Technical Summary:
The Network Endpoint Assessment protocols are subject to a
subtle forwarding attack that has become known as the NEA
Asokan Attack. This document describes the attack and
countermeasures that may be mounted.
Working Group Summary:
The WG formed a design team in July 2010 with the goal of
recommending a general-purpose counter-measure that would
work for both of the PT protocols under specification in the WG.
The design team analysis and recommendation is the subject
of this document. The recommendation of the design team was
presented to the WG at the IETF meeting in November 2010
where it received solid support. The result was confirmed on the
mailing list in January 2011, and the recommended counter-
measure subsequently incorporated into the two PT protocols
specified in the NEA WG. The two PT protocols, PT-TLS and PT-
EAP, are separately specified in two standards-track documents,
and reference this document as an Informative reference.
Document Quality:
This document does not specify a protocol. Rather, it describes
counter-measures that PT-TLS and PT-EAP can use to mitigate
against the NEA Asokan attack. The PT-TLS and PT-EAP
specifications describe how these counter-measures should be used
in these particular protocols. As described above, this
document is the result of active participation from several WG
members and received substantive review from the WG.
Personnel:
Susan Thomson is the Document Shepherd. Stephen Farrell is
the Responsible Area Director.