[Emu] emu - Requested session has been scheduled for IETF 118
Dear Peter Yee, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. emu Session 1 (1:00 requested) Tuesday, 7 November 2023, Session III 1530-1630 Europe/Prague Room Name: Amsterdam size: 30 - iCalendar: https://datatracker.ietf.org/meeting/118/sessions/emu.ics Request Information: - Working Group Name: EAP Method Update Area Name: Security Area Session Requester: Peter Yee Number of Sessions: 1 Length of Session(s): Number of Attendees: 20 Conflicts to Avoid: Can't meet: Friday morning, Friday early afternoon, Friday late afternoon Participants who must be present: Alan DeKok Dan Harkins Eliot Lear Jari Arkko John Preuss Mattsson Owen Friel Resources Requested: Special Requests: One chair not available all day Friday. Please dont conflict with the WIMSE BOF if it is scheduled - ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] Network Access Authentication and Attestation
Thanks, Josh. There was some prior work done on this in the IETF and also in other organizations (e.g. TCG). It may have been ahead of its time and many years have passed since. Ciao Hannes Am 13.10.2023 um 11:02 schrieb josh.howl...@gmail.com: The Network Endpoint Assessment (NEA) Working Group worked on this problem: https://datatracker.ietf.org/wg/nea/about/ Josh -Original Message- From: Emu On Behalf Of Hannes Tschofenig Sent: Friday, October 13, 2023 9:16 AM To: emu@ietf.org Subject: [Emu] Network Access Authentication and Attestation Hi all, in the AD review of the SUIT MUD draft, see https://datatracker.ietf.org/doc/draft-ietf-suit-mud/ and https://mailarchive.ietf.org/arch/msg/suit/xRT55NR6fAQuuSYmApXAdC- zO8U/, Roman noted that we are assuming that an EAT-based attestation mechanism is available for network access authentication protocols. While there has been talk about adding attestation to EAP methods, I am not aware of any work specifically in the EMU group. Coincidently, we are working on a solution for adding attestation to TLS, see https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/, where we define an extension that can be added on a need-by-need basis. It could also be incorporated into TLS-based EAP methods. Has someone in the group considered the use of attestation for network access and as part of TLS-based EAP methods in particular? The use case is described in Section 2.1 of RFC 9334, see https://datatracker.ietf.org/doc/html/rfc9334#name-network-endpoint- assessment The main benefit is there described as follows: "Remote attestation is desired to prevent vulnerable or compromised devices from getting access to the network and potentially harming others." We are happy to give a presentation or show our prototype at the hackathon. Ciao Hannes ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] Network Access Authentication and Attestation
The Network Endpoint Assessment (NEA) Working Group worked on this problem: https://datatracker.ietf.org/wg/nea/about/ Josh > -Original Message- > From: Emu On Behalf Of Hannes Tschofenig > Sent: Friday, October 13, 2023 9:16 AM > To: emu@ietf.org > Subject: [Emu] Network Access Authentication and Attestation > > Hi all, > > in the AD review of the SUIT MUD draft, see > https://datatracker.ietf.org/doc/draft-ietf-suit-mud/ and > https://mailarchive.ietf.org/arch/msg/suit/xRT55NR6fAQuuSYmApXAdC- > zO8U/, > Roman noted that we are assuming that an EAT-based attestation mechanism > is available for network access authentication protocols. > > While there has been talk about adding attestation to EAP methods, I am not > aware of any work specifically in the EMU group. > > Coincidently, we are working on a solution for adding attestation to TLS, see > https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/, where we > define an extension that can be added on a need-by-need basis. It could also > be incorporated into TLS-based EAP methods. > > Has someone in the group considered the use of attestation for network > access and as part of TLS-based EAP methods in particular? > > The use case is described in Section 2.1 of RFC 9334, see > https://datatracker.ietf.org/doc/html/rfc9334#name-network-endpoint- > assessment > The main benefit is there described as follows: "Remote attestation is desired > to prevent vulnerable or compromised devices from getting access to the > network and potentially harming others." > > We are happy to give a presentation or show our prototype at the hackathon. > > Ciao > Hannes > > ___ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] draft-ietf-ace-wg-coap-eap
Hi all, I have read through and was wondering what use case motivated the work on EAP over CoAP. Where is it planned to be used? Ciao Hannes ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] Network Access Authentication and Attestation
Hi all, in the AD review of the SUIT MUD draft, see https://datatracker.ietf.org/doc/draft-ietf-suit-mud/ and https://mailarchive.ietf.org/arch/msg/suit/xRT55NR6fAQuuSYmApXAdC-zO8U/, Roman noted that we are assuming that an EAT-based attestation mechanism is available for network access authentication protocols. While there has been talk about adding attestation to EAP methods, I am not aware of any work specifically in the EMU group. Coincidently, we are working on a solution for adding attestation to TLS, see https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/, where we define an extension that can be added on a need-by-need basis. It could also be incorporated into TLS-based EAP methods. Has someone in the group considered the use of attestation for network access and as part of TLS-based EAP methods in particular? The use case is described in Section 2.1 of RFC 9334, see https://datatracker.ietf.org/doc/html/rfc9334#name-network-endpoint-assessment The main benefit is there described as follows: "Remote attestation is desired to prevent vulnerable or compromised devices from getting access to the network and potentially harming others." We are happy to give a presentation or show our prototype at the hackathon. Ciao Hannes ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
