[07:58:38] --- dumdidum has joined
[08:01:44] --- nea has joined
[08:01:55] --- dumdidum has left
[08:02:50] --- nea has left: Replaced by new connection
[08:03:09] --- nea has joined
[08:03:16] --- nea has left: Disconnected
[08:03:44] --- miaofuyou has joined
[08:04:44] --- miaofuyou has left: Lost connection
[08:04:57] --- miaofuyou has joined
[08:05:10] --- dthaler has joined
[08:05:39] --- nea has joined
[08:06:37] --- dumdidum has joined
[08:06:46] --- kuro has joined
[08:08:15] --- dthaler@jabber.org/Meebo has joined
[08:18:10] --- xxkfxx has joined
[08:18:21] --- Stephen Farrell has joined
[08:18:38] --- Stephen Farrell has left
[08:18:46] --- xxkfxx has left
[08:19:42] <dthaler> now presenting reference model
[08:20:27] <dthaler> http://www3.ietf.org/proceedings/07mar/slides/nea-2.ppt
[08:21:08] <dthaler> currently on slide 4
[08:21:27] --- xxkfxx has joined
[08:21:28] <dthaler> summary of what took place before i got connected...
[08:21:42] <dthaler> steve hanna polled room to see who's read requirements doc
[08:21:47] <dthaler> lots of hands
[08:22:08] <dthaler> steve proposed list of updated milestones, room hummed for acceptance
[08:22:09] --- xxkfxx has left
[08:22:15] <dthaler> will take it back to the list too
[08:23:02] <dthaler> now to current presentation ... slide 5
[08:24:28] <dthaler> slide 6
[08:26:30] <dthaler> 4 types of attributes sent by server: request, policy, result, and remediation attributes
[08:27:31] <dthaler> 3 types sent by client: posture, compliance claim, and assertion attributes
[08:28:20] <dthaler> assertion means you passed before, can use instead of redoing another posture check
[08:29:01] --- kuro has left
[08:30:59] <dthaler> now on slide 9, use case examples
[08:32:02] <dthaler> draft-ietf-nea-requirements-01.txt gives 5 use cases, will go through 2 in deck
[08:33:59] <dthaler> animated walk through of first example, client getting on network
[08:34:11] <dthaler> (slide 11)
[08:36:41] <dthaler> example #2, slide 12-13
[08:37:54] <dthaler> client does privacy checks and posture checks, server does compliance checks
[08:38:46] <dthaler> yaron schaefer(?): what is semantic power of attributes? are they like radius attributes? or also rule sets, references, etc? very complex
[08:39:10] <dthaler> paul sangster: up to WG to decide after requirements doc is done. Requirements doesn't say
[08:39:40] <dthaler> should there be a requirement?
[08:40:24] <dthaler> (missed name): not sure all the types mentioned are actually required
[08:41:32] <dthaler> paul: either client has to say what state is, or present a cookie from before, or just claim compliant if server trusts client
[08:42:24] <dthaler> (same unknown #1): suggest removing policy attribute... admin wouldn't want to tell client what policies are
[08:43:44] <dthaler> steve hanna: in spec because some people thought was important to be able to get copy of policy and check oneself without disclosing any privacy information other than "i comply"
[08:44:38] <dthaler> (unknown#1): but that's part of remediation, you could get the policy as a result of remediation saying what you don't meet
[08:45:06] <dthaler> model came up on the list, but wasn't really discussed
[08:45:19] <dthaler> also not sure why you need 3 different protocols
[08:46:18] <dthaler> can do the same thing just with a proxy
[08:46:29] <dthaler> sangster: same thing, just using different words
[08:46:59] <dthaler> (unknown#1): but saying there's 3 protocols implies they can be _different_, don't do that
[08:49:26] <dthaler> (couldn't understand name, unknown #2): either don't use a schema language, or don't invent a new one (just use radius or whatever), and make it explicit in the requirements as to whether schema is requried
[08:50:34] <dthaler> sangster: we do prefer existing standards not reinventing
[08:51:13] <dthaler> hannes?: document is requirements, architecture, use case, etc... not just a requirements document, should change title
[08:51:47] <dthaler> is there a pointer to design team work?
[08:52:24] <dthaler> uncomfortable that document became a WG doc before WG saw it
[08:53:11] <dthaler> harald alvestrand: make 3 "layers" explicit, not protocols
[08:53:39] <dthaler> harald alvestrand: also remove word "proof"
[08:53:41] --- kasumigaura has joined
[08:54:39] <dthaler> paul hoffman: did you want issues with current draft now or later?
[08:54:49] <dthaler> sangster: later
[08:54:58] <dthaler> open discussion topics now
[08:55:03] <dthaler> slide 15: virtualization
[08:56:33] <dthaler> ignore it, mention virt. layer outside assessment, or discuss virt. layer assessment?
[08:57:43] <dthaler> (unknown #1): hypervisor just does proxying for virtual clients, hypervisor runs NEA server, doesn't change fundamental model
[08:58:16] <dthaler> sangster: proxy at what layer?
[08:59:31] <dthaler> (U#1): if you get 4 claims from what machine what will it do with them?
[09:00:04] <dthaler> steve hanna: U#1 = alan ...?
[09:01:00] <dthaler> tim chown: how do you detect the trigger? e.g. each IPv6 privacy address added or not?
[09:01:44] <dthaler> paul hoffman: a NAT looks like a virtual server trying to come on the network. so punt and say there's lots of things that look like it, and we'll just talk to the first thing
[09:02:40] <dthaler> slide 16: NEA Client on Non-Endpoint
[09:03:18] <dthaler> should model allow for assessment of a client-less host by a network infrastructure element?
[09:04:26] <dthaler> no change (client on endpoint only), minor mention, or revise to allow and mention limitations?
[09:05:20] <dthaler> alan: might be good to talk about NAT
[09:06:42] <dthaler> (unknown #3): if you update model but don't change requirements, then it's again not just a requirements doc
[09:07:43] <dthaler> tim chown: would there be multiple NEA servers on different devices?
[09:08:03] <dthaler> sangster: yes
[09:08:20] <dthaler> hanna: communication between server and enforcement points is out of scope of this charter
[09:09:13] <dthaler> bob morgan: ...
[09:09:49] --- Jabber-Wile has joined
[09:10:34] <dthaler> hanna: may need to take this to ADs for charter discussion (AD raising eyebrows...)
[09:10:59] <dthaler> tim chown: nothing stops IDS from sending messages sending re-evaluation
[09:11:06] <dthaler> sangster: may be a future work item
[09:11:37] <dthaler> alan: dont know what it means to talk to a 3rd party to get policy. If can't enforce then claim is meaningless
[09:12:21] <dthaler> hanna: enforcement is out of scope, but there may be enforcement
[09:12:35] <dthaler> alan: nea is useless without someone doing enforcement
[09:13:35] --- Jabber-Wile has left
[09:14:20] --- Jabber-Wile has joined
[09:14:35] <dthaler> ?: we don't want to constrain use of nea to any particular enforcement model
[09:17:09] <dthaler> paul hoffman: suggest we ignore this issue in the document
[09:17:38] <dthaler> slide 17: Security at All Layers?
[09:18:33] <dthaler> currently PA,PT are MUST, PB is SHOULD to implement
[09:19:31] <dthaler> each layer offers slightly different security properties
[09:20:05] <dthaler> PA authenticates collector, PB might be beneficial for broker-to-broker messages, and PT addresses transport attacks. But if all on same machine may be redundant
[09:21:15] <dthaler> hanna: could just have hop by hop protection
[09:21:41] <dthaler> sangster: if posture validator wanted to know identification info about posture collector, might want to have authentication information in it
[09:22:24] <dthaler> hanna: or AV software might only accept remediation instructions from same vendor's module
[09:22:40] <dthaler> hao zhou: vendor-specific attributes could be used
[09:23:57] <dthaler> sangster: leave as is, or drop or reduce requirement for PB, or mandate security in each?
[09:24:48] <dthaler> one vote for making PB security a MAY
[09:25:15] <dthaler> slide 18: Minimal Attribute Disclosure
[09:26:22] <dthaler> models for releasing attributes to the network
[09:27:24] <dthaler> 3 different models: disclose everything, disclose according to local policy, disclose requested attributes according to local policy
[09:28:59] <dthaler> richard graveman(?): how do you know if the server is legit?
[09:29:07] <dthaler> sangster: authentication at PT layer
[09:32:12] <dthaler> paul hoffman: server gets to pick the policy, probably won't ask for any attribute that's not required, so just don't allow not sending some things requested and not others
[09:32:31] <dthaler> or allow but don't explain and don't say why
[09:34:09] <dthaler> ? (hannes?): reduce discussion but still useful to say client can have a policy about what willing to send
[09:36:11] <dthaler> hanna: scope of WG is enterprise, not service provider networks
[09:36:28] <dthaler> hanna: roaming is not supported
[09:36:45] <dthaler> ?: but client doesn't know if it's attached to an enterprise or not
[09:38:02] <dthaler> cutting off discussion on roaming
[09:38:36] <dthaler> any other questions on the doc?
[09:39:11] <dthaler> paul hoffman: add requirement about being allowed on the network but only to do X (for remediation), subnet of network or whatever
[09:39:22] <dthaler> sangster: intentionally left out for scoping reasons
[09:39:53] <dthaler> hoffman: one model is server forces remediation on you, another one is to put you on some network and let you do it
[09:40:14] <dthaler> .. and you're going to want to do something after that
[09:40:41] <dthaler> hanna: remediation is also out of scope
[09:41:05] <dthaler> hoffman: don't describe how it happens, just that it can happen
[09:41:48] <dthaler> tim chown: could handle just in the examples
[09:42:24] <dthaler> up next is http://www3.ietf.org/proceedings/07mar/slides/nea-0.pdf
[09:43:19] <dthaler> (unknown #2 earlier = presenter = Leif Johansson)
[09:43:41] <dthaler> NEA and Federated 802.1x
[09:45:06] <dthaler> general animation
[09:45:09] <dthaler> now to slide 10
[09:45:42] <dthaler> *if* NEA runs over EAP then posture transport server not controlled by the entity running the network
[09:46:19] <dthaler> hence identity Posture Transport Server would need to be able to communicate postures to the Posture Broker Server (out of scope of NEA?)
[09:46:42] <dthaler> potentially major deployment problem
[09:47:07] <dthaler> example was where network provider != identity provider
[09:47:53] <dthaler> but connected via intermediate AAA server talking EAP
[09:48:24] <dthaler> slide 12: would like WG to not break federated 802.1x
[09:50:34] <dthaler> any changes that assume layers are on same machine would be premature
[09:50:34] --- dumdidum has left
[09:51:02] <dthaler> ?: what if there was a proxy at the edge of the network?
[09:51:36] --- ietf68-test4321 has joined
[09:55:00] --- ietf68-test4321 has left
[09:55:56] <dthaler> tim chown: agree with presentation, distinction between people who authenticate locally vs remotely
[09:56:24] <dthaler> now up steve hanna on next steps
[09:56:31] <dthaler> confirm decisions on mailing list
[09:56:36] <dthaler> revise requirements I-D
[09:56:45] <dthaler> futher mailing list discussion
[09:57:09] <dthaler> etc, target WGLC in June
[09:57:22] <dthaler> all done
[09:58:06] --- nea has left
[09:58:51] --- Jabber-Wile has left
[10:00:23] --- dthaler@jabber.org/Meebo has left: Logged out
[10:01:58] --- miaofuyou has left
[10:13:29] --- kasumigaura has left
[10:20:12] --- dthaler has left
[11:19:02] --- dumdidum has joined
[12:42:29] --- dumdidum has left: Replaced by new connection