From nobody Mon Oct 1 00:34:38 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18AF1130DCF for ; Mon, 1 Oct 2018 00:34:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id plM4P79btOpi for ; Mon, 1 Oct 2018 00:34:34 -0700 (PDT) Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61388130DD8 for ; Mon, 1 Oct 2018 00:34:34 -0700 (PDT) Received: by mail-wm1-x336.google.com with SMTP id o2-v6so7580590wmh.5 for ; Mon, 01 Oct 2018 00:34:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FcGuZoTNI9ehde+eJpEvcQ6pUlqunCIq7XQcYL4hSiw=; b=Tr747PoHqXgsaz/3lxgJKXylr3zTUu5F+5NOar2yrToqZ16h2XGW+Yqxga0PtLB6DB i1qEzaT6wkDzcIf/rCubOkynLiu95VGmmacdHSiMn5G/0Ak/j+6Smz21juljOX1TUOg4 d/VXq3LwEMNUlrMLPzR6GnA7q3qtKbFpQ8Whh1mFB9BYLK6pC3929eF1ouPXbXCyzMlc fWOYFT2cLFkT6O5COJZjVyvQpaJQAdU17qjOGruhzH+13BAYIzZWv2NiWMZ5YOj/LqXp mDXwwYd1FZaTSnTtuGBv7guCRARYEiZGNcPknEp/0AiDBuGG8Id0aMF9KwMQJ6vs7oRV UOsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FcGuZoTNI9ehde+eJpEvcQ6pUlqunCIq7XQcYL4hSiw=; b=pxRXvkg2zAmNaD1UyUr1JaAAGCjq7701dmUqD0rmbCYUQsXDnKYOcYG9cRVOLLK4cN qMASqY+U9JONhd49C7d39CCdrWAqoncFRds7EyUnqf4igS1EfYoBMOa6ptFq3AIM8WdB b5ElNwO7ksVqokWuG7AtePLT6onwDNqz2yxyxtQTuesHhyABG0vaoclRh2llt9JVNaaN V4PZeQUjv+DGm7UjxhvfmmDlAtWBj6q3iDajv/R1wSUtBFHD6Xt0YOeqVC2MCUQq+BWE isG7t/mqeNN5dmMVcoz7UM2NFEg59BVUy9fJCNziG+CcZZtpR1pmTp++Ne603iFW6HVh YK2w== X-Gm-Message-State: ABuFfoik+VNfJ6UKJQ5Jw5m93ZIYdtD+ggGzCT/3jYcbmRgx89W53v9C +3KCEAJqXTPMDFcAoLnuYWnNCD7ExFxbOP2gzdA= X-Google-Smtp-Source: ACcGV61Goq8LG2WdWVP4IS7editByKc6vI34tJOUiEZ+nWdiEVoV9HzGFNbG5GBH8b5cl/rQLzHXHyHy5PjndCxPRtk= X-Received: by 2002:a1c:4889:: with SMTP id v131-v6mr1857365wma.87.1538379272574; Mon, 01 Oct 2018 00:34:32 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Nat Sakimura Date: Mon, 1 Oct 2018 16:34:22 +0900 Message-ID: To: jordan.ietf@gmail.com Cc: Eric Rescorla , saag@ietf.org Content-Type: multipart/alternative; boundary="000000000000125e12057725d672" Archived-At: Subject: Re: [saag] Not standing for Security AD X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2018 07:34:37 -0000 --000000000000125e12057725d672 Content-Type: text/plain; charset="UTF-8" +1 Thanks very much for your effort in helping us and advancing the horizon. Best regards, Nat On Mon, Oct 1, 2018 at 7:09 AM Bret Jordan wrote: > Ekr, > > Thanks for all of the work you have done and the service you have > rendered. > > Thanks, > Bret > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that > can not be unscrambled is an egg." > > On Sep 28, 2018, at 9:55 AM, Eric Rescorla wrote: > > Hi folks, > > I've decided not to re-up as Security AD. > > I see that a number of people have agreed to stand, which is great. > If others are interested in the position, I would encourage you to put > your names in. If you'd like to hear more about the position, please > feel free to reach out to Ben or me. > > -Ekr > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en --000000000000125e12057725d672 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
+1=C2=A0

Thanks very much for your = effort in helping us and advancing the horizon.=C2=A0

<= div>Best regards,=C2=A0

Nat

On Mon, Oct 1, 2018 at 7:09 AM Bret Jo= rdan <jordan.ietf@gmail.com= > wrote:
Ekr,

Thanks fo= r all of the work you have done and the service you have rendered. =C2=A0

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag


--
Nat Sakimura = (=3Dnat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
--000000000000125e12057725d672-- From nobody Tue Oct 2 07:57:37 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF776130E7D for ; Tue, 2 Oct 2018 07:57:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwmjY-GczFhx for ; Tue, 2 Oct 2018 07:57:34 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E8FA128766 for ; Tue, 2 Oct 2018 07:57:34 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 42Pj1S00LNzKC5 for ; Tue, 2 Oct 2018 16:57:32 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1538492252; bh=cxY227U1fCua7NreCfzcnTwVA99PG35EC3qZ3gR34bc=; h=Date:From:To:Subject; b=lPy8tjRVVetbXnJG0eyREEUlVc4XpT/UcyZhFS68QTSUALp673rQeczDW8XT3LeGJ 1Aj4D2by57cUPqpnRWBdAY+8VBS5mGFeQ70N2hd5D6UESJGpTU2higIHtptciuU8/C xsq2fq2wHzzR7TxP55R+jSCjOOrdHTrulbZ0cyYM= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id fZscia2BeBLA for ; Tue, 2 Oct 2018 16:57:30 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for ; Tue, 2 Oct 2018 16:57:29 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 250542E75A2; Tue, 2 Oct 2018 10:57:29 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 250542E75A2 Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 1EF10402E520 for ; Tue, 2 Oct 2018 10:57:29 -0400 (EDT) Date: Tue, 2 Oct 2018 10:57:29 -0400 (EDT) From: Paul Wouters To: saag@ietf.org Message-ID: User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 (fwd) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 14:57:37 -0000 I think this group is a better discussion place for this item. Can we add this to the agenda for Bangkok to discuss? Paul ---------- Forwarded message ---------- Date: Fri, 28 Sep 2018 15:40:46 From: Paul Wouters Cc: IETF To: Russ Housley Subject: Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 On Fri, 28 Sep 2018, Russ Housley wrote: > That thread came to the conclusion that the IETF should not process profiles > for any nations states. In my opinion, there is value in making it easy for > implementers to find such profiles. So, if the Independent Stream Editor is > willing to process such profiles, they can be published as RFCs, which would > not consume any resources from the IETF leadership. I do not agree the thread came to that conclusion. I see people disagreed and stop the discussion, because everyone agreed the draft in question to make Suite B historic was not disputed. People outside the IETF do not understand the subtleties of different IETF streams, and having an RFC is seen as a stamp of approval of the international community. Therefore, I do indeed believe we should not make the same mistake again. The USG seems to be doing a fine job making FIPS publications available without these being enshrined in RFCs. I am against the IETF publishing CNSA or any other nation state cryptography profiles. Paul From nobody Tue Oct 2 09:10:21 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6728F130E44 for ; Tue, 2 Oct 2018 09:10:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9cPj_XisGUuQ for ; Tue, 2 Oct 2018 09:10:18 -0700 (PDT) Received: from sonic307-17.consmr.mail.ne1.yahoo.com (sonic307-17.consmr.mail.ne1.yahoo.com [66.163.190.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51691130DFA for ; Tue, 2 Oct 2018 09:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1538496616; bh=hkRfs6bggJddz46TGyWD/l+ToyHE9Tw0GMI7lOmyYg8=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=mSJSGXT/KH3lq0UEBcWYSzd/RWatTJyUX61KUjib3haYjwL/fb38q8SYS0MU+x28KHMVc7SgKJOuwWStEadyr/SHTtkoa99rBYqZXnFSlClEbAntSGpg5QweMRa+jJ9V9jeVvELw2/8rIOaCrFdZaadplHzHg8T4iR1dsHpDk5NgfcXcloGcF/ytYZnwXx5ZGAdhjXyE+HCFg4pZpDiRj+xFzM1OqnR7Wag459NwmBb2Dkpp271gUiDNsMJNtV0LCNspWGCdUh+JCIWB+Tx2UxRp0/SRim3NmEi3+DqKBMTm8j7vk4Va227MDaKYD9Wrgq9D3H8r4oM1r8rEYoA5hA== X-YMail-OSG: DFbePvYVM1nhUF6Ontfkn9yi5bMbrZpikw0Qw6souxJKWvAKNVnz3HCiqP7ANOK NuY3.Cu1qmd4lUOYvflIvyu2Nf6IFM7rSjnTP4pI3a0jKarDDxA4iy8yboxKlzQPv9C9zyb6WefI MAK9Rnr6v1CimHTrdOzG9KVZ1DIjqWJCdoi9OizK.LEsRwd_.k4M81xf2rqm7r9cmIbr9yDGEGpi OxvXQgbsRYRX6p8Trz50oDeIX_m2E5Bnv1bbz9Okjh4VFkhwC7VpgaQG8rhvZ9oO0Yd6N80Upfyd B9OxeRc66bkCmssDg4HOIFBwYKtV_Y5uYGOT9p.RJCHD74YBxbDsF989Ws8ivAaGi91p_5r5CAZs l89VD8ulomTiiPY2_Z_.cBD31aFWEE.kzjZR1UBwF6JfgBuCgd_z0S4VCGwxqOpEIx1codGePC2Y M16kp8Qje3SFugHLmsjLYI9M5kD2QKd9JVoAZfBgLMGqdyUcsz9C3ahU2ltW0PKZSbgpZBR23cxC OxSSOVblDqapswVoXJzWeXRNU7MMTOVS99ymL_eyg9wQKYSdP3d3tAgDGSu3.xZs7sBnvIypie3W lfHRlCqWz9EaHldnlrYDyEnipBrXaN_qFISJr11rQcULCCHkp55rPXil2xWr92UeJOXrNq2zEv.F MK2CC2I0bytsFMAS8hjp29DkPIYFXblrxQiZvnrCfLP1KDm_2LsthmYkKH2BjBMSfK0g57x.bNBQ m40J8f7AqzHLWKrI7qA2zx7X0fMChqUGaRxi5CgJZC.f1W26ohocJiUTlEX.u20rrGU4Wq_6mb8U ZL3S0jR0NjpMGv0_L7CVdxXhyMHM0DtwkWuxaULqvoeSnQRXq7C6vZ.nSWIl7BYextVCDNv9EDBW Ylm7dxTl2D25jTUSqyl.tvkQtpfmrabAMcTExDBCRr_B.1A.0geTJOqP3ojVYZXbFkbIlL2AaK.W X5JntSHUI05YP_HooTrza1MVqn9jJ1pKpQKSZm.P88Nhuc9NlhJUC57Octy8hQ7SAaHCaDRH5S5m Jk5Vd33HPk.fmODki6CNv0MJJxvGYRGXn.VPRsmViz2.5Pf_5jko- Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Tue, 2 Oct 2018 16:10:16 +0000 Date: Tue, 2 Oct 2018 16:10:12 +0000 (UTC) From: Nalini J Elkins Reply-To: Nalini J Elkins To: Paul Wouters , "saag@ietf.org" Message-ID: <964257950.3484511.1538496613008@mail.yahoo.com> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailer: WebService/1.1.12512 YahooMailNeo Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 (fwd) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 16:10:20 -0000 Paul, I would support a discussion somewhere on this draft. One thing that I see has to do with cryptoagility. This is from the https://tools.ietf.org/html/draft-jenkins-cnsa-cmc-profile-00 > The purpose behind this flexibility is to avoid vendors and customers > making two major transitions in a relatively short timeframe, as we > anticipate a need to shift to quantum-resistant cryptography in the > near future. I am concerned that the flexibility in being able to change / shift crypto algorithms for many enterprise data centers is abysmally slow. I had wanted to put together a draft in this area. One of the folks who is very interested in quantum crypto was helping me. It would be great to think of ways that we can do better. Thanks, Nalini Elkins CEO and Founder Inside Products, Inc. www.insidethestack.com (831) 659-8360 ________________________________ From: Paul Wouters To: saag@ietf.org Sent: Tuesday, October 2, 2018 7:57 AM Subject: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 (fwd) I think this group is a better discussion place for this item. Can we add this to the agenda for Bangkok to discuss? Paul ---------- Forwarded message ---------- Date: Fri, 28 Sep 2018 15:40:46 From: Paul Wouters Cc: IETF To: Russ Housley Subject: Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 On Fri, 28 Sep 2018, Russ Housley wrote: > That thread came to the conclusion that the IETF should not process profiles > for any nations states. In my opinion, there is value in making it easy for > implementers to find such profiles. So, if the Independent Stream Editor is > willing to process such profiles, they can be published as RFCs, which would > not consume any resources from the IETF leadership. I do not agree the thread came to that conclusion. I see people disagreed and stop the discussion, because everyone agreed the draft in question to make Suite B historic was not disputed. People outside the IETF do not understand the subtleties of different IETF streams, and having an RFC is seen as a stamp of approval of the international community. Therefore, I do indeed believe we should not make the same mistake again. The USG seems to be doing a fine job making FIPS publications available without these being enshrined in RFCs. I am against the IETF publishing CNSA or any other nation state cryptography profiles. Paul _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From nobody Tue Oct 2 12:46:47 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DA821311C7 for ; Tue, 2 Oct 2018 12:46:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81O1uoFe6TuD for ; Tue, 2 Oct 2018 12:46:39 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA7A21311CA for ; Tue, 2 Oct 2018 12:46:39 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 42PqR14h1Lz1Gq; Tue, 2 Oct 2018 21:46:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1538509597; bh=yIYWKyG2wR5Fni5vTGnRVl96GY59OOBWUuz0HPzOaXg=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=LkwezNZtGarvs3EuqaDd9GySoMSIjsxoMgaPO2JqH5Cleco2Hw9mRioK05RqVPf2k NELR9GPWfdMcxScxM1d7SxRV/PCfQ0ypiOkPsUDtDROTQnW9apgN6k6+SLEFRClU+9 aY73yNrWiDtuGhLzNjJ/qFFjaQsWxyPMoJXcVmYE= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 93S41if0edPa; Tue, 2 Oct 2018 21:46:35 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 2 Oct 2018 21:46:35 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 388172E75A2; Tue, 2 Oct 2018 15:46:34 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 388172E75A2 Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 3190C402E531; Tue, 2 Oct 2018 15:46:34 -0400 (EDT) Date: Tue, 2 Oct 2018 15:46:34 -0400 (EDT) From: Paul Wouters To: Nalini J Elkins cc: "saag@ietf.org" In-Reply-To: <964257950.3484511.1538496613008@mail.yahoo.com> Message-ID: References: <964257950.3484511.1538496613008@mail.yahoo.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 (fwd) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 19:46:46 -0000 On Tue, 2 Oct 2018, Nalini J Elkins wrote: > > I would support a discussion somewhere on this draft. One thing that I see has to do with cryptoagility. > > This is from the https://tools.ietf.org/html/draft-jenkins-cnsa-cmc-profile-00 > >> The purpose behind this flexibility is to avoid vendors and customers >> making two major transitions in a relatively short timeframe, as we >> anticipate a need to shift to quantum-resistant cryptography in the >> near future. > > I am concerned that the flexibility in being able to change / shift crypto algorithms for many enterprise data centers is abysmally slow. > > I had wanted to put together a draft in this area. One of the folks who is very interested in quantum crypto was helping me. It would be great to think of ways that we can do better. Unfortunately, it seems that standards and industry are moving away from a full crypto negotiation (like IKE and to a lesser extend TLS) and try to do this kind of agility in versioning only because it is deemed less error prone. This comes as a result of the many downgrade attacks to weak export level crypto algorithms were found. But that is a separate discussion from the nation state discussion, but could also be an interesting topic for SAAG. Paul From nobody Tue Oct 2 13:12:41 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70347130FF0 for ; Tue, 2 Oct 2018 13:12:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0uuemBFTnxjt for ; Tue, 2 Oct 2018 13:12:36 -0700 (PDT) Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D07E130DC2 for ; Tue, 2 Oct 2018 13:12:35 -0700 (PDT) Received: by mail-ed1-x52a.google.com with SMTP id j62-v6so3255672edd.7 for ; Tue, 02 Oct 2018 13:12:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1kibKjxTkeJHzWFR2WvX9yKVE93wa4HpsK88psMrK8k=; b=GW4US7PUq40QRt7EfUUggve1JsSPxiUSLY13aD1GdfnLmv/WQQkt41IK9xCNBHSy8Q OSCyPQGocOPPnS4Jssn5eexfWVRSVmplB1ucVKHHhfD+xUjk0eERSz5VH8HMcDj+BOGO Lw7q4HwQVP9mCzQSdrT9zetfmaBU6IyWuN6cYREmrmW1ktMrdQOMrQNpeqGwT6q7BlxD g+OWPjMlQ2gczbpswVeBnX+3BMNoBJcSvfC0xObzw/bEmA+I4mwb2tgEIzXoovDFHosE MQT8gGDruc1AQmHblRVAvBZqTZfZlBkTLrKv39rrntVpTdNpjDw5QcS3FlkS5ULtS90x eVhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1kibKjxTkeJHzWFR2WvX9yKVE93wa4HpsK88psMrK8k=; b=uUlYW9O7KXpxQhrEINP0S/ulfllQprNqYeFWAttJEkvCEJT4Oqm7o9TuxvKMZXjBN5 jHyB+TsR86z/BDzmrbMZlnu1pIM3JI0NL4g1I3hI/75j9UgH4Z11MhQV8Y31yEzkdxq3 JVDbao5QtM9aYT6FQoZ6gd+NvNALXZ6f2wcHyLVKAqNm2g98HtC4YUpMXOLJ2tAkbmMS pjfeqRKJOI3i694TidaOETtjq/5pBlDHiwLnc94Swu0pnsDMjkZ72uWN/DzXi81bI2Oj 5KqmI2rC8WRECOBiEa0fqTtXyedzr2kpbz3KLtTuQy69ozwVfZeiIWOfpBp1CzWWXTTB vrxg== X-Gm-Message-State: ABuFfoiHo0tbh61KlpZhkCOI1uyc+xrclQljYfwy0iTgRw6nFZ4I8Qw/ hLmYdSnKugSX82bBA0X3RsqLfgc/Z1drHs2ouNunNAdL X-Google-Smtp-Source: ACcGV615Ge72wZNm3KCV1tXDCl7uSOn+RkcDQcV2i4AtaT0iL7PXWQPKBr9Lmq3bJZv0EZeFk7rvtmy22C7l/tbW3Tc= X-Received: by 2002:a50:b6cf:: with SMTP id f15-v6mr26700352ede.268.1538511153880; Tue, 02 Oct 2018 13:12:33 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dmitry Belyavsky Date: Tue, 2 Oct 2018 23:12:22 +0300 Message-ID: To: paul@nohats.ca Cc: "saag@ietf.org" Content-Type: multipart/alternative; boundary="000000000000cf61220577448a2d" Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 (fwd) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 20:12:39 -0000 --000000000000cf61220577448a2d Content-Type: text/plain; charset="UTF-8" Dear Paul, One of the problems causing an interest of publishing national standards as RFCs is the necessity to be registered in various IANA registries (e.g. TLS ciphersuites identifiers) to use them for national-wide purposes along with "first class" algorithms. I strongly support discussing this topic in Bangkok. On Tue, Oct 2, 2018 at 5:57 PM Paul Wouters wrote: > > I think this group is a better discussion place for this item. > > Can we add this to the agenda for Bangkok to discuss? > > Paul > > ---------- Forwarded message ---------- > Date: Fri, 28 Sep 2018 15:40:46 > From: Paul Wouters > Cc: IETF > To: Russ Housley > Subject: Re: nation state crypto profiles - > draft-jenkins-cnsa-cmc-profile-00 > > On Fri, 28 Sep 2018, Russ Housley wrote: > > > That thread came to the conclusion that the IETF should not process > profiles > > for any nations states. In my opinion, there is value in making it > easy for > > implementers to find such profiles. So, if the Independent Stream > Editor is > > willing to process such profiles, they can be published as RFCs, which > would > > not consume any resources from the IETF leadership. > > I do not agree the thread came to that conclusion. I see people > disagreed and stop the discussion, because everyone agreed the > draft in question to make Suite B historic was not disputed. > > People outside the IETF do not understand the subtleties of different > IETF streams, and having an RFC is seen as a stamp of approval of > the international community. Therefore, I do indeed believe we should > not make the same mistake again. > > The USG seems to be doing a fine job making FIPS publications available > without these being enshrined in RFCs. > > I am against the IETF publishing CNSA or any other nation state > cryptography profiles. > > Paul > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > -- SY, Dmitry Belyavsky --000000000000cf61220577448a2d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear Paul,

One of the problems causing = an interest of publishing national standards=C2=A0
as RFCs is the= necessity to be registered in various IANA registries
(e.g. TLS = ciphersuites identifiers) to use them for national-wide purposes=C2=A0
along with "first class" algorithms.=C2=A0

I strongly support discussing this topic in Bangkok.
On Tue, Oct 2, 2018 at 5:57 P= M Paul Wouters <paul@nohats.ca>= wrote:

I think this group is a better discussion place for this item.

Can we add this to the agenda for Bangkok to discuss?

Paul

---------- Forwarded message ----------
Date: Fri, 28 Sep 2018 15:40:46
From: Paul Wouters <= paul@nohats.ca>
Cc: IETF <ietf@ietf.o= rg>
To: Russ Housley <housley@vigilsec.com>
Subject: Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-= 00

On Fri, 28 Sep 2018, Russ Housley wrote:

> That thread came to the conclusion that the IETF should not process pr= ofiles
> for any nations states.=C2=A0 =C2=A0In my opinion, there is value in m= aking it easy for
> implementers to find such profiles.=C2=A0 So, if the Independent Strea= m Editor is
> willing to process such profiles, they can be published as RFCs, which= would
> not consume any resources from the IETF leadership.

I do not agree the thread came to that conclusion. I see people
disagreed and stop the discussion, because everyone agreed the
draft in question to make Suite B historic was not disputed.

People outside the IETF do not understand the subtleties of different
IETF streams, and having an RFC is seen as a stamp of approval of
the international community. Therefore, I do indeed believe we should
not make the same mistake again.

The USG seems to be doing a fine job making FIPS publications available
without these being enshrined in RFCs.

I am against the IETF publishing CNSA or any other nation state
cryptography profiles.

Paul

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag


--
SY, Dmitry Be= lyavsky
--000000000000cf61220577448a2d-- From nobody Tue Oct 2 13:22:11 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 600DD131110 for ; Tue, 2 Oct 2018 13:22:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VxoZn9mUFIhu for ; Tue, 2 Oct 2018 13:22:08 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE160130FF0 for ; Tue, 2 Oct 2018 13:22:07 -0700 (PDT) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w92KLdVx023031; Tue, 2 Oct 2018 21:22:06 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=SUNlzYg2eA2akrk6zkydb3JUtJVMpmyG5SZzfTL2pPM=; b=iseULTxQgCz2ADmqU/RB06FBtVqx3kROqkyYvjSbc+AGe9pNuHXE/1KQ8pAqBRlJB37l a2WuKZZGu2ySjKCNbsIXrE82+Z4l/TKZOOdsEQlrJuTaA1jIK9T3R4EC4Cd9vDGH1rIk ACxoy05i93l0/j5jYtApif0YUcRCp4MB0/JhAMc1gaTZPPfiqd3JpVnR47k+wFJBCCZ5 Qz+O/X32B30NSUZxPYGlkgQGFncdxe70DloScf2XpBviAdlR2GzjOAWm3OZCFzsd7+J3 wX9HhGyfgXFzNMqFbvIU6Pjs15RNAtQECNOo1/eAWdW/xIJ7HcONf4Fuo51paUfgvNRg QA== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050102.ppops.net-00190b01. with ESMTP id 2msxfdbv6n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Oct 2018 21:22:06 +0100 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w92KJdui003258; Tue, 2 Oct 2018 16:22:05 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint2.akamai.com with ESMTP id 2mt4qv7dcj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 02 Oct 2018 16:22:05 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 2 Oct 2018 16:22:04 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Tue, 2 Oct 2018 16:22:04 -0400 From: "Salz, Rich" To: Dmitry Belyavsky , "paul@nohats.ca" CC: "saag@ietf.org" Thread-Topic: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 Thread-Index: AQHUWo2VH6xkljVOnEapGM4dLA+20g== Date: Tue, 2 Oct 2018 20:22:04 +0000 Message-ID: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.11.0.180909 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.36.7] Content-Type: multipart/alternative; boundary="_000_7CB10AE409C14AC5B2556489EF1FAE78akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-02_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=680 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810020192 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-02_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=681 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810020192 Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 20:22:11 -0000 --_000_7CB10AE409C14AC5B2556489EF1FAE78akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 ICAqICAgKGUuZy4gVExTIGNpcGhlcnN1aXRlcyBpZGVudGlmaWVycykgdG8gdXNlIHRoZW0gZm9y IG5hdGlvbmFsLXdpZGUgcHVycG9zZXMNCiAgKiAgIGFsb25nIHdpdGggImZpcnN0IGNsYXNzIiBh bGdvcml0aG1zLg0KDQpUTFMgaGFzIG1vdmVkIHRvIOKAnGRvYyByZXF1aXJlZOKAnSAgTm90IOKA nFJGQyByZXF1aXJlZC7igJ0gIEFuZCBhZGRlZCBhIGNvbHVtbiB0aGF0IHNheXMgd2hldGhlciBp dCBpcyDigJxyZWNvbW1lbmRlZOKAnSBvciDigJxubyBjb21tZW50LuKAnSAgVGhpcyBzZWVtcyBs aWtlIGl0IHdpbGwgd29yayBvdXQgd2VsbC4NCg== --_000_7CB10AE409C14AC5B2556489EF1FAE78akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0K CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246 dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28t c3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRl cmxpbmU7fQ0KcC5Nc29MaXN0UGFyYWdyYXBoLCBsaS5Nc29MaXN0UGFyYWdyYXBoLCBkaXYuTXNv TGlzdFBhcmFncmFwaA0KCXttc28tc3R5bGUtcHJpb3JpdHk6MzQ7DQoJbWFyZ2luLXRvcDowaW47 DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltYXJnaW4tYm90dG9tOjBpbjsNCgltYXJnaW4tbGVmdDou NWluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQt ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFs MCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJn aW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTgNCgl7bXNvLXN0 eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2Vy aWY7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9u dC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47 DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7 cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7 bXNvLWxpc3QtaWQ6NTExMDcwNzgzOw0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0 LXRlbXBsYXRlLWlkczo3MTMwODc2MzAgLTEzMTU5Mjg4NTAgNjc2OTg2OTEgNjc2OTg2OTMgNjc2 OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTM7fQ0KQGxp c3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1zdGFydC1hdDowOw0KCW1zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvg5g7DQoJbXNvLWxldmVsLXRhYi1zdG9w Om5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u MjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJbXNvLWZhcmVhc3QtZm9udC1mYW1pbHk6 IlRpbWVzIE5ldyBSb21hbiI7DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6Q2FsaWJyaTt9DQpAbGlz dCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl bC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmll ciBOZXciO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9u dC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3Rv cDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot LjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwt dGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p bmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2 ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv gqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0K QGxpc3QgbDA6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t bGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpT eW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1m YW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpvbA0KCXttYXJnaW4tYm90dG9tOjBp bjt9DQp1bA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJv ZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0i V29yZFNlY3Rpb24xIj4NCjx1bCBzdHlsZT0ibWFyZ2luLXRvcDowaW4iIHR5cGU9ImRpc2MiPg0K PGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MGluO21zby1s aXN0OmwwIGxldmVsMSBsZm8xIj4oZS5nLiBUTFMgY2lwaGVyc3VpdGVzIGlkZW50aWZpZXJzKSB0 byB1c2UgdGhlbSBmb3IgbmF0aW9uYWwtd2lkZSBwdXJwb3NlcyZuYnNwOzxvOnA+PC9vOnA+DQo8 ZGl2PjwvZGl2Pg0KPC9saT48bGkgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJn aW4tbGVmdDowaW47bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPmFsb25nIHdpdGggJnF1b3Q7Zmly c3QgY2xhc3MmcXVvdDsgYWxnb3JpdGhtcy4mbmJzcDs8bzpwPjwvbzpwPjwvbGk+PC91bD4NCjwv ZGl2Pg0KPHVsPg0KPC91bD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRMUyBoYXMgbW92ZWQgdG8g4oCcZG9j IHJlcXVpcmVk4oCdJm5ic3A7IE5vdCDigJxSRkMgcmVxdWlyZWQu4oCdJm5ic3A7IEFuZCBhZGRl ZCBhIGNvbHVtbiB0aGF0IHNheXMgd2hldGhlciBpdCBpcyDigJxyZWNvbW1lbmRlZOKAnSBvciDi gJxubyBjb21tZW50LuKAnSZuYnNwOyBUaGlzIHNlZW1zIGxpa2UgaXQgd2lsbCB3b3JrIG91dCB3 ZWxsLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2PjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1s Pg0K --_000_7CB10AE409C14AC5B2556489EF1FAE78akamaicom_-- From nobody Tue Oct 2 13:41:17 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2484C131141 for ; Tue, 2 Oct 2018 13:41:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kCiHk-OTOLHn for ; Tue, 2 Oct 2018 13:41:13 -0700 (PDT) Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21D62131107 for ; Tue, 2 Oct 2018 13:41:13 -0700 (PDT) Received: by mail-qt1-x82d.google.com with SMTP id q40-v6so3582627qte.0 for ; Tue, 02 Oct 2018 13:41:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=2IVQHRaNTVLFbt1qfyMZ7xGtv3cQYNswAqYJvroe1Io=; b=rztDDwLWaOqC04cYYX+w0MWqnbtZsqh78rMoDhDA5IHyNx9f3ayLan6bV6Qfw+7VFH XNKJ3+TCicLlbCmmeVcH5CR0CMqR05LuXSILfwQQ2Orb4PUCF8MghIDIG2uqpyC5SMiL BrpEO30cmbrNKbn+hGqcnCXBPfIZrnucPYfwM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=2IVQHRaNTVLFbt1qfyMZ7xGtv3cQYNswAqYJvroe1Io=; b=PlIOhLRdSeDpfk276JU/2/Di//8o9SCklNJJKe10GeYfU3U6kdVf1jcpb08XiF6Ma5 4q7J9BnV5v0Jiqp+avxQ+S1bloKPBR/g773LmrsiPRqwVtMKO9+qneuweW4RF4ZrLh1x 2MqXvxhqI4NU5UDkVV3XQYO6Ffytg8IEXRFNZIW6InoCelvnVsmdh+oM6gF38fP/3fGL YQlPBZlWJx8h16pawmT4JWPgvLGROJxgTp+uU97lEKTuDi2ncEVU5LHr6Jyc3Za8h3ol qwrEO+85YQB8G6rzGyVdq2Wvl3SZnbQ+8N/WxUkTMA4UZSGFkzS0IVpjoWtfomrZsE7M NJqA== X-Gm-Message-State: ABuFfoj+A0KDTQedTGjeVGjg4ka+IVU6s2Dl8Kx4iUtrUP5TfpPkzM+/ 0LBe5eaNJAC16eS0tdc9TKq9Kyh/H1iUNQ== X-Google-Smtp-Source: ACcGV62MDnOMYHDaWW4rrgrCNYC8BnrHJQNvxSSdg7f5Elw/vOsX2RwcQcXOCmxH19FQQ1hc3D1+3Q== X-Received: by 2002:aed:2b43:: with SMTP id p61-v6mr14462296qtd.107.1538512872251; Tue, 02 Oct 2018 13:41:12 -0700 (PDT) Received: from [192.168.2.246] (pool-108-28-91-61.washdc.fios.verizon.net. [108.28.91.61]) by smtp.googlemail.com with ESMTPSA id v5-v6sm656565qkf.26.2018.10.02.13.41.10 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 02 Oct 2018 13:41:11 -0700 (PDT) User-Agent: Microsoft-MacOutlook/14.7.6.170621 Date: Tue, 02 Oct 2018 16:41:06 -0400 From: Carl Wallace To: Paul Wouters , Message-ID: Thread-Topic: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 References: In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 20:41:15 -0000 What's the difference between a nation state profile and a similar or same profile that has been marshaled through a commercial entity? What's the difference between a nation state profile and a profile from a very large company? Is a market cap limit next? Would elimination of all affiliation flatten the space in a good way or is the current truth in packaging preferred? On 10/2/18, 10:57 AM, "saag on behalf of Paul Wouters" wrote: > >I think this group is a better discussion place for this item. > >Can we add this to the agenda for Bangkok to discuss? > >Paul > >---------- Forwarded message ---------- >Date: Fri, 28 Sep 2018 15:40:46 >From: Paul Wouters >Cc: IETF >To: Russ Housley >Subject: Re: nation state crypto profiles - >draft-jenkins-cnsa-cmc-profile-00 > >On Fri, 28 Sep 2018, Russ Housley wrote: > >> That thread came to the conclusion that the IETF should not process >>profiles >> for any nations states. In my opinion, there is value in making it >>easy for >> implementers to find such profiles. So, if the Independent Stream >>Editor is >> willing to process such profiles, they can be published as RFCs, which >>would >> not consume any resources from the IETF leadership. > >I do not agree the thread came to that conclusion. I see people >disagreed and stop the discussion, because everyone agreed the >draft in question to make Suite B historic was not disputed. > >People outside the IETF do not understand the subtleties of different >IETF streams, and having an RFC is seen as a stamp of approval of >the international community. Therefore, I do indeed believe we should >not make the same mistake again. > >The USG seems to be doing a fine job making FIPS publications available >without these being enshrined in RFCs. > >I am against the IETF publishing CNSA or any other nation state >cryptography profiles. > >Paul > >_______________________________________________ >saag mailing list >saag@ietf.org >https://www.ietf.org/mailman/listinfo/saag From nobody Tue Oct 2 14:15:53 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C250813120C for ; Tue, 2 Oct 2018 14:15:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zEELTKwgEV73 for ; Tue, 2 Oct 2018 14:15:44 -0700 (PDT) Received: from pdx1-sub0-mail-a33.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C94B131259 for ; Tue, 2 Oct 2018 14:15:44 -0700 (PDT) Received: from pdx1-sub0-mail-a33.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a33.g.dreamhost.com (Postfix) with ESMTP id B49608017A; Tue, 2 Oct 2018 14:15:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=a1fsDW7tSVv8W/ RAoi/QU4BsxZI=; b=l69VVrBd6v1GKIhbvIcrCOf79Zm0YKwfWQ+zFYhDoKMz03 h5mxulFETq/jcBX6oVOpejLQKcPjYh/k8A0ZPV+oTwsJ7cwSSTeiV5E+op7vCjFq payrGBcHXIJuxsyg1ECj6g2H2IAPhgQCjDVxI2T86LsVOB/kzm/PJvBA4nKgQ= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a33.g.dreamhost.com (Postfix) with ESMTPSA id 67E0580179; Tue, 2 Oct 2018 14:15:41 -0700 (PDT) Date: Tue, 2 Oct 2018 16:15:39 -0500 X-DH-BACKEND: pdx1-sub0-mail-a33 X-DH-BACKEND: pdx1-sub0-mail-a33 From: Nico Williams To: Carl Wallace Cc: Paul Wouters , saag@ietf.org Message-ID: <20181002211538.GJ2164@localhost> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 21:15:52 -0000 On Tue, Oct 02, 2018 at 04:41:06PM -0400, Carl Wallace wrote: > What's the difference between a nation state profile and a similar or same > profile that has been marshaled through a commercial entity? None, of course. I don't object to having codepoint assignments for all sorts of cryptographic algorithms from various nation states and even corporations. I also don't object to FYI publications of these, though presumably any nation state or large corporation could setup their own SDOs, therefore we perhaps should not lend then either the ISE's nor the IETF nor RFC-Editor's resources -- we just can't really refuse IANA resources. What we should want is for required-to-implement algorithms to be ones we reasonably believe are secure, and we should pick those for reasons other than national origin of said algorithms. We should make these decisions on a case-by-case basis, as we long have. Nico -- From nobody Tue Oct 2 14:36:30 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4A0013117D for ; Tue, 2 Oct 2018 14:36:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VqQwkFvAALOi for ; Tue, 2 Oct 2018 14:36:27 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 564F11310E3 for ; Tue, 2 Oct 2018 14:36:27 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 42Pssh6cWPzKC9; Tue, 2 Oct 2018 23:36:24 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1538516184; bh=Hg8HGytHz56RnjiF8EknMQ1b3eSazaWrg2UZGC/FlUI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=tC2090RPZ8n+nmMIX8SYFFOG8/m0m5lXJIQNy134PM4qYzGU9kQYk45vOuvBswkNI qwMMRZNKh0np+iImegz8ALH0PdkSoPk6sdlPqYvIEh9IXTI8h5r0E4LFzuhV7xwI4j 93WTTeHdDvStr+czKxpAEZfu6AMPil/4t9nruA1U= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id VGfuXKiTmr4v; Tue, 2 Oct 2018 23:36:23 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 2 Oct 2018 23:36:23 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 8781F2E75A2; Tue, 2 Oct 2018 17:36:22 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 8781F2E75A2 Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7FB1B40781FE; Tue, 2 Oct 2018 17:36:22 -0400 (EDT) Date: Tue, 2 Oct 2018 17:36:22 -0400 (EDT) From: Paul Wouters To: "Salz, Rich" cc: Dmitry Belyavsky , "saag@ietf.org" In-Reply-To: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> Message-ID: References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 21:36:29 -0000 On Tue, 2 Oct 2018, Salz, Rich wrote: > * (e.g. TLS ciphersuites identifiers) to use them for national-wide purposes  > * along with "first class" algorithms.  > > TLS has moved to “doc required”  Not “RFC required.”  And added a column that says whether it is “recommended” or “no comment.”  This seems like it will work out well. Similarly, for IKE/IPsec, the IANA registries are Expert Review, not "RFC required" Paul From nobody Tue Oct 2 14:43:56 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FB9D13117D for ; Tue, 2 Oct 2018 14:43:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MPzkzZ2LBexT for ; Tue, 2 Oct 2018 14:43:54 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7C0F1310E3 for ; Tue, 2 Oct 2018 14:43:53 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 42Pt2F3nZkzKCF; Tue, 2 Oct 2018 23:43:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1538516629; bh=aQ5dPAj8L7uY3wse2j14FTeAe42VxXSXfx6Wu3EpY5w=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=u/nMHlNLeZZDstBsH1ehqZMsr3g0Zy9SsbgAwyooamxPkY3zB3Vg3AM/XsH3ocAZY D02eTlQPT/Rr34bxPIQWiWVQxoLfOMqGTLy1VLID2u4MH8hwqjaFrlg4nTu9Y4gQNU qRYe5LZ/dQU1x34LtKgzAoVmG12cvsJGQLL4BB0w= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 3mB3kOZfp1Ft; Tue, 2 Oct 2018 23:43:46 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 2 Oct 2018 23:43:45 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id BEA382E75A2; Tue, 2 Oct 2018 17:43:44 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca BEA382E75A2 Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id B534F40781FE; Tue, 2 Oct 2018 17:43:44 -0400 (EDT) Date: Tue, 2 Oct 2018 17:43:44 -0400 (EDT) From: Paul Wouters To: Carl Wallace cc: saag@ietf.org In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 21:43:55 -0000 On Tue, 2 Oct 2018, Carl Wallace wrote: > What's the difference between a nation state profile and a similar or same > profile that has been marshaled through a commercial entity? > What's the difference between a nation state profile and a profile from a > very large company? Is a market cap limit next? > Would elimination of all affiliation flatten the space in a good way or is > the current truth in packaging preferred? These are good questions for a SAAG discussion. If we have an industry wide recommendation, I think that could qualify for an IETF reviewed and published document. And I feel external entities dictating algorithms or bypassing IETF review via the Independent Stream Editor, should not be published by the IETF/ISE. Some of this work for recommending algorithms is already done by the IETF, for example see RFCa4307/ 8247 and RFC 7321/8221 and I think these kind of usage documents are within the scope of the IETF. And I believe recommendations by the relevant WGs such as IPsecME or TLS is where this kind of work needs to happen, if the end result is the publication of an RFC. Paul > On 10/2/18, 10:57 AM, "saag on behalf of Paul Wouters" > wrote: > >> >> I think this group is a better discussion place for this item. >> >> Can we add this to the agenda for Bangkok to discuss? >> >> Paul >> >> ---------- Forwarded message ---------- >> Date: Fri, 28 Sep 2018 15:40:46 >> From: Paul Wouters >> Cc: IETF >> To: Russ Housley >> Subject: Re: nation state crypto profiles - >> draft-jenkins-cnsa-cmc-profile-00 >> >> On Fri, 28 Sep 2018, Russ Housley wrote: >> >>> That thread came to the conclusion that the IETF should not process >>> profiles >>> for any nations states. In my opinion, there is value in making it >>> easy for >>> implementers to find such profiles. So, if the Independent Stream >>> Editor is >>> willing to process such profiles, they can be published as RFCs, which >>> would >>> not consume any resources from the IETF leadership. >> >> I do not agree the thread came to that conclusion. I see people >> disagreed and stop the discussion, because everyone agreed the >> draft in question to make Suite B historic was not disputed. >> >> People outside the IETF do not understand the subtleties of different >> IETF streams, and having an RFC is seen as a stamp of approval of >> the international community. Therefore, I do indeed believe we should >> not make the same mistake again. >> >> The USG seems to be doing a fine job making FIPS publications available >> without these being enshrined in RFCs. >> >> I am against the IETF publishing CNSA or any other nation state >> cryptography profiles. >> >> Paul >> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag > > From nobody Tue Oct 2 15:03:12 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82AF131242 for ; Tue, 2 Oct 2018 15:03:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0SCHQqwWaKQ7 for ; Tue, 2 Oct 2018 15:03:00 -0700 (PDT) Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00F0B131259 for ; Tue, 2 Oct 2018 15:02:59 -0700 (PDT) Received: by mail-wm1-x335.google.com with SMTP id s12-v6so3753677wmc.0 for ; Tue, 02 Oct 2018 15:02:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=tCncVmhaPvT0sGcjwszuiLAUpRLJwuJwhD9/DvamoIo=; b=mPiY1eAGMNBBm68BInB4BAJIrjlQQkymwh74b9iGt8CeXmzPB4potrRw6cyuAjfnfq GMpppcJZy9n/xqh5dZI54jiB1/7gZWH2hVlJKz5kEuB9bIwgzdZu0/+7jlkLJqw7xvCI hyjgoYMyrqPahSsUSCHbemhDYGS2AUmwmct4MtQ0K7nGQyd+XNThOgPNU/FbxrQbZVwD bCYRvELpnBRUx8gJEgc5b1Wu6nIU6fIRi1Q/cef3/X8AJ1KjAmHlH9Pez52SEvptge2f u7aC9pjL2XncPEMHWyrZioQ8hZKDFluTHnSXeaArYaf/vkxwWziRW85AKwLnAlNo7ZgR oOiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=tCncVmhaPvT0sGcjwszuiLAUpRLJwuJwhD9/DvamoIo=; b=mv0UAG2r28RqR5cz1J20VyjiBmEDZ9OcP6Gvv7kLcRhgA4NPDb4sA28+6aDhB8kJ6k QRg2kHfnJNKf0QpehiAV8BOpiM3s73WoTz+bURvQbIuK19JPUhWCnqzcAI45+fgi82FA 2WeIU2vAeDo58665jCWcNjTKrFPEnNUI5qN8HI5FLs0rfnRWXIcwj5uPwn1usCVP+AXT 6zrLzBXe+JUJgExk8lZssBWJQQc9bbRfxHnTPgVN3ohXORux1xh31quTew0s7zfI9XyL OS1x6ecV4OoxWs0NKRbNJxl+zG8da4ShfJJpXwUPIK/vdl08E+Nm6SxR5O6qYjTFa88n JF+Q== X-Gm-Message-State: ABuFfogZE/M8d6GgWarRrRwYo+cB8IdTwr1Bij9oeM70quekXx0XNX7h wCthv4ohOa6tvlxk9r9JNvFunXYU X-Google-Smtp-Source: ACcGV61uv1qdVU32E8Bd/9o8Be3ac3kVaDTOiGHqLhMdapxa5V0Mync1QjWzECX7Y0XQR0xNaFFKmg== X-Received: by 2002:a1c:1b91:: with SMTP id b139-v6mr3105599wmb.147.1538517778414; Tue, 02 Oct 2018 15:02:58 -0700 (PDT) Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id z13sm15995766wrw.19.2018.10.02.15.02.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Oct 2018 15:02:57 -0700 (PDT) From: Yoav Nir Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_C2603439-8D85-433A-957E-4E7F0283970D" Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Date: Wed, 3 Oct 2018 01:02:55 +0300 In-Reply-To: Cc: Rich Salz , Security Area Advisory Group To: Paul Wouters References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> X-Mailer: Apple Mail (2.3445.100.39) Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 22:03:10 -0000 --Apple-Mail=_C2603439-8D85-433A-957E-4E7F0283970D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 3 Oct 2018, at 0:36, Paul Wouters wrote: >=20 > On Tue, 2 Oct 2018, Salz, Rich wrote: >=20 >> * (e.g. TLS ciphersuites identifiers) to use them for national-wide = purposes=20 >> * along with "first class" algorithms.=20 >> TLS has moved to =E2=80=9Cdoc required=E2=80=9D Not =E2=80=9CRFC = required.=E2=80=9D And added a column that says whether it is = =E2=80=9Crecommended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D This = seems like it will work out well. >=20 > Similarly, for IKE/IPsec, the IANA registries are Expert Review, not = "RFC required=E2=80=9D Right. So if SAAG (or the IESG) can guide the designated experts about = national crypto, that would be great. Suppose (and this is just an example) the Russian government would like = to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has = an AEAD mode defined, so it can be used. They have several options: They can publish a document on gostperevod.com = and ask IANA to register the Kuznyechik AEAD in the TLS registries. They can publish a draft (in addition to #1) and then ask IANA to = register the Kuznyechik AEAD in the TLS registry while asking the RFC = editor to publish. The can publish on gostperevod.com and tell = everyone to squat on (0x13, 0x79) I think we can all agree that #3 is a bad outcome, but that is what they = will do if IANA won=E2=80=99t allocate identifiers. IMO #1 is good enough, provided we can get guidance from SAAG or the = IESG to recommend such registration. It should be noted that a line should be drawn somewhere. I think a = nation state with serious cryptographers such as Russia should get a = code point for its national crypto. I think someone who has come up = with a great new algorithm that he totally cannot break should not get a = code point. Somewhere between these two extremes the line should be = drawn. The question is where? Yoav= --Apple-Mail=_C2603439-8D85-433A-957E-4E7F0283970D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> = wrote:

On Tue, 2 Oct 2018, Salz, Rich wrote:

*  (e.g. TLS = ciphersuites identifiers) to use them for national-wide = purposes 
*  along with "first class" = algorithms. 
TLS has moved to =E2=80=9Cdoc = required=E2=80=9D  Not =E2=80=9CRFC required.=E2=80=9D  And = added a column that says whether it is =E2=80=9Crecommended=E2=80=9D or = =E2=80=9Cno comment.=E2=80=9D  This seems like it will work out = well.

Similarly, for = IKE/IPsec, the IANA registries are Expert Review, not "RFC = required=E2=80=9D

Right. So if SAAG (or the IESG) can guide the designated = experts about national crypto, that would be great.

Suppose (and this is = just an example) the Russian government would like to use TLS 1.3 with = the Kuznyechik cipher. This is assuming that it has an AEAD mode = defined, so it can be used. They have several options:
  1. They can publish a = document on gostperevod.com and ask IANA to register the = Kuznyechik AEAD in the TLS registries.
  2. They can = publish a draft (in addition to #1) and then ask IANA to register the = Kuznyechik AEAD in the TLS registry while asking the RFC editor to = publish.
  3. The can publish on gostperevod.com and = tell everyone to squat on (0x13, 0x79)

I think we can all agree that #3 = is a bad outcome, but that is what they will do if IANA won=E2=80=99t = allocate identifiers.

IMO #1 is good enough, provided we can get guidance from SAAG = or the IESG to recommend such registration.

It should be noted that a line should = be drawn somewhere. I think a nation state with serious cryptographers = such as Russia should get a code point for its national crypto.  I = think someone who has come up with a great new algorithm that he totally = cannot break should not get a code point. Somewhere between these two = extremes the line should be drawn. The question is where?

Yoav
= --Apple-Mail=_C2603439-8D85-433A-957E-4E7F0283970D-- From nobody Tue Oct 2 15:07:35 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D27D1311AB for ; Tue, 2 Oct 2018 15:07:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8vSmQVOHhRx for ; Tue, 2 Oct 2018 15:07:31 -0700 (PDT) Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0B611311C0 for ; Tue, 2 Oct 2018 15:07:30 -0700 (PDT) X-AuditID: 1209190e-abfff70000001490-90-5bb3ec2013fb Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 52.43.05264.12CE3BB5; Tue, 2 Oct 2018 18:07:29 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w92M7O6B009612; Tue, 2 Oct 2018 18:07:26 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w92M7Koj030341 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 2 Oct 2018 18:07:23 -0400 Date: Tue, 2 Oct 2018 17:07:20 -0500 From: Benjamin Kaduk To: Yoav Nir Cc: Paul Wouters , Security Area Advisory Group Message-ID: <20181002220720.GD56675@kduck.kaduk.org> References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrCKsWRmVeSWpSXmKPExsUixG6noqv4ZnO0wfm3khbvb11ispjS38lk sfTYByYHZo+ds+6yeyxZ8pPJ4/s8pgDmKC6blNSczLLUIn27BK6MY68Wsxc8EatY9/4GYwNj r1AXIyeHhICJxKbryxlBbCGBxUwSe+9HdjFyAdkbGCXa97axQjhXmCQuzu9lAaliEVCR+LPn KFgHG5Dd0H2ZGcQWEVCSOHzlK5jNLBAhsezRNDYQW1ggX+LJoansIDYv0LY3v1rYIIYuZ5TY /6+bGSIhKHFy5hMWiGZ1iT/zLgHFOYBsaYnl/zggwvISzVtng5VzCthKHH14H2y+qICyxN6+ Q+wTGAVnIZk0C8mkWQiTZiGZtICRZRWjbEpulW5uYmZOcWqybnFyYl5eapGusV5uZoleakrp JkZQoHNK8u1gnNTgfYhRgINRiYc3Yf7maCHWxLLiytxDjJIcTEqivDy5QCG+pPyUyozE4oz4 otKc1OJDjBIczEoivH2JQDnelMTKqtSifJiUNAeLkjjvhJbF0UIC6YklqdmpqQWpRTBZGQ4O JQneN6+AGgWLUtNTK9Iyc0oQ0kwcnCDDeYCGPwKp4S0uSMwtzkyHyJ9itORYNaNjBjPHtjOd QLLt6fUZzEIsefl5qVLivPWvgRoEQBoySvPgZoISl0T2/ppXjOJALwrzpoJU8QCTHtzUV0AL mYAWNpZuAFlYkoiQkmpgnBxreDvZ1ftN8NGej5r+lrWPbRP/XggP9Vi+K2BX+S+va1+2xPj3 7z16MT6P9QLPcx6GD2rzeO5FrY6ouD03OHviEZOM5SoSGzZ6stq6XDzkHB1t/GJX0fbvbRPO d0af36n4RDY0Tf/i0q29K5uSrPqy8koW7JPfbRjnxcopJlqktLxiwhNLJZbijERDLeai4kQA WFw2MzcDAAA= Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 22:07:33 -0000 On Wed, Oct 03, 2018 at 01:02:55AM +0300, Yoav Nir wrote: > > > > On 3 Oct 2018, at 0:36, Paul Wouters wrote: > > > > On Tue, 2 Oct 2018, Salz, Rich wrote: > > > >> * (e.g. TLS ciphersuites identifiers) to use them for national-wide purposes > >> * along with "first class" algorithms. > >> TLS has moved to “doc required” Not “RFC required.” And added a column that says whether it is “recommended” or “no comment.” This seems like it will work out well. > > > > Similarly, for IKE/IPsec, the IANA registries are Expert Review, not "RFC required” > > Right. So if SAAG (or the IESG) can guide the designated experts about national crypto, that would be great. > > Suppose (and this is just an example) the Russian government would like to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has an AEAD mode defined, so it can be used. They have several options: > They can publish a document on gostperevod.com and ask IANA to register the Kuznyechik AEAD in the TLS registries. > They can publish a draft (in addition to #1) and then ask IANA to register the Kuznyechik AEAD in the TLS registry while asking the RFC editor to publish. > The can publish on gostperevod.com and tell everyone to squat on (0x13, 0x79) > > I think we can all agree that #3 is a bad outcome, but that is what they will do if IANA won’t allocate identifiers. > > IMO #1 is good enough, provided we can get guidance from SAAG or the IESG to recommend such registration. > > It should be noted that a line should be drawn somewhere. I think a nation state with serious cryptographers such as Russia should get a code point for its national crypto. I think someone who has come up with a great new algorithm that he totally cannot break should not get a code point. Somewhere between these two extremes the line should be drawn. The question is where? That's a question for the corresponding registry's Designated Experts, presumably. RFC 8447 gives guidance to the experts (for the ciphersuite registry): Note: The role of the designated expert is described in RFC 8447. The designated expert [RFC8126] ensures that the specification is publicly available. It is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or a document from another standards body, industry consortium, university site, etc. The expert may provide more in-depth reviews, but their approval should not be taken as an endorsement of the cipher suite. which seems to push the Experts towards being pretty generous about approving codepoint requests. I would be surprised if #1 above was controversial (but, to be clear, would welcome a conversation with the experts if needed; I'm not trying to force anyone's hand). -Ben From nobody Tue Oct 2 15:30:33 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29AD71311AE for ; Tue, 2 Oct 2018 15:30:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YGhh-3t_bctV for ; Tue, 2 Oct 2018 15:30:29 -0700 (PDT) Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80B5E13119F for ; Tue, 2 Oct 2018 15:30:28 -0700 (PDT) Received: by mail-wm1-x330.google.com with SMTP id z204-v6so2858322wmc.5 for ; Tue, 02 Oct 2018 15:30:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=c/9K5slZ8aqs875e4+ujGGONKjJmMeP5VEtpzz2VnYA=; b=GUy0kOg9PQ2TuLi61vaPqXOBjR71/chKZIBi0vyJ6cPeL4VNK452ANSxDphlWcpUs5 xSOcfq6IhL6TSp5okDe83n82TMMTDTq/ZerN4N7fEbl9BUlV8lGKrayEqS9F3ynRJcuy jYa51d2+IzEV92VkRELdEvP/4Erm9OhL5mEQm69wX7qdVpC2pDPiYfn94UlutpGAcDoY hlqRE5n+rlL3zczR29sHGtHXO5PDULJ4spAnV/Gy/2CNje07f6up2c7nov4vAwbmI581 5lNsa4JN0T5ZRgcWOvjm0wuuDaC3slJnJXvGEHiWUFXLuUYLoTVHYjrXnmcX72fOuj9U GWyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=c/9K5slZ8aqs875e4+ujGGONKjJmMeP5VEtpzz2VnYA=; b=L7CSTyIHKyBRHRYFgxnzcPDKcdyIQ89UPSSJDuOKj63lq9mwo8VPzKTCaD9VWkPJcc NoNNxNJUVs9VO4GGeYLlhY2QY2CfQOiIZmoNZBEU61mTuBnGoMBhr8bObqvuvwGHVosr stFeE32NUvRQqGBDGvkwte9NTtCV7BmV2vSub+Ejpppo7cHAz6aOAXYurvQOwjR/3wLY bWDcZId0eCVA4PaejYks9Bj1sM/fVa2jB8gLn5+sKDvAt6imR60IUVlpvHDCdK52tHHx GLeyOxq4qxyzExGtqZqejVlmZ8GLTVzOlOzx30sG4OoAVHNO+58Kwx1BeXDZFX8XKgib zq5g== X-Gm-Message-State: ABuFfojhKQgck7Ia5IABxlP7OAiwd85MfrmBBcAaASSKHtXgA906Jrcf 7VC1eJdl+0C8UN+/zxAZ1Sc= X-Google-Smtp-Source: ACcGV63hKxk2o5FT4dDEsJm3h39ULKCs+W8bIACK4I3UBpAKMYUShYx0q+kgTMdlF86B86DvYKfYEw== X-Received: by 2002:a7b:c017:: with SMTP id c23-v6mr3270272wmb.136.1538519426878; Tue, 02 Oct 2018 15:30:26 -0700 (PDT) Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id y125-v6sm982268wme.12.2018.10.02.15.30.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Oct 2018 15:30:26 -0700 (PDT) From: Yoav Nir Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_DDCE0649-E974-4B69-B9CC-A3643065245E" Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Date: Wed, 3 Oct 2018 01:30:23 +0300 In-Reply-To: <20181002220720.GD56675@kduck.kaduk.org> Cc: Paul Wouters , Security Area Advisory Group To: Benjamin Kaduk References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> X-Mailer: Apple Mail (2.3445.100.39) Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 22:30:31 -0000 --Apple-Mail=_DDCE0649-E974-4B69-B9CC-A3643065245E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 3 Oct 2018, at 1:07, Benjamin Kaduk wrote: >=20 > On Wed, Oct 03, 2018 at 01:02:55AM +0300, Yoav Nir wrote: >>=20 >>=20 >>> On 3 Oct 2018, at 0:36, Paul Wouters wrote: >>>=20 >>> On Tue, 2 Oct 2018, Salz, Rich wrote: >>>=20 >>>> * (e.g. TLS ciphersuites identifiers) to use them for = national-wide purposes=20 >>>> * along with "first class" algorithms.=20 >>>> TLS has moved to =E2=80=9Cdoc required=E2=80=9D Not =E2=80=9CRFC = required.=E2=80=9D And added a column that says whether it is = =E2=80=9Crecommended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D This = seems like it will work out well. >>>=20 >>> Similarly, for IKE/IPsec, the IANA registries are Expert Review, not = "RFC required=E2=80=9D >>=20 >> Right. So if SAAG (or the IESG) can guide the designated experts = about national crypto, that would be great. >>=20 >> Suppose (and this is just an example) the Russian government would = like to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it = has an AEAD mode defined, so it can be used. They have several options: >> They can publish a document on gostperevod.com = > and ask IANA to register the Kuznyechik AEAD = in the TLS registries. >> They can publish a draft (in addition to #1) and then ask IANA to = register the Kuznyechik AEAD in the TLS registry while asking the RFC = editor to publish. >> The can publish on gostperevod.com = > and tell everyone to = squat on (0x13, 0x79) >>=20 >> I think we can all agree that #3 is a bad outcome, but that is what = they will do if IANA won=E2=80=99t allocate identifiers. >>=20 >> IMO #1 is good enough, provided we can get guidance from SAAG or the = IESG to recommend such registration. >>=20 >> It should be noted that a line should be drawn somewhere. I think a = nation state with serious cryptographers such as Russia should get a = code point for its national crypto. I think someone who has come up = with a great new algorithm that he totally cannot break should not get a = code point. Somewhere between these two extremes the line should be = drawn. The question is where? >=20 > That's a question for the corresponding registry's Designated Experts, Right. Which is why I=E2=80=99m asking. > presumably. RFC 8447 gives guidance to the experts (for the = ciphersuite > registry): >=20 > Note: The role of the designated expert is described in RFC 8447. > The designated expert [RFC8126] ensures that the specification is > publicly available. It is sufficient to have an Internet-Draft > (that is posted and never published as an RFC) or a document from > another standards body, industry consortium, university site, = etc. > The expert may provide more in-depth reviews, but their approval > should not be taken as an endorsement of the cipher suite. >=20 > which seems to push the Experts towards being pretty generous about > approving codepoint requests. I would be surprised if #1 above was > controversial As soon as it=E2=80=99s about national (or =E2=80=9Cvanity=E2=80=9D) = crypto, it becomes controversial. Even if it isn=E2=80=99t, I=E2=80=99d = like people=E2=80=99s opinions as to where to draw the line. > (but, to be clear, would welcome a conversation with the > experts if needed; I'm not trying to force anyone's hand). >=20 > -Ben --Apple-Mail=_DDCE0649-E974-4B69-B9CC-A3643065245E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On 3 Oct 2018, at 1:07, Benjamin Kaduk <kaduk@mit.edu> = wrote:

On Wed, Oct 03, 2018 at = 01:02:55AM +0300, Yoav Nir wrote:


On 3 Oct 2018, at 0:36, = Paul Wouters <paul@nohats.ca> wrote:

On = Tue, 2 Oct 2018, Salz, Rich wrote:

*  (e.g. TLS = ciphersuites identifiers) to use them for national-wide purposes 
* =  along with "first class" algorithms. 
TLS has = moved to =E2=80=9Cdoc required=E2=80=9D  Not =E2=80=9CRFC = required.=E2=80=9D  And added a column that says whether it is = =E2=80=9Crecommended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D =  This seems like it will work out well.

Similarly, for IKE/IPsec, the = IANA registries are Expert Review, not "RFC required=E2=80=9D

Right. So if SAAG (or the IESG) = can guide the designated experts about national crypto, that would be = great.

Suppose (and this is just an = example) the Russian government would like to use TLS 1.3 with the = Kuznyechik cipher. This is assuming that it has an AEAD mode defined, so = it can be used. They have several options:
They can = publish a document on gostperevod.com <http://gostperevod.com/> and ask IANA to register the = Kuznyechik AEAD in the TLS registries.
They can publish a = draft (in addition to #1) and then ask IANA to register the Kuznyechik = AEAD in the TLS registry while asking the RFC editor to publish.
The can publish on gostperevod.com <http://gostperevod.com/> and tell everyone to squat on = (0x13, 0x79)

I think we can all agree that = #3 is a bad outcome, but that is what they will do if IANA won=E2=80=99t = allocate identifiers.

IMO #1 is good = enough, provided we can get guidance from SAAG or the IESG to recommend = such registration.

It should be noted that = a line should be drawn somewhere. I think a nation state with serious = cryptographers such as Russia should get a code point for its national = crypto.  I think someone who has come up with a great new algorithm = that he totally cannot break should not get a code point. Somewhere = between these two extremes the line should be drawn. The question is = where?

That's a question for the corresponding registry's Designated = Experts,

Right. = Which is why I=E2=80=99m asking.

presumably.  RFC 8447 gives guidance to the experts (for = the ciphersuite
registry):

  Note:  The role of the designated expert is = described in RFC 8447.
     The designated expert [RFC8126] = ensures that the specification is
     publicly available.  It is = sufficient to have an Internet-Draft
     (that is posted and never = published as an RFC) or a document from
     another standards body, = industry consortium, university site, etc.
     The expert may provide more = in-depth reviews, but their approval
     should not be taken as an = endorsement of the cipher suite.

which seems to push the Experts towards being pretty generous = about
approving = codepoint requests.  I would be surprised if #1 above was
controversial

As soon as it=E2=80=99s about national (or = =E2=80=9Cvanity=E2=80=9D) crypto, it becomes controversial. Even if it = isn=E2=80=99t, I=E2=80=99d like people=E2=80=99s opinions as to where to = draw the line.

(but, to be clear, would welcome a conversation with = the
experts if = needed; I'm not trying to force anyone's hand).

-Ben

= --Apple-Mail=_DDCE0649-E974-4B69-B9CC-A3643065245E-- From nobody Tue Oct 2 16:29:49 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ECEF1310B7 for ; Tue, 2 Oct 2018 16:29:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qAU5q_SSNbnm for ; Tue, 2 Oct 2018 16:29:45 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86ECD1310A7 for ; Tue, 2 Oct 2018 16:29:45 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 52D3820090; Tue, 2 Oct 2018 19:29:43 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id 159AC230F; Tue, 2 Oct 2018 19:29:44 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 11D25AA4; Tue, 2 Oct 2018 19:29:44 -0400 (EDT) From: Michael Richardson To: Dmitry Belyavsky cc: paul@nohats.ca, "saag\@ietf.org" In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 (fwd) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2018 23:29:47 -0000 --=-=-= Content-Type: text/plain Dmitry Belyavsky wrote: > One of the problems causing an interest of publishing national > standards as RFCs is the necessity to be registered in various IANA > registries (e.g. TLS ciphersuites identifiers) to use them for > national-wide purposes along with "first class" algorithms. If I understand what you are saying, you said it backwards. I think you are saying that national standards feel that they must publish as RFCs in order to be able to acquire IANA numbers for protocols. But, for IPsec, this certainly isn't true. https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml shows "Expert Review" for almost all values. That's a pretty low bar. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAluz/2cACgkQgItw+93Q 3WWlBAf+MC6Fe8uOb6GIOxD3dgejU77pBIm3Dp58fbM/9qAr1/OEm+wrunXLOfgo jenEWJyg/0Do21DPtQKDLvM/CtyyaexNPZBGu7bkFbV619UVqKZf5Wc2VyQXryaG P4XcdwrqCVUjeQfAfF7WaDPv88MI1PlwtkabvF2wv8f6h93XDAweWgyRKZKl5Cwq mu4pLZz6cj3VUKV9h6FlipT2AsMCKJPWQ0CUU+PuM29XUvE5CG5EPoy+8TYgw43f znmQ7zYSj3xj/XRr+rUZRGspLG4Qvm8GVHiw+erjZytP46mwqSGDLezsh7mC7E1v yCJb+AM6LRybxa0OeDo2IzDAu2ACww== =k4Bt -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Oct 2 17:06:28 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5DFC1310CA for ; Tue, 2 Oct 2018 17:06:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gL5sJSKpn012 for ; Tue, 2 Oct 2018 17:06:25 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4D331310A7 for ; Tue, 2 Oct 2018 17:06:24 -0700 (PDT) Received: from Jude (192.168.0.11) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 2 Oct 2018 17:01:41 -0700 From: Jim Schaad To: 'Yoav Nir' , 'Paul Wouters' CC: 'Security Area Advisory Group' References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> In-Reply-To: Date: Tue, 2 Oct 2018 17:06:14 -0700 Message-ID: <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_02AA_01D45A72.3BE0D930" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQLckIx/QcQNJRYO+cnoM5+nZDVk+QG/ptD6AenvBcai3uuXEA== Content-Language: en-us X-Originating-IP: [192.168.0.11] Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 00:06:28 -0000 ------=_NextPart_000_02AA_01D45A72.3BE0D930 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable =20 =20 From: saag On Behalf Of Yoav Nir Sent: Tuesday, October 2, 2018 3:03 PM To: Paul Wouters Cc: Security Area Advisory Group Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto = profiles - draft-jenkins-cnsa-cmc-profile-00 =20 =20 On 3 Oct 2018, at 0:36, Paul Wouters > wrote: =20 On Tue, 2 Oct 2018, Salz, Rich wrote: * (e.g. TLS ciphersuites identifiers) to use them for national-wide = purposes=20 * along with "first class" algorithms.=20 TLS has moved to =E2=80=9Cdoc required=E2=80=9D Not =E2=80=9CRFC = required.=E2=80=9D And added a column that says whether it is = =E2=80=9Crecommended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D This = seems like it will work out well. Similarly, for IKE/IPsec, the IANA registries are Expert Review, not = "RFC required=E2=80=9D =20 Right. So if SAAG (or the IESG) can guide the designated experts about = national crypto, that would be great. =20 Suppose (and this is just an example) the Russian government would like = to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has = an AEAD mode defined, so it can be used. They have several options: 1. They can publish a document on gostperevod.com = and ask IANA to register the Kuznyechik AEAD = in the TLS registries. 2. They can publish a draft (in addition to #1) and then ask IANA to = register the Kuznyechik AEAD in the TLS registry while asking the RFC = editor to publish. 3. The can publish on gostperevod.com and tell = everyone to squat on (0x13, 0x79) One of the other issues that can arise from doing #1 and not doing #2 is = that the version on #1 may not be in a widely understood language = whereas the version that would get published as a draft (or RFC) would = be in English. Jim =20 I think we can all agree that #3 is a bad outcome, but that is what they = will do if IANA won=E2=80=99t allocate identifiers. =20 IMO #1 is good enough, provided we can get guidance from SAAG or the = IESG to recommend such registration. =20 It should be noted that a line should be drawn somewhere. I think a = nation state with serious cryptographers such as Russia should get a = code point for its national crypto. I think someone who has come up = with a great new algorithm that he totally cannot break should not get a = code point. Somewhere between these two extremes the line should be = drawn. The question is where? =20 Yoav ------=_NextPart_000_02AA_01D45A72.3BE0D930 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

 

 

From: saag = <saag-bounces@ietf.org> On Behalf Of Yoav = Nir
Sent: Tuesday, October 2, 2018 3:03 PM
To: Paul = Wouters <paul@nohats.ca>
Cc: Security Area Advisory = Group <saag@ietf.org>
Subject: Re: [saag] Discuss at = SAAG? was Re: nation state crypto profiles - = draft-jenkins-cnsa-cmc-profile-00

 

 



On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> = wrote:

 

On = Tue, 2 Oct 2018, Salz, Rich wrote:


* =  (e.g. TLS ciphersuites identifiers) to use them for national-wide = purposes 
*  along with "first class" = algorithms. 
TLS has moved to =E2=80=9Cdoc = required=E2=80=9D  Not =E2=80=9CRFC required.=E2=80=9D  And = added a column that says whether it is =E2=80=9Crecommended=E2=80=9D or = =E2=80=9Cno comment.=E2=80=9D  This seems like it will work out = well.


Similarly, for = IKE/IPsec, the IANA registries are Expert Review, not "RFC = required=E2=80=9D

 

Right. = So if SAAG (or the IESG) can guide the designated experts about national = crypto, that would be great.

 

Suppose (and this is just an example) the Russian = government would like to use TLS 1.3 with the Kuznyechik cipher. = This is assuming that it has an AEAD mode defined, so it can be used. = They have several options:

  1. They can publish a document on gostperevod.com and ask IANA to = register the Kuznyechik AEAD in the TLS registries.
  2. They can publish a draft (in addition to #1) and then ask = IANA to register the Kuznyechik AEAD in the TLS registry while asking = the RFC editor to publish.
  3. The can publish on gostperevod.com and tell = everyone to squat on (0x13, 0x79)

One of the other issues that can arise from = doing #1 and not doing #2 is that the version on #1 may not be in a = widely understood language whereas the version that would get published = as a draft (or RFC) would be in English.

Jim

 

I think we can all agree that #3 is a bad outcome, but = that is what they will do if IANA won=E2=80=99t allocate = identifiers.

 

IMO #1 is good enough, provided we can get guidance = from SAAG or the IESG to recommend such = registration.

 

It should be noted that a line should be drawn = somewhere. I think a nation state with serious cryptographers such as = Russia should get a code point for its national crypto.  I think = someone who has come up with a great new algorithm that he totally = cannot break should not get a code point. Somewhere between these two = extremes the line should be drawn. The question is = where?

 

Yoav

------=_NextPart_000_02AA_01D45A72.3BE0D930-- From nobody Tue Oct 2 19:37:27 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C02A61311B9 for ; Tue, 2 Oct 2018 19:37:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.399 X-Spam-Level: X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KXC1C5_pqxg1 for ; Tue, 2 Oct 2018 19:37:24 -0700 (PDT) Received: from mail-oi1-f177.google.com (mail-oi1-f177.google.com [209.85.167.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42AFD131181 for ; Tue, 2 Oct 2018 19:37:24 -0700 (PDT) Received: by mail-oi1-f177.google.com with SMTP id s69-v6so3260999oie.10 for ; Tue, 02 Oct 2018 19:37:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=a+fKSmR7d5L/T5fbzmSBEmyYQ9KFk9RKGnJhmXG3x90=; b=BhTB19PPTHC4wa+JQrIOJu4zj0C+Vdcxi0vc8pVeBP5OBiUAZ6bTbxts3Ue6t0y5bC DcSEgqw8k9lfSzPZLjzSQnciw30LA3Hgw7mQWz9JMBbT8Y+oQgXMlw5d8JZm2XPtpkjL eUS7wm+652WbZQV0HBZgCbCb7aDpJGkow10l1S5zGFl7EeLH/nTMcKOcznltsBg3fprq n+EF2J4Fy1Lu025xQoyTOcL5RGkH7wvMyeitm1kdLwP/HPawQeaQ5Q0KecOy5AFkQDOu mdd6VsYm2Sq56pW736SzG/k63h5q/GUVcTBvDcO6Dg8hB8CdfwfvpIst89hrN0CWXNYI yODw== X-Gm-Message-State: ABuFfoi3I9nnOuMV934Cuq50GXtrWzcURxwUHRZfSy9GXOlcL6XwaB2O dAswdW6PhBicqYBU63VQPo4VQzt/F8Unxn64lBCLKA== X-Google-Smtp-Source: ACcGV61FW9gHyYnpVkeCuePU2Zkqshhsj6nQGTu5lMYfs3dbr+62X7N1gK7hpkHHYqyWzyNdmG9iog/PI4bfCAR6D2A= X-Received: by 2002:aca:f4c2:: with SMTP id s185-v6mr8868473oih.245.1538534243127; Tue, 02 Oct 2018 19:37:23 -0700 (PDT) MIME-Version: 1.0 From: Phillip Hallam-Baker Date: Tue, 2 Oct 2018 22:37:13 -0400 Message-ID: To: saag@ietf.org Content-Type: multipart/alternative; boundary="000000000000095747057749eb9f" Archived-At: Subject: [saag] Using Ed25519 / Ed448 for encryption X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 02:37:26 -0000 --000000000000095747057749eb9f Content-Type: text/plain; charset="UTF-8" OK, so why would someone want to do this when we have the Montgomery curves? There are two answers. First, if there is going to be crypto accelerator hardware, VLSI fabs are likely to want to have one coprocessor for one algorithm rather than two. Second, the meta-cryptographic techniques I am using in the Mesh don't work using the Montgomery ladder approach. I need to be able to add arbitrary points. So to use the CurveX implementations, I would have to convert the points to Edwards, add and convert back. For the Mesh, I am just using Ed448 for both. But I am going to have to start thinking about other applications soon. Should I write a draft describing how to convert between the curves with some test vectors or a draft on my approach to using Ed448 for key agreement? --000000000000095747057749eb9f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
OK,= so why would someone want to do this when we have the Montgomery curves? T= here are two answers.=C2=A0

First, if there is going to be crypto accelerator hardware, VLSI fabs ar= e likely to want to have one coprocessor for one algorithm rather than two.= =C2=A0

Second, the meta-c= ryptographic techniques I am using in the Mesh don't work using the Mon= tgomery ladder approach. I need to be able to add arbitrary points. So to u= se the CurveX implementations, I would have to convert the points to Edward= s, add and convert back.

= For the Mesh, I am just using Ed448 for both. But I am going to have to sta= rt thinking about other applications soon.=C2=A0

Should I write a draft describing how to convert be= tween the curves with some test vectors or a draft on my approach to using = Ed448 for key agreement?

--000000000000095747057749eb9f-- From nobody Tue Oct 2 21:16:37 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02B051311F3 for ; Tue, 2 Oct 2018 21:16:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0l9SzzocjK3 for ; Tue, 2 Oct 2018 21:16:31 -0700 (PDT) Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 466C9131197 for ; Tue, 2 Oct 2018 21:16:31 -0700 (PDT) Received: by mail-wr1-x42e.google.com with SMTP id 61-v6so3731580wrb.6 for ; Tue, 02 Oct 2018 21:16:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=6iCXk8Dgx/RFqUGIuwpHIcVHEFQeZarYXmqU3cahhdY=; b=D13LV/ZvpLF1LaWns4ihPDA/RmagIu5cX0vl79g2jzV6/uoFEKEQcuNW2B1PBorZtK niC0JjhJddTNJPN/HqlFSizsiVfycTSfHYA+Fa/WP6VfU4pySCOlk5eBGiP94o60YxOH YS3lrHVnpTsjT1AIginOOhi51IW+TKbRv6FmknHv7kU0GLXjdgR5B2kb/ow094AaiKDx unsD4wQdcErIyH/yFiLWKGjwjzQkh0smADEmOlGISdNS0ISmbSl2S8lZTlR2xrD6QFkq 7xkEcT6ab0J8OUTWwZR9hkpDuvBN0rXq64S2XMGYNv/Ed0hdF+U++/8FokhvuQ3Fnkpi OTlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=6iCXk8Dgx/RFqUGIuwpHIcVHEFQeZarYXmqU3cahhdY=; b=K/KEpbPPLdZItPJOdEyEaKIyVQyovwLQnzv+LgqN/Rf4uj69SzLFWuZkUgCnuLX7N1 aCkXUzwyLt3AZoLLievHL0A00aDfabwqijsTx5uly+6+97woRZpR0PcBoRc3MOj6zy+o bhUAosYfMLwFQdNDk4IKPRks95iePdVT1ahOwExRJwUyctUxlro4m4eJDJ7LTi+ERZcS bSqCXi7loNNdTgqAnOJEWqLeg2k6Su0rqexGb791m3xgEcrghxBH3kgpYHthTPYPXkm7 oKSi0knJCcDi9xInLESc0F9O0SFqkhIasR2Kg8wf1vtfaJaOfNq+7Iu5l55O0BsNqRNQ yaNg== X-Gm-Message-State: ABuFfojd+M/5L63wRbgmt8NbWpJRkX4BKbSgb8e2Citzv8DsqbrvIYHO 1jiOGxFT2M7Tiqiic7VUBry42+1m X-Google-Smtp-Source: ACcGV61eB+XrHkugRvE4A+6J5fLMj4RGgQeQrhUnvj7CR8kJ9A0DUyy+KtOrbouH0x2OpYNWjI7lZw== X-Received: by 2002:a5d:4e0a:: with SMTP id p10-v6mr13122442wrt.320.1538540189550; Tue, 02 Oct 2018 21:16:29 -0700 (PDT) Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id q200-v6sm15734197wmd.2.2018.10.02.21.16.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Oct 2018 21:16:28 -0700 (PDT) From: Yoav Nir Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_2D98CF63-1B4C-4B89-BF6B-EDC2B826E4EF" Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Date: Wed, 3 Oct 2018 07:16:26 +0300 In-Reply-To: <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> Cc: Paul Wouters , Security Area Advisory Group To: Jim Schaad References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> X-Mailer: Apple Mail (2.3445.100.39) Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 04:16:34 -0000 --Apple-Mail=_2D98CF63-1B4C-4B89-BF6B-EDC2B826E4EF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On 3 Oct 2018, at 3:06, Jim Schaad wrote: =20 =20 From: saag > On = Behalf Of Yoav Nir Sent: Tuesday, October 2, 2018 3:03 PM To: Paul Wouters > Cc: Security Area Advisory Group > Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto = profiles - draft-jenkins-cnsa-cmc-profile-00 =20 =20 > On 3 Oct 2018, at 0:36, Paul Wouters > wrote: > =20 > On Tue, 2 Oct 2018, Salz, Rich wrote: >=20 >=20 >> * (e.g. TLS ciphersuites identifiers) to use them for national-wide = purposes=20 >> * along with "first class" algorithms.=20 >> TLS has moved to =E2=80=9Cdoc required=E2=80=9D Not =E2=80=9CRFC = required.=E2=80=9D And added a column that says whether it is = =E2=80=9Crecommended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D This = seems like it will work out well. >=20 > Similarly, for IKE/IPsec, the IANA registries are Expert Review, not = "RFC required=E2=80=9D =20 Right. So if SAAG (or the IESG) can guide the designated experts about = national crypto, that would be great. =20 Suppose (and this is just an example) the Russian government would like = to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has = an AEAD mode defined, so it can be used. They have several options: They can publish a document on gostperevod.com = and ask IANA to register the Kuznyechik AEAD in the TLS registries. They can publish a draft (in addition to #1) and then ask IANA to = register the Kuznyechik AEAD in the TLS registry while asking the RFC = editor to publish. The can publish on gostperevod.com and tell = everyone to squat on (0x13, 0x79) One of the other issues that can arise from doing #1 and not doing #2 is = that the version on #1 may not be in a widely understood language = whereas the version that would get published as a draft (or RFC) would = be in English. They still need to ask IANA for an assignment, and IANA would refer it = to the designated experts. Those designated experts (Rich, Nick, and I = for TLS) can enforce that the document is available in English. In fact, = without requiring this, they could slip a chapter of War and Peace by us = and it would get an IANA code point.=20 It=E2=80=99s not like getting a document past the ISE makes it = well-reviewed. How much review did RFC 7801 get? It=E2=80=99s in = English and technical looking. We can enforce that. Yoav --Apple-Mail=_2D98CF63-1B4C-4B89-BF6B-EDC2B826E4EF Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On 3 Oct 2018, at 3:06, = Jim Schaad <ietf@augustcellars.com> wrote:

 
 
From: saag <saag-bounces@ietf.org> On Behalf = Of Yoav Nir
Sent: Tuesday, October 2, 2018 = 3:03 PM
To: Paul Wouters <paul@nohats.ca>
Cc: Security Area Advisory = Group <saag@ietf.org>
Subject: Re: [saag] Discuss at SAAG? = was Re: nation state crypto profiles - = draft-jenkins-cnsa-cmc-profile-00
 
 


On 3 Oct 2018, at 0:36, Paul Wouters = <paul@nohats.ca> = wrote:
 
On Tue, 2 Oct 2018, Salz, = Rich wrote:


*  (e.g. TLS ciphersuites identifiers) to use them for = national-wide purposes 
*  along with "first = class" algorithms. 
TLS has moved to =E2=80=9Cdoc = required=E2=80=9D  Not =E2=80=9CRFC required.=E2=80=9D  And = added a column that says whether it is =E2=80=9Crecommended=E2=80=9D or = =E2=80=9Cno comment.=E2=80=9D  This seems like it will work out = well.

Similarly, for IKE/IPsec, the IANA registries = are Expert Review, not "RFC required=E2=80=9D
 
Right. So if SAAG (or the = IESG) can guide the designated experts about national crypto, that would = be great.
 
Suppose (and this is just an example) the Russian government = would like to use TLS 1.3 with the Kuznyechik cipher. This is = assuming that it has an AEAD mode defined, so it can be used. They have = several options:
  1. They can publish a document = on gostperevod.com and ask = IANA to register the Kuznyechik AEAD in the TLS registries.
  2. They can = publish a draft (in addition to #1) and then ask IANA to register the = Kuznyechik AEAD in the TLS registry while asking the RFC editor to = publish.
  3. The can publish on gostperevod.com and = tell everyone to squat on (0x13, 0x79)
One of the other issues that can arise from doing #1 = and not doing #2 is that the version on #1 may not be in a widely = understood language whereas the version that would get published as a = draft (or RFC) would be in = English.

They still need to ask IANA for an assignment, and IANA would = refer it to the designated experts. Those designated experts (Rich, = Nick, and I for TLS) can enforce that the document is available in = English. In fact, without requiring this, they could slip a chapter of = War and Peace by us and it would get an IANA code point. 

It=E2=80=99s not like = getting a document past the ISE makes it well-reviewed. How much review = did RFC 7801 get?  It=E2=80=99s in English and technical looking. = We can enforce that.

Yoav

= --Apple-Mail=_2D98CF63-1B4C-4B89-BF6B-EDC2B826E4EF-- From nobody Tue Oct 2 21:23:24 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 289FF131203 for ; Tue, 2 Oct 2018 21:23:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.299 X-Spam-Level: X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDA2_pZDs5mC for ; Tue, 2 Oct 2018 21:23:19 -0700 (PDT) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 145261311D3 for ; Tue, 2 Oct 2018 21:23:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1538540597; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=UtZnGk3PToN6sWdCFrfMrAH7RIN2HTb+y1aQujo24p8=; b=Vi3faorBueiY/i/2YuheStfGA7BNHISErfKIuEdrU/GunuCdJsZPD909UUOqKWne 5P0/1V9xPg1oiAKwoqXEE+nmJGzEeBxAdNiE9zDEgIR2XQa9otWWML8gyR8ZnH5j mT6t/RcKcbZrlhq9cWXW9ltgky6EpVzuL6KzgPAoa18=; X-AuditID: c1b4fb3a-395ff70000003197-fd-5bb44435e0ec Received: from ESESSMB504.ericsson.se (Unknown_Domain [153.88.183.122]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id DF.46.12695.53444BB5; Wed, 3 Oct 2018 06:23:17 +0200 (CEST) Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 3 Oct 2018 06:23:16 +0200 Received: from nomadiclab.fi.eu.ericsson.se (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.192) with Microsoft SMTP Server id 15.1.1466.3 via Frontend Transport; Wed, 3 Oct 2018 06:23:16 +0200 Received: from nomadiclab.fi.eu.ericsson.se (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id D1404480A17; Wed, 3 Oct 2018 07:23:16 +0300 (EEST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 8ED59480460; Wed, 3 Oct 2018 07:23:16 +0300 (EEST) To: Phillip Hallam-Baker , References: From: Mohit Sethi Message-ID: <0f1bbd14-455b-c471-d322-28b385c76bd9@ericsson.com> Date: Wed, 3 Oct 2018 07:23:16 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------4E814BF131077E8E0879EE75" Content-Language: en-US X-AV-Checked: ClamAV using ClamSMTP X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupikeLIzCtJLcpLzFFi42KZGbG9StfUZUu0wbV7PBYTP8xmtJjS38nk wORxYfVXJo8lS34yBTBFcdmkpOZklqUW6dslcGVcfXiFqWCDWsXdzhtsDYzz5LoYOTkkBEwk nl9YyN7FyMUhJHCUUWLLrHZWCOcro8STD4+hMhcYJT62rWQGaRES2MwoMW2HEURiIaPEu7Nb GEESwgIWEmsvLAIrEhFwlPh2eRrQKA6gogCJb99KQMJsAnoSneeOg5XwCthLXD93GKyVRUBF YvLurawgtqhAhMTq5S9YIWoEJU7OfMICYnMKBEpsXL4NzGYWCJO4tqGbGcIWl7j1ZD4TxDvK EgtaFjFC3KkusbXjAOMERuFZSEbNQtI+C0k7hG0hMXP+eUYIW15i+9s5UDUaEq1z5rLDxJu3 zmZewMi+ilG0OLW4ODfdyEgvtSgzubg4P08vL7VkEyMwhg5u+W21g/Hgc8dDjAIcjEo8vIF6 W6KFWBPLiitzDzFKcDArifD2JW6OFuJNSaysSi3Kjy8qzUktPsQozcGiJM7rlGYRJSSQnliS mp2aWpBaBJNl4uCUamCcK/og+tTkLJeNbyu2r1XYe+j30wev5RYKb2kpuDL96QztbbNblx26 OZlX2UFk2fXs7lsODmqass6rrqyZ/eEHy8UZK38qhV69PT0kaOrJv69b/q//ffHNi2Rn36kC pQ8dju5bVrxNsGar0ramE5xWu93+uqw2WWTz89KvWktmtaRHu9OdZG+sXqvEUpyRaKjFXFSc CAByjFwlnQIAAA== Archived-At: Subject: Re: [saag] Using Ed25519 / Ed448 for encryption X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 04:23:23 -0000 --------------4E814BF131077E8E0879EE75 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit FYI: https://tools.ietf.org/html/draft-struik-lwig-curve-representations-02 "specifies how to represent Montgomery curves and (twisted) Edwards curves as curves in short-Weierstrass form and illustrates how this can be used to implement elliptic curve computations using existing implementations that already implement, e.g., ECDSA and ECDH using NIST prime curves." --Mohit On 10/03/2018 05:37 AM, Phillip Hallam-Baker wrote: > OK, so why would someone want to do this when we have the Montgomery > curves? There are two answers. > > First, if there is going to be crypto accelerator hardware, VLSI fabs > are likely to want to have one coprocessor for one algorithm rather > than two. > > Second, the meta-cryptographic techniques I am using in the Mesh don't > work using the Montgomery ladder approach. I need to be able to add > arbitrary points. So to use the CurveX implementations, I would have > to convert the points to Edwards, add and convert back. > > For the Mesh, I am just using Ed448 for both. But I am going to have > to start thinking about other applications soon. > > Should I write a draft describing how to convert between the curves > with some test vectors or a draft on my approach to using Ed448 for > key agreement? > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag --------------4E814BF131077E8E0879EE75 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 8bit

FYI:

https://tools.ietf.org/html/draft-struik-lwig-curve-representations-02

"specifies how to represent Montgomery curves and (twisted) Edwards curves as curves in short-Weierstrass form and illustrates how this can be used to implement elliptic curve computations using existing implementations that already implement, e.g., ECDSA and ECDH using NIST prime curves."

--Mohit
On 10/03/2018 05:37 AM, Phillip Hallam-Baker wrote:
OK, so why would someone want to do this when we have the Montgomery curves? There are two answers. 

First, if there is going to be crypto accelerator hardware, VLSI fabs are likely to want to have one coprocessor for one algorithm rather than two. 

Second, the meta-cryptographic techniques I am using in the Mesh don't work using the Montgomery ladder approach. I need to be able to add arbitrary points. So to use the CurveX implementations, I would have to convert the points to Edwards, add and convert back.

For the Mesh, I am just using Ed448 for both. But I am going to have to start thinking about other applications soon. 

Should I write a draft describing how to convert between the curves with some test vectors or a draft on my approach to using Ed448 for key agreement?



_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

--------------4E814BF131077E8E0879EE75-- From nobody Tue Oct 2 22:04:50 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D921E1311D3 for ; Tue, 2 Oct 2018 22:04:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id voTIkvipaOVO for ; Tue, 2 Oct 2018 22:04:46 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 612BD1311B3 for ; Tue, 2 Oct 2018 22:04:45 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 2 Oct 2018 21:59:56 -0700 From: Jim Schaad To: 'Yoav Nir' CC: 'Paul Wouters' , 'Security Area Advisory Group' References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> In-Reply-To: Date: Tue, 2 Oct 2018 22:04:27 -0700 Message-ID: <02cb01d45ad6$9165dc20$b4319460$@augustcellars.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_02CC_01D45A9B.E5081590" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQLckIx/QcQNJRYO+cnoM5+nZDVk+QG/ptD6AenvBcYBsoA/VwIrBeP+osBSznA= Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 05:04:49 -0000 ------=_NextPart_000_02CC_01D45A9B.E5081590 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable =20 =20 From: Yoav Nir =20 Sent: Tuesday, October 2, 2018 9:16 PM To: Jim Schaad Cc: Paul Wouters ; Security Area Advisory Group = Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto = profiles - draft-jenkins-cnsa-cmc-profile-00 =20 =20 =20 On 3 Oct 2018, at 3:06, Jim Schaad > wrote: =20 =20 =20 From: saag < saag-bounces@ietf.org> On = Behalf Of Yoav Nir Sent: Tuesday, October 2, 2018 3:03 PM To: Paul Wouters < paul@nohats.ca> Cc: Security Area Advisory Group < saag@ietf.org> Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto = profiles - draft-jenkins-cnsa-cmc-profile-00 =20 =20 On 3 Oct 2018, at 0:36, Paul Wouters < = paul@nohats.ca> wrote: =20 On Tue, 2 Oct 2018, Salz, Rich wrote: * (e.g. TLS ciphersuites identifiers) to use them for national-wide = purposes=20 * along with "first class" algorithms.=20 TLS has moved to =E2=80=9Cdoc required=E2=80=9D Not =E2=80=9CRFC = required.=E2=80=9D And added a column that says whether it is = =E2=80=9Crecommended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D This = seems like it will work out well. Similarly, for IKE/IPsec, the IANA registries are Expert Review, not = "RFC required=E2=80=9D =20 Right. So if SAAG (or the IESG) can guide the designated experts about = national crypto, that would be great. =20 Suppose (and this is just an example) the Russian government would like = to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has = an AEAD mode defined, so it can be used. They have several options: 1. They can publish a document on = gostperevod.com and ask IANA to register the Kuznyechik AEAD in the TLS = registries. 2. They can publish a draft (in addition to #1) and then ask IANA to = register the Kuznyechik AEAD in the TLS registry while asking the RFC = editor to publish. 3. The can publish on gostperevod.com and = tell everyone to squat on (0x13, 0x79) One of the other issues that can arise from doing #1 and not doing #2 is = that the version on #1 may not be in a widely understood language = whereas the version that would get published as a draft (or RFC) would = be in English. =20 They still need to ask IANA for an assignment, and IANA would refer it = to the designated experts. Those designated experts (Rich, Nick, and I = for TLS) can enforce that the document is available in English. In fact, = without requiring this, they could slip a chapter of War and Peace by us = and it would get an IANA code point.=20 =20 It=E2=80=99s not like getting a document past the ISE makes it = well-reviewed. How much review did RFC 7801 get? It=E2=80=99s in = English and technical looking. We can enforce that. =20 And it was implemented, the test vectors checked and a rough check was = done that the supplied Russian version matched the English version. = That=E2=80=99s more that I would normally expect from a designated = expert =20 jim =20 Yoav =20 ------=_NextPart_000_02CC_01D45A9B.E5081590 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

 

 

From: Yoav = Nir <ynir.ietf@gmail.com>
Sent: Tuesday, October 2, = 2018 9:16 PM
To: Jim Schaad = <ietf@augustcellars.com>
Cc: Paul Wouters = <paul@nohats.ca>; Security Area Advisory Group = <saag@ietf.org>
Subject: Re: [saag] Discuss at SAAG? was = Re: nation state crypto profiles - = draft-jenkins-cnsa-cmc-profile-00

 

 

 

On 3 = Oct 2018, at 3:06, Jim Schaad <ietf@augustcellars.com> = wrote:

 

 

 

From: saag <saag-bounces@ietf.org> On Behalf Of Yoav = Nir
Sent: Tuesday, October 2, 2018 3:03 = PM
To: Paul = Wouters <paul@nohats.ca>
Cc: Security Area Advisory Group = <saag@ietf.org>
Subject: Re: [saag] Discuss at = SAAG? was Re: nation state crypto profiles - = draft-jenkins-cnsa-cmc-profile-00

 

 




On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> = wrote:

 

On Tue, 2 Oct 2018, Salz, Rich = wrote:



*  (e.g. TLS ciphersuites identifiers) to use = them for national-wide purposes 
*  along with "first = class" algorithms. 
TLS has moved to =E2=80=9Cdoc = required=E2=80=9D  Not =E2=80=9CRFC required.=E2=80=9D  And = added a column that says whether it is =E2=80=9Crecommended=E2=80=9D or = =E2=80=9Cno comment.=E2=80=9D  This seems like it will work out = well.


Similarly, for IKE/IPsec, the IANA registries are = Expert Review, not "RFC = required=E2=80=9D

 

Right. So if SAAG (or the IESG) can guide the = designated experts about national crypto, that would be = great.

 

Suppose (and this is just an example) the Russian = government would like to use TLS 1.3 with the Kuznyechik cipher. = This is assuming that it has an AEAD mode defined, so it can be used. = They have several options:

  1. They can publish a document on gostperevod.com and ask IANA to = register the Kuznyechik AEAD in the TLS registries.
  2. They can publish a = draft (in addition to #1) and then ask IANA to register the Kuznyechik = AEAD in the TLS registry while asking the RFC editor to = publish.
  3. The can publish on gostperevod.com and tell everyone = to squat on (0x13, 0x79)

One of the other issues = that can arise from doing #1 and not doing #2 is that the version on #1 = may not be in a widely understood language whereas the version that = would get published as a draft (or RFC) would be in = English.

 

They = still need to ask IANA for an assignment, and IANA would refer it to the = designated experts. Those designated experts (Rich, Nick, and I for TLS) = can enforce that the document is available in English. In fact, without = requiring this, they could slip a chapter of War and Peace by us and it = would get an IANA code point. 

 

It=E2=80=99s not like getting a document past the ISE = makes it well-reviewed. How much review did RFC 7801 get? =  It=E2=80=99s in English and technical looking. We can enforce = that.

 

And it was implemented, = the test vectors checked and a rough check was done that the supplied = Russian version matched the English version.=C2=A0 That=E2=80=99s more = that I would normally expect from a designated = expert

 

jim

 

Yoav

 

------=_NextPart_000_02CC_01D45A9B.E5081590-- From nobody Wed Oct 3 06:31:10 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2EB4131286 for ; Wed, 3 Oct 2018 06:31:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UveDAtDPSZD3 for ; Wed, 3 Oct 2018 06:31:06 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F330131282 for ; Wed, 3 Oct 2018 06:31:06 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id C92CE20090; Wed, 3 Oct 2018 09:31:03 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id 9EAAF230D; Wed, 3 Oct 2018 09:31:04 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 9BE071053; Wed, 3 Oct 2018 09:31:04 -0400 (EDT) From: Michael Richardson To: Yoav Nir cc: Jim Schaad , Paul Wouters , Security Area Advisory Group In-Reply-To: References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 13:31:09 -0000 --=-=-= Content-Type: text/plain Yoav Nir wrote: > They still need to ask IANA for an assignment, and IANA would refer it > to the designated experts. Those designated experts (Rich, Nick, and I > for TLS) can enforce that the document is available in English. In Why would you insist on this? If the community wanted Specification Required, wouldn't we have said that, rather than Expert Review? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlu0xJgACgkQgItw+93Q 3WUdswf/R4YzlaSGotoVseq+Vcc5WvA9qrwdHj6OS7vm18wqfBhRt25jmBJoEips 4IDMEPk/ehS87rXKjk7Sgw+9mT4WKHxRUMlAoyC5TA3Q6McIHJXRY3wKpU45n9hv gqafsIaEIvIRD+/A4kDAc2V+DkqDH1JhPUgAnPO/XGhihR/bjxZV/p40m3yR2MqP Gq1gU7gR4KIIxBAybSgDXw+Xd7tHgGSLkWHBcwPfSzjQ+O5FRvY9XK/oLItHlPMy kTWgnVPwPszdjQ7znx6jMMI+53ApNbFcX3AOJI41Xx7S73xUEZ0/5cSgu4urfwhg 2Btbp9r3n285SCnFXNQTiK4VZ08JWA== =aMa3 -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Oct 3 08:45:17 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02B831312C3 for ; Wed, 3 Oct 2018 08:45:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.157 X-Spam-Level: X-Spam-Status: No, score=-3.157 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcxKC4r-RRut for ; Wed, 3 Oct 2018 08:45:14 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 236111312E8 for ; Wed, 3 Oct 2018 08:45:13 -0700 (PDT) Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w93FgWeJ017045; Wed, 3 Oct 2018 16:45:12 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=lGyErCmZPdOSyd9aF0zAlh9vsROGNsAqIHwBytW+A1o=; b=LK8dXazZW/s4qvYHCKTToP5JvYKL395NX6XAE81iitKdJ5xQkrYvPm1HVxDPWblmozbO tSBs7MCyX8w04gDpJRE8JIehPkA0WtMANg5D0HbKEynaq3L+44BHxLPjXf5iTfQe5w3s nCX2ymPIK0pWAVWzq3C2BwR0jCGEtALJI564EvgtyeQKsOsV611SeZNgyX1okyKJnL7X zeHjNzBqWFJDsLVPtITtW9XnzUWXb3Ox8/ndMlaaY9LR8gRGI1aJE4qWjshezMNCiu3n K2QH5FhvaEM3Tc9C11HA3MRLq6x6SZ0GStoD0lgjvT/zBOSqELM01TLYU2vJ4X6hMg9/ /A== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050096.ppops.net-00190b01. with ESMTP id 2mvguf2xap-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Oct 2018 16:45:12 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w93FZCx2003296; Wed, 3 Oct 2018 11:45:12 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint1.akamai.com with ESMTP id 2mt4raua99-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 03 Oct 2018 11:45:12 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Wed, 3 Oct 2018 11:45:10 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Wed, 3 Oct 2018 11:45:10 -0400 From: "Salz, Rich" To: Michael Richardson , Yoav Nir CC: Paul Wouters , Security Area Advisory Group Thread-Topic: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 Thread-Index: AQHUWo2VH6xkljVOnEapGM4dLA+20qUMvd8AgAAHa4CAACJ0AIAARegAgACa9wD//+JogA== Date: Wed, 3 Oct 2018 15:45:09 +0000 Message-ID: <56BAE3F9-C5EC-47C7-9478-87445D973F62@akamai.com> References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> <14967.1538573464@localhost> In-Reply-To: <14967.1538573464@localhost> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.11.0.180909 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.34.126] Content-Type: text/plain; charset="utf-8" Content-ID: <4CAA8AF0851BFC45B904D73E4B15ED7D@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-03_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=787 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810030150 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-03_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=779 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810030151 Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 15:45:16 -0000 PiAgICBJZiB0aGUgY29tbXVuaXR5IHdhbnRlZCBTcGVjaWZpY2F0aW9uIFJlcXVpcmVkLCB3b3Vs ZG4ndCB3ZSBoYXZlIHNhaWQgdGhhdCwNCiAgICByYXRoZXIgdGhhbiBFeHBlcnQgUmV2aWV3Pw0K ICANCkJlY2F1c2UgaXQgaXMgdGhlIHZpZXcgb2YgdGhlIGN1cnJlbnQgc2V0IG9mIGV4cGVydHMs IGF0IGxlYXN0LCB0aGF0IGEgc3BlY2lmaWNhdGlvbiBuZWVkcyB0byBiZSBhdmFpbGFibGUuDQoN Cg== From nobody Wed Oct 3 10:02:02 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8A5A127148 for ; Wed, 3 Oct 2018 10:02:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9wTEvT1OXyHz for ; Wed, 3 Oct 2018 10:01:59 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5D46124BE5 for ; Wed, 3 Oct 2018 10:01:58 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 42QMkW48FnzCxk; Wed, 3 Oct 2018 19:01:55 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1538586115; bh=hiGgHXdJc/pfKR2Qe/YWFmTBTLce+ckT/yXHgHs31I4=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=GrczcPxnKaAb8M0EoVm1pcZXNLlFcWKCDO2Lv9NZE1U0ldYxl5k2UtcAxpd1VH+jR xEyWtJQed6u7hSShoAzY/LNEEOxjisn+fWWxTgQmsLY81wFmTnQ+OwjZ+t3cnYy+cd nV/jSZj/uDqVPwe5PSoyaKj+ZaU2mzs99BBTPl4E= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id MdJD2riPgkCC; Wed, 3 Oct 2018 19:01:54 +0200 (CEST) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 3 Oct 2018 19:01:54 +0200 (CEST) Received: by bofh.nohats.ca (Postfix, from userid 1000) id A671B3797AF; Wed, 3 Oct 2018 13:01:53 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca A671B3797AF Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 9E97C402E531; Wed, 3 Oct 2018 13:01:53 -0400 (EDT) Date: Wed, 3 Oct 2018 13:01:53 -0400 (EDT) From: Paul Wouters To: "Salz, Rich" cc: Michael Richardson , Yoav Nir , Security Area Advisory Group In-Reply-To: <56BAE3F9-C5EC-47C7-9478-87445D973F62@akamai.com> Message-ID: References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> <14967.1538573464@localhost> <56BAE3F9-C5EC-47C7-9478-87445D973F62@akamai.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 17:02:01 -0000 On Wed, 3 Oct 2018, Salz, Rich wrote: >> If the community wanted Specification Required, wouldn't we have said that, > rather than Expert Review? > > Because it is the view of the current set of experts, at least, that a specification needs to be available. Is there a way to say 'specification required and expert review' ? This is not the same as 'RFC required' because it could be a non-IETF crypto algorithm specified elsewhere in a national publication. Note that this is a little off-topic. I am fine (up to a point) for assigning code points to national algorithms as long as we have code points. It is the "recommendations" for "suites" that I have a problem with. I do not want the IETF to recommend any crypto other than via CFRG. Paul From nobody Wed Oct 3 10:34:01 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18CC2126CB6 for ; Wed, 3 Oct 2018 10:33:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QuwraBTuxYzp for ; Wed, 3 Oct 2018 10:33:56 -0700 (PDT) Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 203EE127148 for ; Wed, 3 Oct 2018 10:33:56 -0700 (PDT) Received: by mail-wr1-x432.google.com with SMTP id d2-v6so2626760wro.7 for ; Wed, 03 Oct 2018 10:33:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=vVXxyy4JvQHJEDAje3RqcbgGLYBQtaXWkKvmgemF2ZY=; b=NzdBdETYgvE98FETR/JvHIgq7VVFRXJ0+m3TzC244Nt8QSQ7a0D+WmvglOwjBjNTeM oBljBF00pycqqgwFlZL3Y0wXjL8pixbyNIS4vR+r2Sx7+ZfqAbhhnZp2nilzcJQT8ZXJ lo/KjGfSphU6GU+abPAepjBcYKAT00vfeZOPaxv/2y9CiIEcElSQ9NyMvqFc15im3nUi Kyxn4n/r2YpJgH01STUZ2bsaXpYahiFzrumPz4GFFb43jK7uSqb+Uy9/rwjO1HwakDgi DOC47W7zJrooedl0cYb8EcXfV1gxa00afqkTGPHQX+PNniwQMqW09ZQOdbpVqJ3A2GYF 7IMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=vVXxyy4JvQHJEDAje3RqcbgGLYBQtaXWkKvmgemF2ZY=; b=uIZScka8PjdTd9Zubal7vv3746KVg+7dO1hlpFttrPovmpRdGhRNTK9vB4+g4cbd5y BmlDYURF6ppphVCnwBJwmHQGyxwRBEZ+hpVtEDo91fFO26OiLdmlukS7ihBvCU/pYApZ 6XXD4ViYSz4ulAF0Ve/uWM+yN9cNqs6mQnrABziweoEFe7orEMGzEpn1fCt6+NOWuDsf ls5B8APz2OQx0MIwnDPDBf+NKOhJZ8qDfz2OQmZlDZWfRmPQgQ8Z/gMcXJeepxamdzlv ZLleENSqf0z1Q4KIQkVCZW4V1ZEKzsc2b7YzrPFSoZtV+Til0ZvFX9x8EEKuA6287P2R ig/Q== X-Gm-Message-State: ABuFfojRQS9zShPR0drNuV4mn8+pcDOh1bsqfJ0ABEW2fKkPiF/R30Vz mXt5C8R1WbYo8XUMExjUg647zoI/ X-Google-Smtp-Source: ACcGV63SD0M3ocm0W3cVudBDZ7qN1bp+5xflxXDa/CgSws1iSbD469OFJ9WuvczjQNjDDaE4YGmfLQ== X-Received: by 2002:a5d:56cb:: with SMTP id m11-v6mr2041418wrw.58.1538588034540; Wed, 03 Oct 2018 10:33:54 -0700 (PDT) Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id t2-v6sm2772024wrr.7.2018.10.03.10.33.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Oct 2018 10:33:53 -0700 (PDT) From: Yoav Nir Message-Id: <4EEE84CD-1896-411D-9669-1461B7EB9852@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_A0D916A1-EE0F-47B6-9612-80485F5ECCA1" Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Date: Wed, 3 Oct 2018 20:33:51 +0300 In-Reply-To: Cc: Rich Salz , Michael Richardson , Security Area Advisory Group To: Paul Wouters References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> <14967.1538573464@localhost> <56BAE3F9-C5EC-47C7-9478-87445D973F62@akamai.com> X-Mailer: Apple Mail (2.3445.100.39) Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 17:33:59 -0000 --Apple-Mail=_A0D916A1-EE0F-47B6-9612-80485F5ECCA1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 3 Oct 2018, at 20:01, Paul Wouters wrote: >=20 > On Wed, 3 Oct 2018, Salz, Rich wrote: >=20 >>> If the community wanted Specification Required, wouldn't we have = said that, >> rather than Expert Review? >>=20 >> Because it is the view of the current set of experts, at least, that = a specification needs to be available. >=20 > Is there a way to say 'specification required and expert review' ? >=20 > This is not the same as 'RFC required' because it could be a non-IETF > crypto algorithm specified elsewhere in a national publication. >=20 > Note that this is a little off-topic. I am fine (up to a point) for > assigning code points to national algorithms as long as we have > code points. It is the "recommendations" for "suites" that I have > a problem with. I do not want the IETF to recommend any crypto > other than via CFRG. Yes. You say =E2=80=9CSpecification Required=E2=80=9D: = https://tools.ietf.org/html/rfc8126#section-4.6 = 4.6 . Specification = Required For the Specification Required policy, review and approval by a designated expert (see Section 5 = ) is required, and the = values and their meanings must be documented in a permanent and readily available public specification, in sufficient detail so that interoperability between independent implementations is possible. This policy is the same as Expert Review, with the additional requirement of a formal public specification. In addition to the normal review of such a request, the designated expert will review the public specification and evaluate whether it is sufficiently stable and permanent, and sufficiently clear and technically sound to allow interoperable implementations. --Apple-Mail=_A0D916A1-EE0F-47B6-9612-80485F5ECCA1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On 3 Oct 2018, at 20:01, Paul Wouters <paul@nohats.ca> = wrote:

On Wed, 3 Oct 2018, Salz, Rich wrote:

  If the community wanted Specification Required, = wouldn't we have said that,
=   rather than Expert Review?

Because it is the view of the current set of experts, at = least, that a specification needs to be available.

Is there a way to say = 'specification required and expert review' ?

This is not the same as 'RFC required' because it could be a = non-IETF
crypto algorithm specified elsewhere in a = national publication.

Note that this is a = little off-topic. I am fine (up to a point) for
assigning = code points to national algorithms as long as we have
code = points. It is the "recommendations" for "suites" that I have
a problem with. I do not want the IETF to recommend any = crypto
other than via CFRG.

Yes. You say =E2=80=9CSpecification Required=E2=80=9D: =  https://tools.ietf.org/html/rfc8126#section-4.6

4.6.  Specification =
Required


   For the Specification Required policy, review and approval by a
   designated expert (see Section =
5) is required, and the values and
   their meanings must be documented in a permanent and readily
   available public specification, in sufficient detail so that
   interoperability between independent implementations is possible.
   This policy is the same as Expert Review, with the additional
   requirement of a formal public specification.  In addition to the
   normal review of such a request, the designated expert will review
   the public specification and evaluate whether it is sufficiently
   stable and permanent, and sufficiently clear and technically sound to
   allow interoperable implementations.

= --Apple-Mail=_A0D916A1-EE0F-47B6-9612-80485F5ECCA1-- From nobody Wed Oct 3 13:45:20 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E770C12F1AC for ; Wed, 3 Oct 2018 13:45:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F_b6b0c4rU1w for ; Wed, 3 Oct 2018 13:45:16 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 153E312F1AB for ; Wed, 3 Oct 2018 13:45:15 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 491A920090; Wed, 3 Oct 2018 16:45:13 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id 1F5622352; Wed, 3 Oct 2018 16:45:14 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 1CB07234D; Wed, 3 Oct 2018 16:45:14 -0400 (EDT) From: Michael Richardson To: Paul Wouters cc: "Salz\, Rich" , Yoav Nir , Security Area Advisory Group In-Reply-To: References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> <14967.1538573464@localhost> <56BAE3F9-C5EC-47C7-9478-87445D973F62@akamai.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2018 20:45:18 -0000 --=-=-= Content-Type: text/plain Paul Wouters wrote: > Is there a way to say 'specification required and expert review' ? Yes, it's Specification Required. (Expert Review is implied. Just went through this in CELLAR) > This is not the same as 'RFC required' because it could be a non-IETF > crypto algorithm specified elsewhere in a national publication. Yes. > Note that this is a little off-topic. I am fine (up to a point) for > assigning code points to national algorithms as long as we have code > points. It is the "recommendations" for "suites" that I have a problem > with. I do not want the IETF to recommend any crypto other than via > CFRG. in most cases, we have at least 32-bit number spaces, or it's strings, so I just see a reason to be stingy. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlu1KlkACgkQgItw+93Q 3WXiXgf/fQpFDQ+FbAwhvTlCUXl6XNv7UsMmr1a1jcXGp51ZltDHI3nZv+510gzv jQRD8o9ong3Wxjbeu4l3QPZtnWB2mG7d/n6NfoNYvlOTbCOGPpiqY9etakKKqk4F bt7X0zDzn8eEVjqou5/GklSjnp0616Gg/XCFk4/PSYzkBbMnb0qkTyV1s6vF1vJZ 5JlJhEr361QDMULtMZmqv0bjxXmAM7JZB1YsEa3MMk9EUkh/53h7rBTKyabtneID pRTDRrir/MT/brzQCGAvElub7YtqmlA1Tub9y454pWmYlxR0m0VC4OFkQtsdfH9D 48VYXemhvXhlJfrwcTHyU0N8jbNpgg== =eB99 -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Oct 3 21:45:13 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F423130DDF for ; Wed, 3 Oct 2018 21:45:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YcW_L9UG3CYo for ; Wed, 3 Oct 2018 21:45:08 -0700 (PDT) Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A55DF130DD5 for ; Wed, 3 Oct 2018 21:45:07 -0700 (PDT) Received: by mail-lf1-x12c.google.com with SMTP id t22-v6so5763690lfb.7 for ; Wed, 03 Oct 2018 21:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9r73Pf2XlG2EPKNWMemRoQ7HTdbmOfS8tYfDF+ApuZo=; b=fLLnfWKIScLoTjf2uTxb9k1IkBsyXqiOMlUdCw/n9IOq5c6oPrNa8M34elPPREPSO/ DpylKTuyCINEifL8H4S+oukRIAddkfJ7IZpq8JW9Vdt6iYSUUAH7jIb3wFNLv4TjhrKU Q+fzDMLpUIEmb67u2L+F0Wbv/Yzhh6XrCG2xubHLr4gDfcput97TRV7IkCTAxGdsTw+g EjTSrIxPM45rbsR2sSXkiF4pJPY0bbH1oQuMdBTHh4oVI9vx0bu1248sU9GQ3PcKCzgJ 2X9k/t8bXnszoVGEyVzIF9aZPzZ/DBuwrJfjSECR/p0jzv28/8Enci/bNno7qFNeo9s3 iZgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9r73Pf2XlG2EPKNWMemRoQ7HTdbmOfS8tYfDF+ApuZo=; b=bA3JpCCPUPu0/mAXdwpZE1Sjm2a7O4kDWmClhEIIJGKlhn/OzrwOrjfqo024cmDSlj AOT1dn4bUa9tQUmMUrmo7SaOhrIxqTTYzdM8nOW+/+KiQ7wLroZtG99BJYcdvMVJK+OP bi0CSZR8L3oLlPmRJwXgGIPWUumE0sfv4anlFruBorhoF0UrzYNrqWYQJCeZnd0NHcm7 873WgmjmUrSUUgCdITCrq+f30q/E9tAcBAORqjhjnFJe0APNHU9DrFQliMstMKnLnXE3 rnSQ7ZBBCWPlSywEK/W41n+7DSxpvadSJLgadI/CUkHwOu49edeqPT8f4hKlZ7hXizZJ 6dNg== X-Gm-Message-State: ABuFfojJ1+V6P6ZDZI1CADz6NqmE2IxEKgSt9J7Vyoo8ClBELrR43vpJ bPAdMXbOmDXujWMA/I9Ep1jnLxo4jUxzC969fgZi/Q== X-Google-Smtp-Source: ACcGV61yJk7hp0Y+uLMOfuZdpmAa5qoq1/eAv1sLn8eoWgRI+vEnhOl0gYtgdOrT0/+BGa7jS9d6cj1COlSHiiMs7cQ= X-Received: by 2002:a19:a90f:: with SMTP id s15-v6mr2543588lfe.154.1538628305735; Wed, 03 Oct 2018 21:45:05 -0700 (PDT) MIME-Version: 1.0 References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> In-Reply-To: <20181002220720.GD56675@kduck.kaduk.org> From: Eric Rescorla Date: Wed, 3 Oct 2018 21:44:29 -0700 Message-ID: To: Benjamin Kaduk Cc: Yoav Nir , Paul Wouters , saag@ietf.org Content-Type: multipart/alternative; boundary="0000000000009ae65505775fd1ba" Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 04:45:11 -0000 --0000000000009ae65505775fd1ba Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Oct 2, 2018 at 3:07 PM Benjamin Kaduk wrote: > On Wed, Oct 03, 2018 at 01:02:55AM +0300, Yoav Nir wrote: > > > > > > > On 3 Oct 2018, at 0:36, Paul Wouters wrote: > > > > > > On Tue, 2 Oct 2018, Salz, Rich wrote: > > > > > >> * (e.g. TLS ciphersuites identifiers) to use them for national-wide > purposes > > >> * along with "first class" algorithms. > > >> TLS has moved to =E2=80=9Cdoc required=E2=80=9D Not =E2=80=9CRFC re= quired.=E2=80=9D And added a > column that says whether it is =E2=80=9Crecommended=E2=80=9D or =E2=80=9C= no comment.=E2=80=9D This seems > like it will work out well. > > > > > > Similarly, for IKE/IPsec, the IANA registries are Expert Review, not > "RFC required=E2=80=9D > > > > Right. So if SAAG (or the IESG) can guide the designated experts about > national crypto, that would be great. > > > > Suppose (and this is just an example) the Russian government would like > to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has a= n > AEAD mode defined, so it can be used. They have several options: > > They can publish a document on gostperevod.com > and ask IANA to register the Kuznyechik AEAD in the TLS registries. > > They can publish a draft (in addition to #1) and then ask IANA to > register the Kuznyechik AEAD in the TLS registry while asking the RFC > editor to publish. > > The can publish on gostperevod.com and tell > everyone to squat on (0x13, 0x79) > > > > I think we can all agree that #3 is a bad outcome, but that is what the= y > will do if IANA won=E2=80=99t allocate identifiers. > > > > IMO #1 is good enough, provided we can get guidance from SAAG or the > IESG to recommend such registration. > > > > It should be noted that a line should be drawn somewhere. I think a > nation state with serious cryptographers such as Russia should get a code > point for its national crypto. I think someone who has come up with a > great new algorithm that he totally cannot break should not get a code > point. Somewhere between these two extremes the line should be drawn. The > question is where? > > That's a question for the corresponding registry's Designated Experts, > presumably. RFC 8447 gives guidance to the experts (for the ciphersuite > registry): > > Note: The role of the designated expert is described in RFC 8447. > The designated expert [RFC8126] ensures that the specification is > publicly available. It is sufficient to have an Internet-Draft > (that is posted and never published as an RFC) or a document from > another standards body, industry consortium, university site, etc. > The expert may provide more in-depth reviews, but their approval > should not be taken as an endorsement of the cipher suite. > > which seems to push the Experts towards being pretty generous about > approving codepoint requests. I would be surprised if #1 above was > controversial (but, to be clear, would welcome a conversation with the > experts if needed; I'm not trying to force anyone's hand). > Speaking as an individual, not AD. My understanding of the intent of the current rules for TLS was to grant code points as long as there was a document describing the cipher suite, even if the DEs thought the algorithms were silly or potentially insecure. The reasoning here was that having code points marked Not Recommended was better than having people squatting. -Ekr > -Ben > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > --0000000000009ae65505775fd1ba Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Tue= , Oct 2, 2018 at 3:07 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
On W= ed, Oct 03, 2018 at 01:02:55AM +0300, Yoav Nir wrote:
>
>
> > On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> wrote:
> >
> > On Tue, 2 Oct 2018, Salz, Rich wrote:
> >
> >> *=C2=A0 (e.g. TLS ciphersuites identifiers) to use them for n= ational-wide purposes
> >> *=C2=A0 along with "first class" algorithms.
> >> TLS has moved to =E2=80=9Cdoc required=E2=80=9D=C2=A0 Not =E2= =80=9CRFC required.=E2=80=9D=C2=A0 And added a column that says whether it = is =E2=80=9Crecommended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D=C2=A0 Thi= s seems like it will work out well.
> >
> > Similarly, for IKE/IPsec, the IANA registries are Expert Review, = not "RFC required=E2=80=9D
>
> Right. So if SAAG (or the IESG) can guide the designated experts about= national crypto, that would be great.
>
> Suppose (and this is just an example) the Russian government would lik= e to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has a= n AEAD mode defined, so it can be used. They have several options:
> They can publish a document on gostperevod.com <http://gostperevod.= com/> and ask IANA to register the Kuznyechik AEAD in the TLS regist= ries.
> They can publish a draft (in addition to #1) and then ask IANA to regi= ster the Kuznyechik AEAD in the TLS registry while asking the RFC editor to= publish.
> The can publish on gostperevod.com <http://gostperevod.com/> = and tell everyone to squat on (0x13, 0x79)
>
> I think we can all agree that #3 is a bad outcome, but that is what th= ey will do if IANA won=E2=80=99t allocate identifiers.
>
> IMO #1 is good enough, provided we can get guidance from SAAG or the I= ESG to recommend such registration.
>
> It should be noted that a line should be drawn somewhere. I think a na= tion state with serious cryptographers such as Russia should get a code poi= nt for its national crypto.=C2=A0 I think someone who has come up with a gr= eat new algorithm that he totally cannot break should not get a code point.= Somewhere between these two extremes the line should be drawn. The questio= n is where?

That's a question for the corresponding registry's Designated Exper= ts,
presumably.=C2=A0 RFC 8447 gives guidance to the experts (for the ciphersui= te
registry):

=C2=A0 =C2=A0Note:=C2=A0 The role of the designated expert is described in = RFC 8447.
=C2=A0 =C2=A0 =C2=A0 The designated expert [RFC8126] ensures that the speci= fication is
=C2=A0 =C2=A0 =C2=A0 publicly available.=C2=A0 It is sufficient to have an = Internet-Draft
=C2=A0 =C2=A0 =C2=A0 (that is posted and never published as an RFC) or a do= cument from
=C2=A0 =C2=A0 =C2=A0 another standards body, industry consortium, universit= y site, etc.
=C2=A0 =C2=A0 =C2=A0 The expert may provide more in-depth reviews, but thei= r approval
=C2=A0 =C2=A0 =C2=A0 should not be taken as an endorsement of the cipher su= ite.

which seems to push the Experts towards being pretty generous about
approving codepoint requests.=C2=A0 I would be surprised if #1 above was controversial (but, to be clear, would welcome a conversation with the
experts if needed; I'm not trying to force anyone's hand).

Speaking as an individual, not AD.
My understanding of the intent of the current rules for TLS wa= s to grant code points as long as there was a document describing the ciphe= r suite, even if the DEs thought the algorithms were silly or potentially i= nsecure.

The reasoning here was that having code p= oints marked Not Recommended was better than having people squatting.

-Ekr


-Ben

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag
--0000000000009ae65505775fd1ba-- From nobody Wed Oct 3 21:47:07 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 708BB130DE0 for ; Wed, 3 Oct 2018 21:47:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vosFu3FmVxyZ for ; Wed, 3 Oct 2018 21:47:03 -0700 (PDT) Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CF8D130DD5 for ; Wed, 3 Oct 2018 21:47:03 -0700 (PDT) Received: by mail-lf1-x12a.google.com with SMTP id q39-v6so5751817lfi.8 for ; Wed, 03 Oct 2018 21:47:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DQmiQm9cYKzpSHijC0Cohmr1UuEER+iSWdzgT+JzmQw=; b=uTRh0Ucot+jN8hHY9wAB8wS6PO8cTOiqTwa1oqlON1+HPdTOhaCnIsW0QQabNnBFvq QwsUI6fZbBCqeJ3D3+06pqN0eDIniTVCmV9eztlX6QnWq9wR3uKPrPSrPqZ9o6+pxrmq tIwonHDo98NVr7m8KhSh2NwzumGtlXbBRRVY5K6f4IeFB7T+H7aZRwvETz3b9kwgkT5i ul7776f927EOTCngnylO5gyxoDpjry7gsw2LBT4/kjAYHdj0jQrKYd8TLbfrtA7Pwub7 dmc9TEU5fmmpkGdn0P+tJrU5YHFkUpWHa68cAUAGDBkQLzozXOD78xhKMfJQ2oITeA7h vsjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DQmiQm9cYKzpSHijC0Cohmr1UuEER+iSWdzgT+JzmQw=; b=HXg+gS1YfWflqDm3bUb7BNcbUA6NY3r3zrdyghWsjPoiXcEWbXqAus13zGdTRBKfCo yBB4g9H8ilGdLw/ftnBlSJMGrrA0vMdnK2+wl8ibGkQgiULbcdnzh79Tlb40C5tDZHq8 8Ph6RKKMFLEHy9oNezmw6/XLVZfnpursxCPDlddA3JB0/5tfv+bEjRl8XINmIWIFaq5U whaJqn5tL4kjpRpmB5Y0Jop5DvZeFXXPs8MsCIc5X7aSQVxioYhLYSF3RJZHK1ukiz5+ km44vKo37EeNoxEQwCYysDjuKXpHj8kAE8dJTdzYtiI2PhhbVpUj7KkxYP4zNWTUiNAQ p3wA== X-Gm-Message-State: ABuFfog+iVd5YHyG8er7l4+jc0kBifcSF+tFcUaw1WN2mLnatCX+XH4m yHzwRpxch91wvFdAA2l405IrflYcr5sMGseGrr+97g== X-Google-Smtp-Source: ACcGV635Z4vLILwB9deR4b5+jkyNN/4qLZJIFKQhMFUvWcoxKYGmf1LO85VqjUL+zR9uv2vYfJVm56HPSukgUtudXt8= X-Received: by 2002:a19:7391:: with SMTP id h17-v6mr2776788lfk.140.1538628421311; Wed, 03 Oct 2018 21:47:01 -0700 (PDT) MIME-Version: 1.0 References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> <14967.1538573464@localhost> In-Reply-To: <14967.1538573464@localhost> From: Eric Rescorla Date: Wed, 3 Oct 2018 21:46:24 -0700 Message-ID: To: Michael Richardson Cc: Yoav Nir , Paul Wouters , saag@ietf.org Content-Type: multipart/alternative; boundary="0000000000007e6b3505775fd8b0" Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 04:47:06 -0000 --0000000000007e6b3505775fd8b0 Content-Type: text/plain; charset="UTF-8" At least part of the discussion around SR versus ER was about the validity of I-Ds. Specifically, we wanted I-Ds to be a valid form of documentation and there was some disagreement about whether they were for the purposes of Specification Required. ER allowed us to specify that threshold clearly. -Ekr On Wed, Oct 3, 2018 at 6:31 AM Michael Richardson wrote: > > Yoav Nir wrote: > > They still need to ask IANA for an assignment, and IANA would refer > it > > to the designated experts. Those designated experts (Rich, Nick, and > I > > for TLS) can enforce that the document is available in English. In > > Why would you insist on this? > If the community wanted Specification Required, wouldn't we have said that, > rather than Expert Review? > > -- > Michael Richardson , Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > --0000000000007e6b3505775fd8b0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
At least part of the discussion around SR versus ER w= as about the validity of I-Ds. Specifically, we wanted I-Ds to be a valid f= orm of documentation and there was some disagreement about whether they wer= e for the purposes of Specification Required. ER allowed us to specify that= threshold clearly.

-Ekr

<= /div>
On Wed, Oct 3, 2018 at= 6:31 AM Michael Richardson <= mcr+ietf@sandelman.ca> wrote:
ynir.= ietf@gmail.com> wrote:
=C2=A0 =C2=A0 > They still need to ask IANA for an assignment, and IANA = would refer it
=C2=A0 =C2=A0 > to the designated experts. Those designated experts (Ric= h, Nick, and I
=C2=A0 =C2=A0 > for TLS) can enforce that the document is available in E= nglish. In

Why would you insist on this?
If the community wanted Specification Required, wouldn't we have said t= hat,
rather than Expert Review?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-



_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag
--0000000000007e6b3505775fd8b0-- From nobody Thu Oct 4 05:38:25 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79345130E29 for ; Thu, 4 Oct 2018 05:38:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQQ3EzcLvsVi for ; Thu, 4 Oct 2018 05:38:20 -0700 (PDT) Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AC37130E16 for ; Thu, 4 Oct 2018 05:38:20 -0700 (PDT) Received: by mail-qt1-x82b.google.com with SMTP id d14-v6so1014122qto.4 for ; Thu, 04 Oct 2018 05:38:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mvinAukhAbiHPIkFAwGTgUgLmXc78RRMNZvnHlY1XmM=; b=rSao37vlCq39NKBANupyJZ9boE/nI5A0zVYnJebYvUwcNO9UFUMFSbTObdBzCTkDNl Gfg2TVKGf/WYcPtsyjy8sqaFlDvlWdGtzwdG/07axMGqj/QL4B0Q/ciPO3vUzgpK/3lr zHehEqUukM7K7aIGHHu5cWcQj8OEr7MWBjT+wJlgxokyrYR+QvbNhkzDGn12ZenQcyhn sSknUqq9W1lKg1KfZYEsBRAc1W/2Q+N7Y22dqFxzer7GfqST5bQ1X58ol9JtXlUvFUII OxH6CINW9ei6T86tsndonad5xFct1gkyb4/LV9eOOh70ZxvwlyMlxFgB6hZBwEFr26Wx 0oxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mvinAukhAbiHPIkFAwGTgUgLmXc78RRMNZvnHlY1XmM=; b=E7MSUWd75RlKoMd3igsdSDv/XxspD7n9xCN6ULcgEzeZjgoVawZWa1Q+Duu6+kEUMs FVvUZzNPhhHRuc/YLJ5hF2kcvuMzwahSSDvXw3f4npJpxyafUhQog9bX6kRiFk5QFStw 9m0mminQHOwKvBlBHBsrv8svZjkZ3BCV163Qyv5/dySmRwb3zBhmoIqEhebxYHW+D2zK 2V+5ybmhlRjn2xSkYrbIe8zm8peyNqyLf1wIIlKj0c70Y3vHU39hkrT+v47f9Vnc2q8J WWWknYRWiB7g9ERmVS3XF0H13+kXSGihbQhV6uM2h9TTdz6d19b3XQ2OO1xmYgcZJq8F z/+A== X-Gm-Message-State: ABuFfoguiGHqR1KPkl38t5iFI5BId1pvstc+HPo/d01y/BnH7ez2U+kl xuhzRCW7bZS1rAM+U9jVMDQ= X-Google-Smtp-Source: ACcGV62mWfJrXPzi76kp0lP56rDGzmdpogl8inVxs08My8YV0yFDJcEjJ7euXVGYRiIV191eSFDkzg== X-Received: by 2002:aed:3384:: with SMTP id v4-v6mr5089483qtd.267.1538656699347; Thu, 04 Oct 2018 05:38:19 -0700 (PDT) Received: from ?IPv6:2600:380:8e74:d1b2:eca8:cfcf:dcfe:25a9? ([2600:380:8e74:d1b2:eca8:cfcf:dcfe:25a9]) by smtp.gmail.com with ESMTPSA id t16-v6sm2558029qth.68.2018.10.04.05.38.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Oct 2018 05:38:18 -0700 (PDT) Content-Type: multipart/alternative; boundary=Apple-Mail-2057E48E-D2A1-4076-8687-E1B3A339D085 Mime-Version: 1.0 (1.0) From: Kathleen Moriarty X-Mailer: iPhone Mail (15E216) In-Reply-To: Date: Thu, 4 Oct 2018 08:38:17 -0400 Cc: Benjamin Kaduk , Paul Wouters , saag@ietf.org Content-Transfer-Encoding: 7bit Message-Id: References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> To: Eric Rescorla Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 12:38:24 -0000 --Apple-Mail-2057E48E-D2A1-4076-8687-E1B3A339D085 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Sent from my mobile device > On Oct 4, 2018, at 12:44 AM, Eric Rescorla wrote: >=20 >=20 >=20 >> On Tue, Oct 2, 2018 at 3:07 PM Benjamin Kaduk wrote: >> On Wed, Oct 03, 2018 at 01:02:55AM +0300, Yoav Nir wrote: >> >=20 >> >=20 >> > > On 3 Oct 2018, at 0:36, Paul Wouters wrote: >> > >=20 >> > > On Tue, 2 Oct 2018, Salz, Rich wrote: >> > >=20 >> > >> * (e.g. TLS ciphersuites identifiers) to use them for national-wide= purposes=20 >> > >> * along with "first class" algorithms.=20 >> > >> TLS has moved to =E2=80=9Cdoc required=E2=80=9D Not =E2=80=9CRFC re= quired.=E2=80=9D And added a column that says whether it is =E2=80=9Crecomm= ended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D This seems like it will wor= k out well. >> > >=20 >> > > Similarly, for IKE/IPsec, the IANA registries are Expert Review, not "= RFC required=E2=80=9D >> >=20 >> > Right. So if SAAG (or the IESG) can guide the designated experts about n= ational crypto, that would be great. >> >=20 >> > Suppose (and this is just an example) the Russian government would like= to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has an A= EAD mode defined, so it can be used. They have several options: >> > They can publish a document on gostperevod.com and ask IANA to register the Kuznyechik AEAD in the TLS registries. >> > They can publish a draft (in addition to #1) and then ask IANA to regis= ter the Kuznyechik AEAD in the TLS registry while asking the RFC editor to p= ublish. >> > The can publish on gostperevod.com and tell e= veryone to squat on (0x13, 0x79) >> >=20 >> > I think we can all agree that #3 is a bad outcome, but that is what the= y will do if IANA won=E2=80=99t allocate identifiers. >> >=20 >> > IMO #1 is good enough, provided we can get guidance from SAAG or the IE= SG to recommend such registration. >> >=20 >> > It should be noted that a line should be drawn somewhere. I think a nat= ion state with serious cryptographers such as Russia should get a code point= for its national crypto. I think someone who has come up with a great new a= lgorithm that he totally cannot break should not get a code point. Somewhere= between these two extremes the line should be drawn. The question is where?= >>=20 >> That's a question for the corresponding registry's Designated Experts, >> presumably. RFC 8447 gives guidance to the experts (for the ciphersuite >> registry): >>=20 >> Note: The role of the designated expert is described in RFC 8447. >> The designated expert [RFC8126] ensures that the specification is >> publicly available. It is sufficient to have an Internet-Draft >> (that is posted and never published as an RFC) or a document from >> another standards body, industry consortium, university site, etc. >> The expert may provide more in-depth reviews, but their approval >> should not be taken as an endorsement of the cipher suite. >>=20 >> which seems to push the Experts towards being pretty generous about >> approving codepoint requests. I would be surprised if #1 above was >> controversial (but, to be clear, would welcome a conversation with the >> experts if needed; I'm not trying to force anyone's hand). >=20 > Speaking as an individual, not AD. >=20 > My understanding of the intent of the current rules for TLS was to grant c= ode points as long as there was a document describing the cipher suite, even= if the DEs thought the algorithms were silly or potentially insecure. >=20 > The reasoning here was that having code points marked Not Recommended was b= etter than having people squatting. Agreed. There was consensus on this choice as well in the TLS WG. Kathleen=20 >=20 > -Ekr >=20 >>=20 >> -Ben >>=20 >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag --Apple-Mail-2057E48E-D2A1-4076-8687-E1B3A339D085 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Sent= from my mobile device

On Oct 4, 2018, at 12:44 AM, Eric Resco= rla <ekr@rtfm.com> wrote:

<= /div>


On Tue, Oct 2, 2018 at 3:07 PM Benjamin Kaduk &= lt;kaduk@mit.edu> wrote:
On Wed, Oct 03, 2018 at 01:02:55AM +0300, Yoav N= ir wrote:
>
>
> > On 3 Oct 2018, at 0:36, Paul Wouters <paul@nohats.ca> wrote:
> >
> > On Tue, 2 Oct 2018, Salz, Rich wrote:
> >
> >> *  (e.g. TLS ciphersuites identifiers) to use them for na= tional-wide purposes
> >> *  along with "first class" algorithms.
> >> TLS has moved to =E2=80=9Cdoc required=E2=80=9D  Not =E2=80= =9CRFC required.=E2=80=9D  And added a column that says whether it is =E2= =80=9Crecommended=E2=80=9D or =E2=80=9Cno comment.=E2=80=9D  This seems= like it will work out well.
> >
> > Similarly, for IKE/IPsec, the IANA registries are Expert Review, n= ot "RFC required=E2=80=9D
>
> Right. So if SAAG (or the IESG) can guide the designated experts about n= ational crypto, that would be great.
>
> Suppose (and this is just an example) the Russian government would like= to use TLS 1.3 with the Kuznyechik cipher. This is assuming that it has an A= EAD mode defined, so it can be used. They have several options:
> They can publish a document on gostperevod.com <http://gostperevod.com/<= /a>> and ask IANA to register the Kuznyechik AEAD in the TLS registries.<= br> > They can publish a draft (in addition to #1) and then ask IANA to regis= ter the Kuznyechik AEAD in the TLS registry while asking the RFC editor to p= ublish.
> The can publish on gostperevod.com <http://gostperevod.com/> and= tell everyone to squat on (0x13, 0x79)
>
> I think we can all agree that #3 is a bad outcome, but that is what the= y will do if IANA won=E2=80=99t allocate identifiers.
>
> IMO #1 is good enough, provided we can get guidance from SAAG or the IE= SG to recommend such registration.
>
> It should be noted that a line should be drawn somewhere. I think a nat= ion state with serious cryptographers such as Russia should get a code point= for its national crypto.  I think someone who has come up with a great= new algorithm that he totally cannot break should not get a code point. Som= ewhere between these two extremes the line should be drawn. The question is w= here?

That's a question for the corresponding registry's Designated Experts,
presumably.  RFC 8447 gives guidance to the experts (for the ciphersuit= e
registry):

   Note:  The role of the designated expert is described in R= FC 8447.
      The designated expert [RFC8126] ensures that the specif= ication is
      publicly available.  It is sufficient to have an I= nternet-Draft
      (that is posted and never published as an RFC) or a doc= ument from
      another standards body, industry consortium, university= site, etc.
      The expert may provide more in-depth reviews, but their= approval
      should not be taken as an endorsement of the cipher sui= te.

which seems to push the Experts towards being pretty generous about
approving codepoint requests.  I would be surprised if #1 above was
= controversial (but, to be clear, would welcome a conversation with the
experts if needed; I'm not trying to force anyone's hand).
<= div>
Speaking as an individual, not AD.

My understanding of the intent of the current rules for TLS was to grant c= ode points as long as there was a document describing the cipher suite, even= if the DEs thought the algorithms were silly or potentially insecure.
=

The reasoning here was that having code points marked No= t Recommended was better than having people squatting.
=

Agreed.  There was consensus on this c= hoice as well in the TLS WG.

Kathleen 
=

-Ekr


-Ben

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag
____________________= ___________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman= /listinfo/saag
= --Apple-Mail-2057E48E-D2A1-4076-8687-E1B3A339D085-- From nobody Thu Oct 4 07:49:10 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ED5B130E55 for ; Thu, 4 Oct 2018 07:49:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.156 X-Spam-Level: X-Spam-Status: No, score=-3.156 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14kUDs5umyp5 for ; Thu, 4 Oct 2018 07:49:06 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EADCD130DF2 for ; Thu, 4 Oct 2018 07:49:05 -0700 (PDT) Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w94Eab9w005457; Thu, 4 Oct 2018 15:49:05 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=pxLPY8zZinB4+Gl6YBjISuS3+TeGQEhAu4o637B0pq8=; b=nwriDgMt9VtuT7zXOejZYA11ibHx9rqQpW0X3I0d1BniVUIwVIrBMcKrYJ+SYwoTetPW vg/pQaSZcfRQ79pTXLW6YKhagS99IGPELcaaM6V3UrywmyD8WZcg5sGkvdaFcHQBE9uj oSSDX3LrhaKZOhN//NOLBSGF+XFUfoa+jym9nqK3ik9SfGrvr5sFKX+CELaStHBM3kAC L61uRhU2pMv+jicBaF21n8J8QPpj9/JjWM6zG1VS40dIKes5kU6DV4oRA7DoeSxOWvp0 c3NpM7BPT9Q4gdHTtxi2vzlV2ijr2iHTDNUuEORjcJyRZN/U0ywHyRjhkwDlPjR+Mv50 PQ== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by mx0b-00190b01.pphosted.com with ESMTP id 2mw977sw53-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Oct 2018 15:49:04 +0100 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w94EZ77M023437; Thu, 4 Oct 2018 10:49:04 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint2.akamai.com with ESMTP id 2mt4qvfdcx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 04 Oct 2018 10:49:03 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Thu, 4 Oct 2018 10:49:03 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Thu, 4 Oct 2018 10:49:03 -0400 From: "Salz, Rich" To: Eric Rescorla , Benjamin Kaduk CC: Paul Wouters , "saag@ietf.org" Thread-Topic: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 Thread-Index: AQHUWo2VH6xkljVOnEapGM4dLA+20qUMvd8AgAAHa4CAAAE8AIACAUuAgABl2wA= Date: Thu, 4 Oct 2018 14:49:02 +0000 Message-ID: <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.11.0.180909 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.34.234] Content-Type: multipart/alternative; boundary="_000_4DCAFB4A9CDB46929382FBD04DC8FA16akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-04_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=956 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810040137 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-04_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=957 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810040137 Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 14:49:09 -0000 --_000_4DCAFB4A9CDB46929382FBD04DC8FA16akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 ICAqICAgVGhlIHJlYXNvbmluZyBoZXJlIHdhcyB0aGF0IGhhdmluZyBjb2RlIHBvaW50cyBtYXJr ZWQgTm90IFJlY29tbWVuZGVkIHdhcyBiZXR0ZXIgdGhhbiBoYXZpbmcgcGVvcGxlIHNxdWF0dGlu Zy4NCg0KVGhleeKAmXJlIGFjdHVhbGx5IOKAnG5vIGNvbW1lbnTigJ0gYXMgb3Bwb3NlZCB0byBO b3QgUmVjb21tZW5kZWQuICBUaGUgb25seSB3YXkgc29tZXRoaW5nIGdldHMgdG8gYmUgcmVjb21t ZW5kZWQgaXMgaWYgaXTigJlzIGEgV0cgZG9jdW1lbnQuICBUaGlzIGlzLCBhZG1pdHRlZGx5LCBh IGZpbmUgcG9pbnQgYW5kIGNvdWxkIHdlbGwgYmUgbG9zdCBvbiBtYW55LCBidXQgaXTigJlzIGlt cG9ydGFudC4NCg== --_000_4DCAFB4A9CDB46929382FBD04DC8FA16akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0K CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246 dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28t c3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRl cmxpbmU7fQ0KcC5Nc29MaXN0UGFyYWdyYXBoLCBsaS5Nc29MaXN0UGFyYWdyYXBoLCBkaXYuTXNv TGlzdFBhcmFncmFwaA0KCXttc28tc3R5bGUtcHJpb3JpdHk6MzQ7DQoJbWFyZ2luLXRvcDowaW47 DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltYXJnaW4tYm90dG9tOjBpbjsNCgltYXJnaW4tbGVmdDou NWluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQt ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFs MCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJn aW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTgNCgl7bXNvLXN0 eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2Vy aWY7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9u dC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47 DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7 cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7 bXNvLWxpc3QtaWQ6MTU4MzAyNjA4MDsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlz dC10ZW1wbGF0ZS1pZHM6LTQ4MjA2NDUxMiAtMjA5MDU4MzE3MCA2NzY5ODY5MSA2NzY5ODY5MyA2 NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpA bGlzdCBsMDpsZXZlbDENCgl7bXNvLWxldmVsLXN0YXJ0LWF0OjA7DQoJbXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+DmDsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczsNCgltc28tZmFyZWFzdC1mb250LWZhbWls eToiVGltZXMgTmV3IFJvbWFuIjsNCgltc28tYmlkaS1mb250LWZhbWlseTpDYWxpYnJpO30NCkBs aXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl dmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3Vy aWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1 bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJ bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglm b250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1z dG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50 Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1s ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZl bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDps ZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0 Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9 DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z by1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5 OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVs bGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNv LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250 LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWIt c3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCm9sDQoJe21hcmdpbi1ib3R0b206 MGluO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGluO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8 Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNz PSJXb3JkU2VjdGlvbjEiPg0KPHVsIHN0eWxlPSJtYXJnaW4tdG9wOjBpbiIgdHlwZT0iZGlzYyI+ DQo8bGkgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tbGVmdDowaW47bXNv LWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPlRoZSByZWFzb25pbmcgaGVyZSB3YXMgdGhhdCBoYXZpbmcg Y29kZSBwb2ludHMgbWFya2VkIE5vdCBSZWNvbW1lbmRlZCB3YXMgYmV0dGVyIHRoYW4gaGF2aW5n IHBlb3BsZSBzcXVhdHRpbmcuPG86cD48L286cD48L2xpPjwvdWw+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZXnigJly ZSBhY3R1YWxseSDigJxubyBjb21tZW504oCdIGFzIG9wcG9zZWQgdG8gTm90IFJlY29tbWVuZGVk LiZuYnNwOyBUaGUgb25seSB3YXkgc29tZXRoaW5nIGdldHMgdG8gYmUgcmVjb21tZW5kZWQgaXMg aWYgaXTigJlzIGEgV0cgZG9jdW1lbnQuJm5ic3A7IFRoaXMgaXMsIGFkbWl0dGVkbHksIGEgZmlu ZSBwb2ludCBhbmQgY291bGQgd2VsbCBiZSBsb3N0IG9uIG1hbnksIGJ1dCBpdOKAmXMgaW1wb3J0 YW50LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_4DCAFB4A9CDB46929382FBD04DC8FA16akamaicom_-- From nobody Thu Oct 4 07:53:27 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F85D12958B for ; Thu, 4 Oct 2018 07:53:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WGrQxSPZy3_E for ; Thu, 4 Oct 2018 07:53:24 -0700 (PDT) Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C65A1124BE5 for ; Thu, 4 Oct 2018 07:53:23 -0700 (PDT) Received: by mail-qk1-x734.google.com with SMTP id a85-v6so5920423qkg.3 for ; Thu, 04 Oct 2018 07:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8yy1u6rfAuUQycG63oETyGcewmrii3Bp1lzm7juhMi4=; b=IWMIOelr7wUup0Oo8JtcIE4CJew54WRclTyj5JTN93oDYvcZ9mxs7Jk8vUBSV+rXZA tL9irQkJvSZj/XZ5R06SIwVcWmHiED/oSboMZi0dJqwC1t4jVtOCBebYeY/3JL8f4U87 jr0LpXSTrTHfEqFH724VbNrYBS7fk/WKYsQH4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8yy1u6rfAuUQycG63oETyGcewmrii3Bp1lzm7juhMi4=; b=hTFZn9X8DHvNTKYl7WPHBjEmh/rwROExHGnpa3cI9S/dNw6IR7ZQazfoTYB5bd9iH3 /f9rX6ooWj7H82pB9T/1G5jSMlTw4xsWEYij9g/bZnr5/f1Zl6J2nY7BCP3X1TWxrAdX ad6QnKxUAejKhMQVzxcYMRM6xVXFBINVoLnQSHefEJOa6jYE+LKYEX9vh5hdRs59G8KA hzb1Bz03B3YkLFqSXglvVJmzhrb+4WuZvhRB1WMCAJ/iMoCx41cl5K86DPm0rpEfKRLH HUjac0aqwtcLIcqgD7ofag25zB4NUrEtwSffE5ff3sojMurbjkcd7dVputhm5HaXAOZn +kKA== X-Gm-Message-State: ABuFfohsGn3o+M9LdI1ncj84VFjPsrnuMGacqMfwJCA72MwCJce1WrEb RBwkhEV+XAnCln3kWFQsX8/cDg== X-Google-Smtp-Source: ACcGV61m7gEwc7oLhF05I2UUYHWDLU+lUmdZmrepNCC//X2ZRD0dqiu9ToysXYQ+M3Zlfh8H2LmZnQ== X-Received: by 2002:ae9:dc43:: with SMTP id q64-v6mr5523694qkf.62.1538664802984; Thu, 04 Oct 2018 07:53:22 -0700 (PDT) Received: from [172.16.0.18] ([96.231.224.191]) by smtp.gmail.com with ESMTPSA id s90-v6sm2771525qks.80.2018.10.04.07.53.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Oct 2018 07:53:21 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Sean Turner In-Reply-To: <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> Date: Thu, 4 Oct 2018 10:53:20 -0400 Cc: Eric Rescorla , Benjamin Kaduk , Paul Wouters , "saag@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> To: Rich Salz X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 14:53:26 -0000 > On Oct 4, 2018, at 10:49, Salz, Rich wrote: >=20 > =E2=80=A2 The reasoning here was that having code points marked = Not Recommended was better than having people squatting. > =20 > They=E2=80=99re actually =E2=80=9Cno comment=E2=80=9D as opposed to = Not Recommended. The only way something gets to be recommended is if = it=E2=80=99s a WG document. This is, admittedly, a fine point and could = well be lost on many, but it=E2=80=99s important. Agreed that it will be lost on most, but I think it kind of makes sense. = The interesting flip side here is that there are going to be some = perfectly good algorithms are not marked as Recommended. spt From nobody Thu Oct 4 08:06:02 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4067130DFB for ; Thu, 4 Oct 2018 08:06:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwRROfMs1bIE for ; Thu, 4 Oct 2018 08:05:53 -0700 (PDT) Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09F4B12958B for ; Thu, 4 Oct 2018 08:05:53 -0700 (PDT) Received: by mail-lf1-x12e.google.com with SMTP id s10-v6so7033734lfc.9 for ; Thu, 04 Oct 2018 08:05:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DibAB/VmejSmlewuCo0nJOALHOvgDcQoimSG54wBsJo=; b=EuxzrpnzVnPxI9EHQ4BpXteiGXcXshvbAkIVzdUCBGE+5EAtGWU+9hOA4fPO3ki0Qg ag0q3+eqb+hUnho3nhqhchXySnzlFgfH6sNDfuqwvgKdhfYUW3O9Tz2hbL2w4LvMNUDN 2SKpeeOqt+bFfr/0/a9etfPtHuS0geHIICHoXFAIpwcyP8hdNg6LO0NStBFEQlzAkEUt yEF6LenMo3wcQmolbBaBg9BhMZkMZePB0ZH4+YdmTrpsI9PvrKWAHUl6m0vOlnagek+S 7XJbI7LZpzkeERYF8cHLQpYRh8+GY96GUk/n9J7+EB1sjTtIU44lPYBBA79mr+jI5gq4 QmWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DibAB/VmejSmlewuCo0nJOALHOvgDcQoimSG54wBsJo=; b=XlqYomEUMOn5lQuUNI94LDK5D9mKRGb/05QwKSEIQnFqE4Q2BxY+yRZy05sdxvUnLk h43ihsb74Lys0gtSWi4r1BsQkvv2SvAajm7L7oKKtvQH8tiGoR6jWPopEoGMuphgWKG7 I1RVKi8fI4vA+BmAiyPH2rCwIzBAwx75evL3ncF+PxjcNipjJ0Bv0Uznc1vViw05SeSE vwQt8Dkb9mjanA3STn7ylON4+j6Iafh5iNES4ff3/klKtTl7or3u+YMXCt/bWvEN2z4M nE9MQ3vca0n3uSeRFzF1+qSwWaO4S9/KwJkRF0ut22eBjLu+v9Nn7UHRttaRnMf+k7kb Dp2A== X-Gm-Message-State: ABuFfojYmeGebU0enW/riMFYoFEWYNtw3h9B/pf+fT7auQHWKXiuZwuK cy5J1RyXu1cgUiDQ/PsxGlaOziQPfI2SEfvZNToqhlsf064= X-Google-Smtp-Source: ACcGV608OUGlbFHXFiW6pI97FGev+bXjeSivtr+ovZe6lUkOcqQVQ9B4li1lX/zrKBBQlybzfwrq/OOHJtK9Odam91A= X-Received: by 2002:a19:1188:: with SMTP id 8-v6mr4376935lfr.32.1538665551236; Thu, 04 Oct 2018 08:05:51 -0700 (PDT) MIME-Version: 1.0 References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> In-Reply-To: <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> From: Eric Rescorla Date: Thu, 4 Oct 2018 08:05:14 -0700 Message-ID: To: "Salz, Rich" Cc: Benjamin Kaduk , Paul Wouters , saag@ietf.org Content-Type: multipart/alternative; boundary="0000000000009c25770577687d73" Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 15:06:01 -0000 --0000000000009c25770577687d73 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Oct 4, 2018 at 7:49 AM Salz, Rich wrote: > > - The reasoning here was that having code points marked Not > Recommended was better than having people squatting. > > > > They=E2=80=99re actually =E2=80=9Cno comment=E2=80=9D as opposed to Not R= ecommended. > Well, it might be useful to go back to the text here: Per this document, a "Recommended" column has been added to many of the TLS registries to indicate parameters that are generally recommended for implementations to support. Adding a "Recommended" parameter (i.e., "Y") to a registry or updating a parameter to "Recommended" status requires Standards Action. Not all parameters defined in Standards Track documents need to be marked as "Recommended". If an item is not marked as "Recommended" (i.e., "N"), it does not necessarily mean that it is flawed; rather, it indicates that the item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. Perhaps the most appropriate thing would be to characterize the "N" marking as "it is not a 'Recommended code point'". The only way something gets to be recommended is if it=E2=80=99s a WG docum= ent. > To be more precise, in IETF 8447, it's Standards Action, which might or might not be a WG document. -Ekr > This is, admittedly, a fine point and could well be lost on many, but it= =E2=80=99s > important. > --0000000000009c25770577687d73 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Thu= , Oct 4, 2018 at 7:49 AM Salz, Rich <rsalz@akamai.com> wrote:
  • The reasoning here was that having code points marked Not Recommended w= as better than having people squatting.

=C2=A0

They=E2=80=99re actually =E2=80=9Cno comment=E2=80= =9D as opposed to Not Recommended.=C2=A0

=
Well, it might be useful to go back to the text here:
<= div>
   Per this document, a &qu=
ot;Recommended" column has been added to many of
   the TLS registries to indicate parameters that are generally
   recommended for implementations to support.  Adding a "Recommended&=
quot;
   parameter (i.e., "Y") to a registry or updating a parameter to
   "Recommended" status requires Standards Action.  Not all param=
eters
   defined in Standards Track documents need to be marked as
   "Recommended".

   If an item is not marked as "Recommended" (i.e., "N"=
), it does not
   necessarily mean that it is flawed; rather, it indicates that the
   item either has not been through the IETF consensus process, has
   limited applicability, or is intended only for specific use cases.
Perhaps the most appropriate thing would be to characterize the "N=
" marking as "it is not a 'Recommended code point'".=

The only way something gets to be = recommended is if it=E2=80=99s a WG document.=C2=A0


To be more precise, in IETF 8447, it's Standar= ds Action, which might or might not be a WG document.

-Ekr

=C2=A0

This is, admittedly= , a fine point and could well be lost on many, but it=E2=80=99s important.<= /p>



--0000000000009c25770577687d73-- From nobody Thu Oct 4 08:07:45 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97734130DFB for ; Thu, 4 Oct 2018 08:07:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.156 X-Spam-Level: X-Spam-Status: No, score=-3.156 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Ub5WGkcsrEs for ; Thu, 4 Oct 2018 08:07:36 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3A4F12958B for ; Thu, 4 Oct 2018 08:07:36 -0700 (PDT) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w94F2NTL022678; Thu, 4 Oct 2018 16:07:35 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=E6pU4YT/grAsguYQB7hl2YDkzXbn8zpvbQTXnsAXiwg=; b=MY4i/QUbtWWPcomESPGpIz3iI3ejg8WSFyu1pSk71mNnuKqYLTjt1DS216UlAkMvzonR 8Z3uaFCoucHzkSTBYINN58Rcl+kqYUNvCJTImt8DzNCt+uIwUw1yJxAyqNYZETC70Mxq oDU6vo2zNkusTP5c2/G4KwXfFRMCnEXuv44UGtHTkGfc06NAIHREFOrmeFZZ4jtvIZwx QKE6nnLWwWbCQzSY3AVw6xB+gzRVgbQIyjdXy7u+v44qqaUx5civE/Y/ODgydc5rdIws sXV/BvShDf/eWJwIB1sAi6dsapBulqm0KNONNR6jeCOzUDZKNLNzHDF12Q9TKiy4A2b7 6w== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050102.ppops.net-00190b01. with ESMTP id 2mw1j23dhp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Oct 2018 16:07:35 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w94F5rOM019940; Thu, 4 Oct 2018 11:07:35 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint1.akamai.com with ESMTP id 2mt4rayvhr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 04 Oct 2018 11:07:35 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Thu, 4 Oct 2018 11:07:34 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Thu, 4 Oct 2018 11:07:34 -0400 From: "Salz, Rich" To: Eric Rescorla CC: Benjamin Kaduk , Paul Wouters , "saag@ietf.org" Thread-Topic: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 Thread-Index: AQHUWo2VH6xkljVOnEapGM4dLA+20qUMvd8AgAAHa4CAAAE8AIACAUuAgABl2wCAAEeVAP//vZeA Date: Thu, 4 Oct 2018 15:07:33 +0000 Message-ID: <55940029-09B6-4352-A5F0-AAED811EAB44@akamai.com> References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.11.0.180909 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.34.234] Content-Type: multipart/alternative; boundary="_000_5594002909B64352A5F0AAED811EAB44akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-04_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=960 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810040141 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-04_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=961 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810040141 Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 15:07:38 -0000 --_000_5594002909B64352A5F0AAED811EAB44akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 w5ggIFBlcmhhcHMgdGhlIG1vc3QgYXBwcm9wcmlhdGUgdGhpbmcgd291bGQgYmUgdG8gY2hhcmFj dGVyaXplIHRoZSAiTiIgbWFya2luZyBhcyAiaXQgaXMgbm90IGEgJ1JlY29tbWVuZGVkIGNvZGUg cG9pbnQnIi4NCg0KWWVzLiAgSeKAmWQgcHJlZmVyIOKAnC3igJwgaW5zdGVhZCBvZiDigJxO4oCd IGJ1dCBOQkQuDQo= --_000_5594002909B64352A5F0AAED811EAB44akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <9EDB5E4652F7CC4FB7CD224E35F49263@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1m YW1pbHk6Q29uc29sYXM7DQoJcGFub3NlLTE6MiAxMSA2IDkgMiAyIDQgMyAyIDQ7fQ0KLyogU3R5 bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3Jt YWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEx LjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQphOmxpbmssIHNwYW4u TXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRl eHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0Zv bGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1k ZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwcmUNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1z by1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCgltYXJnaW46MGluOw0KCW1h cmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJD b3VyaWVyIE5ldyI7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFs MA0KCXttc28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJn aW4tbGVmdDowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs c2Fucy1zZXJpZjt9DQpwLm0tMzMwNDEyNzkwNTg5MzQxNzA2NG1zb2xpc3RwYXJhZ3JhcGgsIGxp Lm0tMzMwNDEyNzkwNTg5MzQxNzA2NG1zb2xpc3RwYXJhZ3JhcGgsIGRpdi5tLTMzMDQxMjc5MDU4 OTM0MTcwNjRtc29saXN0cGFyYWdyYXBoDQoJe21zby1zdHlsZS1uYW1lOm1fLTMzMDQxMjc5MDU4 OTM0MTcwNjRtc29saXN0cGFyYWdyYXBoOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1h cmdpbi1yaWdodDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxl ZnQ6MGluOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMt c2VyaWY7fQ0Kc3Bhbi5IVE1MUHJlZm9ybWF0dGVkQ2hhcg0KCXttc28tc3R5bGUtbmFtZToiSFRN TCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHls ZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCI7DQoJZm9udC1mYW1pbHk6IkNvbnNvbGFzIixzZXJp Zjt9DQpzcGFuLkVtYWlsU3R5bGUyMQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsN Cglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQouTXNvQ2hwRGVmYXVsdA0KCXtt c28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdv cmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4w aW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQovKiBM aXN0IERlZmluaXRpb25zICovDQpAbGlzdCBsMA0KCXttc28tbGlzdC1pZDoxMTkwMzYzMzU7DQoJ bXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xNDAwOTcxMTYyO30NCkBsaXN0IGwwOmxldmVsMQ0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1z by1sZXZlbC10YWItc3RvcDouNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250 LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9y bWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEu MGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1 aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0K QGxpc3QgbDA6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t bGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEuNWluOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9u dC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJ bXNvLWxldmVsLXRhYi1zdG9wOjIuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglm b250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9w OjIuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDot LjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7 fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCglt c28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuMGluOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2kt Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw3 DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7 DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsN Cglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1z dG9wOjQuMGluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotLjI1aW47DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1i b2w7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN Cgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjQuNWluOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNvLWFu c2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDENCgl7 bXNvLWxpc3QtaWQ6MTczMzQ2NTE3Ow0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0 LXRlbXBsYXRlLWlkczotNTM5MDM4MjA0IDE2NTk0MjAyMjggNjc2OTg2OTEgNjc2OTg2OTMgNjc2 OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTM7fQ0KQGxp c3QgbDE6bGV2ZWwxDQoJe21zby1sZXZlbC1zdGFydC1hdDowOw0KCW1zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvg5g7DQoJbXNvLWxldmVsLXRhYi1zdG9w Om5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u MjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJbXNvLWZhcmVhc3QtZm9udC1mYW1pbHk6 Q2FsaWJyaTsNCgltc28tYmlkaS1mb250LWZhbWlseTpBcmlhbDt9DQpAbGlzdCBsMTpsZXZlbDIN Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJ bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBs aXN0IGwxOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl dmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2lu Z2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9u dC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWw2DQoJe21zby1s ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxl dmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl eHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDE6bGV2 ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv grc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxp c3QgbDE6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2 ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJp ZXIgTmV3Ijt9DQpAbGlzdCBsMTpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVs bGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZv bnQtZmFtaWx5OldpbmdkaW5nczt9DQpvbA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQp1bA0KCXtt YXJnaW4tYm90dG9tOjBpbjt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4t VVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24x Ij4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW47dGV4dC1pbmRlbnQ6LS4yNWluO21zby1s aXN0OmwxIGxldmVsMSBsZm8yIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9u dC1mYW1pbHk6V2luZ2RpbmdzIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7DmDxzcGFu IHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7IDwv c3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1 b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+UGVyaGFwcyB0aGUgbW9zdCBhcHByb3ByaWF0ZSB0 aGluZyB3b3VsZCBiZSB0byBjaGFyYWN0ZXJpemUgdGhlICZxdW90O04mcXVvdDsgbWFya2luZyBh cyAmcXVvdDtpdCBpcyBub3QgYSAnUmVjb21tZW5kZWQgY29kZSBwb2ludCcmcXVvdDsuPC9zcGFu PjxvOnA+PC9vOnA+PC9wcmU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5ZZXMuJm5ic3A7IEnigJlkIHByZWZl ciDigJwt4oCcIGluc3RlYWQgb2Yg4oCcTuKAnSBidXQgTkJELjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_5594002909B64352A5F0AAED811EAB44akamaicom_-- From nobody Thu Oct 4 08:50:46 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F610130EDD for ; Thu, 4 Oct 2018 08:50:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ymxqAURiJ-14 for ; Thu, 4 Oct 2018 08:50:35 -0700 (PDT) Received: from pdx1-sub0-mail-a9.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB4A6130EB8 for ; Thu, 4 Oct 2018 08:50:34 -0700 (PDT) Received: from pdx1-sub0-mail-a9.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a9.g.dreamhost.com (Postfix) with ESMTP id 34DA77E179; Thu, 4 Oct 2018 08:50:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=nkcxVf5hiy9PaMji+HaFvuPparg=; b=gSGNTqdDEtS 2NTuXE8Rb2DCvlbttkZ2tzcBES2Eq90B4PKJitB6wGYxqEPZ9MxYv/sVtAhn4uoE n8cFGKp3A6Fs06x8Y3s1vt2bYCfeDlNom8uMD66FUwpa4hpWtelwe4Qu8ZvQzb56 mROj9sYgssDGThvL+vMEC6TSegOu6BUc= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a9.g.dreamhost.com (Postfix) with ESMTPSA id EFEB57E17F; Thu, 4 Oct 2018 08:50:31 -0700 (PDT) Date: Thu, 4 Oct 2018 10:50:29 -0500 X-DH-BACKEND: pdx1-sub0-mail-a9 From: Nico Williams To: Sean Turner Cc: Rich Salz , Paul Wouters , "saag@ietf.org" Message-ID: <20181004155028.GK2164@localhost> References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 15:50:44 -0000 On Thu, Oct 04, 2018 at 10:53:20AM -0400, Sean Turner wrote: > > On Oct 4, 2018, at 10:49, Salz, Rich wrote: > > =E2=80=A2 The reasoning here was that having code points marked Not > > Recommended was better than having people squatting. > > =20 > > They=E2=80=99re actually =E2=80=9Cno comment=E2=80=9D as opposed to N= ot Recommended. The > > only way something gets to be recommended is if it=E2=80=99s a WG doc= ument. > > This is, admittedly, a fine point and could well be lost on many, > > but it=E2=80=99s important. >=20 > Agreed that it will be lost on most, but I think it kind of makes > sense. The interesting flip side here is that there are going to be > some perfectly good algorithms are not marked as Recommended. That is just fine. There's no reason we should want all "perfectly good algorithms" to be, or even any other than those we already have as, Recommended. To go from "no comment" to Recommended, a "perfectly good algorithm" would have to be more than perfectly good: the IETF would have to need additional Recommended algorithms due to obsolescence of existing ones. Nico --=20 From nobody Thu Oct 4 08:59:13 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 282C9130EF2 for ; Thu, 4 Oct 2018 08:59:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ajyW1HQp54v for ; Thu, 4 Oct 2018 08:59:03 -0700 (PDT) Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D59A5130EE8 for ; Thu, 4 Oct 2018 08:59:02 -0700 (PDT) Received: by mail-qt1-x829.google.com with SMTP id v19-v6so10459136qtg.2 for ; Thu, 04 Oct 2018 08:59:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wgjicPRMQRgKVUBMzddumVX/cRO/AGsasOa4aOOI8i0=; b=nSdbephbVfA/54005Z5nMQNp3y1CbpJXAyWHdip2ZRbEKo2FkUUXtd/d6xDB2uzFk8 TO+0iXVLsI2Am4Db18ASu4v12+e7Lf3fKGlgU7Gq0pLY2hN+VdYWiQMS+WkiNE4IZHIz GIuG7iPH2jNmpHBQBlSrPafSDuCXowdMibToc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wgjicPRMQRgKVUBMzddumVX/cRO/AGsasOa4aOOI8i0=; b=QSDJrKRTPKL4LxCxmURBUQh+u4tTu2u7mNSl2Y+TqT6IiQXzgQCImEe4V2NmlHTvdh sZLJbFk1PUAU2LSc7hkWuUUzIpCRPmNSA+/oIU5dTOfzqXPX3KmD+WjQm2piRnbOx7MM Ob45e60ab0zJksrVgPzgeLe6CHa5pV2hTmd9FQqgEeJ0zk45okWf5KrfUe+tT3+sWFL1 BSzzhuAXHGmuY1V8ffzKwAR2Queqa7YF8g5cmYY5IJJLTQBa1HbToN/u4c5AG0NXrudJ c3At4wPEH4DAJXSKPBw19+6Zqwpo92fCv2ushvEPe2Hqz7S4omliFBdwoaDaG5Vg3qAr q9tg== X-Gm-Message-State: ABuFfoiDP3+vqtaLRY5WFVF9Sq9mtcnBVE4xhjjN5RVjkaCY8p+tjF4z N2jxMMdS8OMmn8f41AuO8i+IAQ== X-Google-Smtp-Source: ACcGV63u9W6mqMUfjOOzgxSmvPO5II/AhAZJyVeXCGcjNzYcZgEWtu6L/kyHw1hY4ObvITFRSKWoPw== X-Received: by 2002:aed:3445:: with SMTP id w63-v6mr6039917qtd.339.1538668742075; Thu, 04 Oct 2018 08:59:02 -0700 (PDT) Received: from [172.16.0.18] ([96.231.224.191]) by smtp.gmail.com with ESMTPSA id x12-v6sm2699488qtk.6.2018.10.04.08.59.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Oct 2018 08:59:01 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Sean Turner In-Reply-To: <20181004155028.GK2164@localhost> Date: Thu, 4 Oct 2018 11:58:59 -0400 Cc: Rich Salz , Paul Wouters , "saag@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <0568644D-0598-4FF7-B250-985EBEEEA025@sn3rd.com> References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> <20181004155028.GK2164@localhost> To: Nico Williams X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 15:59:12 -0000 > On Oct 4, 2018, at 11:50, Nico Williams wrote: >=20 > On Thu, Oct 04, 2018 at 10:53:20AM -0400, Sean Turner wrote: >>> On Oct 4, 2018, at 10:49, Salz, Rich wrote: >>> =E2=80=A2 The reasoning here was that having code points marked = Not >>> Recommended was better than having people squatting. >>>=20 >>> They=E2=80=99re actually =E2=80=9Cno comment=E2=80=9D as opposed to = Not Recommended. The >>> only way something gets to be recommended is if it=E2=80=99s a WG = document. >>> This is, admittedly, a fine point and could well be lost on many, >>> but it=E2=80=99s important. >>=20 >> Agreed that it will be lost on most, but I think it kind of makes >> sense. The interesting flip side here is that there are going to be >> some perfectly good algorithms are not marked as Recommended. >=20 > That is just fine. There's no reason we should want all "perfectly = good > algorithms" to be, or even any other than those we already have as, > Recommended. >=20 > To go from "no comment" to Recommended, a "perfectly good algorithm" > would have to be more than perfectly good: the IETF would have to need > additional Recommended algorithms due to obsolescence of existing = ones. Exactly! spt= From nobody Thu Oct 4 09:04:28 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 817C8130E7F for ; Thu, 4 Oct 2018 09:04:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pfVcn9peTnRj for ; Thu, 4 Oct 2018 09:04:25 -0700 (PDT) Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06E37130E63 for ; Thu, 4 Oct 2018 09:04:25 -0700 (PDT) Received: by mail-qk1-x72b.google.com with SMTP id q5-v6so6077974qki.6 for ; Thu, 04 Oct 2018 09:04:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=dmEQ6XZeIhLYVg6gs7x0pvjCYLhEVGeQLMq0GuVzWcE=; b=GAanvkYxXVVQ+CugLqJPLjQFmYrCzOHL3bucl211V936aCsFI6ekDeXezrR3xF32fF 4GgAK0zgnQHEbYBLTBR3bZcQyMaT7PCklYqo1wJ8fjKoIJHymZy7v4XdbAiFyK4VoVAZ PbgKRvigXG5Or0gFccywwGlJmHmSsrnzmcDMo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=dmEQ6XZeIhLYVg6gs7x0pvjCYLhEVGeQLMq0GuVzWcE=; b=Z1F2UZS9R2otElvQ/1kdt7qS/Se9OmXH9sQfCmrDpcN3f4PiVa+1qiqRlyaQA0ejx4 2UxCit7I4cE75ypDpKbt4Q0CWlvr/3BZ+rrZFyl6AwzA07uBO0l5fIVc+EcaPVwRvMlr MKf0CXExwThKwkPqjnklOS7PCZZLJznOVN1o27XhxjTNruShmf+tObUf6PZn1cBotVzO MQRfMntyXRFCSilw79xmAbH717ORqVz/I52Ubxyqra52OfOuX3TJDdWpevBjWGk0xyuq 8BJ2pwSoreNVRBw7m55HpLLyTQUgX5cOzxKmNwQ0uRXbhQero1slUARhvnvSPbzQUnT6 +Lew== X-Gm-Message-State: ABuFfogXkRqMVkBAGioG09OxcTarMtu8KMMNQdiCVsHnoeZSwcoDr4cS 9hGg1VollEZlOLI99uCCCbRawxgTn9k= X-Google-Smtp-Source: ACcGV60DrvjDRn4B0DEzX/Qfrmmw0tVUwFA+yK6hd++Fj5ngdKXvmfHc6f3dmRUHJRVXesqr/Y30qw== X-Received: by 2002:a37:1fd3:: with SMTP id n80-v6mr5815829qkh.56.1538669064081; Thu, 04 Oct 2018 09:04:24 -0700 (PDT) Received: from [172.16.0.18] ([96.231.224.191]) by smtp.gmail.com with ESMTPSA id k185-v6sm2362999qkd.27.2018.10.04.09.04.22 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Oct 2018 09:04:23 -0700 (PDT) From: Sean Turner Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Thu, 4 Oct 2018 12:04:22 -0400 References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <20181002220720.GD56675@kduck.kaduk.org> <4DCAFB4A-9CDB-4692-9382-FBD04DC8FA16@akamai.com> <55940029-09B6-4352-A5F0-AAED811EAB44@akamai.com> To: "saag@ietf.org" In-Reply-To: <55940029-09B6-4352-A5F0-AAED811EAB44@akamai.com> Message-Id: <6E9F236F-DD6F-4EB6-9893-0B7DAB7041BF@sn3rd.com> X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 16:04:27 -0000 > On Oct 4, 2018, at 11:07, Salz, Rich wrote: >=20 > =C3=98 Perhaps the most appropriate thing would be to characterize = the "N" marking as "it is not a 'Recommended code point'". > =20 > Yes. I=E2=80=99d prefer =E2=80=9C-=E2=80=9C instead of =E2=80=9CN=E2=80= =9D but NBD. In hindsight, =E2=80=9C-=E2=80=9C would have been a little less in your = face. But, one of the things we also wanted to deal with were = complaints by implementors that some customers were combing through the = IANA registries and requesting that everything be implemented. IMHO an = =E2=80=9CN=E2=80=9D works better there. spt From nobody Thu Oct 4 13:44:13 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48815130E87 for ; Thu, 4 Oct 2018 13:44:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7SUUfdwaVAgv for ; Thu, 4 Oct 2018 13:44:10 -0700 (PDT) Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B945130DE3 for ; Thu, 4 Oct 2018 13:44:09 -0700 (PDT) X-AuditID: 12074424-511ff70000003854-be-5bb67b974d1e Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 3B.E7.14420.79B76BB5; Thu, 4 Oct 2018 16:44:08 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w94Ki5cr009730; Thu, 4 Oct 2018 16:44:06 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w94Ki1aN013479 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 4 Oct 2018 16:44:03 -0400 Date: Thu, 4 Oct 2018 15:44:01 -0500 From: Benjamin Kaduk To: Eric Rescorla Cc: Michael Richardson , Paul Wouters , saag@ietf.org Message-ID: <20181004204400.GP56675@kduck.kaduk.org> References: <7CB10AE4-09C1-4AC5-B255-6489EF1FAE78@akamai.com> <02a901d45aac$e83d4030$b8b7c090$@augustcellars.com> <14967.1538573464@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupgleLIzCtJLcpLzFFi42IR4hRV1p1RvS3aoGElm8WK1+fYLXoO9bNb vL91icliSn8nkwOLx5IlP5k8vs9j8pj8uI3Zo2XOHuYAligum5TUnMyy1CJ9uwSujKdzj7EU XOGpmHziAUsDYwtXFyMnh4SAiUTv5yaWLkYuDiGBxUwSGzovsIMkhAQ2MErs/6oKYV9hknh5 VBDEZhFQkWjbO5cNxGYDshu6LzOD2CICChK//pwAGsTBwSyQKnHztxdIWFggX+LJoalgI3mB dn3fcJ0RYtc3JomGBbfYIBKCEidnPmEBsZkFtCRu/HvJBDFHWmL5Pw6QMKdAoMSpaZuZQGxR AWWJvX2H2CcwCsxC0j0LSfcshO4FjMyrGGVTcqt0cxMzc4pTk3WLkxPz8lKLdM31cjNL9FJT SjcxggKZ3UVlB2N3j/chRgEORiUe3hfK26KFWBPLiitzDzFKcjApifI+erM1WogvKT+lMiOx OCO+qDQntfgQowQHs5IIb3gJUDlvSmJlVWpRPkxKmoNFSZx3YsviaCGB9MSS1OzU1ILUIpis DAeHkgSvYRVQo2BRanpqRVpmTglCmomDE2Q4D9Dw/5Ugw4sLEnOLM9Mh8qcYdTnanl6fwSzE kpeflyolzpsGMkgApCijNA9uDigBSWTvr3nFKA70ljDvZJAqHmDygpv0CmgJE9AS+ZwtIEtK EhFSUg2Mi/U2KWvc8c01PmjYvWHpByX+jLpmgSMTmyYnRcWxveE2ezrBy1OVKy6SKaQz96u/ afdPXrMFym/40jmmneaKn6y6emeEupH72o+frj24z31L+tKnuu/d5kuqPrWtvZZt/WTmE8lj gTp5+3smeglMeMyV1y/+01v6bqlVlo7Mo+nBf4z4UhOUWIozEg21mIuKEwEZQCyBGwMAAA== Archived-At: Subject: Re: [saag] Discuss at SAAG? was Re: nation state crypto profiles - draft-jenkins-cnsa-cmc-profile-00 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 20:44:12 -0000 I think I may have lost track of the threading, but I'll note that for the TLS registries, we do use Specification Required, with a note about what constitutes a valid specification that explicitly allows I-Ds that are not progressed any further. -Ben On Wed, Oct 03, 2018 at 09:46:24PM -0700, Eric Rescorla wrote: > At least part of the discussion around SR versus ER was about the validity > of I-Ds. Specifically, we wanted I-Ds to be a valid form of documentation > and there was some disagreement about whether they were for the purposes of > Specification Required. ER allowed us to specify that threshold clearly. > > -Ekr > > > On Wed, Oct 3, 2018 at 6:31 AM Michael Richardson > wrote: > > > > > Yoav Nir wrote: > > > They still need to ask IANA for an assignment, and IANA would refer > > it > > > to the designated experts. Those designated experts (Rich, Nick, and > > I > > > for TLS) can enforce that the document is available in English. In > > > > Why would you insist on this? > > If the community wanted Specification Required, wouldn't we have said that, > > rather than Expert Review? > > > > -- > > Michael Richardson , Sandelman Software Works > > -= IPv6 IoT consulting =- > > > > > > > > _______________________________________________ > > saag mailing list > > saag@ietf.org > > https://www.ietf.org/mailman/listinfo/saag > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag From nobody Thu Oct 4 20:21:12 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB454126DBF for ; Thu, 4 Oct 2018 20:21:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=Do5hMGEh; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=WwuTEheo Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0XoaxEUdNxxK for ; Thu, 4 Oct 2018 20:21:06 -0700 (PDT) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45BAB128CFD for ; Thu, 4 Oct 2018 20:21:06 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id F2A1521ADD for ; Thu, 4 Oct 2018 23:21:02 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 04 Oct 2018 23:21:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=from :content-type:mime-version:subject:message-id:references:to :date; s=fm3; bh=1uciw3TAra4lG2/3uRQOUHG0kFsM2JiSBrhBVLUEzCI=; b= Do5hMGEhUB/Esd4hBn/xidZShLkZjBHdTabnCqhtyIe7dtcnQnIZQP0PxLFj2/rC XgCZt5bKldnuii3h8cKcY/2/lnQ/Jo5tCa2u9FZ6/HGhXwhqtlUj7VJ+/+mDfWjc yP/pU+0xz3OLik7u0mobWKpQfT5R6dazPes6y+22QvM1ADVauxKbPzOtRJIfM695 n+2m6qiCzuI0RiIDEwGnZMaY7u0Mh+V0tU6oCLqVd30GR1rZzpjNp306Mibfvx6e +EZojSg4WWmGF+lm0gT9EPim9Y2CAu1Gy+fMP7eCS/07NzPBKJC0PqJ31hcJyxmC qnJ+ZRR0z1NHmF6ZhEvzTw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=1uciw3TAra4lG2/3u RQOUHG0kFsM2JiSBrhBVLUEzCI=; b=WwuTEheonqx6sMCD0y+7wNvvftjKdb/ia SDPoV/Fq2sJv5F/pwfPKaSxw+KBmEbYuKWk26soJoVlpyocV8XyDGL/+lPyVuFDN f81clVChWp+BGbdUYoJZXsObYjXb+zRfOO9U0gQ2kB755MIqLTSSiwoZCwF6vJb4 8SwFwa8EkH2kjb9HWZ77l8M/xUJv8cyq1O4gnfJj4S//YUmxzdgSJPaHdICJSasO iuXIMS2KCC1CXIE4KOwjlRJcnFEDr8Pn0JweWhzPBEPspjni0lWtO0GqI6+pwXaX OB+qvoOxY5gdtQUn2iIHmP/8ElsyLgoF+EE7zdOOofnpcn51OVVBw== X-ME-Sender: X-ME-Proxy: Received: from attitudadjuster.mnot.net (unknown [144.136.175.28]) by mail.messagingengine.com (Postfix) with ESMTPA id 740FB102DE for ; Thu, 4 Oct 2018 23:21:00 -0400 (EDT) From: Mark Nottingham Content-Type: multipart/alternative; boundary="Apple-Mail=_77921E18-D4FC-4B0F-BA9C-8B78733E5F3E" Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Message-Id: References: To: saag@ietf.org Date: Fri, 5 Oct 2018 13:20:57 +1000 X-Mailer: Apple Mail (2.3445.100.39) Archived-At: Subject: [saag] W3C Workshop on Strong Authentication and Identity X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2018 03:21:10 -0000 --Apple-Mail=_77921E18-D4FC-4B0F-BA9C-8B78733E5F3E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii FYI. It's not clear who's participating / contributing to this from an = IETF standpoint, at least AFAICT. > Begin forwarded message: >=20 > W3C is pleased to call for participation in: >=20 > W3C Workshop on Strong Authentication and Identity > December 10-11 2018, Redmond, WA > = https://www.w3.org/Security/strong-authentication-and-identity-workshop/ = = >=20 > Thanks to Microsoft for hosting the workshop. >=20 > This workshop will look to provide an existing standards landscape, > roadmap and potential future work for how strong identity and strong > authentication should work on the web. A successful workshop will be = how > to align recent W3C specifications (WebAuthn, Verifiable Claims, Web > Payments) and work that is ongoing in the W3C Credentials Community > Group (DID, DIDAuth) along with IETF and ISO, as well as other = existing > community standards such as Open ID Connect, Oauth, SAML, etc. -- Mark Nottingham https://www.mnot.net/ --Apple-Mail=_77921E18-D4FC-4B0F-BA9C-8B78733E5F3E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii FYI. = It's not clear who's participating / contributing to this from an IETF = standpoint, at least AFAICT.


Begin = forwarded message:

W3C is pleased to call for = participation in:

  W3C Workshop on Strong = Authentication and Identity
  December 10-11 2018, Redmond, WA
  https://www.w3.org/Security/strong-authentication-and-identity-= workshop/

Thanks to Microsoft for = hosting the workshop.

This workshop will look to = provide an existing standards landscape,
roadmap and potential future = work for how strong identity and strong
authentication should work on = the web. A successful workshop will be how
to align recent W3C = specifications (WebAuthn, Verifiable Claims, Web
Payments) and work that is = ongoing in the W3C Credentials Community
Group (DID, DIDAuth) along = with IETF and ISO, as well as other existing
community standards such as = Open ID Connect, Oauth, SAML, etc.

--
Mark Nottingham  =  https://www.mnot.net/

= --Apple-Mail=_77921E18-D4FC-4B0F-BA9C-8B78733E5F3E-- From nobody Fri Oct 12 00:49:43 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1018C130E08 for ; Fri, 12 Oct 2018 00:49:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bblfish-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_ksHA_lHIeB for ; Fri, 12 Oct 2018 00:49:39 -0700 (PDT) Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E090D130DFB for ; Fri, 12 Oct 2018 00:49:38 -0700 (PDT) Received: by mail-wr1-x441.google.com with SMTP id 63-v6so12332882wra.11 for ; Fri, 12 Oct 2018 00:49:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bblfish-net.20150623.gappssmtp.com; s=20150623; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=+CW/+okuEcpqA2lFgKHpYFOtAjaqJF8KVEQKulZ+R3k=; b=jXLITbOMqjk21rPKftHW/STlDF0nFJIcawoZ9ynplPat8Z8MkKrtNFhNKKW0ITa0xF xY/ZHdZASlGBk2RfR5RQSRc9W61jX6xWMRloxFKV9EylQA7RjdTh12jNQP+vFBeeNawU kpIkX7JOto8HCZFXr7m6GYuzzoDllOn9pHWPyP+3G5DYuOffXe41q9Uzff3wrzHkodhE CUjecPI7vL2KFtFpgqSWWGiH2FpJreVaVLaISJa/R+0lPzAnRSTVScEgUqW2Bjwuv6uo Q3qEHETdiMb9JFb5VFHY/ugaPTQbTvk9kwPjV+Tws6qkcRjbOgiGguBBDloX/FufQoyg 36Lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=+CW/+okuEcpqA2lFgKHpYFOtAjaqJF8KVEQKulZ+R3k=; b=SPVTOxLDn9/1nzR4O69/0uaDfEtMJBZ0KokvzjqsLXp8qRDuIXw3jDKqIXNy6uY/Jw KwjoU8dji8iCmjgMiFEpg529lxJptWHjwykKIjfZbTjrTBY7E2G9wgVuHxrUlaCs9FjD h5w4wvmt5kbgrMmebn5V2NAqiL3vqjth0smVABLmZLOysGVGI2vG0+Qmig37lUsJ8EJP lSxhw6jbZOV6zOqI+Ub+ouLhmNgoQXBmbwTaGNHBh5x6W0mXjYNTnP+oJks81k7vgo9z EYRyT6Nm3aZWiSjRAJBaGmz+lofNV1j2Hoc9wFKGGq5zgMJzMbvpLSBifWwV9MuVQOs8 vkzw== X-Gm-Message-State: ABuFfoizg5d+3tISwu5YpnEgyfTTn673TQjiqJJY6Gzw5FhQwX7D6XH8 NY84rIyUPxeh6DhmMlRsd1+oFYh7V8w= X-Google-Smtp-Source: ACcGV60M9YosIMUG7MPa/sNSVwUVY3DW0pEOmKCWTsNa5Fq4zJGT98BLvtBKTi0MbGU0XmsL+cDK0g== X-Received: by 2002:adf:b244:: with SMTP id y4-v6mr4220140wra.90.1539330576821; Fri, 12 Oct 2018 00:49:36 -0700 (PDT) Received: from [192.168.43.200] ([80.12.39.249]) by smtp.gmail.com with ESMTPSA id h63-v6sm510153wmf.31.2018.10.12.00.49.35 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Oct 2018 00:49:35 -0700 (PDT) From: Henry Story Content-Type: multipart/alternative; boundary="Apple-Mail=_A000A69D-D28A-4F56-86E9-898546EFA84F" Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Date: Fri, 12 Oct 2018 09:49:33 +0200 References: <20180715004421.246C720024FBA4@ary.qy> <20180715015127.GH33554@straasha.imrryr.org> <8D99AB13-5A8A-4425-8613-03AB228704CE@bblfish.net> <31612.1531750339@localhost> <48DDA580-5502-4A1F-B2BA-9D2639147B80@bblfish.net> <5F5F3CD6-2EB4-4456-96EE-804310BC258B@gmail.com> <0C438763-56A4-42F5-8D4D-7B09A56AE8E9@bblfish.net> <1775793239.1010578.1532362142537@mail.yahoo.com> <425C3EFB-ECD9-4C4C-A4C5-0786600538F9@gmail.com> <1751939009.1122154.1532375452369@mail.yahoo.com> To: "saag@ietf.org" In-Reply-To: <1751939009.1122154.1532375452369@mail.yahoo.com> Message-Id: <7DC7AC37-5FD1-47BC-A2C0-01849862A8A5@bblfish.net> X-Mailer: Apple Mail (2.3445.100.39) Archived-At: Subject: Re: [saag] stopping (https) phishing X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2018 07:49:42 -0000 --Apple-Mail=_A000A69D-D28A-4F56-86E9-898546EFA84F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi all, Just following up on the July thread a bit. Has anything come of the = idea of an RG for this? I ask as I have been full time reading up on category theory and (modal) = logic for my second year PhD report which I need to defend in 2 weeks now. So I = finally have a bit of=20 time to breathe. Here is a presentation I gave on the topic at the International = Semantic Web Conference that was held in Monterey this week.=20 https://youtu.be/_-hy5WKMg2g It also explains the architecture of the SoLiD project which Tim Berners = Lee's startup https://www.inrupt.com/ , and which you may have seen in the news. Henry Story > On 23 Jul 2018, at 21:50, Nalini J Elkins = > wrote: >=20 >=20 >=20 >=20 > > I think it would be great if we could organize some sort of Bar BOF = or even less formal get together to talk about this. Maybe just stay = late in one of the room one night??? >=20 > Sure. I am working with some of the enterprises to get some concrete = examples of what has worked, what has not, and other concerns. >=20 > We can maybe even meet in an actual bar! Let's discuss more as time = approaches. >=20 > Thanks, > Bret > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing = that can not be unscrambled is an egg." >=20 >> On Jul 23, 2018, at 10:09 AM, Nalini J Elkins = > wrote: >>=20 >> I am willing to help also. >>=20 >>=20 >> This is an important problem for enterprises. You may be familiar = with the OPM data breach which was most likely started by a phishing = attack. >>=20 >> = https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach = = >>=20 >> I wonder if we want to have some type of meeting in Bangkok. >> Thanks, >>=20 >> Nalini Elkins >> CEO and Founder >> Inside Products, Inc. >> www.insidethestack.com >> (831) 659-8360 >>=20 >>=20 >>=20 >> ________________________________ >> From: Tim Hollebeek >> To: Adam Montville ; John R. Levine = =20 >> Cc: "saag@ietf.org" >> Sent: Monday, July 23, 2018 8:56 AM >> Subject: Re: [saag] stopping (https) phishing >>=20 >>=20 >>=20 >> I'd help, too. This is an important problem. I think I would favor = a RG because >> I haven't seen any ideas proposed yet that would have a significant = impact on >> the problem, though some people seem to be thinking along the right = directions. >> It's a tough problem. >>=20 >> -Tim >>=20 >>=20 >>> -----Original Message----- >>> From: saag On Behalf Of Adam Montville >>> Sent: Sunday, July 22, 2018 8:05 AM >>> To: John R. Levine >>> Cc: saag@ietf.org >>> Subject: Re: [saag] stopping (https) phishing >>>=20 >>> Whether a WG or an RG, I=E2=80=99d be interested in helping here. >>>=20 >>> On Jul 21, 2018, at 8:00 PM, John R. Levine wrote: >>>=20 >>>>> I for one would really like to see the IETF setup a working group = for this >>> specific topic, it would be good to work through this and find a = solution that >>> works. I would be willing to help out here and will dedicate time to = this effort. >>>>=20 >>>> I don't think there is enough stuff here to merit WG. Perhaps talk = to the IRTF >>> about an RG to explore ideas not ready to standardize. >>>>=20 >>>>=20 >>>>>=20 >>>>> Bret >>>>>=20 >>>>> Sent from my Commodore 128D >>>>>=20 >>>>> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 = 0050 >>>>>=20 >>>>>> On Jul 21, 2018, at 2:40 PM, John R. Levine = wrote: >>>>>>=20 >>>>>> On Sat, 21 Jul 2018, Henry Story wrote: >>>>>>>> How would this IWoT differ from what CAs were supposed to do? >>>>>>>=20 >>>>>>> That is easy. IWoT would be based on institutions that tie into >>>>>>> nation or region based local registries that tie into national = anchors that >>> may tie into federal ones (as in the USA, or Germany). >>>>>>=20 >>>>>> This sounds a lot like the industry-specific CAs I proposed, only = this >>> depends on a great deal of software that does not exist and probably = never >>> will. >>>>>>=20 >>>>>> R's, >>>>>> John >>>>>>=20 >>>>>> _______________________________________________ >>>>>> saag mailing list >>>>>> saag@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/saag >>>>>=20 >>>>=20 >>>> Regards, >>>> John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet = for >>>> Dummies", Please consider the environment before reading this = e-mail. >>>> https://jl.ly >>>>=20 >>>> _______________________________________________ >>>> saag mailing list >>>> saag@ietf.org >>>> https://www.ietf.org/mailman/listinfo/saag >>>=20 >>> _______________________________________________ >>> saag mailing list >>> saag@ietf.org >>> https://www.ietf.org/mailman/listinfo/saag >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag >>=20 >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag >=20 >=20 >=20 >=20 > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag --Apple-Mail=_A000A69D-D28A-4F56-86E9-898546EFA84F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Hi = all,

Just following up on the = July thread a bit. Has anything come of the idea of an RG for this?

I ask as I have been = full time reading up on category theory and (modal) logic for =  my
second year PhD report which I need to = defend in 2 weeks now. So I finally have a bit of 
time to breathe.

= Here is a presentation I gave on the topic at the International = Semantic Web Conference that
was held in Monterey = this week. 

    https://youtu.be/_-hy5WKMg2g

It also explains the architecture of = the SoLiD project which Tim Berners Lee's startup https://www.inrupt.com/ ,
and = which you may have seen in the news.

Henry Story

On 23 Jul 2018, at 21:50, = Nalini J Elkins <nalini.elkins@insidethestack.com> wrote:




> I think it would be great if we could organize some sort = of Bar BOF or even less formal get together to talk about this. Maybe = just stay late in one of the room one night???

Sure.  I am working with some of the enterprises to get = some concrete examples of what has worked, what has not, and other = concerns.

We can maybe even meet in = an actual bar!   Let's discuss more as time = approaches.

Thanks,
Bret
PGP = Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE = 7415 0050
"Without = cryptography vihv vivc ce xhrnrw, however, the only thing that can not = be unscrambled is an egg."

On = Jul 23, 2018, at 10:09 AM, Nalini J Elkins <nalini.elkins@insidethestack.= com> wrote:

I = am willing to help also.


This is an important problem for enterprises. =  You may be familiar with the OPM data breach which was most likely = started by a phishing attack.

https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_= breach

I wonder if we want to have some type of meeting = in Bangkok.
Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
www.insidethestack.com
(831) 659-8360



________________________________
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Adam Montville <adam.w.montville@gmail.com>; John R. Levine <johnl@iecc.com>
Cc: "saag@ietf.org" <saag@ietf.org>
Sent: Monday, July 23, 2018 8:56 = AM
Subject: Re: [saag] = stopping (https) phishing



I'd = help, too.  This is an important problem.  I think I would = favor a RG because
I haven't = seen any ideas proposed yet that would have a significant impact on
the problem, though some people = seem to be thinking along the right directions.
It's a tough problem.

-Tim

-----Original Message-----
From: saag <saag-bounces@ietf.org> On Behalf Of Adam Montville
Sent: Sunday, July 22, 2018 8:05 = AM
To: John R. Levine <johnl@iecc.com>
Cc: saag@ietf.org
Subject: Re: [saag] stopping = (https) phishing

Whether a WG or an RG, I=E2=80=99d = be interested in helping here.

On = Jul 21, 2018, at 8:00 PM, John R. Levine <johnl@iecc.com> = wrote:

I for = one would really like to see the IETF setup a working group for this
specific = topic, it would be good to work through this and find a solution that
works. I would be willing to help = out here and will dedicate time to this effort.

I don't think = there is enough stuff here to merit WG.  Perhaps talk to the = IRTF
about an RG = to explore ideas not ready to standardize.



Bret

Sent from my Commodore 128D

PGP = Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

On Jul 21, 2018, at 2:40 PM, John R. Levine <johnl@iecc.com> = wrote:

On Sat, 21 Jul 2018, Henry Story wrote:
How = would this IWoT differ from what CAs were supposed to do?

That is easy. IWoT would be based on = institutions that tie into
nation or region based local registries that tie = into national anchors that
may tie into federal ones (as in the USA, or Germany).

This sounds a lot like the = industry-specific CAs I proposed, only this
depends = on a great deal of software that does not exist and probably never
will.

R's,
John
_______________________________________________saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag


Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet = for
Dummies", Please consider = the environment before reading this e-mail.
https://jl.ly
_______________________________________________saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

_______________________________________________saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag
_____________________________________= __________
saag mailing = list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

_______________________________________________saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag



=
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

= --Apple-Mail=_A000A69D-D28A-4F56-86E9-898546EFA84F-- From nobody Fri Oct 12 05:55:57 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E839130E0F for ; Fri, 12 Oct 2018 05:55:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.655 X-Spam-Level: X-Spam-Status: No, score=0.655 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URI_HEX=1.122] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4mgQ-bhpXsR for ; Fri, 12 Oct 2018 05:55:52 -0700 (PDT) Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110090.outbound.protection.outlook.com [40.107.11.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31DDB1277CC for ; Fri, 12 Oct 2018 05:55:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ILuLscNjJ1EkqPmCU1JEVCQlBfzqaSgF5e94KWdrtuI=; b=Nl++Up+OzABLtGIryW9MdimvS9hEL2yxegc71E49Iki5Fmp6lek5JgRTkEMLFwYF3gbMlRld8dQ8L+O/37Oph/TB6I3tl8By459r2stG9wpMqL7stL4TI1/iYg2ijWQgly8o3vgCntDC5UFPJfQs3OiwnSsD5dL5a5d6Lz/bmPA= Received: from MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM (10.166.238.153) by MMXP123MB0046.GBRP123.PROD.OUTLOOK.COM (10.166.237.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1228.25; Fri, 12 Oct 2018 12:55:49 +0000 Received: from MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM ([fe80::457a:fbc4:adfd:379]) by MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM ([fe80::457a:fbc4:adfd:379%5]) with mapi id 15.20.1228.020; Fri, 12 Oct 2018 12:55:48 +0000 From: Kirsty P To: Henry Story , "saag@ietf.org" Thread-Topic: [saag] stopping (https) phishing Thread-Index: AQHUYgA1rLUoWM3nGkmeYQ7RBZedFaUbkBfn Date: Fri, 12 Oct 2018 12:55:48 +0000 Message-ID: References: <20180715004421.246C720024FBA4@ary.qy> <20180715015127.GH33554@straasha.imrryr.org> <8D99AB13-5A8A-4425-8613-03AB228704CE@bblfish.net> <31612.1531750339@localhost> <48DDA580-5502-4A1F-B2BA-9D2639147B80@bblfish.net> <5F5F3CD6-2EB4-4456-96EE-804310BC258B@gmail.com> <0C438763-56A4-42F5-8D4D-7B09A56AE8E9@bblfish.net> <1775793239.1010578.1532362142537@mail.yahoo.com> <425C3EFB-ECD9-4C4C-A4C5-0786600538F9@gmail.com> <1751939009.1122154.1532375452369@mail.yahoo.com>, <7DC7AC37-5FD1-47BC-A2C0-01849862A8A5@bblfish.net> In-Reply-To: <7DC7AC37-5FD1-47BC-A2C0-01849862A8A5@bblfish.net> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kirsty.p@ncsc.gov.uk; x-originating-ip: [51.141.34.27] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MMXP123MB0046; 6:ANo/go2LnFVGJT9WdICxNzeFIBFRulNwTsm3+wGkF8ZPIR8VTrn/g5tbSok5CWklSJytjzUmB9UkAhuF9CoYionxGTcxaWU6FUVUS1pLUl5JM6+fAuQ+wHS6y7+/DOWfcA3EN8s5nlVKHsMo/BGs5f0S3ocOyiDsDjm8o57gTZkNlGZYpeCDy1JMi8rPm5TfvzSMmDQH/jSi2TgbDsq25KWbuEZe9i2sTc8XDAf0gsrGeYhd+6dWVwTBV4jYCZl24/42LKuWbzX3GA8Hokcq+CwX/jEYaRwzG2RJnLNCq0aYH+JK8Kt7tqgwmoQQTr07zx48t1sgZRjIcu674T8TMoVe+kUmN5oLaMSv/oSesGRWkAvt9pMSIRlRrnu9aR0PGbKgmLXcIGHb2J8QF+NtUNZIhk5m3Q2NaY+60DXr9QoAIawcRKSqTsYxPcyPp/LQIQLSP5o0WYKLovFRfqrMf0NLFcqSDaB8o4uMmKACDBM=; 5:T3a+YLxqVG9/6Fto9wuVBXkVQGCwl6e/UT8f/BHS/z0blXmv8E6XpdOfv21GSYu6kDnJGQD8Xfzrk2Krq8rNfK3qNvLBZDSOBfFrFv+bNtdCOcK7hEjIvrd54SRF7GpBGgPqYj1Bj0z5uOrS0dSv5M+v8mniap8000LYZKgF7A4=; 7:NgnOU0F66MB5z7N8+6OYNC5aRpwl7F7QCcktXJuEoz3UyQXBV+4nbE4PubW60fhU6u5aGQcp1endIhPLIroEe2EHeuptvCGlrPpONpcw/FkuFEYqo3vh6nJ8N8/CJjVJpBbeIc6PU3G5CU5Ol8zCgJtMbr9i+iqU831bq5MrxpRSFtilW7F73SrZjBZrd2jyT4mYWjBbPzz/1JTTLXP9ifto6DzmHLiWAzvhrEkAmdjOklMenpN9AWo5979q9IC/ x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 03412c6f-43b8-4042-09a7-08d630420892 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:MMXP123MB0046; x-ms-traffictypediagnostic: MMXP123MB0046: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(268559375225159)(17755550239193)(85827821059158)(27231711734898)(45079756050767)(189930954265078); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149066)(150057)(6041310)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(201708071742011)(7699051)(76991067); SRVR:MMXP123MB0046; BCL:0; PCL:0; RULEID:; SRVR:MMXP123MB0046; x-forefront-prvs: 0823A5777B x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(136003)(39850400004)(396003)(346002)(376002)(54094003)(53824002)(53754006)(13464003)(189003)(199004)(2906002)(7696005)(11346002)(76176011)(97736004)(5660300001)(966005)(316002)(476003)(86362001)(6246003)(256004)(110136005)(71190400001)(71200400001)(14444005)(72206003)(19627405001)(446003)(486006)(53546011)(106356001)(6506007)(105586002)(25786009)(3846002)(6606003)(66574009)(99286004)(75922002)(68736007)(478600001)(6116002)(2501003)(236005)(26005)(1015004)(102836004)(81166006)(66066001)(8676002)(33656002)(229853002)(74316002)(606006)(81156014)(74482002)(93886005)(55236004)(5250100002)(8936002)(14454004)(53936002)(7736002)(186003)(2900100001)(6436002)(6306002)(9686003)(54896002)(55016002); DIR:OUT; SFP:1102; SCL:1; SRVR:MMXP123MB0046; H:MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts) x-microsoft-antispam-message-info: 6KwMxeap2RqjM2K72uaIY/1Uzx+DZx9mkbFqafEwLpEA8EMRMPhG8+Bq4KQ28AUcehnc7iJDLzxwGNrNwaBeYr1+sUSiV+CSInkHNC/f9GSh09k1IGjUSySiLbxyF1ogpdKLN93n6BIj9+zEXvva8hWVGV+S0CaMdGWOSjWx1/SFvkEvcvyES6mIWrAECq6KKHkeIde+VLRLv77AltPMpHYLGv7XfWpdAeWDcgfB4eiaus2xhduvbfwTYtm4heSiELnR1aOAiPFp1QTK01z5NIRgJxNE/ojvlltUDHkT1KIU7Det5WBlk5ptIv3GF9aUt1aLUVwfEebHFUwy8ClJaMt20ADW96VRlLstL0T+gRw= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_MMXP123MB0847A9C2C923226FD7EBC0ACD7E20MMXP123MB0847GBRP_" MIME-Version: 1.0 X-OriginatorOrg: ncsc.gov.uk X-MS-Exchange-CrossTenant-Network-Message-Id: 03412c6f-43b8-4042-09a7-08d630420892 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2018 12:55:48.8266 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MMXP123MB0046 Archived-At: Subject: Re: [saag] stopping (https) phishing X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2018 12:55:56 -0000 --_000_MMXP123MB0847A9C2C923226FD7EBC0ACD7E20MMXP123MB0847GBRP_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Henry, Yes, it has! We've proposed the SMART RG (Stopping Malware and Researching = Threats): https://www.irtf.org/mailman/listinfo/smart We're having a planning meeting in Bangkok (time/date TBC), so please subsc= ribe to the list for updates, comment on the problems and the charter that = we've posted there, and contribute your ideas! Kirsty ________________________________ From: saag on behalf of Henry Story Sent: 12 October 2018 08:49:33 To: saag@ietf.org Subject: Re: [saag] stopping (https) phishing Hi all, Just following up on the July thread a bit. Has anything come of the idea o= f an RG for this? I ask as I have been full time reading up on category theory and (modal) lo= gic for my second year PhD report which I need to defend in 2 weeks now. So I finally = have a bit of time to breathe. Here is a presentation I gave on the topic at the International Semantic We= b Conference that was held in Monterey this week. https://youtu.be/_-hy5WKMg2g It also explains the architecture of the SoLiD project which Tim Berners Le= e's startup https://www.inrupt.com/ , and which you may have seen in the news. Henry Story On 23 Jul 2018, at 21:50, Nalini J Elkins > wrote: > I think it would be great if we could organize some sort of Bar BOF or ev= en less formal get together to talk about this. Maybe just stay late in one= of the room one night??? Sure. I am working with some of the enterprises to get some concrete examp= les of what has worked, what has not, and other concerns. We can maybe even meet in an actual bar! Let's discuss more as time appro= aches. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can= not be unscrambled is an egg." On Jul 23, 2018, at 10:09 AM, Nalini J Elkins > wrote: I am willing to help also. This is an important problem for enterprises. You may be familiar with the= OPM data breach which was most likely started by a phishing attack. https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach I wonder if we want to have some type of meeting in Bangkok. Thanks, Nalini Elkins CEO and Founder Inside Products, Inc. www.insidethestack.com (831) 659-8360 ________________________________ From: Tim Hollebeek > To: Adam Montville >; John R. Levine > Cc: "saag@ietf.org" > Sent: Monday, July 23, 2018 8:56 AM Subject: Re: [saag] stopping (https) phishing I'd help, too. This is an important problem. I think I would favor a RG b= ecause I haven't seen any ideas proposed yet that would have a significant impact = on the problem, though some people seem to be thinking along the right directi= ons. It's a tough problem. -Tim -----Original Message----- From: saag > On Behalf = Of Adam Montville Sent: Sunday, July 22, 2018 8:05 AM To: John R. Levine > Cc: saag@ietf.org Subject: Re: [saag] stopping (https) phishing Whether a WG or an RG, I=92d be interested in helping here. On Jul 21, 2018, at 8:00 PM, John R. Levine > wrote: I for one would really like to see the IETF setup a working group for this specific topic, it would be good to work through this and find a solution t= hat works. I would be willing to help out here and will dedicate time to this e= ffort. I don't think there is enough stuff here to merit WG. Perhaps talk to the = IRTF about an RG to explore ideas not ready to standardize. Bret Sent from my Commodore 128D PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 On Jul 21, 2018, at 2:40 PM, John R. Levine > wrote: On Sat, 21 Jul 2018, Henry Story wrote: How would this IWoT differ from what CAs were supposed to do? That is easy. IWoT would be based on institutions that tie into nation or region based local registries that tie into national anchors that may tie into federal ones (as in the USA, or Germany). This sounds a lot like the industry-specific CAs I proposed, only this depends on a great deal of software that does not exist and probably never will. R's, John _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag Regards, John Levine, johnl@iecc.com, Primary Perpetrator of = "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag This information is exempt under the Freedom of Information Act 2000 (FOIA)= and may be exempt under other UK information legislation. Refer any FOIA q= ueries to ncscinfoleg@ncsc.gov.uk --_000_MMXP123MB0847A9C2C923226FD7EBC0ACD7E20MMXP123MB0847GBRP_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Henry,


Yes, it has! We've proposed = the SMART RG (Stopping Malware and Researching Threats): https:/= /www.irtf.org/mailman/listinfo/smart


We're having a planning = ;meeting in Bangkok (time/date TBC), so pl= ease subscribe to the list for updates, = comment on the problems and the charter that we've posted there, and c= ontribute your ideas!


Kirsty

From: saag <saag-bounces= @ietf.org> on behalf of Henry Story <henry.story@bblfish.net>
Sent: 12 October 2018 08:49:33
To: saag@ietf.org
Subject: Re: [saag] stopping (https) phishing
 
Hi all,

Just following up on the July thread a bit. Has anything come of the idea o= f an RG for this?

I ask as I have been full time reading up on category theor= y and (modal) logic for  my
second year PhD report which I need to defend in 2 weeks no= w. So I finally have a bit of 
time to breathe.

= Here is a presentation I gave on the topic at the International Sema= ntic Web Conference that
was held in Monterey this week. 

    https://youtu.be/_-hy5WKMg2g

It also explains the architecture of the SoLiD project whic= h Tim Berners Lee's startup https://www.inrupt.com/ ,
and which you may have seen in the news.

Henry Story

On 23 Jul 2018, at 21:50, Nalini J Elkins <nalini.elkins@insidethest= ack.com> wrote:




> I think= it would be great if we could organize some sort of Bar BOF or even less f= ormal get together to talk about this. Maybe just stay late in one of the r= oom one night???

Sure.  = I am working with some of the enterprises to get some concrete examples of = what has worked, what has not, and other concerns.

We can maybe even meet in an actual bar!   Let's discuss more = as time approaches.

Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thi= ng that can not be unscrambled is an egg."

On Jul 23, 2018, at 10:09 AM, Nalini J Elkins <nalini.elkins@insidethestack.com> wrote:

I am willing to help also.


This is an important problem for enterprises.  You may be familiar wit= h the OPM data breach which was most likely started by a phishing attack.
https://en.wikipedi= a.org/wiki/Office_of_Personnel_Management_data_breach

I wonder if we want to have some type of meeting in Bangkok.
Thanks,

Nalini Elkins
CEO and Founder
Inside Products, Inc.
www.insidethestack.com=
(831) 659-8360



________________________________
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Adam Montville <adam.w.montville@gmail.com>; John R. Levine <johnl@iecc.com>
Cc: "saag@ietf.org&quo= t; <saag@ietf.org> Sent: Monday, July 23, 2018 8:56 AM
Subject: Re: [saag] stopping (https) phishing



I'd help, too.  This is an important problem.  I think I would fa= vor a RG because
I haven't seen any ideas proposed yet that would have a significant impact = on
the problem, though some people seem to be thinking along the right directi= ons.
It's a tough problem.

-Tim


-----Original Message--= ---
From: saag <saag-bou= nces@ietf.org> On Behalf Of Adam Montville
Sent: Sunday, July 22, 2018 8:05 AM
To: John R. Levine <johnl@i= ecc.com>
Cc: saag@ietf.org
Subject: Re: [saag] stopping (https) phishing

Whether a WG or an RG, I=92d be interested in helping here.

On Jul 21, 2018, at 8:00 PM, John R. Levine <johnl@iecc.com> wrote:

I for one would really = like to see the IETF setup a working group for this
specific topic, it would be good to work through this and find a solution t= hat
works. I would be willing to help out here and will dedicate time to this e= ffort.

I don't think there is enough stuff here to merit WG.  Perhaps talk to= the IRTF
about an RG to explore ideas not ready to standardize.



Bret

Sent from my Commodore 128D

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
On Jul 21, 2018, at 2:4= 0 PM, John R. Levine <johnl= @iecc.com> wrote:

On Sat, 21 Jul 2018, Henry Story wrote:
How would this IWoT dif= fer from what CAs were supposed to do?

That is easy. IWoT would be based on institutions that tie into
nation or region based local registries that tie into national anchors that=
may tie into federal ones (as in the USA, or Germany).

This sounds a lot like the industry-specific CAs I proposed, only this
depends on a great deal of software that does not exist and probably never<= br clear=3D"none" class=3D"x_yiv4571483899"> will.

R's,
John

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag


Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for
Dummies", Please consider the environment before reading this e-mail.<= br clear=3D"none" class=3D"x_yiv4571483899"> https://jl.ly

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag



_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

This information is exempt under the Freedom of Information Act 2000 (FOIA)= and may be exempt under other UK information legislation. Refer any FOIA q= ueries to ncscinfoleg@ncsc.gov.uk --_000_MMXP123MB0847A9C2C923226FD7EBC0ACD7E20MMXP123MB0847GBRP_-- From nobody Fri Oct 12 05:58:30 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC38B1277CC for ; Fri, 12 Oct 2018 05:58:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-kBhdm9Z5x1 for ; Fri, 12 Oct 2018 05:58:22 -0700 (PDT) Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8B2B130E0F for ; Fri, 12 Oct 2018 05:58:22 -0700 (PDT) Received: by mail-qt1-x82f.google.com with SMTP id u34-v6so13681350qth.3 for ; Fri, 12 Oct 2018 05:58:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YeJBnI6D36pHsdiI8UAtosCP4nVXuh64y3WVTSnBXI4=; b=Pz158ax4xqU97L5395736uCPauFeDZ7bkpIxzsDV7K8cPh/Rgz3rYYkrPj5/r6Tgz5 hVIfL9b2Xq51qYrF6bWUuSYk13kcJvwccmEG4xV48PnzCde8A9p9v+4e4A1ArEL7YU2c 4RoW8XArhfwqJAG726ZTN6v36mjIotFjLKTAgEbPmSczKu/aTt7mfj3fp3RZMOn00MP0 3giIGZCRbXB/f/nfz7H2E1tt6H9oKCTXrjAXrqJWDUm0CF1ojFnVYZkzZ/DB+rJ2XCkP stHM21+3gc7Ki0+H7UDeMalUaTFdfJdF/e2MK6GKuQu1V4SzG7KJI4pXiYWrqe9OB4mE k2MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YeJBnI6D36pHsdiI8UAtosCP4nVXuh64y3WVTSnBXI4=; b=lTyIXKlogpLsph3xxCk21f8r76oD/GNuDai8Ci3eli39a6HgttEawg0grsesOD6IqW egxJZaDnt/HBY5AJU/p3ROIghS3UiMpzuHCZiLYRlyowoIPqJVoy+KE4XTf8E1+emtJm 77hkS3PJuaDjsYZY2FfQoharMGq/EdXt78+ttEE7MKPetj5fygguYMskMkn3R0RRrBGo 73EC9dW3Dyplv9wTWQ16z7AGdYu3y0g0N5DQ36RtGwPoyuxVBaaee5SWql+w1Cs7+5mD hz5kJqRRlgKaF68VTHUjR3lToHzNJfTupDzHnqyrnFtfdKht+/xmEpHkr7Uqri5Kll+s yWVg== X-Gm-Message-State: ABuFfogMUJFOkbeHqxyI2H6Vm2z3j/F2H9/FDrl62hB/SwmuyMClJ7sh rhyo6cdRNyPn+NVDBl2kBO9Blnvr X-Google-Smtp-Source: ACcGV62NouKzqYfGThOOYU3ExPM1JqYEGWvlp16jEXwzobVFN5FmCL8dpcFQuBXga+20E3UWiZ4DMg== X-Received: by 2002:ac8:362a:: with SMTP id m39-v6mr5500140qtb.210.1539349101699; Fri, 12 Oct 2018 05:58:21 -0700 (PDT) Received: from ?IPv6:2600:380:8e10:dbc7:1561:312f:ea60:ab96? ([2600:380:8e10:dbc7:1561:312f:ea60:ab96]) by smtp.gmail.com with ESMTPSA id i26-v6sm748512qta.34.2018.10.12.05.58.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Oct 2018 05:58:21 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Kathleen Moriarty X-Mailer: iPhone Mail (15E216) In-Reply-To: Date: Fri, 12 Oct 2018 08:58:20 -0400 Cc: Bret Jordan , saag@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20180715004421.246C720024FBA4@ary.qy> <20180715015127.GH33554@straasha.imrryr.org> <8D99AB13-5A8A-4425-8613-03AB228704CE@bblfish.net> <31612.1531750339@localhost> <48DDA580-5502-4A1F-B2BA-9D2639147B80@bblfish.net> <5F5F3CD6-2EB4-4456-96EE-804310BC258B@gmail.com> <0C438763-56A4-42F5-8D4D-7B09A56AE8E9@bblfish.net> To: "John R. Levine" Archived-At: Subject: Re: [saag] stopping (https) phishing X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2018 12:58:28 -0000 Sent from my mobile device On Jul 21, 2018, at 9:00 PM, John R. Levine wrote: >> I for one would really like to see the IETF setup a working group for thi= s specific topic, it would be good to work through this and find a solution t= hat works. I would be willing to help out here and will dedicate time to thi= s effort. >=20 > I don't think there is enough stuff here to merit WG. Perhaps talk to the= IRTF about an RG to explore ideas not ready to standardize. >=20 >=20 This would be a good fit for SMART, a proposed research group that casts a w= ider net. Best regards, Kathleen=20 >>=20 >> Bret >>=20 >> Sent from my Commodore 128D >>=20 >> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 >>=20 >>> On Jul 21, 2018, at 2:40 PM, John R. Levine wrote: >>>=20 >>> On Sat, 21 Jul 2018, Henry Story wrote: >>>>> How would this IWoT differ from what CAs were supposed to do? >>>>=20 >>>> That is easy. IWoT would be based on institutions that tie into nation o= r region based local >>>> registries that tie into national anchors that may tie into federal one= s (as in the USA, or Germany). >>>=20 >>> This sounds a lot like the industry-specific CAs I proposed, only this d= epends on a great deal of software that does not exist and probably never wi= ll. >>>=20 >>> R's, >>> John >>>=20 >>> _______________________________________________ >>> saag mailing list >>> saag@ietf.org >>> https://www.ietf.org/mailman/listinfo/saag >>=20 >=20 > Regards, > John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dumm= ies", > Please consider the environment before reading this e-mail. https://jl.ly >=20 > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag From nobody Thu Oct 18 10:53:14 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48175130DC6 for ; Thu, 18 Oct 2018 10:53:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mof86TEUzkat for ; Thu, 18 Oct 2018 10:53:09 -0700 (PDT) Received: from gproxy3-pub.mail.unifiedlayer.com (gproxy3-pub.mail.unifiedlayer.com [69.89.30.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 232CB130DC0 for ; Thu, 18 Oct 2018 10:53:09 -0700 (PDT) Received: from cmgw11.unifiedlayer.com (unknown [10.9.0.11]) by gproxy3.mail.unifiedlayer.com (Postfix) with ESMTP id 12046408B2 for ; Thu, 18 Oct 2018 11:23:37 -0600 (MDT) Received: from box514.bluehost.com ([74.220.219.114]) by cmsmtp with ESMTP id DC1Ig0kwXd20TDC1Igxzq5; Thu, 18 Oct 2018 11:23:36 -0600 X-Authority-Reason: nr=8 Received: from c-67-188-157-169.hsd1.ca.comcast.net ([67.188.157.169]:59312 helo=[10.0.0.188]) by box514.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from ) id 1gDC1I-004Iqt-Mq for saag@ietf.org; Thu, 18 Oct 2018 11:23:36 -0600 References: To: IETF Security Area Advisory Group From: =JeffH X-Forwarded-Message-Id: Message-ID: <75917ef3-e3a8-9312-d62b-633bd4dcbe39@Kingsmountain.com> Date: Thu, 18 Oct 2018 10:23:35 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="------------BF028E818834E7DD698FF1D8" Content-Language: en-US X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - box514.bluehost.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - Kingsmountain.com X-BWhitelist: no X-Source-IP: 67.188.157.169 X-Source-L: No X-Exim-ID: 1gDC1I-004Iqt-Mq X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: c-67-188-157-169.hsd1.ca.comcast.net ([10.0.0.188]) [67.188.157.169]:59312 X-Source-Auth: jeff.hodges@kingsmountain.com X-Email-Count: 1 X-Source-Cap: a2luZ3Ntb3U7a2luZ3Ntb3U7Ym94NTE0LmJsdWVob3N0LmNvbQ== X-Org: HG=bhcustomer;ORG=bluehost; X-Local-Domain: yes Archived-At: Subject: [saag] fyi: [blink-dev] Intent to Deprecate: TLS 1.0 and TLS 1.1 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2018 17:53:13 -0000 This is a multi-part message in MIME format. --------------BF028E818834E7DD698FF1D8 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit --------------BF028E818834E7DD698FF1D8 Content-Type: message/rfc822; name="[blink-dev] Intent to Deprecate: TLS 1_0 and TLS 1_1" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="[blink-dev] Intent to Deprecate: TLS 1_0 and TLS 1_1" X-Mozilla-Keys: Return-Path: Delivered-To: jeff.hodges@kingsmountain.com Received: from box514.bluehost.com by box514.bluehost.com with LMTP id MMxlDOhUxlswqAAAzHfe+A for ; Tue, 16 Oct 2018 15:15:20 -0600 Return-path: Envelope-to: jeff.hodges@kingsmountain.com Delivery-date: Tue, 16 Oct 2018 15:15:20 -0600 Received: from mail-qt1-f198.google.com ([209.85.160.198]:36106) by box514.bluehost.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from ) id 1gCWgQ-000BGC-V4 for jeff.hodges@kingsmountain.com; Tue, 16 Oct 2018 15:15:20 -0600 Received: by mail-qt1-f198.google.com with SMTP id u28-v6sf26309048qtu.3 for ; Tue, 16 Oct 2018 14:15:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1539724507; cv=pass; d=google.com; s=arc-20160816; b=B4N2JImNkuicMBAH8O+qqSgGm0xZky4Y05aFHkrxSB6Gjv5cthAUawmGeRuQlMH17G rvDgncWDBtulM4ZaX9wpywtHZWY4G84IqKELw79/tQOS9rWakO4B2xwvdRWClJUE9w1n KvsFS9CGJBNCQ3SmgW7mLizdZbaoH0DgH4aUr2ZeUo2WblatLTAsWsry0y77pS32c34Y BPfTKzstg0aZW8rFHYoY5TQvrO/HMMUBSAjFHYYCyKsgwu7XUS/T7ZWiv8zums1tn3pC toEK/Ui3djrUrv6bh1YBjIlllukCCtxi4LB4PdDySZvjQC3cHIC646TLpBk+D5kr3A2D c20Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:to:subject:message-id:date:from :mime-version:dkim-signature; bh=AaDrUtTxy2UwvTVHnWz1nhh/Urhh8puzooU70d8Ap8c=; b=lrLRu9IdZHVW4KFSWal8rwqUtAu2CUknVgYuVBRBR+mk2XkIKoqHuyihmZG2qPSVWw F1rSWLnOy32jecagUmRauBqlx3SOxaMQTmQeaHs1JAgpNBvw2wPRyhGW6xrK1OAHPNFF hi0rCwAg8iB97Yr1gC5M4zGH/gcRmkDCmFm9rNl1sFsLrJuOw0bAZPvrctiV8lS62xCE movx1IFfGVtlFsfbZ5NElt/3rVzyZF548SGfe85gBYpe3HQ9RAXx/GNSIjkAXBeluQ6R CSMHMlpj6t64gx/frAh1GHBPOHzGiZdphLkslXFHrHJ2VtzA7CgTfHH8ku9p8GK67cfS JiuA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=XuvXqjRn; spf=pass (google.com: domain of davidben@google.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=davidben@google.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:from:date:message-id:subject:to:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=AaDrUtTxy2UwvTVHnWz1nhh/Urhh8puzooU70d8Ap8c=; b=WMpAKnHJL0RR1x+HccTgiObRwz3uzJXZmUD+L0X29wSbvUrGOaqOdO89/DW23SPyS/ Tuh1mvuzcvw77wB5oALeJxPwSNEud1D+DV7HnBB1LUPjuUxGRsuq4tBrpW+OykO0yl1O Kxrbx6SPadoP6xD86y1BJPnSdaRhqnPeJREWI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:x-spam-checked-in-group:list-post:list-help :list-archive:list-subscribe:list-unsubscribe; bh=AaDrUtTxy2UwvTVHnWz1nhh/Urhh8puzooU70d8Ap8c=; b=gUBzbZ520SmuGxmNg0ZaQUUgWsi7CEyTGWWXFQW6QwQLAZHhu7rWYXzHsjcHxP20B5 fa92iQyk1ZHQXbuAxq7VY0pJ5d23yenN603hJ4IVQ94TEO71UnSyu2graRr7A2o/iH2D RUsfloXiqQ8Im7CQETMvOLoP6qDLnY03345D8k3V7OKlENxhSALHNYNjewMBMMSjFYfV 3ci5oC0LErKP6ETfgFAg4mb9sEXxEKtMsdm46f0/rvBXHDSUUGTsrsK7uFLlYMGcbRhW gwp6CNxcChyZQH7h+VyeG5VWZvYWPdKu5xa/jPv/DsJ2o1HLtf3aE3icdjBA5PKarnxp P1Og== X-Gm-Message-State: ABuFfohgA3bzKg7qO9GTRFBn/e97FftyxpnTSZB0dwxMQGv7/y4CgS9Y jUZVnsh92ov/XN4ApRG/KE9z+A== X-Google-Smtp-Source: ACcGV63nM7xwxn9Zd8T5y6uPWizjMvuhAGbjrOTq31G05LGHzUenvzpgXLdp4oM3kkfxR/5ARCYBdw== X-Received: by 2002:ac8:4517:: with SMTP id q23-v6mr19414261qtn.31.1539724507369; Tue, 16 Oct 2018 14:15:07 -0700 (PDT) X-BeenThere: blink-dev@chromium.org Received: by 2002:aed:36ca:: with SMTP id f68-v6ls9804568qtb.6.gmail; Tue, 16 Oct 2018 14:15:07 -0700 (PDT) X-Received: by 2002:ac8:d02:: with SMTP id q2-v6mr21917583qti.182.1539724506864; Tue, 16 Oct 2018 14:15:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539724506; cv=none; d=google.com; s=arc-20160816; b=rMDaDbP7W/Nfs7VtU+Yu6ztjpV1g2obiMX6ez+lMGWnuXRS1/9BXvC9qo5JjRdZdRh Jc6rnmL+PLafXraQm+9cYKnV9vAJn4e9EDrwmL0LtxLQVq3iuK8ZAkaiQ743zYTdm5FE KhLGM8p0U6lBCI2du8PGJ908V5iCX/iz//RH1bHGbv+wH4/B15RfDeTwT2EmyU0w0sLL AEDc1wkVUK1nMXdMwWVHOvE+bcGL3oUvDrfpOnF68nd8RxMVBGMmhc6S8rmc0YP6fDif MMYeCpoEYRzClCUyRz+rKRvU+MLetVW029gOoTRaaPNJHjuCGY6Sw+ymPDgWc67YOmVO Fegg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=EtZfn2tgvbfufhclIei+IUdZH4w2PfHUXn8STPuzUzU=; b=kDDWh5KspNH2FXgBEbd7PfFDlTs/SrJtf06fluT/QDS6S2y3jKA0M/Xxv4wAFfQ/VM zV9zy6yeX4c2t2K3NYXAFPrAJ0tnJm3vcznjI9yxvDrllk2pWNCx6NgQxrbMaDda5a3v doIbdBCEhD0f/B4zR6oHZWq//FZ/LDbbl9rxPTuZytNQHdRdqTMLaacXLfnmT31f42jj p5WKN2WL4LEE5R9HD2EO/Sl45MXsRYqbSS2YJ0lid6fCBiDfeC8lw9QlqTpnN81Md67P d+OFqOsEP9BvRmw5PFLa9UI3MdpYK5GGAG1jFN33kTlvbicsT30j5VeMFhiSpHmDEWts 9Esw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=XuvXqjRn; spf=pass (google.com: domain of davidben@google.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=davidben@google.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id f50sor17778423qvf.41.2018.10.16.14.15.06 for (Google Transport Security); Tue, 16 Oct 2018 14:15:06 -0700 (PDT) Received-SPF: pass (google.com: domain of davidben@google.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; X-Received: by 2002:a05:6214:188:: with SMTP id q8mr10750189qvr.227.1539724506145; Tue, 16 Oct 2018 14:15:06 -0700 (PDT) MIME-Version: 1.0 From: David Benjamin Date: Tue, 16 Oct 2018 16:14:53 -0500 Message-ID: Subject: [blink-dev] Intent to Deprecate: TLS 1.0 and TLS 1.1 To: blink-dev , net-dev , security-dev Content-Type: multipart/alternative; boundary="0000000000003e5ca305785f0c6d" X-Original-Sender: davidben@chromium.org X-Original-Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=XuvXqjRn; spf=pass (google.com: domain of davidben@google.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=davidben@google.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Precedence: list Mailing-list: list blink-dev@chromium.org; contact blink-dev+owners@chromium.org List-ID: X-Spam-Checked-In-Group: blink-dev@chromium.org X-Google-Group-Id: 353025422469 List-Post: , List-Help: , List-Archive: List-Subscribe: , List-Unsubscribe: , X-Spam-Status: No, score=-2.8 X-Spam-Score: -27 X-Spam-Bar: -- X-Ham-Report: Spam detection software, running on the system "box514.bluehost.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: (This was announced as a blog post yesterday.) Primary eng (and PM) emails davidben@chromium.org [...] Content analysis details: (-2.8 points, 5.4 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: pcisecuritystandards.org] -0.8 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [209.85.160.198 listed in wl.mailspike.net] -0.5 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.8 RCVD_IN_MSPIKE_WL Mailspike good senders -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager -0.2 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender 0.5 AWL AWL: Adjusted score from AWL reputation of From: address X-Spam-Flag: NO --0000000000003e5ca305785f0c6d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable (This was announced as a blog post yesterday.) Primary eng (and PM) emails davidben@chromium.org awhalley@chromium.org Summary Deprecate TLS 1.0 and 1.1 in Chrome, targeting removal in Chrome 81 (early 2020). During the deprecation period, sites using those protocols will show a warning in DevTools. After which, they will fail to connect if they have not upgraded to TLS 1.2 by then. Motivation TLS (Transport Layer Security) is the protocol which secures HTTPS. It has a long history stretching back to the nearly twenty-year-old TLS 1.0 and its even older predecessor, SSL. TLS 1.2 , published ten years ago, addresses several weaknesses in TLS 1.0 and 1.1: - TLS 1.0 and 1.1 use MD5 and SHA-1, both weak hashes, in the transcript hash for the Finished message. TLS 1.2 switches this to SHA-2. (See the SLOTH attack.) - TLS 1.0 and 1.1 use MD5 and SHA-1 in the server signature (note this is not the signature in the certificate). TLS 1.2 makes this negotiable and adds SHA-2 as an option. (Also see the SLOTH attack.) - TLS 1.0 and 1.1 only support RC4 and CBC ciphers. RC4 is broken and has since been removed. TLS=E2=80= =99s CBC mode construction is flawed and was vulnerable to a series of attacks, m= ost recently Lucky13 . TLS 1.2 introduces AEAD -based ciphers which avoid this and are more efficient. - TLS 1.0=E2=80=99s CBC ciphers additionally construct their initializatio= n vectors incorrectly, making them vulnerable to the BEAST attack. TLS 1.1 fixed this. Supporting TLS 1.2 is a prerequisite to avoiding the above problems. Additionally, the industry has been moving towards this deprecation. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and 1.1. Interoperability and Compatibility Risk Once removed, sites that only support TLS 1.0 or 1.1 will fail to connect. The current usage is a little high (0.5%, see below), but we are providing an extended deprecation period. The target removal date is Chrome 81, due early 2020. Additionally, other browsers are also deprecating these protocols: Edge: Supported, positive to removal Firefox: Supported, positive to removal Safari: Supported, positive to removal Enterprise deployments can preview the TLS 1.0 and 1.1 removal today by setting the SSLVersionMin policy to =E2=80=9Ctls1.2=E2=80=9D. For enterpris= e deployments that need more time, this same policy can be used to re-enable TLS 1.0 or TLS 1.1 until January 2021. Alternative implementation suggestion for web developers Sites should enable TLS 1.2 or later. We also encourage all sites to revisit their TLS configuration. Our current criteria for modern TLS is the following: - TLS 1.2 or later. - An ECDHE- and AEAD-based cipher suite. AEAD-based cipher suites are those using AES-GCM or ChaCha20-Poly1305. ECDHE_RSA_WITH_AES_128_GCM_SHA= 256 is the recommended option for most sites. - The server signature should use SHA-2. Note this is not the signature in the certificate, made by the CA. Rather, it is the signature made by the server itself, using its private key. The older options=E2=80=94CBC-mode cipher suites, RSA-encryption key exchan= ge, and SHA-1 server signatures=E2=80=94all have known cryptographic flaws. Each ha= s been removed in the newly-published TLS 1.3 . We retain them at prior versions for compatibility with legacy servers, but we will be evaluating them over time for eventual deprecation. Note that supporting TLS 1.2 and the above options is completely backwards-compatible. They do not require a new certificate, and sites which need to talk to legacy clients may support both modern and obsolete settings at the same time. However, some attacks are enabled by merely supporting older versions, so servers should not enable legacy options where unnecessary. Usage information from UseCounter 0.5% of HTTPS connections made from Chrome negotiate TLS 1.0 or TLS 1.1. Entry on the feature dashboard https://www.chromestatus.com/feature/5654791610957824 Requesting approval to remove too? The target removal is M81, in early 2020. As that=E2=80=99s over a year awa= y, I=E2=80=99ll leave that for another Intent. But we=E2=80=99ll include this in the DevToo= ls warning. --=20 You received this message because you are subscribed to the Google Groups "= blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to blink-dev+unsubscribe@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromi= um.org/d/msgid/blink-dev/CAF8qwaCiPd5nCE7Z75oUszJFXDDwn2w72wx8m%3DTzHMFX%3D= bWOQA%40mail.gmail.com. --0000000000003e5ca305785f0c6d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

(This was announced as a blog post yesterday.)


Primary eng (and PM) emails

davidben@chromium.org

awhalley@chromium.org<= /a>


Summary

Deprecate TLS 1.0 and 1.= 1 in Chrome, targeting removal in Chrome 81 (early 2020). During the deprec= ation period, sites using those protocols will show a warning in DevTools. = After which, they will fail to connect if they have not upgraded to TLS 1.2= by then.


Motivation

TLS (Tra= nsport Layer Security) is the protocol which secures HTTPS. It has a long h= istory stretching back to the nearly twenty-year-old TLS 1.0 and its even o= lder predecessor, SSL. TLS 1.2, published ten years ago, addresse= s several weaknesses in TLS 1.0 and 1.1:



Supporting TLS 1.2 is a prerequisite = to avoiding the above problems. Additionally, the industry has been moving = towards this deprecation. TLS 1.0 is no longer PCI-DSS compliant and the TLS= working group has adopted a document to deprecate TLS 1.0 and 1.1.


Interop= erability and Compatibility Risk

Once removed, sites that only= support TLS 1.0 or 1.1 will fail to connect. The current usage is a little= high (0.5%, see below), but we are providing an extended deprecation perio= d. The target removal date is Chrome 81, due early 2020. Additionally, othe= r browsers are also deprecating these protocols:


Edge: Supported, positive to removal

Firefox: Supported, positive to rem= oval

Safari: Supporte= d, positive to removal


Enterprise deployments can prev= iew the TLS 1.0 and 1.1 removal today by setting the SSLVersionMin policy t= o =E2=80=9Ctls1.2=E2=80=9D. For enterprise deployments that need more time,= this same policy can be used to re-enable TLS 1.0 or TLS 1.1 until January= 2021.


Alternative implementation suggesti= on for web developers

Sites should enable TLS 1.2 or later. We= also encourage all sites to revisit their TLS configuration. Our current c= riteria for modern TLS is the following:

  • TLS 1.2 or later.

  • An ECDHE- and AEAD-based cipher suite. AEAD-based= cipher suites are those using AES-GCM or ChaCha20-Poly1305. ECDHE_RSA_WITH= _AES_128_GCM_SHA256 is the recommended option for most sites.

  • The server signature should use SHA-2. Note this is not the= signature in the certificate, made by the CA. Rather, it is the signature = made by the server itself, using its private key.

The= older options=E2=80=94CBC-mode cipher suites, RSA-encryption key exchange,= and SHA-1 server signatures=E2=80=94all have known cryptographic flaws. Ea= ch has been removed in the newly-published TLS 1.3. We retain the= m at prior versions for compatibility with legacy servers, but we will be e= valuating them over time for eventual deprecation.


Note th= at supporting TLS 1.2 and the above options is completely backwards-compati= ble. They do not require a new certificate, and sites which need to talk to= legacy clients may support both modern and obsolete settings at the same t= ime. However, some attacks are enabled by merely supporting older versions,= so servers should not enable legacy options where unnecessary.

<= br>

Usage information from UseCounte= r

0.5% of HTTPS connections made from Chrome negotiate TLS= 1.0 or TLS 1.1.


Entry on the featur= e dashboard

https://www.chromestatus.com/feature/56547= 91610957824


Requesting approval to rem= ove too?

The target removal is M81, in early 2020. As that=E2= =80=99s over a year away, I=E2=80=99ll leave that for another Intent. But w= e=E2=80=99ll include this in the DevTools warning.


--
You received this message because you are subscribed to the Google Groups &= quot;blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to blink-dev+uns= ubscribe@chromium.org.
To view this discussion on the web visit h= ttps://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAF8qwaCiPd5nCE7Z= 75oUszJFXDDwn2w72wx8m%3DTzHMFX%3DbWOQA%40mail.gmail.com.
--0000000000003e5ca305785f0c6d-- --------------BF028E818834E7DD698FF1D8-- From nobody Thu Oct 18 11:02:47 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DFA9130DD0 for ; Thu, 11 Oct 2018 02:28:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sotonac.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7mlTYOkKVD3e for ; Thu, 11 Oct 2018 02:28:16 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30046.outbound.protection.outlook.com [40.107.3.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3EF7130DCB for ; Thu, 11 Oct 2018 02:28:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sotonac.onmicrosoft.com; s=selector1-soton-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ua9LJgRI/Xvy7fHLJKJV4v83nFiZQuVaQwmrIYn5kks=; b=FBYqGGq4ytqSVhTsr460QWiA1CPwF8nbGN5/XOI9i2i+MjIa4Yw68GRyM6rPQh+yvTQ+RJ05O6EcgO3/Ds5pci5hmZgS2CTSJVLwntFZLEiGviO/6640OyR7qX8H5eOGP1dVlq3eCgU/f70CLscq2S9tBsSiGVrngkhlYPvGjY4= Received: from HE1PR0401CA0078.eurprd04.prod.outlook.com (2603:10a6:3:19::46) by AM5PR04MB3169.eurprd04.prod.outlook.com (2603:10a6:206:c::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1228.24; Thu, 11 Oct 2018 09:28:10 +0000 Received: from VE1EUR03FT020.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::205) by HE1PR0401CA0078.outlook.office365.com (2603:10a6:3:19::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1228.21 via Frontend Transport; Thu, 11 Oct 2018 09:28:10 +0000 Authentication-Results: spf=pass (sender IP is 152.78.119.52) smtp.mailfrom=soton.ac.uk; insidethestack.com; dkim=none (message not signed) header.d=none;insidethestack.com; dmarc=bestguesspass action=none header.from=soton.ac.uk; Received-SPF: Pass (protection.outlook.com: domain of soton.ac.uk designates 152.78.119.52 as permitted sender) receiver=protection.outlook.com; client-ip=152.78.119.52; helo=smtp.soton.ac.uk; Received: from smtp.soton.ac.uk (152.78.119.52) by VE1EUR03FT020.mail.protection.outlook.com (10.152.18.242) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.1228.17 via Frontend Transport; Thu, 11 Oct 2018 09:28:09 +0000 Received: from SRV00048.soton.ac.uk ([169.254.11.132]) by SRV00045.soton.ac.uk ([152.78.119.52]) with mapi id 14.03.0399.000; Thu, 11 Oct 2018 10:27:54 +0100 From: Story H.J. To: Nalini J Elkins CC: Bret Jordan , "John R. Levine" , "saag@ietf.org" Thread-Topic: [saag] stopping (https) phishing Thread-Index: AQHUYUSvinUXJ7QTUEmBkZd8Hqc1nA== Date: Thu, 11 Oct 2018 09:27:53 +0000 Message-ID: <62EE2E0F-DD14-4282-A645-8E946AEA7AE7@soton.ac.uk> References: <20180715004421.246C720024FBA4@ary.qy> <20180715015127.GH33554@straasha.imrryr.org> <8D99AB13-5A8A-4425-8613-03AB228704CE@bblfish.net> <31612.1531750339@localhost> <48DDA580-5502-4A1F-B2BA-9D2639147B80@bblfish.net> <5F5F3CD6-2EB4-4456-96EE-804310BC258B@gmail.com> <0C438763-56A4-42F5-8D4D-7B09A56AE8E9@bblfish.net> <1775793239.1010578.1532362142537@mail.yahoo.com> <425C3EFB-ECD9-4C4C-A4C5-0786600538F9@gmail.com> <1751939009.1122154.1532375452369@mail.yahoo.com> In-Reply-To: <1751939009.1122154.1532375452369@mail.yahoo.com> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [92.184.101.244] Content-Type: multipart/alternative; boundary="_000_62EE2E0FDD144282A6458E946AEA7AE7sotonacuk_" MIME-Version: 1.0 X-OrganizationHeadersPreserved: SRV00045.soton.ac.uk X-EOPAttributedMessage: 0 X-CrossPremisesHeadersPromoted: VE1EUR03FT020.eop-EUR03.prod.protection.outlook.com X-CrossPremisesHeadersFiltered: VE1EUR03FT020.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:152.78.119.52; IPV:CAL; SCL:-1; CTRY:GB; EFV:NLI; SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(39860400002)(396003)(136003)(2980300002)(438002)(199004)(53824002)(13464003)(53754006)(54094003)(189003)(6246003)(53416004)(16586007)(606006)(86362001)(2900100001)(229853002)(316002)(786003)(236005)(356004)(6306002)(246002)(54896002)(3846002)(6916009)(6116002)(966005)(84326002)(36756003)(5660300001)(93886005)(2906002)(7736002)(7636002)(83716004)(71190400001)(26005)(53386004)(186003)(77096007)(33656002)(156004)(8676002)(15974865002)(102836004)(39060400002)(72206003)(478600001)(7696005)(82746002)(14444005)(53546011)(76176011)(4326008)(33964004)(126002)(476003)(486006)(104016004)(2616005)(11346002)(336012)(426003)(446003)(26826003)(8936002)(74482002)(106466001)(106002)(54906003)(66066001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5PR04MB3169; H:smtp.soton.ac.uk; FPR:; SPF:Pass; LANG:en; PTR:srv00045.soton.ac.uk; A:0; MX:1; X-Microsoft-Exchange-Diagnostics: 1; VE1EUR03FT020; 1:ENfSqpnP1Vd4y5bDhjO4b0xPl9u5Hk5f+ooOcmyra72grrHTIZimP1trfFsLY5yv4yGq7Fmq9CaLmj1qZ1Y6XY1Cj9kVBxdLRDjW/EKneoPQ1zNkRMOH6T4Z75e26frm X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f27e42da-1f32-4534-3f4f-08d62f5bdc0d X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4608076)(2017052603328)(7153060)(7193020); SRVR:AM5PR04MB3169; X-Microsoft-Exchange-Diagnostics: 1; AM5PR04MB3169; 3:P0Aumr5Dbiz74bxDTUlHZJl63+qfoNfDy9IUsP1z0qqNmhiw6do+3mlD5g0/vFNklUu18LCJLX7uScn2fmB5itz6AbtJKFSwlBlxHPSn4GWjJyVey6DwT9c8pxhlOeiyVGdwI60EBh5mNvdVjbl5b8Z/i44WxPblRV2LnU2gwqCfUcgFfAup0QlgbyIPQEKq/h+s3hiPigj9iL1NpiK/e30a36F69ax6ySgTMEyMN0h9YIpjGBHnKJEil3f8BNYN/WniVVa7Z3JFicBlQrkNmA4Y8uMAayD6EsEnuoRE7Or0B7f+vYKkZIhzfGaaqIkpKZAxorcte0HidEZtR7sW+79at9mfEnFRB4082V6yi0Y=; 25:HqF9JOaYkmfFHpLDm8iKX9xY2onZ+dWNvtRn2aBq48pIWFXxuimTdlo8WYYSV9P+MrQG+mj+ZWhGwD1rzOU+eZJsL5j3wZULCRMOshZDbv1f8RZBVH1t8C745Szzifrl6qIqZES0iWr3u/wfuIHyMC0qVuZMRk9LtVBJcvjwmyISOPN3iaPufv7A2BaIq6KQjD3jCDAHO5i4FuTJgBTQyZDfojYhtURjq93PfEd/ZdMBUScCs8kghqEgdsOk91tfyBmDlurs1TldBlU2iPqtKvguStujw/EiUe3hSJcJrkIWbOf3Y22hh9wgMswxRBmX7uxAuwOTC8+Lm8mg4TKsnA== X-MS-TrafficTypeDiagnostic: AM5PR04MB3169: X-Microsoft-Exchange-Diagnostics: 1; AM5PR04MB3169; 31:rlrhLXM5Amlab9rot7Y/9ZtHRYgDXe3upxc5u7TECXELFQDFaLp5BeUhTclBQ3VrExQaIbVbiRyST+5a5gSZTmyqzsRTOqsi9Y9o1CU2YhpLw5nPxv2RKQGrk/p0nTQSuwG2xXUhuTZSpydHGDHiXL3GfUbu+AFhmPslFAqhncZ459rwuru4qQl0xzvu6xok8Llg6ogOtEpdciJscxpMncVcrVSuYEHOUaG4/1rCbt0=; 20:hS5URIdQ7ofRk+a/DkzZMT45xl0013FCem7EnSKPufEci22JaUrtNyv13l51lhOsTSARcKpqoJAOa0783ZJyZfKT/rRCRZNOwtCs0KhtONeAcW6XycQwHN0dLLILNczSZCASHBiHrryDlE+elJQj8yMY6b4MqNars3qIQn1NqIP/G7Oj+eQZZTECYX7S5elseu0X7qm9oW3xP7GjMKaZeyqH7w+SJcrbVfD8wg3m1ufsDmaXVw4H0gqHBE/ucKYtWOVKCBDKEKgqlfYvpW/3sPJG7tMe8K0V2o/o8xlyBGE+vMFTdMNqAJKLkaAZhS3Dyk45tGC9DPMoUtg7YObOaXbmeOFLutoTWUNEHTJD9vpdCTDG7kOeNS4JXVYtVeY2XwfFgdjJ1vtUwUDFE8VQmgu9CeQbkskz+6JAC+axnzW0NjCefVeesWf1hYhXmWiKH4t60xqIEwXyoxVotW83Dv/f5IH45RRlwsTDQOxcpKCGfSHpW5JUgqmspXosObwk9pIDeN18zuJ/EOdSTsKmyPKXGftcxh3VIhgZCWwTdGU1Eke04rl6HT3IR8q+9RgVd6jihL7+TL8Iv2mcj6a0iTI9pa3ZpeAAgvQgTx4KA8U= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(268559375225159)(17755550239193)(85827821059158)(136742699702563); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93004095)(10201501046)(3231355)(944501410)(4982022)(52105095)(149066)(150057)(6041310)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201708071742011)(7699051)(76991055); SRVR:AM5PR04MB3169; BCL:0; PCL:0; RULEID:; SRVR:AM5PR04MB3169; X-Microsoft-Exchange-Diagnostics: 1; AM5PR04MB3169; 4:Y6vO1Eganvqeam2UShfbklsNCPYK7m/+cSQq4+h2Jg+jrNOHBOGGTRlfsfnSCiOsI+Olv5jNlh3d2z6qI7kXZWsdONyVU9DavkH4xpD6hpFjxW7ZwOqmJAeiYfjMm7YVN5AmelL92s7/fGep+Xmug7nK4HmN8U5+dFYajCrrceU73sazPTAp+GcopOiNOXzR497oebOCLAE7UhH6aL5clbRtg3F5MwJgVenctY1MoWHZ0Xk9yglHjGIor9CmvjaMICUVYH3vIXtjQqTJ+C03xjEJxTj3fGbyDH9EdATVfALMJZWjHP2f94dZ72kE3xVj48RE84WQSZ2JyvNpvZIIkMwIjzMLc0qQk8zAEJ3LKm0403VE9tRuN1CiclZgKpu1JB0ntaw41M0eyFg38PV3oeYHEkuTTt/nj9WmVSvNg1w= X-Forefront-PRVS: 08220FA8D6 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM5PR04MB3169; 23:B6QbI4Hs+aAIQ+YnjK6WJtKjeSuuxX5Qhr0XH86Ux?= =?us-ascii?Q?RHK8g/BCyZDxax0UVEuUPc/ChsHo4xcOp9T5Aq7nKqgnbjX6U2p/8EVjgPob?= =?us-ascii?Q?jhlUjjwqfyNtux3Y40AvEHQkE55AbFbLt7evXMxE6F0G2GAC4nVciUZfQ0fn?= =?us-ascii?Q?49ZVmUFWEht3SFBb7xK3YUbS5z7RwcEBP1EIxrP7os82E4QNXl+dCHEHm8DQ?= =?us-ascii?Q?OMDOlEknvXDQDO0Ar5SxXgvHEqUeeOrgZKgipV+COtOWzxTpgZBGrxljJ/LU?= =?us-ascii?Q?S35/07R+gPpzfu1+ynrqielhJ8SGPAvD1yMsNUx5vxsp96vSNkHTvK30GoqF?= =?us-ascii?Q?XQDnhITHuWAcvcyxqQAKcMErTjgfWHn6xX7xCT5xK47nGaQX6OKPT50roTG+?= =?us-ascii?Q?rkQDcNVDUrenxRWOtzlbfI/p4JbcBjwOTbLRdrg37Gg6XNeoL6kK/KjkgFaO?= =?us-ascii?Q?QxnKT4ZdNprjdOy6HIMjybOytxKLHZM+8zA9Jxnuw9HGHHQGzph2Y3h4F6SJ?= =?us-ascii?Q?0CyEvStFtd9fXKldaOKlfzs3El5bCeEhJP1ZYqQlZqNWJsBivnH6k2AaN1Tv?= =?us-ascii?Q?eIaCY2xyGukP0bkyoKeKQWjLmxQTcJ/M1bv9DQAcrLjYuEDL1KVgkC3s/3D1?= =?us-ascii?Q?8KEuiHyxEGDb+oKLl5zLAUSLKIddNgEBTNWxcMMtr4olFpm7PDyE9ePp6EJO?= =?us-ascii?Q?mRfOofzeXj+q6heKhoqhUnaFv5qQVUZ1a5qxi3STslYRlwycJkpeLp1KnTGJ?= =?us-ascii?Q?vBCLm7C+O9BmOdHvX4LkModKbAwAV9RMx89CK6XaS4vR7NVtH8tgNIo6DMkQ?= =?us-ascii?Q?FekqyvQUYmn/x0oRb/dqNgjY3l7C/xl02NC9qVK47ZSZqLjbUEMuyK6qSubH?= =?us-ascii?Q?DCkKH/7SBO9s7PwTbRUYUDrM+SlZW9H5OLd2QzGvlUS3J/wgxIKcrEUIcteR?= =?us-ascii?Q?nYhiuM+vU3bCSpmDQ4LiKg2vi2vemN7v1Umvpk3tCcvgm1ac3BUGc4l+/MIJ?= =?us-ascii?Q?UxamIW7kjnpNaY8RXc/W8onP5nLvqOik2LU1J/LxLY96SGpmTb1Xa7Pk6Kr9?= =?us-ascii?Q?PVKq1Yal+h99jnWo5xvHEj+ss/v6BK0uh72CDSlRbi7641AUuHQsR/98rj+z?= =?us-ascii?Q?sF3FHy9/BCgqDwBHUWPw6z+Bh+rtyuBIheXh0l//0LvqUNmNCHV499LSJ2iU?= =?us-ascii?Q?vKbEtkvC6rLLy7n6PO7n26rd5yc+vypj7LBlLICdfTrgbyQoUYM5VEmciRgW?= =?us-ascii?Q?4IIWlK8uJVpwZdUAxy6+21MEwv7vAGMseE2HVu9WkHI6tmzSDmPxoT6wQoPu?= =?us-ascii?Q?iiPGkcrSTaTG79RKxLGrqQ3dMzlVT5ItSeVOLpWaWytFxgtkvDmhBYlQ4hft?= =?us-ascii?Q?cXSheygJIfDkJiP5I961gHwzk28WRxaaf9LtkANVlFBBiyKGEO7ym09xNCtl?= =?us-ascii?Q?+2sWDalpfD+tU6YM3PXsfJOI9xSspRuoE3xMQFiVLfZ5Q6mxQB4ydqIx116/?= =?us-ascii?Q?Z+/UwmN6cTpLXG5abUyDM4B8fvS5QbOWP4CNYNDzF1TfcJk/noXjmguj7rRx?= =?us-ascii?Q?QwPVclZlC+v6gHmcdrSaOV1ppYpfITNTA5A5Ymy1H2mUu6IUO9t0a35q5IXb?= =?us-ascii?Q?f4SimiF2SuQPixCdO9TqxmnNMDRdufgxVGgwgWtVeE=3D?= X-Microsoft-Antispam-Message-Info: WbnfDvXYMRIgwg4ymBCBH78fbMgBUyeDgzYuu5qObppbW10TmnDpSbuhFf16rhGMENXbx0fISnC220DYGFPhoUq9F6bMUBQ6y0oTaqkeeoZRVrdd4itgK1uXAw+ZThmBDELEywF2W3JtOSK+BvWyJaUPUUhaDwTURY3r5fqx4dZLlw/I/winoT2dVPez91k9V1teU8jRScWO6Dh+c6LH1WjPWq0QrETQdv55N2cRDHnZMFwHlxz/k/Y8gkS4qWnv/ilwSTSHXzKGx954uUw0A+PKg8RkxS/Li9RfNgW8rL5ofktW7vvQg25Tg/xQlxiGXjbYXA1lhwr+1ULHfj0GWAqr4vKqnRZLK11STuEsVcRzc5Hxg13YzkZ+Kxo9waPpcyoAxcFM4QWG4sR3zKSJvw== X-Microsoft-Exchange-Diagnostics: 1; AM5PR04MB3169; 6:vIJoMMIqwXcbAkDLjvwxPKsxlkWBQ3pCPG6CsXph5NMuQrjYpNS1VGJ6/IhDHg2pFOghUZQlbZmWVb0MON8IZjpFm6fdvuQaAggNH6kBzcCQA+3oHCGm+hUDq4yd02oWzm/QmzUeTwD5vrpDrZcrg2BGw5eBQIr2XtuAcnz2xf9VF1BXkavohxYtbu4Yr5QgXNXK78ZqJY8SKdlTkfJmS/zxomEuAtdOH2srrClR6RtZLYOOsWTBxzDkB6LirgYQFa6VBCCX+bUJbVwPCNVszYQ+IjfUIUV0ud+IyXGfRFikVAocM3zK+OwYO6qQ2f7o6IfkMSmn9Rma4ZBaPxuedRLrw0FH8iaXGgavBo6JueHV5ejZJRFu2teZU1alNpz0SgWKdksMbkQdoSp4WkAhEfWA1hkFxp361G2RlwfjMXNhQyMj1AGpP9bTn9/DK+LJq8SGhzPQfyP4V/iyPCAg/Q==; 5:cB9oESAX2Is/u4wzM+Oq37EHY+5c0Sg76/DYbX3tNO/+PLn8CYbyT+TzFuAynxFQpasHJ3YWGNAe1gbw07f+6f1jLgGoHtiy+TQDZtss88CDMPCU6VIa4aYllQ58j5WHNybrrkgNBYXQxA8LGtjBN/5YVEwDJ9Cz9K4lnncF5ck=; 7:x7OSBVUz1gAiRbDR+7YcztMsVr8hXM+u5yuwL1OdqnuU9GWjA8f9ndXIaHduJSla915FJM1YAfnSPU8CvAI465D6IMysE5LStwAsIDSAAHgOeZT9YfS8XR6AUYjMScWkkJxntdpO5z0bsPmsgDhxBr9Zkx3SgMUdMoiXI7J1EPktKlBkZ7gbCqgGlnM5TwGaSqEtR8XUckbMFup6voxAhwtz4Wh+0HlbPyA4o+lAiUhfLZQpui86hoNrhXupCBqy SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: soton.ac.uk X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Oct 2018 09:28:09.7076 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f27e42da-1f32-4534-3f4f-08d62f5bdc0d X-MS-Exchange-CrossTenant-Id: 4a5378f9-29f4-4d3e-be89-669d03ada9d8 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=4a5378f9-29f4-4d3e-be89-669d03ada9d8; Ip=[152.78.119.52]; Helo=[smtp.soton.ac.uk] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR04MB3169 Archived-At: X-Mailman-Approved-At: Thu, 18 Oct 2018 11:02:44 -0700 Subject: Re: [saag] stopping (https) phishing X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2018 09:28:21 -0000 --_000_62EE2E0FDD144282A6458E946AEA7AE7sotonacuk_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgYWxsLA0KDQpKdXN0IGZvbGxvd2luZyB1cCBvbiB0aGUgSnVseSB0aHJlYWQgYSBiaXQuIEhh cyBhbnl0aGluZyBjb21lIG9mIHRoZSBpZGVhIG9mIGFuIFJHIGZvciB0aGlzPw0KDQpJIGFzayBh cyBJIGhhdmUgYmVlbiBmdWxsIHRpbWUgcmVhZGluZyB1cCBvbiBjYXRlZ29yeSB0aGVvcnkgYW5k IChtb2RhbCkgbG9naWMgZm9yICBteQ0Kc2Vjb25kIHllYXIgUGhEIHJlcG9ydCB3aGljaCBJIG5l ZWQgdG8gZGVmZW5kIGluIDIgd2Vla3Mgbm93LiBTbyBJIGZpbmFsbHkgaGF2ZSBhIGJpdCBvZg0K dGltZSB0byBicmVhdGhlLg0KDQpIZXJlIGlzIGEgcHJlc2VudGF0aW9uIEkgZ2F2ZSBvbiB0aGUg dG9waWMgYXQgdGhlIEludGVybmF0aW9uYWwgU2VtYW50aWMgV2ViIENvbmZlcmVuY2UgdGhhdA0K d2FzIGhlbGQgaW4gTW9udGVyZXkgdGhpcyB3ZWVrLg0KDQogICAgaHR0cHM6Ly95b3V0dS5iZS9f LWh5NVdLTWcyZw0KDQpJdCBhbHNvIGV4cGxhaW5zIHRoZSBhcmNoaXRlY3R1cmUgb2YgdGhlIFNv TGlEIHByb2plY3Qgd2hpY2ggVGltIEJlcm5lcnMgTGVlJ3Mgc3RhcnR1cCBodHRwczovL3d3dy5p bnJ1cHQuY29tLyAsDQphbmQgd2hpY2ggeW91IG1heSBoYXZlIHNlZW4gaW4gdGhlIG5ld3MuDQoN CkhlbnJ5IFN0b3J5DQoNCk9uIDIzIEp1bCAyMDE4LCBhdCAyMTo1MCwgTmFsaW5pIEogRWxraW5z IDxuYWxpbmkuZWxraW5zQGluc2lkZXRoZXN0YWNrLmNvbTxtYWlsdG86bmFsaW5pLmVsa2luc0Bp bnNpZGV0aGVzdGFjay5jb20+PiB3cm90ZToNCg0KDQoNCg0KPiBJIHRoaW5rIGl0IHdvdWxkIGJl IGdyZWF0IGlmIHdlIGNvdWxkIG9yZ2FuaXplIHNvbWUgc29ydCBvZiBCYXIgQk9GIG9yIGV2ZW4g bGVzcyBmb3JtYWwgZ2V0IHRvZ2V0aGVyIHRvIHRhbGsgYWJvdXQgdGhpcy4gTWF5YmUganVzdCBz dGF5IGxhdGUgaW4gb25lIG9mIHRoZSByb29tIG9uZSBuaWdodD8/Pw0KDQpTdXJlLiAgSSBhbSB3 b3JraW5nIHdpdGggc29tZSBvZiB0aGUgZW50ZXJwcmlzZXMgdG8gZ2V0IHNvbWUgY29uY3JldGUg ZXhhbXBsZXMgb2Ygd2hhdCBoYXMgd29ya2VkLCB3aGF0IGhhcyBub3QsIGFuZCBvdGhlciBjb25j ZXJucy4NCg0KV2UgY2FuIG1heWJlIGV2ZW4gbWVldCBpbiBhbiBhY3R1YWwgYmFyISAgIExldCdz IGRpc2N1c3MgbW9yZSBhcyB0aW1lIGFwcHJvYWNoZXMuDQoNClRoYW5rcywNCkJyZXQNClBHUCBG aW5nZXJwcmludDogNjNCNCBGQzUzIDY4MEEgNkI3RCAxNDQ3ICBGMkMwIDc0RjggQUNBRSA3NDE1 IDAwNTANCiJXaXRob3V0IGNyeXB0b2dyYXBoeSB2aWh2IHZpdmMgY2UgeGhybnJ3LCBob3dldmVy LCB0aGUgb25seSB0aGluZyB0aGF0IGNhbiBub3QgYmUgdW5zY3JhbWJsZWQgaXMgYW4gZWdnLiIN Cg0KT24gSnVsIDIzLCAyMDE4LCBhdCAxMDowOSBBTSwgTmFsaW5pIEogRWxraW5zIDxuYWxpbmku ZWxraW5zQGluc2lkZXRoZXN0YWNrLmNvbTxtYWlsdG86bmFsaW5pLmVsa2luc0BpbnNpZGV0aGVz dGFjay5jb20+PiB3cm90ZToNCg0KSSBhbSB3aWxsaW5nIHRvIGhlbHAgYWxzby4NCg0KDQpUaGlz IGlzIGFuIGltcG9ydGFudCBwcm9ibGVtIGZvciBlbnRlcnByaXNlcy4gIFlvdSBtYXkgYmUgZmFt aWxpYXIgd2l0aCB0aGUgT1BNIGRhdGEgYnJlYWNoIHdoaWNoIHdhcyBtb3N0IGxpa2VseSBzdGFy dGVkIGJ5IGEgcGhpc2hpbmcgYXR0YWNrLg0KDQpodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lr aS9PZmZpY2Vfb2ZfUGVyc29ubmVsX01hbmFnZW1lbnRfZGF0YV9icmVhY2gNCg0KSSB3b25kZXIg aWYgd2Ugd2FudCB0byBoYXZlIHNvbWUgdHlwZSBvZiBtZWV0aW5nIGluIEJhbmdrb2suDQpUaGFu a3MsDQoNCk5hbGluaSBFbGtpbnMNCkNFTyBhbmQgRm91bmRlcg0KSW5zaWRlIFByb2R1Y3RzLCBJ bmMuDQp3d3cuaW5zaWRldGhlc3RhY2suY29tPGh0dHA6Ly93d3cuaW5zaWRldGhlc3RhY2suY29t Pg0KKDgzMSkgNjU5LTgzNjANCg0KDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQpGcm9tOiBUaW0gSG9sbGViZWVrIDx0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbT4NClRvOiBB ZGFtIE1vbnR2aWxsZSA8YWRhbS53Lm1vbnR2aWxsZUBnbWFpbC5jb20+OyBKb2huIFIuIExldmlu ZSA8am9obmxAaWVjYy5jb20+DQpDYzogInNhYWdAaWV0Zi5vcmciIDxzYWFnQGlldGYub3JnPg0K U2VudDogTW9uZGF5LCBKdWx5IDIzLCAyMDE4IDg6NTYgQU0NClN1YmplY3Q6IFJlOiBbc2FhZ10g c3RvcHBpbmcgKGh0dHBzKSBwaGlzaGluZw0KDQoNCg0KSSdkIGhlbHAsIHRvby4gIFRoaXMgaXMg YW4gaW1wb3J0YW50IHByb2JsZW0uICBJIHRoaW5rIEkgd291bGQgZmF2b3IgYSBSRyBiZWNhdXNl DQpJIGhhdmVuJ3Qgc2VlbiBhbnkgaWRlYXMgcHJvcG9zZWQgeWV0IHRoYXQgd291bGQgaGF2ZSBh IHNpZ25pZmljYW50IGltcGFjdCBvbg0KdGhlIHByb2JsZW0sIHRob3VnaCBzb21lIHBlb3BsZSBz ZWVtIHRvIGJlIHRoaW5raW5nIGFsb25nIHRoZSByaWdodCBkaXJlY3Rpb25zLg0KSXQncyBhIHRv dWdoIHByb2JsZW0uDQoNCi1UaW0NCg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJv bTogc2FhZyA8c2FhZy1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhhbGYgT2YgQWRhbSBNb250dmls bGUNClNlbnQ6IFN1bmRheSwgSnVseSAyMiwgMjAxOCA4OjA1IEFNDQpUbzogSm9obiBSLiBMZXZp bmUgPGpvaG5sQGllY2MuY29tPg0KQ2M6IHNhYWdAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbc2Fh Z10gc3RvcHBpbmcgKGh0dHBzKSBwaGlzaGluZw0KDQpXaGV0aGVyIGEgV0cgb3IgYW4gUkcsIEni gJlkIGJlIGludGVyZXN0ZWQgaW4gaGVscGluZyBoZXJlLg0KDQpPbiBKdWwgMjEsIDIwMTgsIGF0 IDg6MDAgUE0sIEpvaG4gUi4gTGV2aW5lIDxqb2hubEBpZWNjLmNvbT4gd3JvdGU6DQoNCkkgZm9y IG9uZSB3b3VsZCByZWFsbHkgbGlrZSB0byBzZWUgdGhlIElFVEYgc2V0dXAgYSB3b3JraW5nIGdy b3VwIGZvciB0aGlzDQpzcGVjaWZpYyB0b3BpYywgaXQgd291bGQgYmUgZ29vZCB0byB3b3JrIHRo cm91Z2ggdGhpcyBhbmQgZmluZCBhIHNvbHV0aW9uIHRoYXQNCndvcmtzLiBJIHdvdWxkIGJlIHdp bGxpbmcgdG8gaGVscCBvdXQgaGVyZSBhbmQgd2lsbCBkZWRpY2F0ZSB0aW1lIHRvIHRoaXMgZWZm b3J0Lg0KDQpJIGRvbid0IHRoaW5rIHRoZXJlIGlzIGVub3VnaCBzdHVmZiBoZXJlIHRvIG1lcml0 IFdHLiAgUGVyaGFwcyB0YWxrIHRvIHRoZSBJUlRGDQphYm91dCBhbiBSRyB0byBleHBsb3JlIGlk ZWFzIG5vdCByZWFkeSB0byBzdGFuZGFyZGl6ZS4NCg0KDQoNCkJyZXQNCg0KU2VudCBmcm9tIG15 IENvbW1vZG9yZSAxMjhEDQoNClBHUCBGaW5nZXJwcmludDogNjNCNCBGQzUzIDY4MEEgNkI3RCAx NDQ3ICBGMkMwIDc0RjggQUNBRSA3NDE1IDAwNTANCg0KT24gSnVsIDIxLCAyMDE4LCBhdCAyOjQw IFBNLCBKb2huIFIuIExldmluZSA8am9obmxAaWVjYy5jb20+IHdyb3RlOg0KDQpPbiBTYXQsIDIx IEp1bCAyMDE4LCBIZW5yeSBTdG9yeSB3cm90ZToNCkhvdyB3b3VsZCB0aGlzIElXb1QgZGlmZmVy IGZyb20gd2hhdCBDQXMgd2VyZSBzdXBwb3NlZCB0byBkbz8NCg0KVGhhdCBpcyBlYXN5LiBJV29U IHdvdWxkIGJlIGJhc2VkIG9uIGluc3RpdHV0aW9ucyB0aGF0IHRpZSBpbnRvDQpuYXRpb24gb3Ig cmVnaW9uIGJhc2VkIGxvY2FsIHJlZ2lzdHJpZXMgdGhhdCB0aWUgaW50byBuYXRpb25hbCBhbmNo b3JzIHRoYXQNCm1heSB0aWUgaW50byBmZWRlcmFsIG9uZXMgKGFzIGluIHRoZSBVU0EsIG9yIEdl cm1hbnkpLg0KDQpUaGlzIHNvdW5kcyBhIGxvdCBsaWtlIHRoZSBpbmR1c3RyeS1zcGVjaWZpYyBD QXMgSSBwcm9wb3NlZCwgb25seSB0aGlzDQpkZXBlbmRzIG9uIGEgZ3JlYXQgZGVhbCBvZiBzb2Z0 d2FyZSB0aGF0IGRvZXMgbm90IGV4aXN0IGFuZCBwcm9iYWJseSBuZXZlcg0Kd2lsbC4NCg0KUidz LA0KSm9obg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Xw0Kc2FhZyBtYWlsaW5nIGxpc3QNCnNhYWdAaWV0Zi5vcmcNCmh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vc2FhZw0KDQoNClJlZ2FyZHMsDQpKb2huIExldmluZSwgam9obmxA aWVjYy5jb20sIFByaW1hcnkgUGVycGV0cmF0b3Igb2YgIlRoZSBJbnRlcm5ldCBmb3INCkR1bW1p ZXMiLCBQbGVhc2UgY29uc2lkZXIgdGhlIGVudmlyb25tZW50IGJlZm9yZSByZWFkaW5nIHRoaXMg ZS1tYWlsLg0KaHR0cHM6Ly9qbC5seQ0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXw0Kc2FhZyBtYWlsaW5nIGxpc3QNCnNhYWdAaWV0Zi5vcmcNCmh0dHBz Oi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2FhZw0KDQpfX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0Kc2FhZyBtYWlsaW5nIGxpc3QNCnNhYWdA aWV0Zi5vcmcNCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2FhZw0KX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCnNhYWcgbWFpbGlu ZyBsaXN0DQpzYWFnQGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL3NhYWcNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X18NCnNhYWcgbWFpbGluZyBsaXN0DQpzYWFnQGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL3NhYWcNCg0KDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fDQpzYWFnIG1haWxpbmcgbGlzdA0Kc2FhZ0BpZXRmLm9yZzxt YWlsdG86c2FhZ0BpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vc2FhZw0KDQo= --_000_62EE2E0FDD144282A6458E946AEA7AE7sotonacuk_ Content-Type: text/html; charset="utf-8" Content-ID: <257D386BB5BB7F4585BD00E7CA7763F9@exchange.soton.ac.uk> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgbGluZS1icmVhazogYWZ0 ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+SGkgYWxsLDwvZGl2Pg0K PGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCkp1c3QgZm9sbG93aW5nIHVwIG9u IHRoZSBKdWx5IHRocmVhZCBhIGJpdC4gSGFzIGFueXRoaW5nIGNvbWUgb2YgdGhlIGlkZWEgb2Yg YW4gUkcgZm9yIHRoaXM/DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRp diBjbGFzcz0iIj5JIGFzayBhcyBJIGhhdmUgYmVlbiBmdWxsIHRpbWUgcmVhZGluZyB1cCBvbiBj YXRlZ29yeSB0aGVvcnkgYW5kIChtb2RhbCkgbG9naWMgZm9yICZuYnNwO215PC9kaXY+DQo8ZGl2 IGNsYXNzPSIiPnNlY29uZCB5ZWFyIFBoRCByZXBvcnQgd2hpY2ggSSBuZWVkIHRvIGRlZmVuZCBp biAyIHdlZWtzIG5vdy4gU28gSSBmaW5hbGx5IGhhdmUgYSBiaXQgb2YmbmJzcDs8L2Rpdj4NCjxk aXYgY2xhc3M9IiI+dGltZSB0byBicmVhdGhlLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xh c3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PHNwYW4gY2xhc3M9IkFwcGxlLXRhYi1zcGFu IiBzdHlsZT0id2hpdGUtc3BhY2U6cHJlIj48L3NwYW4+SGVyZSBpcyBhIHByZXNlbnRhdGlvbiBJ IGdhdmUgb24gdGhlIHRvcGljIGF0IHRoZSBJbnRlcm5hdGlvbmFsIFNlbWFudGljIFdlYiBDb25m ZXJlbmNlIHRoYXQ8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+d2FzIGhlbGQgaW4gTW9udGVyZXkgdGhp cyB3ZWVrLiZuYnNwOzwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4N CjxkaXYgY2xhc3M9IiI+Jm5ic3A7ICZuYnNwOyZuYnNwOzxhIGhyZWY9Imh0dHBzOi8veW91dHUu YmUvXy1oeTVXS01nMmciIGNsYXNzPSIiPmh0dHBzOi8veW91dHUuYmUvXy1oeTVXS01nMmc8L2E+ PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij5JdCBhbHNvIGV4cGxhaW5zIHRoZSBhcmNoaXRlY3R1cmUgb2YgdGhlIFNvTGlEIHByb2plY3Qg d2hpY2ggVGltIEJlcm5lcnMgTGVlJ3Mgc3RhcnR1cA0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaW5y dXB0LmNvbS8iIGNsYXNzPSIiPmh0dHBzOi8vd3d3LmlucnVwdC5jb20vPC9hPiZuYnNwOyw8L2Rp dj4NCjxkaXYgY2xhc3M9IiI+YW5kIHdoaWNoIHlvdSBtYXkgaGF2ZSBzZWVuIGluIHRoZSBuZXdz LjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9 IiI+SGVucnkgU3Rvcnk8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRp diBjbGFzcz0iIj4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIg Y2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIDIzIEp1bCAyMDE4LCBhdCAyMTo1MCwgTmFsaW5p IEogRWxraW5zICZsdDs8YSBocmVmPSJtYWlsdG86bmFsaW5pLmVsa2luc0BpbnNpZGV0aGVzdGFj ay5jb20iIGNsYXNzPSIiPm5hbGluaS5lbGtpbnNAaW5zaWRldGhlc3RhY2suY29tPC9hPiZndDsg d3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRp diBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9y OiByZ2IoMjU1LCAyNTUsIDI1NSk7IGZvbnQtZmFtaWx5OiAmcXVvdDtIZWx2ZXRpY2EgTmV1ZSZx dW90OywgSGVsdmV0aWNhLCBBcmlhbCwgJnF1b3Q7THVjaWRhIEdyYW5kZSZxdW90Oywgc2Fucy1z ZXJpZjsgZm9udC1zaXplOiAxNnB4OyIgY2xhc3M9IiI+DQo8ZGl2IGlkPSJ5dWlfM18xNl8wX3lt MTlfMV8xNTMyMzcyNTkxMjQ1XzM5OTY1IiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4N CjxkaXYgY2xhc3M9InF0ZFNlcGFyYXRlQlIiPjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N CjwvZGl2Pg0KPGRpdiBjbGFzcz0ieWFob29fcXVvdGVkIiBpZD0ieXVpXzNfMTZfMF95bTE5XzFf MTUzMjM3MjU5MTI0NV8zOTk2OSIgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyI+DQo8ZGl2IHN0eWxl PSJmb250LWZhbWlseTogSGVsdmV0aWNhIE5ldWUsIEhlbHZldGljYSwgQXJpYWwsIEx1Y2lkYSBH cmFuZGUsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTZweDsiIGlkPSJ5dWlfM18xNl8wX3ltMTlf MV8xNTMyMzcyNTkxMjQ1XzM5OTY4IiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5 OiBIZWx2ZXRpY2FOZXVlLCBIZWx2ZXRpY2EgTmV1ZSwgSGVsdmV0aWNhLCBBcmlhbCwgTHVjaWRh IEdyYW5kZSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxNnB4OyIgaWQ9Inl1aV8zXzE2XzBfeW0x OV8xXzE1MzIzNzI1OTEyNDVfMzk5NjciIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0ieV9tc2dfY29u dGFpbmVyIiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUzMjM3MjU5MTI0NV8zOTk3OSI+DQo8ZGl2 IGlkPSJ5aXY0NTcxNDgzODk5IiBjbGFzcz0iIj4NCjxkaXYgaWQ9Inl1aV8zXzE2XzBfeW0xOV8x XzE1MzIzNzI1OTEyNDVfMzk5ODUiIGNsYXNzPSIiPiZndDsgSSB0aGluayBpdCB3b3VsZCBiZSBn cmVhdCBpZiB3ZSBjb3VsZCBvcmdhbml6ZSBzb21lIHNvcnQgb2YgQmFyIEJPRiBvciBldmVuIGxl c3MgZm9ybWFsIGdldCB0b2dldGhlciB0byB0YWxrIGFib3V0IHRoaXMuIE1heWJlIGp1c3Qgc3Rh eSBsYXRlIGluIG9uZSBvZiB0aGUgcm9vbSBvbmUgbmlnaHQ/Pz88L2Rpdj4NCjxkaXYgaWQ9Inl1 aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEyNDVfMzk5ODUiIGNsYXNzPSIiPjxiciBjbGFzcz0i Ij4NCjwvZGl2Pg0KPGRpdiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUzMjM3MjU5MTI0NV8zOTk4 NSIgY2xhc3M9IiI+U3VyZS4mbmJzcDsgSSBhbSB3b3JraW5nIHdpdGggc29tZSBvZiB0aGUgZW50 ZXJwcmlzZXMgdG8gZ2V0IHNvbWUgY29uY3JldGUgZXhhbXBsZXMgb2Ygd2hhdCBoYXMgd29ya2Vk LCB3aGF0IGhhcyBub3QsIGFuZCBvdGhlciBjb25jZXJucy48L2Rpdj4NCjxkaXYgaWQ9Inl1aV8z XzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEyNDVfMzk5ODUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0i eWl2NDU3MTQ4Mzg5OSIgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEyNDVfNDAwNTIi PjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPC9kaXY+DQo8ZGl2IGNs YXNzPSJ5aXY0NTcxNDgzODk5IiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUzMjM3MjU5MTI0NV80 MDA1MSI+V2UgY2FuIG1heWJlIGV2ZW4gbWVldCBpbiBhbiBhY3R1YWwgYmFyISZuYnNwOyAmbmJz cDtMZXQncyBkaXNjdXNzIG1vcmUgYXMgdGltZSBhcHByb2FjaGVzLjwvZGl2Pg0KPGRpdiBjbGFz cz0ieWl2NDU3MTQ4Mzg5OSIgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEyNDVfNDAw NTAiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgaWQ9 Inl1aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEyNDVfMzk5ODQiPg0KPGRpdiBjbGFzcz0ieWl2 NDU3MTQ4Mzg5OSIgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEyNDVfNDAwNDciPg0K PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IEhlbHZldGljYTsgZm9udC1zaXplOiAxNHB4OyBmb250 LXN0eWxlOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3Jt YWw7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTog bm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyIgaWQ9Inl1 aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEyNDVfNDAwNDYiIGNsYXNzPSIiPg0KPGRpdiBjbGFz cz0ieWl2NDU3MTQ4Mzg5OSIgc3R5bGU9Im9ycGhhbnM6Mjt3aWRvd3M6MjtsaW5lLWhlaWdodDpu b3JtYWw7IiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUzMjM3MjU5MTI0NV80MDA0OSI+DQo8c3Bh biBjbGFzcz0ieWl2NDU3MTQ4Mzg5OUFwcGxlLXN0eWxlLXNwYW4iIHN0eWxlPSJib3JkZXItY29s bGFwc2U6c2VwYXJhdGU7bGluZS1oZWlnaHQ6bm9ybWFsO2JvcmRlci1zcGFjaW5nOjBweDsiIGlk PSJ5dWlfM18xNl8wX3ltMTlfMV8xNTMyMzcyNTkxMjQ1XzQwMDQ4Ij5UaGFua3MsPC9zcGFuPjwv ZGl2Pg0KPGRpdiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgc3R5bGU9Im9ycGhhbnM6Mjt3aWRvd3M6 MjtsaW5lLWhlaWdodDpub3JtYWw7IiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUzMjM3MjU5MTI0 NV80MDA0NSI+DQo8c3BhbiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OUFwcGxlLXN0eWxlLXNwYW4iIHN0 eWxlPSJib3JkZXItY29sbGFwc2U6c2VwYXJhdGU7bGluZS1oZWlnaHQ6bm9ybWFsO2JvcmRlci1z cGFjaW5nOjBweDsiIGlkPSJ5dWlfM18xNl8wX3ltMTlfMV8xNTMyMzcyNTkxMjQ1XzQwMDQ0Ij5C cmV0PC9zcGFuPjwvZGl2Pg0KPGRpdiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgc3R5bGU9Im9ycGhh bnM6Mjt3aWRvd3M6MjsiIGlkPSJ5dWlfM18xNl8wX3ltMTlfMV8xNTMyMzcyNTkxMjQ1XzQwMDYy Ij4NCjxzcGFuIGNsYXNzPSJ5aXY0NTcxNDgzODk5QXBwbGUtc3R5bGUtc3BhbiIgc3R5bGU9ImJv cmRlci1jb2xsYXBzZTpzZXBhcmF0ZTtib3JkZXItc3BhY2luZzowcHg7Ij48c3BhbiBjbGFzcz0i eWl2NDU3MTQ4Mzg5OUFwcGxlLXN0eWxlLXNwYW4iIHN0eWxlPSJib3JkZXItY29sbGFwc2U6c2Vw YXJhdGU7Ym9yZGVyLXNwYWNpbmc6MHB4OyI+PC9zcGFuPjwvc3Bhbj4NCjxkaXYgY2xhc3M9Inlp djQ1NzE0ODM4OTkiIHN0eWxlPSJ3b3JkLXdyYXA6YnJlYWstd29yZDsiIGlkPSJ5dWlfM18xNl8w X3ltMTlfMV8xNTMyMzcyNTkxMjQ1XzQwMDYxIj4NCjxzcGFuIGNsYXNzPSJ5aXY0NTcxNDgzODk5 QXBwbGUtc3R5bGUtc3BhbiIgc3R5bGU9ImJvcmRlci1jb2xsYXBzZTpzZXBhcmF0ZTtib3JkZXIt c3BhY2luZzowcHg7Ij48L3NwYW4+DQo8ZGl2IGNsYXNzPSJ5aXY0NTcxNDgzODk5IiBzdHlsZT0i d29yZC13cmFwOmJyZWFrLXdvcmQ7IiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUzMjM3MjU5MTI0 NV80MDA2MCI+DQo8c3BhbiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OUFwcGxlLXN0eWxlLXNwYW4iIHN0 eWxlPSJib3JkZXItY29sbGFwc2U6c2VwYXJhdGU7Ym9yZGVyLXNwYWNpbmc6MHB4OyI+PC9zcGFu Pg0KPGRpdiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgc3R5bGU9IndvcmQtd3JhcDpicmVhay13b3Jk OyIgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEyNDVfNDAwNTkiPg0KPHNwYW4gY2xh c3M9InlpdjQ1NzE0ODM4OTlBcHBsZS1zdHlsZS1zcGFuIiBzdHlsZT0iYm9yZGVyLWNvbGxhcHNl OnNlcGFyYXRlO2JvcmRlci1zcGFjaW5nOjBweDsiPjwvc3Bhbj4NCjxkaXYgY2xhc3M9InlpdjQ1 NzE0ODM4OTkiPjxmb250IGNsYXNzPSJ5aXY0NTcxNDgzODk5IiBjb2xvcj0iIzdjN2M3YyIgZmFj ZT0iQ2FsaWJyZSwgVmVyZGFuYSIgc3R5bGU9ImxpbmUtaGVpZ2h0Om5vcm1hbDsiPjxzcGFuIGNs YXNzPSJ5aXY0NTcxNDgzODk5IiBzdHlsZT0iZm9udC1zaXplOjExcHg7Ij5QR1AgRmluZ2VycHJp bnQ6Jm5ic3A7PC9zcGFuPjwvZm9udD48c3BhbiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgc3R5bGU9 ImZvbnQtc2l6ZToxMXB4OyI+PGZvbnQgY2xhc3M9InlpdjQ1NzE0ODM4OTkiIGNvbG9yPSIjN2M3 YzdjIiBmYWNlPSJDYWxpYnJlLCBWZXJkYW5hIj42M0I0DQogRkM1MyA2ODBBIDZCN0QgMTQ0NyAm bmJzcDtGMkMwIDc0RjggQUNBRSA3NDE1IDAwNTA8L2ZvbnQ+PC9zcGFuPjwvZGl2Pg0KPGRpdiBj bGFzcz0ieWl2NDU3MTQ4Mzg5OSIgc3R5bGU9ImxpbmUtaGVpZ2h0Om5vcm1hbDsiIGlkPSJ5dWlf M18xNl8wX3ltMTlfMV8xNTMyMzcyNTkxMjQ1XzQwMDU4Ij4NCjxzcGFuIGNsYXNzPSJ5aXY0NTcx NDgzODk5IiBzdHlsZT0iY29sb3I6cmdiKDEyNCwgMTI0LCAxMjQpO2ZvbnQtc2l6ZTo4cHQ7Zm9u dC1mYW1pbHk6Q2FsaWJyZSwgVmVyZGFuYTsiIGlkPSJ5dWlfM18xNl8wX3ltMTlfMV8xNTMyMzcy NTkxMjQ1XzQwMDU3Ij4mcXVvdDtXaXRob3V0IGNyeXB0b2dyYXBoeSB2aWh2IHZpdmMgY2UgeGhy bnJ3LCBob3dldmVyLCB0aGUgb25seSB0aGluZyB0aGF0IGNhbiBub3QgYmUgdW5zY3JhbWJsZWQg aXMgYW4gZWdnLiZxdW90Ozwvc3Bhbj48L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXYgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1 OTEyNDVfMzk5ODMiIGNsYXNzPSIiPjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4 OTkiPg0KPGJsb2NrcXVvdGUgY2xhc3M9InlpdjQ1NzE0ODM4OTkiIHR5cGU9ImNpdGUiIGlkPSJ5 dWlfM18xNl8wX3ltMTlfMV8xNTMyMzcyNTkxMjQ1XzM5OTgyIj4NCjxkaXYgY2xhc3M9InlpdjQ1 NzE0ODM4OTl5cXQzODA3NTI0OTE0IiBpZD0ieWl2NDU3MTQ4Mzg5OXlxdGZkMjgxNDYiPg0KPGRp diBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgaWQ9Inl1aV8zXzE2XzBfeW0xOV8xXzE1MzIzNzI1OTEy NDVfNDAwNjQiPk9uIEp1bCAyMywgMjAxOCwgYXQgMTA6MDkgQU0sIE5hbGluaSBKIEVsa2lucyAm bHQ7PGEgcmVsPSJub2ZvbGxvdyIgc2hhcGU9InJlY3QiIGNsYXNzPSJ5aXY0NTcxNDgzODk5IiB5 bWFpbHRvPSJtYWlsdG86bmFsaW5pLmVsa2luc0BpbnNpZGV0aGVzdGFjay5jb20iIHRhcmdldD0i X2JsYW5rIiBocmVmPSJtYWlsdG86bmFsaW5pLmVsa2luc0BpbnNpZGV0aGVzdGFjay5jb20iIGlk PSJ5dWlfM18xNl8wX3ltMTlfMV8xNTMyMzcyNTkxMjQ1XzQwMDYzIj5uYWxpbmkuZWxraW5zQGlu c2lkZXRoZXN0YWNrLmNvbTwvYT4mZ3Q7DQogd3JvdGU6PC9kaXY+DQo8YnIgY2xlYXI9Im5vbmUi IGNsYXNzPSJ5aXY0NTcxNDgzODk5QXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2IGNs YXNzPSJ5aXY0NTcxNDgzODk5IiBpZD0ieXVpXzNfMTZfMF95bTE5XzFfMTUzMjM3MjU5MTI0NV8z OTk4MSI+DQo8ZGl2IGNsYXNzPSJ5aXY0NTcxNDgzODk5IiBpZD0ieXVpXzNfMTZfMF95bTE5XzFf MTUzMjM3MjU5MTI0NV8zOTk4MCI+SSBhbSB3aWxsaW5nIHRvIGhlbHAgYWxzby48YnIgY2xlYXI9 Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9Inlp djQ1NzE0ODM4OTkiPg0KPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpU aGlzIGlzIGFuIGltcG9ydGFudCBwcm9ibGVtIGZvciBlbnRlcnByaXNlcy4gJm5ic3A7WW91IG1h eSBiZSBmYW1pbGlhciB3aXRoIHRoZSBPUE0gZGF0YSBicmVhY2ggd2hpY2ggd2FzIG1vc3QgbGlr ZWx5IHN0YXJ0ZWQgYnkgYSBwaGlzaGluZyBhdHRhY2suPGJyIGNsZWFyPSJub25lIiBjbGFzcz0i eWl2NDU3MTQ4Mzg5OSI+DQo8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4N CjxhIHJlbD0ibm9mb2xsb3ciIHNoYXBlPSJyZWN0IiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdGFy Z2V0PSJfYmxhbmsiIGhyZWY9Imh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL09mZmljZV9v Zl9QZXJzb25uZWxfTWFuYWdlbWVudF9kYXRhX2JyZWFjaCI+aHR0cHM6Ly9lbi53aWtpcGVkaWEu b3JnL3dpa2kvT2ZmaWNlX29mX1BlcnNvbm5lbF9NYW5hZ2VtZW50X2RhdGFfYnJlYWNoPC9hPjxi ciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPGJyIGNsZWFyPSJub25lIiBj bGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpJIHdvbmRlciBpZiB3ZSB3YW50IHRvIGhhdmUgc29tZSB0 eXBlIG9mIG1lZXRpbmcgaW4gQmFuZ2tvay48YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcx NDgzODk5Ij4NClRoYW5rcyw8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4N CjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KTmFsaW5pIEVsa2luczxi ciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KQ0VPIGFuZCBGb3VuZGVyPGJy IGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpJbnNpZGUgUHJvZHVjdHMsIElu Yy48YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjxhIGhyZWY9Imh0dHA6 Ly93d3cuaW5zaWRldGhlc3RhY2suY29tIiBjbGFzcz0iIj53d3cuaW5zaWRldGhlc3RhY2suY29t PC9hPjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KKDgzMSkgNjU5LTgz NjA8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjxiciBjbGVhcj0ibm9u ZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3 MTQ4Mzg5OSI+DQo8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCl9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3 MTQ4Mzg5OSI+DQpGcm9tOiBUaW0gSG9sbGViZWVrICZsdDt0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0 LmNvbSZndDs8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NClRvOiBBZGFt IE1vbnR2aWxsZSAmbHQ7YWRhbS53Lm1vbnR2aWxsZUBnbWFpbC5jb20mZ3Q7OyBKb2huIFIuIExl dmluZSAmbHQ7am9obmxAaWVjYy5jb20mZ3Q7IDxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1 NzE0ODM4OTkiPg0KQ2M6ICZxdW90O3NhYWdAaWV0Zi5vcmcmcXVvdDsgJmx0O3NhYWdAaWV0Zi5v cmcmZ3Q7PGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpTZW50OiBNb25k YXksIEp1bHkgMjMsIDIwMTggODo1NiBBTTxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0 ODM4OTkiPg0KU3ViamVjdDogUmU6IFtzYWFnXSBzdG9wcGluZyAoaHR0cHMpIHBoaXNoaW5nPGJy IGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YnIgY2xlYXI9Im5vbmUiIGNs YXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4 OTkiPg0KPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpJJ2QgaGVscCwg dG9vLiAmbmJzcDtUaGlzIGlzIGFuIGltcG9ydGFudCBwcm9ibGVtLiAmbmJzcDtJIHRoaW5rIEkg d291bGQgZmF2b3IgYSBSRyBiZWNhdXNlPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4 Mzg5OSI+DQpJIGhhdmVuJ3Qgc2VlbiBhbnkgaWRlYXMgcHJvcG9zZWQgeWV0IHRoYXQgd291bGQg aGF2ZSBhIHNpZ25pZmljYW50IGltcGFjdCBvbjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1 NzE0ODM4OTkiPg0KdGhlIHByb2JsZW0sIHRob3VnaCBzb21lIHBlb3BsZSBzZWVtIHRvIGJlIHRo aW5raW5nIGFsb25nIHRoZSByaWdodCBkaXJlY3Rpb25zLjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9 InlpdjQ1NzE0ODM4OTkiPg0KSXQncyBhIHRvdWdoIHByb2JsZW0uPGJyIGNsZWFyPSJub25lIiBj bGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgz ODk5Ij4NCi1UaW08YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjxiciBj bGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPGJyIGNsZWFyPSJub25lIiBjbGFz cz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YmxvY2txdW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlw ZT0iY2l0ZSI+LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnIgY2xlYXI9Im5vbmUiIGNsYXNz PSJ5aXY0NTcxNDgzODk5Ij4NCkZyb206IHNhYWcgJmx0O3NhYWctYm91bmNlc0BpZXRmLm9yZyZn dDsgT24gQmVoYWxmIE9mIEFkYW0gTW9udHZpbGxlPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2 NDU3MTQ4Mzg5OSI+DQpTZW50OiBTdW5kYXksIEp1bHkgMjIsIDIwMTggODowNSBBTTxiciBjbGVh cj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KVG86IEpvaG4gUi4gTGV2aW5lICZsdDtq b2hubEBpZWNjLmNvbSZndDs8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4N CkNjOiBzYWFnQGlldGYub3JnPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+ DQpTdWJqZWN0OiBSZTogW3NhYWddIHN0b3BwaW5nIChodHRwcykgcGhpc2hpbmc8YnIgY2xlYXI9 Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9Inlp djQ1NzE0ODM4OTkiPg0KV2hldGhlciBhIFdHIG9yIGFuIFJHLCBJ4oCZZCBiZSBpbnRlcmVzdGVk IGluIGhlbHBpbmcgaGVyZS48YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4N CjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KT24gSnVsIDIxLCAyMDE4 LCBhdCA4OjAwIFBNLCBKb2huIFIuIExldmluZSAmbHQ7am9obmxAaWVjYy5jb20mZ3Q7IHdyb3Rl OjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPGJyIGNsZWFyPSJub25l IiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YmxvY2txdW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5 OSIgdHlwZT0iY2l0ZSI+DQo8YmxvY2txdW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlwZT0i Y2l0ZSI+SSBmb3Igb25lIHdvdWxkIHJlYWxseSBsaWtlIHRvIHNlZSB0aGUgSUVURiBzZXR1cCBh IHdvcmtpbmcgZ3JvdXAgZm9yIHRoaXM8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgz ODk5Ij4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCnNwZWNpZmljIHRvcGljLCBpdCB3 b3VsZCBiZSBnb29kIHRvIHdvcmsgdGhyb3VnaCB0aGlzIGFuZCBmaW5kIGEgc29sdXRpb24gdGhh dDxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0Kd29ya3MuIEkgd291bGQg YmUgd2lsbGluZyB0byBoZWxwIG91dCBoZXJlIGFuZCB3aWxsIGRlZGljYXRlIHRpbWUgdG8gdGhp cyBlZmZvcnQuPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YmxvY2tx dW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlwZT0iY2l0ZSI+PGJyIGNsZWFyPSJub25lIiBj bGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpJIGRvbid0IHRoaW5rIHRoZXJlIGlzIGVub3VnaCBzdHVm ZiBoZXJlIHRvIG1lcml0IFdHLiAmbmJzcDtQZXJoYXBzIHRhbGsgdG8gdGhlIElSVEY8YnIgY2xl YXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjwvYmxvY2txdW90ZT4NCmFib3V0IGFu IFJHIHRvIGV4cGxvcmUgaWRlYXMgbm90IHJlYWR5IHRvIHN0YW5kYXJkaXplLjxiciBjbGVhcj0i bm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPGJsb2NrcXVvdGUgY2xhc3M9InlpdjQ1NzE0 ODM4OTkiIHR5cGU9ImNpdGUiPjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTki Pg0KPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YmxvY2txdW90ZSBj bGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlwZT0iY2l0ZSI+PGJyIGNsZWFyPSJub25lIiBjbGFzcz0i eWl2NDU3MTQ4Mzg5OSI+DQpCcmV0PGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5 OSI+DQo8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NClNlbnQgZnJvbSBt eSBDb21tb2RvcmUgMTI4RDxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0K PGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpQR1AgRmluZ2VycHJpbnQ6 IDYzQjQgRkM1MyA2ODBBIDZCN0QgMTQ0NyAmbmJzcDtGMkMwIDc0RjggQUNBRSA3NDE1IDAwNTA8 YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjxiciBjbGVhcj0ibm9uZSIg Y2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPGJsb2NrcXVvdGUgY2xhc3M9InlpdjQ1NzE0ODM4OTki IHR5cGU9ImNpdGUiPk9uIEp1bCAyMSwgMjAxOCwgYXQgMjo0MCBQTSwgSm9obiBSLiBMZXZpbmUg Jmx0O2pvaG5sQGllY2MuY29tJmd0OyB3cm90ZTo8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0 NTcxNDgzODk5Ij4NCjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KT24g U2F0LCAyMSBKdWwgMjAxOCwgSGVucnkgU3Rvcnkgd3JvdGU6PGJyIGNsZWFyPSJub25lIiBjbGFz cz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YmxvY2txdW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlw ZT0iY2l0ZSI+DQo8YmxvY2txdW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlwZT0iY2l0ZSI+ SG93IHdvdWxkIHRoaXMgSVdvVCBkaWZmZXIgZnJvbSB3aGF0IENBcyB3ZXJlIHN1cHBvc2VkIHRv IGRvPzxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPC9ibG9ja3F1b3Rl Pg0KPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpUaGF0IGlzIGVhc3ku IElXb1Qgd291bGQgYmUgYmFzZWQgb24gaW5zdGl0dXRpb25zIHRoYXQgdGllIGludG88YnIgY2xl YXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCm5hdGlvbiBvciByZWdpb24gYmFzZWQg bG9jYWwgcmVnaXN0cmllcyB0aGF0IHRpZSBpbnRvIG5hdGlvbmFsIGFuY2hvcnMgdGhhdDxiciBj bGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9j a3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KbWF5IHRpZSBpbnRvIGZlZGVy YWwgb25lcyAoYXMgaW4gdGhlIFVTQSwgb3IgR2VybWFueSkuPGJyIGNsZWFyPSJub25lIiBjbGFz cz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YmxvY2txdW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlw ZT0iY2l0ZSI+DQo8YmxvY2txdW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlwZT0iY2l0ZSI+ DQo8YmxvY2txdW90ZSBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSIgdHlwZT0iY2l0ZSI+PGJyIGNsZWFy PSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpUaGlzIHNvdW5kcyBhIGxvdCBsaWtlIHRo ZSBpbmR1c3RyeS1zcGVjaWZpYyBDQXMgSSBwcm9wb3NlZCwgb25seSB0aGlzPGJyIGNsZWFyPSJu b25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+ DQo8L2Jsb2NrcXVvdGU+DQpkZXBlbmRzIG9uIGEgZ3JlYXQgZGVhbCBvZiBzb2Z0d2FyZSB0aGF0 IGRvZXMgbm90IGV4aXN0IGFuZCBwcm9iYWJseSBuZXZlcjxiciBjbGVhcj0ibm9uZSIgY2xhc3M9 InlpdjQ1NzE0ODM4OTkiPg0Kd2lsbC48YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgz ODk5Ij4NCjxibG9ja3F1b3RlIGNsYXNzPSJ5aXY0NTcxNDgzODk5IiB0eXBlPSJjaXRlIj4NCjxi bG9ja3F1b3RlIGNsYXNzPSJ5aXY0NTcxNDgzODk5IiB0eXBlPSJjaXRlIj4NCjxibG9ja3F1b3Rl IGNsYXNzPSJ5aXY0NTcxNDgzODk5IiB0eXBlPSJjaXRlIj48YnIgY2xlYXI9Im5vbmUiIGNsYXNz PSJ5aXY0NTcxNDgzODk5Ij4NClIncyw8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgz ODk5Ij4NCkpvaG48YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjxiciBj bGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX188YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcx NDgzODk5Ij4NCnNhYWcgbWFpbGluZyBsaXN0PGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3 MTQ4Mzg5OSI+DQpzYWFnQGlldGYub3JnPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4 Mzg5OSI+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NhYWc8YnIgY2xl YXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGVh cj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsZWFy PSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpSZWdhcmRzLDxiciBjbGVhcj0ibm9uZSIg Y2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KSm9obiBMZXZpbmUsIGpvaG5sQGllY2MuY29tLCBQcmlt YXJ5IFBlcnBldHJhdG9yIG9mICZxdW90O1RoZSBJbnRlcm5ldCBmb3I8YnIgY2xlYXI9Im5vbmUi IGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCkR1bW1pZXMmcXVvdDssIFBsZWFzZSBjb25zaWRlciB0 aGUgZW52aXJvbm1lbnQgYmVmb3JlIHJlYWRpbmcgdGhpcyBlLW1haWwuPGJyIGNsZWFyPSJub25l IiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpodHRwczovL2psLmx5PGJyIGNsZWFyPSJub25lIiBj bGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQo8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgz ODk5Ij4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJy IGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpzYWFnIG1haWxpbmcgbGlzdDxi ciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0Kc2FhZ0BpZXRmLm9yZzxiciBj bGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcv bWFpbG1hbi9saXN0aW5mby9zYWFnPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5 OSI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5 Ij4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNs ZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpzYWFnIG1haWxpbmcgbGlzdDxiciBj bGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0Kc2FhZ0BpZXRmLm9yZzxiciBjbGVh cj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFp bG1hbi9saXN0aW5mby9zYWFnPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+ DQo8L2Jsb2NrcXVvdGU+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXzxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0Kc2FhZyBtYWls aW5nIGxpc3Q8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCnNhYWdAaWV0 Zi5vcmc8YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCmh0dHBzOi8vd3d3 LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2FhZzxiciBjbGVhcj0ibm9uZSIgY2xhc3M9Inlp djQ1NzE0ODM4OTkiPg0KPGJyIGNsZWFyPSJub25lIiBjbGFzcz0ieWl2NDU3MTQ4Mzg5OSI+DQpf X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxiciBjbGVhcj0i bm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0Kc2FhZyBtYWlsaW5nIGxpc3Q8YnIgY2xlYXI9 Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCnNhYWdAaWV0Zi5vcmc8YnIgY2xlYXI9Im5v bmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4v bGlzdGluZm8vc2FhZzxiciBjbGVhcj0ibm9uZSIgY2xhc3M9InlpdjQ1NzE0ODM4OTkiPg0KPC9k aXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSJ5 aXY0NTcxNDgzODk5eXF0MzgwNzUyNDkxNCIgaWQ9InlpdjQ1NzE0ODM4OTl5cXRmZDk4NDI5Ij48 YnIgY2xlYXI9Im5vbmUiIGNsYXNzPSJ5aXY0NTcxNDgzODk5Ij4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX188YnIgY2xhc3M9IiI+DQpzYWFnIG1haWxpbmcgbGlz dDxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Im1haWx0bzpzYWFnQGlldGYub3JnIiBjbGFzcz0iIj5z YWFnQGlldGYub3JnPC9hPjxiciBjbGFzcz0iIj4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxt YW4vbGlzdGluZm8vc2FhZzxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9k aXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0 bWw+DQo= --_000_62EE2E0FDD144282A6458E946AEA7AE7sotonacuk_-- From nobody Thu Oct 18 11:14:05 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FE1B130DD1 for ; Thu, 18 Oct 2018 11:14:04 -0700 (PDT) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...] X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zclXa3VodPum for ; Thu, 18 Oct 2018 11:14:02 -0700 (PDT) Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D3191286D9 for ; Thu, 18 Oct 2018 11:14:02 -0700 (PDT) X-AuditID: 1209190d-38fff7000000506f-a5-5bc8cd69c963 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 96.CF.20591.96DC8CB5; Thu, 18 Oct 2018 14:14:01 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.14.7/8.9.2) with ESMTP id w9IIDxBp025115 for ; Thu, 18 Oct 2018 14:14:00 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id w9IIDu2T012361 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 18 Oct 2018 14:13:59 -0400 Date: Thu, 18 Oct 2018 13:13:56 -0500 From: Benjamin Kaduk To: saag@ietf.org Message-ID: <20181018181356.GS19309@kduck.kaduk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrNIsWRmVeSWpSXmKPExsUixCmqrZt59kS0wfRpEhZT+juZHBg9liz5 yRTAGMVlk5Kak1mWWqRvl8CV8WPPXNaCHsaK742n2BoY07oYOTkkBEwk9i1pZ+9i5OIQEljD JHHrwQJWkISQwFFGiZtXWSESH4ESZ74wdjFycLAIqEqsmBwGUsMmoCLR0H2ZGcQWERCUeNA3 iQWkRFhAXmLC9nyQMC/Q/K0LjzFD2IISJ2c+YQGxmQW0JG78e8kEUs4sIC2x/B8HSFhUQFli b98h9gmMvLOQdMxC0jELoWMBI/MqRtmU3Crd3MTMnOLUZN3i5MS8vNQiXSO93MwSvdSU0k2M 4BCS5N3B+O+u1yFGAQ5GJR7eE8dPRAuxJpYVV+YeYpTkYFIS5c2YBhTiS8pPqcxILM6ILyrN SS0+xCjBwawkwvt1O1CONyWxsiq1KB8mJc3BoiTOO6FlcbSQQHpiSWp2ampBahFMVoaDQ0mC d9kZoEbBotT01Iq0zJwShDQTByfIcB6g4YkgNbzFBYm5xZnpEPlTjMYcK77/nc7MsQpECrHk 5eelSonzioKUCoCUZpTmwU0DpQGJ7P01rxjFgZ4T5n0LUsUDTCFw814BrWICWnXCFGxVSSJC SqqBMebYiqA157ddzWu5c/Tryf0/bWpfSnR8YHjNGiMcxeqQ0dxRs+xf3rJsUVOpzE4znnOC zy+bOQSc+tBp6am7bNVdlwyXczU/Pcwsf7CuDpyTw7Nmw+uvfjYpIu9PNF77ZBwgkpouku/+ TfjlE9v2uan3Nkrenv57mmT5O7vQS+lLduQt2Lt9ohJLcUaioRZzUXEiAOfnMTTeAgAA Archived-At: Subject: [saag] IETF 103 agenda topics X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2018 18:14:04 -0000 Hi folks, If you have a topic to propose for the SAAG session at IETF 103 in Bangkok, please let the Ekr and I know. Thanks, Ben From nobody Tue Oct 23 09:52:08 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5643A1277D2 for ; Tue, 23 Oct 2018 09:52:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11PpIDVGv67Q for ; Tue, 23 Oct 2018 09:52:05 -0700 (PDT) Received: from mail-vs1-xe2a.google.com (mail-vs1-xe2a.google.com [IPv6:2607:f8b0:4864:20::e2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED21D130E3D for ; Tue, 23 Oct 2018 09:52:04 -0700 (PDT) Received: by mail-vs1-xe2a.google.com with SMTP id e206so1311106vsd.0 for ; Tue, 23 Oct 2018 09:52:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8oH3yJHo9ZjbAEICPjYVNkqcSxYAB+Dl/dcAKaMC6fU=; b=fbvNDTjt2TXssT+tulFJUywwf49L2Y3DZH0C2pkNQzjMBfpV0ugpuOPHKch4nZYPtw 17ZkjHBPhLytmdySxGb27IB9rMh9Zv1TE5zQgUBvQIsZe8n7mWyRNeKUA0x/1+dB+vgl kfZiDySnu6Fwo1rpmxtUGIgJ4W9RlYwAs+WzY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8oH3yJHo9ZjbAEICPjYVNkqcSxYAB+Dl/dcAKaMC6fU=; b=FlCdLRkotXRlK/JajsoMH35mWB1lr4VDAUrkMQyB4EbuDq+db+Slb3XRNnnfkqFCqU oAqt9W7w5rY7pX+F8FCbHC3TLLx6w1C9EpJp0cK14vMX7kO9duUak1NRE7NeRFsJIZZj VOmD94LBJfwWE+MpT9r0tGUXfdcW3DGdXih7sM6QhWacdibosnPadsLMHImtklMJEAll 8x4xwQm85kSC+RfQE0TjC4TVZm1+VRY5f/+hoT3/wW5IK9B8i82Eygz6FqnQeGCNxhoQ 23JW08t7kSSb2hHki1g7HdAv5MbXS7PFdp/K3JJaWMp2Q3A/XqQ7eBezKsmq1UyMtkpz Mw6g== X-Gm-Message-State: ABuFfojhNJpmHJMh8/8TdMB2MuRtbGgugGbiSr3LuXYFdv01e2FxOEfk eVwKSV6Hu1Km0ldkhaJmEvWffyjgRKlFVaY+c9UTgQ== X-Google-Smtp-Source: ACcGV63jCPjYth9toOJkdXf+87p8ow6N7DQ5sPyEvHZy8pv/4XiISVSz9DCIamFoMToZf8EvlDUPpDQHHfwiPkdCcyQ= X-Received: by 2002:a67:a85c:: with SMTP id r89mr21126161vse.12.1540313523676; Tue, 23 Oct 2018 09:52:03 -0700 (PDT) MIME-Version: 1.0 References: <20181018181356.GS19309@kduck.kaduk.org> In-Reply-To: <20181018181356.GS19309@kduck.kaduk.org> From: Joseph Lorenzo Hall Date: Tue, 23 Oct 2018 12:51:52 -0400 Message-ID: To: kaduk@mit.edu Cc: saag@ietf.org, Stan Adams Content-Type: multipart/alternative; boundary="0000000000006c04b90578e8307d" Archived-At: Subject: Re: [saag] IETF 103 agenda topics X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2018 16:52:07 -0000 --0000000000006c04b90578e8307d Content-Type: text/plain; charset="UTF-8" On Thu, Oct 18, 2018 at 2:14 PM Benjamin Kaduk wrote: > Hi folks, > > If you have a topic to propose for the SAAG session at IETF 103 in Bangkok, > please let the Ekr and I know. > Heya, I've been working on IASA2 stuff for the past many months... but in the meantime I had CDTer Stan Adams take a shot at reorganizing the ID we've worked on that discusses technical censorship techniques from a protocol perspective. We won't be in Bangkok -- we work on US election cybersecurity and that week is Election week here in the USA -- and I suspect there is a lot of work left to do on the draft, but I wanted to get this on people's radar for the new year. We have a repo that I am more than happy to add issues to or take PRs against: https://datatracker.ietf.org/doc/draft-hall-censorship-tech/06/ https://github.com/josephlhall/rfc-censorship-tech As you can imagine, we want this to be helpful to protocol designers in terms of providing a one-stop reference for past techniques and research results into blocking and shaping that affects users. Cheers, Joe -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 --0000000000006c04b90578e8307d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Thu, Oct 18, 2018 at 2:14 P= M Benjamin Kaduk <kaduk@mit.edu>= wrote:
Hi folks= ,

If you have a topic to propose for the SAAG session at IETF 103 in Bangkok,=
please let the Ekr and I know.

Heya, I&= #39;ve been working on IASA2 stuff for the past many months...
but in the meantime I had CDTer Stan Adams take a shot at reor= ganizing the ID we've worked on that discusses technical censorship tec= hniques from a protocol perspective. We won't be in Bangkok -- we work = on US election cybersecurity and that week is Election week here in the USA= -- and I suspect there is a lot of work left to do on the draft, but I wan= ted to get this on people's radar for the new year.

We have a repo that I am more than happy to add issues to or take PRs= against:


As you can imagine, we want this to be = helpful to protocol designers in terms of providing a one-stop reference fo= r past techniques and research results into blocking and shaping that affec= ts users.

Cheers, Joe

--
Joseph L= orenzo Hall
Chief Technologist, Center for Democracy & Technology [<= a href=3D"https://www.cdt.org" target=3D"_blank">https://www.cdt.org]1401 K ST NW STE 200, Washington DC 20005-3497
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.or= g/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 =C2=A01607 5F86 6987= 40A9 A871

--0000000000006c04b90578e8307d-- From nobody Mon Oct 29 12:28:18 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE4EF13106F for ; Mon, 29 Oct 2018 12:28:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.469 X-Spam-Level: X-Spam-Status: No, score=-2.469 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XTO_ZI8vhq_6 for ; Mon, 29 Oct 2018 12:28:13 -0700 (PDT) Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110139.outbound.protection.outlook.com [40.107.11.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51CCA1252B7 for ; Mon, 29 Oct 2018 12:28:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/xG/6J2r0C9AwoolCnPG3u7AiBBPk9ng7CEOmnjYhsw=; b=be0OJezgzKHgwnvkx3kEPkHmy3YKqyy9+L6o6N0XJxISCn2XvXPYf1HQDJ3ZDMsYkKGmR/JQYhowsmvtfgfpMPPD//RoRAT7mKW5lG+7Vzu/EbEwx/GzZJYRfCUWM1SKTacMPrR87PhMf0FRYyFTj9St3EUFSyxWL851Tnfwyx8= Received: from LO1P123MB1412.GBRP123.PROD.OUTLOOK.COM (10.167.30.18) by LO1P123MB1265.GBRP123.PROD.OUTLOOK.COM (10.167.29.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.22; Mon, 29 Oct 2018 19:28:10 +0000 Received: from LO1P123MB1412.GBRP123.PROD.OUTLOOK.COM ([fe80::18ad:7abf:1847:ff50]) by LO1P123MB1412.GBRP123.PROD.OUTLOOK.COM ([fe80::18ad:7abf:1847:ff50%2]) with mapi id 15.20.1273.027; Mon, 29 Oct 2018 19:28:10 +0000 From: Mark O To: "saag@ietf.org" Thread-Topic: SMART side-meeting at IETF 103 Thread-Index: AdRvvQzR8KL0mPepTFahy7ODfylMbw== Date: Mon, 29 Oct 2018 19:28:10 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mark.O@ncsc.gov.uk; x-originating-ip: [51.141.26.231] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; LO1P123MB1265; 6:2pTP7KNsd0lrPPlLHbEeWO1p3fkfik43no1CSFfwd8nNy42bIzTl1kwPnb6gHk4Lirhhz3vk3CA+raCiZlnqGxhgcCF0FEVAjNG+oObcSJCT1z3euBe5F3AkVKgSx0q4a6/AGn5+slEujxLSjhdqiKVaC1AiEw98TnK1rLulDKJO2DvxOCfoG6cI7WrIVfSmnhV+bHayYkl+3Pz/6ZTo7STSFPcMpLJFukBdV+Lf2CMnzomNpiIdGrQbWcHOxm5pfzjGZUuYc1Fe1psYNeuChJKdXV6CYVgT077UG/ixhcSafN6omY2ZD1xOrEEo0WrY/5jJPy4SBH867wKJYMxF9Ia8imggGIXsJibvt9OxRCVtjpdfMbgSjkHhynvw3z/EfO+TlNtWxS85RjgARfzuKe0+FcsfnCVdCSkAJxD2z0pZvwWC+TnKvSbtHAZj+hoi1YhasllIH+IVBuvF8l4kqQ==; 5:px3Nenm5GJMQWFajyipqK4uu4tayR1h03FDMSQ+VIivAoteVRrx6z+W6GYyaTgx7nmKmLkQejIQG/StzswVTjf7FLEhbmUQUvrBNlvbwTAEWUA63AZPU6E6aswCPtPOiaYkxBZ0LWD8nX2J7NdmbvJD3oiNwUqNEyIPBMpoO5js=; 7:8u0psTcTgO4LuWDdTeGBmfp3zlXb4rOsbeGvfYaa7a36vgq1YPOKhH70YRioUJ232de7hd1zh4EvInUabzbfcAGu29LidmRvFjtH/PwNCZkgoUmmrbEemnbWua9j06L/9t0O5dTjDoLbfa1juNX9Sg== x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: d56dd2cc-2e75-49f6-9a9a-08d63dd4a95c x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:LO1P123MB1265; x-ms-traffictypediagnostic: LO1P123MB1265: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(27231711734898)(21748063052155)(28532068793085)(190501279198761)(227612066756510); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231382)(944501410)(52105095)(148016)(149066)(150057)(6041310)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:LO1P123MB1265; BCL:0; PCL:0; RULEID:; SRVR:LO1P123MB1265; x-forefront-prvs: 084080FC15 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400004)(136003)(366004)(376002)(396003)(346002)(497574002)(189003)(199004)(7696005)(25786009)(186003)(6916009)(476003)(486006)(72206003)(71190400001)(66574009)(478600001)(71200400001)(75922002)(6506007)(8676002)(8936002)(256004)(81156014)(99286004)(2900100001)(26005)(5660300001)(86362001)(1730700003)(5630700001)(81166006)(5640700003)(3846002)(55016002)(2906002)(9686003)(6436002)(68736007)(5250100002)(790700001)(97736004)(6306002)(2501003)(53936002)(54896002)(6116002)(105586002)(7736002)(66066001)(106356001)(55236004)(102836004)(2351001)(74316002)(316002)(33656002)(74482002)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:LO1P123MB1265; H:LO1P123MB1412.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts) x-microsoft-antispam-message-info: iC0pSM23uVY8DYgm4oD0Ow0xGA5tydAXzujfDv4t+yrClqc5ZvZFW4FaxEGq4PlYKIV+fkVISwPTvvG5Ev98hgjnXHR4k0VMDlz7iq8ljU0+RFCiCNhAXukEDK6B+3TVEzbKRIqb46jji1AqyQFOsttwNgq46kc9k9cL4QeuUCR9QrmMaLG6Nvw8sZ8pBJfeXeoYyBpTMQ4KI2t9/1Kbnxwnar8b1FsJwSl/vBHFt46Kj3htzsnvfMqfkejGj8m1DWNbZHiTaqVlJABhc6Qd3fyGKJKvp+1qXMMpZzMobVreS6/u/zodNQQxs1LwSK3QZVyLpVFWokpBBlLJ92WzigNYzrUYlTWrY4/45Sonav4= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_LO1P123MB14125B7732015DF9AACB044CD3F30LO1P123MB1412GBRP_" MIME-Version: 1.0 X-OriginatorOrg: ncsc.gov.uk X-MS-Exchange-CrossTenant-Network-Message-Id: d56dd2cc-2e75-49f6-9a9a-08d63dd4a95c X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2018 19:28:10.1832 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1 X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO1P123MB1265 Archived-At: Subject: [saag] SMART side-meeting at IETF 103 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Oct 2018 19:28:16 -0000 --_000_LO1P123MB14125B7732015DF9AACB044CD3F30LO1P123MB1412GBRP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The SMART (Stopping Malware And Researching Threats) proposed RG will hold = a planning meeting at IETF 103 in Bangkok. This is a side-meeting and not o= fficially on the IETF agenda, however anyone with an interest in contributi= ng to the proposed RG is welcome to attend. Agenda: Discussion of aims of SMART Relationship with other existing/proposed WGs/RGs CARIS2 workshop call for submissions Charter discussion First year goals As it's a side-meeting, unfortunately there will not be a remote attendance= option. However if you're interested in the group but unable to attend in = person, please get in touch anyway to discuss how you might be able to part= icipate. The meeting will take place at 18:15-19:15 on Thursday 8th November in the = Pagoda Room (4th Floor). Afterwards we may move to a bar, venue TBA! This information is exempt under the Freedom of Information Act 2000 (FOIA)= and may be exempt under other UK information legislation. Refer any FOIA q= ueries to ncscinfoleg@ncsc.gov.uk --_000_LO1P123MB14125B7732015DF9AACB044CD3F30LO1P123MB1412GBRP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The SMART (Stopping Malware And Researching Threats)= proposed RG will hold a planning meeting at IETF 103 in Bangkok. This is a= side-meeting and not officially on the IETF agenda, however anyone with an= interest in contributing to the proposed RG is welcome to attend.

 

Agenda:
Discussion of aims of SMART

Relationship with other existing/proposed WGs/RGs

CARIS2 workshop call for submissions

Charter discussion

First year goals

 

As it’s a side-meeting, unfortunately there wi= ll not be a remote attendance option. However if you’re interested in= the group but unable to attend in person, please get in touch anyway to di= scuss how you might be able to participate.

 

The meeting will take place at 18:15-19:15 on Thursd= ay 8th November in the Pagoda Room (4th Floor). After= wards we may move to a bar, venue TBA!

 

 

 

 

 

 

This information is exempt under the Freedom of Information Act 2000 (FOIA)= and may be exempt under other UK information legislation. Refer any FOIA q= ueries to ncscinfoleg@ncsc.gov.uk --_000_LO1P123MB14125B7732015DF9AACB044CD3F30LO1P123MB1412GBRP_-- From nobody Wed Oct 31 04:58:18 2018 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 382A9130DC1; Wed, 31 Oct 2018 04:58:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9RxPJhVOV8XO; Wed, 31 Oct 2018 04:58:13 -0700 (PDT) Received: from virgo01.ee.ethz.ch (virgo01.ee.ethz.ch [129.132.2.226]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DDDE12D4E7; Wed, 31 Oct 2018 04:58:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by virgo01.ee.ethz.ch (Postfix) with ESMTP id 42lRg71401zMmhT; Wed, 31 Oct 2018 12:58:11 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at virgo01.ee.ethz.ch Received: from virgo01.ee.ethz.ch ([127.0.0.1]) by localhost (virgo01.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CvoY16BL92uo; Wed, 31 Oct 2018 12:58:09 +0100 (CET) X-MtScore: NO score=0 Received: from [192.168.178.24] (mue-88-130-61-252.dsl.tropolys.de [88.130.61.252]) by virgo01.ee.ethz.ch (Postfix) with ESMTPSA; Wed, 31 Oct 2018 12:58:09 +0100 (CET) From: =?utf-8?Q?Mirja_K=C3=BChlewind?= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Message-Id: Date: Wed, 31 Oct 2018 12:58:08 +0100 Cc: Dave Plonka To: saag@ietf.org, tls@ietf.org X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: [saag] maprg session on Tue Nov 6, 1610-1810 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Oct 2018 11:58:15 -0000 Hi security folks! I just wanted to point you at our next maprg session in Bangkok as we = have a couple of security relevant presentations on the agenda, e.g. The Rise of Certificate Transparency and Its Implications on the = Internet Ecosystem (by Matthias W=C3=A4hlisch) Is the Web Ready for OCSP Must Staple? (Nick Sullivan) Both of these talks are at the end of the session, so maybe if = secdispatch finishes early, you maybe able to make it! The maprg session is=20 Tuesday, 6 November 2018, Afternoon Session II 1610-1810 Room Name: Chitlada 1 See you there! Mirja (chair)