Trusted Network Connect (TNC) HOWTO » History » Version 7
Version 6 (Andreas Steffen, 13.12.2010 17:26) → Version 7/92 (Andreas Steffen, 13.12.2010 17:29)
h1. Trusted Network Connect (TNC) HOWTO
The "Trusted Computing Group":http://www.trustedcomputinggroup.org/ (TCG) has defined and released an open architecture and a growing set of standards for endpoint integrity called "Trusted Network Connect":http://www.trustedcomputinggroup.org/developers/trusted_network_connect.
!TNC_Architecture.png!
strongSwan supports both the older XML-based "IF-TNCCS 1.1":http://www.trustedcomputinggroup.org/files/resource_files/64697C86-1D09-3519-ADE44ADD6B39B71D/TNC_IF-TNCCS_v1_1_r15.pdf "TNC Client-Server Interface" and the latest "IF-TNCCS-2.0":http://www.trustedcomputinggroup.org/files/resource_files/495CA3DD-1D09-3519-AD0043966E821ECB/IF-TNCCS_TLVBinding_v2_0_r16a.pdf "TLV Bindings" but currently not the "IF-TNCCS SoH 1.0":http://www.trustedcomputinggroup.org/files/resource_files/8D2DF7F3-1D09-3519-AD76CE4433FECE07/IF-TNCCS-SOH_v1.0_r8.pdf "State of Health Protocol Bindings" used by Microsoft's Network Access Protection (NAP) framework. The TCG IF-TNCCS 2.0 protocol is equivalent to the "Posture Broker (PB) Protocol Compatible with Trusted Network Connect" (PB-TNC) defined by "RFC 5793":http://tools.ietf.org/html/rfc5793 which is part of the IETF "Network Endpoint Assessment" (NEA) framework defined by "RFC 5209":http://tools.ietf.org/html/rfc5209.
!NEA_Architecture_small.png!
As a transport protocol to exchange IF-TNCCS 1.1 or IF-TNCCS 2.0 messages between TNC Client and TNC Server, Server strongSwan uses the EAP-TNC method defined by "IF-T":http://www.trustedcomputinggroup.org/files/resource_files/8CC75909-1D09-3519-ADA6958AA29CF223/TNC_IFT_v1_1_r10.pdf "Protocol Bindings for Tunneled EAP Methods 1.1". EAP-TNC as an inner non-secure protocol 1.1" which is then encapsulated in an outer encrypted and authenticated IKEv2-EAP-TTLS tunnel.
The "Trusted Computing Group":http://www.trustedcomputinggroup.org/ (TCG) has defined and released an open architecture and a growing set of standards for endpoint integrity called "Trusted Network Connect":http://www.trustedcomputinggroup.org/developers/trusted_network_connect.
!TNC_Architecture.png!
strongSwan supports both the older XML-based "IF-TNCCS 1.1":http://www.trustedcomputinggroup.org/files/resource_files/64697C86-1D09-3519-ADE44ADD6B39B71D/TNC_IF-TNCCS_v1_1_r15.pdf "TNC Client-Server Interface" and the latest "IF-TNCCS-2.0":http://www.trustedcomputinggroup.org/files/resource_files/495CA3DD-1D09-3519-AD0043966E821ECB/IF-TNCCS_TLVBinding_v2_0_r16a.pdf "TLV Bindings" but currently not the "IF-TNCCS SoH 1.0":http://www.trustedcomputinggroup.org/files/resource_files/8D2DF7F3-1D09-3519-AD76CE4433FECE07/IF-TNCCS-SOH_v1.0_r8.pdf "State of Health Protocol Bindings" used by Microsoft's Network Access Protection (NAP) framework. The TCG IF-TNCCS 2.0 protocol is equivalent to the "Posture Broker (PB) Protocol Compatible with Trusted Network Connect" (PB-TNC) defined by "RFC 5793":http://tools.ietf.org/html/rfc5793 which is part of the IETF "Network Endpoint Assessment" (NEA) framework defined by "RFC 5209":http://tools.ietf.org/html/rfc5209.
!NEA_Architecture_small.png!
As a transport protocol to exchange IF-TNCCS 1.1 or IF-TNCCS 2.0 messages between TNC Client and TNC Server, Server strongSwan uses the EAP-TNC method defined by "IF-T":http://www.trustedcomputinggroup.org/files/resource_files/8CC75909-1D09-3519-ADA6958AA29CF223/TNC_IFT_v1_1_r10.pdf "Protocol Bindings for Tunneled EAP Methods 1.1". EAP-TNC as an inner non-secure protocol 1.1" which is then encapsulated in an outer encrypted and authenticated IKEv2-EAP-TTLS tunnel.