From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc5792.txt | 4651 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 4651 insertions(+) create mode 100644 doc/rfc/rfc5792.txt (limited to 'doc/rfc/rfc5792.txt') diff --git a/doc/rfc/rfc5792.txt b/doc/rfc/rfc5792.txt new file mode 100644 index 0000000..54a21d2 --- /dev/null +++ b/doc/rfc/rfc5792.txt @@ -0,0 +1,4651 @@ + + + + + + +Internet Engineering Task Force (IETF) P. Sangster +Request for Comments: 5792 Symantec Corporation +Category: Standards Track K. Narayan +ISSN: 2070-1721 Cisco Systems + March 2010 + + + PA-TNC: A Posture Attribute (PA) Protocol Compatible + with Trusted Network Connect (TNC) + +Abstract + + This document specifies PA-TNC, a Posture Attribute protocol + identical to the Trusted Computing Group's IF-M 1.0 protocol. The + document then evaluates PA-TNC against the requirements defined in + the NEA Requirements specification. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 5741. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc5792. + +Copyright Notice + + Copyright (c) 2010 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + + + + + +Sangster & Narayan Standards Track [Page 1] + +RFC 5792 PA-TNC March 2010 + + + This document may contain material from IETF Documents or IETF + Contributions published or made publicly available before November + 10, 2008. The person(s) controlling the copyright in some of this + material may not have granted the IETF Trust the right to allow + modifications of such material outside the IETF Standards Process. + Without obtaining an adequate license from the person(s) controlling + the copyright in such materials, this document may not be modified + outside the IETF Standards Process, and derivative works of it may + not be created outside the IETF Standards Process, except to format + it for publication as an RFC or to translate it into languages other + than English. + +Table of Contents + + 1. Introduction ....................................................4 + 1.1. Prerequisites ..............................................4 + 1.2. Message Diagram Conventions ................................4 + 1.3. Conventions Used in This Document ..........................4 + 2. Design Considerations ...........................................4 + 2.1. Standard Attribute Namespace for Interoperability ..........4 + 2.2. Vendor-Defined Namespace for Differentiation and Agility ...5 + 2.3. Use of TLV-Based Encoding for Efficiency ...................6 + 3. PA-TNC Message Protocol .........................................7 + 3.1. PA-TNC Messaging Model .....................................7 + 3.2. PA-TNC Relationship to PB-TNC ..............................8 + 3.3. PB-PA Posture Collector and Posture Validator + Identifiers ...............................................10 + 3.4. PA-TNC Messages in PB-TNC .................................10 + 3.5. IETF Standard PA Subtypes .................................11 + 3.6. PA-TNC Message Header Format ..............................12 + 4. PA-TNC Attributes ..............................................13 + 4.1. PA-TNC Attribute Header ..................................13 + 4.2. IETF Standard PA-TNC Attribute Types .....................17 + 4.2.1. Attribute Request ..................................18 + 4.2.2. Product Information ................................20 + 4.2.3. Numeric Version ....................................22 + 4.2.4. String Version .....................................24 + 4.2.5. Operational Status .................................26 + 4.2.6. Port Filter ........................................29 + 4.2.7. Installed Packages .................................31 + 4.2.8. PA-TNC Error .......................................34 + 4.2.9. Assessment Result ..................................41 + 4.2.10. Remediation Instructions ..........................42 + 4.2.11. Forwarding Enabled ................................45 + 4.2.12. Factory Default Password Enabled ..................47 + 4.3. Vendor-Defined Attributes ................................48 + 5. Security Considerations ........................................48 + 5.1. Trust Relationships .......................................48 + + + +Sangster & Narayan Standards Track [Page 2] + +RFC 5792 PA-TNC March 2010 + + + 5.1.1. Posture Collector ..................................49 + 5.1.2. Posture Validator ..................................49 + 5.1.3. Posture Broker Client, Posture Broker Server .......49 + 5.2. Security Threats ..........................................50 + 5.2.1. Attribute Theft ....................................50 + 5.2.2. Message Fabrication ................................51 + 5.2.3. Attribute Modification .............................51 + 5.2.4. Attribute Replay ...................................52 + 5.2.5. Attribute Insertion ................................52 + 5.2.6. Denial of Service ..................................53 + 6. Privacy Considerations .........................................53 + 7. IANA Considerations ............................................54 + 7.1. Designated Expert Guidelines ..............................55 + 7.2. PA Subtypes ...............................................56 + 7.3. Registry for PA-TNC Attribute Types .......................56 + 7.4. Registry for PA-TNC Error Codes ...........................57 + 7.5. Registry for PA-TNC Remediation Parameters Types ..........58 + 8. Acknowledgments ................................................58 + 9. References .....................................................59 + 9.1. Normative References ......................................59 + 9.2. Informative References ....................................59 + Appendix A. Use Cases .............................................60 + A.1. Initial Client-Triggered Assessment .......................60 + A.2. Server-Initiated Assessment with Remediation ..............64 + A.3. Client-Triggered Reassessment .............................71 + Appendix B. Evaluation against NEA Requirements ...................77 + B.1. Evaluation against Requirements C-1 .......................77 + B.2. Evaluation against Requirements C-2 .......................77 + B.3. Evaluation against Requirements C-3 .......................77 + B.4. Evaluation against Requirements C-4 .......................78 + B.5. Evaluation against Requirements C-5 .......................78 + B.6. Evaluation against Requirements C-6 .......................78 + B.7. Evaluation against Requirements C-7 .......................79 + B.8. Evaluation against Requirements C-8 .......................79 + B.9. Evaluation against Requirements C-9 .......................79 + B.10. Evaluation against Requirements C-10 .....................80 + B.11. Evaluation against Requirements C-11 .....................80 + B.12. Evaluation against Requirements PA-1 .....................81 + B.13. Evaluation against Requirements PA-2 .....................81 + B.14. Evaluation against Requirements PA-3 .....................81 + B.15. Evaluation against Requirements PA-4 .....................82 + B.16. Evaluation against Requirements PA-5 .....................82 + B.17. Evaluation against Requirements PA-6 .....................83 + + + + + + + + +Sangster & Narayan Standards Track [Page 3] + +RFC 5792 PA-TNC March 2010 + + +1. Introduction + + This document specifies PA-TNC, a Posture Attribute (PA) Protocol + identical to the Trusted Computing Group's IF-M 1.0 protocol [8]. + The document then evaluates PA-TNC against the requirements defined + in the Network Endpoint Assessment (NEA) Requirements specification + [9]. + +1.1. Prerequisites + + This document does not define an architecture or reference model. + Instead, it defines a protocol that works within the reference model + described in the NEA Overview and Requirements specification. The + reader is assumed to be thoroughly familiar with that document. No + familiarity with TCG specifications is assumed. + +1.2. Message Diagram Conventions + + This specification defines the syntax of PA-TNC messages using + diagrams. Each diagram depicts the format and size of each field in + bits. Implementations MUST send the bits in each diagram as they are + shown, traversing the diagram from top to bottom and then from left + to right within each line (which represents a 32-bit quantity). + Multi-byte fields representing numeric values must be sent in network + (big endian) byte order. + + Descriptions of bit field (e.g., flag) values are described referring + to the position of the bit within the field. These bit positions are + numbered from the most significant bit through the least significant + bit, so a 1-octet field with only bit 0 set has the value 0x80. + +1.3. Conventions Used in This Document + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [1]. + +2. Design Considerations + + This section discusses some of the key design considerations for the + PA protocol. + +2.1. Standard Attribute Namespace for Interoperability + + The PA protocol requires the use of two categories of namespaces: + component types (AKA PA subtypes) and attributes. Each of these + namespace categories needs to contain well-known, interoperable names + with defined syntax and semantics co-existing with names for vendor- + + + +Sangster & Narayan Standards Track [Page 4] + +RFC 5792 PA-TNC March 2010 + + + defined private extensions. Similarly, each namespace category needs + to be readily extensible without repeated coordination yet avoids + naming conflicts. + + The PA-TNC and PB-TNC protocols provide for multiple orthogonal + namespaces for each category that exist without overlap by including + a Structure of Management Information (SMI) Private Enterprise Number + (PEN) field to identify the definer of namespace of the associated + field. This allows the IETF NEA WG to define a set of standard + component types and attribute types while allowing vendors to each + create additional names outside of the IETF standard namespace. Over + time, vendor-defined names might be proposed for standardization and + thus migration into the IETF namespace. + + The PB-TNC protocol defines an IETF standard namespace (using + vendor-id=0) that allows for definition of standard component types + (e.g., Operating System, Firewall, Anti-Virus) using the PA Subtype + field (see section 3.2). Similarly, PA-TNC defines a set of standard + attributes in section 4.2 that represent the most common capabilities + (attributes) of these types of components across a variety of vendor + implementations. The standard namespace allows NEA deployments with + both open source and vendor-provided NEA implementations to support a + consistent set of policies across their environment based on these + standard attributes. The standard attributes can be used with a + variety of endpoints (hosts, printers, mobile devices) that are + running applications and operating systems (defined by the PA + subtypes) from a variety of vendors. + +2.2. Vendor-Defined Namespace for Differentiation and Agility + + The endpoint is a very dynamic environment in terms of rate of new + features being deployed and attacks that are crafted against existing + and new applications such as viruses, worms, malware, and spyware. + It is difficult to imagine the standard namespaces being able to keep + pace with this rapidly changing environment. Vendors typically + differentiate themselves by moving rapidly to provide unique + mechanisms to address such threats and their ability to deal with + changes in an agile manner. The PA-TNC and PB-TNC protocols allow + for creation of vendor-defined namespace(s) where each namespace + allows use of vendor-defined PA subtypes to identify non-standard + applications or operating system variants and vendor-defined + attributes describing new aspects of each type of component. The + vendor namespaces will allow NEA deployments to craft compliance + policies using a mixture of attributes from both the IETF standard + namespace and vendor-defined namespaces that may include multiple + vendors representing the various hardware and software components + present on the endpoints. + + + + +Sangster & Narayan Standards Track [Page 5] + +RFC 5792 PA-TNC March 2010 + + + The PA-TNC protocol's use of vendor-id to identify the namespace of + each attribute allows Posture Collectors to support some or all of + the IETF standard attributes plus optionally a set of vendor-defined + attributes (potentially from more than one vendor-id namespace). For + instance, an open source anti-virus Posture Collector might be + written that supports all of the IETF standard attributes used to + describe a local anti-virus component and a subset of multiple anti- + virus manufacturers' vendor-defined attributes. This Posture + Collector might therefore be able to interoperate with Posture + Validators from multiple vendors. Conversely, a simple Posture + Collector might be written to ignore any vendor-defined attributes + requested and only return standard attributes that it supports. If + the vendor-provided Posture Validator's policy allows for this subset + to be considered compliant, then these simple Posture Collectors can + be used to perform a successful assessment. + +2.3. Use of TLV-Based Encoding for Efficiency + + The PA-TNC protocol has chosen to employ a binary encoding using a + type-length-value (TLV) structure. TLV encoding was preferred over + the use of a textual encoding format such as XML to provide a more + efficient utilization of the potentially constrained bandwidth + available between the NEA Client and NEA Server (see NEA Overview and + Architecture [9]). Efficiency was a primary criterion for this + choice with consideration given to both: + + 1. Optimization of the bits-on-the-wire to accommodate NEA + requirements for assessment over low bandwidth or high latency + links (C-8) and allow for the Posture Transport (PT) protocol + to run over existing network access protocols (PT-4, C-11) that + are constrained by packet size. + + 2. Optimization of CPU utilization on the endpoint to accommodate + for low power endpoints such as mobile devices. + + The choice of TLV encoding does not preclude the use of XML-based + attribute values within the vendor namespaces or future standard + attributes. It is conceivable that certain vendors may utilize XML + encoding for extensibility within their namespace when the above + considerations are less applicable to their technologies. Attributes + encoded within the vendor-defined namespace using alternate encoding + such as XML will be opaque to NEA software only supporting standard + attributes and will be processed primarily by the vendor-defined + components (collector/validator). + + + + + + + +Sangster & Narayan Standards Track [Page 6] + +RFC 5792 PA-TNC March 2010 + + +3. PA-TNC Message Protocol + + This section discusses the use of the PA-TNC message and its + attributes, and specifies the syntax and semantics for the PA-TNC + message header. The details of each attribute included within the + PA-TNC payload are specified in section 4.2. + +3.1. PA-TNC Messaging Model + + PA-TNC messages are carried by the PB-TNC protocol [5], which + provides a multi-roundtrip reliable transport and end-to-end message + delivery to subscribed (interested) parties using a variety of + underlying network protocols. PA-TNC is unaware of these underlying + PT protocols being used below PB-TNC. + + The interested parties consist of Posture Collectors on the NEA + Client and Posture Validators associated with the NEA Server that + have registered to receive messages about particular types of + components (e.g., anti-virus) during an assessment. The PA-TNC + messaging protocol operates synchronously within an assessment + session, with Posture Collectors and Posture Validators taking turns + sending one or more messages to each other. Each PA-TNC message may + contain one or more attributes associated with the functional + component identified in the component type (PA Subtype) of the + Posture Broker (PB) protocol. + + Posture Collectors may only send PA-TNC messages to Posture + Validators and vice versa. No Posture Collector-to-Posture Collector + or Posture Validator-to-Posture Validator messaging is allowed to + occur. Each Posture Collector or Posture Validator may send several + PA-TNC messages in succession before indicating that it has completed + its batch of messages to the Posture Broker Client or Posture Broker + Server respectively. As necessary, the Posture Broker Client and + Posture Broker Server will batch these messages prior to sending them + over the network. + + PB-TNC provides a publish/subscribe model of message exchange. This + means that, at any given point in time, zero or more subscribers for + a particular type of message may be present on a Posture Broker + Client or Posture Broker Server. This is beneficial, since it allows + one Posture Collector or Posture Validator to combine multiple + functions (like anti-virus and personal firewall) by subscribing to + both TNC standard component types. It also allows multiple Posture + Collectors or Posture Validators to support the same components, such + as two anti-virus Posture Validators that are each used to manage + their own respective anti-virus client software. + + + + + +Sangster & Narayan Standards Track [Page 7] + +RFC 5792 PA-TNC March 2010 + + + However, this publish/subscribe model has some possible negative side + effects. When a Posture Collector or Posture Validator initially + sends a PA-TNC message, it does not know whether it will receive + many, one, or no PA-TNC messages from the other side. For many types + of assessments, this is acceptable, but in some cases a more direct + channel binding between a particular Posture Collector and Posture + Validator pair is necessary. For example, a Posture Validator may + wish to provide remediation instructions to a particular Posture + Collector that it knows is capable of remediating a non-compliant + component. This can be accomplished using the exclusive delivery PB- + TNC capability to limit distribution of a message to a single Posture + Collector by including the target Posture Collector Identifier in the + PB-PA header. For more information on the PB-PA header, see section + 4.5 of the PB-TNC specification. + +3.2. PA-TNC Relationship to PB-TNC + + This section summarizes the major elements of a PA-TNC message as + they might appear inside of a PB-TNC message. The double line (===) + in the diagram below indicates the separation between the PB-TNC and + PA-TNC protocols. The PA-TNC portion of the message is delivered to + each Posture Collector or Posture Validator registered to receive + messages containing a particular message type. Note that PB-TNC is + capable of carrying multiple PB-TNC and PA-TNC messages in a single + PB-TNC batch. See the PB-TNC specification [5] for more information + on its capabilities. + + One important linkage between the PA-TNC and PB-TNC protocols is the + PA message type (PA Message Vendor ID and PA Subtype) that is used by + the Posture Broker Client and Posture Broker Server to route messages + to interested Posture Collectors and Posture Validators. The message + type indicates the software component (component type) that is + associated with the attributes included inside the PA-TNC message. + Therefore, Posture Collectors and Posture Validators written to + support an assessment of a particular component can register to + receive messages about the component and thus participate in its + assessment. Each Posture Collector and Posture Validator MUST only + send PA-TNC messages containing attributes that pertain to the + software component defined in the message type of the message. This + ensures that only the appropriate Posture Collectors and Posture + Validators that support a particular type of component will receive + attributes related to that component. If a PA-TNC message contained + a mix of attributes about different components and a message type of + only one of those components, the message would only be delivered to + parties interested in the component type included in the message + type, so other interested recipients wouldn't see those attributes. + + + + + +Sangster & Narayan Standards Track [Page 8] + +RFC 5792 PA-TNC March 2010 + + + The message type is composed of two fields: a PA Message Vendor ID + and a PA Subtype. The PA Message Vendor ID identifies the vendor or + other organization that defined this message type. The PA Subtype + identifies the message type more specifically within the set of + message types defined by that vendor. This specification defines + several IETF Standard PA Subtypes to be used with a PA Message Vendor + ID of zero (0). Within this specification, the PA Subtype field is + used to indicate the type of component (e.g., firewall) involved with + the message's attributes. Therefore, for clarity, the PA subtype + will be referred to as the "component type" in this specification. + Vendor-defined namespaces may use other semantics for the PA Subtype + field as this is outside the scope of this specification. + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PB-TNC Header | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PB-TNC Message of type PB-PA-Message | + |(includes PA Message Vendor ID, PA Subtype, and other fields | + | used by Posture Broker Client and Posture Broker Server for | + | routing) | + =============================================================== + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Message Header | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Attribute | + | (e.g., Product Information) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Attribute | + | (e.g., Operational Status) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 1. Overview of a PB-TNC batch that contains a PA-TNC message + + For example, if a Posture Broker Client sent a PB-TNC batch that + contained a PA-TNC message with a message type indicating firewall + component, this message would be routed by the Posture Broker Server + to Posture Validators registered to assess firewalls. Each + registered Posture Validator would receive a copy of the PA-TNC + message including the PA-TNC header and set of attributes. It is + important that each of the attributes included in the PA-TNC message + be associated with the firewall component because only the Posture + Collector and Posture Validator interested in firewalls will receive + such messages. + + + + + + + + +Sangster & Narayan Standards Track [Page 9] + +RFC 5792 PA-TNC March 2010 + + + If the above message contained both firewall and operating system + attributes inside a PA-TNC message with a component type of firewall, + then any Posture Collector and Posture Validator registered to + receive operating system messages would not receive those attributes, + as the messages would only be delivered to those registered for + firewall messages. + +3.3. PB-PA Posture Collector and Posture Validator Identifiers + + The PB-PA header contains several fields important to the processing + of a received PA message. The PA Vendor ID and Subtype are described + in the PB-TNC specification and above in section 3.2. Also present + in the PB-PA header is a pair of fields that identify the Posture + Collector and/or Posture Validator involved in the exchange. These + fields are used for performing exclusive delivery of messages as + described in section 3.1 and as an indicator for correlation of + received attributes. + + Correlation of attributes is necessary when the sending Posture + Collector provides posture for multiple implementations of a single + type of component during an assessment, so the recipient Posture + Validators need to know which attributes are describing the same + implementation. + + For example, a single Posture Collector might report attributes on + two installed VPN implementations on the endpoint. Because the + individual attributes do not include an indication of which VPN + product they are describing, the recipient needs something to perform + this correlation. Therefore, for this example, the VPN Posture + Collector would need to obtain two Posture Collector Identifiers from + the Posture Broker Client and consistently use one with each of the + implementations during an assessment. The VPN Posture Collector + would group all the attributes associated with a particular VPN + implementation into a single PB-PA message and send the message using + the Posture Collector Identifier it designates as going with the + particular implementation. This approach allows the recipient to + recognize when attributes in future assessment messages also describe + the same component implementation. + +3.4. PA-TNC Messages in PB-TNC + + As depicted in section 3.2, a PA-TNC message consists of a PA-TNC + header followed by a sequence of one or more attributes. The PA-TNC + message header (described in section 3.6) and the header for each of + the PA-TNC attributes (specified in section 4.1) have a fixed type- + length-value (TLV) format. Each PA-TNC message MAY contain a mixture + of standards-based and vendor-defined attributes identifiable using + the type portion of the attribute header. All Posture Collectors and + + + +Sangster & Narayan Standards Track [Page 10] + +RFC 5792 PA-TNC March 2010 + + + Posture Validators compliant with this specification MUST be capable + of processing multiple attributes in a received PA-TNC message. A + Posture Collector or Posture Validator that receives a PA-TNC message + can use the attribute header's length field to skip any attributes + that it does not understand, unless the attribute is marked as + mandatory to process. + +3.5. IETF Standard PA Subtypes + + This section defines several IETF Standard PA Subtypes. Each PA + subtype defined here identifies a specific component relevant to the + endpoint's posture. This allows a small set of generic PA-TNC + attributes (e.g., Product Information) to be used to describe a large + number of different components (e.g., operating system, anti-virus, + etc.). It also allows Posture Collectors and Posture Validators to + specialize in a particular component and only receive PA-TNC messages + relevant to that component. + + Value Integer Definition + ----- ------- ---------- + 0 Testing Reserved for use in specification + examples, experimentation and + testing. + + 1 Operating System Operating system running on the + endpoint + + 2 Anti-Virus Host-based anti-virus software + + 3 Anti-Spyware Host-based anti-spyware software + + 4 Anti-Malware Host-based anti-malware (e.g., anti- + bot) software not included within + anti-virus or anti-spyware components + + 5 Firewall Host-based firewall + + 6 IDPS Host-based Intrusion Detection and/or + Prevention Software (IDPS) + + 7 VPN Host-based Virtual Private Network + (VPN) software + + 8 NEA Client NEA client software + + These PA subtypes must be used in a PB-PA message with a PA Message + Vendor ID of zero (0) indicating an IETF standard type of component + (as described in the PB-TNC specification [5]). If these PA subtype + + + +Sangster & Narayan Standards Track [Page 11] + +RFC 5792 PA-TNC March 2010 + + + values are used with a different PA Message Vendor ID, they have a + completely different meaning that is not defined in this + specification. Posture Collectors and Posture Validators MUST NOT + require support for particular vendor-specific PA subtypes and MUST + interoperate with other parties despite any differences in the set of + vendor-specific PA subtypes supported (although they MAY permit + administrators to configure them to require support for specific PA + subtypes). + +3.6. PA-TNC Message Header Format + + This section describes the format and semantics of the PA-TNC header. + Every PA-TNC message MUST start with a PA-TNC header. The PA-TNC + header provides a common context applying to all of the attributes + contained within the PA-TNC payload. The payload consists of a + sequence of assessment attributes described in section 4.2. + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Version | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Message Identifier | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Version + + This field indicates the version of the format for the PA-TNC + message. This version is intended to allow for evolution of the + PA-TNC message header and payload in a manner that can easily be + detected by message recipients. + + PA-TNC message senders MUST set this field to 0x01 for all PA-TNC + messages that comply with this specification. Implementations + responding to a PA-TNC message containing a supported version MUST + use the same version number to minimize the risk of version + incompatibility. Message recipients MUST respond to a PA-TNC + message containing an unsupported version by sending a Version Not + Supported error in a PA-TNC Error attribute that is the only PA- + TNC attribute in a PA-TNC message with version number 1. + + PA-TNC message initiators supporting multiple PA-TNC protocol + versions SHOULD be able to alter which version of PA-TNC message + they send based on prior message exchanges with a particular peer + Posture Collector or Posture Validator. + + + + + + + +Sangster & Narayan Standards Track [Page 12] + +RFC 5792 PA-TNC March 2010 + + + Reserved + + Reserved for future use. This field MUST be set to 0 on + transmission and ignored upon reception. + + Message Identifier + + This field contains a value that uniquely identifies this message, + differentiating it from others sent by a particular PA-TNC message + sender within this assessment. This value can be included in the + payload of a response message to indicate which message was + received and caused the response. This value is included in the + payload of PA-TNC error messages so the party who receives the + error message can determine which of the messages they had sent + caused the error. + + PA-TNC message senders MUST NOT send the same message identifier + more than once during an assessment. Message identifiers may be + randomly generated or sequenced as long as values are not repeated + during an assessment message exchange. PA-TNC message recipients + are not required to check for duplicate message identifiers. + +4. PA-TNC Attributes + + This section defines the PA-TNC attributes that can be carried within + a PA-TNC message. The initial section defines the standard attribute + header that appears at the start of each attribute in a PA-TNC + message. The second section defines each of the IETF Standard PA-TNC + Attributes and the final section discusses how vendor-defined PA-TNC + attributes can be used within a PA-TNC message. Vendor-defined PA- + TNC attributes use the vendor's SMI Private Enterprise Number in the + Attribute Type field. + + A PA-TNC message MUST contain a PA-TNC header (defined in section + 3.6. followed by a sequence of zero or more PA-TNC attributes. All + PA-TNC attributes MUST begin with a standard PA-TNC attribute header, + as defined in section 4.1. The contents of PA-TNC attributes vary + widely, depending on their attribute type. Section 4.2 defines the + IETF Standard PA-TNC Attributes. Section 4.3 discusses how vendor- + specific PA-TNC attributes can be defined. + +4.1. PA-TNC Attribute Header + + Following the PA-TNC message header is a sequence of zero or more + attributes. All PA-TNC attributes MUST begin with the standard PA- + TNC attribute header defined in this subsection. Each attribute + described in this specification is represented by a TLV tuple. The + TLV tuple includes an attribute identifier comprised of the Vendor ID + + + +Sangster & Narayan Standards Track [Page 13] + +RFC 5792 PA-TNC March 2010 + + + and Attribute Type (type), the TLV tuple's overall length, and + finally the attribute's value. The use of TLV representation was + chosen due to its flexibility and extensibility and use in other + standards. Recipients of an attribute can use the attribute type + fields to determine the precise syntax and semantics of the attribute + value field and the length to skip over an unrecognized attribute. + The length field is also beneficial when a variable-length attribute + value is provided. + + The TLV format does not contain an explicit TLV format version + number, so every attribute included in a particular PA-TNC message + MUST use the same TLV format. Using the PA-TNC message version + number to indicate the format of all TLV attributes within a PA-TNC + message allows for future versioning of the TLV format in a manner + detectable by PA-TNC message recipients. Similarly, requiring all + TLV attribute formats to be the same within a PA-TNC message also + ensures that recipients compliant with a particular PA-TNC message + version can at least parse every attribute header and use the length + to skip over unrecognized attributes. Finally, all attribute TLVs + within a PA-TNC message MUST pertain to the same implementation of + the component. This restriction is relevant when a single Posture + Collector is reporting on multiple implementations of a component, so + must send multiple PA-TNC messages each including only the attributes + describing a single implementation. For more information on how + Posture Collectors should handle multiple implementations, see + section 3.3. + + Every PA-TNC-compliant TLV attribute MUST use the following TLV + format: + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Flags | PA-TNC Attribute Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Attribute Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Attribute Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Attribute Value (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Flags + + This field defines flags impacting the processing of the + associated attribute. + + + + + + +Sangster & Narayan Standards Track [Page 14] + +RFC 5792 PA-TNC March 2010 + + + Bit 0 (0x80) is the NOSKIP flag. Any Posture Collector or Posture + Validator that receives an attribute with this flag set to 1 but + does not support this attribute MUST NOT process any part of the + PA-TNC message and SHOULD respond with an Attribute Type Not + Supported error in a PA-TNC error message. + + In order to avoid taking action on a subset of the attributes only + to later find an unsupported attribute with the NOSKIP flag set, + recipients of a multi-attribute PA-TNC message might need to scan + all of the attributes prior to acting upon any attribute. + + When the NOSKIP flag is set to 0, recipients SHOULD skip any + unsupported attributes and continue processing the next attribute. + + Bit 1-7 are reserved for future use. These bits MUST be set to 0 + on transmission and ignored upon reception. + + PA-TNC Attribute Vendor ID + + This field indicates the owner of the namespace associated with + the PA-TNC Attribute Type. This is accomplished by specifying the + 24-bit SMI Private Enterprise Number Vendor ID of the party who + owns the Attribute Type namespace. IETF Standard PA-TNC Attribute + Types MUST use zero (0) in this field. + + The PA-TNC Attribute Vendor ID 0xffffff is reserved. Posture + Collectors and Posture Validators MUST NOT send PA-TNC messages in + which the PA-TNC Attribute Vendor ID has this reserved value + (0xffffff). If a Posture Collector or Posture Validator receives + a message in which the PA-TNC Attribute Vendor ID has this + reserved value (0xffffff), it SHOULD respond with an Invalid + Parameter error code in a PA-TNC Error attribute. + + PA-TNC Attribute Type + + This field defines the type of the attribute included in the + Attribute Value field. This field is qualified by the PA-TNC + Attribute Vendor ID field so that a particular PA-TNC Attribute + Type value (e.g., 327) has a completely different meaning + depending on the value in the PA-TNC Attribute Vendor ID field. + Posture Collectors and Posture Validators MUST NOT require support + for particular vendor-specific PA-TNC Attribute Types and MUST + interoperate with other parties despite any differences in the set + of vendor-specific PA-TNC Attribute Types supported (although they + MAY permit administrators to configure them to require support for + specific PA-TNC attribute types). + + + + + +Sangster & Narayan Standards Track [Page 15] + +RFC 5792 PA-TNC March 2010 + + + If the PA-TNC Attribute Vendor ID field has the value zero (0), + then the PA-TNC Attribute Type field contains an IETF Standard PA- + TNC Attribute Type, as listed in the IANA registry. IANA + maintains a registry of PA-TNC Attribute Types. Entries in this + registry are added by Expert Review with Specification Required, + following the guidelines in section 7. Section 4.2 of this + specification defines the initial set of IETF Standard PA-TNC + Attribute Types. + + The PA-TNC Attribute Type 0xffffffff is reserved. Posture + Collectors and Posture Validators MUST NOT send PA-TNC messages in + which the PA-TNC Attribute Type has this reserved value + (0xffffffff). If a Posture Collector or Posture Validator + receives a message in which the PA-TNC Attribute Type has this + reserved value (0xffffffff), it SHOULD respond with an Invalid + Parameter error code in a PA-TNC Error attribute. + + PA-TNC Attribute Length + + This field contains the length in octets of the entire PA-TNC + attribute including the PA-TNC Attribute Header (the fields Flags, + PA-TNC Attribute Vendor ID, PA-TNC Attribute Type, and PA-TNC + Attribute Length). Therefore, this value MUST always be at least + 12. Any Posture Collector or Posture Validator that receives a + message with a PA-TNC Attribute Length field whose value is less + than 12 SHOULD respond with an Invalid Parameter PA-TNC error + code. Similarly, if a Posture Collector or Posture Validator + receives a PA-TNC message for an Attribute Type that has a well- + known Attribute Value length (e.g., fixed-length attribute value) + and the Attribute Length indicates a different value (greater or + less than the expected value), the recipient SHOULD respond with + an Invalid Parameter PA-TNC error code. + + Implementations that do not support the specified PA-TNC Attribute + Type can use this length to skip over this attribute to the next + attribute. Note that while this field is 4 octets the maximum + usable attribute length is less than 2^32-1 due to limitations of + the underlying protocol stack. Specifically, PB-TNC TLV header's + Batch Length field is also 32 bits in length. Therefore, the + maximum batch that PB-TNC can carry is 2^32-1, so the largest PA- + TNC message carried by PB-TNC must be less than 2^32-1 - size of + the PB-TNC header (see section 4.1 of PB-TNC for more details). + + Attribute Value + + This field varies depending on the particular type of attribute + being expressed. The contents of this field for each of the IETF + Standard PA-TNC Attribute Types are defined in section 4.2. + + + +Sangster & Narayan Standards Track [Page 16] + +RFC 5792 PA-TNC March 2010 + + +4.2. IETF Standard PA-TNC Attribute Types + + This section defines an initial set of IETF Standard PA-TNC Attribute + Types. These Attribute Types MUST always be used with a PA-TNC + Vendor ID of zero (0). If these PA-TNC Attribute Type values are + used with a different PA-TNC Vendor ID, they have a completely + different meaning that is not defined in this specification. + + The following table briefly describes each attribute and defines the + numeric value to be used in the PA-TNC Attribute Type field of the + PA-TNC Attribute Header. Later subsections provide detailed + specifications for each PA-TNC Attribute Value. + + Number Integer Description + ------ ------- ----------- + 0 Testing Reserved for use in + specification examples, + experimentation, and testing. + + 1 Attribute Request Contains a list of attribute + type values defining the + attributes desired from the + Posture Collectors. + + 2 Product Information Manufacturer and product + information for the component. + + 3 Numeric Version Numeric version of the + component. + + 4 String Version String version of the + component. + + 5 Operational Status Describes whether the component + is running on the endpoint. + + 6 Port Filter Lists the set of ports (e.g., + TCP port 80 for HTTP) that are + allowed or blocked on the + endpoint. + + 7 Installed Packages List of software packages + installed on endpoint that + provide the requested + component. + + 8 PA-TNC Error PA-TNC message or attribute + processing error. + + + +Sangster & Narayan Standards Track [Page 17] + +RFC 5792 PA-TNC March 2010 + + + 9 Assessment Result Result of the assessment + performed by a Posture + Validator. + + 10 Remediation Instructions Instructions for remediation + generated by a Posture + Validator. + + 11 Forwarding Enabled Indicates whether packet + forwarding has been enabled + between different interfaces on + the endpoint. + + 12 Factory Default Password Indicates whether the endpoint + Enabled has a factory default password + enabled. + + The following subsections discuss the usage, format, and semantics of + the Attribute Value field for each IETF Standard PA-TNC Attribute + Type. + +4.2.1. Attribute Request + + This PA-TNC Attribute Type allows a Posture Validator to request + certain attributes from the registered set of Posture Collectors. + + All Posture Collectors that implement any of the IETF Standard PA + Subtypes defined in this specification SHOULD support receiving and + processing this attribute type for at least those PA subtypes. This + requirement is only a "should" because there are deployment scenarios + (e.g., see section A.1) where the Posture Collectors proactively send + a set of attributes at the start of an assessment (e.g., based upon + local policy), so does not need to support Posture Validator + requested attributes. Posture Collectors that receive but do not + support the Attribute Request attribute MUST respond with an + Attribute Type Not Supported PA-TNC error code. Posture Collectors + that receive and process this attribute MAY choose to send all, a + subset, or none of the requested attributes but MUST NOT send + attributes that were not requested (except Error attributes). All + Posture Validators that implement any of the IETF Standard PA + Subtypes defined in this specification SHOULD support sending this + attribute type for at least those PA subtypes. + + Posture Validators MUST NOT include this attribute type in an + Attribute Request attribute. It does not make sense for a Posture + Validator to request that a Posture Collector send an Attribute + Request attribute. + + + + +Sangster & Narayan Standards Track [Page 18] + +RFC 5792 PA-TNC March 2010 + + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 1. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + Note that this diagram shows two attribute types. The actual number + of attribute types included in an Attribute Request attribute can + vary from one to a large number (limited only by the maximum message + and length supported by the underlying PT protocol). However, each + Attribute Request MUST contain at least one attribute type. Because + the length of a PA-TNC Attribute Vendor ID paired with a PA-TNC + Attribute Type and a 1-octet Reserved field is always 8 octets, the + number of requested attributes can be easily computed using the PA- + TNC Attribute Length field by subtracting the number of octets in the + PA-TNC Attribute Header and dividing by 8. If the PA-TNC Attribute + Length field is invalid, Posture Collectors SHOULD respond with an + Invalid Parameter PA-TNC error code. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | PA-TNC Attribute Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Attribute Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | PA-TNC Attribute Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Attribute Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Reserved + + Reserved for future use. This field MUST be set to 0 on + transmission and ignored upon reception. + + PA-TNC Attribute Vendor ID + + This field contains the SMI Private Enterprise Number of the + organization that controls the namespace for the following PA-TNC + Attribute Type. This field enables IETF Standard PA-TNC + Attributes and vendor-defined PA-TNC attributes to be used without + potential collisions. + + + + + + + +Sangster & Narayan Standards Track [Page 19] + +RFC 5792 PA-TNC March 2010 + + + Any IETF Standard PA-TNC Attribute Types defined in section 4.2 + MUST use zero (0) in this field. Vendor-defined attributes MUST + use the SMI Private Enterprise Number of the organization that + defined the attribute. + + PA-TNC Attribute Type + + The PA-TNC Attribute Type field (together with the PA-TNC Vendor + ID field) indicates the specific attribute requested. Some IETF + Standard PA-TNC Attribute Types MUST NOT be requested using this + field (e.g., requesting a PA-TNC Error attribute). This is + explicitly indicated in the description of those PA-TNC Attribute + Types. Any Posture Collector or Posture Validator that receives + an Attribute Request containing one of the prohibited Attribute + Types SHOULD respond with an Invalid Parameter error in a PA-TNC + error message. + +4.2.2. Product Information + + This PA-TNC Attribute Type contains identifying information about a + product that implements the component specified in the PA Subtype + field, as described in section 3.5. For example, if the PA Subtype + is Anti-Virus, this attribute would contain information identifying + an anti-virus product installed on the endpoint. + + All Posture Collectors that implement any of the IETF Standard PA + Subtypes defined in this specification MUST support sending this + attribute type, at least for those PA subtypes. Whether a particular + Posture Collector actually sends this attribute type SHOULD still be + governed by local privacy and security policies. All Posture + Validators that implement any of the IETF Standard PA Subtypes + defined in this specification MUST support receiving this attribute + type, at least for those PA subtypes. Posture Validators MUST NOT + send this attribute type. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 2. + The value in the PA-TNC Attribute Length field will vary, depending + on the length of the Product Name field. However, the value in the + PA-TNC Attribute Length field MUST be at least 17 because this is the + length of the fixed-length fields in the PA-TNC Attribute Header and + the fixed-length fields in this attribute type. If the PA-TNC + Attribute Length field is less than the size of these fixed-length + fields, implementations SHOULD respond with an Invalid Parameter PA- + TNC error code. + + + + + + +Sangster & Narayan Standards Track [Page 20] + +RFC 5792 PA-TNC March 2010 + + + This attribute type includes both numeric and textual identifiers for + the organization that created the product (the "product creator") and + for the product itself. For automated processing, numeric + identifiers are superior because they are less ambiguous and more + efficient. However, numeric identifiers are only available if the + product creator has assigned them. Therefore, a textual identifier + is also included. This textual identifier has the additional benefit + that it may be easier for humans to read (although this benefit is + minimal since the primary purpose of this attribute is automated + assessment). + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Product Vendor ID | Product ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Product ID | Product Name (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Product Vendor ID + + This field contains the SMI Private Enterprise Number for the + product creator. If the SMI PEN for the product creator is + unknown or if the product creator does not have an SMI PEN, the + Product Vendor ID field MUST be set to 0 and the identity of the + product creator SHOULD be included in the Product Name along with + the name of the product. + + Product ID + + This field identifies the product using a numeric identifier + assigned by the product creator. If this Product ID value is + unknown or if the product creator has not assigned such a value, + this field MUST be set to 0. If the Product Vendor ID is 0, this + field MUST be set to 0. In any case, the name of the product + SHOULD be included in the Product Name field. + + Note that a particular Product ID value (e.g., 635) will have + completely different meanings depending on the Product Vendor ID. + Each Product Vendor ID defines a different space of Product ID + values. Product creators are encouraged to publish lists of + Product ID values for their products. + + + + + +Sangster & Narayan Standards Track [Page 21] + +RFC 5792 PA-TNC March 2010 + + + Product Name + + This variable-length field contains a UTF-8 [2] string identifying + the product (e.g., "Symantec Norton AntiVirus(TM) 2008") in enough + detail to unambiguously distinguish it from other products from + the product creator. Products whose creator is known, but does + not have a registered SMI Private Enterprise Number, SHOULD be + represented using a combination of the creator name and full + product name (e.g., "Ubuntu(R) IPtables" for the IPtables firewall + in the Ubuntu distribution of Linux). If the product creator's + SMI Private Enterprise Number is included in the Product Vendor ID + field, the product creator's name may be omitted from this field. + + The length of this field can be determined by starting with the + value in the PA-TNC Attribute Length field in the PA-TNC Attribute + Header and subtracting the size of the fixed-length fields in that + header (12) and the size of the fixed-length fields in this + attribute (5). If the PA-TNC Attribute Length field is less than + the size of these fixed-length fields, implementations SHOULD + respond with an Invalid Parameter PA-TNC error code. + +4.2.3. Numeric Version + + This PA-TNC Attribute Type contains numeric version information for a + product on the endpoint that implements the component specified in + the PA Subtype field, as described in section 3.5. For example, if + the PA Subtype is Operating System, this attribute would contain + numeric version information for the operating system installed on the + endpoint. The version information in this attribute is associated + with a particular product, so Posture Validators are expected to also + possess the corresponding Product Information attribute when + interpreting this attribute. + + All Posture Collectors that implement the IETF Standard PA Subtype + for Operating System SHOULD support sending this attribute type, at + least for the Operating System PA subtype. Other Posture Collectors + MAY support sending this attribute type. Whether a particular + Posture Collector actually sends this attribute type SHOULD still be + governed by local privacy and security policies. All Posture + Validators that implement the IETF Standard PA Subtype for Operating + System SHOULD support receiving this attribute type, at least for the + Operating System PA subtype. Other Posture Validators MAY support + receiving this attribute type. A Posture Validator that does not + support receiving this attribute type SHOULD simply ignore attributes + with this type. Posture Validators MUST NOT send this attribute + type. + + + + + +Sangster & Narayan Standards Track [Page 22] + +RFC 5792 PA-TNC March 2010 + + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 3. + The value in the PA-TNC Attribute Length field MUST be 28. If the + PA-TNC Attribute Length field is less than the size of these fixed- + length fields, implementations SHOULD respond with an Invalid + Parameter PA-TNC error code. + + This attribute type includes numeric values for the product version + information, enabling Posture Validators to do comparative operations + on the version. Some Posture Collectors may not be able to determine + some or all of this information for a product. However, this + attribute can be especially useful for describing the version of the + operating system, where numeric version numbers are generally + available. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Major Version Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Minor Version Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Build Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Service Pack Major | Service Pack Minor | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Major Version Number + + This field contains the major version number for the product, if + applicable. If unused or unknown, this field SHOULD be set to 0. + + Minor Version Number + + This field contains the minor version number for the product, if + applicable. If unused or unknown, this field SHOULD be set to 0. + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 23] + +RFC 5792 PA-TNC March 2010 + + + Build Number + + This field contains the build number for the product, if + applicable. This may provide more granularity than the minor + version number, as many builds may occur leading up to an official + release, and all these builds may share a single major and minor + version number. If unused or unknown, this field SHOULD be set to + 0. + + Service Pack Major + + This field contains the major version number of the service pack + for the product, if applicable. If unused or unknown, this field + SHOULD be set to 0. + + Service Pack Minor + + This field contains the minor version number of the service pack + for the product, if applicable. If unused or unknown, this field + SHOULD be set to 0. + +4.2.4. String Version + + This PA-TNC Attribute Type contains string version information for a + product on the endpoint that implements the component specified in + the PA Subtype field, as described in section 3.5. For example, if + the PA Subtype is Firewall, this attribute would contain string + version information for a host-based firewall product installed on + the endpoint (if any). The version information in this attribute is + associated with a particular product, so Posture Validators are + expected to also possess the corresponding Product Information + attribute when interpreting this attribute. + + All Posture Collectors that implement any of the IETF Standard PA + Subtypes defined in this document MUST support sending this attribute + type, at least for those PA subtypes. Other Posture Collectors MAY + support sending this attribute type. Whether a particular Posture + Collector actually sends this attribute type SHOULD still be governed + by local privacy and security policies. All Posture Validators that + implement any of the IETF Standard PA Subtypes defined in this + document MUST support receiving this attribute type, at least for + those PA subtypes. Other Posture Validators MAY support receiving + this attribute type. Posture Validators MUST NOT send this attribute + type. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 4. + The value in the PA-TNC Attribute Length field will vary, depending + + + +Sangster & Narayan Standards Track [Page 24] + +RFC 5792 PA-TNC March 2010 + + + on the length of the Component Version Number, Internal Build Number, + and Configuration Version Number fields. However, the value in the + PA-TNC Attribute Length field MUST be at least 15 because this is the + length of the fixed-length fields in the PA-TNC Attribute Header and + the fixed-length fields in this attribute type. If the PA-TNC + Attribute Length field is less than the size of these fixed-length + fields or does not match the length indicated by the sum of the + fixed-length and variable-length fields, implementations SHOULD + respond with an Invalid Parameter PA-TNC error code. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Version Len | Product Version Number (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Build Num Len | Internal Build Number (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Config. Len | Configuration Version Number (Variable Length)| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Version Len + + This field defines the number of octets in the Product Version + Number field. If the product version number is unavailable or + unknown, this field MUST be set to 0 and the Product Version + Number field will be zero length (effectively not present). + + Product Version Number + + This field contains a UTF-8 string identifying the version of the + component (e.g., "1.12.23.114"). This field MUST be sized to fit + the version string and MUST NOT include extra octets for padding + or NUL character termination. + + Various products use a wide range of different formats and + semantics for version strings. Some use alphabetic characters, + white space, and punctuation. Some consider version "1.21" to be + later than version "1.3" and some earlier. Therefore, the syntax + and semantics of this string are not defined. + + + + + + + + +Sangster & Narayan Standards Track [Page 25] + +RFC 5792 PA-TNC March 2010 + + + Build Num Len + + This field defines the number of octets in the Internal Build + Number field. For products where the internal build number is + unavailable or unknown, this field MUST be set to 0 and the + Internal Build Number field will be zero length (effectively not + present). + + Internal Build Number + + This field contains a UTF-8 string identifying the engineering + build number of the product. This field MUST be sized to fit the + build number string and MUST NOT include extra octets for padding + or NUL character termination. The syntax and semantics of this + string are not defined. + + Config. Len + + This field defines the number of octets in the Configuration + Version Number field. If the configuration version number is + unavailable or unknown, this field MUST be set to 0 and the + Configuration Version Number field will be zero length + (effectively not present). + + Configuration Version Number + + This field contains a UTF-8 string identifying the version of the + configuration used by the component. This version SHOULD + represent the overall configuration version even if several + configuration policy files or settings are used. Posture + Collectors MAY include multiple version numbers in this single + string if a single version is not practical. This field MUST be + sized to fit the version string and MUST NOT include extra octets + for padding or NUL character termination. + + Various products use a wide range of different formats for version + strings. Some use alphabetic characters, white space, and + punctuation. Some consider version "1.21" to be later than + version "1.3" and some earlier. In addition, some Posture + Collectors may place multiple configuration version numbers in + this single string. Therefore, the syntax and semantics of this + string are not defined. + +4.2.5. Operational Status + + This PA-TNC Attribute Type describes the operational status of a + product that can implement the component specified in the PA Subtype + field, as described in section 3.5. For example, if the PA Subtype is + + + +Sangster & Narayan Standards Track [Page 26] + +RFC 5792 PA-TNC March 2010 + + + Anti-Spyware, this attribute would contain information about the + operational status of a host-based anti-spyware product that may or + may not be installed on the endpoint. + + Posture Collectors that implement the IETF Standard PA Subtype for + Operating System or VPN MAY support sending this attribute type for + those PA subtypes. Posture Collectors that implement other IETF + Standard PA Subtypes defined in this specification SHOULD support + sending this attribute type for those PA subtypes. Other Posture + Collectors MAY support sending this attribute type. Whether a + particular Posture Collector actually sends this attribute type + SHOULD still be governed by local privacy and security policies. + Posture Validators that implement the IETF Standard PA Subtype for + Operating System or VPN MAY support receiving this attribute type, at + least for those PA subtypes. Posture Validators that implement other + IETF Standard PA Subtypes defined in this specification SHOULD + support receiving this attribute type, at least for those PA + subtypes. Other Posture Validators MAY support receiving this + attribute type. A Posture Validator that does not support receiving + this attribute type SHOULD simply ignore attributes with this type. + Posture Validators MUST NOT send this attribute type. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 5. + The value in the PA-TNC Attribute Length field MUST be 36. If the + PA-TNC Attribute Length field does not have this value, + implementations SHOULD respond with an Invalid Parameter PA-TNC error + code. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Status | Result | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Last Use | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Last Use (continued) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Last Use (continued) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Last Use (continued) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Last Use (continued) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + +Sangster & Narayan Standards Track [Page 27] + +RFC 5792 PA-TNC March 2010 + + + Status + + This field gives the operational status of the product. The + following table lists the values currently defined for this field. + + Value Description + ----- ----------- + 0 Unknown or other + 1 Not installed + 2 Installed but not operational + 3 Operational + + If a Posture Validator receives a value for this field that it + does not recognize, it SHOULD treat this value as equivalent to + the value 0. + + Result + + This field contains the result of the last use of the product. + The following table lists the values currently defined for this + field. + + Value Description + ----- ----------- + 0 Unknown or other + 1 Successful use with no errors detected + 2 Successful use with one or more errors detected + 3 Unsuccessful use (e.g., aborted) + + Posture Collectors SHOULD set this field to 0 if the Status field + contains a value of 1 (Not installed) or 2 (Installed but not + operational). If a Posture Validator receives a value for this + field that it does not recognize, it SHOULD treat this value as + equivalent to the value 0. + + Reserved + + This field is reserved for future use. The field MUST be set to 0 + on transmission and ignored upon reception. + + Last Use + + This field contains the date and time of the last use of the + component. The Last Use date and time MUST be represented as an + RFC 3339 [4] compliant ASCII string in Coordinated Universal Time + (UTC) time with the additional restrictions that the 't' delimiter + and the 'z' suffix MUST be capitalized and fractional seconds + (time-secfrac) MUST NOT be included. + + + +Sangster & Narayan Standards Track [Page 28] + +RFC 5792 PA-TNC March 2010 + + + This field conforms to the date-time ABNF production from section + 5.6 of RFC 3339 with the above restrictions. Leap seconds are + permitted and Posture Validators MUST support them. + + The last use string MUST NOT be NUL terminated or padded in any + way. If the last use time is not known, not applicable, or cannot + be represented in this format, the Posture Collector MUST set this + field to the value "0000-00-00T00:00:00Z" (allowing this field to + be fixed length). Note that this particular reserved value is NOT + a valid RFC 3339 date and time and MUST NOT be used for any other + purpose in this field. + + This encoding produces a string that is easy to read, parse, and + interpret. The format (more precisely defined in RFC 3339) is + YYYY-MM-DDTHH:MM:SSZ, resulting in one and only one representation + for each second in UTC time from year 0000 to year 9999. For + example, 9:05:00AM EST (GMT-0500) on January 19, 1995 can be + represented as "1995-01-19T14:05:00Z". The length of this field + is always 20 octets. + +4.2.6. Port Filter + + This PA-TNC Attribute Type provides the list of port numbers and + associated protocols (e.g., TCP and UDP) that are currently blocked + or allowed by a host-based firewall on the endpoint. + + Posture Collectors that implement the IETF Standard PA Subtype for + Firewall or VPN SHOULD support sending this attribute type for those + PA subtypes. Posture Collectors that implement other IETF Standard + PA Subtypes defined in this specification MUST NOT support sending + this attribute type for those PA subtypes. Other Posture Collectors + MAY support sending this attribute type, if it is appropriate to + their PA subtype. Whether a particular Posture Collector actually + sends this attribute type SHOULD still be governed by local privacy + and security policies. Posture Validators that implement the IETF + Standard PA Subtype for Firewall or VPN SHOULD support receiving this + attribute type, at least for those PA subtypes. Posture Validators + that implement other IETF Standard PA Subtypes defined in this + specification MUST NOT support receiving this attribute type for + those PA subtypes. Other Posture Validators MAY support receiving + this attribute type. A Posture Validator that does not support + receiving this attribute type SHOULD simply ignore attributes with + this type. Posture Validators MUST NOT send this attribute type. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 6. + + + + + +Sangster & Narayan Standards Track [Page 29] + +RFC 5792 PA-TNC March 2010 + + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + Note that this diagram shows two Protocol/Port Number pairs. The + actual number of Protocol/Port Number pairs included in a Port Filter + attribute can vary from one to a large number (limited only by the + maximum message and length supported by the underlying PT protocol). + However, each Port Filter attribute MUST contain at least one + Protocol/Port Number pair. Because the length of a Protocol/Port + Number pair with the Reserved field and B flag is always 4 octets, + the number of Protocol/Port Number pairs can be easily computed using + the PA-TNC Attribute Length field by subtracting the number of octets + in the PA-TNC Attribute Header and dividing by 4. If the PA-TNC + Attribute Length field is invalid, Posture Validators SHOULD respond + with an Invalid Parameter PA-TNC error code. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved |B| Protocol | Port Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved |B| Protocol | Port Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Reserved + + This field is reserved for future use. It MUST be set to 0 on + transmission and ignored upon reception. + + B Flag (Blocked or Allowed Port) + + This single-bit field indicates whether the following port is + blocked or allowed. This bit MUST be set to 1 if the protocol and + port combination is blocked. Otherwise, this field MUST be set to + 0. This field was provided to allow for more abbreviated + reporting of the port filtering policy (e.g., when all ports are + blocked except a few, the Posture Collector can just list the few + that are allowed). + + Posture Collectors MUST NOT provide a mixed list of blocked and + non-blocked ports for a particular protocol. To be more precise, + a Posture Collector MUST NOT include two Protocol/Port Number + pairs in a single Port Filter attribute where the protocol number + is the same but the B flag is different. Also, Posture Collectors + MUST NOT list the same Protocol and Port Number combination twice + in a Port List attribute. + + + + +Sangster & Narayan Standards Track [Page 30] + +RFC 5792 PA-TNC March 2010 + + + Posture Collectors MAY list all blocked ports for one protocol and + all allowed ports for a different protocol in a single Port List + attribute, using the B flag to indicate whether each entry is + blocked. For example, a Posture Collector might list all the + blocked TCP ports but only list the allowed UDP ports. However, + it MUST NOT list some blocked TCP ports and some other allowed TCP + ports. + + Protocol + + This field contains the transport protocol number (e.g., tcp is 6) + being blocked or allowed. The values used in this field are the + same ones used in the IPv4 Protocol and IPv6 Next Header fields. + The IANA already maintains the Assigned Internet Protocol Numbers + registry of these values for use in this field. + + Port Number + + This field contains the transport protocol (e.g., tcp) port number + being blocked or allowed. The values used in this field are + specific to the protocol identified by the Protocol field. The + IANA maintains registries for well-known and user-requested TCP + and UDP port numbers for use in this field. + +4.2.7. Installed Packages + + This PA-TNC Attribute Type contains a list of the installed packages + that comprise a product on the endpoint that implements the component + specified in the PA Subtype field, as described in section 3.5. This + allows a Posture Validator to check which packages are installed for + a particular product and which versions of those packages are + installed. + + Posture Collectors that implement any of the IETF Standard PA + Subtypes defined in this document SHOULD support sending this + attribute type for those PA subtypes. Other Posture Collectors MAY + support sending this attribute type, if it is appropriate to their PA + subtype. Whether a particular Posture Collector actually sends this + attribute type SHOULD still be governed by local privacy and security + policies. Posture Validators that implement any of the IETF Standard + PA Subtypes defined in this document SHOULD support receiving this + attribute type, at least for those PA subtypes. Other Posture + Validators MAY support receiving this attribute type. A Posture + Validator that does not support receiving this attribute type SHOULD + simply ignore attributes with this type. Posture Validators MUST NOT + send this attribute type. + + + + + +Sangster & Narayan Standards Track [Page 31] + +RFC 5792 PA-TNC March 2010 + + + This attribute type can be quite long, especially for the Operating + System PA subtype. This can cause problems, especially with 802.1X + and other limited transport protocols. Therefore, Posture Collectors + SHOULD NOT send this attribute unless specifically requested to do so + using the Attribute Request attribute or otherwise configured to do + so. Also, Posture Validators SHOULD NOT request this attribute + unless the transport protocol in use can support the large amount of + data that may be sent in response. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 7. + The value in the PA-TNC Attribute Length field will vary, depending + on the number of packages and the length of the Package Name and + Package Version Number fields for those packages. However, the value + in the PA-TNC Attribute Length field MUST be at least 16 because this + is the length of the fixed-length fields in the PA-TNC Attribute + Header and the fixed-length fields in this attribute type. If the + PA-TNC Attribute Length field is less than the size of these fixed- + length fields or does not match the length indicated by the sum of + the fixed-length and variable-length fields, implementations SHOULD + respond with an Invalid Parameter PA-TNC error code. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + Note that this diagram shows an attribute containing information on + one package. The actual number of package descriptions included in + an Installed Packages attribute is indicated by the Package Count + field. This value may vary from zero to a large number (up to 65535, + if the underlying PT protocol can support that many). If this number + is not sufficient, specialized patch management software should be + employed that can simply report compliance with a pre-established + patch policy. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | Package Count | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Pkg Name Len | Package Name (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Version Len | Package Version Number (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + + + + + +Sangster & Narayan Standards Track [Page 32] + +RFC 5792 PA-TNC March 2010 + + + Reserved + + This field is reserved for future use. The field MUST be set to 0 + on transmission and ignored upon reception. + + Package Count + + This field is an unsigned 16-bit integer that indicates the number + of packages listed in this attribute. For each package so + indicated, a Pkg Name Len, Package Name, Version Len, and Package + Version Number field is included in the attribute. + + Pkg Name Len + + This field is an unsigned 8-bit integer that indicates the length + of the Package Name field in octets. This field may be zero if a + Package Name is not available. + + Package Name + + This field contains the name of the package associated with the + product. This field is a UTF-8 encoded character string whose + octet length is given by the Pkg Name Len field. This field MUST + NOT include extra octets for padding or NUL character termination. + The syntax and semantics of this name are not specified in this + document, since they may vary across products and/or operating + systems. Posture Collectors MAY list two packages with the same + name in a single Installed Packages attribute. The meaning of + doing so is not defined here. + + Version Len + + This field is an unsigned 8-bit integer that indicates the length + of the Package Version Number field in octets. This field may be + zero if a Package Version Number is not available. + + Package Version Number + + This field contains the version string for the package named in + the previous Package Name field. This field is a UTF-8 encoded + character string whose octet length is given by the Version Len + field. This field MUST NOT include extra octets for padding or + NUL character termination. The syntax and semantics of this + version string are not specified in this document, since they may + vary across products and/or operating systems. Posture Collectors + + + + + + +Sangster & Narayan Standards Track [Page 33] + +RFC 5792 PA-TNC March 2010 + + + MAY list two packages with the same Package Version Number (and + even the same Package Name and Package Version Number) in a single + Installed Packages attribute. The meaning of doing so is not + defined here. + +4.2.8. PA-TNC Error + + This PA-TNC Attribute Type contains an error code and supplemental + information regarding an error pertaining to PA-TNC. + + All Posture Collectors and Posture Validators that implement any of + the IETF Standard PA Subtypes defined in this specification MUST + support sending and receiving this attribute type, at least for those + PA subtypes. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 8. + The value in the PA-TNC Attribute Length field will vary, depending + on the length of the Error Information field. However, the value in + the PA-TNC Attribute Length field MUST be at least 20 because this is + the length of the fixed-length fields in the PA-TNC Attribute Header + and the fixed-length fields in this attribute type. + + A PA-TNC error code SHOULD be sent with the same PA Message Vendor ID + and PA Subtype used by the PA-TNC message that caused the error so + that the error code is sent to the party who sent the offending PA- + TNC message. Other measures (such as setting PB-TNC's EXCL flag and + Posture Collector Identifier or Posture Validator Identifier fields) + SHOULD also be taken to attempt to ensure that only the party who + sent the offending message receives the error. + + When a PA-TNC error code is received, the recipient MUST NOT respond + with a PA-TNC error code because this could result in an infinite + loop of errors. Instead, the recipient MAY log the error, modify its + behavior to attempt to avoid the error (attempting to avoid loops or + long strings of errors), ignore the error, terminate the assessment, + or take other action as appropriate (as long as it is consistent with + the requirements of this specification). + + Posture Validators MUST NOT include this attribute type in an + Attribute Request attribute. It does not make sense for a Posture + Validator to request that a Posture Collector send a PA-TNC Error + attribute. + + + + + + + + +Sangster & Narayan Standards Track [Page 34] + +RFC 5792 PA-TNC March 2010 + + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | PA-TNC Error Code Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Error Code | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Error Information (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Reserved + + This field is reserved for future use. This field MUST be set to + 0 on transmission and ignored upon reception. + + PA-TNC Error Code Vendor ID + + This field contains the SMI Private Enterprise Number for the + organization that defined the PA-TNC Error Code that is being used + in the attribute. For IETF Standard PA-TNC Error Code values this + field MUST be set to zero (0). + + PA-TNC Error Code + + This field contains the PA-TNC Error Code being reported in this + attribute. Note that a particular PA-TNC Error Code value will + have completely different meanings depending on the PA-TNC Error + Code Vendor ID. Each PA-TNC Error Code Vendor ID defines a + different space of PA-TNC Error Code values. Posture Collectors + and Posture Validators MUST NOT require support for particular + vendor-specific PA-TNC Error Codes and MUST interoperate with + other parties despite any differences in the set of vendor- + specific PA-TNC Error Codes supported (although they MAY permit + administrators to configure them to require support for specific + PA-TNC Error Codes). + + When the PA-TNC Error Code Vendor ID is set to zero (0), the PA- + TNC Error Code is an IETF Standard PA-TNC Error Code. IANA + maintains a registry of PA-TNC Error Codes. Entries in this + registry are added by Expert Review with Specification Required, + following the guidelines in section 7. + + + + + + +Sangster & Narayan Standards Track [Page 35] + +RFC 5792 PA-TNC March 2010 + + + The following table lists the IETF Standard PA-TNC Error Codes + defined in this specification: + + Integer Description + ------- ----------- + 0 Reserved + 1 Invalid Parameter + 2 Version Not Supported + 3 Attribute Type Not Supported + + The next few subsections of this document provide detailed + definitions of these error codes. + + Error Information + + This field provides additional context for the error. The + contents of this field vary based on the PA-TNC Error Code Vendor + ID and PA-TNC Error Code. Therefore, whenever a PA-TNC Error Code + is defined, the format of this field for that error code must also + be defined. The definitions of IETF Standard PA-TNC Error Codes + on the next few pages provide good examples of such definitions. + + The length of this field can be determined by the recipient using + the PA-TNC Attribute Length field by subtracting the length of the + fixed-length fields in the PA-TNC Attribute Header and the fixed- + length fields in this attribute. + +4.2.8.1. Invalid Parameter Error Code + + The Invalid Parameter error code is an IETF Standard PA-TNC Error + Code (value 1) that indicates that the sender of this error code has + detected an invalid value in a PA-TNC message sent by the recipient + of this error code in the current assessment. + + For this error code, the Error Information field contains the first 8 + octets of the PA-TNC message that contained the invalid parameter and + an offset indicating the position within that message of the invalid + parameter. + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 36] + +RFC 5792 PA-TNC March 2010 + + + The following diagram illustrates the format and contents of the + Error Information field for this error code. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Version | Copy of Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Message Identifier | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Offset | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Version + + This field MUST contain an exact copy of the Version field in the + PA-TNC Message Header of the PA-TNC message that caused this + error. + + Copy of Reserved + + This field MUST contain an exact copy of the Reserved field in the + PA-TNC Message Header of the PA-TNC message that caused this + error. + + Message Identifier + + This field MUST contain an exact copy of the Message Identifier + field in the PA-TNC Message Header of the PA-TNC message that + caused this error. + + Offset + + This field MUST contain an octet offset from the start of the PA- + TNC Message Header of the PA-TNC message that caused this error to + the start of the value that caused this error. For instance, if + the first PA-TNC attribute in the message had an invalid PA-TNC + Attribute Length (e.g., 0), this value would be 16. + +4.2.8.2. Version Not Supported Error Code + + The Version Not Supported error code is an IETF Standard PA-TNC Error + Code (value 2) that indicates that the sender of this error code does + not support the PA-TNC version number included in the PA-TNC Message + Header of a PA-TNC message sent by the recipient of this error code + in the current assessment. + + + + +Sangster & Narayan Standards Track [Page 37] + +RFC 5792 PA-TNC March 2010 + + + For this error code, the Error Information field contains the first 8 + octets of the PA-TNC message that contained the unsupported version + as well as Max Version and Min Version fields that indicate which PA- + TNC version numbers are supported by the sender of the error code. + + The sender MUST support all PA-TNC versions between the Min Version + and the Max Version, inclusive (i.e., including the Min Version and + the Max Version). When possible, recipients of this error code + SHOULD send future messages to the Posture Collector or Posture + Validator that originated this error message with a PA-TNC version + number within the stated range. + + Any party that is sending the Version Not Supported error code MUST + include that error code as the only PA-TNC attribute in a PA-TNC + message with version number 1. All parties that send PA-TNC messages + MUST be able to properly process a message that meets this + description, even if they cannot process any other aspect of PA-TNC + version 1. This ensures that a PA-TNC version exchange can proceed + properly, no matter what versions of PA-TNC the parties implement. + + The following diagram illustrates the format and contents of the + Error Information field for this error code. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Version | Copy of Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Message Identifier | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Max Version | Min Version | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Version + + This field MUST contain an exact copy of the Version field in the + PA-TNC Message Header of the PA-TNC message that caused this + error. + + Copy of Reserved + + This field MUST contain an exact copy of the Reserved field in the + PA-TNC Message Header of the PA-TNC message that caused this + error. + + + + + + +Sangster & Narayan Standards Track [Page 38] + +RFC 5792 PA-TNC March 2010 + + + Message Identifier + + This field MUST contain an exact copy of the Message Identifier + field in the PA-TNC Message Header of the PA-TNC message that + caused this error. + + Max Version + + This field MUST contain the maximum PA-TNC version supported by + the sender of this error code. + + Min Version + + This field MUST contain the minimum PA-TNC version supported by + the sender of this error code. + + Reserved + + Reserved for future use. This field MUST be set to 0 on + transmission and ignored upon reception. + +4.2.8.3. Attribute Type Not Supported Error Code + + The Attribute Type Not Supported error code is an IETF Standard PA- + TNC Error Code (value 3) that indicates that the sender of this error + code does not support the PA-TNC Attribute Type included in the Error + Information field. This PA-TNC Attribute Type was included in a PA- + TNC message sent by the recipient of this error code in the current + assessment. + + For this error code, the Error Information field contains the first 8 + octets of the PA-TNC message that contained the unsupported attribute + type as well as a copy of the attribute type that caused the problem. + + + + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 39] + +RFC 5792 PA-TNC March 2010 + + + The following diagram illustrates the format and contents of the + Error Information field for this error code. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Version | Copy of Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Message Identifier | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Flags | PA-TNC Attribute Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PA-TNC Attribute Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Version + + This field MUST contain an exact copy of the Version field in the + PA-TNC Message Header of the PA-TNC message that caused this + error. + + Copy of Reserved + + This field MUST contain an exact copy of the Reserved field in the + PA-TNC Message Header of the PA-TNC message that caused this + error. + + Message Identifier + + This field MUST contain an exact copy of the Message Identifier + field in the PA-TNC Message Header of the PA-TNC message that + caused this error. + + Flags + + This field MUST contain an exact copy of the Flags field in the + PA-TNC Attribute Header of the PA-TNC attribute that caused this + error. + + PA-TNC Attribute Vendor ID + + This field MUST contain an exact copy of the PA-TNC Attribute + Vendor ID field in the PA-TNC Attribute Header of the PA-TNC + attribute that caused this error. + + + + + + +Sangster & Narayan Standards Track [Page 40] + +RFC 5792 PA-TNC March 2010 + + + PA-TNC Attribute Type + + This field MUST contain an exact copy of the PA-TNC Attribute Type + field in the PA-TNC Attribute Header of the PA-TNC attribute that + caused this error. + +4.2.9. Assessment Result + + This PA-TNC attribute contains the final assessment result from a + particular Posture Validator. This attribute might be returned to a + Posture Collector for information purposes such as when an endpoint + is compliant. Similarly, the Assessment Result attribute could be + sent to indicate a non-compliant result where specific actions are + needed to bring an endpoint into compliance with the network's + policies. These actions could be defined in other PA-TNC attributes + such as Remediation Instructions sent to the Posture Collector. + + All Posture Collectors that support an IETF Standard PA Subtype + defined in this specification SHOULD support receiving and processing + the Assessment Result attribute. All Posture Validators that + implement an IETF Standard PA Subtype defined in this specification + SHOULD support sending the Assessment Result attribute. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to 9. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Assessment Result | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Assessment Result + + This 32-bit field MUST contain one of the following values; + + Value Description + ----- ----------- + 0 Posture Validator assessed the endpoint component to + be compliant with policy. + + 1 Posture Validator assessed the endpoint component to + be non-compliant with policy but the difference from + compliant was minor. + + + +Sangster & Narayan Standards Track [Page 41] + +RFC 5792 PA-TNC March 2010 + + + 2 Posture Validator assessed the endpoint component to + be non-compliant with policy and the assessed + difference was very significant. + + 3 Posture Validator was unable to determine policy + compliance of an endpoint component due to an error. + + 4 Posture Validator was unable to determine whether the + assessed endpoint component was compliant with policy + based on the attributes provided by the Posture + Collector. + +4.2.10. Remediation Instructions + + This PA-TNC attribute sent by the Posture Validator to the Posture + Collector contains remediation instructions for updating a particular + component to make the endpoint compliant with the assessment + policies. A Posture Validator might choose to send more than one + Remediation Instructions attribute in some circumstances (e.g., both + a URI and a human-readable message are necessary) to remediate one or + more components. This attribute supports the inclusion of either an + IETF standard or vendor-specific remediation instruction. + + All Posture Collectors that implement an IETF Standard PA Subtype + defined in this specification SHOULD support receiving and processing + the Remediation Instructions attribute. All Posture Validators that + implement an IETF Standard PA Subtype defined in this specification + SHOULD support sending this attribute type. Posture Collectors and + Posture Validators supporting other non-IETF standard components MAY + support this attribute. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to + 10. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | Remediation Parameters Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Remediation Parameters Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Remediation Parameters (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + +Sangster & Narayan Standards Track [Page 42] + +RFC 5792 PA-TNC March 2010 + + + Reserved (8 bits) + + The Reserved bits MUST be set to 0 on transmission and ignored on + reception. + + Remediation Parameters Vendor ID (24 bits) + + The Remediation Parameters Vendor ID field identifies a vendor by + using the SMI Private Enterprise Number (PEN). Any organization + can receive its own unique PEN from IANA, the Internet Assigned + Numbers Authority. The Remediation Parameters Vendor ID qualifies + the Remediation Parameters Type field so that each vendor has 2^32 + separate Remediation Parameters Types available for its use. + Remediation Parameters Types standardized by the IETF are always + used with the value zero (0) in this field. + + Remediation Parameters Type (32 bits) + + The Remediation Parameters Type field identifies the different + types of remediation instructions that can be contained in the + Remediation Parameters field. IANA maintains a registry of PA-TNC + Remediation Parameters Types. Entries in this registry are added + by Expert Review with Specification Required, following the + guidelines in section 7. A list of IETF Standard PA-TNC + Remediation Parameters Types defined in this specification appears + later in this section. + + New vendor-specific remediation instructions can be created by + adding new Remediation Parameters Types (those used with a non- + zero Remediation Parameters vendor ID) without IETF or IANA + involvement. Posture Collectors and Posture Validators MUST NOT + require support for particular vendor-specific PA-TNC Remediation + Parameters Types and MUST interoperate with other parties despite + any differences in the set of vendor-specific PA-TNC Remediation + Parameters Types supported (although they MAY permit + administrators to configure them to require support for specific + PA-TNC remediation parameter types). + + The following table lists the IETF Standard PA-TNC Remediation + Parameters Type values defined in this specification: + + Integer Description + ------- ----------- + 0 Reserved + 1 Remediation URI + 2 Remediation String + + + + + +Sangster & Narayan Standards Track [Page 43] + +RFC 5792 PA-TNC March 2010 + + + The next few subsections of this document provide detailed + definitions of the contents of the Remediation Parameters field + used with each Remediation Parameter Type. + + Remediation Parameters (variable length) + + The Remediation Parameters field contains the actual remediation + instructions for the Posture Collector. + +4.2.10.1. Remediation URI Parameters Type + + The Remediation URI Parameters Type is an IETF Standard Remediation + Parameters Type (value 1) that indicates that the sending Posture + Validator is providing a URI to instructions on how to remediate the + endpoint. + + The following diagram illustrates the format and contents of the + Remediation Parameters field when carrying a Remediation URI + parameter. The text after this diagram describes the fields shown + here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Remediation URI (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Remediation URI + + The Remediation URI field MUST contain a URI, as described in RFC + 3986 [7]. This URI SHOULD contain instructions to update a + particular component so that it might result in the component + being compliant with the policies in future assessments. Posture + Collectors should validate that the URI and instructions come from + a trustworthy source to avoid being tricked into performing + damaging actions (see security considerations). + +4.2.10.2. Remediation String Parameters Type + + The Remediation String Parameters Type is an IETF Standard + Remediation Parameters Type (value 2) that indicates that the sending + Posture Validator is providing a human-readable string containing + instructions on how to remediate the endpoint. + + The following diagram illustrates the format and contents of the + Remediation Parameters field when the carrying a Remediation String + parameter. The text after this diagram describes the fields shown + here. + + + +Sangster & Narayan Standards Track [Page 44] + +RFC 5792 PA-TNC March 2010 + + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Remediation String Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Remediation String (Variable Length) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Lang Code Len | Remediation String Lang Code (Variable Len) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Remediation String Length + + The Remediation String Length contains the length of the + Remediation String field in octets. + + Remediation String + + The Remediation String field MUST contain a UTF-8 encoded string. + This string contains human-readable instructions for remediation + that MAY be displayed to the user by the Posture Collector. NUL + termination MUST NOT be included. If a Posture Collector receives + a Remediation String that does contain a NUL termination, it + SHOULD send an Invalid Parameter error code. + + Lang Code Len (Remediation String Language Code Length) + + The Lang Code Len field contains the length of the Remediation + String Language Code field in octets. + + Remediation String Lang Code + + The Remediation String Lang(uage) Code field contains a US-ASCII + string composed of a well-formed RFC 4646 [6] language tag that + indicates the language(s) used in the Remediation String in the + Remediation Parameters field. A zero-length string MAY be sent + for this field (essentially omitting this field) to indicate that + the language code for the remediation string is not known. + +4.2.11. Forwarding Enabled + + This PA-TNC attribute indicates whether the endpoint is forwarding + traffic between interfaces. Endpoints that forward traffic between + networks connected to multiple network interfaces may be considered + non-compliant (and a security risk) in some enterprise network + deployments. For example, an endpoint with multiple connected + network interfaces might allow traffic from an interface connected to + a public network to be forwarded through another interface carrying a + VPN session to a protected enterprise network. This attribute is + + + +Sangster & Narayan Standards Track [Page 45] + +RFC 5792 PA-TNC March 2010 + + + currently envisioned to be specific to reporting posture for the + operating system component; however, could be useful for other future + types of components. + + Posture Collectors that implement the IETF Standard PA Subtype for + Operating System SHOULD support sending the Forwarding Enabled + attribute. Posture Collectors that do not implement the Operating + System PA Subtype defined in this specification SHOULD NOT send the + Forwarding Enabled attribute unless it is appropriate to their PA + Subtype. Whether a particular Posture Collector actually sends this + attribute type SHOULD still be governed by local privacy and security + policies. Posture Validators that implement the IETF Standard PA + Subtype for Operating System SHOULD support receiving the Forwarding + Enabled attribute type. Posture Validators supporting components + other than Operating System MAY support receiving this attribute type + if it is appropriate to their PA Subtype. A Posture Validator that + does not support receiving this attribute type SHOULD simply ignore + attributes with this type. Posture Validators MUST NOT send this + attribute type. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to + 11. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Forwarding Enabled | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Forwarding Enabled + + This 32-bit field MUST contain one of the following values; + + Value Description + ----- ----------- + 0 Disabled - Endpoint is not forwarding traffic. + + 1 Enabled - Endpoint is forwarding traffic. + + 2 Unknown - Unable to determine whether endpoint is + forwarding traffic + + + + + +Sangster & Narayan Standards Track [Page 46] + +RFC 5792 PA-TNC March 2010 + + +4.2.12. Factory Default Password Enabled + + This PA-TNC attribute indicates whether the endpoint has a factory + default password enabled for use. Some types of endpoints include a + default static password for used to gain privileged access to the + endpoint. If this password is not changed or disabled before the + endpoint is accessible on the network, it's often easy to compromise + the endpoint. + + Posture Collectors that implement the IETF Standard PA Subtype for + Operating System SHOULD support sending the Factory Default Password + Enabled attribute. Posture Collectors that implement other IETF + Standard PA Subtypes defined in this specification SHOULD NOT support + sending this attribute type for those PA subtypes. Other Posture + Collectors MAY support sending this attribute type, if it is + appropriate to their PA subtype. Whether a particular Posture + Collector actually sends this attribute type SHOULD still be governed + by local privacy and security policies. Posture Validators that + implement the IETF Standard PA Subtype for Operating System SHOULD + support receiving the Factory Default Password Enabled attribute. + Other Posture Validators MAY support receiving this attribute type. + A Posture Validator that does not support receiving this attribute + type SHOULD simply ignore attributes with this type. Posture + Validators MUST NOT send this attribute type. + + For this attribute type, the PA-TNC Attribute Vendor ID field MUST be + set to zero (0) and the PA-TNC Attribute Type field MUST be set to + 12. + + The following diagram illustrates the format and contents of the + Attribute Value field for this attribute type. The text after this + diagram describes the fields shown here. + + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Factory Default Password Enabled | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Factory Default Password Enabled + + This 32-bit field MUST contain one of the following values; + + Value Description + ----- ----------- + 0 Endpoint does not have factory default password enabled. + + 1 Endpoint has a factory default password enabled. + + + +Sangster & Narayan Standards Track [Page 47] + +RFC 5792 PA-TNC March 2010 + + +4.3. Vendor-Defined Attributes + + This section discusses the use of vendor-defined attributes within + PA-TNC. The PA-TNC protocol was designed to allow for vendor-defined + attributes to be used as a replacement where a standard attribute + could be used. In some cases, even the standard attributes allow for + vendor-defined information to be included. It is envisioned that + over time as particular vendor-defined attributes become popular, an + equivalent standard attribute could be added allowing for broader + interoperability. + + This specification does not define vendor-defined attributes, but + rather highlights how such attributes can be used with PA-TNC without + the potential for namespace collisions or misinterpretations. In + order to avoid collisions, PA-TNC uses the well-established SMI + Private Enterprise Numbers as vendor IDs to define separate + namespaces for important fields within a PA-TNC message. For + example, to ensure the uniqueness of attribute types while providing + for vendor extensions, vendor-defined attribute types include the + vendor's unique vendor ID, to indicate the intended namespace for the + attribute type, followed by the attribute type. IETF Standard PA-TNC + Attribute Types use a vendor ID of zero (0). + + SMI Private Enterprise Numbers are used to provide a separate + identifier space for each vendor. The IANA provides a registry for + SMI Private Enterprise Numbers. Any organization (including non- + profit organizations, governmental bodies, etc.) can obtain one of + these numbers at no charge, and thousands of organizations have done + so. Within this document, SMI Private Enterprise Numbers are known + as "vendor IDs". + +5. Security Considerations + + This section discusses the major potential types of security threats + relevant to the PA-TNC message protocol. It is envisioned that + additional attribute types could be defined in the future to + facilitate the exchange of security capabilities, keys, and security + protected attributes if future use cases are adopted that require + such protections. + +5.1. Trust Relationships + + In order to understand where security countermeasures are necessary, + this section starts with a discussion of where the TNC architecture + envisions some trust relationships between the processing elements of + the PA-TNC protocol. The following subsections discuss the trust + properties associated with each portion of the NEA reference model + directly involved with the processing of the PA-TNC protocol. + + + +Sangster & Narayan Standards Track [Page 48] + +RFC 5792 PA-TNC March 2010 + + +5.1.1. Posture Collector + + The Posture Collectors are trusted by Posture Validators to: + + o Collect valid information about the component type associated with + the Posture Collector + + o Report upon collected information consistent with local security + and privacy policies + + o Accurately report information associated with the type of + component for the PA-TNC message + + o Not act maliciously to the Posture Broker Server and Posture + Validators, including attacks such as denial of service + +5.1.2. Posture Validator + + The Posture Validators are trusted by Posture Collectors to: + + o Only request information necessary to assess the security state of + the endpoint + + o Make assessment decisions based on deployer-defined policies + + o Discard collected information consistent with data retention and + privacy policies + + o Not act maliciously to the Posture Broker Server and Posture + Collectors, including attacks such as denial of service + + o Not send malicious remediation instructions that do not fix or + that cause damage to the endpoint + +5.1.3. Posture Broker Client, Posture Broker Server + + The Posture Broker Client and Posture Broker Server are trusted by + the Posture Collector and Posture Validator to: + + o Provide a reliable transport for PA-TNC messages + + o Deliver messages for a particular PA Subtype only to those Posture + Collectors and Posture Validators that have registered for them + + o Not disclose any provided attributes to unauthorized parties + + + + + + +Sangster & Narayan Standards Track [Page 49] + +RFC 5792 PA-TNC March 2010 + + + o Not act maliciously to drop messages, duplicate messages, or flood + Posture Collectors and Posture Validators with unnecessary + messages + + o Not observe, fabricate, or alter the contents of a PA-TNC message + + o Properly place Posture Collector and Posture Validator identifiers + into the PB-TNC protocol, deliver those identifiers to Posture + Collectors and Posture Validators as needed, and manage exclusive + delivery to a particular Posture Collector or Posture Validator + when requested + + o Properly expose authentication information from PT security so + that Posture Collectors and Posture Validators can use the peer's + identity information to safely make policy decisions + +5.2. Security Threats + + Beyond the trusted relationships assumed in section 5.1, the PA-TNC + protocol faces a number of potential security attacks that could + require security countermeasures. + + Generally, the PA-TNC protocol relies upon the underlying PT + protocol's security to protect the messages from attack when + traveling over the network. Once the message resides on the Posture + Broker Client or Posture Broker Server, the posture brokers are + trusted to properly and safely deliver the messages to the + appropriate Posture Collectors and Posture Validators. + +5.2.1. Attribute Theft + + When PA-TNC messages are sent over unprotected network links or + spanning local software stacks that are not trusted, the contents of + the PA-TNC messages may be subject to information theft by an + intermediary party. This theft could result in information being + recorded for future use or analysis by the adversary. Attributes + observed by eavesdroppers could contain information that exposes + potential weaknesses in the security of the endpoint, or system + fingerprinting information easing the ability of the attacker to + employ attacks more likely to be successful against the endpoint. + The eavesdropper might also learn information about the endpoint or + network policies that either singularly or collectively is considered + sensitive information (e.g., certain endpoints are lacking patches, + or particular sub-networks have more lenient policies). + + PA-TNC attributes are not intended to carry privacy-sensitive + information, but should some exist in a message, the adversary could + come into possession of the information, which could be used for + + + +Sangster & Narayan Standards Track [Page 50] + +RFC 5792 PA-TNC March 2010 + + + financial gain. Therefore, it is important that PT provide strong + confidentiality protection to protect the message from eavesdroppers + when being sent between the Posture Transport Client and Posture + Transport Server. + +5.2.2. Message Fabrication + + Attackers on the network or present within the NEA system could + introduce fabricated PA-TNC messages intending to trick or create a + denial of service against aspects of an assessment. For example, an + adversary could attempt to send a falsified set of remediation + instructions using the Remediation URI support in hopes of the + Posture Collector automatically following the instructions. Posture + Collectors need to ensure that any requests to take actions on the + endpoint (such as remediation instructions) received from Posture + Validators are authentic and trustworthy using strong authentication + and integrity protections offered by PT. Posture Collectors should + not blindly follow remediation instructions received from a trusted + NEA Server. At least for patches and other potentially dangerous + actions, Posture Collectors should validate these actions (e.g., via + user confirmation) before proceeding. + + Such an attack could occur if an active attacker launches a man-in- + the-middle (MitM) attack by proxying the PA-TNC messages and was able + to replace undesired messages with ones easing future attack upon the + endpoint. Consider a scenario where PT security protection is not + used and the Posture Broker Server proxies all assessment traffic to + a remote Posture Broker Server. The proxy could eavesdrop and + replace assessment results attributes, tricking the endpoint into + thinking it has passed an assessment, when in fact it has not and + requires remediation. Because the Posture Collector has no way to + verify that attributes were actually created by an authentic Posture + Validator, it is unable to detect the falsified attribute or message. + Therefore, it is important that PT provides strong authentication and + integrity protection. + +5.2.3. Attribute Modification + + This attack could allow an active attacker capable of intercepting a + message to modify a PA-TNC message attribute to a desired value to + ease the compromise of an endpoint. Without the ability for message + recipients to detect whether a received message contains the same + content as what was originally sent, active attackers can stealthily + modify the attribute exchange. + + For example, an attacker might wish to change the contents of the + firewall component's version string attribute to disguise the fact + that the firewall is running an old, vulnerable version. The + + + +Sangster & Narayan Standards Track [Page 51] + +RFC 5792 PA-TNC March 2010 + + + attacker would change the version string sent by the firewall Posture + Collector to the current version number, so the Posture Validator's + assessment passes while leaving the endpoint vulnerable to attack. + Similarly, an attacker could achieve widespread denial of service by + altering large numbers of assessments' version string attributes to + an old value so they repeatedly fail assessments even after a + successful remediation. Upon receiving the lower value, the Posture + Validator would continue to believe that the endpoint is running old, + potentially vulnerable versions of the firewall that does not meet + network compliance policy, so therefore the endpoint would not be + allowed to join the network. Use of a PT protocol providing strong + integrity protection and authentication is essential as + countermeasures to these attacks. + +5.2.4. Attribute Replay + + Another potential attack against an unprotected PA-TNC message + attribute exchange is to exploit the lack of a strong binding between + the attributes sent during an assessment to the specific endpoint. + Without a strong binding of the endpoint to the posture information, + an attacker could record the attributes sent during an assessment of + a compliant endpoint and later replay those attributes so that a non- + compliant endpoint can now gain access to the network or protected + resource. This attack could be employed by a network MitM that is + able to eavesdrop and proxy message exchanges, or by using local + rogue agents on the endpoints. Assessments lacking some form of + freshness exchange could be subject to replay of prior assessment + data, even if it no longer reflects the current state of the + endpoint. Use of a PT protocol providing strong integrity protection + and authentication including a freshness exchange is necessary + countermeasure to these attacks. + +5.2.5. Attribute Insertion + + Similar to the attribute modification attacks, an adversary wishing + to include one or more attributes or PA-TNC messages inside a valid + assessment may be able to insert the attributes or messages without + detection by the recipient. For example, an attacker could add + attributes to the front of a PA-TNC message to cause an assessment to + succeed even for a non-compliant endpoint, particularly if it knew + that the recipient ignored repeated attributes within a message. + Similarly, if a Posture Collector or Posture Validator always + generated an error if it saw unexpected attributes, the attacker + could cause failures and denial of service by adding attributes or + messages to an exchange. Use of a PT protocol providing strong + authentication and integrity protection could prevent the adversary + from inserting attributes into the assessment. + + + + +Sangster & Narayan Standards Track [Page 52] + +RFC 5792 PA-TNC March 2010 + + +5.2.6. Denial of Service + + A variety of types of denial-of-service attacks are possible against + the PA-TNC message exchange if left unprotected from untrusted + parties along the communication path between the Posture Collector + and Posture Validator. Normally, the PT exchange is bidirectionally + authenticated, which helps to prevent a MitM on the network from + becoming an active proxy, but transparent message routing gateways + may still exist on the communication path and can modify the + integrity of the message exchange unless adequate integrity + protection is provided. If the MitM or other entities on the network + can send messages to the Posture Broker Client or Posture Broker + Server that appear to be part of an assessment, these messages could + confuse the Posture Collector and Posture Validator or cause them to + perform unnecessary work or take incorrect action. Several example + denial-of-service situations are described in sections 5.2.3 and + 5.2.5. Many potential denial-of-service examples exist, including + flooding messages to the Posture Collector or Posture Validator, + sending very large messages containing many attributes, and + repeatedly asking for resource-intensive operations. + +6. Privacy Considerations + + The PA-TNC protocol is designed to allow for controlled disclosure of + security-relevant information about an endpoint, specifically for the + purpose of enabling an assessment of the endpoint's compliance with + network policy. The purpose of this protocol is to provide + visibility into the state of the protective mechanisms on the + endpoint, in order for the Posture Validators and Posture Broker + Server to determine whether the endpoint is up to date and thus has + the best chance of being resilient in the face of malware threats. + One risk associated with providing visibility into the contents of an + endpoint is the increased chance for exposure of privacy-sensitive + information without the consent of the user. + + While this protocol does provide the Posture Validator the ability to + request specific information about the endpoint, the protocol is not + open ended, bounding the Posture Validator to only query specific + information (attributes) about specific security features (component + types) of the endpoint. Each PA-TNC message is explicitly about a + single component from the list of components in section 3.5. These + components include a list of security-related aspects of the endpoint + that affect the ability of the endpoint to resist attacks and thus + are of interest during an assessment. Discretionary components used + by the user to create or view content are not on the list, as they + are more likely to have access to privacy-sensitive information. + + + + + +Sangster & Narayan Standards Track [Page 53] + +RFC 5792 PA-TNC March 2010 + + + Similarly, PA-TNC messages contain a set of attributes that describe + the particular component. Each attribute contains generic + information (e.g., product information or versions) about the + component, so it is unlikely to include any user-specific or + identifying information. This combination of a limited set of + security-related components with non-user-specific attributes greatly + reduces the risk of exposure of privacy-sensitive information. + Vendors that choose to define additional component types and/or + attributes within their namespace are encouraged to provide similar + constraints. + + Even with the bounding of standard attribute information to specific + components, it is possible that individuals might wish to share less + information with different networks they wish to access. For + example, a user may wish to share more information when connecting to + or being reassessed by the user's employer network than what would be + made available to the local coffee shop wireless network. While + these situations do not impact the protocol itself, they do suggest + that Posture Collector implementations should consider supporting a + privacy filter allowing the user and/or system owner to restrict + access to certain attributes based upon the target network. + + The underlying PT protocol authenticates the network's Posture Broker + Server at the start of an assessment, so identity can be made + available to the Posture Collector and per-network privacy filtering + is possible. Network owners should make available a list of the + attributes they require to perform an assessment and any privacy + policy they enforce when handling the data. Users wishing to use a + more restricted privacy filter on the endpoint may risk not being + able to pass an assessment and thus not gain access to the requested + network or resource. + +7. IANA Considerations + + This section defines the contents of three new IANA registries: PA- + TNC Attribute Types, PA-TNC Error Codes, and PA-TNC Remediation + Parameters Types. This section explains how these registries work. + Also, this specification defines several new PA Subtypes for use with + PA-TNC. + + All of the registries defined in this document support IETF standard + values and vendor-defined values. To explain this phenomenon, we + will use the PA-TNC Attribute Type as an example, but the other three + registries work the same way. Whenever a PA-TNC Attribute Type + appears on a network, it is always accompanied by an SMI Private + Enterprise Number (PEN), also known as a vendor ID. If this vendor + ID is zero, the accompanying PA-TNC Attribute Type is an IETF + standard value listed in the IANA registry for PA-TNC Attribute + + + +Sangster & Narayan Standards Track [Page 54] + +RFC 5792 PA-TNC March 2010 + + + Types, and its meaning is defined in the specification listed for + that PA-TNC Attribute Type in that registry. If the vendor ID is not + zero, the meaning of the PA-TNC Attribute Type is defined by the + vendor identified by the vendor ID (as listed in the IANA registry + for SMI PENs). The identified vendor is encouraged but not required + to register with IANA some or all of the PA-TNC Attribute Types used + with their vendor ID and publish a specification for each of these + values. + + This delegation of namespace is analogous to the technique used for + OIDs. It can result in interoperability problems if vendors require + support for particular vendor-specific values. However, such + behavior is explicitly prohibited by this specification (in section + 4.1), which dictates that "Posture Collectors and Posture Validators + MUST NOT require support for particular vendor-specific PA-TNC + Attribute Types and MUST interoperate with other parties despite any + differences in the set of vendor-specific PA-TNC Attribute Types + supported (although they MAY permit administrators to configure them + to require support for specific PA-TNC Attribute Types)". Similar + requirements are included for PA Subtypes, Remediation Parameters + Types, and PA-TNC Error Codes. + +7.1. Designated Expert Guidelines + + For all of the IANA registries defined by this specification, new + values are added to the registry by Expert Review with Specification + Required, using the Designated Expert process defined in RFC 5226 + [3]. + + This section provides guidance to designated experts so that they may + make decisions using a philosophy appropriate for these registries. + + The registries defined in this document have plenty of values. In + most cases, the IETF has approximately 2^32 values available for it + to define and each vendor the same number of values for its use. + Because there are so many values available, designated experts should + not be terribly concerned about exhausting the set of values. + + Instead, designated experts should focus on the following + requirements. All values in these IANA registries MUST be documented + in a specification that is permanently and publicly available. IETF + standard values MUST also be useful, not harmful to the Internet, and + defined in a manner that is clear and likely to ensure + interoperability. + + Designated experts should encourage vendors to avoid defining similar + but incompatible values and instead agree on a single IETF standard + value. However, it is beneficial to document existing practice. + + + +Sangster & Narayan Standards Track [Page 55] + +RFC 5792 PA-TNC March 2010 + + + There are several ways to ensure that a specification is permanently + and publicly available. It may be published as an RFC. + Alternatively, it may be published in another manner that makes it + freely available to anyone. However, in this latter case, the vendor + MUST supply a copy to the IANA and authorize the IANA to archive this + copy and make it freely available to all if at some point the + document becomes no longer freely available to all through other + channels. + + Section 7.2 defines the new PA Subtypes. The following three + sections provide guidance to the IANA in creating and managing the + new IANA registries defined by this specification. + +7.2. PA Subtypes + + Section 3.5 of this specification defines several new PA Subtypes + that have been added to the PA Subtypes registry defined in the PB- + TNC specification. Here is a list of these assignments: + + PEN Integer Name Defining Specification + --- ------- ---- ---------------------- + 0 0 Testing RFC 5792 + 0 1 Operating System RFC 5792 + 0 2 Anti-Virus RFC 5792 + 0 3 Anti-Spyware RFC 5792 + 0 4 Anti-Malware RFC 5792 + 0 5 Firewall RFC 5792 + 0 6 IDPS RFC 5792 + 0 7 VPN RFC 5792 + 0 8 NEA Client RFC 5792 + + These PA Subtypes have been added to the registry for PA Subtypes + defined in the PB-TNC specification, with this RFC as the reference. + +7.3. Registry for PA-TNC Attribute Types + + The name for this registry is "PA-TNC Attribute Types". Each entry + in this registry should include a human-readable name, an SMI Private + Enterprise Number, a decimal integer value between 0 and 2^32-1, and + a reference to the specification where the contents of this attribute + type are defined. This specification must define the meaning of this + PA-TNC attribute type and the format and semantics of the PA-TNC + Attribute Value field for PA-TNC attributes that include the + designated Private Enterprise Number in the PA-TNC Attribute Vendor + ID field and the designated numeric value in the PA-TNC Attribute + Type field. + + + + + +Sangster & Narayan Standards Track [Page 56] + +RFC 5792 PA-TNC March 2010 + + + The following entries for this registry are defined in this document. + They are the initial entries in the registry for PA-TNC Attribute + Types. Additional entries to this registry are added by Expert + Review with Specification Required, following the guidelines in + section 7.1. + + PEN Integer Name Defining Specification + --- ------- ---- ---------------------- + 0 0 Testing RFC 5792 + 0 1 Attribute Request RFC 5792 + 0 2 Product Information RFC 5792 + 0 3 Numeric Version RFC 5792 + 0 4 String Version RFC 5792 + 0 5 Operational Status RFC 5792 + 0 6 Port Filter RFC 5792 + 0 7 Installed Packages RFC 5792 + 0 8 PA-TNC Error RFC 5792 + 0 9 Assessment Result RFC 5792 + 0 10 Remediation Instructions RFC 5792 + 0 11 Forwarding Enabled RFC 5792 + 0 12 Factory Default Password RFC 5792 + Enabled + 0 0xffffffff Reserved RFC 5792 + +7.4. Registry for PA-TNC Error Codes + + The name for this registry is "PA-TNC Error Codes". Each entry in + this registry should include a human-readable name, an SMI Private + Enterprise Number, a decimal integer value between 0 and 2^32-1, and + a reference to the specification where this error code is defined. + This specification must define the meaning of this error code and the + format and semantics of the Error Information field for PA-TNC + attributes that have a PA-TNC vendor ID of 0, a PA-TNC Attribute Type + of PA-TNC Error, the designated Private Enterprise Number in the PA- + TNC Error Code Vendor ID field, and the designated numeric value in + the PA-TNC Error Code field. + + The following entries for this registry are defined in this document. + They are the initial entries in the registry for PA-TNC Error Codes. + Additional entries to this registry are added by Expert Review with + Specification Required, following the guidelines in section 7.1. + + + + + + + + + + +Sangster & Narayan Standards Track [Page 57] + +RFC 5792 PA-TNC March 2010 + + + PEN Integer Name Defining Specification + --- ------- ---- ---------------------- + 0 0 Reserved RFC 5792 + 0 1 Invalid Parameter RFC 5792 + 0 2 Version Not Supported RFC 5792 + 0 3 Attribute Type Not Supported RFC 5792 + +7.5. Registry for PA-TNC Remediation Parameters Types + + The name for this registry is "PA-TNC Remediation Parameters Types". + Each entry in this registry should include a human-readable name, an + SMI Private Enterprise Number, a decimal integer value between 1 and + 2^32-1, and a reference to the specification where the contents of + this remediation parameters type are defined. This specification + must define the meaning of this PA-TNC Remediation Parameters Type + and the format and semantics of the Remediation Parameters field for + PA-TNC attributes that include the designated Private Enterprise + Number in the Remediation Parameters Vendor ID field and the + designated numeric value in the Remediation Parameters Type field. + + The following entries for this registry are defined in this document. + They are the initial entries in the registry for PA-TNC Remediation + Parameters Types. Additional entries to this registry are added by + Expert Review with Specification Required, following the guidelines + in section 7.1. + + PEN Integer Name Defining Specification + --- ------- ---- ---------------------- + 0 0 Reserved RFC 5792 + 0 1 URI RFC 5792 + 0 2 Remediation String RFC 5792 + +8. Acknowledgments + + Thanks to the Trusted Computing Group for contributing the initial + text [8] upon which this document was based. The authors would also + like to acknowledge the following people who have contributed to or + provided substantial input on the preparation of this document or + predecessors to it: Stuart Bailey, Roger Chickering, Lauren Giroux, + Charles Goldberg, Steve Hanna, Ryan Hurst, Meenakshi Kaushik, Greg + Kazmierczak, Scott Kelly, PJ Kirner, Houcheng Lee, Lisa Lorenzin, + Mahalingam Mani, Sung Lee, Ravi Sahita, Mauricio Sanchez, Brad Upson, + and Han Yin. + + + + + + + + +Sangster & Narayan Standards Track [Page 58] + +RFC 5792 PA-TNC March 2010 + + +9. References + +9.1. Normative References + + [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement + Levels", BCP 14, RFC 2119, March 1997. + + [2] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD + 63, RFC 3629, November 2003. + + [3] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA + Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. + + [4] Klyne, G. and C. Newman, "Date and Time on the Internet: + Timestamps", RFC 3339, July 2002. + + [5] Sahita, R., Hanna, S., Hurst, R., and K. Narayan, "PB-TNC: A + Posture Broker (PB) Protocol Compatible with Trusted Network + Connect (TNC)", RFC 5793, March 2010. + + [6] Phillips, A., Ed., and M. Davis, Ed., "Tags for Identifying + Languages", BCP 47, RFC 5646, September 2009. + + [7] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform + Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, + January 2005. + +9.2. Informative References + + [8] Trusted Computing Group, "IF-M: TLV Binding", + http://www.trustedcomputinggroup.org/resources/ + tnc_ifm_tlv_binding_specification, February 2010. + + [9] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J. + Tardo, "Network Endpoint Assessment (NEA): Overview and + Requirements", RFC 5209, June 2008. + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 59] + +RFC 5792 PA-TNC March 2010 + + +Appendix A. Use Cases + +A.1. Initial Client-Triggered Assessment + + This scenario involves the assessment of an endpoint initiated during + network join. The assessment is triggered by the Posture Broker + Client (PBC) and involves collection of patch information from both + Standard Operating System (OS) Posture Collector and vendor-specific + Patch Posture Collector (PC). The assessment by both the vendor- + specific Patch Posture Validator (PV) and Standard OS Posture + Validator result in a compliant assessment decision that results in a + compliant System Assessment Decision to be returned by the Posture + Broker Server (PBS). + + +--------+ +-------+ +---------+ +--------+ +-------++--------+ + | Vndr. X| | Std. | | Std. | | Std. | | Std. || Vndr. X| + |Patch PC| | OS PC | | PBC | | PBS | | OS PV ||Patch PV| + +--+-----+ +-+-----+ +---+-----+ +-+------+ +-+------+--+-----+ + | | N/W Join| | | | + | | ----->| | | | + | | Req Post. | | | | + | |<----------| | | | + | | Req Post. | | | | + |<--------------------| | | | + |Vndr X Patch Posture | | | | + |-------------------->| | | | + | |OS Posture | | | | + | |---------->| | | | + | | | Posture | | | + | | | Report | | | + | | |-------->| | | + | | | | Verify | | + | | | | Posture | | + | | | |---------> | + | | | | | Verify | + | | | | | Posture | + | | | |------------------->| + | | | | OS Reslt | | + | | | |<---------| | + | | | | VndrX Patch Result | + | | | Assess |<-------------------| + | | | Result | | + | | |<--------| | | + | | OS Reslt | | | | + | |<----------| | | | + | VndrX Patch Result | | | | + |<--------------------| | | | + + + + +Sangster & Narayan Standards Track [Page 60] + +RFC 5792 PA-TNC March 2010 + + +A.1.1. Message Contents + + This section shows the contents of the key fields in each of the PA + messages exchanged in this use case. When necessary, additional + commentary is provided to explain why certain fields contain the + shown values. Note that many of the flows shown are between + components on the same system so no message contents are shown. + +A.1.1.1. N/W Join + + This flow represents the event that causes the PBC to decide to start + an assessment of the endpoint in order to gain access to the network. + This is merely an event and does not include a message being sent. + +A.1.1.2. Request Posture (Req Post.) + + This flow illustrates an invocation of the OS and patch posture + collectors requesting particular posture attributes to be sent. + Because this use case is triggered locally, the contents of this flow + aren't specified by NEA. + +A.1.1.3. Vendor X Patch Posture (VndrX Patch Posture) + + This flow contains the PA message from the Patch Posture Collector: + + Vendor X Patch Posture PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=1 (vendor X) + type=1 (Vendor X namespace attribute) + length + Value = { + VendorXAttribute1=123 + } + } + Attribute 2 { + vendor-id=1 (vendor X) + type=2 (Vendor X namespace attribute) + length + Value = { + VendorXAttribute2=456 + } + } + } + + + + + + + +Sangster & Narayan Standards Track [Page 61] + +RFC 5792 PA-TNC March 2010 + + +A.1.1.4. OS Posture + + This flow contains the PA message from the OS Posture Collector: + + OS Posture PA Message { + + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=2 (product information) + length + Value = { + Product-vendor-id=311 -- Microsoft's PEN + Product-name="Windows Vista" + } + } + Attribute 2 { + vendor-id=0 + type=3 (numeric version) + length + Value = { + major-version=6 -- Vista is version 6.0 + minor-version=0 + build-number=456789 + service-pack-major=0 -- No service packs + service-pack-minor=0 + } + } + } + +A.1.1.5. Posture Report + + This flow contains the PB message containing the PA messages from the + Patch and OS Posture Collectors; the message content is described in + the PB-TNC specification. + +A.1.1.6. Verify Posture + + This flow illustrates an invocation of the OS and patch Posture + Validators requesting verification of the posture attributes + received. Because this flow happens locally within the NEA server, + NEA does not specify the message contents. + + + + + + + + + +Sangster & Narayan Standards Track [Page 62] + +RFC 5792 PA-TNC March 2010 + + +A.1.1.7. OS Posture Result (OS Reslt) + + This flow contains the PA message (Posture Assessment Result) from + the OS Posture Validator + + OS Posture Result PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=9 (assessment-result) + length + Value = { + assessment-result=0 (compliant) + } + } + } + +A.1.1.8. Vendor X Patch Result (VndrX Patch Result) + + This flow contains the PA message (Posture Assessment Result) from + the Vendor X Patch Posture Validator + + Patch Vendor X Posture Result PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=9 (assessment-result) + length + Value = { + assessment-result=0 (compliant) + } + } + } + +A.1.1.9. Assessment Result (Assess Result) + + This flow contains the PB message containing the system assessment + result computed by the Posture Broker Server and the PA messages from + the Patch and OS Posture Validators; the message content is described + in the PB-TNC specification. + +A.1.1.10. Posture Result (OS PRslt & Vndr X Post PResult) + + These flows illustrate an invocation of the OS and Vendor X Patch + Posture Collectors to receive the posture assessment results. + Because this flow is triggered locally, NEA does not specify the + contents of this flow. + + + + +Sangster & Narayan Standards Track [Page 63] + +RFC 5792 PA-TNC March 2010 + + +A.2. Server-Initiated Assessment with Remediation + + This scenario involves the assessment of an endpoint initiated by the + NEA Server. The assessment is triggered by the Posture Broker Server + and involves collection of Anti-Virus attributes for two Anti-Virus + components running on the endpoint. The endpoint is assessed to be + compliant by one of the vendor (Vendor X) anti-virus Posture + Validators and non-compliant by the other vendor (Vendor Y) anti- + virus Posture Validator. Based upon the Posture Broker Server's + policy, this results in a non-compliant system assessment decision to + be returned by the Posture Broker Server. The Posture Broker Server + also returns remediation instructions for the endpoint as part of the + response. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 64] + +RFC 5792 PA-TNC March 2010 + + + +--------+ +-------+ +---------+ +--------+ +-------+ +--------+ + | Vndr Y | | Vndr X| | Std. | | Std. | | Vndr X| | Vndr Y | + | AV PC | | AV PC | | PBC | | PBS | | AV PV | | AV PV | + +----+---+ +---+---+ +-----+---+ +---+----+ +---+---+ +----+---+ + | | | N/W Join| | | + | | | ------->| | | + | | | | Create | | + | | | |Post. Req | | + | | | |--------->| | + | | | |Create Posture Req | + | | | |----------+--------->| + | | | | Vndr Y AV Post Req | + | | | |<---------+----------| + | | | |Vndr X AV | | + | | | |Post. Req | | + | | | Posture |<---------| | + | | | Request | | | + | | Vndr X AV |<--------| | | + | | Post. Req | | | | + | |<----------| | | | + | Vndr Y AV | | | | + | Posture Req | | | | + +<---------+-----------| | | | + | Vndr Y AV Posture | | | | + +----------+---------->| | | | + | | Vndr X AV | | | | + | | Posture | | | | + | |---------->| Posture | | | + | | |Response | | | + | | |-------->| | | + | | | | Verify | | + | | | | Posture | | + | | | |--------->| | + | | | | Verify Posture | + | | | |----------+--------->| + | | | |Vndr Y AV Post Result| + | | | |<---------+----------| + | | | |Vndr X AV | | + | | | |Post Reslt| | + | | | Assess |<---------| | + | | | Result | | | + | | Vndr X AV |<--------| | | + | |Post Reslt |<--------| | | + | |<----------| | | | + | Vndr Y AV Post Reslt | | | | + +<---------+-----------| | | | + + + + + +Sangster & Narayan Standards Track [Page 65] + +RFC 5792 PA-TNC March 2010 + + +A.2.1. Message Contents + + This section shows the contents of the key fields in each of the PA + messages exchanged in this use case. When necessary, additional + commentary is provided to explain why certain fields contain the + shown values. Note that many of the flows shown are between + components on the same system so no message contents are shown. + +A.2.1.1. N/W Join + + This flow represents the event that causes the PBS to decide to start + an assessment of the endpoint in order to gain access to the network. + This is merely an event and does not include a message being sent. + +A.2.1.2. Create Posture Request (Create Posture Req) + + This flow illustrates an invocation of the Vendor X and Vendor Y + Anti-Virus Posture Validators enabling posture request attributes to + be created. Because this use case is triggered locally, NEA does not + specify the contents of this flow. + +A.2.1.3. Vendor Y AV Posture Request (Vndr Y AV Posture Req) + + This flow contains the PA message (Posture Request) from the Vendor Y + Anti-Virus Posture Validator + + Vendor Y AV Posture Request PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=1 (Attribute Request) + length + Value = { + Vendor-id=0 (IETF Standard) + Type=2 (Standard attribute, Product-Information) + Vendor-id=1 (Vendor Y) + Type=2 (Vendor Y attribute, Extended-Dat-Version) + } + } + } + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 66] + +RFC 5792 PA-TNC March 2010 + + +A.2.1.4. Vendor X AV Posture Request (Vndr X AV Post. Req) + + This flow contains the PA message (Posture Request) from the Vendor X + Anti-Virus Posture Validator + + Vendor X AV Posture Request PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=1 (Attribute Request) + length + Value = { + Vendor-id=1 (Vendor X) + Type=1 (Vendor X attribute, Scan-Engine-Version) + Vendor-id=0 (IETF Standard) + Type=5 (Standard, Operational-Status) + } + } + } + +A.2.1.5. Posture Request + + This flow contains the PB message containing the PA messages from the + Vendor X and Vendor Y Anti-Virus Posture Validators; the message + content is described in the PB-TNC specification. + +A.2.1.6. Posture Request (Vndr X AV Post Req & Vndr Y AV Post Req) + + These flows illustrate an invocation of the Vendor X and Vendor Y + Anti-Virus Posture Collectors to process the Posture Request and + return the particular posture attributes requested. Because this + flow is triggered locally, NEA does not specify the contents of this + flow. + + + + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 67] + +RFC 5792 PA-TNC March 2010 + + +A.2.1.7. Vendor Y AV Posture (Vndr Y AV Posture) + + This flow contains the PA message (response to the Posture Request) + from the Vendor Y Anti-Virus Posture Collector. + + Vendor Y AV Posture PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 (IETF Standard) + Type=2 (Standard attribute, Product-Information) + length + Value = { + product-vendor-id=12345 (vendor Y) + product-id=987 (AV product id from vendor Y) + product-name="Vendor Y Anti-Virus" + } + } + Attribute 2 { + vendor-id=2 (vendor Y) + type=2 (vendor Y attribute, DAT-Version) + length + Value = { + DAT-version=5678 + } + } + } + + + + + + + + + + + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 68] + +RFC 5792 PA-TNC March 2010 + + +A.2.1.8. Vendor X AV Posture (Vndr X AV Posture) + + This flow contains the PA message (response to the Posture Request) + from the Vendor X Anti-Virus Posture Collector. + + Vendor X AV Posture PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=1 + type=1 (vendor X attribute, Scan-Engine-Version) + length + Value = { + scan-engine-version=1234 + } + } + Attribute 2 { + vendor-id=0 (IETF Standard) + type=5 (Standard, Operational-Status) + length + Value = { + status=2 (installed but non-operational) + result=0 (unknown) + last use="" (never used) + } + } + } + +A.2.1.9. Posture Response + + This flow contains the PB message containing the PA messages from the + Vendor X and Vendor Y Anti-Virus Posture Collectors; the message + content is described in the PB-TNC specification. + +A.2.1.10. Verify Posture + + This flow illustrates an invocation of the Vendor X and Vendor Y + Anti-Virus Posture Validators requesting verification of the posture + attributes received. Because this flow happens locally within the + NEA server, NEA does not specify the message contents. + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 69] + +RFC 5792 PA-TNC March 2010 + + +A.2.1.11. Vendor Y AV Posture Result (Vndr Y AV Post Result) + + This flow contains the PA message (Posture Assessment Result) from + the Vendor Y Anti-Virus Posture Validator + + Vendor Y AV Posture Result PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=9 (assessment-result) + length + Value = { + assessment-result=0 (compliant) + } + } + } + +A.2.1.12. Vendor X AV Posture Result (Vndr X AV Post Reslt) + + This flow contains the PA message (Posture Assessment Result) from + the Vendor X Anti-Virus Posture Validator + + Vendor X AV Posture Result PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=9 (assessment-result) + length + Value = { + assessment-result=1 (non-compliant) + } + } + } + +A.2.1.13. Assessment Result (Assess Result) + + This flow contains the PB message containing the system assessment + result computed by the Posture Broker Server and the PA messages from + the Vendor X and Vendor Y Anti-Virus Posture Validators; the message + content is described in the PB-TNC specification. + +A.2.1.14. Posture Result (Vndr X AV Post Reslt & Vndr Y AV Post Reslt) + + These flows illustrate an invocation of the Vendor X and Vendor Y + Anti-Virus Posture Collectors to receive the posture assessment + results. Because this flow is triggered locally, NEA does not + specify the contents of this flow. + + + + +Sangster & Narayan Standards Track [Page 70] + +RFC 5792 PA-TNC March 2010 + + +A.3. Client-Triggered Reassessment + + This scenario involves the reassessment of an endpoint as a result of + enabling a software component on the endpoint. The endpoint has two + VPN client software components, one from vendor X for the user's home + network and other from vendor Y for the network that the endpoint is + currently accessing. The assessment is triggered when the user tries + to use the Vendor X VPN client; this is a violation of the assessment + policy. The Posture Broker Client triggers the posture assessment + when it receives a notification from the VPN Posture Collector about + the change to the operational state of the VPN component on the + endpoint. Note that the VPN Posture Collector may support standard + attributes and some vendor-defined attributes from vendor X's and + vendor Y's namespaces. This use case does not leverage vendor- + defined attributes. The assessment involves verification of the + standard VPN posture attributes by the standard VPN Posture Validator + that results in a non-compliant assessment result. + + This use case relies on the use of multiple Posture Collector IDs for + a single Posture Collector as described in section 3.3 of the PA-TNC + specification. In this example, the Posture Collector will obtain + two Posture Collector IDs to a single Posture Collector (Standard VPN + PC) and the Posture Collector will generate two separate PA messages + each using a different ID to report the posture for Vendor X and + Vendor Y VPN Clients. The Posture Broker Client will associate the + assigned IDs in the PB message sent to the NEA Server. This entire + behavior will be completely opaque to the NEA Server, which will + handle the PB message as if there were two VPN Posture Collectors on + the NEA Client. + + + + + + + + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 71] + +RFC 5792 PA-TNC March 2010 + + + +--------+ +-------+ +---------+ +--------+ +--------+ +--------+ + |Vndr X | |Vndr Y | |Standard | |Standard| |Standard| |Standard| + |VPNClnt | |VPNClnt| | VPN PC | | PBC | | PBS | | VPN PV | + +----+---+ +---+---+ +-----+---+ +---+----+ +---+----+ +----+---+ + Enble| | | | | | + ---->| | | | | | + | VPN Status Change | | | | + |--------------------->| Posture | | | + | | | Change | | | + | | |-------->| | | + | | |Req. Post| | | + | | |<--------| | | + | |Ins/Rq Info| | | | + | |<----------| | | | + | Inspect/Request Info | | | | + |<---------+-----------|VPNX Post| | | + | | |-------->| | | + | | |VPNY Post| | | + | | |-------->| | | + | | | | Posture | | + | | | | Report | | + | | | |--------->| | + | | | | |Vrfy Post. | + | | | | |---------->| + | | | | |VPN PRslt | + | | | | Assess |<----------| + | | | | Result | | + | | | |<---------| | + | | |VPN PRslt| | | + | | |<--------| | | + +A.3.1. Message Contents + + This section shows the contents of the key fields in each of the PA + messages exchanged in this use case. When necessary, additional + commentary is provided to explain why certain fields contain the + shown values. Note that many of the flows shown are between + components on the same system so no message contents are shown. + +A.3.1.1. Enable VPN Client (Enble) + + This flow represents the end user triggered event of starting the VPN + Client software from Vendor X. This is merely an event and does not + include a message being sent. + + + + + + + +Sangster & Narayan Standards Track [Page 72] + +RFC 5792 PA-TNC March 2010 + + +A.3.1.2. Notify Status Change (VPN Status Change) + + This flow represents the detection of the active state of the Vendor + X VPN Client software by the VPN Posture Collector. This is merely + an event and does not include a message being sent. + +A.3.1.3. Notify Posture Change (Posture Change) + + This flow represents the notification of the VPN posture change sent + from the VPN Posture Collector to the Standard Posture Broker Client. + This is merely an event and does not include a message being sent. + +A.3.1.4. Request Posture (Req. Post) + + This flow illustrates an invocation of the VPN Posture Collector + requesting particular posture attributes to be sent. Because this + use case is triggered locally, NEA does not specify the contents of + this flow. + +A.3.1.5. Inspect/Request Info (Ins/Rq Info) + + This flow illustrates the acquisition of the posture information by + the VPN Posture Collector from the Vendor X and Vendor Y VPN Client + components. Because this flow is triggered locally, NEA does not + specify the message contents. + + + + + + + + + + + + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 73] + +RFC 5792 PA-TNC March 2010 + + +A.3.1.6. Vendor X VPN Posture (VPNX Post) + + This flow contains the PA message from the VPN Posture Collector + describing the Vendor X VPN Client's posture: + + Vendor X VPN Posture PA Message{ + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=2 (product information) + length + Value = { + product-vendor-id=9876 (vendor X) + product-id=567 (VPN client identifier for Vndr X) + product-name="Vendor X VPN Client" + } + } + Attribute 2 { + vendor-id=0 + type=5 (operational status) + length + Value = { + Status=3 (Operational) + Result=1 (Successful use with no errors detected) + last Use="2008-07-07T12:00:00Z" + } + } + + + + + + + + + + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 74] + +RFC 5792 PA-TNC March 2010 + + +A.3.1.7. Vendor Y VPN Posture (VPNY Post) + + This flow contains the PA message from the VPN Posture Collector + including the Vendor Y VPN Client's posture: + + Vendor Y VPN Posture PA Message{ + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=2 (product information) + length + Value = { + product-vendor-id=Vendor Y + product-id=234 (VPN client identifier for Vndr Y) + product-name="Vendor Y VPN Client" + } + } + Attribute 2 { + vendor-id=0 + type=5 (operational status) + length + Value = { + Status=3 (Operational) + Result=1 (Successful use with no errors detected) + last Use="2008-07-07T14:05:00Z" + } + } + } + +A.3.1.8. Posture Report + + This flow contains the PB message containing the PA message from the + VPN Posture Collector; the message content is described in the PB-TNC + specification. + +A.3.1.9. Verify Posture (Vrfy Post.) + + This flow illustrates an invocation of the VPN Posture Validator + requesting verification of the posture attributes received. Because + this flow happens locally within the NEA Server, NEA does not specify + the message contents. + + + + + + + + + + +Sangster & Narayan Standards Track [Page 75] + +RFC 5792 PA-TNC March 2010 + + +A.3.1.10. VPN Posture Result (VPN PRslt) + + This flow contains the PA message (Posture Assessment Result) from + the VPN Posture Validator + + VPN Posture Result PA Message { + Attribute HDR {Message ID} + Attribute 1 { + vendor-id=0 + type=9 (assessment-result) + length + Value = { + assessment-result=1 (non-compliant) + } + } + } + +A.3.1.11. Assessment Result (Assess Result) + + This flow contains the PB message containing the system assessment + result computed by the Posture Broker Server and the PA messages from + the VPN Posture Validator; the message content is described in the + PB-TNC specification. + +A.3.1.12. Posture Result (VPN PRslt) + + This flow illustrates an invocation of the VPN Posture Collector to + receive the posture assessment result. Because this flow is + triggered locally, NEA does not specify the contents of this flow. + + + + + + + + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 76] + +RFC 5792 PA-TNC March 2010 + + +Appendix B. Evaluation against NEA Requirements + + This section evaluates the PA-TNC protocol against the requirements + defined in the NEA Requirements document. Each subsection considers + a separate requirement from the NEA Requirements document. Only + common requirements (C-1 through C-10) and PA requirements (PA-1 + through PA-6) are considered, since these are the only ones that + apply to PA. + +B.1. Evaluation against Requirement C-1 + + Requirement C-1 says: + + C-1 NEA protocols MUST support multiple round trips between the NEA + Client and NEA Server in a single assessment. + + PA-TNC meets this requirement. It allows an unlimited number of + round trips between the NEA Client and NEA Server. + +B.2. Evaluation against Requirement C-2 + + Requirement C-2 says: + + C-2 NEA protocols SHOULD provide a way for both the NEA Client and + the NEA Server to initiate a posture assessment or reassessment as + needed. + + PA-TNC meets this requirement. PA-TNC is designed to work whether + the NEA Client or the NEA Server initiates a posture assessment or + reassessment. + +B.3. Evaluation against Requirement C-3 + + Requirement C-3 says: + + C-3 NEA protocols including security capabilities MUST be capable + of protecting against active and passive attacks by intermediaries + and endpoints including prevention from replay-based attacks. + + Security for PA-TNC messages being sent over the network is provided + through PT protocol security. Therefore, PA-TNC does not include any + security capabilities. Since this requirement only applies to NEA + protocols "including security capabilities", this specification is + not subject to this requirement (see section 5.2). + + + + + + + +Sangster & Narayan Standards Track [Page 77] + +RFC 5792 PA-TNC March 2010 + + +B.4. Evaluation against Requirement C-4 + + Requirement C-4 says: + + C-4 The PA and PB protocols MUST be capable of operating over any + PT protocol. For example, the PB protocol must provide a transport- + independent interface allowing the PA protocol to operate without + change across a variety of network protocol environments (e.g., + EAP/802.1X, PANA, TLS and IKE/IPsec). + + PA-TNC meets this requirement. PA-TNC can operate over any PT + protocol that meets the requirements for PT stated in the NEA + Requirements document. PA-TNC does not have any dependencies on + specific details of the underlying PT protocol. + +B.5. Evaluation against Requirement C-5 + + Requirement C-5 says: + + C-5 The selection process for NEA protocols MUST evaluate and + prefer the reuse of existing open standards that meet the + requirements before defining new ones. The goal of NEA is not to + create additional alternative protocols where acceptable solutions + already exist. + + Based on this requirement, PA-TNC should receive a strong preference. + PA-TNC is equivalent with IF-M 1.0, an open TCG specification. Other + specifications from TCG and other groups are also under development + based on the IF-M 1.0 specification. Selecting PA-TNC as the basis + for the PA protocol will ensure compatibility with IF-M 1.0, with + these other specifications, and with their implementations. + +B.6. Evaluation against Requirement C-6 + + Requirement C-6 says: + + C-6 NEA protocols MUST be highly scalable; the protocols MUST + support many Posture Collectors on a large number of NEA Clients to + be assessed by numerous Posture Validators residing on multiple NEA + Servers. + + PA-TNC meets this requirement. PA-TNC supports an unlimited number + of Posture Collectors, Posture Validators, NEA Clients, and NEA + Servers. It also is quite scalable in many other aspects as well. A + PA-TNC message can contain up to 2^32-1 octets and about 2^28 PA-TNC + attributes. Each organization with an SMI Private Enterprise Number + is entitled to define up to 2^32 vendor-specific PA-TNC Attribute + Types, 2^16 vendor-specific PA-TNC Product IDs, and 2^32 vendor- + + + +Sangster & Narayan Standards Track [Page 78] + +RFC 5792 PA-TNC March 2010 + + + specific PA-TNC Error Codes. Each attribute can contain almost 2^32 + octets. It is generally not advisable or necessary to send this much + data in a NEA assessment, but still PA-TNC is highly scalable and + meets requirement C-6 easily. + +B.7. Evaluation against Requirement C-7 + + Requirement C-7 says: + + C-7 The protocols MUST support efficient transport of a large + number of attribute messages between the NEA Client and the NEA + Server. + + PA-TNC meets this requirement. Each PA-TNC message can contain about + 2^28 PA-TNC attributes. PA-TNC supports up to 2^32 round trips in a + session so the maximum number of attribute messages that can be sent + in a single session is actually about 2^50. However, it is generally + inadvisable and unnecessary to send a large number of messages in a + NEA assessment. As for efficiency, PA-TNC adds only 12 octets of + overhead per attribute and 8 octets per message (which is negligible + on a per-attribute basis). + +B.8. Evaluation against Requirement C-8 + + Requirement C-8 says: + + C-8 NEA protocols MUST operate efficiently over low bandwidth or + high latency links. + + PA-TNC meets this requirement. A PA-TNC exchange is envisioned + (based on current deployment experience) to involve one or two round + trips with less than 500 octets of PA-TNC messages. Of course, use + of vendor-specific PA-TNC attribute types could expand the + assessment. However, PA-TNC itself imposes an overhead of only 8 + octets per PA-TNC message and 12 octets per attribute. + +B.9. Evaluation against Requirement C-9 + + Requirement C-9 says: + + C-9 For any strings intended for display to a user, the protocols + MUST support adapting these strings to the user's language + preferences. + + PA-TNC meets this requirement. The only field included in a PB-TNC + attribute for display to the user includes a language tag that could + be selected based upon the user's PB-TNC negotiated preferred + language for the assessment (see section 4.10 of the PB-TNC + + + +Sangster & Narayan Standards Track [Page 79] + +RFC 5792 PA-TNC March 2010 + + + specification). With this exception, all of the strings in the + standard PA-TNC attributes are intended for logging and programmatic + comparisons. + + If any vendor-specific PA-TNC attribute types or future IETF Standard + PA-TNC Attribute Types include strings that are intended for display + to a user, they should be translated to the user's preferred + language. The Posture Broker Server will need to expose the user's + preferences to the Posture Validators through whatever API or + protocol is used to connect those components. However, that is all + out of scope for this specification. + +B.10. Evaluation against Requirement C-10 + + Requirement C-10 says: + + C-10 NEA protocols MUST support encoding of strings in UTF-8 format. + + PA-TNC meets this requirement. All strings in the PA-TNC protocol + are encoded in UTF-8 format. This allows the protocol to support a + wide range of languages efficiently. + +B.11. Evaluation against Requirement C-11 + + Requirement C-11 says: + + C-11 Due to the potentially different transport characteristics + provided by the underlying candidate PT protocols, the NEA Client and + NEA Server MUST be capable of becoming aware of and adapting to the + limitations of the available PT protocol. For example, some PT + protocol characteristics that might impact the operation of PA and PB + include restrictions on which end can initiate a NEA connection, + maximum data size in a message or full assessment, upper bound on + number of round trips, and ordering (duplex) of messages exchanged. + The selection process for the PT protocols MUST consider the + limitations the candidate PT protocol would impose upon the PA and PB + protocols. + + PA-TNC meets this requirement. The design of the PA-TNC protocol + emphasizes efficient transport of information in order to maximize + its usability in constrained PT environments. Local APIs could allow + Posture Collectors and Posture Validators to discover when they are + operating in a less constrained deployment and then make use of more + verbose attributes. Similarly, Posture Collectors could choose not + to send or use smaller attributes (including assertions from previous + assessments) when faced with a very constrained network connection. + + + + + +Sangster & Narayan Standards Track [Page 80] + +RFC 5792 PA-TNC March 2010 + + +B.12. Evaluation against Requirement PA-1 + + Requirement PA-1 says: + + PA-1 The PA protocol MUST support communication of an extensible set + of NEA standards-defined attributes. These attributes will be + uniquely identifiable from non-standard attributes. + + PA-TNC meets this requirement. Each attribute is identified with a + PA-TNC Attribute Vendor ID and a PA-TNC Attribute Type. IETF + Standard PA-TNC Attribute Types use a vendor ID of zero (0), in + contrast with vendor-specific PA-TNC Attribute Types, which will use + the vendor's SMI Private Enterprise Number as the vendor ID. The + IANA will maintain a registry of PA-TNC Attribute Types with new + values added by Expert Review with Specification Required, as + described in the IANA Considerations section of this specification. + Thus, the set of standard attribute types is extensible, but all + standard attribute types are uniquely identifiable. + +B.13. Evaluation against Requirement PA-2 + + Requirement PA-2 says: + + PA-2 The PA protocol MUST support communication of an extensible set + of vendor-specific attributes. These attributes will be segmented + into uniquely identifiable vendor-specific namespaces. + + PA-TNC meets this requirement. Each attribute is identified with a + PA-TNC Attribute Vendor ID and a PA-TNC Attribute Type. Vendor- + defined PA-TNC Attribute Types use the vendor's SMI Private + Enterprise Number as the PA-TNC Attribute Vendor ID. Each vendor can + define up to 2^32 PA-TNC Attribute Types, using its own internal + processes to manage its set of attribute types. + + The IANA is not involved, other than the initial assignment of the + vendor's SMI Private Enterprise Number. Thus, the set of vendor- + specific attributes is segmented into uniquely identifiable vendor- + specific namespaces. + +B.14. Evaluation against Requirement PA-3 + + Requirement PA-3 says: + + PA-3 The PA protocol MUST enable a Posture Validator to make one or + more requests for attributes from a Posture Collector within a single + assessment. This enables the Posture Validator to reassess the + posture of a particular endpoint feature or to request additional + posture including from other parts of the endpoint. + + + +Sangster & Narayan Standards Track [Page 81] + +RFC 5792 PA-TNC March 2010 + + + PA-TNC meets this requirement. The Attribute Request attribute type + is an IETF Standard PA-TNC Attribute Type that permits a Posture + Validator to send to one or more Posture Collectors a request for one + or more attributes. This attribute may be sent at any point in the + posture assessment process and may in fact be sent more than once if + the Posture Validator needs to first determine the type of operating + system and then request certain attributes specific to that operating + system, for example. + +B.15. Evaluation against Requirement PA-4 + + Requirement PA-4 says: + + PA-4 The PA protocol MUST be capable of returning attributes from a + Posture Validator to a Posture Collector. For example, this might + enable the Posture Collector to learn the specific reason for a + failed assessment and to aid in remediation and notification of the + system owner. + + PA-TNC meets this requirement. A Posture Validator can easily send + attributes to one or more Posture Collectors. + +B.16. Evaluation against Requirement PA-5 + + Requirement PA-5 says: + + PA-5 The PA protocol SHOULD provide authentication, integrity, and + confidentiality of attributes communicated between a Posture + Collector and Posture Validator. This enables end-to-end security + across a NEA deployment that might involve traversal of several + systems or trust boundaries. + + PA-TNC does not include an explicit PA-level security mechanism but + does lay a foundation allowing attribute-level security protections + to be added later. As an existence proof, the NEA working group + considered an Internet-Draft proposal capable of encapsulating PA + attributes within a Cryptographic Message Syntax (CMS) security + wrapper in a new attribute type. This proposal offered the + protections described in this requirement. However, the NEA WG + decided that the use cases in scope for the working group did not + require PA-level security. The use cases involving PA message + traversal of multiple systems or trust boundaries were considered out + of scope; therefore, a Posture Validator to Posture Collector end-to- + end security protection was considered not to be required. + + Instead, PA-TNC attributes are protected by the PT layer + authentication, integrity, and confidentiality support. This + protects the attributes communicated between the Posture Transport + + + +Sangster & Narayan Standards Track [Page 82] + +RFC 5792 PA-TNC March 2010 + + + Client and Posture Transport Server. Because the Posture Collector + is in the same address space as the Posture Broker Client and Posture + Transport Client and the Posture Validator is in the same address + space as the Posture Broker Server and Posture Transport Server, the + underlying broker and transport components are deemed trusted with + respect to not tampering with the PA messages (see trust model in + section 5.1 for details). Encrypting the PA-TNC messages would not + prevent a hostile broker or transport component from attacking the + messages. + +B.17. Evaluation against Requirement PA-6 + + Requirement PA-6 says: + + PA-6 The PA protocol MUST be capable of carrying attributes that + contain non-binary and binary data including encrypted content. + + PA-TNC meets this requirement. PA-TNC attributes can contain non- + binary and binary data including encrypted content. For examples, + see the attribute type definitions contained in this specification. + +Authors' Addresses + + Paul Sangster + Symantec Corporation + 6825 Citrine Drive + Carlsbad, CA 92009 + USA + EMail: Paul_Sangster@symantec.com + + Kaushik Narayan + Cisco Systems Inc. + 10 West Tasman Drive + San Jose, CA 95134 + USA + EMail: kaushik@cisco.com + + + + + + + + + + + + + + + +Sangster & Narayan Standards Track [Page 83] + -- cgit v1.2.3