From nobody Fri Dec 1 07:45:27 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F821293EC; Fri, 1 Dec 2017 07:45:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sh3YRTdtlEB1; Fri, 1 Dec 2017 07:45:24 -0800 (PST) Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09704124B09; Fri, 1 Dec 2017 07:45:19 -0800 (PST) Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id vB1FjI6V005615 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Fri, 1 Dec 2017 10:45:18 -0500 From: Catherine Meadows Content-Type: multipart/alternative; boundary="Apple-Mail=_C93D7A34-9259-45D5-9764-D790B79C9879" Date: Fri, 1 Dec 2017 10:45:18 -0500 Message-Id: <0479ED1E-2A28-4E89-BA8C-58F7FDA35E3A@nrl.navy.mil> To: secdir@ietf.org, iesg@ietf.org, draft-ietf-anima-prefix-management.all@ietf.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) X-CCS-MailScanner: No viruses found. X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email Archived-At: Subject: [secdir] secdir review of draft-ietf-anima-prefix-management-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2017 15:45:26 -0000 --Apple-Mail=_C93D7A34-9259-45D5-9764-D790B79C9879 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I have reviewed this document as part of the security directorate's=20 ongoing effort to review all IETF documents being processed by the=20 IESG. These comments were written primarily for the benefit of the=20 security area directors. Document editors and WG chairs should treat=20 these comments just like any other last call comments This informational draft describes two autonomic technical objectives = for IPV6 prefix management in large-scale networks, with an extension to support IPV4 prefixes. The focus is mainly on edge = nodes, since it is assumed that the network=E2=80=99s main = infrastructure elements already have addresses and prefixes. The main purpose of the = document is to be used for the validation of the=20 (GeneRic Autonomic Signaling Protocol) GRASP in = draft-ietf-anima-grasp-15 and other components of the autonomic = networking infrastructure described in draft-ietf-anima-reference-model-04. =20 The technical objectives have to do with efficient and correct = distribution of prefixes with minimum amount of human involvement.=20 GRASP itself is a generic protocol that enables autonomic nodes to dynamically discover peers, to synchronize state with each = other,and to negotiate parameter settings with each other. The = application described in draft-ietf-anima-prefix-management-06 clearly falls within the = intended application of GRASP. The Security Considerations Section secdir review of = draft-ietf-anima-prefix-management-06 reads as follows: Relevant security issues are discussed in [I-D.ietf-anima-grasp].The = preferred security model is that devices are trusted following the = secure bootstrap procedure [I-D.ietf-anima-bootstrapping-keyinfra] and that a secure = AutonomicControl Plane (ACP) [I-D.ietf-anima-autonomic-control-plane] is = in place. =20 I=E2=80=99ve taken a look at draft-ietf-anima-grasp-15 and it provides = an extensive security considerations section that covers the security = issues involved in using it. I do not see that = draft-ietf-anima-prefix-management-06 introduces any new issues.=20 Draft-ietf-anima-prefix-management-06 is somewhat unusual in that the = documents that it references in the Security Considerations Section are = themselves drafts, not RFCs. So it is possible (although I do not think very likely) that changes in = the referenced drafts could have an effect on the security = considerations of draft-ietf-anima-prefix-management-06. Leaving that concern aside, I = consider this document Ready. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil = --Apple-Mail=_C93D7A34-9259-45D5-9764-D790B79C9879 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
I have reviewed this document = as part of the security directorate's 
ongoing = effort to review all IETF documents being processed by = the 
IESG.  These comments were written = primarily for the benefit of the 
security = area directors.  Document editors and WG chairs should = treat 
these comments just like any other last = call comments

This = informational  draft describes two autonomic technical objectives = for  IPV6  prefix management  in large-scale = networks,
with an extension to support IPV4 prefixes. =  The focus is mainly on edge nodes, since it is assumed that the = network=E2=80=99s main infrastructure
elements = already have addresses and prefixes.  The main purpose of the = document is to be used for the validation of the 
(GeneRic Autonomic Signaling Protocol) GRASP in =  draft-ietf-anima-grasp-15 and other components of the autonomic = networking infrastructure
described in =  draft-ietf-anima-reference-model-04.  
The= technical objectives have to do with efficient and correct distribution = of prefixes with minimum amount of human involvement. 
GRASP itself is  a generic protocol that = enables autonomic
nodes to dynamically discover = peers, to synchronize state with each other,and to negotiate parameter = settings with each other.  The application = described
in = draft-ietf-anima-prefix-management-06 clearly falls within the intended = application of GRASP.



The Security Considerations Section secdir review of = draft-ietf-anima-prefix-management-06 reads as follows:

 Relevant security = issues are discussed in [I-D.ietf-anima-grasp].The preferred security = model is that devices are trusted following the secure bootstrap = procedure
[I-D.ietf-anima-bootstrapping-keyinfra] and = that a secure AutonomicControl Plane (ACP) = [I-D.ietf-anima-autonomic-control-plane] is in place. =  

I=E2=80=99ve taken a look at = draft-ietf-anima-grasp-15 and it provides an extensive security = considerations section that covers the security issues
involved in using it.  I do not see that = draft-ietf-anima-prefix-management-06 introduces any new = issues. 

Draft-ietf-anima-prefix-management-06 is somewhat unusual in = that the documents that it references in the Security Considerations = Section are themselves drafts, not RFCs.
So it is = possible (although I do not think very likely) that changes in the = referenced drafts could have an effect on the security considerations = of
draft-ietf-anima-prefix-management-06. =  Leaving that concern aside, I consider this document = Ready.







Catherine Meadows
Naval Research = Laboratory
Code 5543
4555 Overlook Ave., = S.W.
Washington DC, 20375
phone: = 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil

= --Apple-Mail=_C93D7A34-9259-45D5-9764-D790B79C9879-- From nobody Sat Dec 2 13:35:19 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EEFC128DF2; Sat, 2 Dec 2017 13:35:06 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Yaron Sheffer To: Cc: draft-ietf-intarea-probe.all@ietf.org, int-area@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151225050650.7531.17448190244687268847@ietfa.amsl.com> Date: Sat, 02 Dec 2017 13:35:06 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-ietf-intarea-probe-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Dec 2017 21:35:07 -0000 Reviewer: Yaron Sheffer Review result: Has Issues Summary The Security Considerations section is extensive, given that this is not a major protocol. However I think a few additional security risks should be mentioned, see below. In addition, there are several points where this (arguably uneducated) reader was confused, and which could benefit from additional clarity. Details (security-related) * The probed interface can be identified by an IEEE 802 address (presumably, a MAC address). This is an important detail from a security point of view. Normally you don't expect a remote node to be able to access machines by MAC address, and many firewall deployments enforce access control solely at the IP level. * Similarly, in an IPv4 setting, the proxy can be identified by a routable address, and used to probe a non-routable (RFC 1918) address. * "The incoming ICMP Extend Echo Request carries a source address that is not explicitly authorized for the incoming ICMP Extended Echo Request L-bit setting" - this implies a per-node whitelist listing all IP addresses that are allowed to probe it. I don't think we mean seriously to list all the addresses that can ping a given node, so this smells like security theater - sorry. Other Details * Abstract: I think the word "alternatively" should really be "instead" (also in the Introduction). * "The proxy interface resides on a probed node" - this contradicts the previous paragraph that states that either the proxy is on the same node, or it has direct connectivity to it (and is presumably on a different node). * "The probed interface can reside on the probed node or it can be directly connected to the probed node." I'm confused. This contradicts the first paragraph of the Intro: "The probing interface resides on a probing node while the probed interface resides on a probed node." * "encapsulated in an IP header" - shouldn't that be "in an IP packet" (at least for IPv4)? * "Ethernet is running on the probed interface" - is this well-defined? There are numerous 802.* protocols. Do we mean any of them? Or just 802.3? From nobody Sun Dec 3 13:44:54 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 808C51200F1; Sun, 3 Dec 2017 13:44:46 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Rifaat Shekh-Yusef To: Cc: draft-mm-wg-effect-encrypt.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.66.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151233748643.11956.6944236669427009804@ietfa.amsl.com> Date: Sun, 03 Dec 2017 13:44:46 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-mm-wg-effect-encrypt-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Dec 2017 21:44:46 -0000 Reviewer: Rifaat Shekh-Yusef Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This Informational document presents the current security and network management practices used in the industry today. The document indicates that these practices will be impacted by the increased use of encryption, and that new protocols development should take this into consideration and balance that with the need for a manageable network. This seems like a useful document that describes what is being done today, to allow the IETF to make an informed decision on new protocols and balance that with the need for network manageability. I do not read it as an endorsement of any of the practices described in the document. The document does not define any new protocol or mechanism, thus the security consideration section seems appropriate to me. Regards, Rifaat From nobody Tue Dec 5 10:03:26 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E90AD127871; Tue, 5 Dec 2017 10:03:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Kgnjq1BtbgZ; Tue, 5 Dec 2017 10:03:10 -0800 (PST) Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2505C124B0A; Tue, 5 Dec 2017 10:03:10 -0800 (PST) Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vB5HxbMH019658; Tue, 5 Dec 2017 10:03:08 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=ZcYMYKuDlS/E6Ij81+n7BqjWxAfqV3LPzHLAcURySpU=; b=oRHmWx0gsMMQMIfxzFxLXQYk4UF/bjgQ+jrVCJrjff4VkBRpeqEkdII59jIyL8Ux95H4 8Dwg4A/011KNMkHdJ8ywYS0aOxBpoSDtNq/7eIP7VZ15flTkfDDoNnAjBMeRNv+eDuMo nEH1Sw8WNAFmhZXpUJ1EH3hfldYDcW6NPiVDONGqAhMCvuXyoO7SqOu77AJGNJ8pGiBL YV4npgd3rSU59hTtVlUORaMI8WQP0881WPFJZ+oFXwRQidmIsCVBRLBW6PoVkoy+TAzU ju25ZVCGYcAoYJpPBTMyIXmLd96lqwu7ztJyhdH3cusmWbC5TV1KXthEO7kHgitkxceY 9Q== Received: from nam02-bl2-obe.outbound.protection.outlook.com (mail-bl2nam02lp0080.outbound.protection.outlook.com [207.46.163.80]) by mx0a-00273201.pphosted.com with ESMTP id 2enxga0bs6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 05 Dec 2017 10:03:08 -0800 Received: from BLUPR0501MB2051.namprd05.prod.outlook.com (10.164.23.21) by BLUPR0501MB2052.namprd05.prod.outlook.com (10.164.23.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.2; Tue, 5 Dec 2017 18:03:05 +0000 Received: from BLUPR0501MB2051.namprd05.prod.outlook.com ([10.164.23.21]) by BLUPR0501MB2051.namprd05.prod.outlook.com ([10.164.23.21]) with mapi id 15.20.0302.007; Tue, 5 Dec 2017 18:03:05 +0000 From: Ron Bonica To: Yaron Sheffer , "secdir@ietf.org" CC: "draft-ietf-intarea-probe.all@ietf.org" , "int-area@ietf.org" , "ietf@ietf.org" Thread-Topic: Secdir telechat review of draft-ietf-intarea-probe-07 Thread-Index: AQHTa7VvnuF2paEY9kqKfeMjXKekD6M1CYMg Date: Tue, 5 Dec 2017 18:03:05 +0000 Message-ID: References: <151225050650.7531.17448190244687268847@ietfa.amsl.com> In-Reply-To: <151225050650.7531.17448190244687268847@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.241.12] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BLUPR0501MB2052; 6:ZdDIfy4hfoinRuTP/dsIViLquDf00Wo3bDCzF0WvwqAEGcoyUkz+SX4vl6Jmguh5WtCGUIUwEvZE+BF4qMUM5z4Ny89Jmf78H2eVuWLi72zEeiS2fVsfFQ5UZPJtqR5nyWAYh81WbS86WzX19AymsKAAul1NcLy1xtovQFskinYEn+dy1uU7bGSVb+YQ0E63+vPrDE8RzpNa3pwifpD89X9OtbhkjeQFnWQR0NbVxfypAt1ZJp3IpgbY0CELQ32CdLqw8oNObBulyYkPvSwHd7veuq+dTcbE7eRR0Z+pjqs0LQt0VVP9mOUIUmgxnPJBdeUFigIUXgPYIuYCxKmKD1+Cfr/JRHC95lpJ41Yog/I=; 5:bJTuxwwnnWS+VkfwPUvNRGShJW15xUDj7v+FSiaKzAksG3Huxe1KmFPfDJTO9bK4hwtjoX53EKYG+hf+Hl5PUiLj3BaQVtTZPVHMFTHTMIqK/9Rf8T5By8OcVmeIEnKPUOFt/IvcXiZEuebNL/by04cN1X1vgmsw+7cdBVOsrxI=; 24:eEKCmLTGrw4WfKO2AlQH7a3mq2lsK6mhe0vHPO3ns9iWuQRS8guJ+/HiP6a+d1fqeziBeBBStmRHNGzacbZGhMzOfkSdvmGDeMPFnJTX7iU=; 7:64tyum13kdOshkxZzg6xnC/YiawSDK9Iusenxp4eubltcHG9wEMcNhPwqRc5JEil/131lq/RHTf59Nh0dDR4DHh18cem2sM32CBWYx86q4f3YGBW4ukLeiwu2ZSPtZ4a2/LQzPXXhKm17xwMECy5P/lB6Ddov03LLT2lMB1Zp4/QJhAB81T45NGj8U0xntCw3WkYWSpyEWbd9XKKAhnbxZBTsaKev8RiFsYiwzGMtuKSNhgV2egdilYVWMBuV4wW x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: b1263a43-ca68-40ce-3b0e-08d53c0a6f4e x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286); SRVR:BLUPR0501MB2052; x-ms-traffictypediagnostic: BLUPR0501MB2052: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(3231022)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123558100)(20161123562025)(20161123564025)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BLUPR0501MB2052; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:BLUPR0501MB2052; x-forefront-prvs: 0512CC5201 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(346002)(366004)(13464003)(51914003)(189003)(199004)(102836003)(316002)(97736004)(6116002)(33656002)(7736002)(6436002)(305945005)(6506006)(5660300001)(9686003)(55016002)(53936002)(77096006)(25786009)(99286004)(110136005)(106356001)(74316002)(4326008)(3846002)(68736007)(3660700001)(2900100001)(105586002)(229853002)(54906003)(101416001)(6246003)(39060400002)(2501003)(2906002)(2950100002)(7696005)(14454004)(76176011)(66066001)(8676002)(230783001)(86362001)(8936002)(81156014)(81166006)(3280700002)(478600001)(53546010); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR0501MB2052; H:BLUPR0501MB2051.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-Network-Message-Id: b1263a43-ca68-40ce-3b0e-08d53c0a6f4e X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Dec 2017 18:03:05.6280 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0501MB2052 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-12-05_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1712050259 Archived-At: Subject: Re: [secdir] Secdir telechat review of draft-ietf-intarea-probe-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Dec 2017 18:03:12 -0000 SGVsbG8gWWFyb24sDQoNClRoYW5rcyBmb3IgdGhlIHRob3VnaHRmdWwgcmV2aWV3LiBSZXNwb25z ZXMgaW5saW5lLi4uLi4uDQoNCiAgICAgICAgICAgICAgICAgICAgICAgICBSb24NCg0KPiAtLS0t LU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBZYXJvbiBTaGVmZmVyIFttYWlsdG86eWFy b25mLmlldGZAZ21haWwuY29tXQ0KPiBTZW50OiBTYXR1cmRheSwgRGVjZW1iZXIgMiwgMjAxNyA0 OjM1IFBNDQo+IFRvOiBzZWNkaXJAaWV0Zi5vcmcNCj4gQ2M6IGRyYWZ0LWlldGYtaW50YXJlYS1w cm9iZS5hbGxAaWV0Zi5vcmc7IGludC1hcmVhQGlldGYub3JnOyBpZXRmQGlldGYub3JnDQo+IFN1 YmplY3Q6IFNlY2RpciB0ZWxlY2hhdCByZXZpZXcgb2YgZHJhZnQtaWV0Zi1pbnRhcmVhLXByb2Jl LTA3DQo+IA0KPiBSZXZpZXdlcjogWWFyb24gU2hlZmZlcg0KPiBSZXZpZXcgcmVzdWx0OiBIYXMg SXNzdWVzDQo+IA0KPiBTdW1tYXJ5DQo+IA0KPiBUaGUgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMg c2VjdGlvbiBpcyBleHRlbnNpdmUsIGdpdmVuIHRoYXQgdGhpcyBpcyBub3QgYSBtYWpvcg0KPiBw cm90b2NvbC4gSG93ZXZlciBJIHRoaW5rIGEgZmV3IGFkZGl0aW9uYWwgc2VjdXJpdHkgcmlza3Mg c2hvdWxkIGJlDQo+IG1lbnRpb25lZCwgc2VlIGJlbG93LiBJbiBhZGRpdGlvbiwgdGhlcmUgYXJl IHNldmVyYWwgcG9pbnRzIHdoZXJlIHRoaXMNCj4gKGFyZ3VhYmx5IHVuZWR1Y2F0ZWQpIHJlYWRl ciB3YXMgY29uZnVzZWQsIGFuZCB3aGljaCBjb3VsZCBiZW5lZml0IGZyb20NCj4gYWRkaXRpb25h bCBjbGFyaXR5Lg0KPiANCj4gRGV0YWlscyAoc2VjdXJpdHktcmVsYXRlZCkNCj4gDQo+ICogVGhl IHByb2JlZCBpbnRlcmZhY2UgY2FuIGJlIGlkZW50aWZpZWQgYnkgYW4gSUVFRSA4MDIgYWRkcmVz cyAocHJlc3VtYWJseSwNCj4gYSBNQUMgYWRkcmVzcykuIFRoaXMgaXMgYW4gaW1wb3J0YW50IGRl dGFpbCBmcm9tIGEgc2VjdXJpdHkgcG9pbnQgb2Ygdmlldy4NCj4gTm9ybWFsbHkgeW91IGRvbid0 IGV4cGVjdCBhIHJlbW90ZSBub2RlIHRvIGJlIGFibGUgdG8gYWNjZXNzIG1hY2hpbmVzIGJ5DQo+ IE1BQyBhZGRyZXNzLCBhbmQgbWFueSBmaXJld2FsbCBkZXBsb3ltZW50cyBlbmZvcmNlIGFjY2Vz cyBjb250cm9sIHNvbGVseQ0KPiBhdCB0aGUgSVAgbGV2ZWwuICogU2ltaWxhcmx5LCBpbiBhbiBJ UHY0IHNldHRpbmcsIHRoZSBwcm94eSBjYW4gYmUgaWRlbnRpZmllZCBieSBhDQo+IHJvdXRhYmxl IGFkZHJlc3MsIGFuZCB1c2VkIHRvIHByb2JlIGEgbm9uLXJvdXRhYmxlIChSRkMgMTkxOCkgYWRk cmVzcy4gKg0KPiAiVGhlIGluY29taW5nIElDTVAgRXh0ZW5kIEVjaG8gUmVxdWVzdCBjYXJyaWVz IGEgc291cmNlIGFkZHJlc3MgdGhhdCBpcyBub3QNCj4gZXhwbGljaXRseSBhdXRob3JpemVkIGZv ciB0aGUgaW5jb21pbmcgSUNNUCBFeHRlbmRlZCBFY2hvIFJlcXVlc3QgTC1iaXQNCj4gc2V0dGlu ZyIgLSB0aGlzIGltcGxpZXMgYSBwZXItbm9kZSB3aGl0ZWxpc3QgbGlzdGluZyBhbGwgSVAgYWRk cmVzc2VzIHRoYXQgYXJlDQo+IGFsbG93ZWQgdG8gcHJvYmUgaXQuIEkgZG9uJ3QgdGhpbmsgd2Ug bWVhbiBzZXJpb3VzbHkgdG8gbGlzdCBhbGwgdGhlIGFkZHJlc3Nlcw0KPiB0aGF0IGNhbiBwaW5n IGEgZ2l2ZW4gbm9kZSwgc28gdGhpcyBzbWVsbHMgbGlrZSBzZWN1cml0eSB0aGVhdGVyIC0gc29y cnkuDQo+IA0KW1JCIF0gDQpJIGFncmVlIHdpdGggYWxsIG9mIHRoZSBwb2ludHMgdGhhdCB5b3Ug cmFpc2UgYWJvdmUsIGV4Y2VwdCBmb3IgdGhlIHBhcnQgYWJvdXQgd2hpdGUgbGlzdGluZy4gVGhp cyBpc24ndCBzZWN1cml0eSB0aGVhdGVyLiBJdCdzIHJlYWwuDQoNCkZvciB0aGUgbW9zdCBwYXJ0 LCAgaG9zdHMgd2lsbCBzdGljayB3aXRoIHRoZSBkZWZhdWx0IFBST0JFIGNvbmZpZ3VyYXRpb24u IFRoYXQgaXMsIHRoZXkgd29uJ3QgaG9ub3IgYW4gSUNNUCBFeHRlbmRlZCBFY2hvIFJlcXVlc3Qg b2YgYW55IHR5cGUgZnJvbSBhbnkgc291cmNlLg0KDQpBIGdvb2QgbnVtYmVyIG9mIG5ldHdvcmsg b3BlcmF0b3JzIHdpbGwgZW5hYmxlIFBST0JFIG9uIHRoZWlyIHJvdXRlcnMsIGJ1dCBmb3IgdGhl IHJlYXNvbnMgdGhhdCB5b3UgcG9pbnQgb3V0IGFib3ZlLCB0aGV5IHdvbid0IHdhbnQgdGhlaXIg cm91dGVycyBiZWluZyBwcm9iZWQgZnJvbSB1bnRydXN0ZWQgc3VibmV0d29ya3MuIFRoZXkgd2ls bCBwcm9iYWJseSByZXN0cmljdCBwcm9iZSBhY2Nlc3MgdG8gYSBmZXcgdHJ1c3RlZCBzdWJuZXRz IHRoYXQgYXJlIHdpdGhpbiB0aGVpciBhZG1pbmlzdHJhdGl2ZSBkb21haW4gKGUuZy4sIHRoZSBO T0MsIG5ldHdvcmsgY29udHJvbGxlcnMpLg0KDQpJIGRvdWJ0IGlmIGFueW9uZSB3aWxsIGV4cG9z ZSB0aGVpciByb3V0ZXJzIHRvIFBST0JJTkcgZnJvbSBhbGwgcG9pbnRzIG9uIHRoZSBJbnRlcm5l dC4NCiANCj4gT3RoZXIgRGV0YWlscw0KPiANCj4gKiBBYnN0cmFjdDogSSB0aGluayB0aGUgd29y ZCAiYWx0ZXJuYXRpdmVseSIgc2hvdWxkIHJlYWxseSBiZSAiaW5zdGVhZCIgKGFsc28gaW4NCj4g dGhlIEludHJvZHVjdGlvbikuIA0KW1JCIF0gDQpJIGNhbiBmaXggdGhhdCBpbiB0aGUgbmV4dCB2 ZXJzaW9uDQoNCiogIlRoZSBwcm94eSBpbnRlcmZhY2UgcmVzaWRlcyBvbiBhIHByb2JlZCBub2Rl IiAtIHRoaXMNCj4gY29udHJhZGljdHMgdGhlIHByZXZpb3VzIHBhcmFncmFwaCB0aGF0IHN0YXRl cyB0aGF0IGVpdGhlciB0aGUgcHJveHkgaXMgb24gdGhlDQo+IHNhbWUgbm9kZSwgb3IgaXQgaGFz IGRpcmVjdCBjb25uZWN0aXZpdHkgdG8gaXQgKGFuZCBpcyBwcmVzdW1hYmx5IG9uIGEgZGlmZmVy ZW50DQo+IG5vZGUpLiANCltSQiBdIA0KSm9lbCBIYWxwZXJuIHJhaXNlZCB0aGUgc2FtZSBwb2lu dCBpbiBoaXMgcmV2aWV3LiBJbiB0aGUgbmV4dCB2ZXJzaW9uLCB0aGUgcHJvYmVkIG5vZGUgd2ls bCBiZSBjYWxsZWQgdGhlIHByb3h5IG5vZGUuDQoNCiogIlRoZSBwcm9iZWQgaW50ZXJmYWNlIGNh biByZXNpZGUgb24gdGhlIHByb2JlZCBub2RlIG9yIGl0IGNhbiBiZQ0KPiBkaXJlY3RseSBjb25u ZWN0ZWQgdG8gdGhlIHByb2JlZCBub2RlLiIgSSdtIGNvbmZ1c2VkLiBUaGlzIGNvbnRyYWRpY3Rz IHRoZQ0KPiBmaXJzdCBwYXJhZ3JhcGggb2YgdGhlIEludHJvOiAiVGhlIHByb2JpbmcgaW50ZXJm YWNlIHJlc2lkZXMgb24gYSBwcm9iaW5nIG5vZGUNCj4gd2hpbGUgdGhlIHByb2JlZCBpbnRlcmZh Y2UgcmVzaWRlcyBvbiBhIHByb2JlZCBub2RlLiINCltSQiBdIA0KU2FtZSBmaXggYXMgYWJvdmUN Cg0KICoNCiJlbmNhcHN1bGF0ZWQgaW4gYW4NCj4gSVAgaGVhZGVyIiAtIHNob3VsZG4ndCB0aGF0 IGJlICJpbiBhbiBJUCBwYWNrZXQiIChhdCBsZWFzdCBmb3IgSVB2NCk/IA0KW1JCIF0gDQpJIHdp bGwgY2hlY2sgUkZDIDc5MiBhbmQgdXNlIHdoYXRldmVyIHdvcmRzIHRoZXkgdXNlZA0KKg0KPiAi RXRoZXJuZXQgaXMgcnVubmluZyBvbiB0aGUgcHJvYmVkIGludGVyZmFjZSIgLSBpcyB0aGlzIHdl bGwtZGVmaW5lZD8gVGhlcmUNCj4gYXJlIG51bWVyb3VzIDgwMi4qIHByb3RvY29scy4gRG8gd2Ug bWVhbiBhbnkgb2YgdGhlbT8gT3IganVzdCA4MDIuMz8NCj4gDQpbUkIgXSANCkpvZWwgSGFscGVy biByYWlzZWQgdGhlIHNhbWUgaXNzdWUgaW4gaGlzIHJldmlldy4gV2Ugd2lsbCByZW5hbWUgdGhp cyBiaXQgdG8gaW5kaWNhdGUgdGhhdCBpdCBpcyBhIFBzZXVkb3dpcmUgZW5kcG9pbnQsIHdpdGhv dXQgbWVudGlvbmluZyB3aGF0IGtpbmQgb2YgUFcgZW5kcG9pbnQgaXQgaXMuDQoNCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgUm9uDQoNCg0K From nobody Tue Dec 5 10:59:50 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 59460129649; Tue, 5 Dec 2017 10:59:42 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Rich Salz To: Cc: draft-ietf-rtgwg-yang-vrrp.all@ietf.org, ietf@ietf.org, rtgwg@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.67.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151250038233.23003.7660980675190435187@ietfa.amsl.com> Date: Tue, 05 Dec 2017 10:59:42 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-rtgwg-yang-vrrp-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Dec 2017 18:59:42 -0000 Reviewer: Rich Salz Review result: Ready I did this review for the Security Directorate (SECDIR) to help the Security AD's. This document is ready. Section 1.2 gives an augmented diagram syntax; is that common? Should it be added to "yang proper"? The security considerations is short and to the point. This document describes a data model, so the security considerations properly point call out requirements on any transport mechanism used. Calling out particularly vulnerable nodes is good practice. Perhaps add a sentence saying that "implemented should review all the nodes for security concerns" might be useful. From nobody Wed Dec 6 02:45:11 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D641212969E; Wed, 6 Dec 2017 02:45:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.951 X-Spam-Level: X-Spam-Status: No, score=-0.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5oFFWBHmGVQJ; Wed, 6 Dec 2017 02:45:00 -0800 (PST) Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31BD11279E5; Wed, 6 Dec 2017 02:45:00 -0800 (PST) Received: by mail-pg0-x22f.google.com with SMTP id j4so2028432pgp.1; Wed, 06 Dec 2017 02:45:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=v7RNXADvPuPt8t1HxAJZbOgVFQYC6L2ecpZmFgXQ5Ms=; b=FZb+bwWVlhEiJejPGfBF2eyth57NG+hFhwxeWeXgbuuJxzs688jjfdWi3o9aTclP79 fYfIiDmNnL3RFTf5OlmPxumOH6m+n6v3wjIzvyGTLFLuW/jztK7n4HGlbTwBWMA7x+sH YwFjzmnxZLIf38rXKGp2mDSa4WgSFxTawoBES2dIinL/ducK7pPIQYUsrb6bdSqo+0OO bMNSmimSeLA0e59aMUVxTm6ysvfesEU3hCRZka/LFQFxwYO50MmAotRcwPX50H8lv05w eOZetVWjlkIM+9L/inVebBCY0oE1Ve5XrI92KV3TzBr970VVV45UC7ATOZ6VWVTC2UhM SxNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=v7RNXADvPuPt8t1HxAJZbOgVFQYC6L2ecpZmFgXQ5Ms=; b=BD78jiE+rlQ0yJschLRJJO0VoQI3mWhZcl6n2agKbXU6pYIRUnWQtjWkh5kqnK7mdf UPTLYvnw00vjjVNw59q/zvaSdMkKpsU9btkeQaCnwzNMPrQdYZ8C9GNe548wEtQKnp1X B39M5UKfvzCJb8RWriGRkxo1I3Z13e3XBm0S0Q1ltpLhKoTYCn38sV5hB6XrVSRvshUT pHd9Cnsx/2Cwo5VsRgRT7no7rleDTGUSme1pKLTmAB98pWan5w9Ld+pNqR08P7CVj8Ko PXoiKgEK2bvA45XmMcO9QQyEiiMSvwdQTsM776/Kyi7idU0EszyPKwBpZ6QAR9jXtym1 tlLg== X-Gm-Message-State: AKGB3mI7AOuviWQ1x5INsqzK5IOJXTJsN3PhPSbD6JXds92XCvhP5Ljg IvleX33lXekmE05EcaWSeAVlh87n X-Google-Smtp-Source: AGs4zMZab94n+msYFhYwEdoF5GzmpYi7cur1O8u6h2VTsCSk0hgF0uEeOrwu0QX6/V9GAknHGclFOg== X-Received: by 10.98.150.221 with SMTP id s90mr2303462pfk.151.1512557099424; Wed, 06 Dec 2017 02:44:59 -0800 (PST) Received: from [172.19.249.8] ([104.153.224.169]) by smtp.gmail.com with ESMTPSA id t202sm3489857pgb.75.2017.12.06.02.44.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Dec 2017 02:44:58 -0800 (PST) To: Ron Bonica , "secdir@ietf.org" Cc: "draft-ietf-intarea-probe.all@ietf.org" , "int-area@ietf.org" , "ietf@ietf.org" References: <151225050650.7531.17448190244687268847@ietfa.amsl.com> From: Yaron Sheffer Message-ID: <925c8acc-b3c4-fed5-6cc4-055b945975b8@gmail.com> Date: Wed, 6 Dec 2017 00:40:41 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [secdir] Secdir telechat review of draft-ietf-intarea-probe-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2017 10:45:02 -0000 Hi Ron, Thanks for putting me right about the expected use case. Please consider including these paragraphs more or less as-is in the security considerations. While informal, they give the reader a good idea how to use this facility securely. Regards, Yaron On 05/12/17 20:03, Ron Bonica wrote: > Hello Yaron, > > Thanks for the thoughtful review. Responses inline...... > > Ron > >> -----Original Message----- >> From: Yaron Sheffer [mailto:yaronf.ietf@gmail.com] >> Sent: Saturday, December 2, 2017 4:35 PM >> To: secdir@ietf.org >> Cc: draft-ietf-intarea-probe.all@ietf.org; int-area@ietf.org; ietf@ietf.org >> Subject: Secdir telechat review of draft-ietf-intarea-probe-07 >> >> Reviewer: Yaron Sheffer >> Review result: Has Issues >> >> Summary >> >> The Security Considerations section is extensive, given that this is not a major >> protocol. However I think a few additional security risks should be >> mentioned, see below. In addition, there are several points where this >> (arguably uneducated) reader was confused, and which could benefit from >> additional clarity. >> >> Details (security-related) >> >> * The probed interface can be identified by an IEEE 802 address (presumably, >> a MAC address). This is an important detail from a security point of view. >> Normally you don't expect a remote node to be able to access machines by >> MAC address, and many firewall deployments enforce access control solely >> at the IP level. * Similarly, in an IPv4 setting, the proxy can be identified by a >> routable address, and used to probe a non-routable (RFC 1918) address. * >> "The incoming ICMP Extend Echo Request carries a source address that is not >> explicitly authorized for the incoming ICMP Extended Echo Request L-bit >> setting" - this implies a per-node whitelist listing all IP addresses that are >> allowed to probe it. I don't think we mean seriously to list all the addresses >> that can ping a given node, so this smells like security theater - sorry. >> > [RB ] > I agree with all of the points that you raise above, except for the part about white listing. This isn't security theater. It's real. > > For the most part, hosts will stick with the default PROBE configuration. That is, they won't honor an ICMP Extended Echo Request of any type from any source. > > A good number of network operators will enable PROBE on their routers, but for the reasons that you point out above, they won't want their routers being probed from untrusted subnetworks. They will probably restrict probe access to a few trusted subnets that are within their administrative domain (e.g., the NOC, network controllers). > > I doubt if anyone will expose their routers to PROBING from all points on the Internet. > >> Other Details >> >> * Abstract: I think the word "alternatively" should really be "instead" (also in >> the Introduction). > [RB ] > I can fix that in the next version > > * "The proxy interface resides on a probed node" - this >> contradicts the previous paragraph that states that either the proxy is on the >> same node, or it has direct connectivity to it (and is presumably on a different >> node). > [RB ] > Joel Halpern raised the same point in his review. In the next version, the probed node will be called the proxy node. > > * "The probed interface can reside on the probed node or it can be >> directly connected to the probed node." I'm confused. This contradicts the >> first paragraph of the Intro: "The probing interface resides on a probing node >> while the probed interface resides on a probed node." > [RB ] > Same fix as above > > * > "encapsulated in an >> IP header" - shouldn't that be "in an IP packet" (at least for IPv4)? > [RB ] > I will check RFC 792 and use whatever words they used > * >> "Ethernet is running on the probed interface" - is this well-defined? There >> are numerous 802.* protocols. Do we mean any of them? Or just 802.3? >> > [RB ] > Joel Halpern raised the same issue in his review. We will rename this bit to indicate that it is a Pseudowire endpoint, without mentioning what kind of PW endpoint it is. > > Ron > > From nobody Thu Dec 7 05:39:33 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91D4812944A; Thu, 7 Dec 2017 05:39:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.947 X-Spam-Level: X-Spam-Status: No, score=0.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DSufiA2l-Tnv; Thu, 7 Dec 2017 05:39:27 -0800 (PST) Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D1981271FD; Thu, 7 Dec 2017 05:39:27 -0800 (PST) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.177.58.28; From: "Susan Hares" To: "'Radia Perlman'" , , "'The IESG'" , References: In-Reply-To: Date: Thu, 7 Dec 2017 08:39:24 -0500 Message-ID: <003d01d36f60$cc0cf0a0$6426d1e0$@ndzh.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_003E_01D36F36.E3389650" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQIhMX20hsadKmM/n445OaWYEkQ3YqKcXn5A Content-Language: en-us X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-i2rs-yang-network-topo-18 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2017 13:39:29 -0000 This is a multipart message in MIME format. ------=_NextPart_000_003E_01D36F36.E3389650 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Radia: =20 Thank you for the careful review of this document. =20 =20 Susan Hares Shepherd=20 =20 From: Radia Perlman [mailto:radiaperlman@gmail.com]=20 Sent: Wednesday, November 29, 2017 2:04 AM To: secdir@ietf.org; The IESG; = draft-ietf-i2rs-yang-network-topo.all@tools.ietf.org Subject: Secdir review of draft-ietf-i2rs-yang-network-topo-18 =20 Summary: No security issues found =20 I have reviewed this document as part of the security directorate's = ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments = just like any other last call comments. =20 I am not an expert at the "YANG model". This document introduces a YANG = model to represent networks and topologies. As they point out in the = security considerations section, if there was no authentication of = network management traffic, people could do bad things, but the = assumption is that this will run over TLS or SSH. Therefore, no = security issues are raised by this document. =20 Radia =20 =20 ------=_NextPart_000_003E_01D36F36.E3389650 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Radia:

 

Thank you for the careful review of this document.=C2=A0 =

 

Susan Hares

Shepherd

 

From:= = Radia Perlman [mailto:radiaperlman@gmail.com]
Sent: = Wednesday, November 29, 2017 2:04 AM
To: secdir@ietf.org; The = IESG; = draft-ietf-i2rs-yang-network-topo.all@tools.ietf.org
Subject: = Secdir review of = draft-ietf-i2rs-yang-network-topo-18

 

Summary:  No security issues = found

 

I have reviewed this = document as part of the security directorate's ongoing
effort = to review all IETF documents = being processed by the IESG.  These
comments were written = primarily for the benefit of the security area
directors.  = Document editors and WG chairs should treat these comments just
like = any other last call comments.

 

I am not an expert at = the "YANG model".  This document introduces a YANG model = to represent networks and topologies.  As they point out in the = security considerations section, if there was no authentication of = network management traffic, people could do bad things, but the = assumption is that this will run over TLS or SSH.  Therefore, no = security issues are raised by this = document.

 

Radia

 

 

------=_NextPart_000_003E_01D36F36.E3389650-- From nobody Thu Dec 7 18:33:27 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B22D61200F1; Thu, 7 Dec 2017 18:33:24 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Daniel Migault To: Cc: draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.67.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151270040464.5892.16248327802973779967@ietfa.amsl.com> Date: Thu, 07 Dec 2017 18:33:24 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 02:33:25 -0000 Reviewer: Daniel Migault Review result: Ready Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready Some comments / questions: 1. Introduction This specification specifies how the URN namespace reserved for 3GPP2 identities and its NSS for the MEID as specified in draft-atarius- dispatch-meid-urn [8] can be used as an instance-id as specified in RFC 5626 [2] and also as used by RFC 5627 [3]. I think it would be good to have the acronyms (URN, 3GPP2, NSS, MEID) expanded in the introduction section as it is being done in the abstract. 3GPP2 defines High Rate Packet Data (HRPD) with high data rates and it dispenses with the 1x Circuit Switched (1xCS) infrastructure. This means that with HRPD networks, voice calls will need to be conducted using IP and IMS. However, the transition to all IP, SIP based IMS networks worldwide will take a great many years from the time of this writing and mobile devices will need to operate in both IP/SIP/IMS mode and circuit switched mode. This means that calls and sessions will need to be handed over between IP/SIP/IMS mode and circuit switched mode mid-call or mid-session. To achieve this the mobile device needs to be simultaneously attached via both the IP/SIP/IMS domain and the circuit switched domain. I am questioning whether "registered" would not be better appropriated than "attached". My reading of attached is a dual radio case while "register" seems to include the single radio. I might be wrong as well. From nobody Thu Dec 7 21:09:41 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A6D128D3E; Thu, 7 Dec 2017 21:09:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lq_1-qBdvGvl; Thu, 7 Dec 2017 21:09:35 -0800 (PST) Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54363127B57; Thu, 7 Dec 2017 21:09:35 -0800 (PST) Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eNAui-0007GR-Je; Thu, 07 Dec 2017 22:09:32 -0700 Received: from [72.250.219.84] (helo=rumpleteazer.rhmr.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1eNAug-0002Gd-R1; Thu, 07 Dec 2017 22:09:32 -0700 Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vB8596um021144; Thu, 7 Dec 2017 22:09:06 -0700 Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id vB8594b1021139; Thu, 7 Dec 2017 22:09:04 -0700 Date: Thu, 7 Dec 2017 22:09:04 -0700 Message-Id: <201712080509.vB8594b1021139@rumpleteazer.rhmr.com> From: "Hilarie Orman" Reply-To: "Hilarie Orman" To: iesg@ietf.org, secdir@ietf.org Cc: draft-ietf-i2rs-yang-l3-topology-all@tools.ietf.org X-XM-SPF: eid=1eNAug-0002Gd-R1; ; ; mid=<201712080509.vB8594b1021139@rumpleteazer.rhmr.com>; ; ; hst=in02.mta.xmission.com; ; ; ip=72.250.219.84; ; ; frm=hilarie@purplestreak.com; ; ; spf=none X-XM-AID: U2FsdGVkX1+r+ne2LiJ4Ajq0b8aIyJPf X-SA-Exim-Connect-IP: 72.250.219.84 X-SA-Exim-Mail-From: hilarie@purplestreak.com X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ******;iesg@ietf.org, secdir@ietf.org X-Spam-Relay-Country: X-Spam-Timing: total 641 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 2.9 (0.5%), b_tie_ro: 2.1 (0.3%), parse: 0.63 (0.1%), extract_message_metadata: 2.5 (0.4%), get_uri_detail_list: 0.44 (0.1%), tests_pri_-1000: 2.6 (0.4%), tests_pri_-950: 1.22 (0.2%), tests_pri_-900: 1.38 (0.2%), tests_pri_-400: 15 (2.3%), check_bayes: 13 (2.1%), b_tokenize: 4.1 (0.6%), b_tok_get_all: 3.3 (0.5%), b_comp_prob: 1.65 (0.3%), b_tok_touch_all: 2.4 (0.4%), b_finish: 0.77 (0.1%), tests_pri_0: 609 (95.0%), check_dkim_signature: 0.43 (0.1%), check_dkim_adsp: 443 (69.2%), tests_pri_500: 3.4 (0.5%), rewrite_mail: 0.00 (0.0%) X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Archived-At: Subject: [secdir] Security review of draft-ietf-i2rs-yang-l3-topology-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 05:09:36 -0000 Security review of A YANG Data Model for Layer 3 Topologies draft-ietf-i2rs-yang-l3-topology-13.txt Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The security consideration regarding the data model storage and transmission for layer 3 topologies seem to be delineated clearly enough. I call it Ready. Hilarie From nobody Thu Dec 7 22:19:40 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1461D1201F2; Thu, 7 Dec 2017 22:19:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ZySUgBpEh-v; Thu, 7 Dec 2017 22:19:33 -0800 (PST) Received: from out03.mta.xmission.com (out03.mta.xmission.com [166.70.13.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CEF91200C5; Thu, 7 Dec 2017 22:19:33 -0800 (PST) Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eNC0R-0005sJ-QM; Thu, 07 Dec 2017 23:19:31 -0700 Received: from [72.250.219.84] (helo=rumpleteazer.rhmr.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1eNC0Q-0003Jk-Qw; Thu, 07 Dec 2017 23:19:31 -0700 Received: from rumpleteazer.rhmr.com (localhost [127.0.0.1]) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vB86JAqi001459; Thu, 7 Dec 2017 23:19:10 -0700 Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id vB86JAMW001453; Thu, 7 Dec 2017 23:19:10 -0700 Date: Thu, 7 Dec 2017 23:19:10 -0700 Message-Id: <201712080619.vB86JAMW001453@rumpleteazer.rhmr.com> From: "Hilarie Orman" Reply-To: "Hilarie Orman" To: iesg@ietf.org, secdir@ietf.org Cc: draft-ietf-i2rs-yang-l3-topology.all@tools.ietf.org X-XM-SPF: eid=1eNC0Q-0003Jk-Qw; ; ; mid=<201712080619.vB86JAMW001453@rumpleteazer.rhmr.com>; ; ; hst=in02.mta.xmission.com; ; ; ip=72.250.219.84; ; ; frm=hilarie@purplestreak.com; ; ; spf=none X-XM-AID: U2FsdGVkX1/x/mwMPjhO5wal9LOzL5/j X-SA-Exim-Connect-IP: 72.250.219.84 X-SA-Exim-Mail-From: hilarie@purplestreak.com X-Spam-DCC: XMission; sa01 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ******;iesg@ietf.org, secdir@ietf.org X-Spam-Relay-Country: X-Spam-Timing: total 592 ms - load_scoreonly_sql: 0.06 (0.0%), signal_user_changed: 3.3 (0.6%), b_tie_ro: 2.3 (0.4%), parse: 1.04 (0.2%), extract_message_metadata: 4.3 (0.7%), get_uri_detail_list: 0.88 (0.1%), tests_pri_-1000: 4.7 (0.8%), tests_pri_-950: 2.1 (0.4%), tests_pri_-900: 1.71 (0.3%), tests_pri_-400: 21 (3.6%), check_bayes: 19 (3.2%), b_tokenize: 6 (1.1%), b_tok_get_all: 4.3 (0.7%), b_comp_prob: 3.0 (0.5%), b_tok_touch_all: 2.3 (0.4%), b_finish: 0.79 (0.1%), tests_pri_0: 544 (91.8%), check_dkim_signature: 0.81 (0.1%), check_dkim_adsp: 304 (51.4%), tests_pri_500: 6 (1.1%), rewrite_mail: 0.00 (0.0%) X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Archived-At: Subject: [secdir] Security review of draft-ietf-i2rs-yang-l3-topology-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 06:19:35 -0000 (with address correction) Security review of A YANG Data Model for Layer 3 Topologies draft-ietf-i2rs-yang-l3-topology-13.txt Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The security consideration regarding the data model storage and transmission seem to be delineated clearly enough. I call it Ready. Hilarie From nobody Fri Dec 8 09:37:15 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AC251273B1; Fri, 8 Dec 2017 09:37:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.621 X-Spam-Level: X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SE-3c_fsSgGf; Fri, 8 Dec 2017 09:37:12 -0800 (PST) Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DD05120713; Fri, 8 Dec 2017 09:37:11 -0800 (PST) X-Spoof: Received: from xct101cnc.rim.net ([10.65.161.201]) by mhs211cnc.rim.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Dec 2017 12:37:10 -0500 Received: from XMB122CNC.rim.net ([fe80::28c6:fa1c:91c6:2e23]) by XCT101CNC.rim.net ([fe80::9c22:d9c:c906:c488%16]) with mapi id 14.03.0319.002; Fri, 8 Dec 2017 12:37:10 -0500 From: Andrew Allen To: Daniel Migault , "secdir@ietf.org" CC: "draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org" , "ietf@ietf.org" Thread-Topic: Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-05 Thread-Index: AQHTb8ztYiwncQZaBkOg9hPej4gGoaM5tPGg Date: Fri, 8 Dec 2017 17:37:09 +0000 Message-ID: References: <151270040464.5892.16248327802973779967@ietfa.amsl.com> In-Reply-To: <151270040464.5892.16248327802973779967@ietfa.amsl.com> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.65.160.249] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 17:37:15 -0000 RGFuaWVsDQoNCldoZW4gdGFsa2luZyBhYm91dCBTSVAgYW5kIElNUyBSZWdpc3RlcmVkIGhhcyBh IHNwZWNpZmljIGNvbm5vdGF0aW9uIG1lYW5zIFNJUCByZWdpc3RlcmVkLg0KDQpUaGUgaXMgbm8g U0lQIFJlZ2lzdHJhdGlvbiBiZXR3ZWVuIHRoZSBtb2JpbGUgZGV2aWNlIGFuZCB0aGUgQ1MgZG9t YWluIHNvIHVzaW5nIHJlZ2lzdGVyZWQgbWlnaHQgYmUgbWlzbGVhZGluZy4gDQoNCllvdSBhcmUg cmlnaHQgdGhhdCBpbiB0aGUgc2luZ2xlIHJhZGlvIGNhc2UgdGhlIG1vYmlsZSBkZXZpY2UgaXMg bm90IHNpbXVsdGFuZW91c2x5IGF0dGFjaGVkIHRvIGJvdGggdGhlIElNUyBhbmQgQ1MgZG9tYWlu LiBJdCB3b3VsZCBiZSBpbiB0aGUgZHVhbCByYWRpbyBjYXNlLg0KDQpNYXliZSBjaGFuZ2UgdGhh dCBsYXN0IHNlbnRlbmNlIHRvDQoNClRvIGFjaGlldmUgdGhpcyB0aGUgbW9iaWxlIGRldmljZSBu ZWVkcyB0byBjb21tdW5pY2F0ZSB2aWEgYm90aCB0aGUgSVAvU0lQL0lNUyBkb21haW4gYW5kIHRo ZSBjaXJjdWl0IHN3aXRjaGVkIGRvbWFpbi4NCg0KQW5kcmV3DQoNCi0tLS0tT3JpZ2luYWwgTWVz c2FnZS0tLS0tDQpGcm9tOiBEYW5pZWwgTWlnYXVsdCBbbWFpbHRvOmRhbmllbC5taWdhdWx0QGVy aWNzc29uLmNvbV0gDQpTZW50OiBUaHVyc2RheSwgRGVjZW1iZXIgNywgMjAxNyA5OjMzIFBNDQpU bzogc2VjZGlyQGlldGYub3JnDQpDYzogZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1tZWlkLXVybi1h cy1pbnN0YW5jZWlkLmFsbEBpZXRmLm9yZzsgaWV0ZkBpZXRmLm9yZw0KU3ViamVjdDogU2VjZGly IGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1p bnN0YW5jZWlkLTA1DQoNClJldmlld2VyOiBEYW5pZWwgTWlnYXVsdA0KUmV2aWV3IHJlc3VsdDog UmVhZHkNCg0KSGksIA0KDQpJIGhhdmUgcmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9m IHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwg SUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNHLiAgVGhlc2UgY29tbWVu dHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3IgdGhlIGJlbmVmaXQgb2YgdGhlIHNlY3VyaXR5 IGFyZWEgZGlyZWN0b3JzLiAgRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0 cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0IGxpa2UgYW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50 cy4NCg0KVGhlIHN1bW1hcnkgb2YgdGhlIHJldmlldyBpcyBSZWFkeQ0KDQpTb21lIGNvbW1lbnRz IC8gcXVlc3Rpb25zOg0KDQoxLiAgSW50cm9kdWN0aW9uDQoNCiAgIFRoaXMgc3BlY2lmaWNhdGlv biBzcGVjaWZpZXMgaG93IHRoZSBVUk4gbmFtZXNwYWNlIHJlc2VydmVkIGZvciAzR1BQMg0KICAg aWRlbnRpdGllcyBhbmQgaXRzIE5TUyBmb3IgdGhlIE1FSUQgYXMgc3BlY2lmaWVkIGluIGRyYWZ0 LWF0YXJpdXMtDQogICBkaXNwYXRjaC1tZWlkLXVybiBbOF0gY2FuIGJlIHVzZWQgYXMgYW4gaW5z dGFuY2UtaWQgYXMgc3BlY2lmaWVkIGluDQogICBSRkMgNTYyNiBbMl0gYW5kIGFsc28gYXMgdXNl ZCBieSBSRkMgNTYyNyBbM10uDQoNCjxtZ2x0PiBJIHRoaW5rIGl0IHdvdWxkIGJlIGdvb2QgdG8g aGF2ZSB0aGUgYWNyb255bXMgKFVSTiwgM0dQUDIsIE5TUywNCk1FSUQpIGV4cGFuZGVkIGluIHRo ZSBpbnRyb2R1Y3Rpb24gc2VjdGlvbiBhcyBpdCBpcyBiZWluZyBkb25lIGluIHRoZSBhYnN0cmFj dC48L21nbHQ+IA0KDQoNCiAgIDNHUFAyIGRlZmluZXMgSGlnaCBSYXRlIFBhY2tldCBEYXRhIChI UlBEKSB3aXRoIGhpZ2ggZGF0YSByYXRlcyBhbmQNCiAgIGl0IGRpc3BlbnNlcyB3aXRoIHRoZSAx eCBDaXJjdWl0IFN3aXRjaGVkICgxeENTKSBpbmZyYXN0cnVjdHVyZS4NCiAgIFRoaXMgbWVhbnMg dGhhdCB3aXRoIEhSUEQgbmV0d29ya3MsIHZvaWNlIGNhbGxzIHdpbGwgbmVlZCB0byBiZQ0KICAg Y29uZHVjdGVkIHVzaW5nIElQIGFuZCBJTVMuICBIb3dldmVyLCB0aGUgdHJhbnNpdGlvbiB0byBh bGwgSVAsIFNJUA0KICAgYmFzZWQgSU1TIG5ldHdvcmtzIHdvcmxkd2lkZSB3aWxsIHRha2UgYSBn cmVhdCBtYW55IHllYXJzIGZyb20gdGhlDQogICB0aW1lIG9mIHRoaXMgd3JpdGluZyBhbmQgbW9i aWxlIGRldmljZXMgd2lsbCBuZWVkIHRvIG9wZXJhdGUgaW4gYm90aA0KICAgSVAvU0lQL0lNUyBt b2RlIGFuZCBjaXJjdWl0IHN3aXRjaGVkIG1vZGUuICBUaGlzIG1lYW5zIHRoYXQgY2FsbHMgYW5k DQogICBzZXNzaW9ucyB3aWxsIG5lZWQgdG8gYmUgaGFuZGVkIG92ZXIgYmV0d2VlbiBJUC9TSVAv SU1TIG1vZGUgYW5kDQogICBjaXJjdWl0IHN3aXRjaGVkIG1vZGUgbWlkLWNhbGwgb3IgbWlkLXNl c3Npb24uICBUbyBhY2hpZXZlIHRoaXMgdGhlDQogICBtb2JpbGUgZGV2aWNlIG5lZWRzIHRvIGJl IHNpbXVsdGFuZW91c2x5IGF0dGFjaGVkIHZpYSBib3RoIHRoZQ0KICAgSVAvU0lQL0lNUyBkb21h aW4gYW5kIHRoZSBjaXJjdWl0IHN3aXRjaGVkIGRvbWFpbi4NCg0KPG1nbHQ+IEkgYW0gcXVlc3Rp b25pbmcgd2hldGhlciAicmVnaXN0ZXJlZCIgd291bGQgbm90IGJlIGJldHRlciBhcHByb3ByaWF0 ZWQgdGhhbiAiYXR0YWNoZWQiLiBNeSByZWFkaW5nIG9mIGF0dGFjaGVkIGlzIGEgZHVhbCByYWRp byBjYXNlIHdoaWxlICJyZWdpc3RlciIgc2VlbXMgdG8gaW5jbHVkZSB0aGUgc2luZ2xlIHJhZGlv LiANCkkgbWlnaHQgYmUgd3JvbmcgYXMgd2VsbC48L21nbHQ+DQoNCg0KDQoNCg== From nobody Fri Dec 8 09:39:41 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57F041273B1; Fri, 8 Dec 2017 09:39:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ljXH2MDXWWPU; Fri, 8 Dec 2017 09:39:37 -0800 (PST) Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1133C127077; Fri, 8 Dec 2017 09:39:37 -0800 (PST) X-AuditID: c618062d-8d7ff70000004288-b9-5a2ace57a248 Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id F6.44.17032.85ECA2A5; Fri, 8 Dec 2017 18:39:36 +0100 (CET) Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0352.000; Fri, 8 Dec 2017 12:39:35 -0500 From: Daniel Migault To: Andrew Allen , "secdir@ietf.org" CC: "draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org" , "ietf@ietf.org" Thread-Topic: Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-05 Thread-Index: AQHTcEswWEf3/OfoNEiMaHuZjaej1qM5thfA Date: Fri, 8 Dec 2017 17:39:35 +0000 Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118D2234D@eusaamb107.ericsson.se> References: <151270040464.5892.16248327802973779967@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.11] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFLMWRmVeSWpSXmKPExsUyuXRPiG7EOa0og6svRCzuz9vKaPF48WxG i2cb57NYfFj4kMWBxWNWw1p2jyVLfjIFMEVx2aSk5mSWpRbp2yVwZTRt/cRcsEqpYu7cF0wN jDsUuxg5OSQETCRaXzYydjFycQgJHGGU+D/zFwuEswzI6Z/NCFLFJmAk0Xaonx3EFhHwlVj5 5C8zSBGzwCJGiavLHoIlhAWiJP7u2M4EURQt0f3kN5RtJHHw+BE2EJtFQEViwscrYPW8QINe nGtihtjWxChx99kxsAZOAU+JpX2bwWxGATGJ76fWgNnMAuISt57MZ4K4W0BiyZ7zzBC2qMTL x/9YIWwliY+/5wMt4ACq15RYv0sfolVRYkr3Q6i9ghInZz5hmcAoOgvJ1FkIHbOQdMxC0rGA kWUVI0dpcUFObrqRwSZGYIwck2DT3cF4f7rnIUYBDkYlHl6GZK0oIdbEsuLK3EOMEhzMSiK8 XP5AId6UxMqq1KL8+KLSnNTiQ4zSHCxK4rxnPHmjhATSE0tSs1NTC1KLYLJMHJxSDYwxGuli f05NDvvW27rd43n3oac6Doym2T+apk+VcGf3z2Mo3Sj3QuTm2/RPurXNVzW3MB8JP2b2r75o g8HCuudvnyacK1fc/UledK/gptDqIre5n523SVumG3xde+Pmjf9CF8zcoqxffZow99H9vEx+ mY+7UuOtvtssn7Fivt4zBRb/7T1MO9iUWIozEg21mIuKEwH673e8jQIAAA== Archived-At: Subject: Re: [secdir] Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 17:39:39 -0000 VGhhbmtzIHRoZSBhZGRyZXNzZXMgZnVsbHkgbXkgbWlub3IgY29tbWVudC4gDQpZb3VycywgDQpE YW5pZWwNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IEFuZHJldyBBbGxlbiBb bWFpbHRvOmFhbGxlbkBibGFja2JlcnJ5LmNvbV0gDQpTZW50OiBGcmlkYXksIERlY2VtYmVyIDA4 LCAyMDE3IDEyOjM3IFBNDQpUbzogRGFuaWVsIE1pZ2F1bHQgPGRhbmllbC5taWdhdWx0QGVyaWNz c29uLmNvbT47IHNlY2RpckBpZXRmLm9yZw0KQ2M6IGRyYWZ0LWF0YXJpdXMtZGlzcGF0Y2gtbWVp ZC11cm4tYXMtaW5zdGFuY2VpZC5hbGxAaWV0Zi5vcmc7IGlldGZAaWV0Zi5vcmcNClN1YmplY3Q6 IFJFOiBTZWNkaXIgbGFzdCBjYWxsIHJldmlldyBvZiBkcmFmdC1hdGFyaXVzLWRpc3BhdGNoLW1l aWQtdXJuLWFzLWluc3RhbmNlaWQtMDUNCg0KRGFuaWVsDQoNCldoZW4gdGFsa2luZyBhYm91dCBT SVAgYW5kIElNUyBSZWdpc3RlcmVkIGhhcyBhIHNwZWNpZmljIGNvbm5vdGF0aW9uIG1lYW5zIFNJ UCByZWdpc3RlcmVkLg0KDQpUaGUgaXMgbm8gU0lQIFJlZ2lzdHJhdGlvbiBiZXR3ZWVuIHRoZSBt b2JpbGUgZGV2aWNlIGFuZCB0aGUgQ1MgZG9tYWluIHNvIHVzaW5nIHJlZ2lzdGVyZWQgbWlnaHQg YmUgbWlzbGVhZGluZy4gDQoNCllvdSBhcmUgcmlnaHQgdGhhdCBpbiB0aGUgc2luZ2xlIHJhZGlv IGNhc2UgdGhlIG1vYmlsZSBkZXZpY2UgaXMgbm90IHNpbXVsdGFuZW91c2x5IGF0dGFjaGVkIHRv IGJvdGggdGhlIElNUyBhbmQgQ1MgZG9tYWluLiBJdCB3b3VsZCBiZSBpbiB0aGUgZHVhbCByYWRp byBjYXNlLg0KDQpNYXliZSBjaGFuZ2UgdGhhdCBsYXN0IHNlbnRlbmNlIHRvDQoNClRvIGFjaGll dmUgdGhpcyB0aGUgbW9iaWxlIGRldmljZSBuZWVkcyB0byBjb21tdW5pY2F0ZSB2aWEgYm90aCB0 aGUgSVAvU0lQL0lNUyBkb21haW4gYW5kIHRoZSBjaXJjdWl0IHN3aXRjaGVkIGRvbWFpbi4NCg0K QW5kcmV3DQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBEYW5pZWwgTWlnYXVs dCBbbWFpbHRvOmRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbV0gDQpTZW50OiBUaHVyc2RheSwg RGVjZW1iZXIgNywgMjAxNyA5OjMzIFBNDQpUbzogc2VjZGlyQGlldGYub3JnDQpDYzogZHJhZnQt YXRhcml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLmFsbEBpZXRmLm9yZzsgaWV0 ZkBpZXRmLm9yZw0KU3ViamVjdDogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtYXRh cml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLTA1DQoNClJldmlld2VyOiBEYW5p ZWwgTWlnYXVsdA0KUmV2aWV3IHJlc3VsdDogUmVhZHkNCg0KSGksIA0KDQpJIGhhdmUgcmV2aWV3 ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9u Z29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2Vk IGJ5IHRoZSBJRVNHLiAgVGhlc2UgY29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3Ig dGhlIGJlbmVmaXQgb2YgdGhlIHNlY3VyaXR5IGFyZWEgZGlyZWN0b3JzLiAgRG9jdW1lbnQgZWRp dG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0IGxpa2Ug YW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KVGhlIHN1bW1hcnkgb2YgdGhlIHJldmll dyBpcyBSZWFkeQ0KDQpTb21lIGNvbW1lbnRzIC8gcXVlc3Rpb25zOg0KDQoxLiAgSW50cm9kdWN0 aW9uDQoNCiAgIFRoaXMgc3BlY2lmaWNhdGlvbiBzcGVjaWZpZXMgaG93IHRoZSBVUk4gbmFtZXNw YWNlIHJlc2VydmVkIGZvciAzR1BQMg0KICAgaWRlbnRpdGllcyBhbmQgaXRzIE5TUyBmb3IgdGhl IE1FSUQgYXMgc3BlY2lmaWVkIGluIGRyYWZ0LWF0YXJpdXMtDQogICBkaXNwYXRjaC1tZWlkLXVy biBbOF0gY2FuIGJlIHVzZWQgYXMgYW4gaW5zdGFuY2UtaWQgYXMgc3BlY2lmaWVkIGluDQogICBS RkMgNTYyNiBbMl0gYW5kIGFsc28gYXMgdXNlZCBieSBSRkMgNTYyNyBbM10uDQoNCjxtZ2x0PiBJ IHRoaW5rIGl0IHdvdWxkIGJlIGdvb2QgdG8gaGF2ZSB0aGUgYWNyb255bXMgKFVSTiwgM0dQUDIs IE5TUywNCk1FSUQpIGV4cGFuZGVkIGluIHRoZSBpbnRyb2R1Y3Rpb24gc2VjdGlvbiBhcyBpdCBp cyBiZWluZyBkb25lIGluIHRoZSBhYnN0cmFjdC48L21nbHQ+IA0KDQoNCiAgIDNHUFAyIGRlZmlu ZXMgSGlnaCBSYXRlIFBhY2tldCBEYXRhIChIUlBEKSB3aXRoIGhpZ2ggZGF0YSByYXRlcyBhbmQN CiAgIGl0IGRpc3BlbnNlcyB3aXRoIHRoZSAxeCBDaXJjdWl0IFN3aXRjaGVkICgxeENTKSBpbmZy YXN0cnVjdHVyZS4NCiAgIFRoaXMgbWVhbnMgdGhhdCB3aXRoIEhSUEQgbmV0d29ya3MsIHZvaWNl IGNhbGxzIHdpbGwgbmVlZCB0byBiZQ0KICAgY29uZHVjdGVkIHVzaW5nIElQIGFuZCBJTVMuICBI b3dldmVyLCB0aGUgdHJhbnNpdGlvbiB0byBhbGwgSVAsIFNJUA0KICAgYmFzZWQgSU1TIG5ldHdv cmtzIHdvcmxkd2lkZSB3aWxsIHRha2UgYSBncmVhdCBtYW55IHllYXJzIGZyb20gdGhlDQogICB0 aW1lIG9mIHRoaXMgd3JpdGluZyBhbmQgbW9iaWxlIGRldmljZXMgd2lsbCBuZWVkIHRvIG9wZXJh dGUgaW4gYm90aA0KICAgSVAvU0lQL0lNUyBtb2RlIGFuZCBjaXJjdWl0IHN3aXRjaGVkIG1vZGUu ICBUaGlzIG1lYW5zIHRoYXQgY2FsbHMgYW5kDQogICBzZXNzaW9ucyB3aWxsIG5lZWQgdG8gYmUg aGFuZGVkIG92ZXIgYmV0d2VlbiBJUC9TSVAvSU1TIG1vZGUgYW5kDQogICBjaXJjdWl0IHN3aXRj aGVkIG1vZGUgbWlkLWNhbGwgb3IgbWlkLXNlc3Npb24uICBUbyBhY2hpZXZlIHRoaXMgdGhlDQog ICBtb2JpbGUgZGV2aWNlIG5lZWRzIHRvIGJlIHNpbXVsdGFuZW91c2x5IGF0dGFjaGVkIHZpYSBi b3RoIHRoZQ0KICAgSVAvU0lQL0lNUyBkb21haW4gYW5kIHRoZSBjaXJjdWl0IHN3aXRjaGVkIGRv bWFpbi4NCg0KPG1nbHQ+IEkgYW0gcXVlc3Rpb25pbmcgd2hldGhlciAicmVnaXN0ZXJlZCIgd291 bGQgbm90IGJlIGJldHRlciBhcHByb3ByaWF0ZWQgdGhhbiAiYXR0YWNoZWQiLiBNeSByZWFkaW5n IG9mIGF0dGFjaGVkIGlzIGEgZHVhbCByYWRpbyBjYXNlIHdoaWxlICJyZWdpc3RlciIgc2VlbXMg dG8gaW5jbHVkZSB0aGUgc2luZ2xlIHJhZGlvLiANCkkgbWlnaHQgYmUgd3JvbmcgYXMgd2VsbC48 L21nbHQ+DQoNCg0KDQoNCg== From nobody Sat Dec 9 08:01:39 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D958C126B7F for ; Sat, 9 Dec 2017 08:01:37 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.67.0 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <151283529788.24666.15835416370476970873.idtracker@ietfa.amsl.com> Date: Sat, 09 Dec 2017 08:01:37 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Dec 2017 16:01:38 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2017-12-14 Reviewer LC end Draft Shaun Cooley 2017-10-11 draft-ietf-grow-bgp-gshut-12 Phillip Hallam-Baker 2017-10-13 draft-ietf-ospf-segment-routing-extensions-22 Russ Mundy 2017-11-30 draft-ietf-spring-segment-routing-central-epe-07 Takeshi Takahashi R2017-06-30 draft-ietf-spring-oam-usecase-09 Klaas Wierenga R2017-11-30 draft-ietf-stir-certificates-15 For telechat 2018-01-11 Reviewer LC end Draft Sandra Murphy 2017-11-30 draft-ietf-httpbis-origin-frame-04 Tim Polk None draft-ietf-lwig-energy-efficient-08 Vincent Roca None draft-ietf-intarea-broadcast-consider-05 Kyle Rose None draft-ietf-dhc-rfc3315bis-10 Joseph Salowey 2017-12-12 draft-ietf-trill-centralized-replication-10 Stefan Santesson 2017-12-12 draft-ietf-rtgwg-yang-rip-06 Rifaat Shekh-Yusef 2018-01-02 draft-housley-id-sig-update-02 Melinda Shore 2017-12-22 draft-ietf-pim-yang-12 Robert Sparks 2017-12-22 draft-ietf-bess-evpn-overlay-10 Takeshi Takahashi 2017-12-14 draft-ietf-spring-segment-routing-msdc-06 Tom Yu 2017-12-22 draft-ietf-slim-negotiating-human-language-19 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-08 Matthew Miller 2017-12-08 draft-atarius-dispatch-meid-urn-13 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Tina Tsou R2017-06-29 draft-ietf-trill-arp-optimization-09 Next in the reviewer rotation: Tina Tsou Sean Turner Carl Wallace David Waltermire Samuel Weiler Brian Weis Klaas Wierenga Paul Wouters Liang Xia Tom Yu From nobody Sun Dec 10 13:32:44 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 99DE81241F5; Sun, 10 Dec 2017 13:32:37 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Joseph Salowey To: Cc: trill@ietf.org, iesg@ietf.org, draft-ietf-trill-centralized-replication.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.67.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151294155757.21877.6840749517796253347@ietfa.amsl.com> Date: Sun, 10 Dec 2017 13:32:37 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-trill-centralized-replication-10 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2017 21:32:37 -0000 Reviewer: Joseph Salowey Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Document is ready with issues. I think the document has appropriate security considerations. One issue I see in the document is that in the intro it states: "The basic idea is that all ingress RBridges send BUM traffic to a centralized node, which SHOULD be a distribution tree root, using unicast TRILL encapsulation." In section 3 it states : "The centralized node MUST be a distribution tree root." The MUST and SHOULD seem to be at odds here. From nobody Mon Dec 11 23:52:23 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3494C12941C; Mon, 11 Dec 2017 23:52:17 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Takeshi Takahashi To: Cc: spring@ietf.org, ietf@ietf.org, draft-ietf-spring-oam-usecase.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.67.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151306513713.20438.3742368041842215985@ietfa.amsl.com> Date: Mon, 11 Dec 2017 23:52:17 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-ietf-spring-oam-usecase-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 07:52:17 -0000 Reviewer: Takeshi Takahashi Review result: Has Nits The issues I have here are very minor. The security consideration section became better than the 06 version that I have reviewed before, but I hope the editors could be kind enough to help reader understand security situation better. Minor comments: Regarding this sentence "but it can be used to compromse security in the cse of external IP domains", what do you mean by "compromise security"? It would be nice if you could describe what kind of security compromise may happen in order for the readers to understand the threats more vividly. Editorial comments: 1. LDP had better be spelled out. 2. "skilled personal": could it be "skilled personnel"? 3. This sentence "As it is necessary to know that the information is stale is order to follow the instruction, as is the case with for example convergence events that may be ongoing at the time of diagnostic measurement." is not easy to understand ofr me. I see some typo in this sentence as well. From nobody Tue Dec 12 08:57:41 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 572C61294B9; Tue, 12 Dec 2017 08:57:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.519 X-Spam-Level: X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yf3aOESNsnpI; Tue, 12 Dec 2017 08:57:37 -0800 (PST) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9050F1200FC; Tue, 12 Dec 2017 08:57:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6202; q=dns/txt; s=iport; t=1513097857; x=1514307457; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=2/XfC+C52t7km8eThN+2DP607S+2h0/Wy8EXhYwLYEU=; b=eBBo+IFiyVAYYST1ImMdzy+rbFndutOaTu+dvZxuY1FJLHf/aLIeRXZi eQicKuoAimbv/NrZ8zij0zbbyGo8EIGj6CC2MBdQFPrE95WvA6c655SVt A7ZEcPuaQQClZ64NbVLg2P+a5n49Vbl8quR9/8iXglvjsuEw+q/omhz76 E=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A7AQBeCTBa/4YNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYM+gVonB4N7iiGPAoFXkWqFTYIVCoU7AhqEbj8YAQEBAQEBAQE?= =?us-ascii?q?BayiFJAYjVhACAQgEOwMCAgIwFBECBA4FiURkqHSCJ4pwAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBHYNjgguBVoISC4J3gy+FAzGCMgWZTolJAotqiTqTZ5Y3AhEZAYE?= =?us-ascii?q?6AR85gU5vFWQBgX6EVXiJNIEVAQEB?= X-IronPort-AV: E=Sophos;i="5.45,395,1508803200"; d="scan'208,217";a="329666205" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 12 Dec 2017 16:57:36 +0000 Received: from XCH-RTP-020.cisco.com (xch-rtp-020.cisco.com [64.101.220.160]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id vBCGvacQ010370 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 12 Dec 2017 16:57:36 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-020.cisco.com (64.101.220.160) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 12 Dec 2017 11:57:31 -0500 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Tue, 12 Dec 2017 11:57:31 -0500 From: "Carlos Pignataro (cpignata)" To: Takeshi Takahashi CC: "secdir@ietf.org" , spring , "IETF Discussion Mailing List" , "draft-ietf-spring-oam-usecase.all@ietf.org" Thread-Topic: Secdir telechat review of draft-ietf-spring-oam-usecase-09 Thread-Index: AQHTcx4k3EKWUeYSf0GdAt9DucmAw6NAQi6A Date: Tue, 12 Dec 2017 16:57:31 +0000 Message-ID: <118B351A-C23E-4888-B015-44741AE11FD1@cisco.com> References: <151306513713.20438.3742368041842215985@ietfa.amsl.com> In-Reply-To: <151306513713.20438.3742368041842215985@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_118B351AC23E4888B01544741AE11FD1ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] Secdir telechat review of draft-ietf-spring-oam-usecase-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 16:57:39 -0000 --_000_118B351AC23E4888B01544741AE11FD1ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TWFueSB0aGFua3MgVGFrZXNoaSBmb3IgeW91ciByZXZpZXchIFdlIHdpbGwgZml4IHRoZSBtaW5v ciBhbmQgZWRpdG9yaWFsIGNvbW1lbnRzLg0KDQpUaGFua3MhDQoNCuKAlA0KQ2FybG9zIFBpZ25h dGFybywgY2FybG9zQGNpc2NvLmNvbTxtYWlsdG86Y2FybG9zQGNpc2NvLmNvbT4NCg0K4oCcU29t ZXRpbWVzIEkgdXNlIGJpZyB3b3JkcyB0aGF0IEkgZG8gbm90IGZ1bGx5IHVuZGVyc3RhbmQsIHRv IG1ha2UgbXlzZWxmIHNvdW5kIG1vcmUgcGhvdG9zeW50aGVzaXMuIg0KDQpPbiBEZWMgMTIsIDIw MTcsIGF0IDI6NTIgQU0sIFRha2VzaGkgVGFrYWhhc2hpIDx0YWtlc2hpX3Rha2FoYXNoaUBuaWN0 LmdvLmpwPG1haWx0bzp0YWtlc2hpX3Rha2FoYXNoaUBuaWN0LmdvLmpwPj4gd3JvdGU6DQoNClJl dmlld2VyOiBUYWtlc2hpIFRha2FoYXNoaQ0KUmV2aWV3IHJlc3VsdDogSGFzIE5pdHMNCg0KVGhl IGlzc3VlcyBJIGhhdmUgaGVyZSBhcmUgdmVyeSBtaW5vci4NClRoZSBzZWN1cml0eSBjb25zaWRl cmF0aW9uIHNlY3Rpb24gYmVjYW1lIGJldHRlciB0aGFuIHRoZSAwNiB2ZXJzaW9uIHRoYXQgSQ0K aGF2ZSByZXZpZXdlZCBiZWZvcmUsIGJ1dCBJIGhvcGUgdGhlIGVkaXRvcnMgY291bGQgYmUga2lu ZCBlbm91Z2ggdG8gaGVscA0KcmVhZGVyIHVuZGVyc3RhbmQgc2VjdXJpdHkgc2l0dWF0aW9uIGJl dHRlci4NCg0KTWlub3IgY29tbWVudHM6DQoNClJlZ2FyZGluZyB0aGlzIHNlbnRlbmNlICJidXQg aXQgY2FuIGJlIHVzZWQgdG8gY29tcHJvbXNlIHNlY3VyaXR5IGluIHRoZSBjc2Ugb2YNCmV4dGVy bmFsIElQIGRvbWFpbnMiLCB3aGF0IGRvIHlvdSBtZWFuIGJ5ICJjb21wcm9taXNlIHNlY3VyaXR5 Ij8gSXQgd291bGQgYmUNCm5pY2UgaWYgeW91IGNvdWxkIGRlc2NyaWJlIHdoYXQga2luZCBvZiBz ZWN1cml0eSBjb21wcm9taXNlIG1heSBoYXBwZW4gaW4gb3JkZXINCmZvciB0aGUgcmVhZGVycyB0 byB1bmRlcnN0YW5kIHRoZSB0aHJlYXRzIG1vcmUgdml2aWRseS4NCg0KRWRpdG9yaWFsIGNvbW1l bnRzOg0KDQoxLiBMRFAgaGFkIGJldHRlciBiZSBzcGVsbGVkIG91dC4NCjIuICJza2lsbGVkIHBl cnNvbmFsIjogY291bGQgaXQgYmUgInNraWxsZWQgcGVyc29ubmVsIj8NCjMuIFRoaXMgc2VudGVu Y2UgIkFzIGl0IGlzIG5lY2Vzc2FyeSB0byBrbm93IHRoYXQgdGhlIGluZm9ybWF0aW9uIGlzDQog IHN0YWxlIGlzIG9yZGVyIHRvIGZvbGxvdyB0aGUgaW5zdHJ1Y3Rpb24sIGFzIGlzIHRoZSBjYXNl IHdpdGggZm9yDQogIGV4YW1wbGUgY29udmVyZ2VuY2UgZXZlbnRzIHRoYXQgbWF5IGJlIG9uZ29p bmcgYXQgdGhlIHRpbWUgb2YNCiAgZGlhZ25vc3RpYyBtZWFzdXJlbWVudC4iIGlzIG5vdCBlYXN5 IHRvIHVuZGVyc3RhbmQgb2ZyIG1lLiBJIHNlZSBzb21lIHR5cG8NCiAgaW4gdGhpcyBzZW50ZW5j ZSBhcyB3ZWxsLg0KDQoNCg0K --_000_118B351AC23E4888B01544741AE11FD1ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <06090149B02F43499ADCDD96BB0FB16B@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgbGluZS1icmVhazogYWZ0 ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCk1hbnkgdGhhbmtzJm5ic3A7VGFrZXNoaSBmb3Ig eW91ciByZXZpZXchIFdlIHdpbGwgZml4IHRoZSBtaW5vciBhbmQgZWRpdG9yaWFsIGNvbW1lbnRz Lg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhh bmtzITwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0K PGRpdiBzdHlsZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsg dGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25l OyB3aGl0ZS1zcGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0 cm9rZS13aWR0aDogMHB4OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2Rl OiBzcGFjZTsgLXdlYmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIi Pg0K4oCUPGJyIGNsYXNzPSIiPg0KQ2FybG9zIFBpZ25hdGFybywmbmJzcDs8YSBocmVmPSJtYWls dG86Y2FybG9zQGNpc2NvLmNvbSIgY2xhc3M9IiI+Y2FybG9zQGNpc2NvLmNvbTwvYT48YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8aSBjbGFzcz0iIj7igJxTb21ldGltZXMgSSB1c2UgYmln IHdvcmRzIHRoYXQgSSBkbyBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291 bmQgbW9yZSBwaG90b3N5bnRoZXNpcy4mcXVvdDs8L2k+PC9kaXY+DQo8L2Rpdj4NCjxkaXY+PGJy IGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNz PSIiPk9uIERlYyAxMiwgMjAxNywgYXQgMjo1MiBBTSwgVGFrZXNoaSBUYWthaGFzaGkgJmx0Ozxh IGhyZWY9Im1haWx0bzp0YWtlc2hpX3Rha2FoYXNoaUBuaWN0LmdvLmpwIiBjbGFzcz0iIj50YWtl c2hpX3Rha2FoYXNoaUBuaWN0LmdvLmpwPC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9 IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9 IiI+UmV2aWV3ZXI6IFRha2VzaGkgVGFrYWhhc2hpPGJyIGNsYXNzPSIiPg0KUmV2aWV3IHJlc3Vs dDogSGFzIE5pdHM8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGUgaXNzdWVzIEkgaGF2 ZSBoZXJlIGFyZSB2ZXJ5IG1pbm9yLjxiciBjbGFzcz0iIj4NClRoZSBzZWN1cml0eSBjb25zaWRl cmF0aW9uIHNlY3Rpb24gYmVjYW1lIGJldHRlciB0aGFuIHRoZSAwNiB2ZXJzaW9uIHRoYXQgSTxi ciBjbGFzcz0iIj4NCmhhdmUgcmV2aWV3ZWQgYmVmb3JlLCBidXQgSSBob3BlIHRoZSBlZGl0b3Jz IGNvdWxkIGJlIGtpbmQgZW5vdWdoIHRvIGhlbHA8YnIgY2xhc3M9IiI+DQpyZWFkZXIgdW5kZXJz dGFuZCBzZWN1cml0eSBzaXR1YXRpb24gYmV0dGVyLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCk1pbm9yIGNvbW1lbnRzOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClJlZ2FyZGlu ZyB0aGlzIHNlbnRlbmNlICZxdW90O2J1dCBpdCBjYW4gYmUgdXNlZCB0byBjb21wcm9tc2Ugc2Vj dXJpdHkgaW4gdGhlIGNzZSBvZjxiciBjbGFzcz0iIj4NCmV4dGVybmFsIElQIGRvbWFpbnMmcXVv dDssIHdoYXQgZG8geW91IG1lYW4gYnkgJnF1b3Q7Y29tcHJvbWlzZSBzZWN1cml0eSZxdW90Oz8g SXQgd291bGQgYmU8YnIgY2xhc3M9IiI+DQpuaWNlIGlmIHlvdSBjb3VsZCBkZXNjcmliZSB3aGF0 IGtpbmQgb2Ygc2VjdXJpdHkgY29tcHJvbWlzZSBtYXkgaGFwcGVuIGluIG9yZGVyPGJyIGNsYXNz PSIiPg0KZm9yIHRoZSByZWFkZXJzIHRvIHVuZGVyc3RhbmQgdGhlIHRocmVhdHMgbW9yZSB2aXZp ZGx5LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkVkaXRvcmlhbCBjb21tZW50czo8YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQoxLiBMRFAgaGFkIGJldHRlciBiZSBzcGVsbGVkIG91 dC48YnIgY2xhc3M9IiI+DQoyLiAmcXVvdDtza2lsbGVkIHBlcnNvbmFsJnF1b3Q7OiBjb3VsZCBp dCBiZSAmcXVvdDtza2lsbGVkIHBlcnNvbm5lbCZxdW90Oz88YnIgY2xhc3M9IiI+DQozLiBUaGlz IHNlbnRlbmNlICZxdW90O0FzIGl0IGlzIG5lY2Vzc2FyeSB0byBrbm93IHRoYXQgdGhlIGluZm9y bWF0aW9uIGlzPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7c3RhbGUgaXMgb3JkZXIgdG8gZm9s bG93IHRoZSBpbnN0cnVjdGlvbiwgYXMgaXMgdGhlIGNhc2Ugd2l0aCBmb3I8YnIgY2xhc3M9IiI+ DQombmJzcDsmbmJzcDtleGFtcGxlIGNvbnZlcmdlbmNlIGV2ZW50cyB0aGF0IG1heSBiZSBvbmdv aW5nIGF0IHRoZSB0aW1lIG9mPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7ZGlhZ25vc3RpYyBt ZWFzdXJlbWVudC4mcXVvdDsgaXMgbm90IGVhc3kgdG8gdW5kZXJzdGFuZCBvZnIgbWUuIEkgc2Vl IHNvbWUgdHlwbzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO2luIHRoaXMgc2VudGVuY2UgYXMg d2VsbC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwv Ym9keT4NCjwvaHRtbD4NCg== --_000_118B351AC23E4888B01544741AE11FD1ciscocom_-- From nobody Tue Dec 12 13:12:40 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FF661279E5; Tue, 12 Dec 2017 13:12:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XrzwY5G7_yoa; Tue, 12 Dec 2017 13:12:34 -0800 (PST) Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0419129566; Tue, 12 Dec 2017 13:12:33 -0800 (PST) Received: by mail-oi0-x234.google.com with SMTP id x20so168044oix.12; Tue, 12 Dec 2017 13:12:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=G4VwViNAyi2gvyoSSlj2n8BFAVZaXJve71EYPsp0nMY=; b=saeWn3AXHNkdJqSD0LONNtYxI/ekglbswp2lk8VwjlsYYia+0kn711oz6SdaJ4YgHf RXRkpcUm+KIrm4INZfUxk17HQ6nrt9JziZFlONtRSv2wthRbog8QrUb7b0jpbJ83PABQ pX+H8A2izwfjmZAAiblPRmwz4rWwhyHqHRjdVmPPQgbVp46aF2DN5Ok+NdNT/5aeKguw R5QjCbSYlzpRiqvMdp1uhhb1XUiBYGV1md2ve1fPx0RHlZff3QWgNVHKDEbP6SbHA1a4 /arL+X6a3mwl6NvJ6dBODehZscXNIrY1sy5PEbow3wglu6tb3M1e8ILsr+kuYEOhZBuN cdzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=G4VwViNAyi2gvyoSSlj2n8BFAVZaXJve71EYPsp0nMY=; b=KyCxA8ym9Bp4XNAz4saUCIje3N3PiPdMwXPYJMPHK4EFDXnW27+73GzzUvf+MSMYLr bPoumaP13kslI+IZ2OiWzK7fp6EgHUX6ffJxQB8RlzW4p9Yr+QC4wCh7uxbyfyBSUsU2 YK7nevALgc1AUKG5zlDQtStcMXOw84UIJvURFC8+JpxvfrpWDNp9Axp76s75Y3Cm5Tmy kOZW5sVUYoFmfgd+1DHI6EL+QkgLTf/AEf4zwcZZFsPQt2e4bWSLd/02IVTP90e5+uIF r0L/y2NDy9/liKxvHK8rOmCrD6tt8HHM+WccGvRw3o0d520uisR7Nqs7Z/haY68v6Ttm zhLg== X-Gm-Message-State: AKGB3mLKfvsaYdXc3ZEP/xXSgLlVct/owo68EgGJRLK1PgKM2jKF2mYc YvHLchalyUH7QvQREtXr7KaTfwDOm78i6zDQ2U/af7eY X-Google-Smtp-Source: ACJfBouyKZf/F/pfgBG6MFOlYoQ0ksrFRpUhkg/DRzIYW8+9ZYhPFWURj+qWVGtwQZzD8WRJfJXOCSnrnL+/7SrsnkI= X-Received: by 10.202.212.209 with SMTP id l200mr169002oig.318.1513113153082; Tue, 12 Dec 2017 13:12:33 -0800 (PST) MIME-Version: 1.0 Received: by 10.168.53.129 with HTTP; Tue, 12 Dec 2017 13:12:17 -0800 (PST) In-Reply-To: <151294155757.21877.6840749517796253347@ietfa.amsl.com> References: <151294155757.21877.6840749517796253347@ietfa.amsl.com> From: Donald Eastlake Date: Tue, 12 Dec 2017 16:12:17 -0500 Message-ID: To: Joseph Salowey Cc: "secdir@ietf.org" , "trill@ietf.org" , "iesg@ietf.org" , draft-ietf-trill-centralized-replication.all@ietf.org Content-Type: multipart/alternative; boundary="001a113d2f88fe9adc05602b1b05" Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-trill-centralized-replication-10 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 21:12:35 -0000 --001a113d2f88fe9adc05602b1b05 Content-Type: text/plain; charset="UTF-8" Hi Joseph, Thanks for the review, see below. On Sun, Dec 10, 2017 at 4:32 PM, Joseph Salowey wrote: > Reviewer: Joseph Salowey > Review result: Has Issues > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > Document is ready with issues. > > I think the document has appropriate security considerations. > > One issue I see in the document is that in the intro it states: > "The basic idea is that all ingress RBridges send BUM traffic to a > centralized > node, which SHOULD be a distribution tree root, using unicast TRILL > encapsulation." In section 3 it states : "The centralized node MUST be a > distribution tree root." > > The MUST and SHOULD seem to be at odds here. > Indeed, a number of "SHOULD"s were changed in a recent revision to "MUST"s and it looks like one of the most prominent, in the Abstract, was overlooked. Thanks, Donald (document shepherd) =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com --001a113d2f88fe9adc05602b1b05 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Joseph,

Thanks for the review, see b= elow.

On Sun= , Dec 10, 2017 at 4:32 PM, Joseph Salowey <joe@salowey.net> wr= ote:
Reviewer: Joseph = Salowey
Review result: Has Issues

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.=C2=A0 These comments were written primarily for the benefit of the security area directors.=C2=A0 Document editors and WG chairs should treat<= br> these comments just like any other last call comments.

Document is ready with issues.

I think the document has appropriate security considerations.

One issue I see in the document is that in the intro it states:
"The basic idea is that all ingress RBridges send BUM traffic to a cen= tralized
node, which SHOULD be a distribution tree root, using unicast TRILL
encapsulation." In section 3 it states : "The centralized node MU= ST be a
distribution tree root."

The MUST and SHOULD seem to be at odds here.

Indeed, a number of "SHOULD"s were changed in a recent revi= sion to "MUST"s and it looks like one of the most prominent, in t= he Abstract, was overlooked.

Thanks,
Donald (document shepherd)
=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=C2=A0Donald E. Eastlake 3rd =C2=A0 +1-508-333-2270 (cell)
=C2=A0155 Be= aver Street, Milford, MA 01757 USA
=C2=A0d3e3e3@gmail.com

--001a113d2f88fe9adc05602b1b05-- From nobody Tue Dec 12 17:53:18 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C182D129411; Tue, 12 Dec 2017 17:53:10 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Takeshi Takahashi To: Cc: draft-ietf-spring-segment-routing-msdc.all@ietf.org, spring@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.67.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151312999074.30209.6653698742560230397@ietfa.amsl.com> Date: Tue, 12 Dec 2017 17:53:10 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-spring-segment-routing-msdc-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2017 01:53:11 -0000 Reviewer: Takeshi Takahashi Review result: Ready The security consideration section is concise, but it well represents its security status by saying "The solution proposed in this document does not introduce any additional security concerns from what expressed in [RFC7938] and [I-D.ietf-idr-bgp-prefix-sid]". From nobody Wed Dec 13 05:46:30 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4986C120227; Wed, 13 Dec 2017 05:46:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CvLE7GdY2jyU; Wed, 13 Dec 2017 05:46:16 -0800 (PST) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87BAD124B09; Wed, 13 Dec 2017 05:46:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18960; q=dns/txt; s=iport; t=1513172774; x=1514382374; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=J7jhIXwJtnEv9keJW/q6ecHnq7y7sCf0BRWgRFOWA9E=; b=IpXu1vWsQSZSPh2ankQ71/P76NwrkTUqAUBi+TA7JcrewtYntICkndKN +qJ3d4/1gnm8qUbbe+AsdPB0YWIkM4FkmmF7erGCb5zQ51JqBsMdvEPwA piziSeXlL9LVYa2mdxpJ8UxqEC55GlQQbGE49bQb4YVA38kkaTqLhYaHN U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BeAgDqLjFa/5JdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYM+gVonB4N7mSaTQYVhggEKhTsCGoR5QhUBAQEBAQEBAQFrKIU?= =?us-ascii?q?kBiNIDhACAQg/AwICAjAUEQIEDgWJRGSoc4InilwBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEdg2CCC4FWgWkpgXSBDoMvgTYSgzsxgjIFikqPCIlNAotqiTuTaJY5AhE?= =?us-ascii?q?ZAYE6ATUjgU5vFWQBgX6EVXiHfoEygRUBAQE?= X-IronPort-AV: E=Sophos; i="5.45,397,1508803200"; d="scan'208,217"; a="43529184" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Dec 2017 13:45:54 +0000 Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id vBDDjrbn001951 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 13 Dec 2017 13:45:54 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 13 Dec 2017 08:45:53 -0500 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 13 Dec 2017 08:45:53 -0500 From: "Carlos Pignataro (cpignata)" To: Takeshi Takahashi CC: "secdir@ietf.org" , "spring@ietf.org" , "ietf@ietf.org" , "draft-ietf-spring-oam-usecase.all@ietf.org" Thread-Topic: Secdir telechat review of draft-ietf-spring-oam-usecase-09 Thread-Index: AQHTcx4k3EKWUeYSf0GdAt9DucmAw6NBnvcA Date: Wed, 13 Dec 2017 13:45:52 +0000 Message-ID: <2D6492DA-25BD-43A6-ABBB-76006F632055@cisco.com> References: <151306513713.20438.3742368041842215985@ietfa.amsl.com> In-Reply-To: <151306513713.20438.3742368041842215985@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_2D6492DA25BD43A6ABBB76006F632055ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] Secdir telechat review of draft-ietf-spring-oam-usecase-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2017 13:46:19 -0000 --_000_2D6492DA25BD43A6ABBB76006F632055ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGVhciBUYWtlc2hpLA0KDQpXZSBoYXZlIGFwcGxpZWQgdGhlIGZvbGxvd2luZyBjaGFuZ2VzIHRv IHRoZSBkb2N1bWVudOKAmXMgd29ya2luZyBjb3B5LCBpbiByZXNwb25zZSB0byB5b3VyIHJldmll dy4NCg0KVGhhbmtzIGFnYWluLg0KDQpTZWN0aW9uIDEuLCBwYXJhZ3JhcGggMzoNCkVYUExBTkFU SU9OOiBTcGVsbCBvdXQgTERQLg0KDQpPTEQ6DQoNCiAgICBUaGUgc3lzdGVtIGFwcGxpZXMgdG8g bW9uaXRvcmluZyBvZiBub24gU2VnbWVudCBSb3V0aW5nIExhYmVsDQp8ICAgU3dpdGNoZWQgUGF0 aHMgKExTUCdzKSBsaWtlIExEUCBhcyB3ZWxsIGFzIHRvIG1vbml0b3Jpbmcgb2YgU2VnbWVudA0K fCAgIFJvdXRlZCBMU1AncyAoc2VjdGlvbiA3IG9mZmVycyBzb21lIG1vcmUgaW5mb3JtYXRpb24p LiAgQXMgY29tcGFyZWQNCnwgICB0byBub24gU2VnbWVudCBSb3V0aW5nIGFwcHJvYWNoZXMsIFNl Z21lbnQgUm91dGluZyBpcyBleHBlY3RlZCB0bw0KfCAgIHNpbXBsaWZ5IHN1Y2ggYSBtb25pdG9y aW5nIHN5c3RlbSBieSBlbmFibGluZyBNUExTIHRvcG9sb2d5IGRldGVjdGlvbg0KfCAgIGJhc2Vk IG9uIElHUCBzaWduYWxlZCBzZWdtZW50cy4gIFRoZSBNUExTIHRvcG9sb2d5IHNob3VsZCBiZSBk ZXRlY3RlZA0KfCAgIGFuZCBjb3JyZWxhdGVkIHdpdGggdGhlIElHUCB0b3BvbG9neSwgd2hpY2gg aXMgdG9vIGRldGVjdGVkIGJ5IElHUA0KfCAgIHNpZ25hbGluZy4gIFRodXMgYSBjZW50cmFsaXpl ZCBhbmQgTVBMUyB0b3BvbG9neSBhd2FyZSBtb25pdG9yaW5nDQp8ICAgdW5pdCBjYW4gYmUgcmVh bGl6ZWQgaW4gYSBTZWdtZW50IFJvdXRlZCBkb21haW4uICBUaGlzIHRvcG9sb2d5DQp8ICAgYXdh cmVuZXNzIGNhbiBiZSB1c2VkIGZvciBPcGVyYXRpb24sIEFkbWluaXN0cmF0aW9uLCBhbmQgTWFp bnRlbmFuY2UNCnwgICAoT0FNKSBwdXJwb3NlcyBhcyBkZXNjcmliZWQgYnkgdGhpcyBkb2N1bWVu dC4NCg0KTkVXOg0KDQogICAgVGhlIHN5c3RlbSBhcHBsaWVzIHRvIG1vbml0b3Jpbmcgb2Ygbm9u IFNlZ21lbnQgUm91dGluZyBMYWJlbA0KfCAgIFN3aXRjaGVkIFBhdGhzIChMU1AncykgbGlrZSBM YWJlbCBEaXN0cmlidXRpb24gUHJvdG9jb2wgKExEUCkgYXMgd2VsbA0KfCAgIGFzIHRvIG1vbml0 b3Jpbmcgb2YgU2VnbWVudCBSb3V0ZWQgTFNQJ3MgKHNlY3Rpb24gNyBvZmZlcnMgc29tZSBtb3Jl DQp8ICAgaW5mb3JtYXRpb24pLiAgQXMgY29tcGFyZWQgdG8gbm9uIFNlZ21lbnQgUm91dGluZyBh cHByb2FjaGVzLCBTZWdtZW50DQp8ICAgUm91dGluZyBpcyBleHBlY3RlZCB0byBzaW1wbGlmeSBz dWNoIGEgbW9uaXRvcmluZyBzeXN0ZW0gYnkgZW5hYmxpbmcNCnwgICBNUExTIHRvcG9sb2d5IGRl dGVjdGlvbiBiYXNlZCBvbiBJR1Agc2lnbmFsZWQgc2VnbWVudHMuICBUaGUgTVBMUw0KfCAgIHRv cG9sb2d5IHNob3VsZCBiZSBkZXRlY3RlZCBhbmQgY29ycmVsYXRlZCB3aXRoIHRoZSBJR1AgdG9w b2xvZ3ksDQp8ICAgd2hpY2ggaXMgdG9vIGRldGVjdGVkIGJ5IElHUCBzaWduYWxpbmcuICBUaHVz IGEgY2VudHJhbGl6ZWQgYW5kIE1QTFMNCnwgICB0b3BvbG9neSBhd2FyZSBtb25pdG9yaW5nIHVu aXQgY2FuIGJlIHJlYWxpemVkIGluIGEgU2VnbWVudCBSb3V0ZWQNCnwgICBkb21haW4uICBUaGlz IHRvcG9sb2d5IGF3YXJlbmVzcyBjYW4gYmUgdXNlZCBmb3IgT3BlcmF0aW9uLA0KfCAgIEFkbWlu aXN0cmF0aW9uLCBhbmQgTWFpbnRlbmFuY2UgKE9BTSkgcHVycG9zZXMgYXMgZGVzY3JpYmVkIGJ5 IHRoaXMNCnwgICBkb2N1bWVudC4NCg0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KU2VjdGlvbiAxMC4s IHBhcmFncmFwaCAyOg0KRVhQTEFOQVRJT046IENsYXJpZnkgd2hhdCBpcyBtZWFudCBieSDigJxj b21wcm9taXNlIHNlY3VyaXR54oCdIGluIGNvbmNyZXRlIHRlcm1zLg0KDQpPTEQ6DQoNCiAgICBU aGUgUE1TIGFsbG93cyB0byBpbnNlcnQgdHJhZmZpYyBpbnRvIG5vbi1TUiBkb21haW5zLiAgVGhp cyBtYXkgYmUNCiAgICByZXF1aXJlZCBpbiB0aGUgY2FzZSBvZiBhbiBMRFAgZG9tYWluIGF0dGFj aGVkIHRvIHRoZSBTUiBkb21haW4sIGJ1dA0KfCAgIGl0IGNhbiBiZSB1c2VkIHRvIGNvbXByb21p c2Ugc2VjdXJpdHkgaW4gdGhlIGNhc2Ugb2YgZXh0ZXJuYWwgSVANCnwgICBkb21haW5zIGFuZCBN UExTIGJhc2VkIFZQTnMuDQoNCk5FVzoNCg0KICAgIFRoZSBQTVMgYWxsb3dzIHRvIGluc2VydCB0 cmFmZmljIGludG8gbm9uLVNSIGRvbWFpbnMuICBUaGlzIG1heSBiZQ0KICAgIHJlcXVpcmVkIGlu IHRoZSBjYXNlIG9mIGFuIExEUCBkb21haW4gYXR0YWNoZWQgdG8gdGhlIFNSIGRvbWFpbiwgYnV0 DQp8ICAgaXQgY2FuIGJlIHVzZWQgdG8gbWFsaWNpb3VzbHkgaW5zZXJ0IHRyYWZmaWMgaW4gdGhl IGNhc2Ugb2YgZXh0ZXJuYWwNCnwgICBJUCBkb21haW5zIGFuZCBNUExTIGJhc2VkIFZQTnMuDQoN Cg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tDQoNCg0KU2VjdGlvbiAxMC4sIHBhcmFncmFwaCA0Og0KRVhQTEFO QVRJT046IFR5cG8uDQoNCk9MRDoNCg0KICAgIFRvIGxpbWl0IHBvdGVudGlhbCBtaXN1c2UsIGFj Y2VzcyB0byBhIFBNUyBuZWVkcyB0byBiZSBhdXRob3JpemVkIGFuZA0KfCAgIHNob3VsZCBiZSBs b2dnZWQuICBPQU0gc3VwcG9ydGVkIGJ5IGEgUE1TIHJlcXVpcmVzIHNraWxsZWQgcGVyc29uYWwN CiAgICBhbmQgaGVuY2Ugb25seSBleHBlcnRzIHJlcXVpcmluZyBQTVMgYWNjZXNzIHNob3VsZCBi ZSBhbGxvd2VkIHRvDQogICAgYWNjZXNzIHN1Y2ggYSBzeXN0ZW0uICBJdCBpcyByZWNvbW1lbmRl ZCB0byBkaXJlY3RseSBhdHRhY2ggYSBQTVMgdG8NCiAgICBhbiBTUiBkb21haW4uICBDb25uZWN0 aW5nIGEgUE1TIHRvIGFuIFNSIGRvbWFpbiBpcyB0ZWNobmljYWxseQ0KICAgIHBvc3NpYmxlLCBi dXQgYWRkcyBmdXJ0aGVyIHNlY3VyaXR5IGlzc3Vlcy4gIEEgdHVubmVsIGJhc2VkIGFjY2VzcyBv Zg0KICAgIGEgUE1TIHRvIGFuIFNSIGRvbWFpbiBpcyBub3QgcmVjb21tZW5kZWQuDQoNCk5FVzoN Cg0KICAgIFRvIGxpbWl0IHBvdGVudGlhbCBtaXN1c2UsIGFjY2VzcyB0byBhIFBNUyBuZWVkcyB0 byBiZSBhdXRob3JpemVkIGFuZA0KfCAgIHNob3VsZCBiZSBsb2dnZWQuICBPQU0gc3VwcG9ydGVk IGJ5IGEgUE1TIHJlcXVpcmVzIHNraWxsZWQgcGVyc29ubmVsDQogICAgYW5kIGhlbmNlIG9ubHkg ZXhwZXJ0cyByZXF1aXJpbmcgUE1TIGFjY2VzcyBzaG91bGQgYmUgYWxsb3dlZCB0bw0KICAgIGFj Y2VzcyBzdWNoIGEgc3lzdGVtLiAgSXQgaXMgcmVjb21tZW5kZWQgdG8gZGlyZWN0bHkgYXR0YWNo IGEgUE1TIHRvDQogICAgYW4gU1IgZG9tYWluLiAgQ29ubmVjdGluZyBhIFBNUyB0byBhbiBTUiBk b21haW4gaXMgdGVjaG5pY2FsbHkNCiAgICBwb3NzaWJsZSwgYnV0IGFkZHMgZnVydGhlciBzZWN1 cml0eSBpc3N1ZXMuICBBIHR1bm5lbCBiYXNlZCBhY2Nlc3Mgb2YNCiAgICBhIFBNUyB0byBhbiBT UiBkb21haW4gaXMgbm90IHJlY29tbWVuZGVkLg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KOg0KDQpC ZXN0IHJlZ2FyZHMsDQoNCuKAlA0KQ2FybG9zIFBpZ25hdGFybywgY2FybG9zQGNpc2NvLmNvbTxt YWlsdG86Y2FybG9zQGNpc2NvLmNvbT4NCg0K4oCcU29tZXRpbWVzIEkgdXNlIGJpZyB3b3JkcyB0 aGF0IEkgZG8gbm90IGZ1bGx5IHVuZGVyc3RhbmQsIHRvIG1ha2UgbXlzZWxmIHNvdW5kIG1vcmUg cGhvdG9zeW50aGVzaXMuIg0KDQpPbiBEZWMgMTIsIDIwMTcsIGF0IDI6NTIgQU0sIFRha2VzaGkg VGFrYWhhc2hpIDx0YWtlc2hpX3Rha2FoYXNoaUBuaWN0LmdvLmpwPG1haWx0bzp0YWtlc2hpX3Rh a2FoYXNoaUBuaWN0LmdvLmpwPj4gd3JvdGU6DQoNClJldmlld2VyOiBUYWtlc2hpIFRha2FoYXNo aQ0KUmV2aWV3IHJlc3VsdDogSGFzIE5pdHMNCg0KVGhlIGlzc3VlcyBJIGhhdmUgaGVyZSBhcmUg dmVyeSBtaW5vci4NClRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIHNlY3Rpb24gYmVjYW1lIGJl dHRlciB0aGFuIHRoZSAwNiB2ZXJzaW9uIHRoYXQgSQ0KaGF2ZSByZXZpZXdlZCBiZWZvcmUsIGJ1 dCBJIGhvcGUgdGhlIGVkaXRvcnMgY291bGQgYmUga2luZCBlbm91Z2ggdG8gaGVscA0KcmVhZGVy IHVuZGVyc3RhbmQgc2VjdXJpdHkgc2l0dWF0aW9uIGJldHRlci4NCg0KTWlub3IgY29tbWVudHM6 DQoNClJlZ2FyZGluZyB0aGlzIHNlbnRlbmNlICJidXQgaXQgY2FuIGJlIHVzZWQgdG8gY29tcHJv bXNlIHNlY3VyaXR5IGluIHRoZSBjc2Ugb2YNCmV4dGVybmFsIElQIGRvbWFpbnMiLCB3aGF0IGRv IHlvdSBtZWFuIGJ5ICJjb21wcm9taXNlIHNlY3VyaXR5Ij8gSXQgd291bGQgYmUNCm5pY2UgaWYg eW91IGNvdWxkIGRlc2NyaWJlIHdoYXQga2luZCBvZiBzZWN1cml0eSBjb21wcm9taXNlIG1heSBo YXBwZW4gaW4gb3JkZXINCmZvciB0aGUgcmVhZGVycyB0byB1bmRlcnN0YW5kIHRoZSB0aHJlYXRz IG1vcmUgdml2aWRseS4NCg0KRWRpdG9yaWFsIGNvbW1lbnRzOg0KDQoxLiBMRFAgaGFkIGJldHRl ciBiZSBzcGVsbGVkIG91dC4NCjIuICJza2lsbGVkIHBlcnNvbmFsIjogY291bGQgaXQgYmUgInNr aWxsZWQgcGVyc29ubmVsIj8NCjMuIFRoaXMgc2VudGVuY2UgIkFzIGl0IGlzIG5lY2Vzc2FyeSB0 byBrbm93IHRoYXQgdGhlIGluZm9ybWF0aW9uIGlzDQogIHN0YWxlIGlzIG9yZGVyIHRvIGZvbGxv dyB0aGUgaW5zdHJ1Y3Rpb24sIGFzIGlzIHRoZSBjYXNlIHdpdGggZm9yDQogIGV4YW1wbGUgY29u dmVyZ2VuY2UgZXZlbnRzIHRoYXQgbWF5IGJlIG9uZ29pbmcgYXQgdGhlIHRpbWUgb2YNCiAgZGlh Z25vc3RpYyBtZWFzdXJlbWVudC4iIGlzIG5vdCBlYXN5IHRvIHVuZGVyc3RhbmQgb2ZyIG1lLiBJ IHNlZSBzb21lIHR5cG8NCiAgaW4gdGhpcyBzZW50ZW5jZSBhcyB3ZWxsLg0KDQoNCg0K --_000_2D6492DA25BD43A6ABBB76006F632055ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgbGluZS1icmVhazogYWZ0 ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCkRlYXIgVGFrZXNoaSwNCjxkaXYgY2xhc3M9IiI+ PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPldlIGhhdmUgYXBwbGllZCB0aGUg Zm9sbG93aW5nIGNoYW5nZXMgdG8gdGhlIGRvY3VtZW504oCZcyB3b3JraW5nIGNvcHksIGluIHJl c3BvbnNlIHRvIHlvdXIgcmV2aWV3LjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+ DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhhbmtzIGFnYWluLjwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+U2VjdGlvbiAxLiwgcGFyYWdy YXBoIDM6PGJyIGNsYXNzPSIiPg0KRVhQTEFOQVRJT046Jm5ic3A7U3BlbGwgb3V0IExEUC48YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpPTEQ6PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KJm5ic3A7ICZuYnNwOyZuYnNwO1RoZSBzeXN0ZW0gYXBwbGllcyB0byBtb25pdG9yaW5nIG9m IG5vbiBTZWdtZW50IFJvdXRpbmcgTGFiZWw8YnIgY2xhc3M9IiI+DQp8Jm5ic3A7Jm5ic3A7Jm5i c3A7U3dpdGNoZWQgUGF0aHMgKExTUCdzKSBsaWtlIExEUCBhcyB3ZWxsIGFzIHRvIG1vbml0b3Jp bmcgb2YgU2VnbWVudDxiciBjbGFzcz0iIj4NCnwmbmJzcDsmbmJzcDsmbmJzcDtSb3V0ZWQgTFNQ J3MgKHNlY3Rpb24gNyBvZmZlcnMgc29tZSBtb3JlIGluZm9ybWF0aW9uKS4mbmJzcDsmbmJzcDtB cyBjb21wYXJlZDxiciBjbGFzcz0iIj4NCnwmbmJzcDsmbmJzcDsmbmJzcDt0byBub24gU2VnbWVu dCBSb3V0aW5nIGFwcHJvYWNoZXMsIFNlZ21lbnQgUm91dGluZyBpcyBleHBlY3RlZCB0bzxiciBj bGFzcz0iIj4NCnwmbmJzcDsmbmJzcDsmbmJzcDtzaW1wbGlmeSBzdWNoIGEgbW9uaXRvcmluZyBz eXN0ZW0gYnkgZW5hYmxpbmcgTVBMUyB0b3BvbG9neSBkZXRlY3Rpb248YnIgY2xhc3M9IiI+DQp8 Jm5ic3A7Jm5ic3A7Jm5ic3A7YmFzZWQgb24gSUdQIHNpZ25hbGVkIHNlZ21lbnRzLiZuYnNwOyZu YnNwO1RoZSBNUExTIHRvcG9sb2d5IHNob3VsZCBiZSBkZXRlY3RlZDxiciBjbGFzcz0iIj4NCnwm bmJzcDsmbmJzcDsmbmJzcDthbmQgY29ycmVsYXRlZCB3aXRoIHRoZSBJR1AgdG9wb2xvZ3ksIHdo aWNoIGlzIHRvbyBkZXRlY3RlZCBieSBJR1A8YnIgY2xhc3M9IiI+DQp8Jm5ic3A7Jm5ic3A7Jm5i c3A7c2lnbmFsaW5nLiZuYnNwOyZuYnNwO1RodXMgYSBjZW50cmFsaXplZCBhbmQgTVBMUyB0b3Bv bG9neSBhd2FyZSBtb25pdG9yaW5nPGJyIGNsYXNzPSIiPg0KfCZuYnNwOyZuYnNwOyZuYnNwO3Vu aXQgY2FuIGJlIHJlYWxpemVkIGluIGEgU2VnbWVudCBSb3V0ZWQgZG9tYWluLiZuYnNwOyZuYnNw O1RoaXMgdG9wb2xvZ3k8YnIgY2xhc3M9IiI+DQp8Jm5ic3A7Jm5ic3A7Jm5ic3A7YXdhcmVuZXNz IGNhbiBiZSB1c2VkIGZvciBPcGVyYXRpb24sIEFkbWluaXN0cmF0aW9uLCBhbmQgTWFpbnRlbmFu Y2U8YnIgY2xhc3M9IiI+DQp8Jm5ic3A7Jm5ic3A7Jm5ic3A7KE9BTSkgcHVycG9zZXMgYXMgZGVz Y3JpYmVkIGJ5IHRoaXMgZG9jdW1lbnQuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KTkVX OjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsmbmJzcDtUaGUgc3lz dGVtIGFwcGxpZXMgdG8gbW9uaXRvcmluZyBvZiBub24gU2VnbWVudCBSb3V0aW5nIExhYmVsPGJy IGNsYXNzPSIiPg0KfCZuYnNwOyZuYnNwOyZuYnNwO1N3aXRjaGVkIFBhdGhzIChMU1AncykgbGlr ZSBMYWJlbCBEaXN0cmlidXRpb24gUHJvdG9jb2wgKExEUCkgYXMgd2VsbDxiciBjbGFzcz0iIj4N CnwmbmJzcDsmbmJzcDsmbmJzcDthcyB0byBtb25pdG9yaW5nIG9mIFNlZ21lbnQgUm91dGVkIExT UCdzIChzZWN0aW9uIDcgb2ZmZXJzIHNvbWUgbW9yZTxiciBjbGFzcz0iIj4NCnwmbmJzcDsmbmJz cDsmbmJzcDtpbmZvcm1hdGlvbikuJm5ic3A7Jm5ic3A7QXMgY29tcGFyZWQgdG8gbm9uIFNlZ21l bnQgUm91dGluZyBhcHByb2FjaGVzLCBTZWdtZW50PGJyIGNsYXNzPSIiPg0KfCZuYnNwOyZuYnNw OyZuYnNwO1JvdXRpbmcgaXMgZXhwZWN0ZWQgdG8gc2ltcGxpZnkgc3VjaCBhIG1vbml0b3Jpbmcg c3lzdGVtIGJ5IGVuYWJsaW5nPGJyIGNsYXNzPSIiPg0KfCZuYnNwOyZuYnNwOyZuYnNwO01QTFMg dG9wb2xvZ3kgZGV0ZWN0aW9uIGJhc2VkIG9uIElHUCBzaWduYWxlZCBzZWdtZW50cy4mbmJzcDsm bmJzcDtUaGUgTVBMUzxiciBjbGFzcz0iIj4NCnwmbmJzcDsmbmJzcDsmbmJzcDt0b3BvbG9neSBz aG91bGQgYmUgZGV0ZWN0ZWQgYW5kIGNvcnJlbGF0ZWQgd2l0aCB0aGUgSUdQIHRvcG9sb2d5LDxi ciBjbGFzcz0iIj4NCnwmbmJzcDsmbmJzcDsmbmJzcDt3aGljaCBpcyB0b28gZGV0ZWN0ZWQgYnkg SUdQIHNpZ25hbGluZy4mbmJzcDsmbmJzcDtUaHVzIGEgY2VudHJhbGl6ZWQgYW5kIE1QTFM8YnIg Y2xhc3M9IiI+DQp8Jm5ic3A7Jm5ic3A7Jm5ic3A7dG9wb2xvZ3kgYXdhcmUgbW9uaXRvcmluZyB1 bml0IGNhbiBiZSByZWFsaXplZCBpbiBhIFNlZ21lbnQgUm91dGVkPGJyIGNsYXNzPSIiPg0KfCZu YnNwOyZuYnNwOyZuYnNwO2RvbWFpbi4mbmJzcDsmbmJzcDtUaGlzIHRvcG9sb2d5IGF3YXJlbmVz cyBjYW4gYmUgdXNlZCBmb3IgT3BlcmF0aW9uLDxiciBjbGFzcz0iIj4NCnwmbmJzcDsmbmJzcDsm bmJzcDtBZG1pbmlzdHJhdGlvbiwgYW5kIE1haW50ZW5hbmNlIChPQU0pIHB1cnBvc2VzIGFzIGRl c2NyaWJlZCBieSB0aGlzPGJyIGNsYXNzPSIiPg0KfCZuYnNwOyZuYnNwOyZuYnNwO2RvY3VtZW50 LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCi0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClNlY3Rpb24gMTAuLCBwYXJhZ3JhcGgg Mjo8YnIgY2xhc3M9IiI+DQpFWFBMQU5BVElPTjombmJzcDtDbGFyaWZ5IHdoYXQgaXMgbWVhbnQg Ynkg4oCcY29tcHJvbWlzZSBzZWN1cml0eeKAnSBpbiBjb25jcmV0ZSB0ZXJtcy48YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQpPTEQ6PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KJm5i c3A7ICZuYnNwOyZuYnNwO1RoZSBQTVMgYWxsb3dzIHRvIGluc2VydCB0cmFmZmljIGludG8gbm9u LVNSIGRvbWFpbnMuJm5ic3A7Jm5ic3A7VGhpcyBtYXkgYmU8YnIgY2xhc3M9IiI+DQombmJzcDsg Jm5ic3A7Jm5ic3A7cmVxdWlyZWQgaW4gdGhlIGNhc2Ugb2YgYW4gTERQIGRvbWFpbiBhdHRhY2hl ZCB0byB0aGUgU1IgZG9tYWluLCBidXQ8YnIgY2xhc3M9IiI+DQp8Jm5ic3A7Jm5ic3A7Jm5ic3A7 aXQgY2FuIGJlIHVzZWQgdG8gY29tcHJvbWlzZSBzZWN1cml0eSBpbiB0aGUgY2FzZSBvZiBleHRl cm5hbCBJUDxiciBjbGFzcz0iIj4NCnwmbmJzcDsmbmJzcDsmbmJzcDtkb21haW5zIGFuZCBNUExT IGJhc2VkIFZQTnMuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KTkVXOjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsmbmJzcDtUaGUgUE1TIGFsbG93cyB0byBp bnNlcnQgdHJhZmZpYyBpbnRvIG5vbi1TUiBkb21haW5zLiZuYnNwOyZuYnNwO1RoaXMgbWF5IGJl PGJyIGNsYXNzPSIiPg0KJm5ic3A7ICZuYnNwOyZuYnNwO3JlcXVpcmVkIGluIHRoZSBjYXNlIG9m IGFuIExEUCBkb21haW4gYXR0YWNoZWQgdG8gdGhlIFNSIGRvbWFpbiwgYnV0PGJyIGNsYXNzPSIi Pg0KfCZuYnNwOyZuYnNwOyZuYnNwO2l0IGNhbiBiZSB1c2VkIHRvIG1hbGljaW91c2x5IGluc2Vy dCB0cmFmZmljIGluIHRoZSBjYXNlIG9mIGV4dGVybmFsPGJyIGNsYXNzPSIiPg0KfCZuYnNwOyZu YnNwOyZuYnNwO0lQIGRvbWFpbnMgYW5kIE1QTFMgYmFzZWQgVlBOcy48YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpTZWN0aW9uIDEwLiwgcGFyYWdyYXBoIDQ6 PGJyIGNsYXNzPSIiPg0KRVhQTEFOQVRJT046Jm5ic3A7VHlwby48YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQpPTEQ6PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KJm5ic3A7ICZuYnNw OyZuYnNwO1RvIGxpbWl0IHBvdGVudGlhbCBtaXN1c2UsIGFjY2VzcyB0byBhIFBNUyBuZWVkcyB0 byBiZSBhdXRob3JpemVkIGFuZDxiciBjbGFzcz0iIj4NCnwmbmJzcDsmbmJzcDsmbmJzcDtzaG91 bGQgYmUgbG9nZ2VkLiZuYnNwOyZuYnNwO09BTSBzdXBwb3J0ZWQgYnkgYSBQTVMgcmVxdWlyZXMg c2tpbGxlZCBwZXJzb25hbDxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsmbmJzcDthbmQgaGVu Y2Ugb25seSBleHBlcnRzIHJlcXVpcmluZyBQTVMgYWNjZXNzIHNob3VsZCBiZSBhbGxvd2VkIHRv PGJyIGNsYXNzPSIiPg0KJm5ic3A7ICZuYnNwOyZuYnNwO2FjY2VzcyBzdWNoIGEgc3lzdGVtLiZu YnNwOyZuYnNwO0l0IGlzIHJlY29tbWVuZGVkIHRvIGRpcmVjdGx5IGF0dGFjaCBhIFBNUyB0bzxi ciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsmbmJzcDthbiBTUiBkb21haW4uJm5ic3A7Jm5ic3A7 Q29ubmVjdGluZyBhIFBNUyB0byBhbiBTUiBkb21haW4gaXMgdGVjaG5pY2FsbHk8YnIgY2xhc3M9 IiI+DQombmJzcDsgJm5ic3A7Jm5ic3A7cG9zc2libGUsIGJ1dCBhZGRzIGZ1cnRoZXIgc2VjdXJp dHkgaXNzdWVzLiZuYnNwOyZuYnNwO0EgdHVubmVsIGJhc2VkIGFjY2VzcyBvZjxiciBjbGFzcz0i Ij4NCiZuYnNwOyAmbmJzcDsmbmJzcDthIFBNUyB0byBhbiBTUiBkb21haW4gaXMgbm90IHJlY29t bWVuZGVkLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk5FVzo8YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQombmJzcDsgJm5ic3A7Jm5ic3A7VG8gbGltaXQgcG90ZW50aWFsIG1pc3Vz ZSwgYWNjZXNzIHRvIGEgUE1TIG5lZWRzIHRvIGJlIGF1dGhvcml6ZWQgYW5kPGJyIGNsYXNzPSIi Pg0KfCZuYnNwOyZuYnNwOyZuYnNwO3Nob3VsZCBiZSBsb2dnZWQuJm5ic3A7Jm5ic3A7T0FNIHN1 cHBvcnRlZCBieSBhIFBNUyByZXF1aXJlcyBza2lsbGVkIHBlcnNvbm5lbDxiciBjbGFzcz0iIj4N CiZuYnNwOyAmbmJzcDsmbmJzcDthbmQgaGVuY2Ugb25seSBleHBlcnRzIHJlcXVpcmluZyBQTVMg YWNjZXNzIHNob3VsZCBiZSBhbGxvd2VkIHRvPGJyIGNsYXNzPSIiPg0KJm5ic3A7ICZuYnNwOyZu YnNwO2FjY2VzcyBzdWNoIGEgc3lzdGVtLiZuYnNwOyZuYnNwO0l0IGlzIHJlY29tbWVuZGVkIHRv IGRpcmVjdGx5IGF0dGFjaCBhIFBNUyB0bzxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsmbmJz cDthbiBTUiBkb21haW4uJm5ic3A7Jm5ic3A7Q29ubmVjdGluZyBhIFBNUyB0byBhbiBTUiBkb21h aW4gaXMgdGVjaG5pY2FsbHk8YnIgY2xhc3M9IiI+DQombmJzcDsgJm5ic3A7Jm5ic3A7cG9zc2li bGUsIGJ1dCBhZGRzIGZ1cnRoZXIgc2VjdXJpdHkgaXNzdWVzLiZuYnNwOyZuYnNwO0EgdHVubmVs IGJhc2VkIGFjY2VzcyBvZjxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsmbmJzcDthIFBNUyB0 byBhbiBTUiBkb21haW4gaXMgbm90IHJlY29tbWVuZGVkLjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxiciBjbGFzcz0iIj4NCjo8YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+QmVzdCByZWdh cmRzLDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0K PGRpdiBzdHlsZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsg dGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25l OyB3aGl0ZS1zcGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0 cm9rZS13aWR0aDogMHB4OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2Rl OiBzcGFjZTsgLXdlYmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIi Pg0K4oCUPGJyIGNsYXNzPSIiPg0KQ2FybG9zIFBpZ25hdGFybywmbmJzcDs8YSBocmVmPSJtYWls dG86Y2FybG9zQGNpc2NvLmNvbSIgY2xhc3M9IiI+Y2FybG9zQGNpc2NvLmNvbTwvYT48YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8aSBjbGFzcz0iIj7igJxTb21ldGltZXMgSSB1c2UgYmln IHdvcmRzIHRoYXQgSSBkbyBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291 bmQgbW9yZSBwaG90b3N5bnRoZXNpcy4mcXVvdDs8L2k+PC9kaXY+DQo8L2Rpdj4NCjxkaXY+PGJy IGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNz PSIiPk9uIERlYyAxMiwgMjAxNywgYXQgMjo1MiBBTSwgVGFrZXNoaSBUYWthaGFzaGkgJmx0Ozxh IGhyZWY9Im1haWx0bzp0YWtlc2hpX3Rha2FoYXNoaUBuaWN0LmdvLmpwIiBjbGFzcz0iIj50YWtl c2hpX3Rha2FoYXNoaUBuaWN0LmdvLmpwPC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9 IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9 IiI+UmV2aWV3ZXI6IFRha2VzaGkgVGFrYWhhc2hpPGJyIGNsYXNzPSIiPg0KUmV2aWV3IHJlc3Vs dDogSGFzIE5pdHM8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGUgaXNzdWVzIEkgaGF2 ZSBoZXJlIGFyZSB2ZXJ5IG1pbm9yLjxiciBjbGFzcz0iIj4NClRoZSBzZWN1cml0eSBjb25zaWRl cmF0aW9uIHNlY3Rpb24gYmVjYW1lIGJldHRlciB0aGFuIHRoZSAwNiB2ZXJzaW9uIHRoYXQgSTxi ciBjbGFzcz0iIj4NCmhhdmUgcmV2aWV3ZWQgYmVmb3JlLCBidXQgSSBob3BlIHRoZSBlZGl0b3Jz IGNvdWxkIGJlIGtpbmQgZW5vdWdoIHRvIGhlbHA8YnIgY2xhc3M9IiI+DQpyZWFkZXIgdW5kZXJz dGFuZCBzZWN1cml0eSBzaXR1YXRpb24gYmV0dGVyLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCk1pbm9yIGNvbW1lbnRzOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClJlZ2FyZGlu ZyB0aGlzIHNlbnRlbmNlICZxdW90O2J1dCBpdCBjYW4gYmUgdXNlZCB0byBjb21wcm9tc2Ugc2Vj dXJpdHkgaW4gdGhlIGNzZSBvZjxiciBjbGFzcz0iIj4NCmV4dGVybmFsIElQIGRvbWFpbnMmcXVv dDssIHdoYXQgZG8geW91IG1lYW4gYnkgJnF1b3Q7Y29tcHJvbWlzZSBzZWN1cml0eSZxdW90Oz8g SXQgd291bGQgYmU8YnIgY2xhc3M9IiI+DQpuaWNlIGlmIHlvdSBjb3VsZCBkZXNjcmliZSB3aGF0 IGtpbmQgb2Ygc2VjdXJpdHkgY29tcHJvbWlzZSBtYXkgaGFwcGVuIGluIG9yZGVyPGJyIGNsYXNz PSIiPg0KZm9yIHRoZSByZWFkZXJzIHRvIHVuZGVyc3RhbmQgdGhlIHRocmVhdHMgbW9yZSB2aXZp ZGx5LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkVkaXRvcmlhbCBjb21tZW50czo8YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQoxLiBMRFAgaGFkIGJldHRlciBiZSBzcGVsbGVkIG91 dC48YnIgY2xhc3M9IiI+DQoyLiAmcXVvdDtza2lsbGVkIHBlcnNvbmFsJnF1b3Q7OiBjb3VsZCBp dCBiZSAmcXVvdDtza2lsbGVkIHBlcnNvbm5lbCZxdW90Oz88YnIgY2xhc3M9IiI+DQozLiBUaGlz IHNlbnRlbmNlICZxdW90O0FzIGl0IGlzIG5lY2Vzc2FyeSB0byBrbm93IHRoYXQgdGhlIGluZm9y bWF0aW9uIGlzPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7c3RhbGUgaXMgb3JkZXIgdG8gZm9s bG93IHRoZSBpbnN0cnVjdGlvbiwgYXMgaXMgdGhlIGNhc2Ugd2l0aCBmb3I8YnIgY2xhc3M9IiI+ DQombmJzcDsmbmJzcDtleGFtcGxlIGNvbnZlcmdlbmNlIGV2ZW50cyB0aGF0IG1heSBiZSBvbmdv aW5nIGF0IHRoZSB0aW1lIG9mPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7ZGlhZ25vc3RpYyBt ZWFzdXJlbWVudC4mcXVvdDsgaXMgbm90IGVhc3kgdG8gdW5kZXJzdGFuZCBvZnIgbWUuIEkgc2Vl IHNvbWUgdHlwbzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO2luIHRoaXMgc2VudGVuY2UgYXMg d2VsbC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwv Ym9keT4NCjwvaHRtbD4NCg== --_000_2D6492DA25BD43A6ABBB76006F632055ciscocom_-- From nobody Wed Dec 13 16:14:45 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99E8A12421A; Wed, 13 Dec 2017 16:14:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BU8i4DGxURgX; Wed, 13 Dec 2017 16:14:43 -0800 (PST) Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5277512025C; Wed, 13 Dec 2017 16:14:43 -0800 (PST) Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id A247328B0041; Wed, 13 Dec 2017 19:14:41 -0500 (EST) Received: from [127.0.0.1] (nova.tislabs.com [10.66.1.77]) by nova.tislabs.com (Postfix) with ESMTP id 0D05B1F8036; Wed, 13 Dec 2017 19:14:40 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Russ Mundy Date: Wed, 13 Dec 2017 19:14:40 -0500 Cc: Russ Mundy , draft-ietf-spring-segment-routing-central-epe.all@ietf.org, ietf@ietf.org X-Mao-Original-Outgoing-Id: 534903280.073597-914442e256146cc4c729ea771be1822f Content-Transfer-Encoding: quoted-printable Message-Id: To: secdir@ietf.org X-Mailer: Apple Mail (2.3124) Archived-At: Subject: [secdir] Sector last call review of draft-ietf-spring-segment-routing-central-epe-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2017 00:14:45 -0000 Reviewer: Russ Mundy Review result: Ready Hi,=20 I have reviewed this document as part of the security directorate's = ongoing effort to review all IETF documents being processed by the IESG. = These comments were written primarily for the benefit of the security = area directors. Document editors and WG chairs should treat these = comments just like any other last call comments. The summary of the review is Ready As with a number of ID=E2=80=99s, there is a significant amount of = referencing of other RFCs/IDs - so much so, that it is difficult to get = a clear understanding of what is being specified in the document itself = (the diagrams are very useful - well done). However, since this ID has = an intended status of Informational, the amount of referencing is = probably acceptable but I would recommend that at least RFC4272 be = included in the Informative References list. Russ From nobody Thu Dec 14 04:19:48 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4959E128BC8 for ; Thu, 14 Dec 2017 04:19:47 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.67.1 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secratary@mit.edu Message-ID: <151325398725.6071.8770148312262024160.idtracker@ietfa.amsl.com> Date: Thu, 14 Dec 2017 04:19:47 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2017 12:19:47 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2017-12-14 Reviewer LC end Draft Shaun Cooley 2017-10-11 draft-ietf-grow-bgp-gshut-12 Phillip Hallam-Baker 2017-10-13 draft-ietf-ospf-segment-routing-extensions-23 Klaas Wierenga R2017-11-30 draft-ietf-stir-certificates-16 For telechat 2018-01-11 Reviewer LC end Draft Sandra Murphy 2017-11-30 draft-ietf-httpbis-origin-frame-04 Tim Polk None draft-ietf-lwig-energy-efficient-08 Vincent Roca None draft-ietf-intarea-broadcast-consider-05 Kyle Rose None draft-ietf-dhc-rfc3315bis-10 Stefan Santesson 2017-12-12 draft-ietf-rtgwg-yang-rip-06 Rifaat Shekh-Yusef 2018-01-02 draft-housley-id-sig-update-02 Melinda Shore 2017-12-22 draft-ietf-pim-yang-12 Robert Sparks 2017-12-22 draft-ietf-bess-evpn-overlay-10 Tom Yu 2017-12-22 draft-ietf-slim-negotiating-human-language-19 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-08 Matthew Miller 2017-12-08 draft-atarius-dispatch-meid-urn-13 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Tina Tsou R2017-06-29 draft-ietf-trill-arp-optimization-09 Next in the reviewer rotation: Tina Tsou Sean Turner Carl Wallace David Waltermire Samuel Weiler Brian Weis Klaas Wierenga Paul Wouters Liang Xia Tom Yu From nobody Fri Dec 15 19:10:43 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE90E124D85; Fri, 15 Dec 2017 19:10:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.919 X-Spam-Level: X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jabil.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zc2porCErVKx; Fri, 15 Dec 2017 19:10:35 -0800 (PST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0128.outbound.protection.outlook.com [104.47.42.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC20124B18; Fri, 15 Dec 2017 19:10:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jabil.onmicrosoft.com; s=selector1-jabil-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=y+NSRtLShmjpSXS5x7Yl8kLKnug8JlFTDnQiKUF2INc=; b=w5hSz/QpMsiduMMvf3TQIyMCI6tlVQ4QeWnLVg0QpsYEWw3+IvIVHbbFaw2W1LFpfP9OQucE/pqWiSGo4q352SSfpiJ7y36CL3bacweOqL+r22ydx2eHinoIpHVHvVL+f4pUL1kDP0E1zabviMS/gbkDZUUU8m80RRZ0mQOwAIg= Received: from BN3PR0201MB0867.namprd02.prod.outlook.com (10.160.154.13) by BN3PR0201MB0868.namprd02.prod.outlook.com (10.160.154.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Sat, 16 Dec 2017 03:10:33 +0000 Received: from BN3PR0201MB0867.namprd02.prod.outlook.com ([10.160.154.13]) by BN3PR0201MB0867.namprd02.prod.outlook.com ([10.160.154.13]) with mapi id 15.20.0302.017; Sat, 16 Dec 2017 03:10:33 +0000 From: Xufeng Liu To: Rich Salz , "secdir@ietf.org" CC: "draft-ietf-rtgwg-yang-vrrp.all@ietf.org" , "rtgwg@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-rtgwg-yang-vrrp-07 Thread-Index: AQHTbfs5HZyHCpQDe0CooPKi1JZM26NFWQ8g Date: Sat, 16 Dec 2017 03:10:33 +0000 Message-ID: References: <151250038233.23003.7660980675190435187@ietfa.amsl.com> In-Reply-To: <151250038233.23003.7660980675190435187@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5LnR4dCIgcD0iYzpcdXNlcnNceGxpdVxhcHBkYXRhXHJvYW1pbmdcMDlkODQ5YjYtMzJkMy00YTQwLTg1ZWUtNmI4NGJhMjllMzViXG1zZ3NcbXNnLWFjYmIyOTc4LWUyMGUtMTFlNy05YzNjLTE4NWUwZmUzYzQ1Y1xhbWUtdGVzdFxhY2JiMjk3YS1lMjBlLTExZTctOWMzYy0xODVlMGZlM2M0NWNib2R5LnR4dCIgc3o9IjE1MjUiIHQ9IjEzMTU3ODY3NDMyNTE3NDc3OSIgaD0iOHVseGNaZ3l0MmI0NmpPVlJsckF3S1k0eG5jPSIgaWQ9IiIgYmw9IjAiIGJvPSIxIi8+PC9tZXRhPg== authentication-results: spf=none (sender IP is ) smtp.mailfrom=Xufeng_Liu@jabil.com; x-originating-ip: [72.209.195.86] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BN3PR0201MB0868; 6:gomOLmLzI+DGgW379MJLv2wF29STIlfB47FS6g1r2KtQMGoZB71L2LcJCgWgpHzAfBt+807ztcRyJWmbjBp5FKw0txZUGPM6W/frBgNiesGckHLDmYSvERCKS0Rv9S8DCj740wlkO+CbQUCaQet44Zj8skVnD8Q/i0QB3wiv8/8W2DOUMEahv7TzXspxh/N44YWQeA9i6kldKJPxHwZ30s9BL70yN+M+97m4MiRGNXDixAr/fhnczi+V5jkK53B7zMdVXPNsRdMv3361occkUpUdwDW7+ocUESr2VScpYxgZRtkAfnV5BUK0op4wttFAj79wknDb0olGYR5zMsClQ+nzuscoxLpr2GM82OVRDsw=; 5:H4XTUGzp4V79AwatnS2slCW7rLWU0puSWErUB2oA00vcsgczXFFJ0wTTWl/fqbbTU3GfguhMjPMulolkCj7VBbgUKAVu4shozZTainDZHEJpz6hVdgsB4s+ilKazm9OXOBM2lTKNoBe2AB5VDBdGcgI1t+dwlybtZdrW0YVvv+o=; 24:JIjg0yWijhnzyut+hfjBSmvxdFmCIOI9rrohsSQ1mgBwKDDEaaJb0QoUtyrwFg3Wtl0474YaGAN0CjkLge3FcUw83DSdW56TXjdLSy7+vJE=; 7:aNyFXiRfyEUAMOyycUwf2id77UbjO+VrsFXVdpZ7jpgWf7TSYTMhpmj3Cc/7szsic/k3sgp3KxyW5FqcrwLbYc3Uole6Zpf+zd/o4fqvGye2lHvRkHA3cFdYr1mU5B96oeuZSxcqMnoH+Xi0y1f+XuH1vOLsQM8qRmKFNOKu4Ja8vFuC6XxxrTNUxjjo14Uqn0bub6wM9EAFYScNx9Phb6OBJN8eOd6wpDa2y1p1HBuGl6NLXWCUZk+56tT19k58 x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 2dae4e7b-5213-4c25-0fa8-08d544329231 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603307); SRVR:BN3PR0201MB0868; x-ms-traffictypediagnostic: BN3PR0201MB0868: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(3231023)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123558100)(20161123562025)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BN3PR0201MB0868; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:BN3PR0201MB0868; x-forefront-prvs: 0523CF0711 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(396003)(376002)(39860400002)(199004)(189003)(51914003)(13464003)(72206003)(230783001)(66066001)(106356001)(33656002)(105586002)(3280700002)(3660700001)(76176011)(2906002)(2900100001)(316002)(81156014)(25786009)(8676002)(68736007)(81166006)(99286004)(14454004)(966005)(478600001)(6506007)(7696005)(3846002)(55016002)(6116002)(7736002)(305945005)(53936002)(86362001)(2501003)(8936002)(2950100002)(74316002)(6246003)(9686003)(77096006)(6436002)(4326008)(5660300001)(229853002)(80792005)(59450400001)(97736004)(54906003)(6306002)(53546011)(110136005)(102836003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0201MB0868; H:BN3PR0201MB0867.namprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: jabil.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: jabil.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2dae4e7b-5213-4c25-0fa8-08d544329231 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2017 03:10:33.2660 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bc876b21-f134-4c12-a265-8ed26b7f0f3b X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0201MB0868 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-rtgwg-yang-vrrp-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2017 03:10:39 -0000 SGkgUmljaCwNCg0KVGhhbmtzIGZvciB0aGUgcmV2aWV3LiBXZSBoYXZlIHBvc3RlZCBhbiB1cGRh dGVkIHZlcnNpb24gb2YgdGhlIGRyYWZ0IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm dC1pZXRmLXJ0Z3dnLXlhbmctdnJycC0wOCB0byBhZGRyZXNzIHlvdXIgY29tbWVudHMuDQoNClRo YW5rcywNCi0gWHVmZW5nDQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTog UmljaCBTYWx6IFttYWlsdG86cnNhbHpAYWthbWFpLmNvbV0NCj4gU2VudDogVHVlc2RheSwgRGVj ZW1iZXIgNSwgMjAxNyAyOjAwIFBNDQo+IFRvOiBzZWNkaXJAaWV0Zi5vcmcNCj4gQ2M6IGRyYWZ0 LWlldGYtcnRnd2cteWFuZy12cnJwLmFsbEBpZXRmLm9yZzsgaWV0ZkBpZXRmLm9yZzsgcnRnd2dA aWV0Zi5vcmcNCj4gU3ViamVjdDogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtaWV0 Zi1ydGd3Zy15YW5nLXZycnAtMDcNCj4gDQo+IFJldmlld2VyOiBSaWNoIFNhbHoNCj4gUmV2aWV3 IHJlc3VsdDogUmVhZHkNCj4gDQo+IEkgZGlkIHRoaXMgcmV2aWV3IGZvciB0aGUgU2VjdXJpdHkg RGlyZWN0b3JhdGUgKFNFQ0RJUikgdG8gaGVscCB0aGUgU2VjdXJpdHkgQUQncy4NCj4gDQo+IFRo aXMgZG9jdW1lbnQgaXMgcmVhZHkuDQo+IA0KPiBTZWN0aW9uIDEuMiBnaXZlcyBhbiBhdWdtZW50 ZWQgZGlhZ3JhbSBzeW50YXg7IGlzIHRoYXQgY29tbW9uPyBTaG91bGQgaXQgYmUNCj4gYWRkZWQg dG8gInlhbmcgcHJvcGVyIj8NCg0KW1h1ZmVuZ10gVGhpcyBzZWN0aW9uIGluIHRoZSBwcmV2aW91 cyB2ZXJzaW9uIHVzZWQgYW4gb2xkZXIgY29udmVudGlvbiB0byBkZXNjcmliZSB0aGUgZGlhZ3Jh bSBzeW50YXguIEJlY2F1c2Ugb2YgdGhlIG5ldyBhdmFpbGFibGUgZHJhZnQtaWV0Zi1uZXRtb2Qt eWFuZy10cmVlLWRpYWdyYW1zLTAyLCB3ZSBoYXZlIHVwZGF0ZWQgdGhpcyBzZWN0aW9uIHRvIHVz ZSB0aGUgbmV3IGNvbnZlbnRpb24uDQoNCj4gDQo+IFRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9u cyBpcyBzaG9ydCBhbmQgdG8gdGhlIHBvaW50LiBUaGlzIGRvY3VtZW50IGRlc2NyaWJlcyBhDQo+ IGRhdGEgbW9kZWwsIHNvIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBwcm9wZXJseSBwb2lu dCBjYWxsIG91dCByZXF1aXJlbWVudHMNCj4gb24gYW55IHRyYW5zcG9ydCBtZWNoYW5pc20gdXNl ZC4gIENhbGxpbmcgb3V0IHBhcnRpY3VsYXJseSB2dWxuZXJhYmxlIG5vZGVzIGlzDQo+IGdvb2Qg cHJhY3RpY2UuIFBlcmhhcHMgYWRkIGEgc2VudGVuY2Ugc2F5aW5nIHRoYXQgImltcGxlbWVudGVk IHNob3VsZCByZXZpZXcNCj4gYWxsIHRoZSBub2RlcyBmb3Igc2VjdXJpdHkgY29uY2VybnMiIG1p Z2h0IGJlIHVzZWZ1bC4NCg0KW1h1ZmVuZ10gQWRkZWQgdGhlIHNlbnRlbmNlIGFzIHN1Z2dlc3Rl ZC4NCj4gDQoNCg== From nobody Fri Dec 15 23:46:15 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76CBC1270A3; Fri, 15 Dec 2017 23:46:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ICQdWWDKcFup; Fri, 15 Dec 2017 23:46:06 -0800 (PST) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 714B3126D85; Fri, 15 Dec 2017 23:46:06 -0800 (PST) Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vBG7goGm005380; Sat, 16 Dec 2017 07:46:05 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=7xjZX+YXstt1rfp3txBslL5vr0LttYw4cWqJ78ndvFE=; b=FrxbHqy+Qm4eTg7zIIrACh2LnMR6bgPKETNbrLYicfDulrY9a60USq5s7i0zlK+6gA95 hdu/vsGRotGyQe2FEqH1CoB0Y6J0NsVvjZsmfzq0eq0uzkA90gir93+80b+hPwyTz+O+ eph3+M81Vqv9ZOuSKxwMm+9ROkJ+PqokpliTXmmzfv+tCNzHp6sxbFtZWboiGzY+rfpK JSe5LOJWlhw4U6Cre0G90YksoCDkGy/yCAQ7YpIUhAiSr6SZMffsLzeqFmbLS/+RXwhS +KSc2cYX7abkSHndgqkFvrBdNfwATQgOZsIJUrLzBAatpNlSKw3Mq2uEj/oC96w3oIeu xg== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by mx0a-00190b01.pphosted.com with ESMTP id 2evvdkgb9q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 16 Dec 2017 07:46:05 +0000 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id vBG7ekMA017594; Sat, 16 Dec 2017 02:46:04 -0500 Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint1.akamai.com with ESMTP id 2evwhfr9fx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 16 Dec 2017 02:46:04 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 16 Dec 2017 02:46:03 -0500 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Sat, 16 Dec 2017 02:46:03 -0500 From: "Salz, Rich" To: Xufeng Liu , "secdir@ietf.org" CC: "draft-ietf-rtgwg-yang-vrrp.all@ietf.org" , "rtgwg@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-rtgwg-yang-vrrp-07 Thread-Index: AQHTdhtyAEo6q5OIrk27kJy52+Wiz6NF63KA Date: Sat, 16 Dec 2017 07:46:03 +0000 Message-ID: <393FFD7E-FBEF-4DC4-9CCC-6C5DDD5E2941@akamai.com> References: <151250038233.23003.7660980675190435187@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.27.0.171010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.152.103] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-12-16_04:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1712160123 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-12-16_04:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1712160124 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-rtgwg-yang-vrrp-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Dec 2017 07:46:08 -0000 TG9va3MgZ29vZCB0byBtZSB0aGFua3MhDQoNCk9uIDEyLzE2LzE3LCAzOjEwIEFNLCAiWHVmZW5n IExpdSIgPFh1ZmVuZ19MaXVAamFiaWwuY29tPiB3cm90ZToNCg0KICAgIEhpIFJpY2gsDQogICAg DQogICAgVGhhbmtzIGZvciB0aGUgcmV2aWV3LiBXZSBoYXZlIHBvc3RlZCBhbiB1cGRhdGVkIHZl cnNpb24gb2YgdGhlIGRyYWZ0IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRm LXJ0Z3dnLXlhbmctdnJycC0wOCB0byBhZGRyZXNzIHlvdXIgY29tbWVudHMuDQogICAgDQogICAg VGhhbmtzLA0KICAgIC0gWHVmZW5nDQogICAgDQogICAgPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2Ut LS0tLQ0KICAgID4gRnJvbTogUmljaCBTYWx6IFttYWlsdG86cnNhbHpAYWthbWFpLmNvbV0NCiAg ICA+IFNlbnQ6IFR1ZXNkYXksIERlY2VtYmVyIDUsIDIwMTcgMjowMCBQTQ0KICAgID4gVG86IHNl Y2RpckBpZXRmLm9yZw0KICAgID4gQ2M6IGRyYWZ0LWlldGYtcnRnd2cteWFuZy12cnJwLmFsbEBp ZXRmLm9yZzsgaWV0ZkBpZXRmLm9yZzsgcnRnd2dAaWV0Zi5vcmcNCiAgICA+IFN1YmplY3Q6IFNl Y2RpciBsYXN0IGNhbGwgcmV2aWV3IG9mIGRyYWZ0LWlldGYtcnRnd2cteWFuZy12cnJwLTA3DQog ICAgPiANCiAgICA+IFJldmlld2VyOiBSaWNoIFNhbHoNCiAgICA+IFJldmlldyByZXN1bHQ6IFJl YWR5DQogICAgPiANCiAgICA+IEkgZGlkIHRoaXMgcmV2aWV3IGZvciB0aGUgU2VjdXJpdHkgRGly ZWN0b3JhdGUgKFNFQ0RJUikgdG8gaGVscCB0aGUgU2VjdXJpdHkgQUQncy4NCiAgICA+IA0KICAg ID4gVGhpcyBkb2N1bWVudCBpcyByZWFkeS4NCiAgICA+IA0KICAgID4gU2VjdGlvbiAxLjIgZ2l2 ZXMgYW4gYXVnbWVudGVkIGRpYWdyYW0gc3ludGF4OyBpcyB0aGF0IGNvbW1vbj8gU2hvdWxkIGl0 IGJlDQogICAgPiBhZGRlZCB0byAieWFuZyBwcm9wZXIiPw0KICAgIA0KICAgIFtYdWZlbmddIFRo aXMgc2VjdGlvbiBpbiB0aGUgcHJldmlvdXMgdmVyc2lvbiB1c2VkIGFuIG9sZGVyIGNvbnZlbnRp b24gdG8gZGVzY3JpYmUgdGhlIGRpYWdyYW0gc3ludGF4LiBCZWNhdXNlIG9mIHRoZSBuZXcgYXZh aWxhYmxlIGRyYWZ0LWlldGYtbmV0bW9kLXlhbmctdHJlZS1kaWFncmFtcy0wMiwgd2UgaGF2ZSB1 cGRhdGVkIHRoaXMgc2VjdGlvbiB0byB1c2UgdGhlIG5ldyBjb252ZW50aW9uLg0KICAgIA0KICAg ID4gDQogICAgPiBUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgaXMgc2hvcnQgYW5kIHRvIHRo ZSBwb2ludC4gVGhpcyBkb2N1bWVudCBkZXNjcmliZXMgYQ0KICAgID4gZGF0YSBtb2RlbCwgc28g dGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHByb3Blcmx5IHBvaW50IGNhbGwgb3V0IHJlcXVp cmVtZW50cw0KICAgID4gb24gYW55IHRyYW5zcG9ydCBtZWNoYW5pc20gdXNlZC4gIENhbGxpbmcg b3V0IHBhcnRpY3VsYXJseSB2dWxuZXJhYmxlIG5vZGVzIGlzDQogICAgPiBnb29kIHByYWN0aWNl LiBQZXJoYXBzIGFkZCBhIHNlbnRlbmNlIHNheWluZyB0aGF0ICJpbXBsZW1lbnRlZCBzaG91bGQg cmV2aWV3DQogICAgPiBhbGwgdGhlIG5vZGVzIGZvciBzZWN1cml0eSBjb25jZXJucyIgbWlnaHQg YmUgdXNlZnVsLg0KICAgIA0KICAgIFtYdWZlbmddIEFkZGVkIHRoZSBzZW50ZW5jZSBhcyBzdWdn ZXN0ZWQuDQogICAgPiANCiAgICANCiAgICANCg0K From nobody Mon Dec 18 14:20:14 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A673B12D95A for ; Mon, 18 Dec 2017 14:20:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.009 X-Spam-Level: X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDRKdN8gyobW for ; Mon, 18 Dec 2017 14:20:09 -0800 (PST) Received: from sonic316-15.consmr.mail.gq1.yahoo.com (sonic316-15.consmr.mail.gq1.yahoo.com [98.137.69.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 863151270AB for ; Mon, 18 Dec 2017 14:20:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1513635609; bh=DxtMmMrKgskw4LUezWDRhgFzNF9LmIPfDjFy/rGIT/s=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=GzF0YwVeIbiVnauw2jJ1MB3i6gPqp2nYutO3+8YxSxhUZ0/Auro4ZeeSPz6jMAPXLznFGcE+b6yYzk+Z2sE/20dGbyvKlZHpRU+VOl7AHEWTKtHC3XmQw+EfSDTs2aZ3HveGZ6g6hOle2lqHNwPAeUj2LPNLswi+OSPxTN3MpbziNLKuFIVA9oF0SMmlxHXVIM19uwT8VFL1W/7CIOBY3ZLMx9QagJE8GG3b1P/OloE4ENUGq4BnjnGXKEAEBUsIKNkjZEVFwUGABVcTONOITUuM/t61s1Ip7Ac7Js5sKsJE8Kb+knEDZ1BA/2NTm5cIW8jk5jU2zPZYeujvsdwfWw== X-YMail-OSG: ggS4kr4VM1n5VZ8BQPKJ91Fxz9wumrD0bUtWSTp.F.sDjEqyUv6.jj5Sno9T_Ru 8M0BGjQoMBF7F5rJaBCuMVjsrN6UW0uhArm4lgjMAA4wBwkRYuLMLliOP1pLaDeRzLU5KBPkR1w9 dNLHchJKy77EdeVgYGUx9yFSK.hvZCltKxzQdN.WbfUvLDGNpfhsSggYa3lSm3JyC_GaFjho24rN gh_cxocAX92zhzoTRxDCqPvIXIYzF6S6yJpJiOnNBzLVX4TEuK3WXFI9gukGvFqrLGVfzJXbgYZD 8TOMEBCaX1Iv7595MDnaaktrBoWyq4M378meRfcTEQxoRcrXcGCUT3iHoMfJDxSwjp8M670SKJYf eZkSIAu7Wz_LMVMhGcy3r7AQ.VOiDSe.9_1GhUql0W9AFuYDGXJnfgPckHHpCb2S32Y9chC4IG3Q UErzMpcW6hs_A.Jz4zKLeM5wW2bq6Oh4NC2rTBZ5wHSv6srU7APtrrfdhZfXTDhGchtfq7NzbcUl 6n32lk.7Twvm5DgdYdoiSKT_z55cvt0m1a5FtmhPxs24exxfNXDW0qw-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.gq1.yahoo.com with HTTP; Mon, 18 Dec 2017 22:20:09 +0000 Date: Mon, 18 Dec 2017 22:20:04 +0000 (UTC) From: R Atarius Reply-To: R Atarius To: Daniel Migault , Andrew Allen , "secdir@ietf.org" Cc: "draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org" , "ietf@ietf.org" Message-ID: <458960847.867887.1513635604655@mail.yahoo.com> In-Reply-To: <2DD56D786E600F45AC6BDE7DA4E8A8C118D2234D@eusaamb107.ericsson.se> References: <151270040464.5892.16248327802973779967@ietfa.amsl.com> <2DD56D786E600F45AC6BDE7DA4E8A8C118D2234D@eusaamb107.ericsson.se> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_867886_2432273.1513635604652" X-Mailer: WebService/1.1.11051 YahooMailNeo Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2017 22:20:13 -0000 ------=_Part_867886_2432273.1513635604652 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Daniel and Andrew, Note that "simultaneously" was omitted in Andrew's proposal which was agree= d by Daniel. However, I think this wording should be kept in the sentence. = Therefore,=C2=A0I am suggesting to keep "simultaneously"=C2=A0 in the sente= nce and have it as=C2=A0 "To achieve this the mobile device needs to simultaneously communicate via = both the IP/SIP/IMS domain and the circuit switched domain." ThanksRoozbeh From: Daniel Migault To: Andrew Allen ; "secdir@ietf.org" =20 Cc: "draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org" ; "ietf@ietf.org" Sent: Friday, December 8, 2017 9:39 AM Subject: RE: Secdir last call review of draft-atarius-dispatch-meid-urn-as= -instanceid-05 =20 Thanks the addresses fully my minor comment.=20 Yours,=20 Daniel -----Original Message----- From: Andrew Allen [mailto:aallen@blackberry.com]=20 Sent: Friday, December 08, 2017 12:37 PM To: Daniel Migault ; secdir@ietf.org Cc: draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org; ietf@ietf.o= rg Subject: RE: Secdir last call review of draft-atarius-dispatch-meid-urn-as-= instanceid-05 Daniel When talking about SIP and IMS Registered has a specific connotation means = SIP registered. The is no SIP Registration between the mobile device and the CS domain so u= sing registered might be misleading.=20 You are right that in the single radio case the mobile device is not simult= aneously attached to both the IMS and CS domain. It would be in the dual ra= dio case. Maybe change that last sentence to To achieve this the mobile device needs to communicate via both the IP/SIP/= IMS domain and the circuit switched domain. Andrew -----Original Message----- From: Daniel Migault [mailto:daniel.migault@ericsson.com]=20 Sent: Thursday, December 7, 2017 9:33 PM To: secdir@ietf.org Cc: draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org; ietf@ietf.o= rg Subject: Secdir last call review of draft-atarius-dispatch-meid-urn-as-inst= anceid-05 Reviewer: Daniel Migault Review result: Ready Hi,=20 I have reviewed this document as part of the security directorate's ongoing= effort to review all IETF documents being processed by the IESG.=C2=A0 The= se comments were written primarily for the benefit of the security area dir= ectors.=C2=A0 Document editors and WG chairs should treat these comments ju= st like any other last call comments. The summary of the review is Ready Some comments / questions: 1.=C2=A0 Introduction =C2=A0 This specification specifies how the URN namespace reserved for 3GPP= 2 =C2=A0 identities and its NSS for the MEID as specified in draft-atarius- =C2=A0 dispatch-meid-urn [8] can be used as an instance-id as specified in =C2=A0 RFC 5626 [2] and also as used by RFC 5627 [3]. I think it would be good to have the acronyms (URN, 3GPP2, NSS, MEID) expanded in the introduction section as it is being done in the abstr= act.=20 =C2=A0 3GPP2 defines High Rate Packet Data (HRPD) with high data rates and =C2=A0 it dispenses with the 1x Circuit Switched (1xCS) infrastructure. =C2=A0 This means that with HRPD networks, voice calls will need to be =C2=A0 conducted using IP and IMS.=C2=A0 However, the transition to all IP,= SIP =C2=A0 based IMS networks worldwide will take a great many years from the =C2=A0 time of this writing and mobile devices will need to operate in both =C2=A0 IP/SIP/IMS mode and circuit switched mode.=C2=A0 This means that cal= ls and =C2=A0 sessions will need to be handed over between IP/SIP/IMS mode and =C2=A0 circuit switched mode mid-call or mid-session.=C2=A0 To achieve this= the =C2=A0 mobile device needs to be simultaneously attached via both the =C2=A0 IP/SIP/IMS domain and the circuit switched domain. I am questioning whether "registered" would not be better appropriat= ed than "attached". My reading of attached is a dual radio case while "regi= ster" seems to include the single radio.=20 I might be wrong as well. =20 ------=_Part_867886_2432273.1513635604652 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Daniel and Andrew,

Note that "simultaneously" was omitted in Andrew's proposal w= hich was agreed by Daniel. However, I think this wording should be kept in = the sentence. Therefore, I am suggesting to keep "simultaneousl= y"  in the sentence and have it as 

"To achieve this the mobile device needs to simultane= ously communicate via both the IP/SIP/IMS domain and the circuit switched d= omain."



= Thanks
Roozbeh

From: Daniel Migault <= ;daniel.migault@ericsson.com>
= To: Andrew Allen <aallen@blackberry.com>; "secdir@ietf.org= " <secdir@ietf.org>
Cc: "draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org" <dr= aft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org>; "ietf@ietf.or= g" <ietf@ietf.org>
Sent: Friday, December 8, 2017 9:39 AM
Subject: RE: Secdir last call review of draft-atarius-d= ispatch-meid-urn-as-instanceid-05

Thanks the addresses fully my mi= nor comment.
Yours,
Daniel

-----Original Message-----
From: Andrew Allen [mailto:aallen@blackberry.com]
Sent: Fri= day, December 08, 2017 12:37 PM
To: Daniel Migault <daniel.migault@ericsson.com>; secdir@ietf.org
Cc: draft-at= arius-dispatch-meid-urn-as-instanceid.all@ietf.org; ietf@ietf.org=
Subject: RE: Secdir last call review of draft-atariu= s-dispatch-meid-urn-as-instanceid-05

D= aniel

When talking about SIP and IMS R= egistered has a specific connotation means SIP registered.

The is no SIP Registration between the mobile device a= nd the CS domain so using registered might be misleading.

You are right that in the single radio case the mobile= device is not simultaneously attached to both the IMS and CS domain. It wo= uld be in the dual radio case.

Maybe c= hange that last sentence to

To achieve= this the mobile device needs to communicate via both the IP/SIP/IMS domain= and the circuit switched domain.

Andr= ew

-----Original Message-----
From: Daniel Migault [mailto:da= niel.migault@ericsson.com]
Sent: Thursday, December = 7, 2017 9:33 PM
To: secdir@ietf.org
Cc: draft-atarius-dispatch-meid-urn-as-inst= anceid.all@ietf.org; ietf@ietf.org
Subject:= Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-0= 5

Reviewer: Daniel Migault
Review result: Ready

Hi,

I have reviewed this document as part of th= e security directorate's ongoing effort to review all IETF documents being = processed by the IESG.  These comments were written primarily for the = benefit of the security area directors.  Document editors and WG chair= s should treat these comments just like any other last call comments.

The summary of the review is Ready

Some comments / questions:
<= br clear=3D"none">1.  Introduction

  This specification specifies how the URN namespace reserved for 3= GPP2
  identities and its NSS for the MEID as speci= fied in draft-atarius-
  dispatch-meid-urn [8] can = be used as an instance-id as specified in
  RFC 562= 6 [2] and also as used by RFC 5627 [3].

<mglt> I think it would be good to have the acronyms (URN, 3GPP2, N= SS,
MEID) expanded in the introduction section as it is b= eing done in the abstract.</mglt>


  3GPP2 defines High Rate Packet Data (HRPD) wi= th high data rates and
  it dispenses with the 1x C= ircuit Switched (1xCS) infrastructure.
  This means= that with HRPD networks, voice calls will need to be
&nb= sp; conducted using IP and IMS.  However, the transition to all IP, S= IP
  based IMS networks worldwide will take a great= many years from the
  time of this writing and mob= ile devices will need to operate in both
  IP/SIP/I= MS mode and circuit switched mode.  This means that calls and
  sessions will need to be handed over between IP/SIP/IMS m= ode and
  circuit switched mode mid-call or mid-ses= sion.  To achieve this the
  mobile device nee= ds to be simultaneously attached via both the
  IP/= SIP/IMS domain and the circuit switched domain.

<mglt> I am questioning whether "registered" would not be b= etter appropriated than "attached". My reading of attached is a dual radio = case while "register" seems to include the single radio.
I might be wrong as well.</mglt>





=
------=_Part_867886_2432273.1513635604652-- From nobody Mon Dec 18 14:34:37 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76CB012D9FF; Mon, 18 Dec 2017 14:34:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H_FIOWsgK4Oe; Mon, 18 Dec 2017 14:34:29 -0800 (PST) Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9E1312D964; Mon, 18 Dec 2017 14:34:28 -0800 (PST) X-AuditID: c6180641-81dff70000007a40-52-5a384274f002 Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id 7E.44.31296.472483A5; Mon, 18 Dec 2017 23:34:28 +0100 (CET) Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0352.000; Mon, 18 Dec 2017 17:34:27 -0500 From: Daniel Migault To: R Atarius , Andrew Allen , "secdir@ietf.org" CC: "draft-atarius-dispatch-meid-urn-as-instanceid.all@ietf.org" , "ietf@ietf.org" Thread-Topic: Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-05 Thread-Index: AQHTcEswWEf3/OfoNEiMaHuZjaej1qM5thfAgBBZ2AD//7AEEA== Date: Mon, 18 Dec 2017 22:34:26 +0000 Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118D31E02@eusaamb107.ericsson.se> References: <151270040464.5892.16248327802973779967@ietfa.amsl.com> <2DD56D786E600F45AC6BDE7DA4E8A8C118D2234D@eusaamb107.ericsson.se> <458960847.867887.1513635604655@mail.yahoo.com> In-Reply-To: <458960847.867887.1513635604655@mail.yahoo.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.12] Content-Type: multipart/alternative; boundary="_000_2DD56D786E600F45AC6BDE7DA4E8A8C118D31E02eusaamb107erics_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprHIsWRmVeSWpSXmKPExsUyuXRPiG6Jk0WUwdJJMhb3521ltHi8eDaj xbON81ksei5YWnxY+JDFgdVjVsNado8lS34yecyadZgpgDmKyyYlNSezLLVI3y6BK2Pi/lOM BR37GCvaFr1mbGBs2cnYxcjJISFgIjGn6RKQzcUhJHCEUeLylZmsEM5yRokdLZ+ZQKrYBIwk 2g71s4PYIgIFEs/XvGADKWIWWMQocXXZQ7CEsECUxN8d25kgiqIlup/8hrKdJFretoPVsAio Spy5858FxOYV8JVYsWsNE8S2H4wS394eBWvgFLCRuPxtLVgRo4CYxPdTa8DizALiEreezGeC uFtAYsme88wQtqjEy8f/WCFsJYk5r68xQ9TnS8zZ85wdYpmgxMmZT1gmMIrMQjJqFpKyWUjK ZjFyAMU1Jdbv0ocoUZSY0v2QHcLWkGidM5cdWXwBI/sqRo7S4oKc3HQjw02MwFg7JsHmuINx b6/nIUYBDkYlHt6FBhZRQqyJZcWVuYcYJTiYlUR4/c6aRwnxpiRWVqUW5ccXleakFh9ilOZg URLnPefJGyUkkJ5YkpqdmlqQWgSTZeLglGpgNEtyXrBj/b0nn2XMjigoTX51bV/4/vDCY0nq DTwvtL6tbmpYvq5PQr/PnaOa83CtiLFHx/KMacGNvjM1nsmzV1sdfFF1c17LWakLzuILSxfM tZ3w6NqkM5WpGwJb5Jd1/Akr4Kl/eoP7zyV130zvBM4DesY7PM0Oczos3hGx5knegfllr583 KrEUZyQaajEXFScCAKXYFpuxAgAA Archived-At: Subject: Re: [secdir] Secdir last call review of draft-atarius-dispatch-meid-urn-as-instanceid-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2017 22:34:31 -0000 --_000_2DD56D786E600F45AC6BDE7DA4E8A8C118D31E02eusaamb107erics_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhpcyB3b3JrcyBmb3IgbWUuDQoNCllvdXJzLA0KRGFuaWVsDQoNCkZyb206IFIgQXRhcml1cyBb bWFpbHRvOnJfYXRhcml1c0B5YWhvby5jb21dDQpTZW50OiBNb25kYXksIERlY2VtYmVyIDE4LCAy MDE3IDU6MjAgUE0NClRvOiBEYW5pZWwgTWlnYXVsdCA8ZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24u Y29tPjsgQW5kcmV3IEFsbGVuIDxhYWxsZW5AYmxhY2tiZXJyeS5jb20+OyBzZWNkaXJAaWV0Zi5v cmcNCkNjOiBkcmFmdC1hdGFyaXVzLWRpc3BhdGNoLW1laWQtdXJuLWFzLWluc3RhbmNlaWQuYWxs QGlldGYub3JnOyBpZXRmQGlldGYub3JnDQpTdWJqZWN0OiBSZTogU2VjZGlyIGxhc3QgY2FsbCBy ZXZpZXcgb2YgZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLTA1 DQoNCkRhbmllbCBhbmQgQW5kcmV3LA0KDQpOb3RlIHRoYXQgInNpbXVsdGFuZW91c2x5IiB3YXMg b21pdHRlZCBpbiBBbmRyZXcncyBwcm9wb3NhbCB3aGljaCB3YXMgYWdyZWVkIGJ5IERhbmllbC4g SG93ZXZlciwgSSB0aGluayB0aGlzIHdvcmRpbmcgc2hvdWxkIGJlIGtlcHQgaW4gdGhlIHNlbnRl bmNlLiBUaGVyZWZvcmUsIEkgYW0gc3VnZ2VzdGluZyB0byBrZWVwICJzaW11bHRhbmVvdXNseSIg IGluIHRoZSBzZW50ZW5jZSBhbmQgaGF2ZSBpdCBhcw0KDQoiVG8gYWNoaWV2ZSB0aGlzIHRoZSBt b2JpbGUgZGV2aWNlIG5lZWRzIHRvIHNpbXVsdGFuZW91c2x5IGNvbW11bmljYXRlIHZpYSBib3Ro IHRoZSBJUC9TSVAvSU1TIGRvbWFpbiBhbmQgdGhlIGNpcmN1aXQgc3dpdGNoZWQgZG9tYWluLiIN Cg0KDQoNClRoYW5rcw0KUm9vemJlaA0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Xw0KRnJvbTogRGFuaWVsIE1pZ2F1bHQgPGRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbTxtYWls dG86ZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tPj4NClRvOiBBbmRyZXcgQWxsZW4gPGFhbGxl bkBibGFja2JlcnJ5LmNvbTxtYWlsdG86YWFsbGVuQGJsYWNrYmVycnkuY29tPj47ICJzZWNkaXJA aWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4iIDxzZWNkaXJAaWV0Zi5vcmc8bWFpbHRv OnNlY2RpckBpZXRmLm9yZz4+DQpDYzogImRyYWZ0LWF0YXJpdXMtZGlzcGF0Y2gtbWVpZC11cm4t YXMtaW5zdGFuY2VpZC5hbGxAaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWF0YXJpdXMtZGlzcGF0Y2gt bWVpZC11cm4tYXMtaW5zdGFuY2VpZC5hbGxAaWV0Zi5vcmc+IiA8ZHJhZnQtYXRhcml1cy1kaXNw YXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLmFsbEBpZXRmLm9yZzxtYWlsdG86ZHJhZnQtYXRh cml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLmFsbEBpZXRmLm9yZz4+OyAiaWV0 ZkBpZXRmLm9yZzxtYWlsdG86aWV0ZkBpZXRmLm9yZz4iIDxpZXRmQGlldGYub3JnPG1haWx0bzpp ZXRmQGlldGYub3JnPj4NClNlbnQ6IEZyaWRheSwgRGVjZW1iZXIgOCwgMjAxNyA5OjM5IEFNDQpT dWJqZWN0OiBSRTogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtYXRhcml1cy1kaXNw YXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLTA1DQoNClRoYW5rcyB0aGUgYWRkcmVzc2VzIGZ1 bGx5IG15IG1pbm9yIGNvbW1lbnQuDQpZb3VycywNCkRhbmllbA0KDQotLS0tLU9yaWdpbmFsIE1l c3NhZ2UtLS0tLQ0KRnJvbTogQW5kcmV3IEFsbGVuIFttYWlsdG86YWFsbGVuQGJsYWNrYmVycnku Y29tPG1haWx0bzphYWxsZW5AYmxhY2tiZXJyeS5jb20+XQ0KU2VudDogRnJpZGF5LCBEZWNlbWJl ciAwOCwgMjAxNyAxMjozNyBQTQ0KVG86IERhbmllbCBNaWdhdWx0IDxkYW5pZWwubWlnYXVsdEBl cmljc3Nvbi5jb208bWFpbHRvOmRhbmllbC5taWdhdWx0QGVyaWNzc29uLmNvbT4+OyBzZWNkaXJA aWV0Zi5vcmc8bWFpbHRvOnNlY2RpckBpZXRmLm9yZz4NCkNjOiBkcmFmdC1hdGFyaXVzLWRpc3Bh dGNoLW1laWQtdXJuLWFzLWluc3RhbmNlaWQuYWxsQGlldGYub3JnPG1haWx0bzpkcmFmdC1hdGFy aXVzLWRpc3BhdGNoLW1laWQtdXJuLWFzLWluc3RhbmNlaWQuYWxsQGlldGYub3JnPjsgaWV0ZkBp ZXRmLm9yZzxtYWlsdG86aWV0ZkBpZXRmLm9yZz4NClN1YmplY3Q6IFJFOiBTZWNkaXIgbGFzdCBj YWxsIHJldmlldyBvZiBkcmFmdC1hdGFyaXVzLWRpc3BhdGNoLW1laWQtdXJuLWFzLWluc3RhbmNl aWQtMDUNCg0KRGFuaWVsDQoNCldoZW4gdGFsa2luZyBhYm91dCBTSVAgYW5kIElNUyBSZWdpc3Rl cmVkIGhhcyBhIHNwZWNpZmljIGNvbm5vdGF0aW9uIG1lYW5zIFNJUCByZWdpc3RlcmVkLg0KDQpU aGUgaXMgbm8gU0lQIFJlZ2lzdHJhdGlvbiBiZXR3ZWVuIHRoZSBtb2JpbGUgZGV2aWNlIGFuZCB0 aGUgQ1MgZG9tYWluIHNvIHVzaW5nIHJlZ2lzdGVyZWQgbWlnaHQgYmUgbWlzbGVhZGluZy4NCg0K WW91IGFyZSByaWdodCB0aGF0IGluIHRoZSBzaW5nbGUgcmFkaW8gY2FzZSB0aGUgbW9iaWxlIGRl dmljZSBpcyBub3Qgc2ltdWx0YW5lb3VzbHkgYXR0YWNoZWQgdG8gYm90aCB0aGUgSU1TIGFuZCBD UyBkb21haW4uIEl0IHdvdWxkIGJlIGluIHRoZSBkdWFsIHJhZGlvIGNhc2UuDQoNCk1heWJlIGNo YW5nZSB0aGF0IGxhc3Qgc2VudGVuY2UgdG8NCg0KVG8gYWNoaWV2ZSB0aGlzIHRoZSBtb2JpbGUg ZGV2aWNlIG5lZWRzIHRvIGNvbW11bmljYXRlIHZpYSBib3RoIHRoZSBJUC9TSVAvSU1TIGRvbWFp biBhbmQgdGhlIGNpcmN1aXQgc3dpdGNoZWQgZG9tYWluLg0KDQpBbmRyZXcNCg0KLS0tLS1Pcmln aW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IERhbmllbCBNaWdhdWx0IFttYWlsdG86ZGFuaWVsLm1p Z2F1bHRAZXJpY3Nzb24uY29tPG1haWx0bzpkYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb20+XQ0K U2VudDogVGh1cnNkYXksIERlY2VtYmVyIDcsIDIwMTcgOTozMyBQTQ0KVG86IHNlY2RpckBpZXRm Lm9yZzxtYWlsdG86c2VjZGlyQGlldGYub3JnPg0KQ2M6IGRyYWZ0LWF0YXJpdXMtZGlzcGF0Y2gt bWVpZC11cm4tYXMtaW5zdGFuY2VpZC5hbGxAaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWF0YXJpdXMt ZGlzcGF0Y2gtbWVpZC11cm4tYXMtaW5zdGFuY2VpZC5hbGxAaWV0Zi5vcmc+OyBpZXRmQGlldGYu b3JnPG1haWx0bzppZXRmQGlldGYub3JnPg0KU3ViamVjdDogU2VjZGlyIGxhc3QgY2FsbCByZXZp ZXcgb2YgZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLTA1DQoN ClJldmlld2VyOiBEYW5pZWwgTWlnYXVsdA0KUmV2aWV3IHJlc3VsdDogUmVhZHkNCg0KSGksDQoN CkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRp cmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBi ZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVzZSBjb21tZW50cyB3ZXJlIHdyaXR0ZW4g cHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYSBkaXJlY3RvcnMu ICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1l bnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLg0KDQpUaGUgc3VtbWFy eSBvZiB0aGUgcmV2aWV3IGlzIFJlYWR5DQoNClNvbWUgY29tbWVudHMgLyBxdWVzdGlvbnM6DQoN CjEuICBJbnRyb2R1Y3Rpb24NCg0KICBUaGlzIHNwZWNpZmljYXRpb24gc3BlY2lmaWVzIGhvdyB0 aGUgVVJOIG5hbWVzcGFjZSByZXNlcnZlZCBmb3IgM0dQUDINCiAgaWRlbnRpdGllcyBhbmQgaXRz IE5TUyBmb3IgdGhlIE1FSUQgYXMgc3BlY2lmaWVkIGluIGRyYWZ0LWF0YXJpdXMtDQogIGRpc3Bh dGNoLW1laWQtdXJuIFs4XSBjYW4gYmUgdXNlZCBhcyBhbiBpbnN0YW5jZS1pZCBhcyBzcGVjaWZp ZWQgaW4NCiAgUkZDIDU2MjYgWzJdIGFuZCBhbHNvIGFzIHVzZWQgYnkgUkZDIDU2MjcgWzNdLg0K DQo8bWdsdD4gSSB0aGluayBpdCB3b3VsZCBiZSBnb29kIHRvIGhhdmUgdGhlIGFjcm9ueW1zIChV Uk4sIDNHUFAyLCBOU1MsDQpNRUlEKSBleHBhbmRlZCBpbiB0aGUgaW50cm9kdWN0aW9uIHNlY3Rp b24gYXMgaXQgaXMgYmVpbmcgZG9uZSBpbiB0aGUgYWJzdHJhY3QuPC9tZ2x0Pg0KDQoNCiAgM0dQ UDIgZGVmaW5lcyBIaWdoIFJhdGUgUGFja2V0IERhdGEgKEhSUEQpIHdpdGggaGlnaCBkYXRhIHJh dGVzIGFuZA0KICBpdCBkaXNwZW5zZXMgd2l0aCB0aGUgMXggQ2lyY3VpdCBTd2l0Y2hlZCAoMXhD UykgaW5mcmFzdHJ1Y3R1cmUuDQogIFRoaXMgbWVhbnMgdGhhdCB3aXRoIEhSUEQgbmV0d29ya3Ms IHZvaWNlIGNhbGxzIHdpbGwgbmVlZCB0byBiZQ0KICBjb25kdWN0ZWQgdXNpbmcgSVAgYW5kIElN Uy4gIEhvd2V2ZXIsIHRoZSB0cmFuc2l0aW9uIHRvIGFsbCBJUCwgU0lQDQogIGJhc2VkIElNUyBu ZXR3b3JrcyB3b3JsZHdpZGUgd2lsbCB0YWtlIGEgZ3JlYXQgbWFueSB5ZWFycyBmcm9tIHRoZQ0K ICB0aW1lIG9mIHRoaXMgd3JpdGluZyBhbmQgbW9iaWxlIGRldmljZXMgd2lsbCBuZWVkIHRvIG9w ZXJhdGUgaW4gYm90aA0KICBJUC9TSVAvSU1TIG1vZGUgYW5kIGNpcmN1aXQgc3dpdGNoZWQgbW9k ZS4gIFRoaXMgbWVhbnMgdGhhdCBjYWxscyBhbmQNCiAgc2Vzc2lvbnMgd2lsbCBuZWVkIHRvIGJl IGhhbmRlZCBvdmVyIGJldHdlZW4gSVAvU0lQL0lNUyBtb2RlIGFuZA0KICBjaXJjdWl0IHN3aXRj aGVkIG1vZGUgbWlkLWNhbGwgb3IgbWlkLXNlc3Npb24uICBUbyBhY2hpZXZlIHRoaXMgdGhlDQog IG1vYmlsZSBkZXZpY2UgbmVlZHMgdG8gYmUgc2ltdWx0YW5lb3VzbHkgYXR0YWNoZWQgdmlhIGJv dGggdGhlDQogIElQL1NJUC9JTVMgZG9tYWluIGFuZCB0aGUgY2lyY3VpdCBzd2l0Y2hlZCBkb21h aW4uDQoNCjxtZ2x0PiBJIGFtIHF1ZXN0aW9uaW5nIHdoZXRoZXIgInJlZ2lzdGVyZWQiIHdvdWxk IG5vdCBiZSBiZXR0ZXIgYXBwcm9wcmlhdGVkIHRoYW4gImF0dGFjaGVkIi4gTXkgcmVhZGluZyBv ZiBhdHRhY2hlZCBpcyBhIGR1YWwgcmFkaW8gY2FzZSB3aGlsZSAicmVnaXN0ZXIiIHNlZW1zIHRv IGluY2x1ZGUgdGhlIHNpbmdsZSByYWRpby4NCkkgbWlnaHQgYmUgd3JvbmcgYXMgd2VsbC48L21n bHQ+DQoNCg0KDQoNCg== --_000_2DD56D786E600F45AC6BDE7DA4E8A8C118D31E02eusaamb107erics_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OkhlbHZldGljYTsNCglwYW5vc2UtMToyIDExIDYgNCAyIDIgMiAyIDIg NDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0K CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246 dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28t c3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRl cmxpbmU7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXtt c28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFy Z2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVm dDowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1z ZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBs eTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0 O30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQt c2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0K CW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3Bh Z2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8 bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFb ZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0i ZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91 dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5UaGlzIHdvcmtzIGZvciBtZS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ WW91cnMsIDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RGFuaWVsIDxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEu MHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ RnJvbTo8L2I+IFIgQXRhcml1cyBbbWFpbHRvOnJfYXRhcml1c0B5YWhvby5jb21dIDxicj4NCjxi PlNlbnQ6PC9iPiBNb25kYXksIERlY2VtYmVyIDE4LCAyMDE3IDU6MjAgUE08YnI+DQo8Yj5Ubzo8 L2I+IERhbmllbCBNaWdhdWx0ICZsdDtkYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb20mZ3Q7OyBB bmRyZXcgQWxsZW4gJmx0O2FhbGxlbkBibGFja2JlcnJ5LmNvbSZndDs7IHNlY2RpckBpZXRmLm9y Zzxicj4NCjxiPkNjOjwvYj4gZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1pbnN0 YW5jZWlkLmFsbEBpZXRmLm9yZzsgaWV0ZkBpZXRmLm9yZzxicj4NCjxiPlN1YmplY3Q6PC9iPiBS ZTogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1tZWlk LXVybi1hcy1pbnN0YW5jZWlkLTA1PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdiBpZD0i eXVpXzNfMTZfMF95bTE5XzFfMTUxMzU1OTAxOTM0Ml83ODY4Ij4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBw dDtmb250LWZhbWlseTomcXVvdDtIZWx2ZXRpY2EmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFj ayI+RGFuaWVsIGFuZCBBbmRyZXcsPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 IGlkPSJ5dWlfM18xNl8wX3ltMTlfMV8xNTEzNTU5MDE5MzQyXzc4NjgiPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0hlbHZldGljYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Inl1 aV8zXzE2XzBfeW0xOV8xXzE1MTM1NTkwMTkzNDJfODE0NyI+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7SGVsdmV0aWNhJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2si Pk5vdGUgdGhhdCAmcXVvdDtzaW11bHRhbmVvdXNseSZxdW90OyB3YXMgb21pdHRlZCBpbiBBbmRy ZXcncyBwcm9wb3NhbCB3aGljaCB3YXMgYWdyZWVkIGJ5IERhbmllbC4gSG93ZXZlciwgSSB0aGlu ayB0aGlzIHdvcmRpbmcgc2hvdWxkIGJlIGtlcHQNCiBpbiB0aGUgc2VudGVuY2UuIFRoZXJlZm9y ZSwmbmJzcDtJIGFtIHN1Z2dlc3RpbmcgdG8ga2VlcCAmcXVvdDtzaW11bHRhbmVvdXNseSZxdW90 OyZuYnNwOyBpbiB0aGUgc2VudGVuY2UgYW5kIGhhdmUgaXQgYXMmbmJzcDs8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MTM1NTkwMTkz NDJfNzg2OCI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7SGVsdmV0aWNh JnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUxMzU1OTAxOTM0Ml84MDM2 Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtIZWx2ZXRpY2EmcXVvdDss c2Fucy1zZXJpZjtjb2xvcjpibGFjayI+JnF1b3Q7VG8gYWNoaWV2ZSB0aGlzIHRoZSBtb2JpbGUg ZGV2aWNlIG5lZWRzIHRvIHNpbXVsdGFuZW91c2x5IGNvbW11bmljYXRlIHZpYSBib3RoIHRoZSBJ UC9TSVAvSU1TIGRvbWFpbiBhbmQgdGhlIGNpcmN1aXQgc3dpdGNoZWQgZG9tYWluLiZxdW90Ozxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ieXVpXzNfMTZfMF95bTE5XzFf MTUxMzU1OTAxOTM0Ml83ODY4Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3Jv dW5kOndoaXRlIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVv dDtIZWx2ZXRpY2EmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJ5dWlfM18xNl8wX3ltMTlfMV8xNTEzNTU5 MDE5MzQyXzc4NjgiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hp dGUiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0hlbHZl dGljYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MTM1NTkwMTkzNDJf Nzg2OSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0ZSI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7SGVsdmV0aWNhJnF1 b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUxMzU1OTAxOTM0Ml83ODY5Ij4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtIZWx2ZXRpY2EmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjpibGFjayI+VGhhbmtzPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2IGlkPSJ5dWlfM18xNl8wX3ltMTlfMV8xNTEzNTU5MDE5MzQyXzc4NjkiPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0hlbHZldGljYSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOmJsYWNrIj5Sb296YmVoPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 IGlkPSJ5dWlfM18xNl8wX3ltMTlfMV8xNTEzNTU5MDE5MzQyXzc4NjkiPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9ImJhY2tncm91bmQ6d2hpdGUiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0hlbHZldGljYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Inl1 aV8zXzE2XzBfeW0xOV8xXzE1MTM1NTkwMTkzNDJfNzg5NCI+DQo8ZGl2IGlkPSJ5dWlfM18xNl8w X3ltMTlfMV8xNTEzNTU5MDE5MzQyXzc4OTMiPg0KPGRpdiBpZD0ieXVpXzNfMTZfMF95bTE5XzFf MTUxMzU1OTAxOTM0Ml83ODkyIj4NCjxkaXYgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MTM1NTkw MTkzNDJfNzg5MSI+DQo8ZGl2IGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJjZW50ZXIiIHN0eWxl PSJ0ZXh0LWFsaWduOmNlbnRlcjtiYWNrZ3JvdW5kOndoaXRlIj4NCjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29s b3I6YmxhY2siPg0KPGhyIHNpemU9IjEiIHdpZHRoPSIxMDAlIiBhbGlnbj0iY2VudGVyIj4NCjwv c3Bhbj48L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJiYWNrZ3JvdW5kOndoaXRl Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlh bCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjpibGFjayI+IERhbmllbCBNaWdhdWx0ICZsdDs8YSBocmVmPSJtYWlsdG86ZGFu aWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tIj5kYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb208L2E+ Jmd0Ozxicj4NCjxiPlRvOjwvYj4gQW5kcmV3IEFsbGVuICZsdDs8YSBocmVmPSJtYWlsdG86YWFs bGVuQGJsYWNrYmVycnkuY29tIj5hYWxsZW5AYmxhY2tiZXJyeS5jb208L2E+Jmd0OzsgJnF1b3Q7 PGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyI+c2VjZGlyQGlldGYub3JnPC9hPiZxdW90 OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9yZyI+c2VjZGlyQGlldGYub3JnPC9h PiZndDsNCjxicj4NCjxiPkNjOjwvYj4gJnF1b3Q7PGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWF0YXJp dXMtZGlzcGF0Y2gtbWVpZC11cm4tYXMtaW5zdGFuY2VpZC5hbGxAaWV0Zi5vcmciPmRyYWZ0LWF0 YXJpdXMtZGlzcGF0Y2gtbWVpZC11cm4tYXMtaW5zdGFuY2VpZC5hbGxAaWV0Zi5vcmc8L2E+JnF1 b3Q7ICZsdDs8YSBocmVmPSJtYWlsdG86ZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1tZWlkLXVybi1h cy1pbnN0YW5jZWlkLmFsbEBpZXRmLm9yZyI+ZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1tZWlkLXVy bi1hcy1pbnN0YW5jZWlkLmFsbEBpZXRmLm9yZzwvYT4mZ3Q7Ow0KICZxdW90OzxhIGhyZWY9Im1h aWx0bzppZXRmQGlldGYub3JnIj5pZXRmQGlldGYub3JnPC9hPiZxdW90OyAmbHQ7PGEgaHJlZj0i bWFpbHRvOmlldGZAaWV0Zi5vcmciPmlldGZAaWV0Zi5vcmc8L2E+Jmd0Ozxicj4NCjxiPlNlbnQ6 PC9iPiBGcmlkYXksIERlY2VtYmVyIDgsIDIwMTcgOTozOSBBTTxicj4NCjxiPlN1YmplY3Q6PC9i PiBSRTogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtYXRhcml1cy1kaXNwYXRjaC1t ZWlkLXVybi1hcy1pbnN0YW5jZWlkLTA1PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0hlbHZldGljYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJs YWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Inl1aV8zXzE2XzBf eW0xOV8xXzE1MTM1NTkwMTkzNDJfNzkxMyI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i YmFja2dyb3VuZDp3aGl0ZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7SGVsdmV0aWNhJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MTM1NTkw MTkzNDJfNzkxMiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0iYmFja2dyb3VuZDp3aGl0 ZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7SGVsdmV0 aWNhJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPlRoYW5rcyB0aGUgYWRkcmVzc2VzIGZ1 bGx5IG15IG1pbm9yIGNvbW1lbnQuDQo8YnI+DQpZb3VycywgPGJyPg0KRGFuaWVsPG86cD48L286 cD48L3NwYW4+PC9wPg0KPGRpdiBpZD0ieXF0ZmQ1OTA1MyI+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQ7YmFja2dyb3VuZDp3aGl0ZSI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7SGVsdmV0aWNhJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6YmxhY2siPjxicj4NCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJy Pg0KRnJvbTogQW5kcmV3IEFsbGVuIFttYWlsdG86PGEgaHJlZj0ibWFpbHRvOmFhbGxlbkBibGFj a2JlcnJ5LmNvbSI+YWFsbGVuQGJsYWNrYmVycnkuY29tPC9hPl0NCjxicj4NClNlbnQ6IEZyaWRh eSwgRGVjZW1iZXIgMDgsIDIwMTcgMTI6MzcgUE08YnI+DQpUbzogRGFuaWVsIE1pZ2F1bHQgJmx0 OzxhIGhyZWY9Im1haWx0bzpkYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb20iPmRhbmllbC5taWdh dWx0QGVyaWNzc29uLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNlY2RpckBpZXRmLm9y ZyI+c2VjZGlyQGlldGYub3JnPC9hPjxicj4NCkNjOiA8YSBocmVmPSJtYWlsdG86ZHJhZnQtYXRh cml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLmFsbEBpZXRmLm9yZyI+ZHJhZnQt YXRhcml1cy1kaXNwYXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLmFsbEBpZXRmLm9yZzwvYT47 DQo8YSBocmVmPSJtYWlsdG86aWV0ZkBpZXRmLm9yZyI+aWV0ZkBpZXRmLm9yZzwvYT48YnI+DQpT dWJqZWN0OiBSRTogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJhZnQtYXRhcml1cy1kaXNw YXRjaC1tZWlkLXVybi1hcy1pbnN0YW5jZWlkLTA1PGJyPg0KPGJyPg0KRGFuaWVsPGJyPg0KPGJy Pg0KV2hlbiB0YWxraW5nIGFib3V0IFNJUCBhbmQgSU1TIFJlZ2lzdGVyZWQgaGFzIGEgc3BlY2lm aWMgY29ubm90YXRpb24gbWVhbnMgU0lQIHJlZ2lzdGVyZWQuPGJyPg0KPGJyPg0KVGhlIGlzIG5v IFNJUCBSZWdpc3RyYXRpb24gYmV0d2VlbiB0aGUgbW9iaWxlIGRldmljZSBhbmQgdGhlIENTIGRv bWFpbiBzbyB1c2luZyByZWdpc3RlcmVkIG1pZ2h0IGJlIG1pc2xlYWRpbmcuDQo8YnI+DQo8YnI+ DQpZb3UgYXJlIHJpZ2h0IHRoYXQgaW4gdGhlIHNpbmdsZSByYWRpbyBjYXNlIHRoZSBtb2JpbGUg ZGV2aWNlIGlzIG5vdCBzaW11bHRhbmVvdXNseSBhdHRhY2hlZCB0byBib3RoIHRoZSBJTVMgYW5k IENTIGRvbWFpbi4gSXQgd291bGQgYmUgaW4gdGhlIGR1YWwgcmFkaW8gY2FzZS48YnI+DQo8YnI+ DQpNYXliZSBjaGFuZ2UgdGhhdCBsYXN0IHNlbnRlbmNlIHRvPGJyPg0KPGJyPg0KVG8gYWNoaWV2 ZSB0aGlzIHRoZSBtb2JpbGUgZGV2aWNlIG5lZWRzIHRvIGNvbW11bmljYXRlIHZpYSBib3RoIHRo ZSBJUC9TSVAvSU1TIGRvbWFpbiBhbmQgdGhlIGNpcmN1aXQgc3dpdGNoZWQgZG9tYWluLjxicj4N Cjxicj4NCkFuZHJldzxicj4NCjxicj4NCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJyPg0K RnJvbTogRGFuaWVsIE1pZ2F1bHQgW21haWx0bzo8YSBocmVmPSJtYWlsdG86ZGFuaWVsLm1pZ2F1 bHRAZXJpY3Nzb24uY29tIj5kYW5pZWwubWlnYXVsdEBlcmljc3Nvbi5jb208L2E+XQ0KPGJyPg0K U2VudDogVGh1cnNkYXksIERlY2VtYmVyIDcsIDIwMTcgOTozMyBQTTxicj4NClRvOiA8YSBocmVm PSJtYWlsdG86c2VjZGlyQGlldGYub3JnIj5zZWNkaXJAaWV0Zi5vcmc8L2E+PGJyPg0KQ2M6IDxh IGhyZWY9Im1haWx0bzpkcmFmdC1hdGFyaXVzLWRpc3BhdGNoLW1laWQtdXJuLWFzLWluc3RhbmNl aWQuYWxsQGlldGYub3JnIj5kcmFmdC1hdGFyaXVzLWRpc3BhdGNoLW1laWQtdXJuLWFzLWluc3Rh bmNlaWQuYWxsQGlldGYub3JnPC9hPjsNCjxhIGhyZWY9Im1haWx0bzppZXRmQGlldGYub3JnIj5p ZXRmQGlldGYub3JnPC9hPjxicj4NClN1YmplY3Q6IFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3IG9m IGRyYWZ0LWF0YXJpdXMtZGlzcGF0Y2gtbWVpZC11cm4tYXMtaW5zdGFuY2VpZC0wNTxicj4NCjxi cj4NClJldmlld2VyOiBEYW5pZWwgTWlnYXVsdDxicj4NClJldmlldyByZXN1bHQ6IFJlYWR5PGJy Pg0KPGJyPg0KSGksIDxicj4NCjxicj4NCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFz IHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2 aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuJm5ic3A7 IFRoZXNlIGNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9m IHRoZSBzZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4mbmJzcDsgRG9jdW1lbnQgZWRpdG9ycyBhbmQg V0cgY2hhaXJzDQogc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3Ro ZXIgbGFzdCBjYWxsIGNvbW1lbnRzLjxicj4NCjxicj4NClRoZSBzdW1tYXJ5IG9mIHRoZSByZXZp ZXcgaXMgUmVhZHk8YnI+DQo8YnI+DQpTb21lIGNvbW1lbnRzIC8gcXVlc3Rpb25zOjxicj4NCjxi cj4NCjEuJm5ic3A7IEludHJvZHVjdGlvbjxicj4NCjxicj4NCiZuYnNwOyBUaGlzIHNwZWNpZmlj YXRpb24gc3BlY2lmaWVzIGhvdyB0aGUgVVJOIG5hbWVzcGFjZSByZXNlcnZlZCBmb3IgM0dQUDI8 YnI+DQombmJzcDsgaWRlbnRpdGllcyBhbmQgaXRzIE5TUyBmb3IgdGhlIE1FSUQgYXMgc3BlY2lm aWVkIGluIGRyYWZ0LWF0YXJpdXMtPGJyPg0KJm5ic3A7IGRpc3BhdGNoLW1laWQtdXJuIFs4XSBj YW4gYmUgdXNlZCBhcyBhbiBpbnN0YW5jZS1pZCBhcyBzcGVjaWZpZWQgaW48YnI+DQombmJzcDsg UkZDIDU2MjYgWzJdIGFuZCBhbHNvIGFzIHVzZWQgYnkgUkZDIDU2MjcgWzNdLjxicj4NCjxicj4N CiZsdDttZ2x0Jmd0OyBJIHRoaW5rIGl0IHdvdWxkIGJlIGdvb2QgdG8gaGF2ZSB0aGUgYWNyb255 bXMgKFVSTiwgM0dQUDIsIE5TUyw8YnI+DQpNRUlEKSBleHBhbmRlZCBpbiB0aGUgaW50cm9kdWN0 aW9uIHNlY3Rpb24gYXMgaXQgaXMgYmVpbmcgZG9uZSBpbiB0aGUgYWJzdHJhY3QuJmx0Oy9tZ2x0 Jmd0Ow0KPGJyPg0KPGJyPg0KPGJyPg0KJm5ic3A7IDNHUFAyIGRlZmluZXMgSGlnaCBSYXRlIFBh Y2tldCBEYXRhIChIUlBEKSB3aXRoIGhpZ2ggZGF0YSByYXRlcyBhbmQ8YnI+DQombmJzcDsgaXQg ZGlzcGVuc2VzIHdpdGggdGhlIDF4IENpcmN1aXQgU3dpdGNoZWQgKDF4Q1MpIGluZnJhc3RydWN0 dXJlLjxicj4NCiZuYnNwOyBUaGlzIG1lYW5zIHRoYXQgd2l0aCBIUlBEIG5ldHdvcmtzLCB2b2lj ZSBjYWxscyB3aWxsIG5lZWQgdG8gYmU8YnI+DQombmJzcDsgY29uZHVjdGVkIHVzaW5nIElQIGFu ZCBJTVMuJm5ic3A7IEhvd2V2ZXIsIHRoZSB0cmFuc2l0aW9uIHRvIGFsbCBJUCwgU0lQPGJyPg0K Jm5ic3A7IGJhc2VkIElNUyBuZXR3b3JrcyB3b3JsZHdpZGUgd2lsbCB0YWtlIGEgZ3JlYXQgbWFu eSB5ZWFycyBmcm9tIHRoZTxicj4NCiZuYnNwOyB0aW1lIG9mIHRoaXMgd3JpdGluZyBhbmQgbW9i aWxlIGRldmljZXMgd2lsbCBuZWVkIHRvIG9wZXJhdGUgaW4gYm90aDxicj4NCiZuYnNwOyBJUC9T SVAvSU1TIG1vZGUgYW5kIGNpcmN1aXQgc3dpdGNoZWQgbW9kZS4mbmJzcDsgVGhpcyBtZWFucyB0 aGF0IGNhbGxzIGFuZDxicj4NCiZuYnNwOyBzZXNzaW9ucyB3aWxsIG5lZWQgdG8gYmUgaGFuZGVk IG92ZXIgYmV0d2VlbiBJUC9TSVAvSU1TIG1vZGUgYW5kPGJyPg0KJm5ic3A7IGNpcmN1aXQgc3dp dGNoZWQgbW9kZSBtaWQtY2FsbCBvciBtaWQtc2Vzc2lvbi4mbmJzcDsgVG8gYWNoaWV2ZSB0aGlz IHRoZTxicj4NCiZuYnNwOyBtb2JpbGUgZGV2aWNlIG5lZWRzIHRvIGJlIHNpbXVsdGFuZW91c2x5 IGF0dGFjaGVkIHZpYSBib3RoIHRoZTxicj4NCiZuYnNwOyBJUC9TSVAvSU1TIGRvbWFpbiBhbmQg dGhlIGNpcmN1aXQgc3dpdGNoZWQgZG9tYWluLjxicj4NCjxicj4NCiZsdDttZ2x0Jmd0OyBJIGFt IHF1ZXN0aW9uaW5nIHdoZXRoZXIgJnF1b3Q7cmVnaXN0ZXJlZCZxdW90OyB3b3VsZCBub3QgYmUg YmV0dGVyIGFwcHJvcHJpYXRlZCB0aGFuICZxdW90O2F0dGFjaGVkJnF1b3Q7LiBNeSByZWFkaW5n IG9mIGF0dGFjaGVkIGlzIGEgZHVhbCByYWRpbyBjYXNlIHdoaWxlICZxdW90O3JlZ2lzdGVyJnF1 b3Q7IHNlZW1zIHRvIGluY2x1ZGUgdGhlIHNpbmdsZSByYWRpby4NCjxicj4NCkkgbWlnaHQgYmUg d3JvbmcgYXMgd2VsbC4mbHQ7L21nbHQmZ3Q7PGJyPg0KPGJyPg0KPGJyPg0KPGJyPg0KPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdDtiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTomcXVvdDtIZWx2ZXRpY2EmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_2DD56D786E600F45AC6BDE7DA4E8A8C118D31E02eusaamb107erics_-- From nobody Wed Dec 27 06:42:54 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 113DA124205; Wed, 27 Dec 2017 06:42:49 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Rifaat Shekh-Yusef To: Cc: ietf@ietf.org, draft-housley-id-sig-update.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.68.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151438576898.29839.16937817091950801234@ietfa.amsl.com> Date: Wed, 27 Dec 2017 06:42:49 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-housley-id-sig-update-02 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Dec 2017 14:42:49 -0000 Reviewer: Rifaat Shekh-Yusef Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document updates the handling of digital signatures on Internet-Draft document, defined in RFC5485, for non-ASCII characters in a "text" file. This document has no impact on the security considerations specified in RFC5485, and these same security considerations still apply to this new document. Regards, Rifaat From nobody Wed Dec 27 10:01:46 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61A541270AC for ; Wed, 27 Dec 2017 10:01:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xDgvbxyXjn7 for ; Wed, 27 Dec 2017 10:01:43 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA74C1205F0 for ; Wed, 27 Dec 2017 10:01:42 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 1D73D3005B6 for ; Wed, 27 Dec 2017 13:01:42 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UTFU3v2Lewit for ; Wed, 27 Dec 2017 13:01:40 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id D8A9530023A; Wed, 27 Dec 2017 13:01:40 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Russ Housley In-Reply-To: <151438576898.29839.16937817091950801234@ietfa.amsl.com> Date: Wed, 27 Dec 2017 13:01:40 -0500 Cc: IETF SecDir Content-Transfer-Encoding: quoted-printable Message-Id: References: <151438576898.29839.16937817091950801234@ietfa.amsl.com> To: Rifaat Shekh-Yusef X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [secdir] Secdir last call review of draft-housley-id-sig-update-02 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Dec 2017 18:01:44 -0000 Thanks for the review. Russ > On Dec 27, 2017, at 9:42 AM, Rifaat Shekh-Yusef = wrote: >=20 > Reviewer: Rifaat Shekh-Yusef > Review result: Ready >=20 > I have reviewed this document as part of the security directorate's=20 > ongoing effort to review all IETF documents being processed by the=20 > IESG. These comments were written primarily for the benefit of the=20 > security area directors. Document editors and WG chairs should treat=20= > these comments just like any other last call comments. >=20 > This document updates the handling of digital signatures on = Internet-Draft=20 > document, defined in RFC5485, for non-ASCII characters in a "text" = file. >=20 > This document has no impact on the security considerations specified = in RFC5485,=20 > and these same security considerations still apply to this new = document. >=20 > Regards, > Rifaat >=20 >=20 From nobody Thu Dec 28 01:03:13 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C4D84124C27 for ; Thu, 28 Dec 2017 01:03:12 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.68.1 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secratary@mit.edu Message-ID: <151445179276.3370.10125846201162450236.idtracker@ietfa.amsl.com> Date: Thu, 28 Dec 2017 01:03:12 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Dec 2017 09:03:13 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2018-01-11 Reviewer LC end Draft Shaun Cooley 2018-01-09 draft-ietf-netmod-rfc7223bis-01 Donald Eastlake 2018-01-10 draft-ietf-netmod-revised-datastores-09 Shawn Emery 2018-01-10 draft-ietf-netmod-entity-07 Daniel Franke 2018-01-02 draft-ietf-mpls-flow-ident-06 Daniel Gillmor 2017-12-29 draft-ietf-teas-network-assigned-upstream-label-10 Sandra Murphy 2017-11-30 draft-ietf-httpbis-origin-frame-04 Tim Polk None draft-ietf-lwig-energy-efficient-08 Vincent Roca None draft-ietf-intarea-broadcast-consider-05 Stefan Santesson 2017-12-12 draft-ietf-rtgwg-yang-rip-07 Melinda Shore 2017-12-22 draft-ietf-pim-yang-12 Tina Tsou 2017-12-22 draft-ietf-bess-evpn-overlay-10 Tom Yu 2017-12-28 draft-ietf-pce-pcep-exp-codepoints-04 Tom Yu 2017-12-22 draft-ietf-slim-negotiating-human-language-19 Dacheng Zhang 2018-01-09 draft-ietf-netmod-rfc7277bis-01 For telechat 2018-01-25 Reviewer LC end Draft Stephen Farrell 2018-01-08 draft-ietf-trill-p2mp-bfd-07 Kyle Rose None draft-ietf-dhc-rfc3315bis-10 Sean Turner None draft-ietf-ospf-link-overload-10 Carl Wallace None draft-ietf-netmod-rfc8022bis-06 Brian Weis 2018-01-16 draft-ietf-nfsv4-flex-files-15 Paul Wouters 2018-01-11 draft-ietf-ospf-ospfv3-lsa-extend-20 Liang Xia 2018-01-10 draft-ietf-pim-source-discovery-bsr-07 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-09 Shaun Cooley 2018-01-11 draft-ietf-grow-bgp-gshut-13 Matthew Miller 2017-12-08 draft-atarius-dispatch-meid-urn-13 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Tina Tsou R2017-06-29 draft-ietf-trill-arp-optimization-09 Early review requests: Reviewer Due Draft Ólafur Guðmundsson 2018-01-09 draft-ietf-opsawg-nat-yang-09 Next in the reviewer rotation: Paul Wouters Liang Xia Tom Yu Dacheng Zhang Derek Atkins John Bradley Shaun Cooley Alan DeKok Donald Eastlake Shawn Emery From nobody Thu Dec 28 06:54:03 2017 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0481412D949; Thu, 28 Dec 2017 06:54:01 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Stephen Farrell To: Cc: draft-ietf-trill-p2mp-bfd.all@ietf.org, ietf@ietf.org, trill@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.68.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151447284096.3404.9799585674492282627@ietfa.amsl.com> Date: Thu, 28 Dec 2017 06:54:01 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-trill-p2mp-bfd-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Dec 2017 14:54:01 -0000 Reviewer: Stephen Farrell Review result: Has Issues Mostly this draft is just bookkeeping so BFD can use trill's P2MP capabilities. I think there is one issue to consider, though since I've not read all the referenced documents in detail, I'm open to correction as to whether or not this is a real issue. IIRC, BFD has some pretty crappy "authentication" schemes, such as allowing a cleartext password, and not using HMAC when doing keyed hashes. That's been justified by performance and implementation requirements for BFD. (Not that I ever found those justifications that satisfactory myself:-) I don't think TRILL has the same issues in that (again IIRC) TRILL doesn't define such "dodgy" schemes, so that leads me to wonder if this text is really correct/wise: "...there is little reason to use the [RFC7978] security mechanisms at this time..." I'd have thought that avoiding the more-dodgy BFD mechanisms would be a reason for using TRILL authentication mechanisms. In addition, it's not clear (to me) from the draft if the security assumptions made for BFD still hold in the environments where TRILL is likely to be used. If not, then that'd be another reason to argue that TRILL authentication ought be used. From nobody Fri Dec 29 15:37:54 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57F12126D0C; Fri, 29 Dec 2017 15:37:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.75 X-Spam-Level: X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P3IowQt14guZ; Fri, 29 Dec 2017 15:37:40 -0800 (PST) Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CAE71200F1; Fri, 29 Dec 2017 15:37:40 -0800 (PST) Received: by mail-ot0-x233.google.com with SMTP id v40so27964510ote.13; Fri, 29 Dec 2017 15:37:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iSCCSylnMx8wvQxmZ2eIZ1exYkYZ/Z/Yciv5GiB/828=; b=OhGbJJxZuEyDqiXniH9J/2Bs3e5YDTU0F6ypjmoIJglXrOZ1505QQy2urcIPocunpm kKoDmRS8FZ8d2HAXdAMJT9ha9iti0u3yZlzrzxlPsEzYTlPc4BvnYa/abPDEqU90P8Nd i6wL7LKtHZxJo6xvYusBd+ClazxUjE0dt+Eyyx2eTcH6oqAcMLrX27c32+1l4GHL41PB bZ3voi8OktjLmAay5H4Zjm4uDpKmdkF2SGlXcVzRu/S42C9OB2yCkXXDZN4be6kCwCK5 3NO+urkr/BGfqUnaYFoJrdhtflBtpQ8m/4AKC28Men7+QXziN3XbYm/oOozfvitaaSDD HkHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iSCCSylnMx8wvQxmZ2eIZ1exYkYZ/Z/Yciv5GiB/828=; b=RsbGg8uR9EWaE+/JuTMJO6eaqk2bFxy40qvymtwGb1gYN3AiHr00L8pOjXbppVO2A7 uZCCrfJ/gP7RE59W+tZeKyRyMdUOuXwK6/gVFK8DsKBYwYmk3YjodfJEWNbe0g8eoh5C uDpkEL25YsBz68U1AGoVK2oNowdng6lzHtEjAr0OMZTKr18h5dxlPbCva4evpsvrY7W0 /cx3iBs8AxgZ0u6Lqm5zsQ2p868o09WhGXOf3VfjORh5eHD8vQXlNa+XANnEnVCaSwSh PJPyI3ANO2ajQjsa4OtTAEPExS2tN0hg5fD3Yvzse0AOidcnqJWl3j+JsudhxQJEUCm6 XgSw== X-Gm-Message-State: AKGB3mIc0ZQUgV9/ybLrAKC261skSC3SKL2E15MhIZYBXIJIU2lfZWPv KRtXkMdQQfrTEveLUYB6W6P7LMnwRSZaDp1nKiewU1rr X-Google-Smtp-Source: ACJfBovyh5d6yNHH0opdFi+k+a7IK8oCjleZ0Ffwl6gxAOWR02rwPwE4t9JNF3XlVvhZfBUhOFnD6BBgJtjdeX4LtEw= X-Received: by 10.157.66.233 with SMTP id c38mr29899671otj.332.1514590659213; Fri, 29 Dec 2017 15:37:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.168.53.129 with HTTP; Fri, 29 Dec 2017 15:37:23 -0800 (PST) In-Reply-To: <151447284096.3404.9799585674492282627@ietfa.amsl.com> References: <151447284096.3404.9799585674492282627@ietfa.amsl.com> From: Donald Eastlake Date: Fri, 29 Dec 2017 18:37:23 -0500 Message-ID: To: Stephen Farrell Cc: secdir@ietf.org, draft-ietf-trill-p2mp-bfd.all@ietf.org, IETF Discussion , trill@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-trill-p2mp-bfd-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2017 23:37:41 -0000 Hi Stephen, Thanks for your review. On Thu, Dec 28, 2017 at 9:54 AM, Stephen Farrell wrote: > Reviewer: Stephen Farrell > Review result: Has Issues > > Mostly this draft is just bookkeeping so BFD can use trill's P2MP > capabilities. > > I think there is one issue to consider, though since I've not read all the > referenced documents in detail, I'm open to correction as to whether or > not this is a real issue. > > IIRC, BFD has some pretty crappy "authentication" schemes, such as > allowing a cleartext password, and not using HMAC when doing keyed > hashes. That's been justified by performance and implementation > requirements for BFD. (Not that I ever found those justifications that > satisfactory myself:-) I don't think TRILL has the same issues in > that (again IIRC) TRILL doesn't define such "dodgy" schemes, so that > leads me to wonder if this text is really correct/wise: The BFD standard was adopted in 2010 and does indicate that its keyed SHA1 method is strongest and points designers of future BFD authentication types towards HMAC... > "...there is little reason to use the [RFC7978] security mechanisms at > this time..." > > I'd have thought that avoiding the more-dodgy BFD mechanisms would > be a reason for using TRILL authentication mechanisms. TRILL essentially clones the IS-IS cryptographic authentication mechanisms which do use HMAC (RFC5310). > In addition, it's not clear (to me) from the draft if the security > assumptions made for BFD still hold in the environments where > TRILL is likely to be used. If not, then that'd be another reason to > argue that TRILL authentication ought be used. It seems to me that perhaps the direction of the recommendation should be flipped so that RFC 7978 authentication is recommended over BFD multipoint authentication. Maybe something like: OLD However, [RFC7978], while it provides both authentication and encryption for point-to- point extended RBridge Channel messages, provides only authentication for multipoint RBridge Channel messages. Thus, there is little reason to use the [RFC7978] security mechanisms at this time. However, it is expected that a future document will provide for group keying; when that occurs, the use of RBridge Channel security will also be able to provide encryption and may be desirable. NEW [RFC7978] provides encryption only for point-to-point extended RBridge Channel messages so its encryption facilities are not applicable to this draft. However [RFC7978] provides stronger authentication than that currently provided in BFD. Thus, there is little reason to use the BFD security mechanisms if [RFC7978] authentication is in use. It is expected that a future TRILL document will provide for group keying; when that occurs, the use of [RFC7978] RBridge Channel security will be able to provide both encryption and authentication. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com From nobody Fri Dec 29 15:53:19 2017 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E95861201F8; Fri, 29 Dec 2017 15:53:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.311 X-Spam-Level: X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AMzgklOTaBfl; Fri, 29 Dec 2017 15:53:10 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9025A1200F1; Fri, 29 Dec 2017 15:53:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 1DD23BDF9; Fri, 29 Dec 2017 23:53:08 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lfZfLYhNpKsx; Fri, 29 Dec 2017 23:53:07 +0000 (GMT) Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C4A41BDD8; Fri, 29 Dec 2017 23:53:06 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1514591587; bh=41ZzSPdm0AcjExy/oA/loYrZofaoEYTjhr8raK7ABlM=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=tKz+sw/PzeI9CRwaCnFLNc5UvHjTvkZ9o2u47Knac6yuTzrGQZr+J+pO3NUPxugKA HdRo68pHghDnh52eIKTB5FFWd/JmRXLSon7ixnYEI8vZEP7M0WcZUwTRZu6BBEH1nE yc141KBdMjePFLKyjYCbjQEavE0/PpsjjNxCRM2U= To: Donald Eastlake Cc: secdir@ietf.org, draft-ietf-trill-p2mp-bfd.all@ietf.org, IETF Discussion , trill@ietf.org References: <151447284096.3404.9799585674492282627@ietfa.amsl.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Message-ID: <9064e8bb-57d8-04ad-a515-3114323c4052@cs.tcd.ie> Date: Fri, 29 Dec 2017 23:53:06 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="H6MWkScb7Uw75HAxmriRsWkyIT4pRWIMD" Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-trill-p2mp-bfd-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2017 23:53:13 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --H6MWkScb7Uw75HAxmriRsWkyIT4pRWIMD Content-Type: multipart/mixed; boundary="GnHzUxiiDY7iCHy0TnphdNdnJQb7vL7AP"; protected-headers="v1" From: Stephen Farrell To: Donald Eastlake Cc: secdir@ietf.org, draft-ietf-trill-p2mp-bfd.all@ietf.org, IETF Discussion , trill@ietf.org Message-ID: <9064e8bb-57d8-04ad-a515-3114323c4052@cs.tcd.ie> Subject: Re: [secdir] Secdir last call review of draft-ietf-trill-p2mp-bfd-07 References: <151447284096.3404.9799585674492282627@ietfa.amsl.com> In-Reply-To: --GnHzUxiiDY7iCHy0TnphdNdnJQb7vL7AP Content-Type: multipart/mixed; boundary="------------8AEED5EE49EE4418C6E089D6" Content-Language: en-GB This is a multi-part message in MIME format. --------------8AEED5EE49EE4418C6E089D6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 29/12/17 23:37, Donald Eastlake wrote: > OLD > However, [RFC7978], > while it provides both authentication and encryption for point-to- > point extended RBridge Channel messages, provides only authenticatio= n > for multipoint RBridge Channel messages. Thus, there is little reaso= n > to use the [RFC7978] security mechanisms at this time. However, it i= s > expected that a future document will provide for group keying; when > that occurs, the use of RBridge Channel security will also be able t= o > provide encryption and may be desirable. >=20 > NEW > [RFC7978] provides encryption only for point-to-point extended > RBridge Channel messages so its encryption facilities are not > applicable to this draft. However [RFC7978] provides stronger > authentication than that currently provided in BFD. Thus, there is > little reason to use the BFD security mechanisms if [RFC7978] > authentication is in use. It is expected that a future TRILL > document will provide for group keying; when that occurs, the use > of [RFC7978] RBridge Channel security will be able to provide both > encryption and authentication. Were that change acceptable to the WG, I'd be supportive, and it'd clearly solve what I thought was an issue with the current spec. Cheers, S. --=20 PGP key change time for me. New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018. NewWithOld sigs in keyservers. Sorry if that mucks something up;-) --------------8AEED5EE49EE4418C6E089D6 Content-Type: application/pgp-keys; name="0x7B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x7B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1bQyU3RlcGhlbiBGYXJy ZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxsQGNzLnRjZC5pZT6JAkAEEwEIACoC GwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AFAlo+o3cCGQEACgkQWrL6 8XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeOM3P7SW3C3UQYdCgZ/TlvxGgKow5o DSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP2ZK24tw5k6duTh4+sFwUualTMlcp 0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s/69L/fvHmdSKet5LIUAxoYaZkTCr uFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBjMw1xV+p0uCwNbN6XDzcToK7wsm+t AIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k4S+sN2CnYk4tTW7jHjsWarV3FLIS COObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSlAblGjwZe4EIkCXAJUtzJhoFUuGaF /PlWjxqV3UFRcgTERZTijguVyREre8GNERNgvDxZvuXssEjvz9X5JfcIZDIJpdzh LiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/rwWcpGr/MfVPTOik4H7F8rcVJelce ZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o4uBZCQ0GzvsmFA4XLqn2pA5rVizM XnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKAxo/tuHYtk19XCi83QzFhWls5TT+X QeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd8MxYNAbNYgSPtkbhZ8SJARwEEAEI AAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6NXEGtw/r1miKNGcopzvzILQ9oB8r KI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYcJf+RyiH1nMoqUIZiZJaf3bJXinDZ 5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbYtWgsYtRqHLD4IWi37MZrVyjBuF7u 14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1WQOAfD1kfBpW9PvAva5Iw9FWeXpC XRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7EDuTBb/8um1wK7Y9bgeIQC+CYjhYB 5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlve2Q6UTrmHxP5U22DlrQuU3RlcGhl biBGYXJyZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgA JwUCWj1RWgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrx excr6jscEADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvn crAFClVI6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtg rlstjk7hqVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIg pMw0bA1yBU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5c F8R4OvB1n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaP y1/fEgIqhCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5 b1AEzZKw2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7 b9Ocu+nYm2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkpo rMQCTh3T5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXR dS/oDKrBLUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGl Ru78ba0HArxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgA BgUCWj1SoAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89Sq Bd++uG06TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VO dL8zJWJs0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD 4t0VHpWkmfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lz nNiH41x9M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8I WOMqN2woDjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBuQINBFo9UDIB EAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuBHmpvceBRZgRasdbaMc4H Jee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD8U4xxjvR5Mi7+ToQQUOU NuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5MsK1SKfs51pLa5ToC1rc8 tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE4bGjXdJW5pKphFB2lX3d G4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7PbTuW/eITbMbI1eV3+fyym 9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3vDUew1h5QU1yDaWT3NAp vi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcmoazpiKZt91CrFPOaoXDP ck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r+oA/wxWb5jELElAhOpny qMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22fQ0D38zud+CKH3bMP3ayX XJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7Ffa4UbkwlD+dh8GiIAtv T51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1gwARAQABiQIlBBgBCAAP BQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF6TeR83xD6MasqXyrBjwc LmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfdn3BmvqGyh8+ouHX9jMOx iRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx252HKTFdeOrszoOjWjEzwm h+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjNJIXXM+lHqCDrjDaDhNcz mq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjwrIdfQM86H1z5J31lfhqo p+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGsokRina9947fRWxXHh3O6 6ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqYo3pcN2OE0C1chqgDZQxk r+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQkd0YjcqlB1E0svODHTzcS oRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmUyXBIeq6I5z8xBcd+BQ/n /9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhkvMvem9XXh1yyhqN14gfj mLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3YFMVUUfgyudqAV1wWdZi nUk+H3pkqOKoHAy/8fST =3Dg8yx -----END PGP PUBLIC KEY BLOCK----- --------------8AEED5EE49EE4418C6E089D6-- --GnHzUxiiDY7iCHy0TnphdNdnJQb7vL7AP-- --H6MWkScb7Uw75HAxmriRsWkyIT4pRWIMD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaRtViAAoJEFqy+vF7FyvqgCsQAMbTaEVPTcWrvhEogs7o3qc4 cq0eiWhoB03v1g3C6EMeunVaRoIiujCKLb0RjTLfqwq1w81nKHqqVcwsfu7sAWxh FeTkteZ7AfVJVAW0zLpO5UQ1cwUk32ukzhWthEdVpeuRgG0CBRP6bNQPPZoBdOKA YfifRPnMT4ruxK9j+AOWbkfSyUYlMWQZsZ3sFmiuOofvx58kTwyc84OLbBkzOd3o CWz7TyiB7oy5TXEJv2EkGVmmqd9CphMi3LtzT2QvH59T5XNfUAEBmX/sNgcbHw4f xQomy7gUR5cOvhk10vBt+idKfZAmI465t8UzaxHD6J5BcdDrHVxX0eY/XhfeuSwp k6i23Uqq1bKYeioSozoae7O/Nb341mD/HXGqxQpwROXnXfse67LZqLZpncNoOC5j 9kGii6sftV7OfhDlCIh46EGGuY/jBAFzrJ9ApUp844Kq2hbEl4evyQF/Cjr1xbJU JpMSwRLt/IT4cglGqVlhfrVoQra2C4qQLDNe19rTVZ0Zcgfwh8sHaaATHWxdwWLf 0L+53E0L4pVKZOi7KgVZprPnXh4ur95FD938t55auSfqD5zWN+LpG8hWYTutjaRA ys9JccPVpK9ZB43X62aDXtCbwEg44HHuxTpezSULRcUDgsMw0G9V7tvAEdhqLXnY KMs+wWuTTNGvZB440IDD =2M/P -----END PGP SIGNATURE----- --H6MWkScb7Uw75HAxmriRsWkyIT4pRWIMD--