From: Dave Whitehead (david@lexmark.com)
Date: Fri Dec 05 2008 - 11:44:29 EST
David H. Whitehead
Development Engineer
Lexmark International, Inc.
859.825.4914
davidatlexmarkdotcom
----- Forwarded by Dave Whitehead/Lex/Lexmark on 12/05/08 11:41 AM -----
Erhan Soyer-Osman <erhanso@windows.microsoft.com>
12/04/08 07:19 PM
To
Dave Whitehead <david@lexmark.com>
cc
Mike Fenelon <Mike.Fenelon@microsoft.com>
Subject
RE: PWG questions on IDS
Sorry for the late response – here is what I received from the NAP team.
Thanks,
Erhan
1. The NAP spec states UTF-8 string encoding and TLV elements. There is
also a statement about strings being NULL terminated. We believe the NULL
terminator was inadvertently added since it is not required for TLV
elements. That is, do we really need NULL termination?
[NAP Team] Yes. The current implementation requires “Null termination”
2. Is it Microsoft's current and future desire/intent/direction for
strings to be UTF-8 encoded?
[NAP Team] Currently we use UTF-8 and as of now plan to use UTF-8 in the
future releases (To the best of our knowledge) but we will notify/update
the necessary document when this changes along with backward compatibility
directions if this changes.
3. Is Microsoft planning any type of interoperability between NAP and
Network Endpoint Assessment (NEA) from the TNC? Maybe a gateway?
[NAP Team] Microsoft has donated NAP’s Statement of Health specification
to the TCG’s TNC group, companies wishing to support NAP in their products
can download and use the specification free of charge. This SOH has also
been made a standard by the TNC (IF-TNCCS-SOH). See the white paper at
http://download.microsoft.com/download/c/1/2/c12b5d9b-b5c5-4ead-a335-d9a13692abbb/TNC_NAP_white_paper.pdf
.
We will be working with TNC/NEA in future releases as well.
4. What happens when a device passes assessment under one mechanism but
then is challenged again? For example, first over 802.1x to attach and
then DHCP to receive an address. Do we need to start the assessment again
from scratch or is there a shortcut?
[NAP Team] There is no shortcut. However customers will usually choose one
enforcement. Multiple enforcement is supported but there are no smarts
targeted at multiple enforcement. You need to resend the SoH to the
enforcement mechanism but you can use the cached SoH intelligently.
5. It looks like most, if not all, of the evaluation attributes will be
extensions to NAP. The only NAP attribute that may be applicable is the
Product Name. Is it appropriate for the PWG to use Product Name or should
we define all our attributes as extensions?
[NAP Team] Product Name is an “optional” TLV. It is defined to be used,
but on the other hand they could define their own schema in the vendor
specific TLV.
6. How can we get the extended PWG attributes to be recognized by the
Microsoft validator/assessor? Is this a plug-in supplied by a third
party? If this is an industry supported solution, would Microsoft be
willing to supply any required plug-in?
[NAP Team] The Microsoft WSHA/V currently does not support this. The third
party can develop their own SHA/V and plug into the NAP infrastructure.
Please refer to the samples provided in the NAP SDK.
7. Just to make sure we understand it, the PWG members would really like
someone familiar with NAP to profile how it would operate with print
devices. Would this be possible?
[NAP Team] Yes. The NAP team would like to profile how NAP will operate
with Print devices. Please let us know how we can proceed.
From:Dave Whitehead [mailto:david@lexmark.com]
Sent: Wednesday, December 03, 2008 9:35 AM
To: Erhan Soyer-Osman
Cc: Mike Fenelon
Subject: RE: PWG questions on IDS
Hi Erhan, Mike,
Any update on this?
Thanks,
dhw
David H. Whitehead
Development Engineer
Lexmark International, Inc.
859.825.4914
davidatlexmarkdotcom
Erhan Soyer-Osman <erhanso@windows.microsoft.com>
11/13/08 08:46 PM
To
Dave Whitehead <david@lexmark.com>, Mike Fenelon
<Mike.Fenelon@microsoft.com>
cc
Subject
RE: PWG questions on IDS
Hi Dave, Thanks for your email. We just got back from WinHEC, but we will
look into your questions this week and send you back responses.
Erhan
From:Dave Whitehead [mailto:david@lexmark.com]
Sent: Wednesday, October 29, 2008 10:58 AM
To: Mike Fenelon; Erhan Soyer-Osman
Subject: PWG questions on IDS
Hi Mike, Erhan,
The IDS WG came up with a few questions about NAP and the Statement of
Health that we would like answered to guide our work efforts. Out next
teleconference will be Nov. 6th and it would be great if we could have
someone available from Microsoft to discuss the following:
1. The NAP spec states UTF-8 string encoding and TLV elements. There is
also a statement about strings being NULL terminated. We believe the NULL
terminator was inadvertently added since it is not required for TLV
elements. That is, do we really need NULL termination?
2. Is it Microsoft's current and future desire/intent/direction for
strings to be UTF-8 encoded?
3. Is Microsoft planning any type of interoperability between NAP and
Network Endpoint Assessment (NEA) from the TNC? Maybe a gateway?
4. What happens when a device passes assessment under one mechanism but
then is challenged again? For example, first over 802.1x to attach and
then DHCP to receive an address. Do we need to start the assessment again
from scratch or is there a shortcut?
5. It looks like most, if not all, of the evaluation attributes will be
extensions to NAP. The only NAP attribute that may be applicable is the
Product Name. Is it appropriate for the PWG to use Product Name or should
we define all our attributes as extensions?
6. How can we get the extended PWG attributes to be recognized by the
Microsoft validator/assessor? Is this a plug-in supplied by a third
party? If this is an industry supported solution, would Microsoft be
willing to supply any required plug-in?
7. Just to make sure we understand it, the PWG members would really like
someone familiar with NAP to profile how it would operate with print
devices. Would this be possible?
Thanks,
dhw
David H. Whitehead
Development Engineer
Lexmark International, Inc.
859.825.4914
davidatlexmarkdotcom
This archive was generated by hypermail 2.1.4 : Fri Dec 05 2008 - 11:44:48 EST