Comments on: IETF Picks Up TNC Standards http://nacblog.juniper.net/2008/04/02/ietf-picks-up-tnc-standards/ Steve Hanna's Weblog Fri, 08 Aug 2008 00:24:03 +0000 http://wordpress.org/?v=2.2.1 By: Tarek Amr http://nacblog.juniper.net/2008/04/02/ietf-picks-up-tnc-standards/#comment-71 Tarek Amr Fri, 11 Apr 2008 10:13:08 +0000 http://nacblog.juniper.net/2008/04/02/ietf-picks-up-tnc-standards/#comment-71 It's really great that Juniper and TNC are doing their best to standardize the NAC. I believe this will really help in speeding up the adoption of such new technology. I've noticed that most of the standards are focusing on how the PDP communicates with the PEP when the PEP is a LAN switch or Access Point. Correct me if I am wrong, but when the UAC communicates with Juniper Firewalls they do it in a non standard way. So, are you planning to come out with another standard for communicating with Firewalls? Or are you going to re-use what is currently done when dealing with LAN switches in the Firewalls? I've noticed that the new ScreeOS version support IEEE 802.1x, so I was thinking that you may be planning to make your Firewalls support EAP-JUAC, and may be then you can come out with some extensions in the JUAC to help in pushing policies to the firewalls. Then it may be easier for other Firewall vendors (or any network-based security products) to interoperate with Juniper's UAC or any TCG-TNC compliant NAC solution. It’s really great that Juniper and TNC are doing their best to standardize the NAC. I believe this will really help in speeding up the adoption of such new technology.

I’ve noticed that most of the standards are focusing on how the PDP communicates with the PEP when the PEP is a LAN switch or Access Point. Correct me if I am wrong, but when the UAC communicates with Juniper Firewalls they do it in a non standard way. So, are you planning to come out with another standard for communicating with Firewalls? Or are you going to re-use what is currently done when dealing with LAN switches in the Firewalls? I’ve noticed that the new ScreeOS version support IEEE 802.1x, so I was thinking that you may be planning to make your Firewalls support EAP-JUAC, and may be then you can come out with some extensions in the JUAC to help in pushing policies to the firewalls. Then it may be easier for other Firewall vendors (or any network-based security products) to interoperate with Juniper’s UAC or any TCG-TNC compliant NAC solution.

]]> By: Grant Hartline http://nacblog.juniper.net/2008/04/02/ietf-picks-up-tnc-standards/#comment-51 Grant Hartline Thu, 03 Apr 2008 16:37:18 +0000 http://nacblog.juniper.net/2008/04/02/ietf-picks-up-tnc-standards/#comment-51 I'm happy to see the movement towards unification of standards and appreciate all of the effort you've put into NAC standards adoption, both within the TCG and the IETF. However, one TNC standard that is conspicuous in its absence is IF-PEP. Is there an IETF working group that may pull in IF-PEP for the purposes of triggering enforcement actions? Alternatively, or at least in the meantime, do you see any movement within what we'll call "the industry" on adoption of RFC 3576 within Ethernet switches? I’m happy to see the movement towards unification of standards and appreciate all of the effort you’ve put into NAC standards adoption, both within the TCG and the IETF. However, one TNC standard that is conspicuous in its absence is IF-PEP. Is there an IETF working group that may pull in IF-PEP for the purposes of triggering enforcement actions? Alternatively, or at least in the meantime, do you see any movement within what we’ll call “the industry” on adoption of RFC 3576 within Ethernet switches?

]]>