I’m sure you’ve been perched on the edge of your seat, waiting to see what would happen in the next episode of the riveting drama of NAC standards. In our last episode, the IETF NEA Working Group had issued a call for client-server NAC protocols to be considered for standardization. Who would answer this call? We were all waiting to see…

February 18 was the deadline for submitting proposals. That evening, I logged in from my vacation in the Florida Keys and found… one proposal from the Trusted Computing Group (TCG). The TCG proposed a slightly modified version of the IF-TNCCS and IF-M protocols that are part of the TNC architecture.

After seeing this, I breathed a sigh of relief. I had been worried that we might end up with competing NAC standards (like HD DVD and Blu-Ray), resulting in confusion and delay. We seem to have dodged that bullet. Since the only proposal was the TCG proposal and the TCG indicated that it is willing to work with the IETF to resolve any problems and arrive at a single common standard, all signs point to the development of a single unified standard supported by TCG and IETF. Maybe Cisco will even support the standard, since they were the only major vendor holding back from supporting the TNC standards.

A bit of disclosure is probably in order here. I am co-chair of both the TCG TNC Work Group and the IETF NEA Working Group and also a co-editor on one of the TCG proposals to the IETF. Wouldn’t you think that would put me in the know and keep me from worrying about the outcome? Nope. I spent February 18 worrying, like Bill Belichick of the Patriots on Super Bowl Sunday! Would someone else make a proposal? Who? Even now, nothing is completely certain. Standards are a complicated and delicate process of building consensus. It looks like we’re headed toward consensus on these specifications but it won’t be completely certainly until years later.

The TNC specs are good but some people prefer a more formal approach to standards. For example, Cisco has said that they prefer to work on NAC standards in the Internet Engineering Task Force (IETF). Getting Cisco and others to agree on NAC standards is important, so the IETF has formed the Network Endpoint Assessment (NEA) Working Group to work on standard NAC protocols. I co-chair this NEA Working Group with Susan Thomson of Cisco and lots of other folks from the network security industry are involved so this is a good forum to hammer things out.

The NEA Working Group (pronounced “nee-ah” by those in the group) recently approved a NEA requirements document. Now the Working Group is soliciting proposed protocols that meet those requirements. The proposals are due by February 18, 2008. It will certainly be interesting to see who submits proposals and what happens with them. Will Cisco submit a proposal? TCG? Someone else? Tune into my blog on February 19 and I’ll give you the answers!