > > Hi all, > > in the AD review of the SUIT MUD draft, see > https://datatracker.ietf.org/doc/draft-ietf-suit-mud/ and > https://mailarchive.ietf.org/arch/msg/suit/xRT55NR6fAQuuSYmApXAdC- > zO8U/, > Roman noted that we are assuming that an EAT-based attestation mechanism > is available for network access authentication protocols. > > While there has been talk about adding attestation to EAP methods, I am not > aware of any work specifically in the EMU group. > > Coincidently, we are working on a solution for adding attestation to TLS, see > https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/, where we > define an extension that can be added on a need-by-need basis. It could also > be incorporated into TLS-based EAP methods. > > Has someone in the group considered the use of attestation for network > access and as part of TLS-based EAP methods in particular? > > The use case is described in Section 2.1 of RFC 9334, see > https://datatracker.ietf.org/doc/html/rfc9334#name-network-endpoint- > assessment > The main benefit is there described as follows: "Remote attestation is desired > to prevent vulnerable or compromised devices from getting access to the > network and potentially harming others." > > We are happy to give a presentation or show our prototype at the hackathon. > > Ciao > Hannes > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
