From nobody Thu Nov 2 07:04:42 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 73672138BCD for ; Thu, 2 Nov 2017 07:04:41 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.64.0 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <150963148146.24337.1745691493004269775.idtracker@ietfa.amsl.com> Date: Thu, 02 Nov 2017 07:04:41 -0700 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2017 14:04:41 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2017-11-30 Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-08 Alan DeKok 2017-10-09 draft-ietf-tsvwg-ieee-802-11-09 Daniel Gillmor 2017-10-17 draft-ietf-sidrops-bgpsec-rollover-03 Watson Ladd R2017-10-19 draft-ietf-tcpinc-tcpeno-12 Barry Leiba 2017-10-19 draft-ietf-tcpinc-tcpcrypt-08 Chris Lonvick 2017-11-03 draft-ietf-regext-launchphase-06 Tina Tsou R2017-06-29 draft-ietf-trill-arp-optimization-09 For telechat 2017-12-14 Reviewer LC end Draft Shaun Cooley 2017-10-11 draft-ietf-grow-bgp-gshut-12 David Mandelberg 2017-11-30 draft-ietf-spring-segment-routing-13 Takeshi Takahashi R2017-06-30 draft-ietf-spring-oam-usecase-09 Last calls: Reviewer LC end Draft Phillip Hallam-Baker 2017-10-13 draft-ietf-ospf-segment-routing-extensions-21 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-11 Tim Polk 2017-09-11 draft-ietf-kitten-rfc5653bis-05 Tom Yu 2017-02-20 draft-ietf-slim-negotiating-human-language-17 Dacheng Zhang 2017-10-13 draft-ietf-mile-rolie-13 Next in the reviewer rotation: Catherine Meadows Alexey Melnikov Daniel Migault Matthew Miller Adam Montville Russ Mundy Sandra Murphy Yoav Nir Magnus Nystrom Hilarie Orman From nobody Thu Nov 2 07:20:47 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF87F13F41B; Thu, 2 Nov 2017 07:20:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.6 X-Spam-Level: X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ZKdUX6Jfc7I; Thu, 2 Nov 2017 07:20:44 -0700 (PDT) Received: from mail-ua0-x236.google.com (mail-ua0-x236.google.com [IPv6:2607:f8b0:400c:c08::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B43E613F56A; Thu, 2 Nov 2017 07:20:44 -0700 (PDT) Received: by mail-ua0-x236.google.com with SMTP id h34so4083752uaa.6; Thu, 02 Nov 2017 07:20:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=bDIHqvwcFsiD4p99Vqy46eRNivuNeTb0lGaNZ+CHbKY=; b=s34mWv2r00d01tJwHxnRXJNJWKrFDiU56zPWGqm2yJt4ejEjokdi9/X9EwV1ZpIt5n 5E9QY2epTlZm9m+4RiKszHke17x3f5eOwabDtBJhOSmR9XGfVcTTOiMMjjIWP+Sbo6ix QP5iosW5Ixo20EXxHFyxiHIMMJYbXLnWBfTH2N6glF+i4pn7gxM9yjHHzftsbjYXeQ/y oedGL4OrH9KaOYkwF6yYPNJxtzlz+2xRRZY3qvHB56MjcLrdjiBaUyCGJf1D4uTDhZ9l Gu6pyGp+lL/WqGW92fQFvkwxHRmxET2w/u8dAvBIF1ej8Q/MeftQ8FL1waMq5bxb8rYB IF6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=bDIHqvwcFsiD4p99Vqy46eRNivuNeTb0lGaNZ+CHbKY=; b=VheXDXdblGWzWr3A0bnux6wkWjv0GRSlLLWUqpYRsEHsxWCanmWNiHt5kNkSUgqKN7 Pu+Iyv4Sb9cowwXf3HXikekyKdvvvHhCUlVOUuxeA9DKHoacoxTTH15HOa8w5MoUGXeF BrXBzsz2/cxqnc5GbkwlGLTkIULp+ipbLF80U/7WD8S98HY1Nb07/ERt+SAIMarT1ouu 5xW6zJXB7KhsfVJqHxVoWHxOPmx9c7eEp/re0FZWgXjCUmaXUe+hsW7aQ/21fAG4hqVg k0zTfkNanfDHOBg956BzlnsxYOZONhYqwT/qpmJSho5HMkDYfw0L0L7YVEqjQJPhTrUC ipXw== X-Gm-Message-State: AJaThX7Y1CUlLmjUL7MR+HU8COPVArMH9aES3uzdBSI4GFqkn1Mi2XxI y8x4/oONN6m/PJCqRqYyaNfkzy2p2zNiTPakPVvnVNN4 X-Google-Smtp-Source: ABhQp+R6U3S6d1EF9EmTacEjy6R0lL8LnKR/r4Jx4S80chpr1qjgmI7PQvtrvCIE8XFjZDgr82/j0iZBoLQQTw7yuE4= X-Received: by 10.176.79.151 with SMTP id m23mr2871666uah.185.1509632443580; Thu, 02 Nov 2017 07:20:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.176.11.132 with HTTP; Thu, 2 Nov 2017 07:20:43 -0700 (PDT) From: Watson Ladd Date: Thu, 2 Nov 2017 07:20:43 -0700 Message-ID: To: "" , draft-ietf-tcpinc-tcpeno.all@ietf.org, secdir@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: [secdir] re-review of draft-ietf-tcpinc-tcpeno-12 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2017 14:20:46 -0000 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready. I couldn't find anything wrong with it from either a stylistic or content perspective. Sincerely, Watson Ladd From nobody Thu Nov 2 10:53:25 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D768913F474 for ; Thu, 2 Nov 2017 10:53:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K3MzBFlwsiu3 for ; Thu, 2 Nov 2017 10:53:22 -0700 (PDT) Received: from sonic317-34.consmr.mail.gq1.yahoo.com (sonic317-34.consmr.mail.gq1.yahoo.com [98.137.66.160]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51FA91394E4 for ; Thu, 2 Nov 2017 10:53:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1509645201; bh=+H7dIS7s66n2HPPxVfDXxMgFGXMC5lxXKao4TFc6JVs=; h=To:From:Subject:Date:From:Subject; b=b4IPRM0SmJ5JDRvkH+R82QTOPoB61Qcni+1uSgKNQnhkEpi0AhAQb5QVybG5YXUbcKpKmjGVRbPWt0+wJLduEOs7m4EvJ+bdELqYI0t9OlkiC2AlWTat4rHLGvRSIGiG6sndhsklm2QOHKh73T0i5Q8efvCDgp+9HvnzYFiZgipz0ebOhfjQdWzggWaoTHPZGta3Cq6rJVZW7yJF4PJ7YehXyZXTpc8m4iE/zmL5dJvHVLKT2YYsh4/B0SVV+PqLsYuqJxKYFtZQlhUliKhdrREL+fTeoxk1zelqodntnQHosJZFXVd++wcXfImx1S/q/RECFbTia9DYf9CJNnMgcw== X-YMail-OSG: h04lq44VM1kHf4SLi4ukwf2t05Puq5b5TwFvhwaKOHa6kB6_ayEsaa1NXR056Cx k7ruGEiRxmb27P7yhcJgN7vnJtTkjvszmelt2TkNqYO3FMDKh91sVlZmIJBtBu4Wz4hxoqqffzAa GVth9..EsLWj4VJ6P.syGO84CurQIdPO0iVZKvf5VzM9k6gTNTDjozVIBoVAmHRNvqP2eRyl.l9j MyxUUaVySwiMXyyzncGz2cM4MWuu0_e_gbsZ3ln37LHa3A_ZF9PsRmsay5w0smduyMBs4m50CUQt AbvBlZfA8E4oiw2moQv0vENIj_jIsASHUS01K20k_I.JuDgdSvVl9KzTMU1QiZw1Z3Z1k.bfn6M6 NSvRieMk7Ns_6L5Ax.5OSGREslxFZ.0qQUG3RWrl7Qg6TVDFljsClgG7cdMmrLIvwkH.gpPX8sqj 309GgWFFLjf8x0lU3KkWqZNplQIzAFsdWCRdXDaJFiu9x4OU6kbSNFvBoELP3bYj_RkklEksnuoU uWFfW_yzpLOyRybP8iDETgL0BG02gyKe8clb3yslT2d_iZtYiDxOYEwZ1kpJH7_0fd8wSFW7r Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.gq1.yahoo.com with HTTP; Thu, 2 Nov 2017 17:53:21 +0000 Received: from [127.0.0.1] by smtp114.sbc.mail.ne1.yahoo.com with NNFMP; 02 Nov 2017 17:53:20 -0000 X-Yahoo-Newman-Id: 609678.75684.bm@smtp114.sbc.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: h04lq44VM1kHf4SLi4ukwf2t05Puq5b5TwFvhwaKOHa6kB6 _ayEsaa1NXR056Cxk7ruGEiRxmb27P7yhcJgN7vnJtTkjvszmelt2TkNqYO3 FMDKh91sVlZmIJBtBu4Wz4hxoqqffzAaGVth9..EsLWj4VJ6P.syGO84CurQ IdPO0iVZKvf5VzM9k6gTNTDjozVIBoVAmHRNvqP2eRyl.l9jMyxUUaVySwiM XyyzncGz2cM4MWuu0_e_gbsZ3ln37LHa3A_ZF9PsRmsay5w0smduyMBs4m50 CUQtAbvBlZfA8E4oiw2moQv0vENIj_jIsASHUS01K20k_I.JuDgdSvVl9KzT MU1QiZw1Z3Z1k.bfn6M6NSvRieMk7Ns_6L5Ax.5OSGREslxFZ.0qQUG3RWrl 7Qg6TVDFljsClgG7cdMmrLIvwkH.gpPX8sqj309GgWFFLjf8x0lU3KkWqZNp lQIzAFsdWCRdXDaJFiu9x4OU6kbSNFvBoELP3bYj_RkklEksnuoUuWFfW_yz pLOyRybP8iDETgL0BG02gyKe8clb3yslT2d_iZtYiDxOYEwZ1kpJH7_0fd8w SFW7r X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708- Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 5C8471C6098; Thu, 2 Nov 2017 13:53:17 -0400 (EDT) To: iesg@ietf.org, secdir@ietf.org, draft-ietf-spring-segment-routing.all@ietf.org From: David Mandelberg Message-ID: <3b7c6cdc-0e9e-0a57-e030-ae3a715c6a03@mandelberg.org> Date: Thu, 2 Nov 2017 13:53:14 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: [secdir] secdir review of draft-ietf-spring-segment-routing-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2017 17:53:24 -0000 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits. This document affects routing within a trusted domain, and the security considerations section adequately talks about filtering at the border of a trusted domain. I do have one question about something I didn't see in the document, what happens when SIDs change while packets are in transit? Here's a hypothetical situation that could be bad for security, but I'm not sure whether or not it could happen: 1. An internal node calculates an SR Policy and sends out a packet that will eventually egress towards a BGP peer. 2. Multiple links on the BGP router go down and then back up, but are allocated different PeerAdj SIDs than they had before. 3. The packet reaches the BGP router, but egresses to the wrong BGP peer because the original PeerAdj SID is now mapped to a different PeerAdj segment. -- Freelance cyber security consultant, software developer, and more https://david.mandelberg.org/ From nobody Fri Nov 3 03:58:31 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FC4413FD83; Fri, 3 Nov 2017 03:58:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Ddxg7tvljUc; Fri, 3 Nov 2017 03:58:22 -0700 (PDT) Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3318913FD7C; Fri, 3 Nov 2017 03:58:19 -0700 (PDT) Received: by mail-oi0-x244.google.com with SMTP id h6so1769353oia.10; Fri, 03 Nov 2017 03:58:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version; bh=8nKF6kzetAvduzRiACx8kKIyoTCFlYpj3Z64gXYwkhQ=; b=e2XXmFTaPwccYWAiabScRNRKbtKN2QoYkOKRveLTIV9NxKyRGhFufnOwHzHBeQ73Lh DV29eOeOxV10Rcsh7Y6KDfN0DsCYs2Nmxx2AolxbAqQa2eI5V3Ccxf++ZoZsdoIqwrBc y3f093qbXAhPq9TA7swHjQVW+mmlG0dWOdwXXkCzreWv60c/H4Bpi/XXPXKcAyPBB4ou /dmY1vAV4P3hZsOgUbcOn5EKjU+Ypb/zrzXddlpNXb+oDoPqK+oyG/Pc7P/khXvyb96g V2BMj3w6HNHEdcuFUwb85Kcp9VhnlSRzhXwv4IYAEYtHSGY2PR2tjMhoQkaR8MYwM/SL E9zQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version; bh=8nKF6kzetAvduzRiACx8kKIyoTCFlYpj3Z64gXYwkhQ=; b=VrQfP+c35Iw91uJiwahjoxx/Z91+eq8AfOj2Y/Vej58hpRJlRC2QHF2Tc1//2AL9ZY PACEtK+sLbbOzMWr/TWlX5IjTWdiH7oIyHnL6SpxPhLAhTLwBxuFTEKIvmh86WH3L0E4 x6ZOjh2QOugKhyr0cbS3JJBvnQ9JPEcabZLbfjRGvlAfQTGe5k+RKClwEInqL+JHEwjv 2HSiA1AHzoJtbSJRVI3qXyem0rTN6Mb9haXGVxYijkbqu3gwWm4OmdjCUtYqeNbXfOA0 EIgbC8f8Nf6l3cfb5eZhzoZ7Ln3KUPzoSW6tfq87kF8sAJfdUGZvhf69x7yp6TWoOTwE wfVw== X-Gm-Message-State: AMCzsaX1z2tIklhGy7tGniBJKir+QM6gGcy8gIyD5KkO/bQWFScfstVi HnvqZBbV/GYxWxAmCI9h4Hj+UA== X-Google-Smtp-Source: ABhQp+Trb2YJU/hrqb4Beq2H0GWJ6aCBLbiArP4pDd1JoYq1gQJ4ofGWvcfm6uokUeH0i+/Op6b9Ng== X-Received: by 10.202.4.19 with SMTP id 19mr3502643oie.69.1509706698354; Fri, 03 Nov 2017 03:58:18 -0700 (PDT) Received: from Chriss-Air.attlocal.net ([2600:1700:d590:b2f0:d8df:5bf5:a2fb:46f2]) by smtp.googlemail.com with ESMTPSA id a6sm2357757oic.58.2017.11.03.03.58.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Nov 2017 03:58:17 -0700 (PDT) To: draft-ietf-regext-launchphase.all@ietf.org, "iesg@ietf.org" , "secdir@ietf.org" From: Chris Lonvick Message-ID: <59FC4BC7.2040707@gmail.com> Date: Fri, 3 Nov 2017 05:58:15 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------050803040907040902070107" Archived-At: Subject: [secdir] SECDIR review of draft-ietf-regext-launchphase X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Nov 2017 10:58:24 -0000 This is a multi-part message in MIME format. --------------050803040907040902070107 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with Nits. The abstract describes the specification as: This document describes an Extensible Provisioning Protocol (EPP) extension mapping for the provisioning and management of domain name registrations and applications during the launch of a domain name registry. I am not familiar with this line of work. In my review, I found in the section of Conventions Used in this Document, several XML terms are defined with each containing an addendum similar to, "The XML namespace prefix [xxx] is used, but implementations MUST NOT depend on it and instead employ a proper namespace-aware XML parser and serializer to interpret and output the XML documents." I think that it would be appropriate to have a summary statement covering these in the Security Considerations section. The Security Considerations section appears appropriate for the contents and normative references. Regards, Chris --------------050803040907040902070107 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit Hi,

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with Nits.

The abstract describes the specification as: This document describes an Extensible Provisioning Protocol (EPP) extension mapping for the provisioning and management of domain name registrations and applications during the launch of a domain name registry.

I am not familiar with this line of work. In my review, I found in the section of Conventions Used in this Document, several XML terms are defined with each containing an addendum similar to, "The XML namespace prefix [xxx] is used, but implementations MUST NOT depend on it and instead employ a proper namespace-aware XML parser and serializer to interpret and output the XML documents." I think that it would be appropriate to have a summary statement covering these in the Security Considerations section.

The Security Considerations section appears appropriate for the contents and normative references.

Regards,
Chris
--------------050803040907040902070107-- From nobody Sat Nov 4 12:48:08 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41D7A13FBD6 for ; Sat, 4 Nov 2017 12:48:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25UkxsI9i9Ce for ; Sat, 4 Nov 2017 12:48:07 -0700 (PDT) Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72B8F13FAE5 for ; Sat, 4 Nov 2017 12:48:07 -0700 (PDT) Received: from [10.32.60.70] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id vA4Jkd17078723 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 4 Nov 2017 12:46:42 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.70] From: "Paul Hoffman" To: secdir Date: Sat, 04 Nov 2017 12:48:02 -0700 Message-ID: <5096CA86-C9E0-4FB0-B160-5AF55DA3393A@vpnc.org> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Mailer: MailMate (1.9.7r5425) Archived-At: Subject: [secdir] SecDir lunch in Singapore? X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Nov 2017 19:48:08 -0000 I'm assuming "yes, on Tuesday, room to be announced later", but would like to be sure so I can plan my day. --Paul Hoffman From nobody Mon Nov 6 07:56:19 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2647D13FEF2; Fri, 3 Nov 2017 09:32:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1509726730; bh=Xq33by7ihWQk5d0RBW61EfTPEo1cUZPLcuudYH84isk=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=FAc52ySkZ9BFB9UGbG5GVYxeEbRmKnotskkvAwQizPxVoOvWa/xq+scPFR7fNfc6F glyINFwYbBOQT9ri4P6MWbXwuQFRaSp6L21XtDVxLHrBed64fsKpUEEPXwCnk7lQfW 75JxO3dK5As+TJgdkm01wci030PYN6FjQTYZlDg0= X-Original-To: new-work@ietf.org Delivered-To: new-work@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6037113FEE5 for ; Fri, 3 Nov 2017 09:32:03 -0700 (PDT) MIME-Version: 1.0 From: The IESG To: X-Test-IDTracker: no X-IETF-IDTracker: 6.64.0 Auto-Submitted: auto-generated Precedence: bulk MIME-Version: 1.0 Reply_to: Message-ID: <150972672338.16422.10804067402891856938.idtracker@ietfa.amsl.com> Date: Fri, 03 Nov 2017 09:32:03 -0700 Archived-At: X-BeenThere: new-work@ietf.org X-Mailman-Version: 2.1.22 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: new-work-bounces@ietf.org Sender: "new-work" Archived-At: X-Mailman-Approved-At: Mon, 06 Nov 2017 07:56:17 -0800 Subject: [secdir] [new-work] WG Review: Software Updates for Internet of Things (suit) X-BeenThere: secdir@ietf.org List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Nov 2017 16:32:10 -0000 The Software Updates for Internet of Things (suit) WG in the Security Area of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2017-11-13. Software Updates for Internet of Things (suit) ----------------------------------------------------------------------- Current status: BOF WG Chairs: Dave Thaler David Waltermire Russ Housley Assigned Area Director: Kathleen Moriarty Security Area Directors: Kathleen Moriarty Eric Rescorla Mailing list: Address: suit@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/suit Archive: https://mailarchive.ietf.org/arch/search/?email_list=suit Group page: https://datatracker.ietf.org/group/suit/ Charter: https://datatracker.ietf.org/doc/charter-ietf-suit/ Vulnerabilities in Internet of Things (IoT) devices have raised the need for a secure firmware update mechanism that is also suitable for constrained devices. Security experts, researchers, and regulators recommend that all IoT devices be equipped with such a mechanism. While there are many proprietary firmware update mechanisms in use today, there is a lack of a modern interoperable approach of securely updating the software in IoT devices. A firmware update solution consists of several components, including: * A mechanism to transport firmware images to IoT devices. * A manifest that provides meta-data about the firmware image (such as a firmware package identifier, the hardware the package needs to run, and dependencies on other firmware packages), as well as cryptographic information for protecting the firmware image in an end-to-end fashion. * The firmware image itself. RFC 4108 provides a manifest format that uses the Cryptographic Message Syntax (CMS) to protect firmware packages. More than ten years have passed since the publication of RFC 4108, and greater experience with IoT deployments has led to additional functionality, requiring the work done with RFC 4108 to be revisited. This group will focus on defining a firmware update solution for Class 1 devices, as defined in RFC 7228, that is -- IoT devices with ~10 KiB RAM and ~100 KiB flash. The solution may apply to more capable devices as well. This group will not define any transport mechanisms. In June of 2016 the Internet Architecture Board organized a workshop on 'Internet of Things (IoT) Software Update (IOTSU)', which took place at Trinity College in Dublin, Ireland. The main goal of the workshop was to foster a discussion on requirements, challenges, and solutions for bringing software and firmware updates to IoT devices. This workshop also made clear that there are challenges with misaligned incentives and complex value chains. It is nevertheless seen as important to create standard building blocks that help interested parties implement and deploy a solid firmware update mechanism. In particular this group aims to publish three documents, namely: * An IoT firmware update architecture that includes a description of the involved entities, security threats, and assumptions. * One or more manifest format specifications. The initial focus of this group will be development of a manifest approach based on CMS and the ASN.1 encoding. This work will result in a revision of RFC 4108 that reflects the current best practices. Use of the ASN.1 encoding is desirable due to existing ASN.1 support in crypto libraries used within current IoT operating systems. The group may later adopt alternate manifest formats using other serialization approaches (e.g., CBOR). This group does not aim to create a standard for a generic software update mechanism for use by rich operating systems, like Linux, but instead this group will focus on software development practices in the embedded industry. "Software update solutions that target updating software other than the firmware binary (e.g. updating scripts) are also out of scope. This group will aim to maintain a close relationship with silicon vendors and OEMs that develop IoT operating systems. Milestones: Dec 2017 - Adopt RFC 4108bis document as WG item. Dec 2017 - Adopt "Architecture" document as WG item. Dec 2017 - Adopt "Manifest Format" specification as WG item. Jan 2018 - Adopt "Architecture" to the IESG for publication as an Informational RFC. Mar 2018 - Calendar item: Release initial version of the manifest creation tools as open source. Apr 2018 - Calendar item: Release first version of manifest test tools as open source. Jun 2018 - Calendar item: Release first IoT OS implementation of firmware update mechanisms as open source. Nov 2018 - Submit RFC 4108bis document to the IESG for publication as a Proposed Standard. Nov 2018 - Submit "Manifest Format" to the IESG for publication as a Proposed Standard. _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work From nobody Wed Nov 8 06:15:53 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E981126FDC; Wed, 8 Nov 2017 06:15:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A6XLSK5pJJt0; Wed, 8 Nov 2017 06:15:44 -0800 (PST) Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E595126D45; Wed, 8 Nov 2017 06:15:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=23742; q=dns/txt; s=VRSN; t=1510150543; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=9NkGWLDF2GZRBxEjt6sLs/XSl+XtR4ECrsW9NmcP5Qo=; b=EUsuQvm8M6U+rKnk9lbfr5OPHz5/uyHK4ijU/X7WHhbpSPQ7PpHH5xNs osVFRpL15MqNAR6Y7h4EmOs1L0X0hmGTsD3shL1HFLXnAiJ/ukFoaN/L4 4fpJZn0SRHuCpJcYhAC8OP4FYy10h64fbvO1+O4dA2vU0WCa5RuRM0ILh H7M97MkG6Itk5+5bnXygLn08s3vBidOSXWEiHSFiCrg8Mj//v2C23SW2J 5D8XZe/im8cBcr/8oGLZijMI8Dkc3f+x6sp2dlH8dSyUCk310lxLxzDDj IiD3ZzF344tsFua7iMA3B0WUYuTcJSTwd6ySXAOX7GPbXUlssl1nXJNyY g==; X-IronPort-AV: E=Sophos;i="5.44,364,1505779200"; d="png'150?scan'150,208,217,150";a="5124720" IronPort-PHdr: =?us-ascii?q?9a23=3AtD/WkR9vFZyIiP9uRHKM819IXTAuvvDOBiVQ1KB+?= =?us-ascii?q?0e8XIJqq85mqBkHD//Il1AaPBtSLraocw8Pt8InYEVQa5piAtH1QOLdtbDQizf?= =?us-ascii?q?ssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1?= =?us-ascii?q?JuPoEYLOksi7ze6/9pnQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeu?= =?us-ascii?q?BWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbO?= =?us-ascii?q?SxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiS?= =?us-ascii?q?cIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyeKfhwcb7Hfd4CRWRPQNtfVzBPDI2/?= =?us-ascii?q?YYsADeQOPedEoIbyvFYOtweyBQy2Ce/z0DJFhHn71rA63eQ7FgHG2RQtE9wPvn?= =?us-ascii?q?TTsdX1MLodXfiox6fM1zrDau1Z2Szz5IPVdR0ho/6MXbVtccrV1EYiDB3FgUuK?= =?us-ascii?q?qYzkJDOV1+sNs26B4+V8UuKvjncqpgdsqTahwccsj5PGhoMTyl3c6yV23pw1Jd?= =?us-ascii?q?yjSE56bt6kFoFcuD2dN4tzWs8iXX9nuDw7yr0duJ67cy4KyJUhxxHDcfCIb4+I?= =?us-ascii?q?4hflWe2MIjl4nGpodK+jixqo7EStyOPxWtOp3FtKoCdJiMfAu38N2hDL98SLVu?= =?us-ascii?q?Fx8lqj1DqTzQzf9+5JLEMumabGKJMsxKM7mIAJvkTZBCD2nV37jKqRdko55Oel?= =?us-ascii?q?8//nYrD6pp+EMI90lx3+PrwumsOhBeQ4NRADUHOB+eS6ybHj+UL4QLBQgf03lq?= =?us-ascii?q?nZt43aJdgHqqKnGQNVzJgs6wy+Dze90dQYkn8HIEhZdxKAiojlI1DOIPbmAvej?= =?us-ascii?q?m1mgjStny+rbMrDjDJjBNGXPnbfvcLpn9UJRxwo+wcha551OC7EBJPzzWlX2tN?= =?us-ascii?q?zdFhI5MQO0w+H6CNV5y4wTQnyPDbGDMKPTql+I5+0vI++WaIAJvzb9LuAp5+Ty?= =?us-ascii?q?gn8hhV8dYa6p0IMMaH+mAvtpPkSZYWD3j9cAD2gKogQ+QPbtiF2YXj5Zf2yyUL?= =?us-ascii?q?4k5jEnFIKmCp/ORoGzj7ya0ye2BZxWaX5aClCCC3vocJ+EW/gUYiKIPsBhiiAE?= =?us-ascii?q?VaSmS4I5yB6urhX1y7R7LubN+y0Xq47j1NZs6+3Jix4y+iJ7DsuB022US2F7hH?= =?us-ascii?q?4IRzkq06B/uUx9yk2M0bNmjPBCD9NT4/dJXxw7NZHC0+x6Bcr+WgXbfteGUFym?= =?us-ascii?q?WMmpASktTtItxN8De0J9G9KkjhDd3iqlH7wVm6aKBJMq7qLc0WP8J8l4y3nc1a?= =?us-ascii?q?khi0MqTddINW2j1eZD8F34B5TIiA29kKC0dK8flHrJ82GdzGGN+kBVTABYXqDM?= =?us-ascii?q?XHRZbUzT+5CxrE/YRrGyTLUqLgUE08ONJ7tWL9ngkFNNRO/jMc/TJWu1n0+xCA?= =?us-ascii?q?qGgLSWY8CiL2kH1SvBTUkJjw5W53uJOBgiQyOovmTVDCRuHEniJUro9cF/pW+1?= =?us-ascii?q?CEguwFfOJwdg2qG60h8YmfLaTOkclPpQuSo6pB11EUqzmdXMBIzE70B6ca5QYM?= =?us-ascii?q?kV4Vpb2yTerQM3dsi7Iqtuh0Q2cglrsQXpzRohWatals1/5lwt0Q5+beq62VZM?= =?us-ascii?q?bHnQiZL/PaDTJkHs8QqucK/Z3BfV19PAqfRH0+gxt1i25FLhLUEl6XgyloANi3?= =?us-ascii?q?Y=3D?= X-IPAS-Result: =?us-ascii?q?A2F4AQCTEANa//WZrQpaAxsBAQEBAwEBAQkBAQGCREKBEoE?= =?us-ascii?q?VB4N2m0CCfoVXj0VDBwECH4UcAhqFJRQBAQEBAQEBAQEBAoEQgjgkAQ1HIQUBM?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAdBAQEYAQEBAQI?= =?us-ascii?q?BBQEdAggBUAsCAQgNBAMBAgYBAQEiAgICBRABCQUMHQgCBAERAQYIiX0DDallg?= =?us-ascii?q?icmhyENg0gBAQEBAQEBAQEBAQEBAQEBAQEBAQEOD4Mwg1yBaCmDAYJrghQtCQE?= =?us-ascii?q?mgk4xgjIFkWGPfDcGAoZkAYEAiB6HbZBEjGg6iFICBAsCGQGBOTZkgS96FXYBg?= =?us-ascii?q?jYJhFZ3iwyBEQEBAQ?= Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id vA8EFfiY013960 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 8 Nov 2017 09:15:41 -0500 Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Wed, 8 Nov 2017 09:15:40 -0500 From: "Gould, James" To: Chris Lonvick , "draft-ietf-regext-launchphase.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" Thread-Topic: [EXTERNAL] SECDIR review of draft-ietf-regext-launchphase Thread-Index: AQHTVJKxCXr/kImkrE6FdroWCcJjY6MKjwAA Date: Wed, 8 Nov 2017 14:15:40 +0000 Message-ID: References: <59FC4BC7.2040707@gmail.com> In-Reply-To: <59FC4BC7.2040707@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.1f.0.170216 x-originating-ip: [10.170.148.18] Content-Type: multipart/related; boundary="_004_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_"; type="multipart/alternative" MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf-regext-launchphase X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Nov 2017 14:15:46 -0000 --_004_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_ Content-Type: multipart/alternative; boundary="_000_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_" --_000_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Q2hyaXMsDQoNClRoYW5rIHlvdSBmb3IgdGhlIHJldmlldyBhbmQgZmVlZGJhY2suICBJIHJlc3Bv bmQgdG8geW91IGZlZWRiYWNrIGJlbG93Og0KDQo+IEkgZm91bmQgaW4gdGhlIHNlY3Rpb24gb2Yg Q29udmVudGlvbnMgVXNlZCBpbiB0aGlzIERvY3VtZW50LCBzZXZlcmFsIFhNTCB0ZXJtcyBhcmUg ZGVmaW5lZCB3aXRoIGVhY2ggY29udGFpbmluZyBhbiBhZGRlbmR1bSBzaW1pbGFyIHRvLCAiVGhl IFhNTCBuYW1lc3BhY2UgcHJlZml4IFt4eHhdIGlzIHVzZWQsIGJ1dCBpbXBsZW1lbnRhdGlvbnMg TVVTVCBOT1QgZGVwZW5kIG9uIGl0IGFuZCBpbnN0ZWFkIGVtcGxveSBhIHByb3BlciBuYW1lc3Bh Y2UtYXdhcmUgWE1MIHBhcnNlciBhbmQgc2VyaWFsaXplcg0KPiB0byBpbnRlcnByZXQgYW5kIG91 dHB1dCB0aGUgWE1MIGRvY3VtZW50cy4iIEkgdGhpbmsgdGhhdCBpdCB3b3VsZCBiZSBhcHByb3By aWF0ZSB0byBoYXZlIGEgc3VtbWFyeSBzdGF0ZW1lbnQgY292ZXJpbmcgdGhlc2UgaW4gdGhlIFNl Y3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24uDQoNClRoZSBzdGF0ZW1lbnQgcmVsYXRlZCB0 byB0aGUgWE1MIG5hbWVzcGFjZSBwcmVmaXggaXMgbm90IHNlY3VyaXR5IHJlbGF0ZWQgYnV0IGlz IGFuIFhNTCBiZXN0IHByYWN0aWNlIGZvciBpbnRlcm9wZXJhYmlsaXR5LiAgVGhlIFhNTCBuYW1l c3BhY2UgcHJlZml4ZXMgY2hvc2VuICjigJxsYXVuY2jigJ0sIOKAnHNtZOKAnSwg4oCcbWFya+KA nSkgaW4gdGhlIGRyYWZ0IGFyZSBmb3IgaWxsdXN0cmF0aW9uIHB1cnBvc2VzIG9ubHkgYW5kIG11 c3Qgbm90IGJlIHN0YXRpY2FsbHkgZGVmaW5lZCBkZXBlbmRlbmNpZXMgaW4gdGhlIGltcGxlbWVu dGF0aW9ucyB0byBlbnN1cmUgdGhhdCB0aGUgY2xpZW50cyBjYW4gY2hvc2UgWE1MIG5hbWVzcGFj ZSBwcmVmaXhlcyBmb3IgdGhlIGNvbW1hbmRzIHRoYXQgbWF5IG5vdCBtYXRjaCB0aGUgZHJhZnQg YW5kIHRoYXQgd2lsbCBiZSBzdXBwb3J0ZWQgYnkgdGhlIHNlcnZlci4gIFRoZSBzYW1lIGhvbGRz IHRydWUgZm9yIHRoZSBzZXJ2ZXIgYmVpbmcgYWJsZSB0byBjaG9zZSBYTUwgbmFtZXNwYWNlIHBy ZWZpeGVzIGZvciB0aGUgcmVzcG9uc2VzIHRoYXQgbWF5IG5vdCBtYXRjaCB0aGUgZHJhZnQgdGhh dCB3aWxsIGJlIHN1cHBvcnRlZCBieSB0aGUgY2xpZW50Lg0KDQpUaGFua3MsDQoNCuKAlA0KDQpK Rw0KDQpbaWQ6aW1hZ2UwMDEucG5nQDAxRDI1NUUyLkVCOTMzQTMwXQ0KDQpKYW1lcyBHb3VsZA0K RGlzdGluZ3Vpc2hlZCBFbmdpbmVlcg0KamdvdWxkQFZlcmlzaWduLmNvbQ0KDQo3MDMtOTQ4LTMy NzENCjEyMDYxIEJsdWVtb250IFdheQ0KUmVzdG9uLCBWQSAyMDE5MA0KDQpWZXJpc2lnbi5jb208 aHR0cDovL3ZlcmlzaWduaW5jLmNvbS8+DQoNCkZyb206IENocmlzIExvbnZpY2sgPGxvbnZpY2su aWV0ZkBnbWFpbC5jb20+DQpEYXRlOiBGcmlkYXksIE5vdmVtYmVyIDMsIDIwMTcgYXQgNjo1OCBB TQ0KVG86ICJkcmFmdC1pZXRmLXJlZ2V4dC1sYXVuY2hwaGFzZS5hbGxAaWV0Zi5vcmciIDxkcmFm dC1pZXRmLXJlZ2V4dC1sYXVuY2hwaGFzZS5hbGxAaWV0Zi5vcmc+LCAiaWVzZ0BpZXRmLm9yZyIg PGllc2dAaWV0Zi5vcmc+LCAic2VjZGlyQGlldGYub3JnIiA8c2VjZGlyQGlldGYub3JnPg0KU3Vi amVjdDogW0VYVEVSTkFMXSBTRUNESVIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtcmVnZXh0LWxhdW5j aHBoYXNlDQpSZXNlbnQtRnJvbTogPGFsaWFzLWJvdW5jZXNAaWV0Zi5vcmc+DQpSZXNlbnQtVG86 IEphbWVzIEdvdWxkIDxqZ291bGRAdmVyaXNpZ24uY29tPiwgV2lsIFRhbiA8d2lsQGNsb3VkcmVn aXN0cnkubmV0PiwgR2F2aW4gQnJvd24gPGdhdmluLmJyb3duQGNlbnRyYWxuaWMuY29tPiwgPGll dGZAYW50b2luLm5sPiwgPGdhbHZpbkBlbGlzdHguY29tPiwgPGJlbkBub3N0cnVtLmNvbT4sIDxh ZGFtQG5vc3RydW0uY29tPiwgPGFhbWVsbmlrb3ZAZmFzdG1haWwuZm0+LCBVbHJpY2ggV2lzc2Vy IDx1bHJpY2hAd2lzc2VyLnNlPiwgPHVscmljaEB3aXNzZXIuc2U+DQpSZXNlbnQtRGF0ZTogRnJp ZGF5LCBOb3ZlbWJlciAzLCAyMDE3IGF0IDY6NTggQU0NCg0KSGksDQoNCkkgaGF2ZSByZXZpZXdl ZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25n b2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQg YnkgdGhlIElFU0cuIFRoZXNlIGNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRo ZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4gRG9jdW1lbnQgZWRpdG9y cyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0IGxpa2UgYW55 IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4gVGhlIHN1bW1hcnkgb2YgdGhlIHJldmlldyBpcyBS ZWFkeSB3aXRoIE5pdHMuDQoNClRoZSBhYnN0cmFjdCBkZXNjcmliZXMgdGhlIHNwZWNpZmljYXRp b24gYXM6IFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGFuIEV4dGVuc2libGUgUHJvdmlzaW9uaW5n IFByb3RvY29sIChFUFApIGV4dGVuc2lvbiBtYXBwaW5nIGZvciB0aGUgcHJvdmlzaW9uaW5nIGFu ZCBtYW5hZ2VtZW50IG9mIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbnMgYW5kIGFwcGxpY2F0aW9u cyBkdXJpbmcgdGhlIGxhdW5jaCBvZiBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJ5Lg0KDQpJIGFtIG5v dCBmYW1pbGlhciB3aXRoIHRoaXMgbGluZSBvZiB3b3JrLiBJbiBteSByZXZpZXcsIEkgZm91bmQg aW4gdGhlIHNlY3Rpb24gb2YgQ29udmVudGlvbnMgVXNlZCBpbiB0aGlzIERvY3VtZW50LCBzZXZl cmFsIFhNTCB0ZXJtcyBhcmUgZGVmaW5lZCB3aXRoIGVhY2ggY29udGFpbmluZyBhbiBhZGRlbmR1 bSBzaW1pbGFyIHRvLCAiVGhlIFhNTCBuYW1lc3BhY2UgcHJlZml4IFt4eHhdIGlzIHVzZWQsIGJ1 dCBpbXBsZW1lbnRhdGlvbnMgTVVTVCBOT1QgZGVwZW5kIG9uIGl0IGFuZCBpbnN0ZWFkIGVtcGxv eSBhIHByb3BlciBuYW1lc3BhY2UtYXdhcmUgWE1MIHBhcnNlciBhbmQgc2VyaWFsaXplciB0byBp bnRlcnByZXQgYW5kIG91dHB1dCB0aGUgWE1MIGRvY3VtZW50cy4iIEkgdGhpbmsgdGhhdCBpdCB3 b3VsZCBiZSBhcHByb3ByaWF0ZSB0byBoYXZlIGEgc3VtbWFyeSBzdGF0ZW1lbnQgY292ZXJpbmcg dGhlc2UgaW4gdGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24uDQoNClRoZSBTZWN1 cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9uIGFwcGVhcnMgYXBwcm9wcmlhdGUgZm9yIHRoZSBj b250ZW50cyBhbmQgbm9ybWF0aXZlIHJlZmVyZW5jZXMuDQoNClJlZ2FyZHMsDQpDaHJpcw0KDQo= --_000_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_ Content-Type: text/html; charset="utf-8" Content-ID: <6A3FAC14151BDC4687D3AEB89CAEDD7E@verisign.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxuczptdj0iaHR0cDovL21hY1ZtbFNj aGVtYVVyaSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnL1RSL1JFQy1odG1sNDAiPg0KPGhlYWQ+ DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hh cnNldD11dGYtOCI+DQo8bWV0YSBuYW1lPSJUaXRsZSIgY29udGVudD0iIj4NCjxtZXRhIG5hbWU9 IktleXdvcmRzIiBjb250ZW50PSIiPg0KPG1ldGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJN aWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQgbWVkaXVtKSI+DQo8IS0tW2lmICFtc29dPjxzdHls ZT52XDoqIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQpvXDoqIHtiZWhhdmlvcjp1cmwo I2RlZmF1bHQjVk1MKTt9DQp3XDoqIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQouc2hh cGUge2JlaGF2aW9yOnVybCgjZGVmYXVsdCNWTUwpO30NCjwvc3R5bGU+PCFbZW5kaWZdLS0+PHN0 eWxlPjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1p bHk6IkNvdXJpZXIgTmV3IjsNCglwYW5vc2UtMToyIDcgMyA5IDIgMiA1IDIgNCA0O30NCkBmb250 LWZhY2UNCgl7Zm9udC1mYW1pbHk6V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAg MCAwIDA7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5v c2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2Fs aWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0 aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJn aW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZv bnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsN Cgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0 aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7 bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9u OnVuZGVybGluZTt9DQpwLk1zb0xpc3RQYXJhZ3JhcGgsIGxpLk1zb0xpc3RQYXJhZ3JhcGgsIGRp di5Nc29MaXN0UGFyYWdyYXBoDQoJe21zby1zdHlsZS1wcmlvcml0eTozNDsNCgltYXJnaW4tdG9w OjBpbjsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1hcmdpbi1ib3R0b206MGluOw0KCW1hcmdpbi1s ZWZ0Oi41aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJ Zm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTcNCgl7bXNv LXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21h biI7DQoJY29sb3I6d2luZG93dGV4dDt9DQpzcGFuLm1zb0lucw0KCXttc28tc3R5bGUtdHlwZTpl eHBvcnQtb25seTsNCgltc28tc3R5bGUtbmFtZToiIjsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJs aW5lOw0KCWNvbG9yOnRlYWw7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhw b3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6 ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5X b3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAq Lw0KQGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6MTA3ODE4MTI2Ow0KCW1zby1saXN0LXR5cGU6aHli cmlkOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczoxMTA5NzA1MDM0IC02MzUzMDUyOTAgNjc2OTg2 OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEg Njc2OTg2OTM7fQ0KQGxpc3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1zdGFydC1hdDo2OTsNCglt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674OYOw0KCW1z by1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzOw0KCW1zby1mYXJl YXN0LWZvbnQtZmFtaWx5OkNhbGlicmk7DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5l dyBSb21hbiI7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1 bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9u dC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNvLWxldmVsLW51 bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFi LXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl bnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDQNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCglt c28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7 DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDps ZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0 Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXci O30NCkBsaXN0IGwwOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1p bHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47 DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJ bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0Kb2wNCgl7 bWFyZ2luLWJvdHRvbTowaW47fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KLS0+PC9zdHls ZT4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIiBsYW5nPSJFTi1VUyIgbGluaz0iIzA1 NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPkNocmlzLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGFuayB5b3Ug Zm9yIHRoZSByZXZpZXcgYW5kIGZlZWRiYWNrLiZuYnNwOyBJIHJlc3BvbmQgdG8geW91IGZlZWRi YWNrIGJlbG93OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mZ3Q7IEkgZm91bmQgaW4gdGhlIHNl Y3Rpb24gb2YgQ29udmVudGlvbnMgVXNlZCBpbiB0aGlzIERvY3VtZW50LCBzZXZlcmFsIFhNTCB0 ZXJtcyBhcmUgZGVmaW5lZCB3aXRoIGVhY2ggY29udGFpbmluZyBhbiBhZGRlbmR1bSBzaW1pbGFy IHRvLCAmcXVvdDtUaGUgWE1MIG5hbWVzcGFjZSBwcmVmaXggW3h4eF0gaXMgdXNlZCwgYnV0IGlt cGxlbWVudGF0aW9ucyBNVVNUIE5PVCBkZXBlbmQgb24gaXQgYW5kIGluc3RlYWQgZW1wbG95DQog YSBwcm9wZXIgbmFtZXNwYWNlLWF3YXJlIFhNTCBwYXJzZXIgYW5kIHNlcmlhbGl6ZXIgPG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mZ3Q7IHRvIGludGVycHJldCBhbmQgb3V0 cHV0IHRoZSBYTUwgZG9jdW1lbnRzLiZxdW90OyBJIHRoaW5rIHRoYXQgaXQgd291bGQgYmUgYXBw cm9wcmlhdGUgdG8gaGF2ZSBhIHN1bW1hcnkgc3RhdGVtZW50IGNvdmVyaW5nIHRoZXNlIGluIHRo ZSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9uLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+VGhlIHN0YXRlbWVudCByZWxhdGVkIHRvIHRoZSBYTUwgbmFtZXNwYWNlIHByZWZp eCBpcyBub3Qgc2VjdXJpdHkgcmVsYXRlZCBidXQgaXMgYW4gWE1MIGJlc3QgcHJhY3RpY2UgZm9y IGludGVyb3BlcmFiaWxpdHkuJm5ic3A7IFRoZSBYTUwgbmFtZXNwYWNlIHByZWZpeGVzIGNob3Nl biAo4oCcbGF1bmNo4oCdLCDigJxzbWTigJ0sIOKAnG1hcmvigJ0pIGluIHRoZSBkcmFmdCBhcmUg Zm9yIGlsbHVzdHJhdGlvbiBwdXJwb3NlcyBvbmx5IGFuZA0KIG11c3Qgbm90IGJlIHN0YXRpY2Fs bHkgZGVmaW5lZCBkZXBlbmRlbmNpZXMgaW4gdGhlIGltcGxlbWVudGF0aW9ucyB0byBlbnN1cmUg dGhhdCB0aGUgY2xpZW50cyBjYW4gY2hvc2UgWE1MIG5hbWVzcGFjZSBwcmVmaXhlcyBmb3IgdGhl IGNvbW1hbmRzIHRoYXQgbWF5IG5vdCBtYXRjaCB0aGUgZHJhZnQgYW5kIHRoYXQgd2lsbCBiZSBz dXBwb3J0ZWQgYnkgdGhlIHNlcnZlci4mbmJzcDsgVGhlIHNhbWUgaG9sZHMgdHJ1ZSBmb3IgdGhl IHNlcnZlciBiZWluZw0KIGFibGUgdG8gY2hvc2UgWE1MIG5hbWVzcGFjZSBwcmVmaXhlcyBmb3Ig dGhlIHJlc3BvbnNlcyB0aGF0IG1heSBub3QgbWF0Y2ggdGhlIGRyYWZ0IHRoYXQgd2lsbCBiZSBz dXBwb3J0ZWQgYnkgdGhlIGNsaWVudC4mbmJzcDsNCjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5U aGFua3MsPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPuKAlDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5KRzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YnI+DQo8 aW1nIHdpZHRoPSI3MyIgaGVpZ2h0PSI2NCIgaWQ9Il94MDAwMF9pMTAyNSIgc3JjPSJjaWQ6aW1h Z2UwMDEucG5nQDAxRDM1ODcyLjJBOEE5RTgwIiBhbHQ9ImlkOmltYWdlMDAxLnBuZ0AwMUQyNTVF Mi5FQjkzM0EzMCI+PGJyPg0KPGJyPg0KPGI+SmFtZXMgR291bGQ8YnI+DQo8L2I+RGlzdGluZ3Vp c2hlZCBFbmdpbmVlcjxicj4NCjxhIGhyZWY9Impnb3VsZEBWZXJpc2lnbi5jb20iPjxzcGFuIHN0 eWxlPSJjb2xvcjojMDU2M0MxIj5qZ291bGRAVmVyaXNpZ24uY29tPC9zcGFuPjwvYT48YnI+DQo8 YnI+DQo3MDMtOTQ4LTMyNzE8YnI+DQoxMjA2MSBCbHVlbW9udCBXYXk8YnI+DQpSZXN0b24sIFZB IDIwMTkwPGJyPg0KPGJyPg0KPGEgaHJlZj0iaHR0cDovL3ZlcmlzaWduaW5jLmNvbS8iPjxzcGFu IHN0eWxlPSJjb2xvcjojMDU2M0MxIj5WZXJpc2lnbi5jb208L3NwYW4+PC9hPg0KPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXYg c3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5n OjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t bGVmdDouNWluIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q2FsaWJyaTtjb2xvcjpibGFj ayI+RnJvbToNCjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNhbGlicmk7Y29s b3I6YmxhY2siPkNocmlzIExvbnZpY2sgJmx0O2xvbnZpY2suaWV0ZkBnbWFpbC5jb20mZ3Q7PGJy Pg0KPGI+RGF0ZTogPC9iPkZyaWRheSwgTm92ZW1iZXIgMywgMjAxNyBhdCA2OjU4IEFNPGJyPg0K PGI+VG86IDwvYj4mcXVvdDtkcmFmdC1pZXRmLXJlZ2V4dC1sYXVuY2hwaGFzZS5hbGxAaWV0Zi5v cmcmcXVvdDsgJmx0O2RyYWZ0LWlldGYtcmVnZXh0LWxhdW5jaHBoYXNlLmFsbEBpZXRmLm9yZyZn dDssICZxdW90O2llc2dAaWV0Zi5vcmcmcXVvdDsgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7LCAmcXVv dDtzZWNkaXJAaWV0Zi5vcmcmcXVvdDsgJmx0O3NlY2RpckBpZXRmLm9yZyZndDs8YnI+DQo8Yj5T dWJqZWN0OiA8L2I+W0VYVEVSTkFMXSBTRUNESVIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtcmVnZXh0 LWxhdW5jaHBoYXNlPGJyPg0KPGI+UmVzZW50LUZyb206IDwvYj4mbHQ7YWxpYXMtYm91bmNlc0Bp ZXRmLm9yZyZndDs8YnI+DQo8Yj5SZXNlbnQtVG86IDwvYj5KYW1lcyBHb3VsZCAmbHQ7amdvdWxk QHZlcmlzaWduLmNvbSZndDssIFdpbCBUYW4gJmx0O3dpbEBjbG91ZHJlZ2lzdHJ5Lm5ldCZndDss IEdhdmluIEJyb3duICZsdDtnYXZpbi5icm93bkBjZW50cmFsbmljLmNvbSZndDssICZsdDtpZXRm QGFudG9pbi5ubCZndDssICZsdDtnYWx2aW5AZWxpc3R4LmNvbSZndDssICZsdDtiZW5Abm9zdHJ1 bS5jb20mZ3Q7LCAmbHQ7YWRhbUBub3N0cnVtLmNvbSZndDssICZsdDthYW1lbG5pa292QGZhc3Rt YWlsLmZtJmd0OywgVWxyaWNoIFdpc3NlciAmbHQ7dWxyaWNoQHdpc3Nlci5zZSZndDssDQogJmx0 O3VscmljaEB3aXNzZXIuc2UmZ3Q7PGJyPg0KPGI+UmVzZW50LURhdGU6IDwvYj5GcmlkYXksIE5v dmVtYmVyIDMsIDIwMTcgYXQgNjo1OCBBTTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbi1sZWZ0Oi41aW4iPkhpLDxicj4NCjxicj4NCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3Vt ZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQg dG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cu IFRoZXNlIGNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9m IHRoZSBzZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4gRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hh aXJzDQogc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFz dCBjYWxsIGNvbW1lbnRzLiBUaGUgc3VtbWFyeSBvZiB0aGUgcmV2aWV3IGlzIFJlYWR5IHdpdGgg Tml0cy48YnI+DQo8YnI+DQpUaGUgYWJzdHJhY3QgZGVzY3JpYmVzIHRoZSBzcGVjaWZpY2F0aW9u IGFzOiBUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyBhbiBFeHRlbnNpYmxlIFByb3Zpc2lvbmluZyBQ cm90b2NvbCAoRVBQKSBleHRlbnNpb24gbWFwcGluZyBmb3IgdGhlIHByb3Zpc2lvbmluZyBhbmQg bWFuYWdlbWVudCBvZiBkb21haW4gbmFtZSByZWdpc3RyYXRpb25zIGFuZCBhcHBsaWNhdGlvbnMg ZHVyaW5nIHRoZSBsYXVuY2ggb2YgYSBkb21haW4gbmFtZSByZWdpc3RyeS48YnI+DQo8YnI+DQpJ IGFtIG5vdCBmYW1pbGlhciB3aXRoIHRoaXMgbGluZSBvZiB3b3JrLiBJbiBteSByZXZpZXcsIEkg Zm91bmQgaW4gdGhlIHNlY3Rpb24gb2YgQ29udmVudGlvbnMgVXNlZCBpbiB0aGlzIERvY3VtZW50 LCBzZXZlcmFsIFhNTCB0ZXJtcyBhcmUgZGVmaW5lZCB3aXRoIGVhY2ggY29udGFpbmluZyBhbiBh ZGRlbmR1bSBzaW1pbGFyIHRvLCAmcXVvdDtUaGUgWE1MIG5hbWVzcGFjZSBwcmVmaXggW3h4eF0g aXMgdXNlZCwgYnV0IGltcGxlbWVudGF0aW9ucyBNVVNUDQogTk9UIGRlcGVuZCBvbiBpdCBhbmQg aW5zdGVhZCBlbXBsb3kgYSBwcm9wZXIgbmFtZXNwYWNlLWF3YXJlIFhNTCBwYXJzZXIgYW5kIHNl cmlhbGl6ZXIgdG8gaW50ZXJwcmV0IGFuZCBvdXRwdXQgdGhlIFhNTCBkb2N1bWVudHMuJnF1b3Q7 IEkgdGhpbmsgdGhhdCBpdCB3b3VsZCBiZSBhcHByb3ByaWF0ZSB0byBoYXZlIGEgc3VtbWFyeSBz dGF0ZW1lbnQgY292ZXJpbmcgdGhlc2UgaW4gdGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNl Y3Rpb24uPGJyPg0KPGJyPg0KVGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24gYXBw ZWFycyBhcHByb3ByaWF0ZSBmb3IgdGhlIGNvbnRlbnRzIGFuZCBub3JtYXRpdmUgcmVmZXJlbmNl cy48YnI+DQo8YnI+DQpSZWdhcmRzLDxicj4NCkNocmlzPGJyPg0KPGJyPg0KPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_-- --_004_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=4111; creation-date="Wed, 08 Nov 2017 14:15:40 GMT"; modification-date="Wed, 08 Nov 2017 14:15:40 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAEkAAABACAIAAADZHs1DAAAP1ElEQVRoBe2aa3CU1RnHN3vLJtmQ hEtiwlUBtZUUCiU6tU7wVhinjOB0xmJnFIdpO1Y6DY586Iwdo36gLc4Iip3pVAL9IKjTDnhDEEWC 1GoICHLRctEkXHIPuZHr7qa/c553T152N9lsNvnWM5nDec97Ls//+T+X854lZWBgwDFuRRaXOiUl hX2kHrcNr1vYfd1T0g/ACIVCQV0CgQD/8miwOZ1Ol8vldrupKTyOK9QU2ThpUA4w9Pf39/X19fT0 UCsYYHA6QcLiYKCwF2MEMNh8Pp/X6/V4PAxOXoDoFcYAG7ICplsXNvClpSFvipAimGy1wQmrMgV4 aUzxekEbLV8yPUlhE66u6YJkqT6fMjKDyjRs2GgaeNKA587OTqZnZGSMLYejx4biEautrQ3eUlNT LUiCx6AyjWHhAbKrqwuEwMNQxYyTYUzmjhIbboMo7e3tyIwoMYA5nZ+duXiyur6ju88u5ZL5s+ff mJ+TmUan4JUGNVbQ2tqKNvx+PwTaZ42uPRpseBeoYMygUvRoijp7AnuPXdhz9PyeyvPI7khxqtoU yTcDofk35j1674LH7luY7U8zVsoo2qgMc5gwYQIeaOaNrpEwNoCBqraujgBALDeoOnr6X9t/4rX9 x9t7gg6Xx+F0K1QEQOBRFKoBVYdCjoGgI6T+MtO9j9+74Nlf3gNChhiQHR0dwMvKykoSXmLYMEUY u3T5MoyxMZEDbJTK81fWlR242NrrcHsdToBpSBZpsKeps0gDocYWDDhC6i8zzbO9ZOWKH38/Ah5K hL1kjDMBbMQMDKa6pgaE6enpggp4r+z5cvOeLx0en6bLpRkTbIKKWjGnijoCgQ3qdB3sdwR6FcJg 8NF7Crc99XNeG/ZQIvkQ3xt1bhgpNrYhlMFYY0NDVna2Bczp/MPrh3dVVjncAHOrvxSwuSw3U3SF SVPIxDKpBVuYQOABMtg3f+aUA39aY/fApqYmLB89CmBZY+T1SA8EcIWb1dfXk8QIaFIUsKM1Dk+a w+1xuLQ1Ag9s1p9uC9rBTk2sUoRLq8Ojp6cy/UR100MvvK41oPkdGMjJySF3svXI8dhHjggbSDhD ED8wSxgTYLsqLihgbsRCULBp3gghBobyN5AY33NalKoeuA2rgInYs1rHU37m4rq/vW/gsReZk63Z 0S70CNsjwiakNTU2etxuAXax5dpf3juuuBJgFiQtPdgUKv3n1DZpPdrawFPDwvBoW/C8L79bceD4 eQOPcELMHB118bHhab29vYq0UIhjvGB77p+VHeRk7MpCIn5lgobRrHY5noCnQgrD5JX5sJJOPZ0Y q/h3rdn0NpsaePgbAkiPWXckjfjfOJytMHrcmngltnGsqqmyqllZUYozK82z4MY8tZNYmtnT6T5+ saWtV1DpXuARRYLB4ltyVWw0hZRA4VDS1Xfiu3pe1TR3vLDz4B9XLSGEAIlw0tzcTJ1oPoiPDXto uXoVzfkzM/kyQ4y/f3JW0QVpig3H7vXLJfkqEW3l4OlLd/95n7JbU0KB4rkTDz6z3HTYGyVlH5+o alTjQ6FtHx575hfFvAUeXodaESNRbHFsErWRQxsaGpRBpqRQX2ru/LKmRScxZZBtnd0lr31oF9G0 l9w2rfjmXJWppdDo79n+xL1mgL1RVd+6+f1jWmUq9dc0tb/z+TfsTmEYB2jEkLZ91vDtONgwQhgj ZavPaf1N/enZegUM3uTP7f3Hga8OnqyKuc323xQ7OH9ICQaefWjRrCkTYo5c/fK7yshlTXVkc739 +RlGanQDREvEEI+IOT1mZxxsBH0WlfO+uioIhQ6dbdSuhffrUI5Aqf7SNz6NuTpInl2xQHlXKJDl CZU8sCDmsN1fnC0/16wCiVqTU6jS3cGvqoUoakk87B9z+lCdcbChKoAJY7SBV9PUobMTE3VwQ9Me X/nXtds/Ph5zj5JlhVk+J2erTY/+JDvDF3tM2ceaNI41kjzw5BTMsrWzx8DD8caBt76+YEDZlaYt 1N4bUqo1fyBE39700rf+09rZHS16dkbqplWL5xf4Vy9Rp+HoUvrG4eo2/emgzmgUWVzBO/Fdrdgk vZjlGPPG0nClCVP1uXpIE6qtPKVBOtF6dUv3pt2faeEiK1Bt/+39kb36ufVaz6YPz6jEDf+WvvQL Mor+WhVsSozwfVnMdWJ2DpcDZF0MElj9+kKuvZuERdEJ16p1B/nAk/bcv46svn/RrLxs3XVdBaUp KzYoR7UX1IS7qg+I62+BLALVUGSQGQbkyM/N129m31jnFukQ3kBoey9bWhuTudWXmze9ZOsQ+aBw 1oN3znOkZTsyJg3+pecQh3QCDFvB4AaqR1NlgZI3IwfG+OGwqdda0xg6qRPjnJGdqveIAKb7OBx6 fG8frR4qH2xaXZzl12diuDJ/KjbiYNevqriytGboMsLooSOq4mBDT1wbWLwFgz5sx3xZyh1B2GaU fDqolJR9FHNn8kHJT2+77rRlH6ew8EUnqHRjYGD65Ex1Ka0Lyk2INJaLg43DzqRJk8BG4WQAgd/L y9ASKFfQsoWl4UH7z4lL7cPkg5k5sdKAAFPLWahYnNuU6ZMnWDFkYEBpOcIt9fbDVHGwyRcUVyNg 6+ntxeVmT0pVx6jBb2cjjd6FtOtJKyk7MFQ+KF35Qz6xBwViHWV++m9wzRD03nXrVIs09tZxUhxk cG68VhxsqIrEkpOdDWPwxi43TUzVt1TcC+g/uyHRxnncqW39rtK3hsgHxbfOn04g1WFJARNcRkE0 9LKh4AOL5hjSerq7EWOMecMSIC0/Px9UwOMzceE0/+QMtyUBcqg7Of5EOK1Jwo/Ht/m9So6/0Zol oVXVNmueBJidNFmKNdVF2LKFsxVvmjTUihhj7G8GG1KyC2dLEN4xw69ub7QEgyAlDIgT6qCijr9R pfTNf7f1Ch4YE1O0kabW5Nqr/+E7b8HfLN50Khh7bMjGVSQ2mX/DDRBHsEKFS+dOSHMNqAO+OgSL 74VVrkxUZUYss/ybuoh8UNXYvnnfaXUNQRkExly9iFpKX10G+p56sMgAQ6EYJGJEKSpORxx/YzZW zlf9DwoL+aUQeHyDp7oGfnW7/nYWNataY6OWBtN0UFm95QP7/qu37FUpnnAKfqWFsEbURI0KfQFs +aJpE/3GIFEoAiTqbEoE+95DtbGHvLy8adOmCTwunublehfc4NWWGWZPtG6FUO1Lbm91c9emdypk WT7DYVJhpoijGkiWjrilDMzLz/j9zxYpLwt7mvwEOZRsw/SPCBs649ejosWLyePA69W/jD6+aNL0 TKe+NhV42j5F/cKeTnelbx6WfKDcT04h8lZpQXOlv+5knUxP8K+/vl9QCTyiCVuPgjQwu0pLS4eB Lq+IKOQWNiDF1dXVYVB89fi8njtmZp6u62rvjfpk5IwiQcXh6O3rr2u6WtXQ/mZFtcKmStjBFHth eMFApjuwY+19N+XlMEIdwrjCCAYzMzPBlmhmU5uwAIqRVtyaKNLS0rJv//5Lly6xGT/iZPj9AYfr xU8bLnaElNzqRkDukuUTUx8TddxT0UUNIHnoqIizKfYEWBBVwdi2J+6bN30SK8tPKMjD3dbEiRPx iLiyxRyQADa0QH6rra19b88efkayw3v3m7aPLnQp0YmB6kssjA1IFKU+/cVptXUUUf7JlZ6y5x/N yN782J1ZGT4FTBcuDjP9fo57OFuiac3gTAAbc/ABAsmV2toP9u418Pgxghh9rrlv29Hmpi5NINjI 4NQUqa0NNWkqPMIbpAVmZPseL5774KJZYVBwlkLQz87Kys3NhTf6ramJ/5MYNtYHHj/ocM1sh+f2 eOTHpM8vdh3+ruPrhm7NXvhT2vqGYbZgA1VozpSMh4tmLl84w6CiweJYfu4UVYj7yQBjs4SxCTzY u3r16ifl5TU1NUigfkB1uVAzJkTIaekOfl3f9d/G3sbOvsZr/U3X1HVLps81c2J6flba3Dz/XTfn FWSnMYW5jBcM5DHaBfn5+FiSjLEdZTTYmCYK5grs9JkzlZWVJAaBh5QKIeda/R9nlNxadgEgtYUG VBqZOqeyXCgEpKkFBfJLt6DVEo6+GiU2NiS04PHYZ0Nj4+lTp85duECXoYIjEgg9/LcfQBqcNpaY TgEXMPhpG1Rgww6ZOOrgEaGG0WOThYRAEDa3tJw/f/7Ct98SCTQfihXT4AGcBApmCXtkTMATCfNy c/kNEVTEesZHyJfMY7LYZG/Uj7eQIQBZ39DAz6tkQvXY3W2HRxuLJeqo+D55MkdwIOGi/IgB4GRg xJw7NthkaTgUkPK5QI3R0kM/AwQkJgcSKKKmCIcxJUu+cyyxGWnEl4BEkTav8CIKCCnSNuPHqTEu 2MZJ1kSXHUvfTXTv8R7/f2zjreHxWT/hS4hkxLhy5QqHNVaYOnUqoX/4pS5wGNCFnE4CHH5wzLfu jS++eOXyZd5t2LBB9tu9e3d5eTk9a9as2bp1a/S0tWvXzp49+9VXXyVZ298iRFFR0dKlS+k0b196 6SUeQcVSJD0znpErV65kRzBs2bKF/mXLlsncYQYzbN26ddQFU6euf/ppGma6SLVz586TJ0/Sj/DO 24uKaFGki8Y5LTFJdt68efrNSCtE37t376lTp6InRABjQEVFxfPPP09+jxgMMKCKFpCBIoNf0fjN YPg4dOiQeTQNVIZRiHW4CwsLd+3axTtIWLx4Mad7oZF+M2HOnDlPPvmkeYxoGGY2btzIK4SOUAqq FVmLi4tXrFgBHlTAMFQbbZm8EskeeeQR5GFBoYKLtoh9GQmSiE4MyojqxpThFzzwtmrVKmNmdmxI tm/fPrOKWI55lAYGKQ2RLOKtPLIFPKBXZALkUGPoRyQBRhupMNdol2MjWImGZ5ZVsQSzZBBDsQex TCSw616MzcyJwIZr8UqYoQHJZqQ00KWoz74OW+BvBkDEFGEJecSm5C3jCwoKpM10BIZ8NBUx1zwq bMYsASa82UljgCjbzIloGKrpR4sYXsQAHn+3di0mhCeLwdODZDt27IjYyEzkrYyxLy6dMoaNkNau LDPXNBQ2Y5Zsb2aaETTQjTFie7+0MZivTp4UoQEW7UIyTJyNNmywkRjIZR2i7WsKIbzFaNmX6McY O3syWGgnRNkB29ehbZ1LltiUjedgRfZxfKoQD0xBOPtbTPShlSulJ1oI+omchEQizZEjR4hV9PCx J+ONl8ojtTAJIWVlZYL8iwrrZtqMkQZeE23/9jGKN4rdNuxteQsnkoLkMTpsogtmiUmDxO6rTEG1 ol2MUFaQGrvCZIyjSidWwDqMp6bYx0e3iaVoLbpfeixsGBI2I3qyR56YihH3jXBiHF0AIBDY7G8J GPDDecDIyiO7SEzCumQX4RC069evh38ZzFsEE6+jjdARg9GF/a0d5/8ActOtScHpPCkAAAAASUVO RK5CYIIAAA== --_004_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_-- From nobody Sat Nov 11 21:16:15 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FBC1128D8B; Sat, 11 Nov 2017 21:16:13 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Barry Leiba To: Cc: draft-ietf-tcpinc-tcpcrypt.all@ietf.org, tcpinc@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.65.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151046377334.30804.5873766900092971520@ietfa.amsl.com> Date: Sat, 11 Nov 2017 21:16:13 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 05:16:13 -0000 Reviewer: Barry Leiba Review result: Has Issues I’ve looked at Stephen Kent’s review and the discussion thereof, and have little to add to that. A couple of small things: 1. Section 3 says that the subsections “describes the tcpcrypt protocol at an abstract level.” There is no sense in which this description is abstract, and I’d prefer that we not try to say it is, because that gives a reader an expectation that it will be high-level, and perhaps even non-normative. Maybe this?: NEW This section provides details of the operation of the tcpcrypt protocol. The wire format of all messages is specified in Section 4. END 2. In Section 7 (IANA), you say: Tcpcrypt's TEP identifiers will need to be incorporated in IANA's "TCP encryption protocol identifiers" registry under the "Transmission Control Protocol (TCP) Parameters" registry I can find no such registry. Can you help me here, maybe give me a URL? Also, with respect to the new “tcpcrypt AEAD Algorithm" registry: Future assignments are to be made under the "RFC Required" policy Note that that policy allows for assignments to be made in any RFC stream, which includes the IRTF, the IAB, and the Independent Stream. Do you really want people to be able to send documents to the Independent Stream Editor, and to have them published and make assignments with minimal review? You might consider whether “IETF Review” is more appropriate. That allows RFCs of any type (Standards Track, Informational, Experimental, BCP), but requires that they be in the IETF stream and have a formal IETF last call. It will also help IANA if you make it clear what the valid range of values is for the “Value” column. Is 0x0000 valid? Is 0xFFFF the maximum? Explicitly saying that values must be in the range 0x0001 to 0xFFFF inclusive will be helpful. (I say this with particular note that you changed how the Value field is specified between -07 and -09, so this clearly has not even been clear to the spec developers.) From nobody Sat Nov 11 21:19:32 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EA4A128B91; Sat, 11 Nov 2017 21:19:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJGjUdtB_E1s; Sat, 11 Nov 2017 21:19:29 -0800 (PST) Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95B56128D3E; Sat, 11 Nov 2017 21:19:29 -0800 (PST) Received: by mail-pg0-x233.google.com with SMTP id l19so7784937pgo.2; Sat, 11 Nov 2017 21:19:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5VpjUPYYERkVocaodmXPQR6SmYvPX70PyPIlHugKAOo=; b=ParOv9H3AIdhNpNeHqce1QnmVKIkwXTG1JgDbQcCgacP3KCuQzZrXdlu1gPUXCIXz4 ajJ+O8qtBeMp1vjfZ+zzfpiFAJnN9aWsmb2PwEEBJC+Fz3AWYs1e9go2qo6bs9S06iuB QPllVRh4WZvMo8NAPG4C7TVPqIEMkMjxnC/ACt/pg1llRwdpBu52Tdx4CSq+rmkBUD6+ NlnswiRLIxT0Rff6u2x8QO0yCKDoutyQTArgI1IWOdVkc6Rvo0J5PJZsgX/A9SPo8gd8 Rv8l1vBoR4SEh5RFwcNdaeVUUaQ20bbzZT1Jrfsz+7RnOeJrJaA7cFC9m7LTM5gk8fiF qOJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5VpjUPYYERkVocaodmXPQR6SmYvPX70PyPIlHugKAOo=; b=GRFtK4Dtf6JwkgOKUoBj8+L9hnBkD9pkxdi2FDkeDbWsztphdYv/jsRIMJLOtQavOg DRiYIG8AhND3Qo8TlIhAaTheEdh+pV2IrN+FY+LzfWsGaknGup32XFzn8QghoINhVkbe edAKkVdl+aLKflCJ1xK0wPA/JVsDRRG0IiT2ysplYKKDSxwjeup5+6yWBLUBlHHzr3bR QNw91GzVmcmva7E4lq/NtsIBMgzoCYtcVECgs+A1CGb2M/tZYWeIrxtb4TDm6XWQLj6F yAC11aAsf3w9aX4v9laMcr+g9SwKXsvEnX9Kwoct+Q6n/f7hgUdZJ4/xZ5/YQM0YzgM4 U+Ug== X-Gm-Message-State: AJaThX7tzjM0AsiFOhW4IDhqrEq6jmQrxzUv9QTfdpcBNxxtsjjtoa+E UWA6IvFhyqEEQH9tZBhoLxd8vnBBFxmIYmlYsQk= X-Google-Smtp-Source: AGs4zMbYT8WqH4t1dIj5eBcC4JVoS8nTzmESYgs7T53gDAMnPfwWkQnsVZkEhB01Vx+vWQ7RehkeCvCUwGRZaCZ5pag= X-Received: by 10.99.117.70 with SMTP id f6mr1725266pgn.339.1510463968997; Sat, 11 Nov 2017 21:19:28 -0800 (PST) MIME-Version: 1.0 Received: by 10.100.155.9 with HTTP; Sat, 11 Nov 2017 21:18:48 -0800 (PST) In-Reply-To: <151046377334.30804.5873766900092971520@ietfa.amsl.com> References: <151046377334.30804.5873766900092971520@ietfa.amsl.com> From: Kathleen Moriarty Date: Sun, 12 Nov 2017 00:18:48 -0500 Message-ID: To: Barry Leiba , "iesg@ietf.org" Cc: "secdir@ietf.org" , draft-ietf-tcpinc-tcpcrypt.all@ietf.org, tcpinc@ietf.org, IETF Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [secdir] [tcpinc] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 05:19:31 -0000 Barry, Thank you for your review. Kathleen On Sun, Nov 12, 2017 at 12:16 AM, Barry Leiba wro= te: > Reviewer: Barry Leiba > Review result: Has Issues > > I=E2=80=99ve looked at Stephen Kent=E2=80=99s review and the discussion t= hereof, and have > little to add to that. A couple of small things: > > 1. Section 3 says that the subsections =E2=80=9Cdescribes the tcpcrypt pr= otocol at an > abstract level.=E2=80=9D There is no sense in which this description is = abstract, and > I=E2=80=99d prefer that we not try to say it is, because that gives a rea= der an > expectation that it will be high-level, and perhaps even non-normative. = Maybe > this?: > > NEW > This section provides details of the operation of the tcpcrypt protoco= l. > The wire format of all messages is specified in Section 4. > END > > 2. In Section 7 (IANA), you say: > > Tcpcrypt's TEP identifiers will need to be incorporated in IANA's > "TCP encryption protocol identifiers" registry under the > "Transmission Control Protocol (TCP) Parameters" registry > > I can find no such registry. Can you help me here, maybe give me a URL? > > Also, with respect to the new =E2=80=9Ctcpcrypt AEAD Algorithm" registry: > > Future assignments are to be made under the "RFC Required" policy > > Note that that policy allows for assignments to be made in any RFC stream= , > which includes the IRTF, the IAB, and the Independent Stream. Do you rea= lly > want people to be able to send documents to the Independent Stream Editor= , and > to have them published and make assignments with minimal review? > > You might consider whether =E2=80=9CIETF Review=E2=80=9D is more appropri= ate. That allows RFCs > of any type (Standards Track, Informational, Experimental, BCP), but requ= ires > that they be in the IETF stream and have a formal IETF last call. > > It will also help IANA if you make it clear what the valid range of value= s is > for the =E2=80=9CValue=E2=80=9D column. Is 0x0000 valid? Is 0xFFFF the = maximum? Explicitly > saying that values must be in the range 0x0001 to 0xFFFF inclusive will b= e > helpful. (I say this with particular note that you changed how the Value= field > is specified between -07 and -09, so this clearly has not even been clear= to > the spec developers.) > > _______________________________________________ > Tcpinc mailing list > Tcpinc@ietf.org > https://www.ietf.org/mailman/listinfo/tcpinc --=20 Best regards, Kathleen From nobody Sun Nov 12 00:40:57 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 719881241F3 for ; Sun, 12 Nov 2017 00:40:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7t-crFiGAZRX for ; Sun, 12 Nov 2017 00:40:54 -0800 (PST) Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 512D71204DA for ; Sun, 12 Nov 2017 00:40:54 -0800 (PST) Received: by mail-yw0-x22d.google.com with SMTP id p74so866352ywe.2 for ; Sun, 12 Nov 2017 00:40:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=qpK4w3OASHIn7HiHA03SLgK3stKoZJYSS755QW04EwM=; b=UvhXARQWWzbcFeRwUElpodqGsg61K6vAK1PoU0DMw3GG/xvDE73sTqgPcaK9/xKypk jZrVlfxXgO4Xu5N2m/KvgjZBYOO7Hrvg2LBw8mV2c54TlibUtevWEEgmratLKcR0OQsg 3pZ8kI3yVDHhEsgmouacFaYjyfV+aFuWKHnzu8ywmHqEQnSdbXhKlnyRfL+OtH413qp+ 9njZYDNR3eVK2IOhgr+G5mtVuY8jUJMKAUCmFwMzW5OaBELkZYEmwYW31EYZdd1lQA5v QRCgvQk/iHHlJYCYcVhYL4hzqrrexHtmSiDeCrhzMQs3DPSf8ikwKQhVXWyHZ4C9K/JA puBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=qpK4w3OASHIn7HiHA03SLgK3stKoZJYSS755QW04EwM=; b=Ykx5857/7XQGk6G0SNqqXIhIhkS32UrwGpKWt/tz7LwggDhgQX0G0sXDwDz6rur9L5 08bw99PumSwZsatUyzXPI3ys3daRK/lBVQ1NyUDAUiC6ilj5zsANksWXuDsuM6zzTGvK 0yaV150/VTdpSp1Iuxd+LAhth6FBCwnUxo0kuDX/mx3kiv2Mr1+83zPqsTeiewAdyHtZ aNCiWUot2jQ8QCiGsqEVmhc5IR3McwYhJy2KmyxjxYsugwcCd36D8KV7dyAphEQ31y6w w/JSgd7kp/c92yasfQt8kQDya4Lsfgn/Y6VsM4NKeoDLNR7bvut4ERkQ/J9tbzB9E2Lb E9Mw== X-Gm-Message-State: AJaThX5w6HeKq4uyINLRTvrmC4zlJpm2G8j08q7XhfKRzju5WOVDFIaz PkaCp13OVlE2e52KtCE4NMxrr7pb9I2K4HTHy7SXVI8J X-Google-Smtp-Source: AGs4zMbgPPRkBDRYX+GdPiF7EqSyDjrlW29cZ6YYwUd8LJDtA5CZmv3bvjHpc3IVehd1Jruxhz6Gs000nkYx8r9lqU4= X-Received: by 10.37.130.77 with SMTP id d13mr3349626ybn.397.1510476053297; Sun, 12 Nov 2017 00:40:53 -0800 (PST) MIME-Version: 1.0 Received: by 10.129.61.12 with HTTP; Sun, 12 Nov 2017 00:40:12 -0800 (PST) From: Eric Rescorla Date: Sun, 12 Nov 2017 08:40:12 +0000 Message-ID: To: secdir@ietf.org Content-Type: multipart/alternative; boundary="089e0828e4f8994b8d055dc51c11" Archived-At: Subject: [secdir] Secdir Lunch X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 08:40:55 -0000 --089e0828e4f8994b8d055dc51c11 Content-Type: text/plain; charset="UTF-8" The meeting will be in Hullet room during the Tuesday lunch break -Ekr --089e0828e4f8994b8d055dc51c11 Content-Type: text/html; charset="UTF-8"
The meeting will be in Hullet room during the Tuesday lunch break

-Ekr

--089e0828e4f8994b8d055dc51c11-- From nobody Sun Nov 12 17:52:40 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9E7212726E; Sun, 12 Nov 2017 17:52:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.7 X-Spam-Level: X-Spam-Status: No, score=-4.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=onevmw.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6YgdJ9CMQ8t; Sun, 12 Nov 2017 17:52:24 -0800 (PST) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0061.outbound.protection.outlook.com [104.47.36.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C448512783A; Sun, 12 Nov 2017 17:52:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=onevmw.onmicrosoft.com; s=selector1-vmware-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SkoRtFnsS+eogxviYEzTF2nD5rIIu3kOdAZa23VECzU=; b=nI6PrzE7TUX7dY6saoT2Iqj5q1QLWZQlXVdEznHFOckafbGBODteI3fT6ZoYttFTqev43bDP7iRJ9QlM7Q/KyBY5KFtE0WhgTjRR1dv4SdiUqs2FEckGH1q5gqd44FVFYRF/7QwHSZFlkk22RYkqtD7INuQ8MKXnmudvv+YtkKQ= Received: from MWHPR05MB3389.namprd05.prod.outlook.com (10.174.175.150) by MWHPR05MB3389.namprd05.prod.outlook.com (10.174.175.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.4; Mon, 13 Nov 2017 01:52:20 +0000 Received: from MWHPR05MB3389.namprd05.prod.outlook.com ([10.174.175.150]) by MWHPR05MB3389.namprd05.prod.outlook.com ([10.174.175.150]) with mapi id 15.20.0239.004; Mon, 13 Nov 2017 01:52:20 +0000 From: Sami Boutros To: Tero Kivinen , Stewart Bryant CC: "iesg@ietf.org" , "secdir@ietf.org" , "draft-ietf-pals-p2mp-pw.all@tools.ietf.org" , "mpls-chairs@ietf.org" , Kathleen Moriarty , "pals-chairs@tools.ietf.org" , "BRUNGARD, DEBORAH A" Thread-Topic: Secdir review of draft-ietf-pals-p2mp-pw-03 Thread-Index: AQHTHv2RwSx2c419Wkm9G4CfXOKYW6KX8EQAgAF4X4CABPgrgIAAwy4AgHJcAIA= Date: Mon, 13 Nov 2017 01:52:20 +0000 Message-ID: <46D8C61C-C09B-48EA-B3D7-43909B6FA508@vmware.com> References: <201708270627.v7R6RLjk004141@fireball.acr.fi> <201708280757.v7S7vZxH028695@fireball.acr.fi> <29b3a151-0a79-d2f0-c051-35396010e2c6@gmail.com> <201708312329.v7VNTQKV006617@fireball.acr.fi> In-Reply-To: <201708312329.v7VNTQKV006617@fireball.acr.fi> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [2001:67c:1232:144:ed1e:a2fb:69b1:a6af] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR05MB3389; 20:FJhgGXhG9wRpg83YE3rB6awuiHdfgqS5erLS+AC9LWw37iafoX9o8jo0mnYVilvHIK4HcxjSQDzpOjrjooixspdBXKmlj8qBwvz63I57aEoV/Y/+H06+mkujo3BQ7UudR1HXWMBl+QJz+vxgmi4ty5PuztLdTITUQaiORDpiE0U= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 8a1757f9-d63e-413c-5711-08d52a392d92 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603258); SRVR:MWHPR05MB3389; x-ms-traffictypediagnostic: MWHPR05MB3389: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231022)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(6041248)(20161123555025)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR05MB3389; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR05MB3389; x-forefront-prvs: 0490BBA1F0 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(199003)(189002)(24454002)(8676002)(6512007)(6246003)(81156014)(68736007)(33656002)(106356001)(105586002)(6436002)(6506006)(77096006)(229853002)(81166006)(53546010)(53936002)(230783001)(2906002)(82746002)(6486002)(39060400002)(101416001)(2950100002)(14454004)(2900100001)(102836003)(478600001)(7736002)(6116002)(97736004)(3280700002)(5660300001)(189998001)(110136005)(305945005)(93886005)(316002)(54906003)(50986999)(99286004)(36756003)(76176999)(25786009)(8936002)(54356999)(83716003)(3660700001)(86362001)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR05MB3389; H:MWHPR05MB3389.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: vmware.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=sboutros@vmware.com; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <1C23134D6BAD884FB3B8CCA28079A07F@namprd05.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: vmware.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8a1757f9-d63e-413c-5711-08d52a392d92 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2017 01:52:20.7610 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB3389 Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-pals-p2mp-pw-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 01:52:29 -0000 SSBwbGFuIHRvIHVwZGF0ZSB0aGUgc2VjdGlvbiB3aXRoIHRoZSBmb2xsb3dpbmc6DQoNCkluIGdl bmVyYWwgdGhlIHNlY3VyaXR5IG1lYXN1cmVzIGRlc2NyaWJlZCBpbiBbUkZDNDQ0N2Jpc10gYXJl DQogICBhZGVxdWF0ZSBmb3IgdGhpcyBwcm90b2NvbC4gSG93ZXZlciB0aGUgdXNlIG9mIE1ENSBh cyB0aGUgbWV0aG9kIG9mDQogICBzZWN1cmluZyBhbiBMRFAgY29udHJvbCBwbGFuZSBpcyBubyBs b25nZXIgY29uc2lkZXJlZCBhZGVxdWF0ZWx5DQogICBzZWN1cmUuIEltcGxlbWVudGF0aW9ucyBz aG91bGQgYmUgd3JpdHRlbiBpbiBzdWNoIGEgd2F5IHRoYXQgdGhleSBjYW4NCiAgIG1pZ3JhdGUg dG8gYSBtb3JlIHNlY3VyZSBjcnlwdG9ncmFwaGljIGhhc2ggZnVuY3Rpb24gd2hlbiB0aGUgbmV4 dA0KICAgYXV0aGVudGljYXRpb24gbWV0aG9kIHRvIGJlIHVzZWQgaW4gdGhlIExEUCBtaWdodCBu b3QgYmUgc2ltcGxlIGhhc2gNCiAgIGJhc2VkIGF1dGhlbnRpY2F0aW9uIGFsZ29yaXRobS4NCg0K DQpUaGFua3MsDQoNClNhbWkNCg0KDQoNCg0KT24gOC8zMS8xNywgNDoyOSBQTSwgIlRlcm8gS2l2 aW5lbiIgPGtpdmluZW5AaWtpLmZpPiB3cm90ZToNCg0KPlN0ZXdhcnQgQnJ5YW50IHdyaXRlczoN Cj4+IEhvdyBhYm91dCBpZiB3ZSBjaGFuZ2VkIHRoZSBzZWN1cml0eSB0ZXh0IHRvIHNvbWV0aGlu ZyBvZiB0aGUgZm9ybToNCj4+IA0KPj4gSW4gZ2VuZXJhbCB0aGUgc2VjdXJpdHkgbWVhc3VyZXMg ZGVzY3JpYmVkIGluIFtSRkM0NDQ3YmlzXSBhcmUNCj4+IGFkZXF1YXRlIGZvciB0aGlzIHByb3Rv Y29sLiBIb3dldmVyIHRoZSB1c2Ugb2YgTUQ1IGFzIHRoZSBtZXRob2Qgb2YNCj4+IHNlY3VyaW5n IGFuIExEUCBjb250cm9sIHBsYW5lIGlzIG5vIGxvbmdlciBjb25zaWRlcmVkIGFkZXF1YXRlbHkN Cj4+IHNlY3VyZS4gSW1wbGVtZW50YXRpb25zIHNob3VsZCBiZSB3cml0dGVuIGluIHN1Y2ggYSB3 YXkgdGhhdCB0aGV5DQo+PiBjYW4gbWlncmF0ZSB0byBhIG1vcmUgc2VjdXJlIGNyeXB0b2dyYXBo aWMgaGFzaCBmdW5jdGlvbiB3aGVuIHRoYXQNCj4+IGZ1bmN0aW9uIGlzIGFncmVlZCBhcyB0aGUg bmV3IGRlZmF1bHQgaGFzaCBmb3IgTERQLg0KPg0KPkxvb2tzIG1vc3RseSBnb29kLCBleGNlcHQg SSB3b3VsZCBzYXkgIi4uLiBjYW4gbWlncmF0ZSB0byBtb3JlIHNlY3VyZQ0KPmF1dGhlbnRpY2F0 aW9uIGFsZ29yaXRobSB3aGVuIC4uLiIsIGkuZS4sIHRoZSBuZXh0IGF1dGhlbnRpY2F0aW9uDQo+ bWV0aG9kIHRvIGJlIHVzZWQgaW4gdGhlIExEUCBtaWdodCBub3QgYmUgc2ltcGxlIGhhc2ggYmFz ZWQNCj5hdXRoZW50aWNhdGlvbiBhbGdvcml0aG0uIA0KPi0tIA0KPmtpdmluZW5AaWtpLmZpDQo= From nobody Sun Nov 12 19:59:34 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C07D21293FF; Sun, 12 Nov 2017 19:59:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58x1C7RwZ9ck; Sun, 12 Nov 2017 19:59:24 -0800 (PST) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D20B7129427; Sun, 12 Nov 2017 19:59:23 -0800 (PST) Received: by mail-lf0-x22d.google.com with SMTP id a2so16774152lfh.11; Sun, 12 Nov 2017 19:59:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=nOte95HlFVLDZeT/ERPpWyqP1+tnyCFmPOntrceGXXc=; b=LijmmCJWEkiSknYeEKCvFUyXSbmOd1SU8cO2vUC/nodC86rhmBfJoIazRdJ4vrNyW0 kgnKX7JVxeqelkn83Y2ePkQQ3Nbs9oZbj8GagDv1G9Apb6oxaU0G+lZymzYwUrrVon53 HGGV+dQM6NW5gk/cNmtZdrYq7uqnxA/Dl9Gnvxy3Lkgcs3bty57U+zlHEQMKGc2vjmwH bIUz8C7XkbiBQfAZ2pxfS+UkiWdIXHCGUmJm8k6jQ5O2d/DjDHqFwmM0BNYUF3kwJ/gn vMUQ19HHRAs46DAygnEloKsWU18D8uG4RM2zSXxfnZdW6wFNvd6RGJZgj3UzDyoVUXQ8 xPtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=nOte95HlFVLDZeT/ERPpWyqP1+tnyCFmPOntrceGXXc=; b=IR9yUw07sr9XWfAWiAcfgbbZis9uimXV3LyhwcH8sVXnnXq+EwZfKyOIOHinLIM+qX XjInk+uTv1mnYc5EKYViuTdbvxWpM+89N/8WfXn+Rvk09brPuEIKh62wNaOOfRszgdFm nLy9SyFaCUpsu3IwqPulg3hDr6T2yuRJMWTvuBRdE44fV6KOlPsgTGTBXISydIWmELxh 2xfxwZ3FsavXmehmdKbvCP/0dMtZTM9sWFnBZIHGr+3muTGk5Zhxh6VVsTp97Y6IOUpa FGvTvdhIKje2aKIKMf85a85gBBD4TPj5vekizIiFf+38WP6RUM2ju4BLHU9Tf6qxUWeh VKdg== X-Gm-Message-State: AJaThX7FryhA9kqlxlNaproOEQljSArdjGcxYm2NO/DWleUQOdicj5P3 2AQ8uz8MYL1b0SIm4BpD4Cftj15zE8hgbnaKvy8= X-Google-Smtp-Source: AGs4zMaaOz4jvheqG6SMRHkrOAUCanPiHxOpQteRQENfyWmOHu2LuForC2476CEf7KNQz4V60vWSuRo5+1JTv+e2rZ0= X-Received: by 10.25.80.87 with SMTP id z23mr2358692lfj.60.1510545562005; Sun, 12 Nov 2017 19:59:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.228.208 with HTTP; Sun, 12 Nov 2017 19:59:21 -0800 (PST) In-Reply-To: <150888532124.4802.13758793569414682089@ietfa.amsl.com> References: <150888532124.4802.13758793569414682089@ietfa.amsl.com> From: John Strassner Date: Sun, 12 Nov 2017 19:59:21 -0800 Message-ID: To: Daniel Franke , John Strassner Cc: secdir@ietf.org, "i2nsf@ietf.org" , draft-ietf-i2nsf-framework.all@ietf.org, ietf@ietf.org Content-Type: multipart/alternative; boundary="94eb2c1cb042a3f7ae055dd54b49" Archived-At: Subject: Re: [secdir] [I2nsf] Secdir telechat review of draft-ietf-i2nsf-framework-08 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 03:59:27 -0000 --94eb2c1cb042a3f7ae055dd54b49 Content-Type: text/plain; charset="UTF-8" Dear Daniel, thank you for performing this review. The following changes will be implemented in version 9 of this I-D, to be released on Monday 11/13. In particular, Change the last paragraph in section 4, from: The above threats may be mitigated by requiring the use of an AAA framework for all users to access the I2NSF environment. This could be further enhanced by requiring attestation to be used to detect changes to the I2NSF environment by authorized parties. to: The use of authentication, authorization, accounting, and audit mechanisms is recommended for all users and applications to access the I2NSF environment. This can be further enhanced by requiring attestation to be used to detect changes to the I2NSF environment by authorized parties. The characteristics of these procedures will define the level of assurance of the I2NSF environment. Change section 6.1 from: 6.1. Network Connecting I2NSF Users and the I2NSF Controller ... Upon successful authentication, a trusted connection between the user and the I2NSF Controller (or an endpoint designated by it) will be established. All traffic to and from the NSF environment ... to: 6.1. Network Connecting I2NSF Users and the I2NSF Controller ... Upon successful authentication, a trusted connection between the user and the I2NSF Controller (or an endpoint designated by it) will be established. This means that a direct, physical point-to-point connection, with physical access restricted according to access control, must be used. All traffic to and from the NSF environment... Change 6.2: from: 6.2. Network Connecting the I2NSF Controller and NSFs ... to: 6.2. Network Connecting the I2NSF Controller and NSFs ... Therefore, the transport mechanism used to carry the control messages and monitoring information should provide reliable message delivery. TCP is the obvious current choice, but others such as Multipath TCP (MPTCP) and the Stream Control Transmission Protocol (SCTP) would be applicable as well. Latency requirements for control message delivery must also be evaluated. ... I2NSF needs to rely on the use of standard I2NSF interfaces to properly verify peer identities (e.g., through an AAA framework). The implementations of identity management functions, as well as the AAA framework, are out of scope for I2NSF. to: ... Therefore, the transport mechanism used to carry management data and information must be secure. It does not have to be a reliable transport; rather, a transport-independent reliable messaging mechanism is required, where communication can be performed reliably (e.g., by establishing end-to-end communication sessions and by introducing explicit acknowledgement of messages into the communication flow). Latency requirements for control message delivery must also be evaluated. Note that monitoring does not require reliable transport. ... The network connection between the I2NSF Controller and NSFs will use the trusted connection mechanisms described in section 6.1. Following these mechanisms, the connections need to rely on the use of properly verified peer identities (e.g., through an AAA framework). The implementations of identity management functions, as well as the AAA framework, are out of scope for I2NSF. In addition, please see other changes to this thread (yesterday and this morning, local time Singapore) best regards, John On Tue, Oct 24, 2017 at 3:48 PM, Daniel Franke wrote: > Reviewer: Daniel Franke > Review result: Not Ready > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments > were written primarily for the benefit of the security area directors. > Document > editors and WG chairs should treat these comments just like any other last > call > comments. > > This document is too broad and too vague for any reasonable security > review to > be possible. It expresses a desire to define a framework which satisfies > certain requirements and use cases, but does not actually define anything > concrete. At its most specific, the document gives parametricity > constraints > that future definitions must satisfy, such as being agnostic to network > topology. This doesn't give me much to go on. > > The security considerations section is brief, calling out the need for > access > control and for protecting the confidentiality and integrity of data. > Again, > with so few specifics, there's not much more to be said. > > I do not think it is useful to anyone to publish this document as an RFC, > not > even an informational one. It is perfectly fine, when specifying an > intricate > suite of protocols, to have a separate document that gives a broad > architectural overview of them all without delving into the specifics > necessary > for implementation. RFC 4251, which outlines the SSH protocol, is a good > example of this. But, crucially, RFC 4251 was published simultaneously with > 4252-4256, which provided all those specifics. This document has nothing > similar as a companion; everything it describes is simply aspirational. I > do > not see any value in publishing an RFC full of unfulfilled aspirations. > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > -- regards, John --94eb2c1cb042a3f7ae055dd54b49 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear Daniel,

thank you for p= erforming this review. The following changes will be
implemented in vers= ion 9 of this I-D, to be released on Monday 11/13.
In particular,=


Change the last paragraph in s= ection 4,
from:
=C2=A0=C2=A0 The above threats may be m= itigated by requiring the use of an AAA
=C2=A0=C2=A0 framework for all u= sers to access the I2NSF environment. This could
=C2=A0=C2=A0 be further= enhanced by requiring attestation to be used to detect
=C2=A0=C2=A0 cha= nges to the I2NSF environment by authorized parties.

to:
=C2=A0=C2=A0 The use of authentication, authorization,= accounting, and audit
=C2=A0=C2=A0 mechanisms is recommended for all us= ers and applications to access
=C2=A0=C2=A0 the I2NSF environment. This = can be further enhanced by requiring
=C2=A0=C2=A0 attestation to be used= to detect changes to the I2NSF environment
=C2=A0=C2=A0 by authorized p= arties. The characteristics of these procedures will
=C2=A0=C2=A0 define= the level of assurance of the I2NSF environment.

<= div>Change section 6.1
from:
6.1.=C2=A0 Network Connect= ing I2NSF Users and the I2NSF Controller

=C2=A0=C2= =A0 ...
=C2=A0=C2=A0 Upon successful authentication, a trusted co= nnection between the
=C2=A0=C2=A0 user and the I2NSF Controller (or an e= ndpoint designated by it) will
=C2=A0=C2=A0 be established.=C2=A0 All tr= affic to and from the NSF environment ...

to:
6.1. Network Connecting I2NSF Users and the I2NSF Controller
=C2= =A0
=C2=A0=C2=A0 ...=C2=A0
=C2=A0=C2=A0 Upon successful authenticatio= n, a trusted connection between the
=C2=A0=C2=A0 user and the I2NSF Cont= roller (or an endpoint designated by it) will
=C2=A0=C2=A0 be establishe= d. This means that a direct, physical point-to-point
=C2=A0=C2=A0 connec= tion, with physical access restricted according to access
=C2=A0=C2=A0 c= ontrol, must be used. All traffic to and from the NSF environment...

Change 6.2:
from:
6.2.=C2=A0 Net= work Connecting the I2NSF Controller and NSFs
=C2=A0=C2=A0 ...

to:
6.2.=C2=A0 Network Connecting the = I2NSF Controller and NSFs
=C2=A0
=C2=A0=C2=A0 ...
=C2= =A0=C2=A0 Therefore, the transport mechanism used to carry the control mess= ages
=C2=A0=C2=A0 and monitoring information should provide reliable mes= sage delivery.
=C2=A0=C2=A0 TCP is the obvious current choice, but other= s such as Multipath TCP
=C2=A0=C2=A0=C2=A0(MPTCP) and the Stream Contro= l Transmission Protocol (SCTP) would
=C2=A0=C2=A0=C2=A0be applicable as= well.=C2=A0 Latency requirements for control message delivery
=C2=A0=C2= =A0 must also be evaluated.
=C2=A0=C2=A0 ...
=C2=A0=C2= =A0 I2NSF needs to rely on the use of standard I2NSF interfaces to
=C2= =A0=C2=A0 properly verify peer identities (e.g., through an AAA framework).=
=C2=A0=C2=A0 The implementations of identity management functions, as w= ell as
=C2=A0=C2=A0 the AAA framework, are out of scope for I2NSF.
= =C2=A0
to:
=C2=A0=C2=A0 ...
=C2=A0=C2=A0= Therefore, the transport mechanism used to carry management data and
= =C2=A0=C2=A0 information must be secure. It does not have to be a reliable<= br>=C2=A0=C2=A0 transport; rather, a transport-independent reliable messagi= ng
=C2=A0=C2=A0 mechanism is required, where communication can be perfor= med reliably
=C2=A0=C2=A0 (e.g., by establishing end-to-end communicatio= n sessions and by
=C2=A0=C2=A0 introducing explicit acknowledgement of m= essages into the
=C2=A0=C2=A0 communication flow). Latency requirements = for control message
=C2=A0=C2=A0 delivery must also be evaluated. Note t= hat monitoring does not
=C2=A0=C2=A0 require reliable transport.
=C2=A0=C2=A0 ...
=C2=A0=C2=A0 The network connection between t= he I2NSF Controller and NSFs will
=C2=A0=C2=A0 use the trusted connectio= n mechanisms described in section 6.1.
=C2=A0=C2=A0 Following these mech= anisms, the connections need to rely on the use
=C2=A0=C2=A0 of properl= y verified peer identities (e.g., through an AAA
=C2=A0=C2=A0 framework)= .=C2=A0The implementations of identity management functions, as
=C2=A0= =C2=A0 well as the AAA framework, are out of scope for I2NSF.

In addition, please see other changes to this thread = (yesterday and this
morning, local time Singapore)
=
best regards,
John

On Tue, Oct 24, 2017 at 3:48 PM, Dani= el Franke <dafranke@akamai.com> wrote:
Reviewer: Daniel Franke
Review result: Not Ready

I have reviewed this document as part of the security directorate's ong= oing
effort to review all IETF documents being processed by the IESG. These comm= ents
were written primarily for the benefit of the security area directors. Docu= ment
editors and WG chairs should treat these comments just like any other last = call
comments.

This document is too broad and too vague for any reasonable security review= to
be possible. It expresses a desire to define a framework which satisfies certain requirements and use cases, but does not actually define anything concrete. At its most specific, the document gives parametricity constraint= s
that future definitions must satisfy, such as being agnostic to network
topology. This doesn't give me much to go on.

The security considerations section is brief, calling out the need for acce= ss
control and for protecting the confidentiality and integrity of data. Again= ,
with so few specifics, there's not much more to be said.

I do not think it is useful to anyone to publish this document as an RFC, n= ot
even an informational one. It is perfectly fine, when specifying an intrica= te
suite of protocols, to have a separate document that gives a broad
architectural overview of them all without delving into the specifics neces= sary
for implementation. RFC 4251, which outlines the SSH protocol, is a good example of this. But, crucially, RFC 4251 was published simultaneously with=
4252-4256, which provided all those specifics. This document has nothing similar as a companion; everything it describes is simply aspirational. I d= o
not see any value in publishing an RFC full of unfulfilled aspirations.

_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf



--
regards,
John
--94eb2c1cb042a3f7ae055dd54b49-- From nobody Sun Nov 12 23:35:39 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B813128D19; Sun, 12 Nov 2017 23:35:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ly-0X_RgYC8V; Sun, 12 Nov 2017 23:35:35 -0800 (PST) Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0104.outbound.protection.outlook.com [23.103.200.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C2E112008A; Sun, 12 Nov 2017 23:35:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/MyHatIrUW/+ds8l4lK91BQN6Ijs6f/duMdS6uYLaEk=; b=jqyr54OGW1UJyj8vhCRvkNJZvhz0jCsXwkUDxMw/ImOiC+KcmhdqVe8AMxnMItuTUr2FPL8l4vzM7f1kC88G+w5axIwnp4r6fTZH3jt774JEm+DsQTjLE+M89PyaY0pcfRET+YCOgM8ir+pekHPAZnrgYO1V043S3Wo/13pbG5Y= Received: from DM2PR09MB0559.namprd09.prod.outlook.com (10.161.252.17) by DM2PR09MB0558.namprd09.prod.outlook.com (10.161.252.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Mon, 13 Nov 2017 07:35:29 +0000 Received: from DM2PR09MB0559.namprd09.prod.outlook.com ([fe80::6da1:a841:ddf4:3981]) by DM2PR09MB0559.namprd09.prod.outlook.com ([fe80::6da1:a841:ddf4:3981%17]) with mapi id 15.20.0218.011; Mon, 13 Nov 2017 07:35:29 +0000 From: "Polk, Tim (Fed)" To: The IESG , IETF Security Directorate , "draft-ietf-kitten-rfc5653bis.all@ietf.org" Thread-Topic: SecDir review for draft-ietf-kitten-rfc5653bis-05 Thread-Index: AQHTXE0xl6pG5DKi30SfB1PCDVpoHA== Date: Mon, 13 Nov 2017 07:35:29 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=william.polk@nist.gov; x-originating-ip: [2001:67c:370:128:19a4:a67a:5007:42b4] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM2PR09MB0558; 6:M4i9so8dFwjJxnRVQqgGNZ0uvjSt2fDDLoiU4c0ntX3SLYMNLDjJzL7NfAiMActxd3ScO6nXoDX7176rw5Zfgv2xZkezQw3x2jawa7xdeoZh0iiDQXo+t2VKRo0s3TF98JOXkFMsytAe5ka9oumQQfmFFPqSF7c5W8BsOLwWPEVd6+eK46ipzXVdjiSUx/8mL2S1H2M6rv9HP0+pQ2uaa9kbKmJSreoH/6vqzdZBinB0U+0eyUiuMDgHFCS6YY2MUAIChvh2MM3AXlHIr5HeBoCVkuIa8K3ZPYD2mO8/c8zc/g3LydgOer26IpiTR3nvQ/wNiPILh9rQGnYX3OYh9NNE6i6Gvr8zal1EOL4gf6U=; 5:GEqWTXamn1K2aGP0BZJhl0dRCvonLczOXeXdftVIhUa5rGco+8jL4IR67Ga+4ufuQjBzOayDA3urHkDGb/OkAXCIMQ2ldjpJ4wD/qNtNCRdWRicFwzLvUKr6Yx+fdZpuT5Z52IJvI2Cpl0V+iTjvgKbRK1Ux7NO2NgDg3vFQu+U=; 24:in9oBMULlPxVhlvBGQOweMdlu3EFXbv4TcgB+rQAjncFKQSGThkiqL5pPe9t3ejHD+6iQ7deJFr8/bhEF6yhl9KYTK/2KAtUh0IgIslzgXE=; 7:oKKApkge89X3chMDIyYR7mh2FFbiNrO7C284ZyHDZLoBYaoSvxCsvW00wP3lcmGyp6wXTsh08zKLeGGUnIijv1j3jYNvkQFgZToTiiZQoEXXsSTYPho+Yr36EwL2pDy0JuuevOfBwGRFVvhQ23f5eeOHtw54HKi+EqxFtENCRlvgyXfJA7rOZfjzhIIjTrGnM+51dMFyb86exKNgA6a7EppiVQeki6q/WqOr8sybrJO7mGa9ofKppNkt2b8SAMbg x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 49a1e865-bd7d-47c0-0768-08d52a691d64 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:DM2PR09MB0558; x-ms-traffictypediagnostic: DM2PR09MB0558: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(278428928389397)(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231022)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR09MB0558; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR09MB0558; x-forefront-prvs: 0490BBA1F0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(346002)(376002)(189002)(199003)(99286004)(3280700002)(3660700001)(54896002)(68736007)(101416001)(2501003)(86362001)(55016002)(2906002)(102836003)(6116002)(14454004)(6436002)(7736002)(6506006)(6606003)(7696004)(33656002)(478600001)(105586002)(106356001)(110136005)(53936002)(189998001)(97736004)(19627405001)(9686003)(8936002)(54356999)(50986999)(450100002)(81166006)(5250100002)(2900100001)(81156014)(8676002)(53336002)(74316002)(5660300001)(230783001)(316002)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0558; H:DM2PR09MB0559.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_DM2PR09MB0559AC9F6055FE230F22099BE72B0DM2PR09MB0559namp_" MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 49a1e865-bd7d-47c0-0768-08d52a691d64 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2017 07:35:29.4726 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0558 Archived-At: Subject: [secdir] SecDir review for draft-ietf-kitten-rfc5653bis-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 07:35:37 -0000 --_000_DM2PR09MB0559AC9F6055FE230F22099BE72B0DM2PR09MB0559namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready. This document is a straightforward update of RFC 5653: 1. The draft modifies GSSException to support an embedded error token; as specified in RFC 5653 a JGSS application throwing a GSSException could not return an error token, a functional shortcoming in comparison with the C bindings of GSS-API (see RFC 2744). The embedded error token corrects this shortcoming. The document describes a compatibility strategy for new JGSS programs that run with both RFC5653 and RFC5653bis Java bindings. 2. The draft removes stream-based GSSContext methods. These methods cannot be implemented correctly where tokens have no self-framing or the library has no knowledge of the token format. The document states that applications using input and output streams as the means to convey authentication and per-message GSS-API tokens should also define the wire protocol. The reviewer infers that new applications using this design strategy should be compatible with RFC5653 bindings, but that is not explicitly stated. --_000_DM2PR09MB0559AC9F6055FE230F22099BE72B0DM2PR09MB0559namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable 

I have reviewed this document as part of the security d=
irectorate's =0A=
ongoing effort to review all IETF documents being processed by the =0A=
IESG.  These comments were written primarily for the benefit of the =0A=
security area directors.  Document editors and WG chairs should treat =0A=
these comments just like any other last call comments.=0A=
=0A=
The summary of the review is Ready.

This document is a straightforwa=
rd update of RFC 5653:

1. The draft modifies GSSException to su=
pport an embedded error token; as 
specified in RFC 5653 a JGSS applicat=
ion throwing a GSSException could 
not return an error token, a function=
al shortcoming in comparison with 
the C bindings of GSS-API (see RFC 27=
44). The embedded error token
corrects this shortcoming. The document de=
scribes a compatibility strategy 
for new JGSS programs that run with bo=
th RFC5653 and RFC5653bis Java 
bindings. 
2. The dra=
ft removes stream-based GSSContext methods.  These methods 
cannot be im=
plemented correctly where tokens have no self-framing or the 
library ha=
s no knowledge of the token format.  The document states that
applicatio=
ns using input and output streams as the means to convey 
authentication=
 and per-message GSS-API tokens should also define the wire
protocol.  T=
he reviewer infers that new applications using this design
strategy shou=
ld be compatible with RFC5653 bindings, but that is not 
explicitly stat=
ed.



--_000_DM2PR09MB0559AC9F6055FE230F22099BE72B0DM2PR09MB0559namp_-- From nobody Tue Nov 14 22:16:49 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5117012945C; Tue, 14 Nov 2017 22:16:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.845 X-Spam-Level: ** X-Spam-Status: No, score=2.845 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q8zBMAozlnv6; Tue, 14 Nov 2017 22:16:46 -0800 (PST) Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9CB0129477; Tue, 14 Nov 2017 22:16:17 -0800 (PST) X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=31.133.139.117; From: "Susan Hares" To: Cc: , "'Alexander Clemm'" Date: Wed, 15 Nov 2017 01:16:11 -0500 Message-ID: <006e01d35dd9$3e334470$ba99cd50$@ndzh.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_006F_01D35DAF.555F3840" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AdNd2CBIvkIE38tbR0q3d7L4iAvUFg== Content-Language: en-us X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [secdir] Security review of draft-ietf-i2rs-yang-l3-topology-03.txt X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 06:16:47 -0000 This is a multipart message in MIME format. ------=_NextPart_000_006F_01D35DAF.555F3840 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hilary: Your secdir-review was done on draft-ietf-i2rs-yang-l3-topology-08 back in January. The WG and authors have been slow to respond to your careful comments. The I2RS WG appreciates your comments. The illustrative example in this draft have been reduced to OSPF. Would review the improved security considerations in this draft (draft-ietf-i2rs-yang-l3-topology-12.txt)? The security considerations sections were added in -11.txt. This shepherd believes we have resolved the security issues you raised. Please let me know if you agree. Susan Hares I2rs document shepherd ------=_NextPart_000_006F_01D35DAF.555F3840 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hilary: =

 

Your secdir-review was done on = draft-ietf-i2rs-yang-l3-topology-08 back in January.   The WG = and authors have been slow to respond to your careful comments. =  The I2RS WG appreciates your comments.

 

The = illustrative example in this draft have been reduced to OSPF.  =  Would review the improved security considerations in this draft = (draft-ietf-i2rs-yang-l3-topology-12.txt)?  The security = considerations sections were added in -11.txt.   =

 

This shepherd believes we have resolved the security = issues you raised.  Please let me know if you agree. =

 

Susan Hares

I2rs = document shepherd

------=_NextPart_000_006F_01D35DAF.555F3840-- From nobody Wed Nov 15 23:12:17 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E73D31293E0; Wed, 15 Nov 2017 23:12:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.01 X-Spam-Level: X-Spam-Status: No, score=-3.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XGdYEoE39FN4; Wed, 15 Nov 2017 23:12:14 -0800 (PST) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0101.outbound.protection.outlook.com [104.47.36.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E98812421A; Wed, 15 Nov 2017 23:12:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=a9IHInR90xPJyQlC/GvZnd8oex531eHD4DA0KcnbTa4=; b=JSyPPtd/m3cz/fDlsKm8BfZWNxOAbr5UcaPtZdgTyL1U+F3HLjU6nCU/hzKkXSsVK0+0+BmUOSqvuk/bRB8KD6wqp6J97ecyBHfRU6o3B19QG0JCBW0G4QKyUzlsv+t4tcHdTK6sXZmYOhh/Q2g4YCTpurqtzKXq1s5PIeSBO7M= Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0695.namprd21.prod.outlook.com (10.175.121.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.0; Thu, 16 Nov 2017 07:12:08 +0000 Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.20.0260.001; Thu, 16 Nov 2017 07:12:08 +0000 From: Mike Jones To: Donald Eastlake , "iesg@ietf.org" , "draft-ietf-oauth-discovery@ietf.org" CC: "secdir@ietf.org" Thread-Topic: SECDIR review of draft-ietf-oauth-discovery-07 Thread-Index: AQHTTTl4CbwmVHpMG0aiqTfcAGLFYqL4KzHggB6OiDA= Date: Thu, 16 Nov 2017 07:12:08 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [31.133.132.12] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR21MB0695; 6:x9hdATXWBV4urz2TpoE9ZVVK4D8kNTiYeAKMx7PEQ4yPtGmgnsGs5TmzDv+auA5GMUuAHqOauPpRy5eXU6RAEGNX6qzx/4m4dA116G2Mi2P6DS+rBshduL/2M0UMcjeHckg5vpJq4gKmioN7k62KJTh1y1QXiwSO/34v+6aM1rsBAdQOtqJV8C6S8ZbRRQPauuG5UG6alOHZuRUF0Ueg+q91wHIduMZTbZ9WrQDeUqqVdLHtI1TWck2S6rup/w/iJ/QcmSdbpL7HyVEjyTh5+pz8hiSLdVkDaG/J8GxuW+ii064Ka7s+zsMh45y/uUvao4KbOr4iqFsL2btt591LNRJoUIKLtpNYbq3W+3gVSjs=; 5:K5lsB4bfYQandTirXQ11oJigYpnDxicMjL1qQXAhuxqwqCZWSJ9nJC3Y8F1kzSpt+w1t4bzbR0wdjSIFzBmg5jar1ZVKfewZnM03lXdS629mAHLvSV989xUx4X360ldAPgxwN8M6qAGRCG4fRKxYn07pkyvvnI/MUdWYal3VRzg=; 24:U50hKLF+oG1yMfsIpvOuf9DmmjrJ1oC8gm0c0s3Z2lRNMushrcynPtImfllhs5i8NbSDGf6RLawR/WPdapVbUkJXa/QLPs21ttRfrLIztpw=; 7:JbSC+DRiy+5Ba0I1Pnjuj+ywvv2a3rea2gdjF/ymO3F7RnRHWiQ4HmH/BWdCgzJuZb4lQE4mpFz9zwBNLjDhFIgxou/l5xKpSYogJ4/2FxtWe8h0fNirCaIwaJ+MrIJnA1WT83QAARH0e6KuUDjeRoinDJ9H93ANwuag9oMCG+ELtxspIovqKp7vGTKgKPx0ZT4/XUo7xhPl3C2GNib8d3EcCxldix//LY8dKreDq4r5IPjXAkcs5xl8laFD7pnC x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: deb815ef-1056-456e-6a42-08d52cc1598b x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:CY4PR21MB0695; x-ms-traffictypediagnostic: CY4PR21MB0695: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(35073007944872)(227612066756510)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(3231022)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123564025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0695; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0695; x-forefront-prvs: 0493852DA9 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(47760400005)(30594003)(43784003)(189002)(199003)(8990500004)(2201001)(77096006)(9326002)(55016002)(6506006)(10290500003)(2906002)(8936002)(39060400002)(189998001)(4326008)(53936002)(6436002)(50986999)(2501003)(54896002)(6306002)(9686003)(14454004)(6246003)(8676002)(230783001)(236005)(66066001)(72206003)(478600001)(76176999)(2950100002)(81156014)(33656002)(54356999)(74316002)(229853002)(5660300001)(68736007)(81166006)(7736002)(7696004)(101416001)(110136005)(3846002)(53546010)(106356001)(105586002)(2900100001)(22452003)(19609705001)(790700001)(86362001)(6116002)(102836003)(3660700001)(316002)(99286004)(10090500001)(3280700002)(25786009)(86612001)(97736004); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0695; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_CY4PR21MB050461E31BC37C6F2D333583F52E0CY4PR21MB0504namp_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: deb815ef-1056-456e-6a42-08d52cc1598b X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 07:12:08.4631 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0695 Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf-oauth-discovery-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2017 07:12:17 -0000 --_000_CY4PR21MB050461E31BC37C6F2D333583F52E0CY4PR21MB0504namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRG9uYWxkLA0KDQpEcmFmdCAtMDggdXBkYXRlcyB0aGUgUkZDIDUyMjYgcmVmZXJlbmNlIHRv IFJGQyA4MTI2Lg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgVGhhbmtzIGFnYWluLA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIC0tIE1pa2UNCg0KRnJvbTogTWlrZSBKb25lcyBbbWFp bHRvOk1pY2hhZWwuSm9uZXNAbWljcm9zb2Z0LmNvbV0NClNlbnQ6IFNhdHVyZGF5LCBPY3RvYmVy IDI4LCAyMDE3IDQ6MzQgQU0NClRvOiBEb25hbGQgRWFzdGxha2UgPGQzZTNlM0BnbWFpbC5jb20+ OyBpZXNnQGlldGYub3JnOyBkcmFmdC1pZXRmLW9hdXRoLWRpc2NvdmVyeUBpZXRmLm9yZw0KQ2M6 IHNlY2RpckBpZXRmLm9yZw0KU3ViamVjdDogUkU6IFNFQ0RJUiByZXZpZXcgb2YgZHJhZnQtaWV0 Zi1vYXV0aC1kaXNjb3ZlcnktMDcNCg0KVGhhbmtzLCBEb25hbGQuICBJ4oCZbGwgZG8gdGhlIHVw ZGF0ZSB0byA4MTI2IGluIHRoZSBuZXh0IGRyYWZ0Lg0KDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLS0gTWlrZQ0KDQpGcm9t OiBEb25hbGQgRWFzdGxha2UgW21haWx0bzpkM2UzZTNAZ21haWwuY29tXQ0KU2VudDogVHVlc2Rh eSwgT2N0b2JlciAyNCwgMjAxNyA3OjMyIFBNDQpUbzogaWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVz Z0BpZXRmLm9yZz47IGRyYWZ0LWlldGYtb2F1dGgtZGlzY292ZXJ5QGlldGYub3JnPG1haWx0bzpk cmFmdC1pZXRmLW9hdXRoLWRpc2NvdmVyeUBpZXRmLm9yZz4NCkNjOiBzZWNkaXJAaWV0Zi5vcmc8 bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NClN1YmplY3Q6IFNFQ0RJUiByZXZpZXcgb2YgZHJhZnQt aWV0Zi1vYXV0aC1kaXNjb3ZlcnktMDcNCg0KSSBoYXZlIHJldmlld2VkIHRoaXMgZG9jdW1lbnQg YXMgcGFydCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3JhdGUncyBvbmdvaW5nIGVmZm9ydCB0byBy ZXZpZXcgYWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUgSUVTRy4gIERv Y3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBzaG91bGQgdHJlYXQgdGhlc2UgY29tbWVudHMg anVzdCBsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuDQoNClRoZSBzdW1tYXJ5IG9m IHRoZSByZXZpZXcgaXMgZHJhZnQgaXMgcmVhZHkgd2l0aCBvbmUgbml0Lg0KDQpUaGlzIGRyYWZ0 IGRlZmluZXMgYSBtZXRhZGF0YSBmb3JtYXQgdGhhdCBhbiBPQXV0aCAyLjAgY2xpZW50IGNhbiB1 c2UgdG8gb2J0YWluIHRoZSBpbmZvcm1hdGlvbiBuZWVkZWQgdG8gaW50ZXJhY3Qgd2l0aCBhbiBP QXV0aCAyLjAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIGluY2x1ZGluZyBpdHMgZW5kcG9pbnQgbG9j YXRpb25zIGFuZCBhdXRob3JpemF0aW9uIHNlcnZlciBjYXBhYmlsaXRpZXMuDQoNCldoaWxlIEkg YW0gbm90IGRlZXBseSBmYW1pbGlhciB3aXRoIHRoaXMgYXJlYSBvZiBzZWN1cml0eSB0ZWNobm9s b2d5LCB0aGUgZXh0ZW5zaXZlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24gc2VlbXMg dGhvcm91Z2ggYW5kIGNvcnJlY3QgYXMgZmFyIGFzIEkgY2FuIHNlZS4NCg0KTml0OiBUaGUgcmVm ZXJlbmNlIHRvIFJGQyA1MjI2IHNob3VsZCBwcm9iYWJseSBiZSB1cGRhdGVkIHRvIFJGQyA4MTI2 DQoNClRoYW5rcywNCkRvbmFsZA0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KIERv bmFsZCBFLiBFYXN0bGFrZSAzcmQgICArMS01MDgtMzMzLTIyNzA8dGVsOig1MDgpJTIwMzMzLTIy NzA+IChjZWxsKQ0KIDE1NSBCZWF2ZXIgU3RyZWV0LCBNaWxmb3JkLCBNQSAwMTc1NyBVU0ENCiBk M2UzZTNAZ21haWwuY29tPG1haWx0bzpkM2UzZTNAZ21haWwuY29tPg0K --_000_CY4PR21MB050461E31BC37C6F2D333583F52E0CY4PR21MB0504namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21z by1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm Ow0KCWNvbG9yOiMwMDIwNjA7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjANCgl7bXNvLXN0eWxlLXR5cGU6 cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29s b3I6IzAwMjA2MDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25s eTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWlu IDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0 aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5 XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4N CjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlv dXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286 c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1V UyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEi Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPkhpIERv bmFsZCw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iY29sb3I6IzAwMjA2MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPkRyYWZ0IC0wOCB1cGRh dGVzIHRoZSBSRkMgNTIyNiByZWZlcmVuY2UgdG8gUkZDIDgxMjYuPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJjb2xvcjojMDAyMDYwIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsgVGhhbmtzIGFnYWluLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgLS0gTWlrZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxhIG5hbWU9Il9NYWlsRW5kQ29tcG9zZSI+PHNwYW4gc3R5bGU9ImNvbG9yOiMw MDIwNjAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvYT48L3A+DQo8c3BhbiBzdHlsZT0ibXNv LWJvb2ttYXJrOl9NYWlsRW5kQ29tcG9zZSI+PC9zcGFuPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJv cmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBp biAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206PC9iPiBNaWtlIEpvbmVz IFttYWlsdG86TWljaGFlbC5Kb25lc0BtaWNyb3NvZnQuY29tXQ0KPGJyPg0KPGI+U2VudDo8L2I+ IFNhdHVyZGF5LCBPY3RvYmVyIDI4LCAyMDE3IDQ6MzQgQU08YnI+DQo8Yj5Ubzo8L2I+IERvbmFs ZCBFYXN0bGFrZSAmbHQ7ZDNlM2UzQGdtYWlsLmNvbSZndDs7IGllc2dAaWV0Zi5vcmc7IGRyYWZ0 LWlldGYtb2F1dGgtZGlzY292ZXJ5QGlldGYub3JnPGJyPg0KPGI+Q2M6PC9iPiBzZWNkaXJAaWV0 Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUkU6IFNFQ0RJUiByZXZpZXcgb2YgZHJhZnQtaWV0 Zi1vYXV0aC1kaXNjb3ZlcnktMDc8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDAyMDYwIj5UaGFua3MsIERvbmFsZC4mbmJzcDsgSeKA mWxsIGRvIHRoZSB1cGRhdGUgdG8gODEyNiBpbiB0aGUgbmV4dCBkcmFmdC48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzAwMjA2 MCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyAtLSBNaWtlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImNvbG9yOiMwMDIwNjAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206PC9iPiBEb25hbGQgRWFzdGxha2UgWzxhIGhy ZWY9Im1haWx0bzpkM2UzZTNAZ21haWwuY29tIj5tYWlsdG86ZDNlM2UzQGdtYWlsLmNvbTwvYT5d DQo8YnI+DQo8Yj5TZW50OjwvYj4gVHVlc2RheSwgT2N0b2JlciAyNCwgMjAxNyA3OjMyIFBNPGJy Pg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyI+aWVzZ0BpZXRmLm9y ZzwvYT47IDxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLW9hdXRoLWRpc2NvdmVyeUBpZXRmLm9y ZyI+DQpkcmFmdC1pZXRmLW9hdXRoLWRpc2NvdmVyeUBpZXRmLm9yZzwvYT48YnI+DQo8Yj5DYzo8 L2I+IDxhIGhyZWY9Im1haWx0bzpzZWNkaXJAaWV0Zi5vcmciPnNlY2RpckBpZXRmLm9yZzwvYT48 YnI+DQo8Yj5TdWJqZWN0OjwvYj4gU0VDRElSIHJldmlldyBvZiBkcmFmdC1pZXRmLW9hdXRoLWRp c2NvdmVyeS0wNzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgaGF2ZSBy ZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRl J3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9j ZXNzZWQgYnkgdGhlIElFU0cuJm5ic3A7IERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBz aG91bGQgdHJlYXQgdGhlc2UgY29tbWVudHMganVzdCBsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwg Y29tbWVudHMuJm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPlRoZSBzdW1tYXJ5IG9mIHRoZSByZXZpZXcgaXMgZHJhZnQgaXMgcmVhZHkg d2l0aCBvbmUgbml0LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5UaGlzIGRyYWZ0IGRlZmluZXMgYSBtZXRhZGF0YSBmb3JtYXQgdGhhdCBhbiBP QXV0aCAyLjAgY2xpZW50IGNhbiB1c2UgdG8gb2J0YWluIHRoZSBpbmZvcm1hdGlvbiBuZWVkZWQg dG8gaW50ZXJhY3Qgd2l0aCBhbiBPQXV0aCAyLjAgYXV0aG9yaXphdGlvbiBzZXJ2ZXIsIGluY2x1 ZGluZyBpdHMgZW5kcG9pbnQgbG9jYXRpb25zIGFuZCBhdXRob3JpemF0aW9uIHNlcnZlciBjYXBh YmlsaXRpZXMuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPldoaWxlIEkgYW0gbm90IGRlZXBseSBmYW1pbGlhciB3aXRoIHRoaXMgYXJlYSBvZiBz ZWN1cml0eSB0ZWNobm9sb2d5LCB0aGUgZXh0ZW5zaXZlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25z IHNlY3Rpb24gc2VlbXMgdGhvcm91Z2ggYW5kIGNvcnJlY3QgYXMgZmFyIGFzIEkgY2FuIHNlZS48 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Tml0 OiBUaGUgcmVmZXJlbmNlIHRvIFJGQyA1MjI2IHNob3VsZCBwcm9iYWJseSBiZSB1cGRhdGVkIHRv IFJGQyA4MTI2PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5UaGFua3MsPGJyPg0KRG9uYWxkPGJyPg0KPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PTxicj4NCiZuYnNwO0RvbmFsZCBFLiBFYXN0bGFrZSAzcmQgJm5ic3A7IDxh IGhyZWY9InRlbDooNTA4KSUyMDMzMy0yMjcwIiB0YXJnZXQ9Il9ibGFuayI+JiM0MzsxLTUwOC0z MzMtMjI3MDwvYT4gKGNlbGwpPGJyPg0KJm5ic3A7MTU1IEJlYXZlciBTdHJlZXQsIE1pbGZvcmQs IE1BIDAxNzU3IFVTQTxicj4NCiZuYnNwOzxhIGhyZWY9Im1haWx0bzpkM2UzZTNAZ21haWwuY29t IiB0YXJnZXQ9Il9ibGFuayI+ZDNlM2UzQGdtYWlsLmNvbTwvYT48bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_CY4PR21MB050461E31BC37C6F2D333583F52E0CY4PR21MB0504namp_-- From nobody Fri Nov 17 00:14:05 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F5E8128C84; Fri, 17 Nov 2017 00:13:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fr7pyPV49Q12; Fri, 17 Nov 2017 00:13:56 -0800 (PST) Received: from market.scs.stanford.edu (www.scs.stanford.edu [IPv6:2001:470:806d:1::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFF96124319; Fri, 17 Nov 2017 00:13:55 -0800 (PST) Received: from market.scs.stanford.edu (localhost [127.0.0.1]) by market.scs.stanford.edu (8.15.2/8.15.2) with ESMTP id vAH8DtWH089661; Fri, 17 Nov 2017 00:13:55 -0800 (PST) Received: (from dbg@localhost) by market.scs.stanford.edu (8.15.2/8.15.2/Submit) id vAH8DslG052450; Fri, 17 Nov 2017 00:13:54 -0800 (PST) Date: Fri, 17 Nov 2017 00:13:54 -0800 From: Daniel B Giffin To: Barry Leiba Cc: secdir@ietf.org, draft-ietf-tcpinc-tcpcrypt.all@ietf.org, tcpinc@ietf.org, ietf@ietf.org Message-ID: <20171117081354.GC57159@scs.stanford.edu> References: <151046377334.30804.5873766900092971520@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <151046377334.30804.5873766900092971520@ietfa.amsl.com> Archived-At: Subject: Re: [secdir] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 08:13:57 -0000 Thanks for the review! Barry Leiba wrote: > Reviewer: Barry Leiba > Review result: Has Issues > > I’ve looked at Stephen Kent’s review and the discussion thereof, and have > little to add to that. A couple of small things: > > 1. Section 3 says that the subsections “describes the tcpcrypt protocol at an > abstract level.” There is no sense in which this description is abstract, and > I’d prefer that we not try to say it is, because that gives a reader an > expectation that it will be high-level, and perhaps even non-normative. Maybe > this?: > > NEW > This section provides details of the operation of the tcpcrypt protocol. > The wire format of all messages is specified in Section 4. > END Good point, thanks -- for the next draft I've gone with something very similar: This section describes the operation of the tcpcrypt protocol. The wire format of all messages is specified in Section 4. > 2. In Section 7 (IANA), you say: > > Tcpcrypt's TEP identifiers will need to be incorporated in IANA's > "TCP encryption protocol identifiers" registry under the > "Transmission Control Protocol (TCP) Parameters" registry > > I can find no such registry. Can you help me here, maybe give me a URL? Right, that registry is defined in TCP-ENO, which I understand would be published in tandem with this draft. Does that solve the problem, or ought we provide a reference to TCP-ENO here? For now, I've provided at least a hint by mentioning TCP-ENO at the beginning of that sentence: For use with TCP-ENO's negotiation mechanism, tcpcrypt's TEP identifiers will need to be incorporated in IANA's "TCP encryption protocol identifiers" registry under the "Transmission Control Protocol (TCP) Parameters" registry, as in Table 4 below. The [...] > Also, with respect to the new “tcpcrypt AEAD Algorithm" registry: > > Future assignments are to be made under the "RFC Required" policy > > Note that that policy allows for assignments to be made in any RFC stream, > which includes the IRTF, the IAB, and the Independent Stream. Do you really > want people to be able to send documents to the Independent Stream Editor, and > to have them published and make assignments with minimal review? > > You might consider whether “IETF Review” is more appropriate. That allows RFCs > of any type (Standards Track, Informational, Experimental, BCP), but requires > that they be in the IETF stream and have a formal IETF last call. Following the discussion about assignment policy in another thread, I've updated this to use the same policy as TCP-ENO. The paragraph on the "tcpcrypt AEAD Algorithm" registry now reads: In Section 4.1, this document defines "sym_cipher" specifiers in the range 0x0001 to 0xFFFF inclusive, for which IANA is to maintain a new "tcpcrypt AEAD Algorithm" registry under the "Transmission Control Protocol (TCP) Parameters" registry. The initial values for this registry are given in Table 5 below. The AEAD algorithms named there are defined in Section 6. Future assignments are to be made upon satisfying either of two policies defined in [RFC8126]: "IETF Review" or (for non-IETF stream specifications) "Expert Review with RFC Required." IANA will furthermore provide early allocation [RFC7120] to facilitate testing before RFCs are finalized. > It will also help IANA if you make it clear what the valid range of values is > for the “Value” column. Is 0x0000 valid? Is 0xFFFF the maximum? Explicitly > saying that values must be in the range 0x0001 to 0xFFFF inclusive will be > helpful. (I say this with particular note that you changed how the Value field > is specified between -07 and -09, so this clearly has not even been clear to > the spec developers.) Thanks, I've added that as you can see above. daniel From nobody Fri Nov 17 09:27:51 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 810F0128DE5; Fri, 17 Nov 2017 09:27:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.718 X-Spam-Level: X-Spam-Status: No, score=-1.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ob5WXW7-Cfri; Fri, 17 Nov 2017 09:27:46 -0800 (PST) Received: from mail-it0-f47.google.com (mail-it0-f47.google.com [209.85.214.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 567121242F5; Fri, 17 Nov 2017 09:27:46 -0800 (PST) Received: by mail-it0-f47.google.com with SMTP id y15so4900706ita.4; Fri, 17 Nov 2017 09:27:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QOPIMPnffGsZyG7CvyOrBTz8+m9ph1SLsr814Y3JxaE=; b=Oyhe4FUvsPYHt6bGYvDTnTxsrgoHNoAYl5F7g8+EiAVBcbM7kFwLMhENeVFVo+Ct88 X+9Xj8TS8a6hwlee+G341UZaxwluNzGY7Q4+kJ1s98coMKh9nSnNERZT+itDsyNP3qeU 2Nnnz0vH6otX2o0q58xdiyByCB4bWYd1rtSEdq5OsGk9MOcdmx4ibIzfDzeOX6CJJJky Duy9eXFNWmMMszt3yybyh9EpDInmDIR5+zw0uoed9DerUi0MWvlmtXSLLcpk/fw9PMZb 3fxSsx4j89ffAgvjgow/BqD8VCu8QjVaK+H4ebdXYQGaFpePl5jro9d2ujo1zpGFizAN 4qrA== X-Gm-Message-State: AJaThX4w1Mu8weDBL+bcz+YwQ3BsFbgSyy7oWy0xmdhiOkTjpSZ5Mk2U aB5oC5qB7/wnvtZim+p1bbl9xmjcnnFqjZVQ164= X-Google-Smtp-Source: AGs4zMaWrhVWQw99R0xVP7SzZXnGNCd6INipi9qJJRYZYBw0Tn8e8357k8fMqd0xSIXNaoQeTiKE36JhqO8UxcVeBXs= X-Received: by 10.36.164.75 with SMTP id v11mr8124121iti.33.1510939665335; Fri, 17 Nov 2017 09:27:45 -0800 (PST) MIME-Version: 1.0 References: <151046377334.30804.5873766900092971520@ietfa.amsl.com> <20171117081354.GC57159@scs.stanford.edu> In-Reply-To: <20171117081354.GC57159@scs.stanford.edu> From: Barry Leiba Date: Fri, 17 Nov 2017 17:27:33 +0000 Message-ID: To: Daniel B Giffin Cc: draft-ietf-tcpinc-tcpcrypt.all@ietf.org, ietf@ietf.org, secdir@ietf.org, tcpinc@ietf.org Content-Type: multipart/alternative; boundary="f403045fbba80788f8055e310ed0" Archived-At: Subject: Re: [secdir] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 17:27:49 -0000 --f403045fbba80788f8055e310ed0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable All responses perfect; thanks. I don=E2=80=99t think there=E2=80=99s a nee= d for a formal citation to TCP-ENO for the registry, as it won=E2=80=99t be needed once th= e registry is created. It=E2=80=99s only needed for review now, so people li= ke me don=E2=80=99t scratch our heads. Carry on... Barry On Fri, Nov 17, 2017 at 12:16 AM Daniel B Giffin wrote: > Thanks for the review! > > Barry Leiba wrote: > > Reviewer: Barry Leiba > > Review result: Has Issues > > > > I=E2=80=99ve looked at Stephen Kent=E2=80=99s review and the discussion= thereof, and have > > little to add to that. A couple of small things: > > > > 1. Section 3 says that the subsections =E2=80=9Cdescribes the tcpcrypt = protocol > at an > > abstract level.=E2=80=9D There is no sense in which this description i= s > abstract, and > > I=E2=80=99d prefer that we not try to say it is, because that gives a r= eader an > > expectation that it will be high-level, and perhaps even non-normative. > Maybe > > this?: > > > > NEW > > This section provides details of the operation of the tcpcrypt > protocol. > > The wire format of all messages is specified in Section 4. > > END > > Good point, thanks -- for the next draft I've gone with > something very similar: > > This section describes the operation of the tcpcrypt protocol. The > wire format of all messages is specified in Section 4. > > > 2. In Section 7 (IANA), you say: > > > > Tcpcrypt's TEP identifiers will need to be incorporated in IANA's > > "TCP encryption protocol identifiers" registry under the > > "Transmission Control Protocol (TCP) Parameters" registry > > > > I can find no such registry. Can you help me here, maybe give me a URL= ? > > Right, that registry is defined in TCP-ENO, which I > understand would be published in tandem with this draft. > Does that solve the problem, or ought we provide a reference > to TCP-ENO here? > > For now, I've provided at least a hint by mentioning TCP-ENO > at the beginning of that sentence: > > For use with TCP-ENO's negotiation mechanism, tcpcrypt's TEP > identifiers will need to be incorporated in IANA's "TCP encryption > protocol identifiers" registry under the "Transmission Control > Protocol (TCP) Parameters" registry, as in Table 4 below. The > [...] > > > Also, with respect to the new =E2=80=9Ctcpcrypt AEAD Algorithm" registr= y: > > > > Future assignments are to be made under the "RFC Required" policy > > > > Note that that policy allows for assignments to be made in any RFC > stream, > > which includes the IRTF, the IAB, and the Independent Stream. Do you > really > > want people to be able to send documents to the Independent Stream > Editor, and > > to have them published and make assignments with minimal review? > > > > You might consider whether =E2=80=9CIETF Review=E2=80=9D is more approp= riate. That > allows RFCs > > of any type (Standards Track, Informational, Experimental, BCP), but > requires > > that they be in the IETF stream and have a formal IETF last call. > > Following the discussion about assignment policy in another > thread, I've updated this to use the same policy as TCP-ENO. > The paragraph on the "tcpcrypt AEAD Algorithm" registry now > reads: > > In Section 4.1, this document defines "sym_cipher" specifiers in the > range 0x0001 to 0xFFFF inclusive, for which IANA is to maintain a new > "tcpcrypt AEAD Algorithm" registry under the "Transmission Control > Protocol (TCP) Parameters" registry. The initial values for this > registry are given in Table 5 below. The AEAD algorithms named there > are defined in Section 6. Future assignments are to be made upon > satisfying either of two policies defined in [RFC8126]: "IETF Review" > or (for non-IETF stream specifications) "Expert Review with RFC > Required." IANA will furthermore provide early allocation [RFC7120] > to facilitate testing before RFCs are finalized. > > > > It will also help IANA if you make it clear what the valid range of > values is > > for the =E2=80=9CValue=E2=80=9D column. Is 0x0000 valid? Is 0xFFFF th= e maximum? > Explicitly > > saying that values must be in the range 0x0001 to 0xFFFF inclusive will > be > > helpful. (I say this with particular note that you changed how the > Value field > > is specified between -07 and -09, so this clearly has not even been > clear to > > the spec developers.) > > Thanks, I've added that as you can see above. > > daniel > > -- Barry -- Barry Leiba (barryleiba@computer.org) http://internetmessagingtechnology.org/ --f403045fbba80788f8055e310ed0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All responses perfect; thanks.=C2=A0 I don=E2=80=99t thin= k there=E2=80=99s a need for a formal citation to TCP-ENO for the registry,= as it won=E2=80=99t be needed once the registry is created.=C2=A0 It=E2=80= =99s only needed for review now, so people like me don=E2=80=99t scratch ou= r heads.

Carry on...

Barry


On Fri, Nov 17, 2017 a= t 12:16 AM Daniel B Giffin <dbg@= scs.stanford.edu> wrote:
Tha= nks for the review!

Barry Leiba wrote:
> Reviewer: Barry Leiba
> Review result: Has Issues
>
> I=E2=80=99ve looked at Stephen Kent=E2=80=99s review and the discussio= n thereof, and have
> little to add to that.=C2=A0 A couple of small things:
>
> 1. Section 3 says that the subsections =E2=80=9Cdescribes the tcpcrypt= protocol at an
> abstract level.=E2=80=9D=C2=A0 There is no sense in which this descrip= tion is abstract, and
> I=E2=80=99d prefer that we not try to say it is, because that gives a = reader an
> expectation that it will be high-level, and perhaps even non-normative= .=C2=A0 Maybe
> this?:
>
> NEW
>=C2=A0 =C2=A0 This section provides details of the operation of the tcp= crypt protocol.
>=C2=A0 =C2=A0 The wire format of all messages is specified in Section 4= .
> END

Good point, thanks -- for the next draft I've gone with
something very similar:

=C2=A0 =C2=A0This section describes the operation of the tcpcrypt protocol.= =C2=A0 The
=C2=A0 =C2=A0wire format of all messages is specified in Section 4.

> 2. In Section 7 (IANA), you say:
>
>=C2=A0 =C2=A0 Tcpcrypt's TEP identifiers will need to be incorporat= ed in IANA's
>=C2=A0 =C2=A0 "TCP encryption protocol identifiers" registry = under the
>=C2=A0 =C2=A0 "Transmission Control Protocol (TCP) Parameters"= ; registry
>
> I can find no such registry.=C2=A0 Can you help me here, maybe give me= a URL?

Right, that registry is defined in TCP-ENO, which I
understand would be published in tandem with this draft.
Does that solve the problem, or ought we provide a reference
to TCP-ENO here?

For now, I've provided at least a hint by mentioning TCP-ENO
at the beginning of that sentence:

=C2=A0 =C2=A0For use with TCP-ENO's negotiation mechanism, tcpcrypt'= ;s TEP
=C2=A0 =C2=A0identifiers will need to be incorporated in IANA's "T= CP encryption
=C2=A0 =C2=A0protocol identifiers" registry under the "Transmissi= on Control
=C2=A0 =C2=A0Protocol (TCP) Parameters" registry, as in Table 4 below.= =C2=A0 The
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0[...]

> Also, with respect to the new =E2=80=9Ctcpcrypt AEAD Algorithm" r= egistry:
>
>=C2=A0 =C2=A0 Future assignments are to be made under the "RFC Req= uired" policy
>
> Note that that policy allows for assignments to be made in any RFC str= eam,
> which includes the IRTF, the IAB, and the Independent Stream.=C2=A0 Do= you really
> want people to be able to send documents to the Independent Stream Edi= tor, and
> to have them published and make assignments with minimal review?
>
> You might consider whether =E2=80=9CIETF Review=E2=80=9D is more appro= priate.=C2=A0 That allows RFCs
> of any type (Standards Track, Informational, Experimental, BCP), but r= equires
> that they be in the IETF stream and have a formal IETF last call.

Following the discussion about assignment policy in another
thread, I've updated this to use the same policy as TCP-ENO.
The paragraph on the "tcpcrypt AEAD Algorithm" registry now
reads:

=C2=A0 =C2=A0In Section 4.1, this document defines "sym_cipher" s= pecifiers in the
=C2=A0 =C2=A0range 0x0001 to 0xFFFF inclusive, for which IANA is to maintai= n a new
=C2=A0 =C2=A0"tcpcrypt AEAD Algorithm" registry under the "T= ransmission Control
=C2=A0 =C2=A0Protocol (TCP) Parameters" registry.=C2=A0 The initial va= lues for this
=C2=A0 =C2=A0registry are given in Table 5 below.=C2=A0 The AEAD algorithms= named there
=C2=A0 =C2=A0are defined in Section 6.=C2=A0 Future assignments are to be m= ade upon
=C2=A0 =C2=A0satisfying either of two policies defined in [RFC8126]: "= IETF Review"
=C2=A0 =C2=A0or (for non-IETF stream specifications) "Expert Review wi= th RFC
=C2=A0 =C2=A0Required."=C2=A0 IANA will furthermore provide early allo= cation [RFC7120]
=C2=A0 =C2=A0to facilitate testing before RFCs are finalized.


> It will also help IANA if you make it clear what the valid range of va= lues is
> for the =E2=80=9CValue=E2=80=9D column.=C2=A0 Is 0x0000 valid?=C2=A0 I= s 0xFFFF the maximum?=C2=A0 Explicitly
> saying that values must be in the range 0x0001 to 0xFFFF inclusive wil= l be
> helpful.=C2=A0 (I say this with particular note that you changed how t= he Value field
> is specified between -07 and -09, so this clearly has not even been cl= ear to
> the spec developers.)

Thanks, I've added that as you can see above.

daniel

--
Barry
--
Barry Leiba = =C2=A0(barryle= iba@computer.org)
http://internetmessagingtechnology.org/
--f403045fbba80788f8055e310ed0-- From nobody Sat Nov 18 04:45:42 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 58CF5126CBF for ; Sat, 18 Nov 2017 04:45:41 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secratary@mit.edu Message-ID: <151100914135.3248.4848579431828192205.idtracker@ietfa.amsl.com> Date: Sat, 18 Nov 2017 04:45:41 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 12:45:41 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2017-11-30 Reviewer LC end Draft Alan DeKok 2017-10-09 draft-ietf-tsvwg-ieee-802-11-09 Daniel Gillmor 2017-10-17 draft-ietf-sidrops-bgpsec-rollover-03 Watson Ladd R2017-10-19 draft-ietf-tcpinc-tcpeno-17 Barry Leiba R2017-10-19 draft-ietf-tcpinc-tcpcrypt-10 For telechat 2017-12-14 Reviewer LC end Draft Shaun Cooley 2017-10-11 draft-ietf-grow-bgp-gshut-12 Catherine Meadows 2017-10-12 draft-ietf-anima-prefix-management-06 Russ Mundy 2017-11-30 draft-ietf-spring-segment-routing-central-epe-07 Takeshi Takahashi R2017-06-30 draft-ietf-spring-oam-usecase-09 Klaas Wierenga R2017-11-30 draft-ietf-stir-certificates-15 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-08 Phillip Hallam-Baker 2017-10-13 draft-ietf-ospf-segment-routing-extensions-21 Dan Harkins R2017-11-23 draft-ietf-mboned-mtrace-v2-21 Daniel Migault 2017-12-08 draft-atarius-dispatch-meid-urn-as-instanceid-05 Matthew Miller 2017-12-08 draft-atarius-dispatch-meid-urn-13 Adam Montville 2017-12-04 draft-ietf-ipsecme-eddsa-04 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Sandra Murphy 2017-11-30 draft-ietf-httpbis-origin-frame-04 Yoav Nir 2017-11-27 draft-ietf-tokbind-protocol-16 Magnus Nystrom 2017-11-26 draft-ietf-anima-stable-connectivity-07 Hilarie Orman 2017-11-27 draft-ietf-tokbind-negotiation-10 Rifaat Shekh-Yusef R2017-12-04 draft-mm-wg-effect-encrypt-13 Tina Tsou R2017-06-29 draft-ietf-trill-arp-optimization-09 Tom Yu 2017-02-20 draft-ietf-slim-negotiating-human-language-17 Next in the reviewer rotation: Radia Perlman Derrell Piper Tim Polk Vincent Roca Kyle Rose Joseph Salowey Rich Salz Stefan Santesson Yaron Sheffer Rifaat Shekh-Yusef From nobody Mon Nov 20 10:10:49 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 74FC112969E; Mon, 20 Nov 2017 10:10:47 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Barry Leiba To: Cc: draft-ietf-tcpinc-tcpcrypt.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151120144742.22015.14996558456379655690@ietfa.amsl.com> Date: Mon, 20 Nov 2017 10:10:47 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-ietf-tcpinc-tcpcrypt-10 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2017 18:10:47 -0000 Reviewer: Barry Leiba Review result: Ready Version -10 (and the review discussion) addresses all my comments about version -09; thanks. From nobody Tue Nov 21 11:53:45 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A962129BAF; Tue, 21 Nov 2017 11:53:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZDNMCfLGlCk; Tue, 21 Nov 2017 11:53:37 -0800 (PST) Received: from mail-vk0-x242.google.com (mail-vk0-x242.google.com [IPv6:2607:f8b0:400c:c05::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE616124B0A; Tue, 21 Nov 2017 11:53:37 -0800 (PST) Received: by mail-vk0-x242.google.com with SMTP id k82so8398520vkd.5; Tue, 21 Nov 2017 11:53:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=aBj3KGuNZHiFp9RVnEbhDK22Rakf4hNUNASfOoHQjUg=; b=lh4Is+cqoO/5p7cpURAloHwuo0fB0pikGp6AiItKVdVb8NkFwxwQmLlq6pq8036NQJ Uc0MufWjiNGIIBvve1zbXwd8uuYIDKaONNAL3ps/HfuucQ8u5xw0hmJgSJzrgk5Ga5hF LQ5gMJyVEUvNaE0Er350rYEAUlHohddiN4J98ffgZH5ku39rb1tYIcTfj0hRmn2uGJet 4Lwrzax5Itk2mGEVB4A5Cdec+u9+9v/Jmtnu/4BEDJNsO1HhA+CX24yqcsdJc2QHVLbf m6eEswTOMbjEGIUa7TkXHF8IFIHeEGu6G1lYTiZX2dJ5zVu2yy8k/VMFOL1f2AiUVTdH 3v2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=aBj3KGuNZHiFp9RVnEbhDK22Rakf4hNUNASfOoHQjUg=; b=O1+Ay1gIQcGyeQ1Zw4SZw31wbU/M6mWEsmDaTYEZFi/yA4KBHd4G9eL6Qg1ETauTs0 9MOC5fxpRABaRDLvimR6k03QaoBwqXtZ3wQGjeUmRv4aws++qw5D+GT3ZPM5eVa06fsU k1XhCKiCSGEaTlAfoj8x08fZ14X+I6yxJzR7mi6aA+JZFXv466PdgYlnaBAouk9FX5al Hq5Zs70wIOV+ahewK3ym6qcmv1bhhd6UiB4rBXFYK6EA62ouYX84hmKR+qKxvqQS76g6 OAhr8gY0TxwJ4TceXOnKRLCY2PdA6QodMvu07zyfVpLlU/xdD+x3+Zxui0iZp2snXxTr sIJw== X-Gm-Message-State: AJaThX7VX+GkuDFrOYWZvoKfLk3XSRwJEDhvZTaSIed8TZWgIxhKK5JY W2lnIBKC6Mh8kgPFMozRO98QNyJtqfv+CmmFV5Ivuw== X-Google-Smtp-Source: AGs4zMaplpugHB+826MBwTr8LIdgZw6AyrutvvleoJp8IteiAgaSam3oD6tya8TwFZwyE7RJQrBX04W1GtNNBAfibDQ= X-Received: by 10.31.32.70 with SMTP id g67mr13626415vkg.9.1511294016604; Tue, 21 Nov 2017 11:53:36 -0800 (PST) MIME-Version: 1.0 Received: by 10.176.11.132 with HTTP; Tue, 21 Nov 2017 11:53:36 -0800 (PST) From: Watson Ladd Date: Tue, 21 Nov 2017 14:53:36 -0500 Message-ID: To: secdir@ietf.org, "" , draft-ietf-tcpinc-tcpeno.all@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: [secdir] Review of -17 of tcpinc-tcpeno X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 19:53:39 -0000 Dear all, The document remains ready. All my previous comments have been addressed. Sincerely, Watson Ladd From nobody Fri Nov 24 11:19:33 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B226C1293D6; Fri, 24 Nov 2017 11:19:25 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Yoav Nir To: Cc: draft-ietf-tokbind-protocol.all@ietf.org, unbearable@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151155116566.9001.9710010900094084736@ietfa.amsl.com> Date: Fri, 24 Nov 2017 11:19:25 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-tokbind-protocol-16 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Nov 2017 19:19:26 -0000 Reviewer: Yoav Nir Review result: Ready The document seems ready with two minor editorial nits: 1. The first sentence is as follows: Often, servers generate various security tokens (e.g. HTTP cookies, OAuth [RFC6749] tokens) If you reference the OAuth RFC, you should also reference the HTTP cookie RFC (RFC 6265) 2. The term "bound token" appears in section 2 without any definition. Perhaps add something like "An application token contained in a token binding message is called a bound token" Other than that, the document is well written and the security issues are dealt with well in sections 4 and 5 as well as the security considerations section (7). From nobody Sun Nov 26 11:57:40 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F04E1201F8; Sun, 26 Nov 2017 11:57:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.62 X-Spam-Level: X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SoOcySYa-Eqq; Sun, 26 Nov 2017 11:57:33 -0800 (PST) Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 113F8126C0F; Sun, 26 Nov 2017 11:57:32 -0800 (PST) Received: from in02.mta.xmission.com ([166.70.13.52]) by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eJ33T-0003aO-N3; Sun, 26 Nov 2017 12:57:31 -0700 Received: from mta2.zcs.xmission.com ([166.70.13.66]) by in02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1eJ33T-0002EY-0u; Sun, 26 Nov 2017 12:57:31 -0700 Received: from localhost (localhost [127.0.0.1]) by mta2.zcs.xmission.com (Postfix) with ESMTP id C600E6002C4; Sun, 26 Nov 2017 12:57:30 -0700 (MST) Received: from mta2.zcs.xmission.com ([127.0.0.1]) by localhost (mta2.zcs.xmission.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id whpoOHsoBSsa; Sun, 26 Nov 2017 12:57:30 -0700 (MST) Received: from zms04.zcs.xmission.com (zms04.zcs.xmission.com [166.70.13.74]) by mta2.zcs.xmission.com (Postfix) with ESMTP id B20596002C1; Sun, 26 Nov 2017 12:57:30 -0700 (MST) Date: Sun, 26 Nov 2017 12:57:30 -0700 (MST) From: Hilarie Orman To: The IESG , secdir , draft-ietf-tokbind-negotiation.all@ietf.org Message-ID: <75635360.9316064.1511726250689.JavaMail.zimbra@purplestreak.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [104.173.238.67] X-Mailer: Zimbra 8.7.4_GA_1730 (zclient/8.7.4_GA_1730) Thread-Index: 9yZNkNtSTPXVMHPSgNb9afzW95voQw== Thread-Topic: Security review of draft-ietf-tokbind-negotiation-10 X-XM-SPF: eid=1eJ33T-0002EY-0u; ; ; mid=<75635360.9316064.1511726250689.JavaMail.zimbra@purplestreak.com>; ; ; hst=in02.mta.xmission.com; ; ; ip=166.70.13.66; ; ; frm=hilarie@purplestreak.com; ; ; spf=none X-SA-Exim-Connect-IP: 166.70.13.66 X-SA-Exim-Mail-From: hilarie@purplestreak.com X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ******;The IESG , secdir , draft-ietf-tokbind-negotiation.all@ietf.org X-Spam-Relay-Country: US X-Spam-Timing: total 341 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.3 (1.0%), b_tie_ro: 2.3 (0.7%), parse: 1.13 (0.3%), extract_message_metadata: 4.9 (1.4%), get_uri_detail_list: 0.74 (0.2%), tests_pri_-1000: 3.0 (0.9%), tests_pri_-950: 0.90 (0.3%), tests_pri_-900: 0.93 (0.3%), tests_pri_-400: 16 (4.7%), check_bayes: 15 (4.4%), b_tokenize: 4.9 (1.4%), b_tok_get_all: 4.2 (1.2%), b_comp_prob: 1.91 (0.6%), b_tok_touch_all: 2.1 (0.6%), b_finish: 0.61 (0.2%), tests_pri_0: 295 (86.5%), check_dkim_signature: 0.68 (0.2%), check_dkim_adsp: 47 (13.9%), tests_pri_500: 3.7 (1.1%), rewrite_mail: 0.00 (0.0%) X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Archived-At: Subject: [secdir] Security review of draft-ietf-tokbind-negotiation-10 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Nov 2017 19:57:34 -0000 Security review of Transport Layer Security (TLS) Extension for Token Binding Protocol Negotiation draft-ietf-tokbind-negotiation-10 Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. From the abstract "This document specifies a Transport Layer Security (TLS) extension for the negotiation of Token Binding protocol version and key parameters." Token binding assures that the necessary authentication information for a TLS channel is bound solely to that one channel. As a preliminary to that binding, the two participants must agree on a protocol version for establishing a token and the key parameters. The TLS extension for this negotiation in the HELLO messages is the subject of the document under review. The extension seems to me to be necessary, sufficient, secure, and Ready. Hilarie From nobody Sun Nov 26 21:47:25 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85EE5127775 for ; Sun, 26 Nov 2017 21:47:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iMQk51ly4IMJ for ; Sun, 26 Nov 2017 21:47:22 -0800 (PST) Received: from mail-pl0-x235.google.com (mail-pl0-x235.google.com [IPv6:2607:f8b0:400e:c01::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE8D81200E5 for ; Sun, 26 Nov 2017 21:47:21 -0800 (PST) Received: by mail-pl0-x235.google.com with SMTP id b12so7849824plm.3; Sun, 26 Nov 2017 21:47:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=qrjnyc/UQS84uO9CIRzdYqjMYaOjQzz9QwfE2yyubcQ=; b=vehKBexqmy6ARWujOv5vtKEeQuHYf5a8a7xDar+cN1zzAzbw4a7q4tDtKtAvJ+aCKB unfbwsuFTXA2C6PEr3Z6KaMcCIOro3hsnXxyc54Qpsz9dyrb2MQyKoB90EzMMfrtE51B 8+9dsSeJKmzZXFYpBi2NxXPSn6oHSCSPuzlA6vny3nQRB37PXvGSN25kDDEHHblmbu1O g9mLFskmZoW/08FKcD/NKYedieIy+q7iTIZDQj4oT9Z2Fv5VDji5+LU1GE/kppJBQyff 0AMC9Lhcq4rYBD5p0Eb3C/nsgYpTFrYowtom+thmBFBwOrobb0KAkVKyZBCEqEdXNIRl aZsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=qrjnyc/UQS84uO9CIRzdYqjMYaOjQzz9QwfE2yyubcQ=; b=ssMNPzbGVszbHL0KjxzSa8pib9K7q1e+toQ22SUtdWkpe09MFH/Vqphli70uKYtp7C r7dU3RzBNYYnsoQE8ZSCzQLXmCeAhkS99Nr8G+RXeUdTF8Kyrej2S+wvpmvZnAr8vZiD xkO/cB/fk7dqST1fIcnk48Yvrx+q1kaZgFyZaq3xdg6RP3ToS3luLwYqs1mY7smku9Al x+RL+45s+Fcduo5o8J5p847j690YFsq6q8t2kqFchMzvbHRledCDR6K9t+2OCNlxf7rt 08NJYPcAo+xq2M26lG20ate8oW183Jf2SIfo37+YOccwaIO1p+jMcF8RVwf5bod8EV6C 6HnA== X-Gm-Message-State: AJaThX6PDPHd2OC9I/Ao4r2Y5PW++EM1bQ1Y053rc4+7OF0tfHfCgOH/ cDmDkRgW5Ww/4B6AXiS+hrFgDo7sZ/SHcRLfUddLsw== X-Google-Smtp-Source: AGs4zMYGkiZJQN4nZp3UUE9A92g96d9oMqws54gxuwK8/Lykf6G00g+gQyph52zw2vsrAroPjF7rwbHzQmZ+Nh/uNlE= X-Received: by 10.84.229.79 with SMTP id d15mr36536545pln.397.1511761641120; Sun, 26 Nov 2017 21:47:21 -0800 (PST) MIME-Version: 1.0 Received: by 10.100.187.2 with HTTP; Sun, 26 Nov 2017 21:47:20 -0800 (PST) From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= Date: Sun, 26 Nov 2017 21:47:20 -0800 Message-ID: To: "secdir@ietf.org" , dreft-ietf-anima-stable-connectivity@ietf.org Content-Type: multipart/alternative; boundary="94eb2c19ecb49aa7d4055ef06fab" Archived-At: Subject: [secdir] Secdir review of draft-ietf-anima-stable-connectivity-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 05:47:23 -0000 --94eb2c19ecb49aa7d4055ef06fab Content-Type: text/plain; charset="UTF-8" I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes how to leverage the Automatic Control Plane (ACP) in Automatic Networks (AN) to provide stable and secure connectivity for Operations, Administration and Maintenance (OAM) processes. The document is intended to be *informational*. The document is well written and has an adequate Security Considerations section. I have no issues with this document. Minor nit: "encryption protected" -> "encrypted." -- -- Magnus --94eb2c19ecb49aa7d4055ef06fab Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

I have reviewed this document as part of the security = directorate's ongoing effort to review all IETF documents being process= ed by the IESG. These comments were written primarily for the benefit of th= e security area directors. Document editors and WG chairs should treat thes= e comments just like any other last call comments.

This = document describes how to leverage the Automatic Control Plane (ACP) in Aut= omatic Networks (AN) to provide stable and secure connectivity for Operatio= ns, Administration and Maintenance (OAM) processes. The document is intende= d to be *informational*.

The document is well writ= ten and has an adequate Security Considerations section. I have no issues w= ith this document. Minor nit: "encryption protected" -> "= encrypted."
--
<= div class=3D"gmail_signature">-- Magnus
--94eb2c19ecb49aa7d4055ef06fab-- From nobody Sun Nov 26 21:53:32 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20F8D126D05; Sun, 26 Nov 2017 21:53:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yEeotwwRbnIP; Sun, 26 Nov 2017 21:53:29 -0800 (PST) Received: from mail-pl0-x22e.google.com (mail-pl0-x22e.google.com [IPv6:2607:f8b0:400e:c01::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD8A11200E5; Sun, 26 Nov 2017 21:53:26 -0800 (PST) Received: by mail-pl0-x22e.google.com with SMTP id 62so7859184plc.2; Sun, 26 Nov 2017 21:53:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=DeR+7Sl+3Xwy/Xgv56orwp0zcR58krCB8G6tum5f5NQ=; b=q4XmwTJX7Mu+obnTJNPbZVtf0XcA89AKq30p9oX600dt7VToPguE/i5sylHMINMkiI I0Gvnyuza4S0pDm60hvB73AZ2fOa2TIO0l0H4kg8mwaVKk1BRjaupWkF/+lbj0ekjVkb MtfR/4RH4T/V9bhF4B89C9R6cLiLeCV13WZ8xsNx8Gzqdpn3+u9BZc8eQEdBTkFii4FO r1JFpSAmHSFvUYnMGF5ucppOG0iYNmLhs6Qamyb+v0RQXYZWWMuwZNjLqunVnKULgdnk 7R+4UkuLW3EadQDfpPSVITM3Om31DkSgvcInUFZBI5FD5Jgf59a2jExUpN9wTqToqImx FbZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=DeR+7Sl+3Xwy/Xgv56orwp0zcR58krCB8G6tum5f5NQ=; b=UMXZ6ag4l4jA2OufzqCBaGUBh/N6bL7LFmQEryupKNN8tDnykMdejRX+GXUvJahx8D jTFSTMEvpJchTVOojYg2VwC5MeKl4ncNtulRb5X9I9yZM+Y3SSRtiph8AXClcE6mb3c4 X4bmheV7VTY11JHPDV5lJ9IeQFzm+AvCNdejChzxaOwtPxFE1U/E/LhTyeysTxfJnEgI yuGzxkNUlpswzL4inuoKMIFg4CLzucUajgvJhsucKc+5PmekPHLLB41I+XL00LOOSI7J ViysO9M0VZAEHYSrRCoaR1XTXGn8l7b96xU3R99uFcdINTbKj9Ei8kvUQ7bdPWpV0LUf XGZQ== X-Gm-Message-State: AJaThX4oOIBGPEeTQu5nfU+TMZAFMcjZ2QhjLceCHCo9mbkGNXXSbO66 ZGfTIFBrwWHxRmmbMCaXJKq0wgYwFS2fRbxxSM0= X-Google-Smtp-Source: AGs4zMbNasQStbICsifmHzbTk1Fn9+Cxh/lhsKVHzLhqj9A8Af6I6acV44OhOeRbgNpoDKEdr+H8XoWi7ZAHN2r8uJE= X-Received: by 10.84.129.73 with SMTP id 67mr12094048plb.198.1511762005706; Sun, 26 Nov 2017 21:53:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.100.187.2 with HTTP; Sun, 26 Nov 2017 21:53:25 -0800 (PST) From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= Date: Sun, 26 Nov 2017 21:53:25 -0800 Message-ID: To: "secdir@ietf.org" , draft-ietf-anima-stable-connectivity@ietf.org Content-Type: multipart/alternative; boundary="94eb2c1306c055cb9d055ef0859b" Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-anima-stable-connectivity-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 05:53:31 -0000 --94eb2c1306c055cb9d055ef0859b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Correcting email address. On Sun, Nov 26, 2017 at 9:47 PM, Magnus Nystr=C3=B6m wr= ote: > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security are= a > directors. Document editors and WG chairs should treat these comments jus= t > like any other last call comments. > > This document describes how to leverage the Automatic Control Plane (ACP) > in Automatic Networks (AN) to provide stable and secure connectivity for > Operations, Administration and Maintenance (OAM) processes. The document = is > intended to be *informational*. > > The document is well written and has an adequate Security Considerations > section. I have no issues with this document. Minor nit: "encryption > protected" -> "encrypted." > -- > -- Magnus > --94eb2c1306c055cb9d055ef0859b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Correcting email address.
On Sun, Nov 26, 2017 at 9:47 PM, Magnus Nystr= =C3=B6m <magnusn@gmail.com> wrote:

I have reviewed this document as part of th= e security directorate's ongoing effort to review all IETF documents be= ing processed by the IESG. These comments were written primarily for the be= nefit of the security area directors. Document editors and WG chairs should= treat these comments just like any other last call comments.

This document describes how to leverage the Automatic Control Plane (= ACP) in Automatic Networks (AN) to provide stable and secure connectivity f= or Operations, Administration and Maintenance (OAM) processes. The document= is intended to be *informational*.

The document i= s well written and has an adequate Security Considerations section. I have = no issues with this document. Minor nit: "encryption protected" -= > "encrypted."<= br clear=3D"all">
--
-- Magnus
--94eb2c1306c055cb9d055ef0859b-- From nobody Mon Nov 27 06:09:16 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 22B52128B8D; Mon, 27 Nov 2017 06:09:14 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Adam Montville To: Cc: ipsec@ietf.org, ietf@ietf.org, draft-ietf-ipsecme-eddsa.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151179175411.30910.13010385715015417131@ietfa.amsl.com> Date: Mon, 27 Nov 2017 06:09:14 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-ipsecme-eddsa-04 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 14:09:14 -0000 Reviewer: Adam Montville Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is ready. A very straightforward, short document defining a new value in SIGNATURE_HASH_ALGORITHMS notification of IKE, so that non-hashing signature methods (specifically the Edwards-curve digital signature algorithm) can be used. One nit: s/or/of/ in last sentence of second introduction paragraph, so that it reads, "See section 8.5 of RFC 8032...". From nobody Mon Nov 27 10:52:18 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC24D1292CE; Mon, 27 Nov 2017 10:52:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kDOm-KRJRbc; Mon, 27 Nov 2017 10:52:02 -0800 (PST) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 166C71270A3; Mon, 27 Nov 2017 10:51:59 -0800 (PST) Received: by mail-wm0-x229.google.com with SMTP id v186so36981622wma.2; Mon, 27 Nov 2017 10:51:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=cH/zE46AO3nlnKLOl73KViBYRVJ/HvNksL6Sc05yNX4=; b=OUnzZZoZcZuBdXprcM8Q/rqpVUA1/VW5fsT50kDwiCukZgGyoHp3LGAf/cDZ7VS+r1 KbkVSgEqC2ArU4mJC1WtkSB+s8vRbgW0IgiorOHEdL37MC3KgT5G617f8M0pGsp/mifS PxwomtjuTHBgSPLHth91g7Czu9bRdf3VIVo2+DwItXAJRcLJ912h7IMbxqVGNK8dmouw Rlr0aHKGQdOVjnnGdy8YGv3aFCBi01x3/kE5qc46Kn1Yhgvt3L9cBXikCca/H/51G8wF s0LRoq8/d5cZ3E16AHi+uBsi1wctuQ0xcRUE/eQp97VgkJYV0PxRozSVEWYbToCxt6uo klOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=cH/zE46AO3nlnKLOl73KViBYRVJ/HvNksL6Sc05yNX4=; b=sXBDYa/UBrlbR5jEjeWhpmaep2VMbpZy7Vd+Quy886fMAbEiCkrwj06F+PSu32We1Z AI4mP9DsgOOpJmCLiKZbaxENn+yHC+y1pX0QkR5gdidJCxDJRiP9w2qVe2lHMQCR497g k8JKcgmLbTJqJ5GnP0/8vsHTy/L++kuwMVzCSUOqWMIPI159AB9HCvqSOMCuvNeUmPjz rDOawhdfWROwRO/sGum3mVFAt7VAImS+GY4EguZxre86eRE3ntoxeYfCcDhutqpmBVU9 /jNibaL74Z2Fij05XO31No+hiMXvVmh1OO9sVX0reQDZq/xZ14V63pdca7q40iSzb8S9 YnYQ== X-Gm-Message-State: AJaThX5HdSNaBcJJK36QtU46PofXbWOEWmH+/GTaR2vY6wGrSfOCAze5 gFS3rkrRtRBvno89vEb4Ijg= X-Google-Smtp-Source: AGs4zMairR2sfNUYRGiwRdZC8XpTXzr30A0qTFwp5i3M+IJSUpwJI2H0MctvCCuS8Fjoep4YSTOj1w== X-Received: by 10.28.138.12 with SMTP id m12mr19458997wmd.134.1511808717614; Mon, 27 Nov 2017 10:51:57 -0800 (PST) Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id i55sm9385454wra.60.2017.11.27.10.51.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Nov 2017 10:51:56 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) From: Yoav Nir In-Reply-To: <151179175411.30910.13010385715015417131@ietfa.amsl.com> Date: Mon, 27 Nov 2017 20:51:54 +0200 Cc: secdir , ipsec@ietf.org, ietf@ietf.org, draft-ietf-ipsecme-eddsa.all@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <23E34FAC-BF15-4523-91CE-88E3B2A7AA46@gmail.com> References: <151179175411.30910.13010385715015417131@ietfa.amsl.com> To: Adam Montville X-Mailer: Apple Mail (2.3445.4.7) Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-ipsecme-eddsa-04 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 18:52:04 -0000 > On 27 Nov 2017, at 16:09, Adam Montville = wrote: >=20 > Reviewer: Adam Montville > Review result: Ready >=20 > I have reviewed this document as part of the security directorate's = ongoing > effort to review all IETF documents being processed by the IESG. = These > comments were written primarily for the benefit of the security area = directors. > Document editors and WG chairs should treat these comments just like = any other > last call comments. >=20 > This document is ready. >=20 > A very straightforward, short document defining a new value in > SIGNATURE_HASH_ALGORITHMS notification of IKE, so that non-hashing = signature > methods (specifically the Edwards-curve digital signature algorithm) = can be > used. Thanks, Adam. >=20 > One nit: s/or/of/ in last sentence of second introduction paragraph, = so that it > reads, "See section 8.5 of RFC 8032=E2=80=A6=E2=80=9D Unless something else comes up, I=E2=80=99ll leave this to AUTH48 = (although the RFC Editor are likely to find it and fix it anyway). Yoav= From nobody Mon Nov 27 12:18:33 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 48CB6120721 for ; Mon, 27 Nov 2017 12:18:32 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <151181391227.30838.14737132530149416644.idtracker@ietfa.amsl.com> Date: Mon, 27 Nov 2017 12:18:32 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 20:18:32 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2017-11-30 Reviewer LC end Draft Alan DeKok 2017-10-09 draft-ietf-tsvwg-ieee-802-11-09 Daniel Gillmor 2017-10-17 draft-ietf-sidrops-bgpsec-rollover-03 Watson Ladd R2017-10-19 draft-ietf-tcpinc-tcpeno-17 Rifaat Shekh-Yusef R2017-10-11 draft-wu-l3sm-rfc8049bis-09 For telechat 2017-12-14 Reviewer LC end Draft Shaun Cooley 2017-10-11 draft-ietf-grow-bgp-gshut-12 Phillip Hallam-Baker 2017-10-13 draft-ietf-ospf-segment-routing-extensions-22 Catherine Meadows 2017-10-12 draft-ietf-anima-prefix-management-06 Russ Mundy 2017-11-30 draft-ietf-spring-segment-routing-central-epe-07 Hilarie Orman R2017-12-11 draft-ietf-i2rs-yang-l3-topology-13 Radia Perlman 2017-12-11 draft-ietf-i2rs-yang-network-topo-18 Takeshi Takahashi R2017-06-30 draft-ietf-spring-oam-usecase-09 Klaas Wierenga R2017-11-30 draft-ietf-stir-certificates-15 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-08 Daniel Migault 2017-12-08 draft-atarius-dispatch-meid-urn-as-instanceid-05 Matthew Miller 2017-12-08 draft-atarius-dispatch-meid-urn-13 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Sandra Murphy 2017-11-30 draft-ietf-httpbis-origin-frame-04 Magnus Nystrom 2017-11-26 draft-ietf-anima-stable-connectivity-07 Hilarie Orman 2017-11-27 draft-ietf-tokbind-negotiation-10 Derrell Piper 2017-11-23 draft-ietf-mboned-mtrace-v2-21 Rifaat Shekh-Yusef R2017-12-04 draft-mm-wg-effect-encrypt-13 Tina Tsou R2017-06-29 draft-ietf-trill-arp-optimization-09 Tom Yu 2017-02-20 draft-ietf-slim-negotiating-human-language-18 Next in the reviewer rotation: Tim Polk Vincent Roca Kyle Rose Joseph Salowey Rich Salz Stefan Santesson Yaron Sheffer Rifaat Shekh-Yusef Melinda Shore Robert Sparks From nobody Mon Nov 27 12:39:54 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 31AAD120721 for ; Mon, 27 Nov 2017 12:39:53 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <151181519315.30854.12070201077596928523.idtracker@ietfa.amsl.com> Date: Mon, 27 Nov 2017 12:39:53 -0800 Archived-At: Subject: [secdir] Assignments (new version) X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 20:39:53 -0000 Due to my mistake, the last assignment email did include reviews which were already done, but which were not marked as complete in the datatracker. I now marked them as done, and this version replaces the one send earlier. Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2017-11-30 Reviewer LC end Draft Alan DeKok 2017-10-09 draft-ietf-tsvwg-ieee-802-11-09 Daniel Gillmor 2017-10-17 draft-ietf-sidrops-bgpsec-rollover-03 Rifaat Shekh-Yusef R2017-10-11 draft-wu-l3sm-rfc8049bis-09 For telechat 2017-12-14 Reviewer LC end Draft Shaun Cooley 2017-10-11 draft-ietf-grow-bgp-gshut-12 Phillip Hallam-Baker 2017-10-13 draft-ietf-ospf-segment-routing-extensions-22 Catherine Meadows 2017-10-12 draft-ietf-anima-prefix-management-06 Russ Mundy 2017-11-30 draft-ietf-spring-segment-routing-central-epe-07 Hilarie Orman R2017-12-11 draft-ietf-i2rs-yang-l3-topology-13 Radia Perlman 2017-12-11 draft-ietf-i2rs-yang-network-topo-18 Takeshi Takahashi R2017-06-30 draft-ietf-spring-oam-usecase-09 Klaas Wierenga R2017-11-30 draft-ietf-stir-certificates-15 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-08 Daniel Migault 2017-12-08 draft-atarius-dispatch-meid-urn-as-instanceid-05 Matthew Miller 2017-12-08 draft-atarius-dispatch-meid-urn-13 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Sandra Murphy 2017-11-30 draft-ietf-httpbis-origin-frame-04 Derrell Piper 2017-11-23 draft-ietf-mboned-mtrace-v2-21 Rifaat Shekh-Yusef R2017-12-04 draft-mm-wg-effect-encrypt-13 Tina Tsou R2017-06-29 draft-ietf-trill-arp-optimization-09 Tom Yu 2017-02-20 draft-ietf-slim-negotiating-human-language-18 Next in the reviewer rotation: Tim Polk Vincent Roca Kyle Rose Joseph Salowey Rich Salz Stefan Santesson Yaron Sheffer Rifaat Shekh-Yusef Melinda Shore Robert Sparks From nobody Mon Nov 27 13:38:26 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E6A712702E; Mon, 27 Nov 2017 13:38:20 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Rifaat Shekh-Yusef To: Cc: ietf@ietf.org, draft-wu-l3sm-rfc8049bis.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151181870041.30959.17144962798564184590@ietfa.amsl.com> Date: Mon, 27 Nov 2017 13:38:20 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-wu-l3sm-rfc8049bis-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 21:38:21 -0000 Reviewer: Rifaat Shekh-Yusef Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document defines a YANG data model that defines service configuration elements that can be used in communication protocols between customers and network operators. Those elements can also be used as input to automated control and configuration applications. The authors addressed my comments on version -05 of the document. I have not further comments on this version of the draft. Regards. Rifaat From nobody Mon Nov 27 15:43:29 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCF651293EB; Mon, 27 Nov 2017 15:43:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKsIJRCZdZWl; Mon, 27 Nov 2017 15:43:20 -0800 (PST) Received: from Mail.Yoyodyne.COM (mail.yoyodyne.com [139.60.72.138]) by ietfa.amsl.com (Postfix) with SMTP id 14CE1124207; Mon, 27 Nov 2017 15:43:20 -0800 (PST) Received: from [IPv6:2603:3024:170f:af00:dcd1:1d8e:7784:9f91] ([2603:3024:170f:af00:dcd1:1d8e:7784:9f91]) by Mail.Yoyodyne.COM via Internet for (and others); Mon, 27 Nov 2017 15:43:18 PST From: Derrell Piper Content-Type: multipart/signed; boundary="Apple-Mail=_6A7F9CDF-0D51-49BA-98C5-0EBCB40EA87C"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) Date: Mon, 27 Nov 2017 15:43:18 -0800 References: <151181870041.30959.17144962798564184590@ietfa.amsl.com> To: secdir@ietf.org, ietf@ietf.org, draft-ietf-mboned-mtrace-v2-21@ietf.org In-Reply-To: <151181870041.30959.17144962798564184590@ietfa.amsl.com> Message-Id: X-Mailer: Apple Mail (2.3445.4.7) Archived-At: Subject: [secdir] Secdir review of draft-ietf-mboned-mtrace-v2-21 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 23:43:22 -0000 --Apple-Mail=_6A7F9CDF-0D51-49BA-98C5-0EBCB40EA87C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Reviewer: Derrell Piper Review result: ready with nits I have reviewed this document as part of the security directorate's = ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments = just like any other last call comments. This document describes a new version of tracroute designed for = multicast. In the multicast environment, traceroute functions in reverse with each = router on the path back towards the client adding diagnostic information along the = way. This information can be used to diagnose a variety of network problems, including packet loss (congestion) and configuration problems (TTL). The security considerations section discusses a variety of requirements = and suggestions for multicast routers and the protocol includes an = ADMIN_PROHIB flag which can be used at a border router to prevent multicast = traceroute from being able to probe network topology or to perform traffic analysis. This appears to be a useful diagnostic utility and the obvious security concerns seem to have been addressed. nits: page 33, section 9.3 and 9.4 MAY should be capitalized in these two sections. Derrell --Apple-Mail=_6A7F9CDF-0D51-49BA-98C5-0EBCB40EA87C Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcPdH3FAEATSMj56DLFinjYm9kMIFAlocoxYACgkQLFinjYm9 kMLHhBAAlrPxOGhY3qmuS9GyZoejjJyq2tPLTbt9nJx48+18rFtq1mDepk0Ecbo3 gRYc2HEl3t/jxS+vx/jFW1gpY2zCNqt7v1AfqHIM4K/LjCToybgt8ANsORfLS2Qi +SNJ7Ns8EDk7wNvwZcnfRikRu6cHPvO6yYKevvyi7ZnDvJMLZrzMbUaLx6s0fbYB i/MUAhI9wYNoa35GpnC6a96u5LxbggYGTVBuOo105TNWhG9p8TWWviZkq9kLThYa J+9TR6xOL5E478tkdH9LVErDGZxtP3KJAPJX11GL60hvpKjep13wrGF2/FYC60m9 yShx/Z33XYekbz08xoc41w/tnIA+qljbrrZtUDLttq1q6h3GcK8QP9O0/igErOdq V/hwl7jB721FTnrpRTrO9fN5YR9ALQIv+bdLsRLHo2Yoinqfp0RoStf4K0v12ZVH x++iZAgA5yoqNm37mD1KAYDXl8Am0UPtdyoKSvq77WDUoFV7lJFZ30h5Wr2SsYle Aqrz51GvLr0t3kesAkt4Pu2uCsiCBqILxQNG352fX8uTZcMh+J/qc+ausqqw1lNB UNzspTQaIXykG2dlzZchha6CUIj/PJoYqO5jk8CLKuGXHGFoJAujsa9eo0149iGD klsRlIXgk5stLqUFriLgfpY+zJIZNrIZKw4DSquW/6WKMfnwRUc= =rETv -----END PGP SIGNATURE----- --Apple-Mail=_6A7F9CDF-0D51-49BA-98C5-0EBCB40EA87C-- From nobody Mon Nov 27 16:23:59 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 334C5128C81; Mon, 27 Nov 2017 16:23:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 164PEuFnlr0N; Mon, 27 Nov 2017 16:23:52 -0800 (PST) Received: from Mail.Yoyodyne.COM (mail.yoyodyne.com [139.60.72.138]) by ietfa.amsl.com (Postfix) with SMTP id 4C4F1128AA1; Mon, 27 Nov 2017 16:23:52 -0800 (PST) Received: from [IPv6:2603:3024:170f:af00:dcd1:1d8e:7784:9f91] ([2603:3024:170f:af00:dcd1:1d8e:7784:9f91]) by Mail.Yoyodyne.COM via Internet for (and others); Mon, 27 Nov 2017 16:23:52 PST From: Derrell Piper Content-Type: multipart/signed; boundary="Apple-Mail=_830C2323-EE52-42F8-8042-9EF19CC07CFE"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) Date: Mon, 27 Nov 2017 16:23:51 -0800 References: <151181870041.30959.17144962798564184590@ietfa.amsl.com> To: secdir@ietf.org, ietf@ietf.org, draft-ietf-mboned-mtrace-v2-21.all@ietf.org In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3445.4.7) Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-mboned-mtrace-v2-21 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Nov 2017 00:23:53 -0000 --Apple-Mail=_830C2323-EE52-42F8-8042-9EF19CC07CFE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 [Apologies for the repost, hopefully this one doesn=E2=80=99t wrap. I = also didn=E2=80=99t include the =E2=80=9C.all=E2=80=9D suffix on the previous email.] Reviewer: Derrell Piper Review result: ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a new version of tracroute designed for multicast. In the multicast environment, traceroute functions in reverse with each router on the path back towards the client adding diagnostic information along the way. This information can be used to diagnose a variety of network problems, including packet loss (congestion) and configuration problems (TTL). The security considerations section discusses a variety of requirements and suggestions for multicast routers and the protocol includes an ADMIN_PROHIB flag which can be used at a border router to prevent multicast traceroute from being able to probe network topology or to perform traffic analysis. This appears to be a useful diagnostic utility and the obvious security concerns seem to have been addressed. nits: page 33, section 9.3 and 9.4 MAY should be capitalized in these two sections. Derrell --Apple-Mail=_830C2323-EE52-42F8-8042-9EF19CC07CFE Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcPdH3FAEATSMj56DLFinjYm9kMIFAlocrJcACgkQLFinjYm9 kMIWVhAAma84dY25L7qizikoRqCC7Xc7+R8qmRkkQL0jeudwWyQ5cUENgnRF8TP1 kh7KneA/NYqAug1gUuSH0e92lhwicQaSDo/eh2BTNZENB4mXYlwcPcOEtXmPaMcr K78gSSeMiTB/gFckNOzD8nATfMXxiDAZ6zvd1o2SQ2yuz+EURPPP6jBZSZ6jqb6S CsTaxV/JsCsfw1+8fSYRY499cKPlxpnGVsJpKHfvjgZduaVKjYWj1LJnKP1Yiets sVYyQkGWfkI91pPLLG2q9UFXlF/NC4IT5MHA88QVDgaOQn75+GQGasrkXD9DzCMy jsRfzboxNdFilZEHVaUzP96gAoh2v8UmkSdFyBxnqJtnaBQUdemRR442aTHcWxdC CWBtmBUmqW/KT06pMCgG5qkotpQ8MLUNl35S9cs/dMZqdeVOO6GV54XFkwi2v6ma ieNk2OW/d93Ks729opkckLd71d0HdPLcFi5BH79fJF6ozHT9FYXPOAhw9p8NewVm qgf2OQv7hauPf/4A8gzKOR6978JYS8JLwimPAAaRGCc889LdeFPMd4qpnN/g194g gQPxeKU5dCUFCF4AdF1gVwkn/qSGS7O2GOWV9VcdH3ZDWG/FzaF5/t4uvrMnsdLu aIpG3z+f3WzNCJAHOsWYNLvY5V0DrxCBzGFTYHNmSA58O95XaDk= =SkTS -----END PGP SIGNATURE----- --Apple-Mail=_830C2323-EE52-42F8-8042-9EF19CC07CFE-- From nobody Tue Nov 28 23:04:30 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4835124C27; Tue, 28 Nov 2017 23:04:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAyM6sMy1PDo; Tue, 28 Nov 2017 23:04:26 -0800 (PST) Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35252124BAC; Tue, 28 Nov 2017 23:04:26 -0800 (PST) Received: by mail-io0-x230.google.com with SMTP id s37so2627145ioe.10; Tue, 28 Nov 2017 23:04:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Ti5RU+im+O4x/W+lAK+C/GJSq66A7R8ns+tuuRgdeFg=; b=jo3M59nhvgzS8QxF5ij8IuIXTxXJaHQmnylRq+qwQ+odTctJNFDzIsvpDc1+fv63bv xoLhXzeHJwnMWkT8WOrTEPckjKi4xXSJuJG4mIpI1poioj3yF2c0U78SxpDdWsZ/kM+9 8qPS0kkkse4mU4F5jgYUT4qZEQqbqe9efxlMI114/m6WgQcPo5Tq/TVJDgppnqTdddhP wPI/mTTFAJeFcaTqRpDr1Ws4bde+bUk9QBDE6UPZLGY85C/FyNe/GfnklPaLMxdu/peS PQhGW8fActRfu8fPAtC/vh0iVyxDmqO3S6Gf30hlfHF0loJ8WjPSIG7RQWW2K4ecRChh k7Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Ti5RU+im+O4x/W+lAK+C/GJSq66A7R8ns+tuuRgdeFg=; b=cRN5TGqlpfBxTrHljSSLQrdJ749TwFcIQcwQp1hiTA79uwUtPr+sjZndi6oWekoKYu fcZkXQqB1EQBYmOvC8qHWuCVSHEcwLUpXuLvqLi8ICavc/d+nqTR76AJ1/SuvAXjW32m Y8q1Avbe3zXp3J3d1FD2B9Y5TnzFFu6FaoCviUs31VbR7fTXLsVcv7ego3HU+78kMgof srGhr0y2v7HdMBk9FPUAWbm2HrRlQFHT7izybSPidFx7rgdQv55l4jUY+vxJHcWN3AiN oLX4hYxOhGsUv5z178klFSUD33Vv2bIPWqhRbAXOSIHFVsWCfnODqsdOVvwMjMVjG6Ql xuuA== X-Gm-Message-State: AJaThX7mbNHEuWcksHN4u9BhBwTColtGE0HGkdmz2C2syBl6SbvnvWb1 LgjMh/6dJA1LxC+ovQIdxfAB5rpdpbjLINeiN5GwOA== X-Google-Smtp-Source: AGs4zMZMyGP9HqKg0pzXy3Kx19PxiEYF6lzLqBs0K+kZO9QMSo7BiTNezijvBS2wbPV2MTZ/pgiT4j+DwTilB4qwQ/k= X-Received: by 10.107.139.18 with SMTP id n18mr2313023iod.193.1511939065400; Tue, 28 Nov 2017 23:04:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.22.131 with HTTP; Tue, 28 Nov 2017 23:04:24 -0800 (PST) From: Radia Perlman Date: Tue, 28 Nov 2017 23:04:24 -0800 Message-ID: To: "secdir@ietf.org" , The IESG , draft-ietf-i2rs-yang-network-topo.all@tools.ietf.org Content-Type: multipart/alternative; boundary="94eb2c055226ea5306055f19be35" Archived-At: Subject: [secdir] Secdir review of draft-ietf-i2rs-yang-network-topo-18 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 07:04:28 -0000 --94eb2c055226ea5306055f19be35 Content-Type: text/plain; charset="UTF-8" Summary: No security issues found I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I am not an expert at the "YANG model". This document introduces a YANG model to represent networks and topologies. As they point out in the security considerations section, if there was no authentication of network management traffic, people could do bad things, but the assumption is that this will run over TLS or SSH. Therefore, no security issues are raised by this document. Radia --94eb2c055226ea5306055f19be35 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Summary:=C2=A0 No securit= y issues found

I have reviewed this document as par= t of the security directorate's ongoing
effort to=C2=A0review=C2=A0all IETF documents being processed by the IESG.=C2=A0 These<= /span>
comme= nts were written primarily for the benefit of the security area
directors.=C2=A0= Document editors and WG chairs should treat these comments just
like any other = last call comments.

<= /span>
I am not an expert at the= "YANG model".=C2=A0 This document introduces a YANG model to rep= resent networks and topologies.=C2=A0 As they point out in the security con= siderations section, if there was no authentication of network management t= raffic, people could do bad things, but the assumption is that this will ru= n over TLS or SSH.=C2=A0 Therefore, no security issues are raised by this d= ocument.

Radia


--94eb2c055226ea5306055f19be35-- From nobody Thu Nov 30 13:30:26 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 67A23127871 for ; Thu, 30 Nov 2017 13:30:24 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <151207742441.25808.3917358001132045476.idtracker@ietfa.amsl.com> Date: Thu, 30 Nov 2017 13:30:24 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2017 21:30:24 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2017-11-30 Reviewer LC end Draft Alan DeKok 2017-10-09 draft-ietf-tsvwg-ieee-802-11-09 Daniel Gillmor 2017-10-17 draft-ietf-sidrops-bgpsec-rollover-03 For telechat 2017-12-14 Reviewer LC end Draft Shaun Cooley 2017-10-11 draft-ietf-grow-bgp-gshut-12 Phillip Hallam-Baker 2017-10-13 draft-ietf-ospf-segment-routing-extensions-22 Catherine Meadows 2017-10-12 draft-ietf-anima-prefix-management-06 Russ Mundy 2017-11-30 draft-ietf-spring-segment-routing-central-epe-07 Hilarie Orman R2017-12-11 draft-ietf-i2rs-yang-l3-topology-13 Yaron Sheffer 2017-12-13 draft-ietf-intarea-probe-07 Takeshi Takahashi R2017-06-30 draft-ietf-spring-oam-usecase-09 Klaas Wierenga R2017-11-30 draft-ietf-stir-certificates-15 For telechat 2018-01-11 Reviewer LC end Draft Sandra Murphy 2017-11-30 draft-ietf-httpbis-origin-frame-04 Tim Polk None draft-ietf-lwig-energy-efficient-08 Vincent Roca None draft-ietf-intarea-broadcast-consider-05 Kyle Rose None draft-ietf-dhc-rfc3315bis-10 Joseph Salowey 2017-12-12 draft-ietf-trill-centralized-replication-10 Rich Salz 2017-12-12 draft-ietf-rtgwg-yang-vrrp-07 Stefan Santesson 2017-12-12 draft-ietf-rtgwg-yang-rip-06 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-08 Daniel Migault 2017-12-08 draft-atarius-dispatch-meid-urn-as-instanceid-05 Matthew Miller 2017-12-08 draft-atarius-dispatch-meid-urn-13 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Rifaat Shekh-Yusef R2017-12-04 draft-mm-wg-effect-encrypt-13 Tina Tsou R2017-06-29 draft-ietf-trill-arp-optimization-09 Tom Yu 2017-02-20 draft-ietf-slim-negotiating-human-language-18 Next in the reviewer rotation: Rifaat Shekh-Yusef Melinda Shore Robert Sparks Takeshi Takahashi Tina Tsou Sean Turner Carl Wallace David Waltermire Samuel Weiler Brian Weis