IDS> Fw: PWG questions on IDS

IDS> Fw: PWG questions on IDS

Dave Whitehead david at lexmark.com
Fri Dec 5 11:44:29 EST 2008


David H. Whitehead
Development Engineer
Lexmark International, Inc.
859.825.4914
davidatlexmarkdotcom
----- Forwarded by Dave Whitehead/Lex/Lexmark on 12/05/08 11:41 AM -----

Erhan Soyer-Osman <erhanso at windows.microsoft.com> 
12/04/08 07:19 PM

To
Dave Whitehead <david at lexmark.com>
cc
Mike Fenelon <Mike.Fenelon at microsoft.com>
Subject
RE: PWG questions on IDS







Sorry for the late response – here is what I received from the NAP team.

Thanks,

Erhan 

 

1.  The NAP spec states UTF-8 string encoding and TLV elements.  There is 
also a statement about strings being NULL terminated.  We believe the NULL 
terminator was inadvertently added since it is not required for TLV 
elements.  That is, do we really need NULL termination?

[NAP Team] Yes. The current implementation requires “Null termination”


2.  Is it Microsoft's current and future desire/intent/direction for 
strings to be UTF-8 encoded?

[NAP Team] Currently we use UTF-8 and as of now plan to use UTF-8 in the 
future releases (To the best of our knowledge) but we will notify/update 
the necessary document when this changes along with backward compatibility 
directions if this changes.

3.  Is Microsoft planning any type of interoperability between NAP and 
Network Endpoint Assessment (NEA) from the TNC?  Maybe a gateway?

 [NAP Team] Microsoft has donated NAP’s Statement of Health specification 
to the TCG’s TNC group, companies wishing to support NAP in their products 
can download and use the specification free of charge. This SOH has also 
been made a standard by the TNC (IF-TNCCS-SOH). See the white paper at
http://download.microsoft.com/download/c/1/2/c12b5d9b-b5c5-4ead-a335-d9a13692abbb/TNC_NAP_white_paper.pdf
.

 

We will be working with TNC/NEA in future releases as well.


4.  What happens when a device passes assessment under one mechanism but 
then is challenged again?  For example, first over 802.1x to attach and 
then DHCP to receive an address.  Do we need to start the assessment again 
from scratch or is there a shortcut?

[NAP Team] There is no shortcut. However customers will usually choose one 
enforcement.  Multiple enforcement is supported but there are no smarts 
targeted at multiple enforcement. You need to resend the SoH to the 
enforcement mechanism but you can use the cached SoH intelligently.

5.   It looks like most, if not all, of the evaluation attributes will be 
extensions to NAP.  The only NAP attribute that may be applicable is the 
Product Name.  Is it appropriate for the PWG to use Product Name or should 
we define all our attributes as extensions?

[NAP Team] Product Name is an “optional” TLV.  It is defined to be used, 
but on the other hand they could define their own schema in the vendor 
specific TLV.  

6.  How can we get the extended PWG attributes to be recognized by the 
Microsoft validator/assessor?  Is this a plug-in supplied by a third 
party?  If this is an industry supported solution, would Microsoft be 
willing to supply any required plug-in?

[NAP Team] The Microsoft WSHA/V currently does not support this. The third 
party can develop their own SHA/V and plug into the NAP infrastructure. 
Please refer to the samples provided in the NAP SDK.

7.  Just to make sure we understand it, the PWG members would really like 
someone familiar with NAP to profile how it would operate with print 
devices.  Would this be possible?

[NAP Team] Yes. The NAP team would like to profile how NAP will operate 
with Print devices. Please let us know how we can proceed.



 

From:Dave Whitehead [mailto:david at lexmark.com] 
Sent: Wednesday, December 03, 2008 9:35 AM
To: Erhan Soyer-Osman
Cc: Mike Fenelon
Subject: RE: PWG questions on IDS

 


Hi Erhan, Mike,

Any update on this?

Thanks,

dhw

David H. Whitehead
Development Engineer
Lexmark International, Inc.
859.825.4914
davidatlexmarkdotcom



Erhan Soyer-Osman <erhanso at windows.microsoft.com>

11/13/08 08:46 PM



To


Dave Whitehead <david at lexmark.com>, Mike Fenelon 
<Mike.Fenelon at microsoft.com>


cc



Subject


RE: PWG questions on IDS


 









Hi Dave, Thanks for your email. We just got back from WinHEC, but we will 
look into your questions this week and send you back responses. 

Erhan 

  

From:Dave Whitehead [mailto:david at lexmark.com] 
Sent: Wednesday, October 29, 2008 10:58 AM 
To: Mike Fenelon; Erhan Soyer-Osman 
Subject: PWG questions on IDS 

  


Hi Mike, Erhan, 

The IDS WG came up with a few questions about NAP and the Statement of 
Health that we would like answered to guide our work efforts.  Out next 
teleconference will be Nov. 6th and it would be great if we could have 
someone available from Microsoft to discuss the following: 

1.  The NAP spec states UTF-8 string encoding and TLV elements.  There is 
also a statement about strings being NULL terminated.  We believe the NULL 
terminator was inadvertently added since it is not required for TLV 
elements.  That is, do we really need NULL termination? 

2.  Is it Microsoft's current and future desire/intent/direction for 
strings to be UTF-8 encoded? 

3.  Is Microsoft planning any type of interoperability between NAP and 
Network Endpoint Assessment (NEA) from the TNC?  Maybe a gateway? 

4.  What happens when a device passes assessment under one mechanism but 
then is challenged again?  For example, first over 802.1x to attach and 
then DHCP to receive an address.  Do we need to start the assessment again 
from scratch or is there a shortcut? 

5.   It looks like most, if not all, of the evaluation attributes will be 
extensions to NAP.  The only NAP attribute that may be applicable is the 
Product Name.  Is it appropriate for the PWG to use Product Name or should 
we define all our attributes as extensions? 

6.  How can we get the extended PWG attributes to be recognized by the 
Microsoft validator/assessor?  Is this a plug-in supplied by a third 
party?  If this is an industry supported solution, would Microsoft be 
willing to supply any required plug-in? 

7.  Just to make sure we understand it, the PWG members would really like 
someone familiar with NAP to profile how it would operate with print 
devices.  Would this be possible? 

Thanks, 

dhw 

David H. Whitehead 
Development Engineer 
Lexmark International, Inc. 
859.825.4914 
davidatlexmarkdotcom 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pwg.org/archives/ids/attachments/20081205/f40604c2/attachment.html


More information about the Ids mailing list