没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Server Discovery and Validation TCG Copyright 2013-2017
Specification Version 1.0
Revision 25 Page ii of 40
TCG PUBLISHED
Copyright
©
2013-2017 Trusted Computing Group, Incorporated.
Disclaimer
THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING
ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR
PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION
OR SAMPLE. Without limitation, TCG disclaims all liability, including liability for infringement of any
proprietary rights, relating to use of information in this specification and to the implementation of this
specification, and TCG disclaims all liability for cost of procurement of substitute goods or services, lost
profits, loss of use, loss of data or any incidental, consequential, direct, indirect, or special damages,
whether under contract, tort, warranty or otherwise, arising in any way out of use or reliance upon this
specification or any information herein.
No license, express or implied, by estoppel or otherwise, to any TCG or TCG member intellectual property
rights is granted herein.
Except that a license is hereby granted by TCG to copy and reproduce this specification for internal
use only.
Contact the Trusted Computing Group at www.trustedcomputinggroup.org for information on specification
licensing through membership agreements.
Any marks and brands contained herein are the property of their respective owners.
Server Discovery and Validation TCG Copyright 2013-2017
Specification Version 1.0
Revision 25 Page iii of 40
TCG PUBLISHED
Acknowledgements
The TCG wishes to thank all those who contributed to this specification. This document builds on
considerable work done in the various work groups in the TCG.
Special thanks to the members of the TNC-WG contributing to this document:
Adrien Raffin
AMOSSYS
Padma Krishnaswamy
Battelle Memorial Institute
Eric Fleischman
Boeing
Richard Hill
Boeing
Steven Venema
Boeing
Nancy Cam-Winget
Cisco Systems
Scott Pope
Cisco Systems
Max Pritikin
Cisco Systems
Allan Thomson
Cisco Systems
Henk Birkholz
Fraunhofer SIT
Gerald Maunier
Gemalto
Nicolai Kuntze
Huawei
Yi Zhang
Huawei
Ira McDonald
High North
Dr. Josef von Helden
Hochschule Hannover
Tom Laffey
HP
Dr. Andreas Steffen
HSR University of Applied Sciences Rapperswil
James Tan
Infoblox
Steve Hanna (Editor)
Infineon Technologies
Clifford Kahn
Pulse Secure
Lisa Lorenzin (TNC-WG Co-Chair)
Pulse Secure
Atul Shah (TNC-WG Co-Chair)
Microsoft
Jon Baker
MITRE
Charles Schmidt (Editor)
MITRE
Rainer Enders
NCP Engineering
David Waltermire
NIST
Dick Wilkins
Phoenix Technologies
Carolin Latze
Swisscom
Richard Struse
United States Government
Mike Boyle
United States Government
Emily Doll
United States Government
Jessica Fitzgerald-McKay
United States Government
Jonathan Hersack
United States Government
Mary Lessels
United States Government
Chris Salter
United States Government
Andrew Cathrow
Verisign
Server Discovery and Validation TCG Copyright 2013-2017
Specification Version 1.0
Revision 25 Page iv of 40
TCG PUBLISHED
Table of Contents
1 Introduction ............................................................................................................ 6
1.1 Scope and Audience ..................................................................................................................... 6
1.2 Motivation ...................................................................................................................................... 6
1.3 Keywords ....................................................................................................................................... 6
2 Background ............................................................................................................ 7
2.1 Overview ....................................................................................................................................... 7
2.2 Supported Use Cases ................................................................................................................... 7
2.3 Non-supported Use Cases ............................................................................................................ 8
2.4 Requirements ................................................................................................................................ 8
2.5 Non-requirements ......................................................................................................................... 8
2.6 Assumptions .................................................................................................................................. 9
3 Endpoint Provisioning ......................................................................................... 10
3.1 Why Perform Server Discovery If Provisioning Is Needed? ....................................................... 10
3.2 Client Connection Policy ............................................................................................................. 10
3.2.1 Actions ..................................................................................................................................... 11
3.2.2 Criteria ..................................................................................................................................... 13
3.2.3 A Worked Example.................................................................................................................. 13
3.3 Trust Parameters ........................................................................................................................ 14
3.4 Provisioning ................................................................................................................................. 15
4 Server Discovery .................................................................................................. 17
4.1 When to Use Each Server Discovery Technique ........................................................................ 17
4.2 Discovery via IF-TNCCS ............................................................................................................. 17
4.2.1 TNCCS-Server-Referral .......................................................................................................... 18
4.2.2 Server Types ........................................................................................................................... 20
4.2.3 Local Group IDs ...................................................................................................................... 21
4.2.4 Server Identifier Types ............................................................................................................ 21
4.3 Discovery via DNS SRV Records ............................................................................................... 26
5 Server Validation .................................................................................................. 28
5.1.1 Server Validation Procedure ................................................................................................... 28
6 Examples .............................................................................................................. 30
6.1 Server Discovery and Validation with TNCCS-Server-Referral .................................................. 30
6.2 Server Discovery and Validation with DNS SRV ........................................................................ 31
7 Security Considerations ...................................................................................... 32
7.1 Trust Model for Discovery and Validation of Servers .................................................................. 32
7.1.1 Network ................................................................................................................................... 32
7.1.2 Policy Servers ......................................................................................................................... 32
7.1.3 Other TNC Servers.................................................................................................................. 32
7.1.4 Endpoints ................................................................................................................................ 33
7.1.5 DNS Servers ........................................................................................................................... 33
7.1.6 Certification Authorities ........................................................................................................... 33
7.2 Threat Model for Discovery and Validation of Servers................................................................ 33
7.2.1 Network Attacks ...................................................................................................................... 33
7.2.2 Policy Server Attacks .............................................................................................................. 34
7.2.3 Other TNC Server Attacks ...................................................................................................... 34
7.2.4 Endpoint Attacks ..................................................................................................................... 34
7.2.5 Certification Authority Attacks ................................................................................................. 35
7.3 Countermeasures ........................................................................................................................ 35
7.3.1 Securing the Network .............................................................................................................. 35
7.3.2 Securing Policy Servers .......................................................................................................... 35
7.3.3 Securing Other TNC Servers .................................................................................................. 36
7.3.4 Securing Endpoints ................................................................................................................. 36
7.3.5 Securing DNS Servers ............................................................................................................ 37
7.3.6 Securing CAs .......................................................................................................................... 37
Server Discovery and Validation TCG Copyright 2013-2017
Specification Version 1.0
Revision 25 Page v of 40
TCG PUBLISHED
8 Privacy Considerations ....................................................................................... 38
9 References ............................................................................................................ 39
9.1 Normative References ................................................................................................................ 39
9.2 Informative References ............................................................................................................... 39
剩余39页未读,继续阅读
资源评论
书香度年华
- 粉丝: 1w+
- 资源: 383
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功