[strongSwan] mutual TNC attestation

Thomas Strobel ts468 at cam.ac.uk
Mon Aug 3 20:56:32 CEST 2015


Hello Andreas,

thank you very much for your help and the fast reply! Amazing, I'm
looking forward to test it! :)

Many thanks!
Thomas


On 08/03/2015 08:10 PM, Andreas Steffen wrote:
> Hello Thomas,
>
> yes this is possible with strongswan 5.3.2. Have a look at my
> presentation given at the 2015 TCG Members Meeting in Edinburgh:
>
>   https://www.strongswan.org/docs/TCG_Edinburgh_2015.pdf
>
> The only thing you have to do is to load the tnc-imc and tmc-imv
> plugins on both the TNC client and TNC server and of course the
> needed IMCs and IMVs (for attestation usually the OS and Attestation
> IMC plus the Attestation IMV). In order to activated the mutual
> attestation capability set the following parameter in strongswan.conf
>
> charon {
>   plugins {
>     tncss-20 {
>       mutual = yes
>     }
>   }
> }
>
> Best regards
>
> Andreas
>
> On 03.08.2015 19:42, Thomas Strobel wrote:
>> Hello everyone,
>>
>> being new to the mailing list, I first want to thank everyone that is or
>> was involved in developing strongswan as open source project, it's
>> amazing! Thanks!
>>
>> Now my question. I'm thinking of using strongswan to secure P2P networks
>> with mutual TNC remote attestation. Does strongswan support that use
>> case? I mean, is it possible that both sides act as TNC client and
>> server at the same time, and that a connection is only established after
>> both sides verified the integrity of the other side?
>>
>> Many thanks
>> Thomas
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>



More information about the Users mailing list