ietf middleware highlights
play

IETF middleware highlights Leif Johansson SWAMI.se IETF Internet - PowerPoint PPT Presentation

IETF middleware highlights Leif Johansson SWAMI.se IETF Internet Engineering Task Force Internet-Drafts turns into RFCs by magic: NEA Patches? We don't need no stinkin' patches! NEA Network Endpoint Assessment Network Admission


  1. IETF middleware highlights Leif Johansson SWAMI.se

  2. IETF ● Internet Engineering Task Force ● Internet-Drafts turns into RFCs by magic:

  3. NEA Patches? We don't need no stinkin' patches!

  4. NEA ● Network Endpoint Assessment – Network Admission Control (NAC) – Trusted Network Connect (TNC) – Network Access Protection (NAP) ● Send host patch status to a PDP who decides if you get bits... ● Abstract protocol (most likely) with (primarily) EAP-bindings

  5. NEA problems ● Lying clients ● Unclear problem statement ● What about IDSen or Anti-Virus software? ● Federated EAP – Home institution does NEA policy evaluation – SP should probably have a say on weather to allow the client to connect...

  6. NEA & EduRoam ● NEA clients will probably conflict with 3 rd party EAP-clients – Tough luck.. ● NEA may not understand federations – Probably fixable (if NEA is chartered)

  7. EMU Billions and billions of mechanisms...

  8. EMU ● EAP-TLS to standards-track – ... won't affect Vista though :-( ● Additional mechanisms – Strong shared-secret – Password-based

  9. SAML And SAML shall inherit the protocol stack...

  10. Worth notice... ● draft-housley-tls-authz-extns-07.txt ● krb-wg – anonymity – PADATA authz data (cf Active Directory) ● dix – self-asserted identity SAML profile? ● SIP SAML Profile – draft-ietf-sip-saml-00.txt

  11. WAE We got your phish right here...

  12. WAE (BOF) ● Web Authentication Enhancements – The ”Elliots-dad”-problem – Phishing-protection (ie service auth) – Even more SAML – DIX ● openid ● yars ● dixs – ”I own my blog”-authentication

  13. Channel Bindings Layering violations for fun and profit!

  14. Channel Bindings ● Layering violations for fun and profit ● Originated in NFSv4 & IP storage – Reuse of secure channels – Making ”lets just use IPSec” kosher ● BTNS (better than nothing security) – leap-of-faith – ssh-semantics

  15. Channel examples ● IPSec + GSSAPI ● TLS + Digest-MD5 ● HTTPS+Negotiate

  16. Q?

Recommend


More recommend