Re: [Emu] Network Access Authentication and Attestation

Fri, 13 Oct 2023 02:33:23 -0700 

Thanks, Josh.


There was some prior work done on this in the IETF and also in other
organizations (e.g. TCG). It may have been ahead of its time and many
years have passed since.


Ciao

Hannes


Am 13.10.2023 um 11:02 schrieb josh.howl...@gmail.com:

The Network Endpoint Assessment (NEA) Working Group worked on this problem:
https://datatracker.ietf.org/wg/nea/about/

Josh


-----Original Message-----
From: Emu <emu-boun...@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Friday, October 13, 2023 9:16 AM
To: emu@ietf.org
Subject: [Emu] Network Access Authentication and Attestation

Hi all,

in the AD review of the SUIT MUD draft, see
https://datatracker.ietf.org/doc/draft-ietf-suit-mud/ and
https://mailarchive.ietf.org/arch/msg/suit/xRT55NR6fAQuuSYmApXAdC-
zO8U/,
Roman noted that we are assuming that an EAT-based attestation mechanism
is available for network access authentication protocols.

While there has been talk about adding attestation to EAP methods, I am

not

aware of any work specifically in the EMU group.

Coincidently, we are working on a solution for adding attestation to TLS,

see

https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/, where we
define an extension that can be added on a need-by-need basis. It could

also

be incorporated into TLS-based EAP methods.

Has someone in the group considered the use of attestation for network
access and as part of TLS-based EAP methods in particular?

The use case is described in Section 2.1 of RFC 9334, see
https://datatracker.ietf.org/doc/html/rfc9334#name-network-endpoint-
assessment
The main benefit is there described as follows: "Remote attestation is

desired

to prevent vulnerable or compromised devices from getting access to the
network and potentially harming others."

We are happy to give a presentation or show our prototype at the

hackathon.

Ciao
Hannes

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu


_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to