Hi all, in the AD review of the SUIT MUD draft, see https://datatracker.ietf.org/doc/draft-ietf-suit-mud/ and https://mailarchive.ietf.org/arch/msg/suit/xRT55NR6fAQuuSYmApXAdC-zO8U/, Roman noted that we are assuming that an EAT-based attestation mechanism is available for network access authentication protocols.
While there has been talk about adding attestation to EAP methods, I am not aware of any work specifically in the EMU group. Coincidently, we are working on a solution for adding attestation to TLS, see https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/, where we define an extension that can be added on a need-by-need basis. It could also be incorporated into TLS-based EAP methods. Has someone in the group considered the use of attestation for network access and as part of TLS-based EAP methods in particular? The use case is described in Section 2.1 of RFC 9334, see https://datatracker.ietf.org/doc/html/rfc9334#name-network-endpoint-assessment The main benefit is there described as follows: "Remote attestation is desired to prevent vulnerable or compromised devices from getting access to the network and potentially harming others." We are happy to give a presentation or show our prototype at the hackathon. Ciao Hannes _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu