From nobody Tue Mar 5 07:57:16 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02027130F97; Tue, 5 Mar 2019 07:57:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.879 X-Spam-Level: X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.018, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6Abn_DC4g2C; Tue, 5 Mar 2019 07:57:10 -0800 (PST) Received: from mail-ot1-f44.google.com (mail-ot1-f44.google.com [209.85.210.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88E33130F70; Tue, 5 Mar 2019 07:57:10 -0800 (PST) Received: by mail-ot1-f44.google.com with SMTP id m1so7827793otf.5; Tue, 05 Mar 2019 07:57:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=GdfHS9xwZOtBFRPCZAhX2Uu6gwt07uCPT2f8Tcd7XkE=; b=Xz79b9tNfwBre0ZSmwkKKxpf6HvU/9PNDGrE9EQgUSmeZQ1cofJHmVm1Lp1KYyidn1 lukW8ALYnqoWkz0j100sJmgDygMbVddZO6J6ONKZxiduloFmav07zu3hue3cK/06ljmB zTmOsOx5rK1lyNY57XyIR8m5JFac0M1Vx+Owyf8bol2iBmiyptGOJaT/bOXh7wlQVw1a +8v0DptYU6u5OeJ2TFG1id0eNaxFQvJaz4EkvlYxbatkO5lUk9wJDyI+jk7c8nv2zjwW XD+NdrNmYHEm4619YUG7oFfHjdpiUcY6qHVM1J+T/ksjLwO4YbqYkEBMvJTGWcclM/8F q+8w== X-Gm-Message-State: APjAAAW7WvG4+8a8nAmMV+dU3GQaC9lM3nqOGSzNkZgTmn6TzUQudrbC jPSxACLRrmQqiqDQvCjodsF3DpYolAVVHSZRAxt2LuHb X-Google-Smtp-Source: APXvYqxblFjsCrMykdEjLZDZklxkuiU2GL0Qnp921TfkyZgheOtXo+vCBOLlA01AlOEzR9Zl0rdi3hS80PiCjavxK8I= X-Received: by 2002:a9d:12cb:: with SMTP id g69mr1387959otg.150.1551801428668; Tue, 05 Mar 2019 07:57:08 -0800 (PST) MIME-Version: 1.0 From: Phillip Hallam-Baker Date: Tue, 5 Mar 2019 10:57:00 -0500 Message-ID: To: saag@ietf.org, secdispatch@ietf.org Content-Type: multipart/alternative; boundary="000000000000eaf76b05835aece8" Archived-At: Subject: [saag] A way to bootstrap post Quantum key distribution. X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2019 15:57:14 -0000 --000000000000eaf76b05835aece8 Content-Type: text/plain; charset="UTF-8" Let us say for the sake of argument someone managed to build a working computer capable of breaking RSA and released it this week. What would we do? As things stand, we have no post quantum public key algorithm for encryption. We have hash signatures of course but the only scheme we need for encryption is Kerberos. And we would need some means of bootstrap. [Yes, CAs become KDCs, uggggly. If you have a better plan, put it on the table.] One of the schemes I have developed as part of my UDF project is an encryption key presented as a QR code that is used to form a locator. It occurred to me that this scheme could be used to bootstrap a kerberos scheme by using the postal mail as out of band key distribution. The spec is submitted as an internet draft of course but it is much easier to read in the HTML format as the superscripts and such are preserved in the math: http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html This is not what I designed the scheme for of course. The original application was to enable people to pay bills by putting a QR code on the paper invoice. The real point of electronic bill payment being to encourage prompt payment rather than to save the postage (though the QR code version could bootstrap that as well). It seems to me that it is more likely governments will fund research into disaster preparation schemes lest quantum happen than the bill payment application. But encouraging use of the Encrypted QR Codes would serve disaster prep as well as payment. The scheme is unencumbered as far as I am aware. I discussed the idea with people as far back as when I was with W3C. It wasn't interesting then as we didn't all carry barcode scanners with us all the time in those days. --000000000000eaf76b05835aece8 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Let us say for the sake of argument someone managed to build = a working computer capable of breaking RSA and released it this week. What = would we do?
As things st= and, we have no post quantum public key algorithm for encryption. We have h= ash signatures of course but the only scheme we need for encryption is Kerb= eros. And we would need some means of bootstrap.

[Yes, CAs become KDCs, uggggly. If you have a bette= r plan, put it on the table.]

One of the schemes I have developed as part of my UDF project is an en= cryption key presented as a QR code that is used to form a locator. It occu= rred to me that this scheme could be used to bootstrap a kerberos scheme by= using the postal mail as out of band key distribution.

The spec is submitted as an internet draft o= f course but it is much easier to read in the HTML format as the superscrip= ts and such are preserved in the math:

http://mathme= sh.com/Documents/draft-hallambaker-mesh-udf.html


This is not what I designed the scheme for of course. Th= e original application was to enable people to pay bills by putting a QR co= de on the paper invoice. The real point of electronic bill payment being to= encourage prompt payment rather than to save the postage=C2=A0 (though the= QR code version could bootstrap that as well).

It seems to me that it is mor= e likely governments will fund research into disaster preparation schemes l= est quantum happen than the bill payment application. But encouraging use o= f the Encrypted QR Codes would serve disaster prep as well as payment.

The sc= heme is unencumbered as far as I am aware. I discussed the idea with people= as far back as when I was with W3C. It wasn't interesting then as we d= idn't all carry barcode scanners with us all the time in those days.
--000000000000eaf76b05835aece8-- From nobody Thu Mar 7 05:54:16 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42C92124184; Thu, 7 Mar 2019 05:54:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WpfRMqpQoWZ; Thu, 7 Mar 2019 05:54:00 -0800 (PST) Received: from softronics.hoeneisen.ch (softronics.hoeneisen.ch [62.2.86.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CA0612008F; Thu, 7 Mar 2019 05:54:00 -0800 (PST) Received: from localhost ([127.0.0.1]) by softronics.hoeneisen.ch with esmtp (Exim 4.86_2) (envelope-from ) id 1h1tTC-00057W-5y; Thu, 07 Mar 2019 14:53:58 +0100 Date: Thu, 7 Mar 2019 14:53:58 +0100 (CET) From: Bernie Hoeneisen X-X-Sender: bhoeneis@softronics.hoeneisen.ch To: IETF DISPATCH list , IETF SEC DISPATCH list , IETF SAAG list Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: bernie@ietf.hoeneisen.ch X-SA-Exim-Scanned: No (on softronics.hoeneisen.ch); SAEximRunCond expanded to false Archived-At: Subject: [saag] New Version Notification for draft-birk-pep-03.txt X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2019 13:54:03 -0000 Please be informed that an update of the Internet-Draft draft-birk-pep-03 has just been published (see also below). It describes in general how pEp (pretty Easy privacy) works and it serves as a starting point for the MEDUP (Missing Elements for Decentralized and Usable Privacy) discussions. Discussion of this Internet-Draft and other pEp related matters is taking place on the new MEDUP mailing list (medup@ietf.org) from now on. To subscribe: https://www.ietf.org/mailman/listinfo/medup Looking forward to all your comments and feedback on the new MEDUP mailing list! All the best, Bernie ---------- Forwarded message ---------- Date: Thu, 7 Mar 2019 14:15:11 From: internet-drafts@ietf.org Subject: New Version Notification for draft-birk-pep-03.txt A new version of I-D, draft-birk-pep-03.txt has been successfully submitted by Hernani Marques and posted to the IETF repository. Name: draft-birk-pep Revision: 03 Title: pretty Easy privacy (pEp): Privacy by Default Document date: 2019-03-07 Group: Individual Submission Pages: 31 URL: https://www.ietf.org/internet-drafts/draft-birk-pep-03.txt Status: https://datatracker.ietf.org/doc/draft-birk-pep/ Htmlized: https://tools.ietf.org/html/draft-birk-pep-03 Htmlized: https://datatracker.ietf.org/doc/html/draft-birk-pep Diff: https://www.ietf.org/rfcdiff?url2=draft-birk-pep-03 Abstract: The pretty Easy privacy (pEp) protocols describe a set of conventions for the automation of operations traditionally seen as barriers to the use and deployment of secure end-to-end interpersonal messaging. These include, but are not limited to, key management, key discovery, and private key handling (including peer-to-peer synchronization of private keys and other user data across devices). pEp also introduces means to verify communication peers and proposes a trust-rating system to denote secure types of communications and signal the privacy level available on a per-user and per-message level. Significantly, the pEp protocols build on already available security formats and message transports (e.g., PGP/MIME), and are written with the intent to be interoperable with already widely-deployed systems in order to facilitate and ease adoption and implementation. This document outlines the general design choices and principles of pEp. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat From nobody Thu Mar 7 18:17:05 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA5AD131110 for ; Thu, 7 Mar 2019 18:17:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wLiUXbtaM4yr for ; Thu, 7 Mar 2019 18:17:01 -0800 (PST) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770103.outbound.protection.outlook.com [40.107.77.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AD50126F72 for ; Thu, 7 Mar 2019 18:17:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GamAHX8hgk216ydvbaFbpUzevqfyZXHvKktweKfRBV8=; b=vd/sdMU6ZhR7IIjdwfmQfe60oY/ToAiubffBAMaeccr3E2cQt2+HukzsYkFOV/6yxKbCHsCgs768kjfZMzMkRCt3I8Q7lo3hEckKK0vKDOf2l34L/J9UEizZUbH1XWB0RJlAXYpqsQtrn7iTvkJ+HsgeRWqHP7WXi7lZmX8AU3Y= Received: from CY4PR01CA0010.prod.exchangelabs.com (2603:10b6:903:1f::20) by BN6PR01MB2468.prod.exchangelabs.com (2603:10b6:404:53::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.19; Fri, 8 Mar 2019 02:16:59 +0000 Received: from DM3NAM03FT053.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::203) by CY4PR01CA0010.outlook.office365.com (2603:10b6:903:1f::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.17 via Frontend Transport; Fri, 8 Mar 2019 02:16:59 +0000 Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu; Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu; Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT053.mail.protection.outlook.com (10.152.83.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.13 via Frontend Transport; Fri, 8 Mar 2019 02:16:58 +0000 Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x282GtaS008570 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 7 Mar 2019 21:16:57 -0500 Date: Thu, 7 Mar 2019 20:16:55 -0600 From: Benjamin Kaduk To: Message-ID: <20190308021654.GQ9824@kduck.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(136003)(39860400002)(2980300002)(53754006)(199004)(189003)(7696005)(26826003)(53416004)(486006)(956004)(126002)(305945005)(476003)(246002)(46406003)(8676002)(186003)(86362001)(356004)(1076003)(26005)(4744005)(97756001)(50466002)(6916009)(336012)(5660300002)(426003)(33656002)(16586007)(106002)(316002)(786003)(58126008)(104016004)(36906005)(106466001)(8936002)(6306002)(75432002)(88552002)(23726003)(2906002)(47776003)(55016002)(2351001)(966005)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR01MB2468; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 53cd72a2-fdb2-4fad-895a-08d6a36c24c0 X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4608103)(4709054)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:BN6PR01MB2468; X-MS-TrafficTypeDiagnostic: BN6PR01MB2468: X-MS-Exchange-PUrlCount: 1 X-Microsoft-Exchange-Diagnostics: 1; BN6PR01MB2468; 20:CaXdNvGZoLmVHpT/WUGAw3C38W14Cc0p8cFtGgBaH4du5zJDYI73eu+SHTJibtWsl7+CJOxQi/+YJ5z7pfCsorK8/yS/Zn3LtXLsY2lNn3dsM0CpsD3UshV/DlTqDDlBy1Dbr1RBMQIXzN8CgyXc+sZv1YH9poDBAmT9ITLbPXziVaMN8+l4uDhw3qpSo7k0R88hbkTZ0u4+jm+JUdq2GQRW6lsC5B9j9KDzQvxbKRYq9tGXjxdzuimb3UvwvGzMJnyiergE90FhXDnl/pYmvg5/jaUnzM7Qnnp8VFiYWCy9IwgvEVLU96D1x8ghrpdy+D+2oFGfakg8YIf8IKBPFhDqAy4QFbz0ilLjxvba0bOu14nH9IXAiKEfaA4SEJ+kFpV+k0GjkMSdK9h1MHAmjHym1ENHRYeLPReqqTESBzjqAu2UQoTbiixC0HdwgZHOie92ndwIOOdfhUd3RE30615Fcd92w8Yu6upbTG1gAZIBKWcP7HKC8o3md2JlL1FI3vn28CBhhVOo/bB9D+ZqKXt+zDX+kZnhNsBOEXAROPQqx5k1IU8U3H9F+iYc+tHA9sxyl/snb40+AVJ/Bmo5LEb8zeJZO4b8PHN3klwastU= X-Microsoft-Antispam-PRVS: X-Forefront-PRVS: 0970508454 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR01MB2468; 23:4KxwOrqUA4+0VPPOnUQ9zUg6l6IeTaRWUxMp8tAoN?= =?us-ascii?Q?m5xOo/leR4abGTlyI9542a9yg8z651Q92Hzu+7LuGRyp8gEdoVFj63/6RkPy?= =?us-ascii?Q?sZ99kLzYt8K6mHZyf9jtomJe3L/Nu5uuymWbZ3tOwSpLHa6Faj1SF9VFZTZr?= =?us-ascii?Q?a5XuyszpMkYmeJSu202LPQF9neorLfYTuC5rsBVa4oFimlz6173AeRuJTi7U?= =?us-ascii?Q?zfDpCDG0D5A+Ero2Kbb5NejTJ4DsnaazE6G6+HKXOeUPNoxZhnZbnRlauCaa?= =?us-ascii?Q?XBTqnzdHkn3mqrCIaaoTUiJXkmHsjAv7f6fLFKT3X+SlLJTSpRZ/DZmr39A9?= =?us-ascii?Q?Nj4iJ2Kfll7o3New55V/yJN06A/RP7hHKnd1Kegam7veVweC/QB5nAf5ZTPJ?= =?us-ascii?Q?aRlN/0w9kNs49s9PEhdst42J2tjSypl5JNYLnJhF3MOg7DUmd/1yE71kyjPi?= =?us-ascii?Q?AluC/i2pR08M7ADnkvAQ9mu8jHVjVH1xGhKKMo9rm9gNzvis4pTYrTv2vVAY?= =?us-ascii?Q?aVT7fquEdwZBV18WTRXWycjChJNpqsIJnMtwXthdsWKEjpiNWSaw4LvTTGCQ?= =?us-ascii?Q?YCYmvltHeu/GKmx2AX0Be4383rqO8TSFibyEHr6NbUCmngzsFpOC1/xB/BZi?= =?us-ascii?Q?TLgt87rXxx7jxRz6jdp/wKsGJWEx8JJwf06KZtyZw08tQIhdhw7uH489btqy?= =?us-ascii?Q?WvGbkAWE1u/41iYhjMcKj+Ox5cEzY3v2nWT0Ni1s9AuDEFJeX/S+0mpnCEbL?= =?us-ascii?Q?8lsn78CHQRqK9Unh30JTWJmnqz701TvUoSovbjt31V/ZdXCQMBZ5StJdncZl?= =?us-ascii?Q?daop68Qjj28t4+cRYHj7H07l8rmtABjRXJg5jUyeejcC5z/1EcjsbeyYCwR2?= =?us-ascii?Q?Xq18I1bu/W3qeHQWzgw0ue0qVL3riivGfh8Rydv5kWF1MnRHuT2HtRnnmn4s?= =?us-ascii?Q?2SVbkwDM5wTujkvnXKWMDf8rc6KuUqcvM/FDuvjdi2GTUFnVrMW/AHZI1z7r?= =?us-ascii?Q?qks5Xwl55+KtKznbykgDoZCqf1shv0WJM2C3IG37btfpCcO3yh6gZjKekMf1?= =?us-ascii?Q?gBnSuMU/d3PootEAX+/3fJ3JXEWNS72ZJf2V6erbHPq5C+t8bIeUP8dO5Hvw?= =?us-ascii?Q?jOBo/XqpL9Zy2ddOKSOVthnTqxfbJ84?= X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: l0nWDgYcIM6Dw3lxxUpXuAJ5yB3Zgqq8uWTyneLSpMCpfe0RM2y9PXBZ9xYRlZmgHiFEsqB44TWzVAia/CODxyKoTBhOqFhF9owmhwHoVxyadBddznoEruBeqaVankk3bdVfePdnjX22q5FmijtNIAH90WJB50k75Iqdzw2ovinMsVhmoZQvP6MgT/31g7etYVNWn1eCQUV08M+fy+Cpmw1zIW1YiERLfWCaww0qbrFolS4Z6OFNNHuPv07HWLsqgdyQUJQmPvnr1gP+teKPPiKQfOgWid/Z48S7umZpKv8uh/+OqhXHbi/MeecWWzowkcNY1/AfSzzgDZn8M18K/eiVkMCD4b44IH3mRPIZxIDlFViGi9fKtHtzcm0Ni2Xzt+0YXr5ikCaNVa+uUuqnF3MYYIwMQyRBjRj7ff37HlQ= X-OriginatorOrg: mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2019 02:16:58.5285 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 53cd72a2-fdb2-4fad-895a-08d6a36c24c0 X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR01MB2468 Archived-At: Subject: [saag] draft SAAG agenda for IETF 104 Prague X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Mar 2019 02:17:04 -0000 Hi everyone, I've uploaded a draft agenda for the SAAG sesion at https://datatracker.ietf.org/meeting/104/materials/agenda-104-saag-01 (duplicated below). Please submit any suggested additions or edits to the ADs. Thanks, Ben ============================================================================ IETF 104 SAAG session - Thursday March 28, 2019, 1350h-1550h * WG/BoF Reports and administrivia - chairs (10 mins) * Misbinding in Pairing Protocols - Mohit Sethi (20 mins) * Open Mic (remainder) From nobody Tue Mar 12 10:19:47 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 946051311B7 for ; Tue, 12 Mar 2019 10:19:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xZGFAzgyOp_i for ; Tue, 12 Mar 2019 10:19:42 -0700 (PDT) Received: from vc.unity.net (tr.unity.net [195.24.140.242]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F1991311B2 for ; Tue, 12 Mar 2019 10:19:42 -0700 (PDT) Received: from vf by vc.unity.net with local (Exim 4.80) (envelope-from ) id 1h3l3z-0006s1-7b; Tue, 12 Mar 2019 19:19:39 +0200 Date: Tue, 12 Mar 2019 19:19:39 +0200 From: Vadym Fedyukovych To: saag@ietf.org Message-ID: <20190312171939.GA30403@vc.unity.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: vf@unity.net X-SA-Exim-Scanned: No (on vc.unity.net); SAEximRunCond expanded to false Archived-At: Subject: Re: [saag] A way to bootstrap post Quantum key distribution. X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2019 17:19:45 -0000 > ..we have no post quantum public key algorithm for > encryption. .. This is a strong statement, and no argument was given in favor of it. ElGamal encryption is the well-known one that can be instantiated with modular multiplication and elliptic curve groups. Supersingular isogeny key exchange (sike.org) is a post-quantum candidate DH-like protocol, with no fast quantum attack known today. To connect the dots, ElGamal is essentially a key exchange with public key of the message recipient and one-time key of the sender. On Tue, Mar 05, 2019 at 10:57:00AM -0500, Phillip Hallam-Baker wrote: > Let us say for the sake of argument someone managed to build a working > computer capable of breaking RSA and released it this week. What would we > do? > > As things stand, we have no post quantum public key algorithm for > encryption. We have hash signatures of course but the only scheme we need > for encryption is Kerberos. And we would need some means of bootstrap. > > [Yes, CAs become KDCs, uggggly. If you have a better plan, put it on the > table.] > > One of the schemes I have developed as part of my UDF project is an > encryption key presented as a QR code that is used to form a locator. It > occurred to me that this scheme could be used to bootstrap a kerberos > scheme by using the postal mail as out of band key distribution. > > The spec is submitted as an internet draft of course but it is much easier > to read in the HTML format as the superscripts and such are preserved in > the math: > > http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html > > > This is not what I designed the scheme for of course. The original > application was to enable people to pay bills by putting a QR code on the > paper invoice. The real point of electronic bill payment being to encourage > prompt payment rather than to save the postage (though the QR code version > could bootstrap that as well). > > It seems to me that it is more likely governments will fund research into > disaster preparation schemes lest quantum happen than the bill payment > application. But encouraging use of the Encrypted QR Codes would serve > disaster prep as well as payment. > > The scheme is unencumbered as far as I am aware. I discussed the idea with > people as far back as when I was with W3C. It wasn't interesting then as we > didn't all carry barcode scanners with us all the time in those days. > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag From nobody Thu Mar 14 14:20:16 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9FC1130ECE; Thu, 14 Mar 2019 14:20:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0obBtc1EK9QJ; Thu, 14 Mar 2019 14:20:12 -0700 (PDT) Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0729.outbound.protection.outlook.com [IPv6:2a01:111:f400:fd00::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C9DB130E64; Thu, 14 Mar 2019 14:20:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1RhR+O0yAmwE7em1Nu+6+Nijsti2T4GhfpReHEj3jJg=; b=nt2EeAYMiSBnHyKlCDY/e4UABtCYmh+5x13uqvhsP6dq/pniOAZBBqXX9oCwPn0PyooTcB5kq04yEtAbhip5cpy+Y/uQkCX2Jqt6Qt4DaGiOr36Ite7yCBLR3SeFJ1ldXMZYOtrQtJewGH4jc8No/aHNnj4uULseKBJNvHpR8Pc= Received: from BN3PR09MB0625.namprd09.prod.outlook.com (10.160.120.140) by BN3PR09MB0626.namprd09.prod.outlook.com (10.160.120.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.14; Thu, 14 Mar 2019 21:20:09 +0000 Received: from BN3PR09MB0625.namprd09.prod.outlook.com ([fe80::24fa:b5f:a3b3:6ea9]) by BN3PR09MB0625.namprd09.prod.outlook.com ([fe80::24fa:b5f:a3b3:6ea9%7]) with mapi id 15.20.1709.011; Thu, 14 Mar 2019 21:20:09 +0000 From: "Vassilev, Apostol (Fed)" To: "saag@ietf.org" , "cfrg@irtf.org" , "acvp@ietf.org" Thread-Topic: Upcoming ACVP events at IETF#104 Thread-Index: AQHU2quzzZb6Oi9BZUCLimIKpeafmg== Date: Thu, 14 Mar 2019 21:20:09 +0000 Message-ID: <014D8A35-C28F-419D-B790-7DAA476C01AB@nist.gov> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3445.9.1) authentication-results: spf=none (sender IP is ) smtp.mailfrom=apostol.vassilev@nist.gov; x-originating-ip: [2610:20:6222:105::aac] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b8f26d3d-a76f-4d64-89e6-08d6a8c2d675 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4618075)(2017052603328)(7153060)(7193020); SRVR:BN3PR09MB0626; x-ms-traffictypediagnostic: BN3PR09MB0626: x-ms-exchange-purlcount: 4 x-microsoft-antispam-prvs: x-forefront-prvs: 09760A0505 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(346002)(366004)(396003)(136003)(189003)(199004)(110136005)(57306001)(5660300002)(68736007)(8936002)(71200400001)(8676002)(81156014)(83716004)(25786009)(50226002)(81166006)(316002)(71190400001)(36756003)(106356001)(105586002)(6512007)(256004)(53936002)(6116002)(82746002)(33656002)(2501003)(6486002)(86362001)(966005)(14454004)(2201001)(46003)(413944005)(478600001)(97736004)(6306002)(102836004)(2616005)(476003)(486006)(186003)(2906002)(99286004)(6436002)(6506007)(305945005)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR09MB0626; H:BN3PR09MB0625.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 0hx0mYxfP9zJQl15jtHYEj/IH9F5GjBjOzsu+MMpYK4EhBP8XE7u2g0lLWjtTWzYpz2evIzarsivqDjL41uVa1AbVT76o7241o6tZqBvmtMZEae0Bv8uQwEmqjzeFRd3v64MZ1JyZjK5wCYrVYsIng0A8yTU/rIXxZ22T15O/n5+9PMjSp8CoZylj5p2bGoIwhaXPVmIi5XxSTAv+h8eOb2Tv6/zpXGftHwyR9DMigS2ojYp8VfJOyzEfrs3Zg+qR8HRvHJ/uhRuSNBsHwHuqdkRknwprQ/EdzUqtITgzHWLv2Kt+Kwy3DgIU/HnAig+SRToUpKZpgFaHtPCr7pcAuCEc0k0i0lT9IgEGao/WksW7OQW8/rA98Ir48ZLy32S6q07okiQl/Wp3Ie21FoU62RZvfIzf3q/ND8THKUWxFU= Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: b8f26d3d-a76f-4d64-89e6-08d6a8c2d675 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Mar 2019 21:20:09.3331 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR09MB0626 Archived-At: Subject: [saag] Upcoming ACVP events at IETF#104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2019 21:20:15 -0000 Dear all, Some of you may remember the presentation at the SAAG meeting at IETF #102 = about the new automated cryptographic validation protocol (ACVP). We made s= ignificant progress with it and plan to host a side-meeting at IETF#104 to = explore the possibility for a BoF at IETF#105. We invite everyone intereste= d to review the recently published drafts below: https://datatracker.ietf.org/doc/draft-celi-block-ciph/ https://datatracker.ietf.org/doc/draft-fussell-acvp-spec/ https://datatracker.ietf.org/doc/draft-vassilev-acvp-iana/=20 We ask those who are interested to look for an announcement about a side me= eting on ACVP at IETF #104 and come to join the discussion about how to mov= e forward. Feel free to propose time/day for the side meeting if that may h= elp increase participation. We are also hosting a hackathon at IETF #104 on how to extend ACVP to handl= e testing of AES-GCM-SIV and demonstrate the extensibility of the protocol = to cover algorithms beyond those already implemented. Check the details at = https://trac.ietf.org/trac/ietf/meeting/wiki/104hackathon and come to see u= s on Saturday and Sunday.=20 Looking forward to seeing and working with you,=20 Thanks,=20 Apostol From nobody Sun Mar 24 13:54:55 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A8E1120118; Sun, 24 Mar 2019 13:54:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.01 X-Spam-Level: X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EmJpo1u9vmOI; Sun, 24 Mar 2019 13:54:40 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840109.outbound.protection.outlook.com [40.107.84.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3237C1200F4; Sun, 24 Mar 2019 13:54:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FBWf0eSPBbEsJGxz3PvNtVPiM8jTCLpeYCvcFg3nygU=; b=fE1sxyTVmlHcxeIf1MUCMCofUGJbIEQ9Eh88H+7q9iDPrwFB+SlMeI4Qt7mLxTtKj9P92i+bccxf5nvulrk56dzyuXtSnkGG9Cx4Hqq5HpcV35T6AaIOKCEEbo4q2f7BxeNNBQT5cYYQ3W+jgBOqxENeO1bF7MA0Q/xrxhceww8= Received: from BN3PR09MB0625.namprd09.prod.outlook.com (10.160.120.140) by BN3PR09MB0626.namprd09.prod.outlook.com (10.160.120.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.16; Sun, 24 Mar 2019 20:54:35 +0000 Received: from BN3PR09MB0625.namprd09.prod.outlook.com ([fe80::24fa:b5f:a3b3:6ea9]) by BN3PR09MB0625.namprd09.prod.outlook.com ([fe80::24fa:b5f:a3b3:6ea9%7]) with mapi id 15.20.1730.019; Sun, 24 Mar 2019 20:54:34 +0000 From: "Vassilev, Apostol (Fed)" To: "saag@ietf.org" , "acvp@ietf.org" , "cfrg@irtf.org" Thread-Topic: Upcoming ACVP events at IETF#104: side meeting on Tuesday, 18:00-20:00, Istanbul room Thread-Index: AQHU4oPJtbb2fn2kHESZJq9vICOSqg== Date: Sun, 24 Mar 2019 20:54:34 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=apostol.vassilev@nist.gov; x-originating-ip: [2610:20:6005:218::dc] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 68c24e9a-8e70-4bdf-425a-08d6b09aebe8 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN3PR09MB0626; x-ms-traffictypediagnostic: BN3PR09MB0626: x-ms-exchange-purlcount: 5 x-microsoft-antispam-prvs: x-forefront-prvs: 09860C2161 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(39850400004)(396003)(376002)(136003)(189003)(199004)(6246003)(7736002)(2501003)(106356001)(33656002)(229853002)(236005)(9686003)(54896002)(8676002)(74316002)(105004)(81166006)(46003)(81156014)(99936001)(413944005)(966005)(478600001)(14454004)(53936002)(68736007)(476003)(2201001)(102836004)(55016002)(6436002)(6306002)(25786009)(186003)(45080400002)(486006)(86362001)(6116002)(11346002)(446003)(71190400001)(5660300002)(8936002)(316002)(110136005)(256004)(5024004)(76176011)(6506007)(606006)(97736004)(99286004)(105586002)(71200400001)(7696005)(2906002)(19627405001)(52536014); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR09MB0626; H:BN3PR09MB0625.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Cb7GstFzGrGXhMJ88G5lFbAhu7S93enX3bpry8+6bwiM2HYwzqySCfJ+4MXUCJCsV22HgO19whf+yMqIst3fxZRYCtnpSSsSeYbiN/TOR8SkP6NlvzRGO94EjlHEsbFxw/pmSR/cD6xVQljBmPv3xAbeSrcxPTA3rV7uwFQC1P/iw4ucozVF2wtzAY2UrfQL3Fu/ZK8ZnVpNjKQxB21FYWR/0RpfzzpuXVL3j0sTff9rjRJmr66JtySLu+9jInxRGCQYVy5ls0Gj64QFvpsIBgf8EUJRb+4IuaIyVFXURIuzjQPj2zlk6Z/7EXQlQptAnpyGcq3hmfBH3/NvJ1v6aWQV4EGOebm8IXcwu2XIvw+VtodhjFUNHhyzgR6IylwsEm8Lk3A3ARdGyY6Ymp+FXplmAjd1DoeKQkR8Cbb5fZY= Content-Type: multipart/mixed; boundary="_004_BN3PR09MB06257DA9E95D26ECD9BBB37EFF5D0BN3PR09MB0625namp_" MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 68c24e9a-8e70-4bdf-425a-08d6b09aebe8 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2019 20:54:34.6321 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR09MB0626 Archived-At: Subject: Re: [saag] Upcoming ACVP events at IETF#104: side meeting on Tuesday, 18:00-20:00, Istanbul room X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Mar 2019 20:54:49 -0000 --_004_BN3PR09MB06257DA9E95D26ECD9BBB37EFF5D0BN3PR09MB0625namp_ Content-Type: multipart/alternative; boundary="_000_BN3PR09MB06257DA9E95D26ECD9BBB37EFF5D0BN3PR09MB0625namp_" --_000_BN3PR09MB06257DA9E95D26ECD9BBB37EFF5D0BN3PR09MB0625namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGVhciBBbGwsDQoNCldlIHdyYXBwZWQgdXAgdGhlIElFVEYjMTA0IEhhY2thdGhvbiB0b2RheSB3 aXRoIGEgc3VjY2Vzc2Z1bCBjb21wbGV0aW9uIG9mIHRoZSBpbXBsZW1lbnRhdGlvbiBvZiB0aGUg QUNWUCBleHRlbnNpb24gdGhlIHRlYW0gc2V0IG91dCB0byBkZW1vbnN0cmF0ZS4gU29tZSBvZiB5 b3Ugc2F3IENocmlzIENlbGkncyBwcmVzZW50YXRpb24gYWJvdXQgaXQuDQoNCk5leHQsIHdlIGlu dml0ZSB5b3UgdG8gYSBzaWRlIG1lZXRpbmcgb24gVHVlc2RheSwgTWFyY2ggMjYsIDE4OjAwLTIw OjAwLCB0aGUgSXN0YW5idWwgcm9vbSwgdG8gZXhwbG9yZSB0aGUgcG9zc2liaWxpdHkgZm9yIGEg Qm9GIGF0IElFVEYjMTA1LiBUbyB0aGlzIGVmZmVjdCwgYXR0YWNoZWQgcGxlYXNlIGZpbmQgYW4g ZWFybHkgZHJhZnQgb2YgYSBjaGFydGVyLg0KDQpQbGVhc2UgbWFyayB5b3UgY2FsZW5kYXJzIGFu ZCBjb21lIHRvIHRhbGsgdG8gdXMgYWJvdXQgdGhlIG5leHQgc3RlcHMgdG93YXJkcyBzdGFuZGFy ZGl6aW5nIHRoZSBBQ1ZQIHByb3RvY29sIGFuZCBkYXRhIG1vZGVsLg0KDQpMb29raW5nIGZvcndh cmQgdG8gc2VlaW5nIGFuZCB3b3JraW5nIHdpdGggeW91LA0KQXBvc3RvbA0KDQpfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fXw0KDQrvu79PbiAzLzE0LzE5LCA1OjIwIFBNLCAiVmFzc2ls ZXYsIEFwb3N0b2wgKEZlZCkiIDxhcG9zdG9sLnZhc3NpbGV2QG5pc3QuZ292PiB3cm90ZToNCg0K ICAgIERlYXIgYWxsLA0KDQogICAgU29tZSBvZiB5b3UgbWF5IHJlbWVtYmVyIHRoZSBwcmVzZW50 YXRpb24gYXQgdGhlIFNBQUcgbWVldGluZyBhdCBJRVRGICMxMDIgYWJvdXQgdGhlIG5ldyBhdXRv bWF0ZWQgY3J5cHRvZ3JhcGhpYyB2YWxpZGF0aW9uIHByb3RvY29sIChBQ1ZQKS4gV2UgbWFkZSBz aWduaWZpY2FudCBwcm9ncmVzcyB3aXRoIGl0IGFuZCBwbGFuIHRvIGhvc3QgYSBzaWRlLW1lZXRp bmcgYXQgSUVURiMxMDQgdG8gZXhwbG9yZSB0aGUgcG9zc2liaWxpdHkgZm9yIGEgQm9GIGF0IElF VEYjMTA1LiBXZSBpbnZpdGUgZXZlcnlvbmUgaW50ZXJlc3RlZCB0byByZXZpZXcgdGhlIHJlY2Vu dGx5IHB1Ymxpc2hlZCBkcmFmdHMgYmVsb3c6DQoNCiAgICBodHRwczovL2djYzAxLnNhZmVsaW5r cy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZkYXRhdHJhY2tlci5p ZXRmLm9yZyUyRmRvYyUyRmRyYWZ0LWNlbGktYmxvY2stY2lwaCUyRiZhbXA7ZGF0YT0wMiU3QzAx JTdDYXBvc3RvbC52YXNzaWxldiU0MG5pc3QuZ292JTdDNjlmNDNjMzk2OGUwNDVhZmVkZmEwOGQ2 YThmMGIxZTAlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2 ODgyMTQ5MDY3NTk5MTY2JmFtcDtzZGF0YT1LM2xDTWpWOFhQTkFOTVV6YU55TEV4U3B1V2t1czBS VUYzM05yQXkzbTRVJTNEJmFtcDtyZXNlcnZlZD0wDQogICAgaHR0cHM6Ly9nY2MwMS5zYWZlbGlu a3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIu aWV0Zi5vcmclMkZkb2MlMkZkcmFmdC1mdXNzZWxsLWFjdnAtc3BlYyUyRiZhbXA7ZGF0YT0wMiU3 QzAxJTdDYXBvc3RvbC52YXNzaWxldiU0MG5pc3QuZ292JTdDNjlmNDNjMzk2OGUwNDVhZmVkZmEw OGQ2YThmMGIxZTAlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdD NjM2ODgyMTQ5MDY3NjA5MTgwJmFtcDtzZGF0YT1PJTJCJTJGamY1VUhDZkxOZHdReXpCdE1VQWpY Vm1oJTJGenRyQXpVSm1VYlRzWmhzJTNEJmFtcDtyZXNlcnZlZD0wDQogICAgaHR0cHM6Ly9nY2Mw MS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0 YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZkcmFmdC12YXNzaWxldi1hY3ZwLWlhbmElMkYmYW1w O2RhdGE9MDIlN0MwMSU3Q2Fwb3N0b2wudmFzc2lsZXYlNDBuaXN0LmdvdiU3QzY5ZjQzYzM5Njhl MDQ1YWZlZGZhMDhkNmE4ZjBiMWUwJTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFkZWMl N0MxJTdDMCU3QzYzNjg4MjE0OTA2NzYwOTE4MCZhbXA7c2RhdGE9MUo4ZGV2U3k3MCUyQjJZVkpC NExsdU94YTM5ajI2Rk9jb0l3T3FINXNycHprJTNEJmFtcDtyZXNlcnZlZD0wDQoNCiAgICBXZSBh c2sgdGhvc2Ugd2hvIGFyZSBpbnRlcmVzdGVkIHRvIGxvb2sgZm9yIGFuIGFubm91bmNlbWVudCBh Ym91dCBhIHNpZGUgbWVldGluZyBvbiBBQ1ZQIGF0IElFVEYgIzEwNCBhbmQgY29tZSB0byBqb2lu IHRoZSBkaXNjdXNzaW9uIGFib3V0IGhvdyB0byBtb3ZlIGZvcndhcmQuIEZlZWwgZnJlZSB0byBw cm9wb3NlIHRpbWUvZGF5IGZvciB0aGUgc2lkZSBtZWV0aW5nIGlmIHRoYXQgbWF5IGhlbHAgaW5j cmVhc2UgcGFydGljaXBhdGlvbi4NCg0KICAgIFdlIGFyZSBhbHNvIGhvc3RpbmcgYSBoYWNrYXRo b24gYXQgSUVURiAjMTA0IG9uIGhvdyB0byBleHRlbmQgQUNWUCB0byBoYW5kbGUgdGVzdGluZyBv ZiBBRVMtR0NNLVNJViBhbmQgZGVtb25zdHJhdGUgdGhlIGV4dGVuc2liaWxpdHkgb2YgdGhlIHBy b3RvY29sIHRvIGNvdmVyIGFsZ29yaXRobXMgYmV5b25kIHRob3NlIGFscmVhZHkgaW1wbGVtZW50 ZWQuIENoZWNrIHRoZSBkZXRhaWxzIGF0IGh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rp b24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnRyYWMuaWV0Zi5vcmclMkZ0cmFjJTJG aWV0ZiUyRm1lZXRpbmclMkZ3aWtpJTJGMTA0aGFja2F0aG9uJmFtcDtkYXRhPTAyJTdDMDElN0Nh cG9zdG9sLnZhc3NpbGV2JTQwbmlzdC5nb3YlN0M2OWY0M2MzOTY4ZTA0NWFmZWRmYTA4ZDZhOGYw YjFlMCU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY4ODIx NDkwNjc2MDkxODAmYW1wO3NkYXRhPU5FWHFibWFJJTJGMnEyWUtKY280WVRyMSUyQmFZQjB1VTBI T1lKUmhkbHZHY0prJTNEJmFtcDtyZXNlcnZlZD0wIGFuZCBjb21lIHRvIHNlZSB1cyBvbiBTYXR1 cmRheSBhbmQgU3VuZGF5Lg0KDQoNCiAgICBMb29raW5nIGZvcndhcmQgdG8gc2VlaW5nIGFuZCB3 b3JraW5nIHdpdGggeW91LA0KDQogICAgVGhhbmtzLA0KICAgIEFwb3N0b2wNCg0KICAgIF9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQogICAgc2FhZyBtYWls aW5nIGxpc3QNCiAgICBzYWFnQGlldGYub3JnDQogICAgaHR0cHM6Ly9nY2MwMS5zYWZlbGlua3Mu cHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmlldGYub3JnJTJG bWFpbG1hbiUyRmxpc3RpbmZvJTJGc2FhZyZhbXA7ZGF0YT0wMiU3QzAxJTdDYXBvc3RvbC52YXNz aWxldiU0MG5pc3QuZ292JTdDNjlmNDNjMzk2OGUwNDVhZmVkZmEwOGQ2YThmMGIxZTAlN0MyYWI1 ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2ODgyMTQ5MDY3NjE5MTg4 JmFtcDtzZGF0YT1uREJ3MDZYOUdyS3NmTnhMdnhncmVSUndXbjd0MnR0VEFuOSUyQm9JeWdCeE0l M0QmYW1wO3Jlc2VydmVkPTANCg0KDQo= --_000_BN3PR09MB06257DA9E95D26ECD9BBB37EFF5D0BN3PR09MB0625namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyIgc3R5bGU9 ImRpc3BsYXk6bm9uZTsiPiBQIHttYXJnaW4tdG9wOjA7bWFyZ2luLWJvdHRvbTowO30gPC9zdHls ZT4NCjwvaGVhZD4NCjxib2R5IGRpcj0ibHRyIj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBD YWxpYnJpLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEycHQ7IGNv bG9yOiByZ2IoMCwgMCwgMCk7Ij4NCkRlYXIgQWxsLDwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1m YW1pbHk6IENhbGlicmksIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTog MTJwdDsgY29sb3I6IHJnYigwLCAwLCAwKTsiPg0KPGJyPg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJm b250LWZhbWlseTogQ2FsaWJyaSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1z aXplOiAxMnB0OyBjb2xvcjogcmdiKDAsIDAsIDApOyI+DQpXZSB3cmFwcGVkIHVwIHRoZSBJRVRG IzEwNCBIYWNrYXRob24gdG9kYXkgd2l0aCBhIHN1Y2Nlc3NmdWwgY29tcGxldGlvbiBvZiB0aGUm bmJzcDtpbXBsZW1lbnRhdGlvbiBvZiB0aGUmbmJzcDtBQ1ZQIGV4dGVuc2lvbiB0aGUgdGVhbSBz ZXQgb3V0IHRvIGRlbW9uc3RyYXRlLiBTb21lIG9mIHlvdSBzYXcgQ2hyaXMgQ2VsaSdzIHByZXNl bnRhdGlvbiBhYm91dCBpdC48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJp LCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEycHQ7IGNvbG9yOiBy Z2IoMCwgMCwgMCk7Ij4NCjxicj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENh bGlicmksIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTJwdDsgY29s b3I6IHJnYigwLCAwLCAwKTsiPg0KTmV4dCwgd2UgaW52aXRlIHlvdSB0byBhIHNpZGUgbWVldGlu ZyBvbiBUdWVzZGF5LCBNYXJjaCAyNiwgMTg6MDAtMjA6MDAsIHRoZSBJc3RhbmJ1bCByb29tLCB0 PHNwYW4gc3R5bGU9ImNhcmV0LWNvbG9yOiByZ2IoNTEsIDUxLCA1MSk7IGNvbG9yOiByZ2IoMCwg MCwgMCk7IGZvbnQtZmFtaWx5OiBjYWxpYnJpLCBhcmlhbCwgaGVsdmV0aWNhLCBzYW5zLXNlcmlm OyBmb250LXNpemU6IDEycHQ7IGJhY2tncm91bmQtY29sb3I6IHJnYmEoMCwgMCwgMCwgMCk7IGxp bmUtaGVpZ2h0OiBub3JtYWw7IGRpc3BsYXk6IGlubGluZSAhaW1wb3J0YW50OyI+bw0KIGV4cGxv cmUgdGhlIHBvc3NpYmlsaXR5IGZvciBhIEJvRiBhdCBJRVRGIzEwNS4gVG8gdGhpcyBlZmZlY3Qs IGF0dGFjaGVkIHBsZWFzZSBmaW5kIGFuIGVhcmx5IGRyYWZ0IG9mIGEgY2hhcnRlci4mbmJzcDs8 L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgQXJpYWwsIEhl bHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMnB0OyBjb2xvcjogcmdiKDAsIDAsIDAp OyI+DQo8c3BhbiBzdHlsZT0iY2FyZXQtY29sb3I6IHJnYig1MSwgNTEsIDUxKTsgY29sb3I6IHJn YigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IGNhbGlicmksIGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMt c2VyaWY7IGZvbnQtc2l6ZTogMTJwdDsgYmFja2dyb3VuZC1jb2xvcjogcmdiYSgwLCAwLCAwLCAw KTsgbGluZS1oZWlnaHQ6IG5vcm1hbDsgZGlzcGxheTogaW5saW5lICFpbXBvcnRhbnQ7Ij48YnI+ DQo8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgQXJpYWws IEhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMnB0OyBjb2xvcjogcmdiKDAsIDAs IDApOyI+DQo8c3BhbiBzdHlsZT0iY2FyZXQtY29sb3I6IHJnYig1MSwgNTEsIDUxKTsgY29sb3I6 IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IGNhbGlicmksIGFyaWFsLCBoZWx2ZXRpY2EsIHNh bnMtc2VyaWY7IGZvbnQtc2l6ZTogMTJwdDsgYmFja2dyb3VuZC1jb2xvcjogcmdiYSgwLCAwLCAw LCAwKTsgbGluZS1oZWlnaHQ6IG5vcm1hbDsgZGlzcGxheTogaW5saW5lICFpbXBvcnRhbnQ7Ij5Q bGVhc2UmbmJzcDttYXJrIHlvdSBjYWxlbmRhcnMmbmJzcDthbmQgY29tZSB0bw0KIHRhbGsgdG8g dXMgYWJvdXQgdGhlIG5leHQgc3RlcHMgdG93YXJkcyBzdGFuZGFyZGl6aW5nIHRoZSBBQ1ZQIHBy b3RvY29sIGFuZCBkYXRhIG1vZGVsLjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFt aWx5OiBDYWxpYnJpLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEy cHQ7IGNvbG9yOiByZ2IoMCwgMCwgMCk7Ij4NCjxzcGFuIHN0eWxlPSJjYXJldC1jb2xvcjogcmdi KDUxLCA1MSwgNTEpOyBjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogY2FsaWJyaSwg YXJpYWwsIGhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMnB0OyBiYWNrZ3JvdW5k LWNvbG9yOiByZ2JhKDAsIDAsIDAsIDApOyBsaW5lLWhlaWdodDogbm9ybWFsOyBkaXNwbGF5OiBp bmxpbmUgIWltcG9ydGFudDsiPjxicj4NCjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQt ZmFtaWx5OiBDYWxpYnJpLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6 IDEycHQ7IGNvbG9yOiByZ2IoMCwgMCwgMCk7Ij4NCjxzcGFuIHN0eWxlPSJjYXJldC1jb2xvcjog cmdiKDUxLCA1MSwgNTEpOyBjb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogY2FsaWJy aSwgYXJpYWwsIGhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMnB0OyBiYWNrZ3Jv dW5kLWNvbG9yOiByZ2JhKDAsIDAsIDAsIDApOyBsaW5lLWhlaWdodDogbm9ybWFsOyBkaXNwbGF5 OiBpbmxpbmUgIWltcG9ydGFudDsiPkxvb2tpbmcgZm9yd2FyZCB0byBzZWVpbmcgYW5kIHdvcmtp bmcNCiB3aXRoIHlvdSw8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2Fs aWJyaSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMnB0OyBjb2xv cjogcmdiKDAsIDAsIDApOyI+DQo8c3BhbiBzdHlsZT0iY2FyZXQtY29sb3I6IHJnYig1MSwgNTEs IDUxKTsgY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IGNhbGlicmksIGFyaWFsLCBo ZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTJwdDsgYmFja2dyb3VuZC1jb2xvcjog cmdiYSgwLCAwLCAwLCAwKTsgbGluZS1oZWlnaHQ6IG5vcm1hbDsgZGlzcGxheTogaW5saW5lICFp bXBvcnRhbnQ7Ij5BcG9zdG9sICZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iY2FyZXQtY29sb3I6 IHJnYig1MSwgNTEsIDUxKTsgY29sb3I6IHJnYig1MSwgNTEsIDUxKTsgZm9udC1mYW1pbHk6ICZx dW90O1NlZ29lIFVJJnF1b3Q7LCAmcXVvdDtTZWdvZSBVSSBXZWIgKFdlc3QgRXVyb3BlYW4pJnF1 b3Q7LCAmcXVvdDtTZWdvZSBVSSZxdW90OywgLWFwcGxlLXN5c3RlbSwgQmxpbmtNYWNTeXN0ZW1G b250LCBSb2JvdG8sICZxdW90O0hlbHZldGljYSBOZXVlJnF1b3Q7LCBzYW5zLXNlcmlmOyBmb250 LXNpemU6IDE0LjY2NjY2Njk4NDU1ODEwNXB4OyBiYWNrZ3JvdW5kLWNvbG9yOiByZ2IoMjU1LCAy NTUsIDI1NSk7IGRpc3BsYXk6IGlubGluZSAhaW1wb3J0YW50OyI+PHNwYW4gc3R5bGU9ImZvbnQt ZmFtaWx5OiBjYWxpYnJpLCBhcmlhbCwgaGVsdmV0aWNhLCBzYW5zLXNlcmlmOyBmb250LXNpemU6 IDEycHQ7IGxpbmUtaGVpZ2h0OiBub3JtYWw7IGNvbG9yOiByZ2IoMCwgMCwgMCk7IGJhY2tncm91 bmQtY29sb3I6IHJnYmEoMCwgMCwgMCwgMCk7Ij4mbmJzcDs8L3NwYW4+PC9zcGFuPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTogY2FsaWJyaSwgYXJpYWwsIGhlbHZldGljYSwgc2Fucy1zZXJpZjsg Zm9udC1zaXplOiAxMnB0OyBsaW5lLWhlaWdodDogbm9ybWFsOyBjb2xvcjogcmdiKDAsIDAsIDAp OyBiYWNrZ3JvdW5kLWNvbG9yOiByZ2JhKDAsIDAsIDAsIDApOyI+Jm5ic3A7PC9zcGFuPjwvZGl2 Pg0KPGRpdiBpZD0iYXBwZW5kb25zZW5kIj48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5 OkNhbGlicmksQXJpYWwsSGVsdmV0aWNhLHNhbnMtc2VyaWY7IGZvbnQtc2l6ZToxMnB0OyBjb2xv cjpyZ2IoMCwwLDApIj4NCjxicj4NCjwvZGl2Pg0KPGhyIHRhYmluZGV4PSItMSIgc3R5bGU9ImRp c3BsYXk6aW5saW5lLWJsb2NrOyB3aWR0aDo5OCUiPg0KPGRpdiBjbGFzcz0iQm9keUZyYWdtZW50 Ij48Zm9udCBzaXplPSIyIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExcHQiPg0KPGRpdiBjbGFz cz0iUGxhaW5UZXh0Ij48YnI+DQrvu79PbiAzLzE0LzE5LCA1OjIwIFBNLCAmcXVvdDtWYXNzaWxl diwgQXBvc3RvbCAoRmVkKSZxdW90OyAmbHQ7YXBvc3RvbC52YXNzaWxldkBuaXN0LmdvdiZndDsg d3JvdGU6PGJyPg0KPGJyPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7IERlYXIgYWxsLDxicj4NCiZuYnNw OyZuYnNwOyZuYnNwOyA8YnI+DQombmJzcDsmbmJzcDsmbmJzcDsgU29tZSBvZiB5b3UgbWF5IHJl bWVtYmVyIHRoZSBwcmVzZW50YXRpb24gYXQgdGhlIFNBQUcgbWVldGluZyBhdCBJRVRGICMxMDIg YWJvdXQgdGhlIG5ldyBhdXRvbWF0ZWQgY3J5cHRvZ3JhcGhpYyB2YWxpZGF0aW9uIHByb3RvY29s IChBQ1ZQKS4gV2UgbWFkZSBzaWduaWZpY2FudCBwcm9ncmVzcyB3aXRoIGl0IGFuZCBwbGFuIHRv IGhvc3QgYSBzaWRlLW1lZXRpbmcgYXQgSUVURiMxMDQgdG8gZXhwbG9yZSB0aGUgcG9zc2liaWxp dHkgZm9yDQogYSBCb0YgYXQgSUVURiMxMDUuIFdlIGludml0ZSBldmVyeW9uZSBpbnRlcmVzdGVk IHRvIHJldmlldyB0aGUgcmVjZW50bHkgcHVibGlzaGVkIGRyYWZ0cyBiZWxvdzo8YnI+DQombmJz cDsmbmJzcDsmbmJzcDsgPGJyPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7IDxhIGhyZWY9Imh0dHBzOi8v Z2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUy RmRhdGF0cmFja2VyLmlldGYub3JnJTJGZG9jJTJGZHJhZnQtY2VsaS1ibG9jay1jaXBoJTJGJmFt cDthbXA7ZGF0YT0wMiU3QzAxJTdDYXBvc3RvbC52YXNzaWxldiU0MG5pc3QuZ292JTdDNjlmNDNj Mzk2OGUwNDVhZmVkZmEwOGQ2YThmMGIxZTAlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2 MWRlYyU3QzElN0MwJTdDNjM2ODgyMTQ5MDY3NTk5MTY2JmFtcDthbXA7c2RhdGE9SzNsQ01qVjhY UE5BTk1VemFOeUxFeFNwdVdrdXMwUlVGMzNOckF5M200VSUzRCZhbXA7YW1wO3Jlc2VydmVkPTAi Pg0KaHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0 dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZkcmFmdC1jZWxpLWJsb2Nr LWNpcGglMkYmYW1wO2FtcDtkYXRhPTAyJTdDMDElN0NhcG9zdG9sLnZhc3NpbGV2JTQwbmlzdC5n b3YlN0M2OWY0M2MzOTY4ZTA0NWFmZWRmYTA4ZDZhOGYwYjFlMCU3QzJhYjVkODJmZDhmYTQ3OTdh OTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY4ODIxNDkwNjc1OTkxNjYmYW1wO2FtcDtzZGF0 YT1LM2xDTWpWOFhQTkFOTVV6YU55TEV4U3B1V2t1czBSVUYzM05yQXkzbTRVJTNEJmFtcDthbXA7 cmVzZXJ2ZWQ9MDwvYT48YnI+DQombmJzcDsmbmJzcDsmbmJzcDsgPGEgaHJlZj0iaHR0cHM6Ly9n Y2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJG ZGF0YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZkcmFmdC1mdXNzZWxsLWFjdnAtc3BlYyUyRiZh bXA7YW1wO2RhdGE9MDIlN0MwMSU3Q2Fwb3N0b2wudmFzc2lsZXYlNDBuaXN0LmdvdiU3QzY5ZjQz YzM5NjhlMDQ1YWZlZGZhMDhkNmE4ZjBiMWUwJTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVj NjFkZWMlN0MxJTdDMCU3QzYzNjg4MjE0OTA2NzYwOTE4MCZhbXA7YW1wO3NkYXRhPU8lMkIlMkZq ZjVVSENmTE5kd1F5ekJ0TVVBalhWbWglMkZ6dHJBelVKbVViVHNaaHMlM0QmYW1wO2FtcDtyZXNl cnZlZD0wIj4NCmh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20v P3VybD1odHRwcyUzQSUyRiUyRmRhdGF0cmFja2VyLmlldGYub3JnJTJGZG9jJTJGZHJhZnQtZnVz c2VsbC1hY3ZwLXNwZWMlMkYmYW1wO2FtcDtkYXRhPTAyJTdDMDElN0NhcG9zdG9sLnZhc3NpbGV2 JTQwbmlzdC5nb3YlN0M2OWY0M2MzOTY4ZTA0NWFmZWRmYTA4ZDZhOGYwYjFlMCU3QzJhYjVkODJm ZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY4ODIxNDkwNjc2MDkxODAmYW1w O2FtcDtzZGF0YT1PJTJCJTJGamY1VUhDZkxOZHdReXpCdE1VQWpYVm1oJTJGenRyQXpVSm1VYlRz WmhzJTNEJmFtcDthbXA7cmVzZXJ2ZWQ9MDwvYT48YnI+DQombmJzcDsmbmJzcDsmbmJzcDsgPGEg aHJlZj0iaHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJs PWh0dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZkcmFmdC12YXNzaWxl di1hY3ZwLWlhbmElMkYmYW1wO2FtcDtkYXRhPTAyJTdDMDElN0NhcG9zdG9sLnZhc3NpbGV2JTQw bmlzdC5nb3YlN0M2OWY0M2MzOTY4ZTA0NWFmZWRmYTA4ZDZhOGYwYjFlMCU3QzJhYjVkODJmZDhm YTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY4ODIxNDkwNjc2MDkxODAmYW1wO2Ft cDtzZGF0YT0xSjhkZXZTeTcwJTJCMllWSkI0TGx1T3hhMzlqMjZGT2NvSXdPcUg1c3JwemslM0Qm YW1wO2FtcDtyZXNlcnZlZD0wIj4NCmh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24u b3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRmRhdGF0cmFja2VyLmlldGYub3JnJTJGZG9j JTJGZHJhZnQtdmFzc2lsZXYtYWN2cC1pYW5hJTJGJmFtcDthbXA7ZGF0YT0wMiU3QzAxJTdDYXBv c3RvbC52YXNzaWxldiU0MG5pc3QuZ292JTdDNjlmNDNjMzk2OGUwNDVhZmVkZmEwOGQ2YThmMGIx ZTAlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2ODgyMTQ5 MDY3NjA5MTgwJmFtcDthbXA7c2RhdGE9MUo4ZGV2U3k3MCUyQjJZVkpCNExsdU94YTM5ajI2Rk9j b0l3T3FINXNycHprJTNEJmFtcDthbXA7cmVzZXJ2ZWQ9MDwvYT4NCjxicj4NCiZuYnNwOyZuYnNw OyZuYnNwOyA8YnI+DQombmJzcDsmbmJzcDsmbmJzcDsgV2UgYXNrIHRob3NlIHdobyBhcmUgaW50 ZXJlc3RlZCB0byBsb29rIGZvciBhbiBhbm5vdW5jZW1lbnQgYWJvdXQgYSBzaWRlIG1lZXRpbmcg b24gQUNWUCBhdCBJRVRGICMxMDQgYW5kIGNvbWUgdG8gam9pbiB0aGUgZGlzY3Vzc2lvbiBhYm91 dCBob3cgdG8gbW92ZSBmb3J3YXJkLiBGZWVsIGZyZWUgdG8gcHJvcG9zZSB0aW1lL2RheSBmb3Ig dGhlIHNpZGUgbWVldGluZyBpZiB0aGF0IG1heSBoZWxwIGluY3JlYXNlIHBhcnRpY2lwYXRpb24u PGJyPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7IDxicj4NCiZuYnNwOyZuYnNwOyZuYnNwOyBXZSBhcmUg YWxzbyBob3N0aW5nIGEgaGFja2F0aG9uIGF0IElFVEYgIzEwNCBvbiBob3cgdG8gZXh0ZW5kIEFD VlAgdG8gaGFuZGxlIHRlc3Rpbmcgb2YgQUVTLUdDTS1TSVYgYW5kIGRlbW9uc3RyYXRlIHRoZSBl eHRlbnNpYmlsaXR5IG9mIHRoZSBwcm90b2NvbCB0byBjb3ZlciBhbGdvcml0aG1zIGJleW9uZCB0 aG9zZSBhbHJlYWR5IGltcGxlbWVudGVkLiBDaGVjayB0aGUgZGV0YWlscyBhdA0KPGEgaHJlZj0i aHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBz JTNBJTJGJTJGdHJhYy5pZXRmLm9yZyUyRnRyYWMlMkZpZXRmJTJGbWVldGluZyUyRndpa2klMkYx MDRoYWNrYXRob24mYW1wO2FtcDtkYXRhPTAyJTdDMDElN0NhcG9zdG9sLnZhc3NpbGV2JTQwbmlz dC5nb3YlN0M2OWY0M2MzOTY4ZTA0NWFmZWRmYTA4ZDZhOGYwYjFlMCU3QzJhYjVkODJmZDhmYTQ3 OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY4ODIxNDkwNjc2MDkxODAmYW1wO2FtcDtz ZGF0YT1ORVhxYm1hSSUyRjJxMllLSmNvNFlUcjElMkJhWUIwdVUwSE9ZSlJoZGx2R2NKayUzRCZh bXA7YW1wO3Jlc2VydmVkPTAiPg0KaHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5v dXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGdHJhYy5pZXRmLm9yZyUyRnRyYWMlMkZpZXRm JTJGbWVldGluZyUyRndpa2klMkYxMDRoYWNrYXRob24mYW1wO2FtcDtkYXRhPTAyJTdDMDElN0Nh cG9zdG9sLnZhc3NpbGV2JTQwbmlzdC5nb3YlN0M2OWY0M2MzOTY4ZTA0NWFmZWRmYTA4ZDZhOGYw YjFlMCU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY4ODIx NDkwNjc2MDkxODAmYW1wO2FtcDtzZGF0YT1ORVhxYm1hSSUyRjJxMllLSmNvNFlUcjElMkJhWUIw dVUwSE9ZSlJoZGx2R2NKayUzRCZhbXA7YW1wO3Jlc2VydmVkPTA8L2E+DQogYW5kIGNvbWUgdG8g c2VlIHVzIG9uIFNhdHVyZGF5IGFuZCBTdW5kYXkuIDxicj4NCiZuYnNwOyZuYnNwOyZuYnNwOyA8 YnI+DQombmJzcDsmbmJzcDsmbmJzcDsgPGJyPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7IExvb2tpbmcg Zm9yd2FyZCB0byBzZWVpbmcgYW5kIHdvcmtpbmcgd2l0aCB5b3UsIDxicj4NCiZuYnNwOyZuYnNw OyZuYnNwOyA8YnI+DQombmJzcDsmbmJzcDsmbmJzcDsgVGhhbmtzLCA8YnI+DQombmJzcDsmbmJz cDsmbmJzcDsgQXBvc3RvbDxicj4NCiZuYnNwOyZuYnNwOyZuYnNwOyA8YnI+DQombmJzcDsmbmJz cDsmbmJzcDsgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188 YnI+DQombmJzcDsmbmJzcDsmbmJzcDsgc2FhZyBtYWlsaW5nIGxpc3Q8YnI+DQombmJzcDsmbmJz cDsmbmJzcDsgc2FhZ0BpZXRmLm9yZzxicj4NCiZuYnNwOyZuYnNwOyZuYnNwOyA8YSBocmVmPSJo dHRwczovL2djYzAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMl M0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZzYWFnJmFtcDthbXA7 ZGF0YT0wMiU3QzAxJTdDYXBvc3RvbC52YXNzaWxldiU0MG5pc3QuZ292JTdDNjlmNDNjMzk2OGUw NDVhZmVkZmEwOGQ2YThmMGIxZTAlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3 QzElN0MwJTdDNjM2ODgyMTQ5MDY3NjE5MTg4JmFtcDthbXA7c2RhdGE9bkRCdzA2WDlHcktzZk54 THZ4Z3JlUlJ3V243dDJ0dFRBbjklMkJvSXlnQnhNJTNEJmFtcDthbXA7cmVzZXJ2ZWQ9MCI+DQpo dHRwczovL2djYzAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMl M0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZzYWFnJmFtcDthbXA7 ZGF0YT0wMiU3QzAxJTdDYXBvc3RvbC52YXNzaWxldiU0MG5pc3QuZ292JTdDNjlmNDNjMzk2OGUw NDVhZmVkZmEwOGQ2YThmMGIxZTAlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3 QzElN0MwJTdDNjM2ODgyMTQ5MDY3NjE5MTg4JmFtcDthbXA7c2RhdGE9bkRCdzA2WDlHcktzZk54 THZ4Z3JlUlJ3V243dDJ0dFRBbjklMkJvSXlnQnhNJTNEJmFtcDthbXA7cmVzZXJ2ZWQ9MDwvYT48 YnI+DQombmJzcDsmbmJzcDsmbmJzcDsgPGJyPg0KPGJyPg0KPC9kaXY+DQo8L3NwYW4+PC9mb250 PjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_BN3PR09MB06257DA9E95D26ECD9BBB37EFF5D0BN3PR09MB0625namp_-- --_004_BN3PR09MB06257DA9E95D26ECD9BBB37EFF5D0BN3PR09MB0625namp_ Content-Type: text/plain; name="charter.txt" Content-Description: charter.txt Content-Disposition: attachment; filename="charter.txt"; size=2318; creation-date="Sun, 24 Mar 2019 20:44:49 GMT"; modification-date="Sun, 24 Mar 2019 20:44:49 GMT" Content-Transfer-Encoding: base64 CkNyeXB0b2dyYXBoaWMgbW9kdWxlIHZhbGlkYXRpb24gcHJvZ3JhbXMgcmVseSBoZWF2aWx5IG9u IGh1bWFucyByZWFkaW5nIGFuZCBhc3Nlc3Npbmcgd3JpdHRlbiBkb2N1bWVudHMgW3NwZWFrIHRv IGNvbnRlbnRzXSBpbiB0aGUgZm9ybSBvZiB0ZWNobmljYWwgZXNzYXlzLiBUaGlzIHZhbGlkYXRp b24gbW9kZWwgd29ya2VkIHdlbGwgd2hlbiBpbXBsZW1lbnRhdGlvbnMgZXZvbHZlZCBzbG93bHku IFRvZGF5LCBjcnlwdG9ncmFwaGljIGltcGxlbWVudGF0aW9ucyBhbmQgb3BlcmF0aW9uYWwgZW52 aXJvbm1lbnRzIG5lZWQgdG8gYmUgdXBkYXRlZCBtb3JlIGZyZXF1ZW50bHkgdG8gYWRkcmVzcyB2 dWxuZXJhYmlsaXRpZXMgYW5kIHN1cHBvcnQgZnJlcXVlbnQgcGF0Y2hpbmcuICBIb3dldmVyLCBw YXRjaGluZyBjaGFuZ2VzIHRoZSBlbnZpcm9ubWVudCBpbiB3aGljaCBhIGNyeXB0b2dyYXBoaWMg bW9kdWxlIHJ1bnMgYW5kIG1heSBhbHNvIGNoYW5nZSB0aGUgbW9kdWxlIGl0c2VsZiwgdGh1cyBp bnZhbGlkYXRpbmcgdGhlIHByZXZpb3VzbHkgdmFsaWRhdGVkIGNvbmZpZ3VyYXRpb24uIEV2ZXJ5 b25lIHdobyBkZXBlbmRzIG9uIHZhbGlkYXRlZCBjcnlwdG9ncmFwaHkgZmFjZXMgYSBkaWxlbW1h IHdoZW4gZnJlcXVlbnQgdXBkYXRlcyBhbmQgcGF0Y2hlcyBhcmUgaW1wb3J0YW50IGZvciBzdGF5 aW5nIGFoZWFkIG9mIHRoZSBhdHRhY2tzLCBidXQgdGhlIGV4aXN0aW5nIHZhbGlkYXRpb24gcHJv Y2VzcyBkb2VzIG5vdCBwZXJtaXQgZWFjaCBwYXRjaCB0byBiZSB2YWxpZGF0ZWQgYmVjYXVzZSBv ZiB0aGUgc2xvdyBodW1hbi1iYXNlZCB2YWxpZGF0aW9uIGFjdGl2aXRpZXMuCgpUaGUgQXV0b21h dGVkIENyeXB0b2dyYXBoaWMgVmFsaWRhdGlvbiBQcm90b2NvbCAoQUNWUCkgd2lsbCBwcm92aWRl IGFuIGF1dG9tYXRlZCBiYXNpcyBmb3IgdmFsaWRhdGluZyBlYWNoIHJldmlzaW9uIG9mIGNyeXB0 b2dyYXBoaWMgYWxnb3JpdGhtIHByaW1pdGl2ZXMuICAgIAoKQUNWUCB3aWxsIHN0YW5kYXJkaXpl IGEgcHJvdG9jb2wgYW5kIGRhdGEgbW9kZWwgZm9yIGF1dG9tYXRlZCB2YWxpZGF0aW9uIG9mIGFs Z29yaXRobXMgdXNpbmcgc3RhbmRhcmRpemVkIHRlc3RpbmcgbWV0aG9kb2xvZ2llcyBhbmQgZGF0 YSBtb2RlbHMuIFdoaWxlIHRoZSBzcGVjaWZpYyBjcnlwdG9ncmFwaGljIG5lZWRzIG9mIGNvbW11 bml0aWVzIGluIGRpZmZlcmVudCBnZW9wb2xpdGljYWwgbG9jYWxlcyB2YXJ5LCBpdCBpcyBpbXBv cnRhbnQgdG8gaGF2ZSBhIGNvbW1vbiBwcm90b2NvbCBhbmQgdGVzdGluZyBtZXRob2RvbG9neSB0 byBlbmFibGUgdGVjaG5vbG9neSBwcm92aWRlcnMgdG8gZGVtb25zdHJhdGUgY29uZm9ybWFuY2Ug dG8gY3J5cHRvZ3JhcGhpYyBzZWN1cml0eSByZXF1aXJlbWVudHMgZm9yIGEgZ2l2ZW4gbG9jYWxl LiBUaGUgd29ya2luZyBncm91cCB3aWxsIGRldmVsb3AgYW4gaW5pdGlhbCBzZXQgb2YgYWxnb3Jp dGhtIHRlc3RzLCBhbmQgd2lsbCBlc3RhYmxpc2ggYSBkYXRhIG1vZGVsIGNhcGFibGUgb2YgdGVz dGluZyBvdGhlciBjcnlwdG9ncmFwaGljIGFsZ29yaXRobXMsIG5vdCBjdXJyZW50bHkgY292ZXJl ZC4gVGhlc2UgYWxnb3JpdGhtcyBjYW4gYmUgZ3JvdXBlZCBpbnRvIHRoZSBmb2xsb3dpbmcgY2xh c3NlczoKCi0gc3ltbWV0cmljIGJsb2NrIGNpcGhlcnMgKEFFUywgLi4uKQotIGFzeW1tZXRyaWMg YWxnb3JpdGhtcyAoRUREU0EsIC4uLikKLSBrZXkgYWdyZWVtZW50IHNjaGVtYXMgKEFLRSwuLi4p Ci0gaGFzaCBhbGdvcml0aG1zIChTSEEyLCBTSEEzLCAuLi4pCi0gZXh0ZW5zaWJsZSBvdXRwdXQg ZnVuY3Rpb25zIChYb0YpCi0ga2V5IGRlcml2YXRpb24gZnVuY3Rpb25zIChLREZzKQogIApUaGUg ZnVsbCBzY29wZSBvZiB3b3JrIHRvIGNvdmVyIGFsbCB0aGVzZSBhbGdvcml0aG1zIGlzIHZlcnkg bGFyZ2UgYW5kIHRoZSB3b3JraW5nIGdyb3VwIHdpbGwgbmVlZCB0byBkZXZlbG9wIGEgd29ya2lu ZyBwbGFuIHRvIHByaW9yaXRpemUgYW5kIGRldmVsb3AgdGVzdGluZyBtZXRob2RvbG9naWVzIGFu ZCBzdGFuZGFyZCBkYXRhIG1vZGVscyBmb3IgdGhlbS4KClRoZSBncm91cCB3aWxsIHByb2R1Y2Ug dGhlIGZvbGxvd2luZyBpbml0aWFsIGRlbGl2ZXJhYmxlczoKLSBhIHN0YW5kYXJkcyB0cmFjayBz cGVjaWZpY2F0aW9uIGZvciB0aGUgQUNWUAotIGEgd29yayBwbGFuIGZvciBkZXZlbG9wbWVudCBv ZiBzdGFuZGFyZHMgdHJhY2sgdGVzdGluZyBtZXRob2RvbG9neSBzcGVjaWZpY2F0aW9ucyBmb3Ig dGhlIGNyeXB0b2dyYXBoaWMgYWxnb3JpdGhtIGNsYXNzZXMuCgo= --_004_BN3PR09MB06257DA9E95D26ECD9BBB37EFF5D0BN3PR09MB0625namp_-- From nobody Mon Mar 25 09:35:52 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E026120412; Mon, 25 Mar 2019 09:35:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lcU9ztxBg46w; Mon, 25 Mar 2019 09:35:43 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A10921203FF; Mon, 25 Mar 2019 09:35:43 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EE1B8309265D; Mon, 25 Mar 2019 16:35:37 +0000 (UTC) Received: from localhost (ovpn-112-38.rdu2.redhat.com [10.10.112.38]) by smtp.corp.redhat.com (Postfix) with ESMTP id B246A5F9CD; Mon, 25 Mar 2019 16:35:36 +0000 (UTC) From: Robbie Harwood To: saag@ietf.org Cc: kitten@ietf.org Date: Mon, 25 Mar 2019 12:35:34 -0400 Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Mon, 25 Mar 2019 16:35:43 +0000 (UTC) Archived-At: Subject: [saag] Kitten WG report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Mar 2019 16:35:45 -0000 --=-=-= Content-Type: text/plain kitten did not meet. The working group addressed changes from review to pkinit-agility, and the document was approved for publication by the IESG. Shepherd review for SPAKE was completed, and we advanced that document to the IESG. Currently, we are working on redesigns to channel-bound-flag, and also looking for new work to take on. Thanks, --Robbie --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAlyZA1YACgkQJTL5F2qV pEL4jA//W/f6GZ8ZIPoivIvJ+UHco8k10vhx+XUJCdjgcyS8MZR4xEWVknkO+61O 5dlQtyfTu0AMlqMnll2LJjfNLSIVSb+3nrzJQo5fgUNF66TZYkCKwp9ZPN4FwCwm yzdZZor8bov+mn4NIb6/nspRa0LvTAKvSmBSB7kyg5Mm9GtJOM6HRqGwJrWQj0SE OSv50FzWzY+0LmX8WO73CxvC3+oqtE5HOtQ8bgBGJagAd2sZqpjP/sb6/1qxZAkR hOD0b78wyAVcKmoRfhfDi4/EkT7xe86Jun7WqbGCrzw6ONB93DM7/jO5tV0QEc/n YJLTnfj6DVgLQhEBmBP376v1V6ISs70+DKYtZIpa1EGMMRyBKbDt0ZnUlb/9tu9a xulwQb+cor/S0XtMUL/Hl82YWxMrcVl63cJPad+Zeut+3dG0jEvbdMuEIA9TjqRp nEqr9crATrcCHDpGHPH4r39km7UjZDHyEfLOAIlu/TENH/ToOgZIG1yk5UqKbFbq nDjkLQQl6YSy8SCXQXnk94Pefwy7dKJcln8bNhQcPbiz9YLKIMljW8IFPEGJFY86 LF5TSCP8YLB8ul/ZuxunGRpkpJ1LiQBNWUHgTckwCPyIEORPx9l4iw93WuE++xpM HcqO/hhjhhseH6/Yb1JlZ2XLWdfFGCBuPKziTcj/jJzbN1t5sLw= =r9Xt -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Mar 25 09:41:23 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3B30120419 for ; Mon, 25 Mar 2019 09:41:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XPs_1CLll9gh for ; Mon, 25 Mar 2019 09:41:19 -0700 (PDT) Received: from mail-yw1-xc29.google.com (mail-yw1-xc29.google.com [IPv6:2607:f8b0:4864:20::c29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 793301203FF for ; Mon, 25 Mar 2019 09:41:19 -0700 (PDT) Received: by mail-yw1-xc29.google.com with SMTP id x129so6798744ywc.1 for ; Mon, 25 Mar 2019 09:41:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=KPsysVCaj1QO9ESRLpeY9b0aUaCjJEvJdUHX0US+P9E=; b=qU1LfSurbnpd1QM44xmGPU0kmMpvz+IRAu/jLdSZGPUYNqMUCYtJoBJBUZpH+FYk6s yiFrZCjTsdPtQnwWyT/UP0Ro+CwPAxb0v+mZqWHqWyO5eXYKO4dOMHrACOcszu3cygXp rf3zDTBtaAOGQLBJfcVlfB/HMeV2Dz6rWEaIw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=KPsysVCaj1QO9ESRLpeY9b0aUaCjJEvJdUHX0US+P9E=; b=oeQtMHjHIeREcjZukbOj1G3p+SZdz4BqYCgUnKruFYM3obhpLqqIQD6zbvc/xDsYGC +gfOxcuh/p6eaOPqArpVNra86Y4ywlnblSC35sjn1P9pcBbROPLrQBTPKPYJ/5Nntuy5 ag3CW+YfT5ct0NBou8/4ihCt5Gx3thvYKWQjVYtgV8DRcfmNJpeTnKIHQCfyxfeS8VYR 3iRJDHloLuqxtDqTGHWz+1Pq0MWYCPhRTku4InjLAD2e8RkHJbQ1clw0PIQM3A8k2W9L pI9MycMNVO6UyEzeXWBj3YDl4uo5Hoc7K6IYlR1zYgUERQ1g910IHsWYuB/Jd79C62A8 G0Zw== X-Gm-Message-State: APjAAAWZLEtRUdZ1kEQ04RL3SApFyI1tUCc5euKrk03UWAfG2ln6uI7R eNPRFKkJvRVYDk8pLVREVZstA42QEeEgf0mxOUCu4t6PfBYI//ki X-Google-Smtp-Source: APXvYqz1XwIcuk3ImRZj8OQBwkX43okxiGcSHW/IsHY4XcVxB6Y44YZd4Y6bOtEUkuIoqX86UXg3BXnxkdUBBDoWdHg= X-Received: by 2002:a25:2f8e:: with SMTP id v136mr20994131ybv.200.1553532078355; Mon, 25 Mar 2019 09:41:18 -0700 (PDT) MIME-Version: 1.0 From: Kyle Rose Date: Mon, 25 Mar 2019 17:41:07 +0100 Message-ID: To: saag@ietf.org, tcpinc-chairs@ietf.org Content-Type: multipart/alternative; boundary="000000000000ad943f0584eddfcf" Archived-At: Subject: [saag] TCPINC report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Mar 2019 16:41:22 -0000 --000000000000ad943f0584eddfcf Content-Type: text/plain; charset="UTF-8" TCPINC did not meet at IETF 104. Both main drafts (TCP-ENO and tcpcrypt) are in AUTH48. The remaining milestone is to complete and request publication of an informational abstract API draft. --000000000000ad943f0584eddfcf Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
TCPINC did not meet at IETF 104.

B= oth main drafts (TCP-ENO and tcpcrypt) are in AUTH48. The remaining milesto= ne is to complete and request publication of an informational abstract API = draft.

--000000000000ad943f0584eddfcf-- From nobody Mon Mar 25 12:14:06 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA0C412079B for ; Mon, 25 Mar 2019 12:14:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XW9SodByldet for ; Mon, 25 Mar 2019 12:14:03 -0700 (PDT) Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF53A12003F for ; Mon, 25 Mar 2019 12:14:00 -0700 (PDT) Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x2PJDxUE048522 for ; Mon, 25 Mar 2019 15:13:59 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu x2PJDxUE048522 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1553541239; bh=vQhU5KhUCwpg49wf4pWgLLEkBaMBb6WkalnB7yy9QeM=; h=From:To:Subject:Date:From; b=ly9y2+rTaqC9TcoRYPewo1T1YaJIU/9vckU53lrm10aOF2YSLpApkJpaWYlCAv8Y3 DOBQdXLKc6dBHmPLPDaBCw8uHVS262GRphx4lsIUO4ESSmTCwZLa3PYuLm8TW+Kmkn U2tXRT5QyH/UUrDrdqIpg4xPL1TvfUfovxkrwnfM= Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x2PJDxRr004269 for ; Mon, 25 Mar 2019 15:13:59 -0400 Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0435.000; Mon, 25 Mar 2019 15:13:59 -0400 From: Roman Danyliw To: "saag@ietf.org" Thread-Topic: SECDISPATCH WG Summary from IETF 104 Thread-Index: AdTjPnZiOQ6mePwTSO+LO8jL+YjROQ== Date: Mon, 25 Mar 2019 19:13:58 +0000 Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B3308493@marchand> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.22.6] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [saag] SECDISPATCH WG Summary from IETF 104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Mar 2019 19:14:05 -0000 The SECDISPATCH WG met on Tuesday afternoon. The agenda items were dispatc= hed as follows: (1) draft-mccain-keylist -- continue discussion on IETF OpenPGP mailing lis= t (openpgp@ietf.org) to grow interest (2) draft-rundgren-json-canonicalization-scheme -- not security area work; = bring to ART (3) draft-schinazi-masque -- needs more discussion; non-WG IETF mailing lis= t will be created =20 (4) draft-gont-predictable-numeric-ids -- ADs will follow-up work to define= right venue=20 (5) draft-birkholz-core-coid -- BOF recommended =20 (6) draft-raza-ace-cbor-certificates -- BOF recommended From nobody Tue Mar 26 00:30:06 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D29C412028C for ; Tue, 26 Mar 2019 00:30:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1o8RcPR8zDBL for ; Tue, 26 Mar 2019 00:30:03 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C72E120047 for ; Tue, 26 Mar 2019 00:30:02 -0700 (PDT) Received: from Jude (31.133.145.82) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 26 Mar 2019 00:29:55 -0700 From: Jim Schaad To: Date: Tue, 26 Mar 2019 08:29:51 +0100 Message-ID: <040a01d4e3a5$b4e4f5c0$1eaee140$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdTjpajBCjVAFi7qRYimoIwjGG1IZw== Content-Language: en-us X-Originating-IP: [31.133.145.82] Archived-At: Subject: [saag] ACE Report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 07:30:05 -0000 Ace will be meeting after SAAG at which time a report will be issued. Jim From nobody Tue Mar 26 01:22:41 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC129120047 for ; Tue, 26 Mar 2019 01:22:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zhLqN4rkn8-p for ; Tue, 26 Mar 2019 01:22:36 -0700 (PDT) Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 5B14212028E for ; Tue, 26 Mar 2019 01:22:36 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id C6717374128E for ; Tue, 26 Mar 2019 08:22:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at katezarealty.com Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zldy4cwIm-CA for ; Tue, 26 Mar 2019 04:22:34 -0400 (EDT) Received: from dhcp-8b3d.meeting.ietf.org (dhcp-8b3d.meeting.ietf.org [31.133.139.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 89D703741012 for ; Tue, 26 Mar 2019 04:22:34 -0400 (EDT) To: saag@ietf.org References: <359EC4B99E040048A7131E0F4E113AFC01B3308493@marchand> From: "Dr. Pala" Message-ID: <2a05beca-e41a-fbe8-835b-dfef9fa88432@openca.org> Date: Tue, 26 Mar 2019 09:22:32 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B3308493@marchand> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Archived-At: Subject: Re: [saag] SECDISPATCH WG Summary from IETF 104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 08:22:40 -0000 Dear Saag, I noticed at the last dispatch that there has been no humming to get the feeling of the room - all recommendation were given by the chairs as there was no "voting" (humming) for the different options for the future of the (at lest for the {3-6}) proposals. Since this seemed a bit strange to me, I wanted to ask if this is representative of how SecDispatch will operate from now on. Do not get me wrong, I think this might be a better approach other than asking the room about what to do since most of the times people would not read the drafts and still vote to adopt it or not (which I find quite disrespectful for the work the people put in - at least that happened in the past). Please let me know if this represents a change in the way secdispatch is handled or ... ? And if this is the case, wouldn't it be more efficient to do this via e-mail if there is no feedback that is taken in consideration during the session ? Thanks, Max On 3/25/19 8:13 PM, Roman Danyliw wrote: > The SECDISPATCH WG met on Tuesday afternoon. The agenda items were dispatched as follows: > > (1) draft-mccain-keylist -- continue discussion on IETF OpenPGP mailing list (openpgp@ietf.org) to grow interest > > (2) draft-rundgren-json-canonicalization-scheme -- not security area work; bring to ART > > (3) draft-schinazi-masque -- needs more discussion; non-WG IETF mailing list will be created > > (4) draft-gont-predictable-numeric-ids -- ADs will follow-up work to define right venue > > (5) draft-birkholz-core-coid -- BOF recommended > > (6) draft-raza-ace-cbor-certificates -- BOF recommended > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag From nobody Tue Mar 26 01:36:18 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE021202D2; Tue, 26 Mar 2019 01:36:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.852 X-Spam-Level: X-Spam-Status: No, score=-1.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=0.85, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGhUQg6mI6Do; Tue, 26 Mar 2019 01:35:57 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AD651202B5; Tue, 26 Mar 2019 01:35:57 -0700 (PDT) Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x2Q8RWTN002280; Tue, 26 Mar 2019 08:35:56 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=brFkVrMtwKsCg84y5epVWNNEEKDp/JQOp7o20tRLxxQ=; b=Oe35xs273Vdfxmn2jbQsHzZ3VJHFTmRliQZj7RwnvBwwj7ETSdHLqDqxRkAFijD+B4Je S0WHu0fEaBijmrNz2Y5i/5SYQqkvhEjG14BZbJ2LpCFzyaAy7wHSKWu7eFwXn84s5WzF xaxpoic7FNc+MfbwVfpBLY8jlKEDtzN73AKUsD8Z6nSKudN632Z4NEZxI+Zh4YJ9u0HH KmZxeyI5LmJ8xsxk6CcR+6r/6CTuUqr7KcbpwaZdVkEADyEBUmo38zmnrtTBiAgRDExw lsLEYYJVVuRgmboU2SkeatZ8JPF0EuFigBU2Rr7nvbKxMAYGjLxmH+Hng4VKgHSFOEl5 qQ== Received: from prod-mail-ppoint3 (a96-6-114-86.deploy.static.akamaitechnologies.com [96.6.114.86] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2rf6fthqf1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Mar 2019 08:35:56 +0000 Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x2Q8W3hS008088; Tue, 26 Mar 2019 04:35:55 -0400 Received: from email.msg.corp.akamai.com ([172.27.27.25]) by prod-mail-ppoint3.akamai.com with ESMTP id 2rdg51nq02-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 26 Mar 2019 04:35:55 -0400 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.27.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 26 Mar 2019 03:35:55 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1473.003; Tue, 26 Mar 2019 03:35:55 -0500 From: "Salz, Rich" To: "Dr. Pala" , "saag@ietf.org" , "secdispatch@ietf.org" Thread-Topic: [saag] SECDISPATCH WG Summary from IETF 104 Thread-Index: AdTjPnZiOQ6mePwTSO+LO8jL+YjROQAmIFgA///ArQA= Date: Tue, 26 Mar 2019 08:35:54 +0000 Message-ID: <09DE178A-4EE2-43D2-9099-562E3030EF32@akamai.com> References: <359EC4B99E040048A7131E0F4E113AFC01B3308493@marchand> <2a05beca-e41a-fbe8-835b-dfef9fa88432@openca.org> In-Reply-To: <2a05beca-e41a-fbe8-835b-dfef9fa88432@openca.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.0.190309 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.152.246] Content-Type: text/plain; charset="utf-8" Content-ID: <6E315ABF512FB24CA286ABAAF7A1DE0B@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-26_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=897 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903260064 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-26_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=924 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903260064 Archived-At: Subject: Re: [saag] SECDISPATCH WG Summary from IETF 104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 08:36:16 -0000 PiAgICBJIG5vdGljZWQgYXQgdGhlIGxhc3QgZGlzcGF0Y2ggdGhhdCB0aGVyZSBoYXMgYmVlbiBu byBodW1taW5nIHRvIGdldCB0aGUgDQogICAgZmVlbGluZyBvZiB0aGUgcm9vbQ0KDQpHb29kIHBv aW50LCB0aGFua3MgZm9yIHJhaXNpbmcgdGhlIGlzc3VlLiBXZSBhbHNvIG1pc3NlZCAidG8gYmUg Y29uZmlybWVkIG9uIHRoZSBsaXN0LiIgIFdoYXRldmVyIHRoZSBydWxlcyBhcmUgZ29pbmcgdG8g YmUsIHRoZXkgc2hvdWxkIGJlIGV4cGxpY2l0Lg0KIA0KDQo= From nobody Tue Mar 26 02:19:39 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC51120295 for ; Tue, 26 Mar 2019 02:19:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jgflmbDxRkY for ; Tue, 26 Mar 2019 02:19:34 -0700 (PDT) Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10055.outbound.protection.outlook.com [40.107.1.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C7FB12028F for ; Tue, 26 Mar 2019 02:19:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0wodv1kZ2+PpdWWR5Z5MLdTh3zetrsdhBTwS8dbigD8=; b=N92Valh0MXv8tKlMfBgSsJ0XtxSB8z6ndP3lUjdoLzPfek/ygIPk6LpiOICg2wNy9rjjIzcT6SRcMB4TC6W3Bs16Vwt8t9O/U2tAr2tkbwcEvNgNaWV6W3r2LNM9rZK5I9ABW0zEnSLGbkE2TjEIueL1lZvickkE7iDgUcQ0ahs= Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2748.eurprd07.prod.outlook.com (10.168.189.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.10; Tue, 26 Mar 2019 09:19:31 +0000 Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::6877:aa58:3e6:6a4b]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::6877:aa58:3e6:6a4b%5]) with mapi id 15.20.1750.013; Tue, 26 Mar 2019 09:19:31 +0000 From: Mohit Sethi M To: "saag@ietf.org" Thread-Topic: EMU WG report Thread-Index: AQHU47UFOILg6Q49HUWVQk/f9pb7Gw== Date: Tue, 26 Mar 2019 09:19:31 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 x-originating-ip: [89.166.49.243] x-clientproxiedby: HE1P192CA0007.EURP192.PROD.OUTLOOK.COM (2603:10a6:3:fe::17) To HE1PR0701MB2905.eurprd07.prod.outlook.com (2603:10a6:3:57::18) authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1a9a8ef1-34c7-4cf3-b0b8-08d6b1cc2786 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:HE1PR0701MB2748; x-ms-traffictypediagnostic: HE1PR0701MB2748: x-microsoft-antispam-prvs: x-forefront-prvs: 09888BC01D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(39860400002)(396003)(136003)(366004)(376002)(346002)(189003)(199004)(6506007)(65806001)(26005)(66066001)(6486002)(6436002)(5640700003)(6116002)(478600001)(31686004)(3846002)(186003)(65956001)(52116002)(53936002)(8936002)(1730700003)(65826007)(81166006)(8676002)(386003)(102836004)(14454004)(25786009)(64126003)(7116003)(36756003)(99286004)(5660300002)(81156014)(106356001)(31696002)(6512007)(305945005)(256004)(2906002)(316002)(86362001)(58126008)(7736002)(486006)(68736007)(71190400001)(71200400001)(97736004)(2501003)(105586002)(3480700005)(2616005)(476003)(6916009)(2351001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2748; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: COmCfJvUWOlpmNS1U0A3aTUSnXafm6LJ63POzgf3LzretMoTFD142BRf1r/9cdwJKbDqCxNFVw3+JKlbKTMBgaEeaDhIdd1FWSN/iIEpI1OG3/fSSs53bg4XCr+2CHDCQ3iEUY531u459aSOrsmBnXdWOiudN6hwZma0uZZ1pM2lfRBTE3GpxBB/FRRteVd+URFvB8wZsQDZA15TS+nMrfvswYXC2uVya3KeLwKH/vrjsnSEouMtJ5ltoGUT6sFHmMwecRNLKy1Jy+3IfJmxez9FcMfvrGYhv59YdLRC2cV9B5nRlFRpEqxE+2i4YwV/+YTPuocCKrAE1mp6w/bJR6cT/oDoEyA1d1Ft/oBS2GOQm44f46+EtZiGUB1Fj16uH+si1lhFx5zbKsIfC8OzFYRA1Xm8gMAQqDPdfNi+Ni4= Content-Type: text/plain; charset="utf-8" Content-ID: <728F6419F1A1B0468A90435E77CE4430@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1a9a8ef1-34c7-4cf3-b0b8-08d6b1cc2786 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2019 09:19:31.7079 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2748 Archived-At: Subject: [saag] EMU WG report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 09:19:37 -0000 VGhlIEVNVSBXRyBtZXQgb24gTW9uZGF5IChNYXJjaCAyNSkgYmV0d2VlbiAwOTowMCAtIDExOjAw LiBVcGRhdGVzIHRvIA0KdGhlIGZvbGxvd2luZyB0d28gd29ya2luZyBncm91cCBkb2N1bWVudHMg d2VyZSBwcmVzZW50ZWQ6DQoNCjEuIEVBUC1UTFMgd2l0aCBUTFMgMS4zIC0gZHJhZnQtaWV0Zi1l bXUtZWFwLXRsczEzLTA0DQoyLiBJbXByb3ZlbWVudHMgdG8gRUFQLUFLQScgKFJGQzU0NDhiaXMp IC0gZHJhZnQtaWV0Zi1lbXUtcmZjNTQ0OGJpcy0wNCANCi0gRGlzY3Vzc2lvbiBvbiBmZWVkYmFj ayBmcm9tIFdHTEMuIENvbnNlbnN1cyB0byBtb3ZlIGZvcndhcmQgd2hlbiBhIG5ldyANCnZlcnNp b24gYWRkcmVzc2luZyB0aGUgY29tbWVudHMgaXMgc3VibWl0dGVkLg0KDQpUaGUgZm9sbG93aW5n IG5vbiB3b3JraW5nIGdyb3VwIGRvY3VtZW50cyB3ZXJlIHByZXNlbnRlZDoNCg0KMS4gRUFQIFNl c3Npb24tSWQgRGVyaXZhdGlvbsKgIC0gZHJhZnQtZGVrb2stZW11LWVhcC1zZXNzaW9uLWlkDQoy LiBMYXJnZSBDZXJ0aWZpY2F0ZXMgYW5kIExvbmcgQ2VydGlmaWNhdGUgQ2hhaW5zIGluIFRMUyBi YXNlZCBFQVAgDQptZXRob2RzIC0gZHJhZnQtbXMtZW11LWVhcHRsc2NlcnQNCjMuwqAgVExTLWJh c2VkIEVBUCB0eXBlcyBhbmQgVExTIDEuMyAtIGRyYWZ0LWRla29rLWVtdS10bHMtZWFwLXR5cGVz LTAwDQoNClRoZSBmb2xsb3dpbmcgbm9uLWNoYXJ0ZXJlZCBpdGVtcyB3ZXJlIHByZXNlbnRlZDoN Cg0KMS4gTmltYmxlIG91dC1vZi1iYW5kIGF1dGhlbnRpY2F0aW9uIGZvciBFQVAgLSBkcmFmdC1h dXJhLWVhcC1ub29iLTA1DQoyLiBCb290c3RyYXBwaW5nIEtleSBJbmZyYXN0cnVjdHVyZSBvdmVy IEVBUCAtIGRyYWZ0LWxlYXItZWFwLXRlYXAtYnJza2ktMDINCjMuIENyZWRlbnRpYWxzIFByb3Zp c2lvbmluZyBhbmQgTWFuYWdlbWVudCB2aWEgRUFQIC0gZHJhZnQtcGFsYS1lYXAtY3JlZHMtMDAN Cg0KQ29uc2Vuc3VzIHRvIHRoaW5rIGFib3V0IHJlLWNoYXJ0ZXJpbmcgYXMgdGhlIFdHIHNsb3ds eSBtYWtlcyBwcm9ncmVzcyANCm9uIGN1cnJlbnRseSBjaGFydGVyZWQgaXRlbXMuDQoNCkpvZSBh bmQgTW9oaXQNCg0KDQoNCg== From nobody Tue Mar 26 02:28:22 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A78C5120282 for ; Tue, 26 Mar 2019 02:28:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFZcaRKktFvQ for ; Tue, 26 Mar 2019 02:28:16 -0700 (PDT) Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 396271202D5 for ; Tue, 26 Mar 2019 02:28:16 -0700 (PDT) Received: by mail-ot1-x336.google.com with SMTP id 64so10779878otb.8 for ; Tue, 26 Mar 2019 02:28:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=IJntoSyaxfe0rpiFeWYehnLYC8p2UykWGa/uStd/N8E=; b=BMLa/FWp8N55DCQ29mloRhlZDZjqZ/I3ZdGZYoqvB0tBtYUpWKe94NYpQompjZ0hdQ 0KTFZEY/24HfIDxAojISZmeHamJzyT5tO/3OnYlL3PeUmTvXgvShR6askF3HyqywtMFx 0/jZSyb6eTyzpbXEJn+DCARlejwGrNjvOhAZ0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=IJntoSyaxfe0rpiFeWYehnLYC8p2UykWGa/uStd/N8E=; b=ulKP8NbQVtwLofwn9Sw5M4idGif5bSc9WIWFZULcnPqsxY1YFGbw9P4bCIvJikekX4 Bf4rbFVNd05Y1cmNCRCnZQlWIyE1WkES3XL25AGkP3sSrq+7zG301XOL2PcZmQfmhvRp cFZK/TB0jWOcfyHK1Toak6pKJqM21eX5M1QT4jquOHmo8xJZoE0vD6AfVLXZ3SNmVi8/ EcGxXDqy/txmqHIkZfRBENVp3psbSudLwyPVlR6H5ASLxPVAJP6hmW/gfAd7V2uTNZ0L OstAv+9w366c8F6WVnKyHIPz22xXDqAkLny85F1Z0/TQ2rBVQ3sPZhHJXXWFjJpI05Uj 9Hmw== X-Gm-Message-State: APjAAAU0f9QMLOGt1xOEivkn+9RvNVPprgCTdRgbCZI3FTtuJSCUGioH jZZdYfJewz/5EN/hTNBawdUiKDxs8lAbL38ubJfCPBoXYQjNXQ== X-Google-Smtp-Source: APXvYqwKNbZ1ie7mQKlf70b7Z5zbftMT9e8dL9k7OB1eaDB6pMxmEho2X1ZyEEFifrbEdjhioPOZEj6Im7AeIhBNc7o= X-Received: by 2002:a9d:368:: with SMTP id 95mr21475834otv.49.1553592495141; Tue, 26 Mar 2019 02:28:15 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Joseph Lorenzo Hall Date: Tue, 26 Mar 2019 05:28:02 -0400 Message-ID: To: saag@ietf.org Content-Type: multipart/alternative; boundary="000000000000cc8abc0584fbf08d" Archived-At: Subject: [saag] Fwd: descriptive censorship work: draft-hall-censorship-tech X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 09:28:20 -0000 --000000000000cc8abc0584fbf08d Content-Type: text/plain; charset="UTF-8" as an FYI ---------- Forwarded message --------- From: Joseph Lorenzo Hall Date: Tue, Mar 26, 2019 at 4:45 AM Subject: descriptive censorship work: draft-hall-censorship-tech To: , Stan Adams , Nick Feamster < feamster@cs.princeton.edu> (Bcc'ing SECDISPATCH and SAAG as an FYI; thread on PEARG) Hello, apologies for cross-posting. At IETF 91 in 2014 we presented some very early work before SAAG that describes how global censors use protocols to censor data flows (block, impair, modify, etc.). After some editing in subsequent years based on superb feedback from SAAG folks (Stephane B., Andrew M., thank you!) we had tentative AD sponsorship and some thoughts that this was better on the IETF side of the house rather than in a RG. We've started to work on it again* and since the original draft we now have SECDISPATCH to help "the misfit toys of security" find a home in terms of IETF process... I very briefly described this work yesterday in SECDISPATCH and Chris Wood, the new PEARG co-chair, suggested that PEARG would be a good place for this work since part of what they would like to do in that RG is document certain privacy-implicating things in the real world. We don't really have a preference where this ends up -- there's even a case to be made that given the dynamic nature of censorship that this will necessarily always be a work in progress. We have heard people find it useful and PEARG seems as good as anywhere, and obviously the process to get to an RG RFC would help it get better (at least that is my impression!). Here is the current version of the draft and the repo we're using to track issues and version the doc: draft: https://tools.ietf.org/html/draft-hall-censorship-tech-07 repo: https://github.com/josephlhall/rfc-censorship-tech Would love to hear if this is something people think PEARG would like to work on and we have some ideas about additional documents in a series like this (e.g., having some real-world descriptive reference on research and practice in terms of traffic analysis could be really useful for IETF folks, I suspect.) Cheers! --Joe Hall (copying two co-authors, Stan from CDT and Nick from Princeton) * IASA2 has been a big focus of my own for the last two years. -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 Don't miss out! CDT's Tech Prom is April 10, 2019, at The Anthem. Please join us: https://cdt.org/annual-dinner/ -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 Don't miss out! CDT's Tech Prom is April 10, 2019, at The Anthem. Please join us: https://cdt.org/annual-dinner/ --000000000000cc8abc0584fbf08d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
as an FYI

---------- Forwarded message ---------
Fro= m: Joseph Lorenzo Hall <joe@cdt.org><= br>Date: Tue, Mar 26, 2019 at 4:45 AM
Subject: descriptive censorship wo= rk: draft-hall-censorship-tech
To: <pearg@irtf.org>, Stan Adams <= sadams@cdt.org>, Nick Feamster <feamster@cs.princeton.edu>


(Bcc'ing SECDISPATCH and SA= AG as an FYI; thread on PEARG)

Hello, apologie= s for cross-posting.

At IETF 91 in 2014 we present= ed some very early work before SAAG that describes how global censors use p= rotocols to censor data flows (block, impair, modify, etc.). After some edi= ting in subsequent years based on superb feedback from SAAG folks (Stephane= B., Andrew M., thank you!) we had tentative AD sponsorship and some though= ts that this was better on the IETF side of the house rather than in a RG.<= br>

We've started to work on it again* and sin= ce the original draft we now have SECDISPATCH to help "the misfit toys= of security" find a home in terms of IETF process... I very briefly d= escribed this work yesterday in SECDISPATCH and Chris Wood, the new PEARG c= o-chair, suggested that PEARG would be a good place for this work since par= t of what they would like to do in that RG is document certain privacy-impl= icating things in the real world.

We don't rea= lly have a preference where this ends up -- there's even a case to be m= ade that given the dynamic nature of censorship that this will necessarily = always be a work in progress. We have heard people find it useful and PEARG= seems as good as anywhere, and obviously the process to get to an RG RFC w= ould help it get better (at least that is my impression!).

Here is the current version of the draft and the repo we're us= ing to track issues and version the doc:

draft: https://tools.ietf.org/html/draft-hall-censorship-tech-07

Would love to hear if this is something people th= ink PEARG would like to work on and we have some ideas about additional doc= uments in a series like this (e.g., having some real-world descriptive refe= rence on research and practice in terms of traffic analysis could be really= useful for IETF folks, I suspect.)

Cheers! --Joe = Hall

(copying two co-authors, Stan from CDT and Ni= ck from Princeton)

* IASA2 has been a big focu= s of my own for the last two years.

--
Joseph Lorenzo Hall
Chief Technologist, Center for D= emocracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-349= 7
e: joe@cdt.org, p= : 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DB= D3 4B10 =C2=A01607 5F86 6987 40A9 A871

Don'= ;t miss out! CDT's Tech Prom is April 10, 2019, at The
Anthem. Pleas= e join us: htt= ps://cdt.org/annual-dinner/


--
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy &= ; Technology [https://www= .cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: joe@cdt.org, p: 202.407.882= 5, pgp: https:= //josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 =C2= =A01607 5F86 6987 40A9 A871

Don't miss out= ! CDT's Tech Prom is April 10, 2019, at The
Anthem. Please join us: = https://cdt.or= g/annual-dinner/
--000000000000cc8abc0584fbf08d-- From nobody Tue Mar 26 02:58:53 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A18B91202FB; Tue, 26 Mar 2019 02:58:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 38UYodrzwFvD; Tue, 26 Mar 2019 02:58:33 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7038D1202B6; Tue, 26 Mar 2019 02:58:33 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [IPv6:2607:f0b0:f:68:d5b0:7d49:45f1:6ec]) by relay.sandelman.ca (Postfix) with ESMTPS id 5198E1F45B; Tue, 26 Mar 2019 09:58:30 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 06A052854; Tue, 26 Mar 2019 10:58:31 +0100 (CET) From: Michael Richardson To: saag@ietf.org, "secdispatch\@ietf.org" In-reply-to: <09DE178A-4EE2-43D2-9099-562E3030EF32@akamai.com> References: <359EC4B99E040048A7131E0F4E113AFC01B3308493@marchand> <2a05beca-e41a-fbe8-835b-dfef9fa88432@openca.org> <09DE178A-4EE2-43D2-9099-562E3030EF32@akamai.com> Comments: In-reply-to "Salz, Rich" message dated "Tue, 26 Mar 2019 08:35:54 +0000." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Tue, 26 Mar 2019 10:58:30 +0100 Message-ID: <6924.1553594310@dooku.sandelman.ca> Archived-At: Subject: Re: [saag] [Secdispatch] SECDISPATCH WG Summary from IETF 104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 09:58:45 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Salz, Rich wrote: >> I noticed at the last dispatch that there has been no humming to get >> the > feeling of the room > Good point, thanks for raising the issue. We also missed "to be > confirmed on the list." Whatever the rules are going to be, they > should be explicit. Which list? :-) no, seriously. I think that each propsal needs some CCs to other lists. Also, I would have thought that the virtual interim meeting results would have been included in that summary email as well. I'd like to see a paragraph for each proposal explaining why other options (including "not relevant to IETF", or also, "conflicts with existing work") are less relevant. As such each really needs it's own thread. Yes, that is more work... "many hands" comes to mind. =2D-=20 Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAlyZ98YACgkQlUzhVv38 QpBdTAgAme02HioBviEPUtinfr55EEXjkp0aQFFwFL+xFBjTXYOqB5Ng2vCrbJwI QBv9Ig3mxaNve9iGtzx6Zz+um0CCaKELjcoApcG3JxKi2x3tcmeXO2IcQBUdOji8 N5DO4BnlMA249c/cf6cppL7SrTBXiuMrZi0RJxwXEbmIXURS0vTNHf3ucjnxTw2S Brb5CfDk3vKqFkkKCnVG52qck3j6kFi2XKG7/d7Rh1MuQtAEkKgFdqaaxIcIrZkv ZVHsoYkp8JdGbDEF6dED9L2r80dQJ8VSrV7prVKfmWboH2WV2qEry02VxcEIEMpX h3f7wiWNn3ul2jx+Bx0uVVM5tz3Yug== =C2i+ -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Mar 26 03:54:07 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52A4E1202E5 for ; Tue, 26 Mar 2019 03:53:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.7 X-Spam-Level: X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=smyslov.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MCd0w6XdxF0T for ; Tue, 26 Mar 2019 03:53:53 -0700 (PDT) Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C7BA1202D0 for ; Tue, 26 Mar 2019 03:53:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=T1wd4FFTIkGKCtcREcMIzo/BN9eF0ZGA4kldYK0Kv18=; b=wyATxPknZou1nD0X2fwwi9K3Gu aXHs4DbO5Ku9OVA5Kqc4hr7SVinmIolqoT57b4TgONw0w4HLPRP0jDczqi9UFdlj2abJx/bqqepNB CLlPcSTLt/l1PFq9SLPfpfVcSXKc26OAeX1c5KeW7/3qonRRNCbCslb+10JOrlGZAsNETxAbhrwAs F81fs2k642Pea3vLFkzm+GPmZ+YtaPKhua+tjs2fZrsbG7vMds+QAyqiqIp52n53T9P0bZqROd4sr AswvGdTVWDu+jDUzK/a0+VcN6TTMlJdBG93fHw7rk9QFGoKrEjjUiSz0rrGi9pcT+9lRmmJMEmFUv bTyhMAEA==; Received: from dhcp-8152.meeting.ietf.org ([31.133.129.82]:53434 helo=svannotebook) by direct.host-care.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1h8jiI-0000Yq-7H; Tue, 26 Mar 2019 06:53:50 -0400 From: "Valery Smyslov" To: Cc: "'Leif Johansson'" Date: Tue, 26 Mar 2019 13:53:48 +0300 Message-ID: <07f701d4e3c2$323bfde0$96b3f9a0$@smyslov.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdTjwEYKaU7EoHPgReGqgP2wHBHP+w== Content-Language: ru X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - direct.host-care.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - smyslov.net X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net X-Source: X-Source-Args: X-Source-Dir: Archived-At: Subject: [saag] UTA WG report for IETF104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 10:54:06 -0000 UTA has met on Tuesday, 26th, 10:00-11:00. We had three major agenda items: 1. Recently adopted draft draft-ietf-uta-tls-for-email-01 It was decided to continue discussion on the list. We added June 2019 as a milestone to bring this draft to LC. 2. Situation around IESG evaluation of draft-ietf-uta-smtp-require-tls-07 We seemed to have some progress in crafting the Security Consideration section, as it was the main obstacle. 3. Possible new work item draft-tschofenig-uta-tls13-profile-01 There were several people in the room expressed interest in the draft and agreed to review it. Once it is confirmed on the list the draft can become a candidate for adoption. Regards, Leif & Valery. From nobody Tue Mar 26 04:11:43 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8A2F120312 for ; Tue, 26 Mar 2019 04:11:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bjh47bXUrxEC for ; Tue, 26 Mar 2019 04:11:32 -0700 (PDT) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 492B9120309 for ; Tue, 26 Mar 2019 04:11:32 -0700 (PDT) Received: by mail-io1-xd2e.google.com with SMTP id d201so10382588iof.7 for ; Tue, 26 Mar 2019 04:11:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=sw+ntURXYyFhjHo8af0cB27C6Q6G9IyC/Fc6kkTWEJE=; b=oNzHxfWBK619PhxbbFSUXXjwzUllgehftWoQ/JckcSTmDnwvBZw88KLHGAinLhwJfj 3iSzQ3TpnNP3q8r2ANNquH+bkqHrEp7oDlJgw/3DtUuLUw3f16Og0M3HhJdZulVmuBBr +A10pb3YwoxrjAO7mid3eOaqhPQ7Ar1byHTNdzD3D7bKOYk4OQPJRGklY5zfc1Ob9TFs 7kcUWb3lDIyXRcRbRUTNPkQszUE9kpty6RXpjVE/yAn8llIDM0w6vEnuO7ByKvDYG6of aJSakFfbpYI28oiku32DMlYj5/rw/jU8ayjqHb3B4LO6Ub3h0gaHFDz+o/dCLS3DMgZ5 C8YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=sw+ntURXYyFhjHo8af0cB27C6Q6G9IyC/Fc6kkTWEJE=; b=HyLBD7VT0rl61As6H5+6i04mgtwu6rvr0fNiIVRRf9nS7GOZBkglsJ6caK3/Pqck7s 9V4ws7NlwrHd/VYAWWTtr9Z2AmdvpQk8fSbqTjrqCny3Fij2A1VwfY4Xe+sfXFRBmp8a sVTh+rywzWrgRkSQYmBo+Im98AeAfNsWffZaS9Ai8fG2Vb6CYVv5n7BABqpKiYky79q8 87Yf6NhpofbEJm/I2ww8Eb3r8PorKOQy/pmvVTWP+YWvbRY4phZHu1dcnVFkQ3U4mI61 xIBZ6AwdtEBsurItQ6n3EOwcicHTsRiho8pO3S2jj8fn9PJERDcITW2I6Jer7d7WxxIF rZSg== X-Gm-Message-State: APjAAAUqWe4bx50/5q9Q9cJEB1GCc5riklBAYGll6jemD5oObre3tPuO B+3Izk9TKDZzK6s+R2uEyd19OZ3I5ypv02++vJCdOeLH9H8= X-Google-Smtp-Source: APXvYqwg6tUTIEPi0EqgZAs9e7P5QGM4DwzX9SUKDxOPPg/YQyRDrpX7HUlgAqvHd5pSu/5TqugZovcxf9au40CFQ7Q= X-Received: by 2002:a6b:e50d:: with SMTP id y13mr18624102ioc.142.1553598691538; Tue, 26 Mar 2019 04:11:31 -0700 (PDT) MIME-Version: 1.0 From: Kathleen Moriarty Date: Tue, 26 Mar 2019 07:10:55 -0400 Message-ID: To: saag@ietf.org Content-Type: multipart/alternative; boundary="00000000000021fb240584fd6235" Archived-At: Subject: [saag] SMART summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 11:11:42 -0000 --00000000000021fb240584fd6235 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Stopping Malware And Researching Threats (SMART) met Monday afternoon as an IAB Session, which aims to be an IRTF research group. SMART met on Monday to discuss the problem statement and some areas for research possible for the effort. A brief review of the Coordinating Attack Response at Internet Scale (CARIS) 2 workshop was provided. A full meeting report will be forthcoming. Several researchers and industry representatives presented. Talks included= : Malicious Uses of Evasive Communications and Threats to Privacy (David McGrew) Highlighted questions and areas of research for SMART. Showed multiple views into work focused on privacy. Many protocols in the IETF are designed for benign uses but can be used in a malicious way. Attacks lead to data breaches and a negative impact on privacy. Threat Landscape Report (Arnaud Taddei) Reviewed statistics from the incident responder viewpoint. Some metrics will be further clarified on the list. Understanding the threat landscape helps to prioritize efforts based on trends. Testing for the good of the internet (Simon Edwards) Discussed testing of vendor products and taking the full attack chain into consideration for detection. Talked about the difficulties with testing samples due to bias with available samples but described the methodology of testing security against a full attack chain. BGP hijacking (T=C3=B6ma Gavrichenkov) Multiple drafts exist and are in review for BGP hijacking solutions (other BGP problems exist and there is a possible area of research to explore and provide guidance). Should SMART play a role in providing guidance t= o IETF draft proposals from an attack defence perspective? CLESS draft on endpoint security (Arnaud Taddei) The CLESS draft surveys the end point capabilities and limitations for one set of end points, others expected to be added. This draft is focused on what can be done at the end point, for a full understanding of what can be done on the end point, and therefore what must be done in the protocol. This is needed as security capabilities are expected to shift to the end point with more end-to-end encryption. Contributions were requested on this early draft. One Snake (Ian Levy, NCSC) Highlighted numerous problems for the information security professional, the opportunities for research, measurement, and advancement in this space and why a group like SMART is needed. Room was surveyed to determine interest in contributing or reviewing work. About half the room raised hands. Scope needs to be determined and hand offs to the IETF Security Area are likely depending on the work that comes in. Contributions are welcome. There were about 150 people that signed the blue sheets, room seemed packed a bit more. --=20 Best regards, Kathleen & Kirsty --00000000000021fb240584fd6235 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Stopping Malware And Researching Thr= eats (SMART) met Monday afternoon as an IAB Session, which aims to be an IR= TF research group.

SMART met on Monday to discuss = the problem statement and some areas for research possible for the effort. = A brief review of the Coordinating Attack Response at Internet Scale (CARIS= ) 2 workshop was provided.=C2=A0 A full meeting report will be forthcoming.=

Several researchers and industry representatives = presented.=C2=A0 Talks included:
Malicious Uses of Evasive Commun= ications and Threats to Privacy (David McGrew)
=C2=A0 =C2=A0Highl= ighted questions and areas of research for SMART.=C2=A0 Showed multiple vie= ws
=C2=A0 =C2=A0into work focused on privacy. Many protocols in t= he IETF are designed for=C2=A0
=C2=A0 =C2=A0benign uses but can b= e used in a malicious way. Attacks lead to data breaches=C2=A0
= =C2=A0 =C2=A0and a negative impact on privacy.
Threat Landscape R= eport (Arnaud Taddei)
=C2=A0 =C2=A0Reviewed statistics from the i= ncident responder viewpoint.=C2=A0 Some metrics
=C2=A0 =C2=A0will= be further clarified on the list.=C2=A0 Understanding the threat landscape= helps to=C2=A0
=C2=A0 =C2=A0prioritize efforts based on trends.<= /div>
Testing for the good of the internet (Simon Edwards)
= =C2=A0 =C2=A0Discussed testing of vendor products and taking the full attac= k chain into
=C2=A0 =C2=A0consideration for detection.=C2=A0 Talk= ed about the difficulties with testing
=C2=A0 =C2=A0samples due t= o bias with available samples but described the methodology of=C2=A0
<= div>=C2=A0 =C2=A0testing security against a full attack chain.
BG= P hijacking (T=C3=B6ma Gavrichenkov)
=C2=A0 =C2=A0Multiple drafts= exist and are in review for BGP hijacking solutions
=C2=A0 =C2= =A0(other BGP problems exist and there is a possible area of research to ex= plore
=C2=A0 =C2=A0and provide guidance).=C2=A0 Should SMART play= a role in providing guidance to
=C2=A0 =C2=A0IETF draft proposal= s from an attack defence perspective?
CLESS draft on endpoint sec= urity (Arnaud Taddei)
=C2=A0 =C2=A0The CLESS draft surveys the en= d point capabilities and limitations for one set of=C2=A0
=C2=A0 = =C2=A0end points, others expected to be added.=C2=A0 This draft is focused = on what can be=C2=A0
=C2=A0 =C2=A0done at the end point, for a fu= ll understanding of what can be done on the end=C2=A0
=C2=A0 =C2= =A0point, and therefore what must be done in the protocol. This is needed a= s security=C2=A0
=C2=A0 =C2=A0capabilities are expected to shift = to the end point with more end-to-end=C2=A0
=C2=A0 =C2=A0encrypti= on.=C2=A0 Contributions were requested on this early draft.
One S= nake (Ian Levy, NCSC)
=C2=A0 =C2=A0Highlighted numerous problems = for the information security professional,
=C2=A0 =C2=A0the oppor= tunities for research, measurement, and advancement in this space and
=
=C2=A0 =C2=A0why a group like SMART is needed.

Room was surveyed to determine interest in contributing or reviewing work= .=C2=A0 About half the room raised hands.=C2=A0 Scope needs to be determine= d and hand offs to the IETF Security Area are likely depending on the work = that comes in.
Contributions are welcome.
There were ab= out 150 people that signed the blue sheets, room seemed packed a bit more.<= /div>


--

Best regards,
Kathleen & = Kirsty
--00000000000021fb240584fd6235-- From nobody Tue Mar 26 05:05:24 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E70381202DC for ; Tue, 26 Mar 2019 05:05:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6OYOFoYMp-NL for ; Tue, 26 Mar 2019 05:05:19 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEA881202DF for ; Tue, 26 Mar 2019 05:05:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 61B5BBEFA; Tue, 26 Mar 2019 12:05:04 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lCi0WHds4uCn; Tue, 26 Mar 2019 12:05:02 +0000 (GMT) Received: from [31.133.128.194] (dhcp-80c2.meeting.ietf.org [31.133.128.194]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 934CDBEFE; Tue, 26 Mar 2019 12:05:02 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1553601902; bh=pZvMp7xLZDuMdfB5X3HVn3CPxdrVtcDLejLqTT8OChQ=; h=Subject:To:References:From:Date:In-Reply-To:From; b=psMEZZcGn1vIpEIcRVCgeboDAJ7olCu3KO8UQA+e3lDA+4sxA0vobRjxju2Y1VcHQ dI5OmwjkhIXMbgUP/lVldtCoyyUC3bb7vLzok0tmmWlQDVui6nYRwMEtU4fvZbau6j aVV47p9N14IIsGW8m91VEHv8bmRD+6kLlp3RYUWU= To: Kathleen Moriarty , saag@ietf.org References: From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <60234e9a-e1aa-37eb-b159-f3022fd3c677@cs.tcd.ie> Date: Tue, 26 Mar 2019 12:04:58 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="N0cKcLL8Di58Y0EwQwCThJOeVZD0d0rFH" Archived-At: Subject: Re: [saag] SMART summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 12:05:23 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --N0cKcLL8Di58Y0EwQwCThJOeVZD0d0rFH Content-Type: multipart/mixed; boundary="QypUrLorgomONUDJRrRwLywxHt7jlQJKT"; protected-headers="v1" From: Stephen Farrell To: Kathleen Moriarty , saag@ietf.org Message-ID: <60234e9a-e1aa-37eb-b159-f3022fd3c677@cs.tcd.ie> Subject: Re: [saag] SMART summary References: In-Reply-To: --QypUrLorgomONUDJRrRwLywxHt7jlQJKT Content-Type: multipart/mixed; boundary="------------7C96EC5EBF71108C3B81A985" Content-Language: en-GB This is a multi-part message in MIME format. --------------7C96EC5EBF71108C3B81A985 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 26/03/2019 11:10, Kathleen Moriarty wrote: > Room was surveyed to determine interest in contributing or reviewing wo= rk. > About half the room raised hands. Scope needs to be determined and han= d > offs to the IETF Security Area are likely depending on the work that co= mes > in. I think it was a bit of a pity that the room weren't asked about concerns with this work going forward. (If you asked that and I missed it, apologies;-) Given it wasn't an IETF BoF that's ok, but were this proposed as IETF work, I would have concerns. As a potential RG, I also have (a non-identical set of) concerns. I guess that discussion as to how to take this forward will give a chance for such concerns to be raised and discussed, so not asking that we try do that here/now. S. --------------7C96EC5EBF71108C3B81A985 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------7C96EC5EBF71108C3B81A985-- --QypUrLorgomONUDJRrRwLywxHt7jlQJKT-- --N0cKcLL8Di58Y0EwQwCThJOeVZD0d0rFH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlyaFWsACgkQWrL68XsX K+oBdw//eKESKbutxn8C/a86M0tLimWYDY5LreF5eP07P20PgvUujVY1yzhi6oxd vDqLDJDxJIPmQ4//4oLMjHunU98LhPGh/gOS2ZQjDl3/kLnTr4R8A4/lgjWoQhU0 +P8BTwm/eFe1GmxYy6IFWnym4VcaAXRgWhvsA1MKFYVo43Ryg7EmTB11qu4n9ds/ uOzJ2FMLe8dH+ZB4eXG8LIPdmZi4JORw8XW3nx3jYcJJW8PR+Cg+wX+j7m5/muJC 0qeiGTunTHyELn67QF3V42zSQkC3sNizhnGdZDxctemIyHbBd8tC0MAjdi4/zypk PJzjBkDl3Hp60/HPgR55IvJGyK3118vKybs3baTxvRhpPvGi/pgBNNy6PWfRbLg+ mmwq61Ql8/J9JmqwjzeqZ7HB4VQtWO1W/tawAE19NK8uLQUjdst5oK2B6CC4RyGG qrYR4jY35hy+EFvBAqsanTFiNnE7Kq/q35VMyVbREjT+GkTPFer2jdFkmtHHkqSG 2GF3ai7jOcegwUXMZ4oYuEuXSxG4LGh/qlMwD2PvesJip7oCC2Ev9yFWWGmkkVpu pCFg32xuwZvSVFdlOpYfiVA36PM3popKLec09K7EkybmQCxL7xv5znurH6sgaPLo r/fClxf8XUOhi1PFTTngCUuYEAtaGQovVo/RTjOoGm5TY1MKHI8= =TR8N -----END PGP SIGNATURE----- --N0cKcLL8Di58Y0EwQwCThJOeVZD0d0rFH-- From nobody Tue Mar 26 07:45:11 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84079120329; Tue, 26 Mar 2019 07:45:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SY9YKRA4d_sL; Tue, 26 Mar 2019 07:45:06 -0700 (PDT) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C285D120312; Tue, 26 Mar 2019 07:44:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1446; q=dns/txt; s=iport; t=1553611483; x=1554821083; h=from:mime-version:subject:message-id:date:to; bh=Wr+LWU/GMJ5SlMV7zGEmHlsXtTSaAQlj+yGT+F30lyo=; b=OTj4so0VCT2pF6otUIaBCQ08WRcW2l2XQFz/Ch4tiTiGNdhMTPHaNSoz xk/M4efDSOMeaHn2wYjKgnYp1Slvi7WXw9jCiTel4RpGbWStGHxp1fhYp T/+eTtx2cHASKaxwVoYYi5A4Rdr/XxR+hnx/Y0IfKX+vIEimBvzfrZRIQ s=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BQAACbOppc/xbLJq1kHAEBAQQBAQc?= =?us-ascii?q?EAQGBUwUBAQsBg2kSjTCfF4V3gXsNAQGKMjYHDQEBAwEBCQEDAm0ohUF4LwG?= =?us-ascii?q?BHwGDNIF2rmqFRoRtgS8Bi0iBf4E4H4IebId/giYDilKHKYZdjEEJggGEfYw?= =?us-ascii?q?9GYVIjjqDRIdZkECCcgIEBgUCFYFUDSSBVjMaCBsVZQGCQj2QDj4DkGwBAQ?= X-IronPort-AV: E=Sophos; i="5.60,271,1549929600"; d="scan'208,217"; a="10979184" Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 26 Mar 2019 14:44:40 +0000 Received: from ams3-vpn-dhcp3730.cisco.com (ams3-vpn-dhcp3730.cisco.com [10.61.78.146]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x2QEicoX013295 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 26 Mar 2019 14:44:39 GMT From: Eliot Lear Content-Type: multipart/alternative; boundary="Apple-Mail=_66589A0F-7312-44F8-845E-B3E1B3772E7F" Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Message-Id: <233762E6-E30A-469D-8DA1-D3439D088293@cisco.com> Date: Tue, 26 Mar 2019 15:44:36 +0100 To: opsawg@ietf.org, saag@ietf.org, dougm@nist.gov, Brian Haberman , 104 attendees <104attendees@ietf.org> X-Mailer: Apple Mail (2.3445.102.3) X-Outbound-SMTP-Client: 10.61.78.146, ams3-vpn-dhcp3730.cisco.com X-Outbound-Node: aer-core-2.cisco.com Archived-At: Subject: [saag] Side meeting on MUD futures on Thursday @ 10:00am X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 14:45:09 -0000 --Apple-Mail=_66589A0F-7312-44F8-845E-B3E1B3772E7F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi everyone, We will have a side meeting on next steps in MUD on Thursday @ 10:00am = in the Paris conference room. Topics will include any extensions to = follow on, as well as a means to gather MUD files from sources OTHER = than the manufacturer, as well as anything else you would like to bring = to the discussion. Bring a friend! Eliot --Apple-Mail=_66589A0F-7312-44F8-845E-B3E1B3772E7F Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii Hi everyone,

We will have a side meeting on next steps in MUD on Thursday @ 10:00am in the Paris conference room.  Topics will include any extensions to follow on, as well as a means to gather MUD files from sources OTHER than the manufacturer, as well as anything else you would like to bring to the discussion.

Bring a friend!

Eliot

--Apple-Mail=_66589A0F-7312-44F8-845E-B3E1B3772E7F-- From nobody Tue Mar 26 07:54:01 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C8FD12032C for ; Tue, 26 Mar 2019 07:53:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.446 X-Spam-Level: X-Spam-Status: No, score=-0.446 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_MOSTLY=0.428, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2bWZyyH9t_yx for ; Tue, 26 Mar 2019 07:53:58 -0700 (PDT) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-oln040092067092.outbound.protection.outlook.com [40.92.67.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10E56120369 for ; Tue, 26 Mar 2019 07:53:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zoRtbswqiWk1YbjuUnVhN6kp7t5nKdIlY5fDTkEp2rY=; b=n19U+JBSML+zVULPdsfOyiIuX+1ysEI42Icig/Txl4qJM5IxvJgJUEJG3ZI8hOUo29tLwhv4LrXXokrs0Ew98mSNJ6IMVhh5BBnqLXnG2GbQqXk6Z9dZlgXermoKhpml36+llVFQ9OF6uAy1ze0qC885J88mcRhbVuSzLtaSKVMkdP+TLbYnLQEPCAOHXr8UzK02y9qffVGxniLnMrFA9YqbU2sdNj7hTuyLq0mB7KCmcIttV50yHNPSGrVBOH/pucZD79tbBqctUWhqrqcPM05WyC3hs9+bzWHyBNKYd2GKhaAsN4tPvxSZGGWK+6Zn3feAVQ1EWmKzTePD+UZKRg== Received: from AM5EUR02FT042.eop-EUR02.prod.protection.outlook.com (10.152.8.59) by AM5EUR02HT004.eop-EUR02.prod.protection.outlook.com (10.152.8.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1730.9; Tue, 26 Mar 2019 14:53:55 +0000 Received: from VI1PR06MB4046.eurprd06.prod.outlook.com (10.152.8.54) by AM5EUR02FT042.mail.protection.outlook.com (10.152.9.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1730.9 via Frontend Transport; Tue, 26 Mar 2019 14:53:55 +0000 Received: from VI1PR06MB4046.eurprd06.prod.outlook.com ([fe80::bc62:d69e:c06b:75ab]) by VI1PR06MB4046.eurprd06.prod.outlook.com ([fe80::bc62:d69e:c06b:75ab%4]) with mapi id 15.20.1730.019; Tue, 26 Mar 2019 14:53:55 +0000 From: Inam Ali To: "saag@ietf.org" Thread-Topic: unsubscribe Thread-Index: AQHU4+O7fAnKfnQN0UugoqArB9EVWg== Date: Tue, 26 Mar 2019 14:53:55 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:E6665352277D502791AFB4997D0C5ECDF993624B7799C6F80E380EF73ECC3B25; UpperCasedChecksum:CA221565B3862DBCF8E6A3B7747013BC5F7496E0329FDB487CDD7FB337E8E3A0; SizeAsReceived:6534; Count:41 x-tmn: [w1SCT2OxWYIhafA5MXrUEhLtWwzmExny] x-ms-publictraffictype: Email x-incomingheadercount: 41 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(20181119110)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031322404)(2017031324274)(2017031323274)(1601125500)(1603101475)(1701031045); SRVR:AM5EUR02HT004; x-ms-traffictypediagnostic: AM5EUR02HT004: x-microsoft-antispam-message-info: PmTsqHEX6cPOgScMJH+gVL3Dbf1pQ4RwYsLZwoQwzIZNQaIivvIuDpmnlBizedF9 Content-Type: multipart/alternative; boundary="_000_VI1PR06MB40464C28F8E9BD7FF04F14A6F85F0VI1PR06MB4046eurp_" MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: cbc214d5-c5b2-44fb-91ac-08d6b1fade80 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2019 14:53:55.1331 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5EUR02HT004 Archived-At: Subject: [saag] unsubscribe X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 14:53:59 -0000 --_000_VI1PR06MB40464C28F8E9BD7FF04F14A6F85F0VI1PR06MB4046eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --_000_VI1PR06MB40464C28F8E9BD7FF04F14A6F85F0VI1PR06MB4046eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

--_000_VI1PR06MB40464C28F8E9BD7FF04F14A6F85F0VI1PR06MB4046eurp_-- From nobody Tue Mar 26 09:24:51 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC5F512059D for ; Tue, 26 Mar 2019 09:24:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.485 X-Spam-Level: X-Spam-Status: No, score=-0.485 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ae1dqgAJAHLo for ; Tue, 26 Mar 2019 09:24:41 -0700 (PDT) Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id C3CBC12056E for ; Tue, 26 Mar 2019 09:24:41 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id A0043374128E for ; Tue, 26 Mar 2019 16:24:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at katezarealty.com Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id L7WTAsClUVCP for ; Tue, 26 Mar 2019 12:24:41 -0400 (EDT) Received: from dhcp-8b3d.meeting.ietf.org (dhcp-8b3d.meeting.ietf.org [31.133.139.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 739033740F7B for ; Tue, 26 Mar 2019 12:24:40 -0400 (EDT) To: "saag@ietf.org" From: "Dr. Pala" Message-ID: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> Date: Tue, 26 Mar 2019 17:24:38 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------BC8B274E4ED5EDA0828D6394" Content-Language: en-US Archived-At: Subject: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 16:24:43 -0000 This is a multi-part message in MIME format. --------------BC8B274E4ED5EDA0828D6394 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi SAAG, I just wanted to provide some feedback based on the contents of some presentations I have seen in the security area. In particular, I noticed that some authors seem to confuse the definition of information objects (ASN.1) and their encoding (e.g., DER). I noticed that, sometimes, when ASN.1 was mentioned, what was really the topic of discussion was actually related to DER encoding. Since I have seen this happening multiple times, I am starting to wonder if I am the one who is wrong. In particular, my question is: do people in the security area support the statement that ASN.1 is equivalent to DER encoding ? I ask this because ASN.1 is "used for the definition of data types, values, and constraints on data types." independently from the how the data is actually encoded (BER, PER, XER, DER, etc.) - it just happens that in X.509 PKIs, we use DER as the preferred encoding (and PEM for 7-bit transport mode). Therefore when we talk about certificate parsing, for example, we do parse DER/PEM, not ASN.1. For example, for the proposal around CBOR-encoded certificates (not endorsing the idea, just using this as an example), defining the CBOR Encoding Rules (CER ?) would provide a path to provide CBOR encoding for all ASN.1 definitions we use in PKIX. Maybe this distinction is not important for people that already have a good understanding of the information model, however there might be newcomers (new IETF-ers or just new to the security area) that might think the two are the same when they are not, in my opinion. Therefore, my recommendation is to keep this distinction in mind when talking about encoding and parsing of, for example, certificates. I hope this helps. Just my 2 cents... Cheers, Max -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo --------------BC8B274E4ED5EDA0828D6394 Content-Type: multipart/related; boundary="------------28053A9F61ECB9A5B0A8B97A" --------------28053A9F61ECB9A5B0A8B97A Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

Hi SAAG,

I just wanted to provide some feedback based on the contents of some presentations I have seen in the security area. In particular, I noticed that some authors seem to confuse the definition of information objects (ASN.1) and their encoding (e.g., DER). I noticed that, sometimes, when ASN.1 was mentioned, what was really the topic of discussion was actually related to DER encoding.

Since I have seen this happening multiple times, I am starting to wonder if I am the one who is wrong. In particular, my question is: do people in the security area support the statement that ASN.1 is equivalent to DER encoding ?

I ask this because ASN.1 is "used for the definition of data types, values, and constraints on data types." independently from the how the data is actually encoded (BER, PER, XER, DER, etc.) - it just happens that in X.509 PKIs, we use DER as the preferred encoding (and PEM for 7-bit transport mode). Therefore when we talk about certificate parsing, for example, we do parse DER/PEM, not ASN.1. For example, for the proposal around CBOR-encoded certificates (not endorsing the idea, just using this as an example), defining the CBOR Encoding Rules (CER ?) would provide a path to provide CBOR encoding for all ASN.1 definitions we use in PKIX.

Maybe this distinction is not important for people that already have a good understanding of the information model, however there might be newcomers (new IETF-ers or just new to the security area) that might think the two are the same when they are not, in my opinion.

Therefore, my recommendation is to keep this distinction in mind when talking about encoding and parsing of, for example, certificates. I hope this helps.

Just my 2 cents...

Cheers,
Max

--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
--------------28053A9F61ECB9A5B0A8B97A Content-Type: image/png; name="pdbdjoadgkkcknje.png" Content-Transfer-Encoding: base64 Content-ID: Content-Disposition: inline; filename="pdbdjoadgkkcknje.png" iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1 SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27 PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7 gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5 giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/ 85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf 70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq 1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM 9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9 wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX 3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco 9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/ JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3 +B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59 qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a 8XoAAAAASUVORK5CYII= --------------28053A9F61ECB9A5B0A8B97A-- --------------BC8B274E4ED5EDA0828D6394-- From nobody Tue Mar 26 09:34:54 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14F031205E6; Tue, 26 Mar 2019 09:34:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sUidwwyUhEuQ; Tue, 26 Mar 2019 09:34:50 -0700 (PDT) Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C438C1205E0; Tue, 26 Mar 2019 09:34:49 -0700 (PDT) Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x2QGYmJu005343; Tue, 26 Mar 2019 12:34:48 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu x2QGYmJu005343 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1553618088; bh=A6HyJlce1OSjFXIE9hPTrwbI2cjQuPFEglsG0Jac+q0=; h=From:To:Subject:Date:References:In-Reply-To:From; b=PqirtRNkx3tMhvrNZ2NrYGwcoRDgSKpUMlmWmpAhBqPSMz/4LHJvm557moVleDfnR GmxVwyYxdOgiXougIBPztswGxTh3zrmYvxtRSf7GqEl6RWnZnaqQOsZwfMx3hgw3bS ddoM3Q/Dvfp9EjFX/PSZUqhclbckJl9oy2WzICoY= Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x2QGYhBs007629; Tue, 26 Mar 2019 12:34:43 -0400 Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0435.000; Tue, 26 Mar 2019 12:34:43 -0400 From: Roman Danyliw To: Michael Richardson , "saag@ietf.org" , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] [saag] SECDISPATCH WG Summary from IETF 104 Thread-Index: AdTjPnZiOQ6mePwTSO+LO8jL+YjROQAkB+cAAAB3ggAAAuKBAAAApK7A Date: Tue, 26 Mar 2019 16:34:42 +0000 Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B330CB5B@marchand> References: <359EC4B99E040048A7131E0F4E113AFC01B3308493@marchand> <2a05beca-e41a-fbe8-835b-dfef9fa88432@openca.org> <09DE178A-4EE2-43D2-9099-562E3030EF32@akamai.com> <6924.1553594310@dooku.sandelman.ca> In-Reply-To: <6924.1553594310@dooku.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.22.6] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [saag] [Secdispatch] SECDISPATCH WG Summary from IETF 104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 16:34:52 -0000 > -----Original Message----- > From: Secdispatch [mailto:secdispatch-bounces@ietf.org] On Behalf Of > Michael Richardson > Sent: Tuesday, March 26, 2019 5:59 AM > To: saag@ietf.org; secdispatch@ietf.org > Subject: Re: [Secdispatch] [saag] SECDISPATCH WG Summary from IETF 104 >=20 >=20 > Salz, Rich wrote: > >> I noticed at the last dispatch that there has been no humming to g= et > >> the > > feeling of the room >=20 > > Good point, thanks for raising the issue. We also missed "to be > > confirmed on the list." Whatever the rules are going to be, they > > should be explicit. I strongly concur that we need to be consistent and explicit about the proc= ess. =20 Across the meetings, we have been inconsistent on when hums are taken vs. s= ummarizing feedback from the mic line -- it has been a judgement call on as= sessing consensus from the front table. Where the process has been consistent across meetings is in NOT taking any = confirmations to the list. Dispatch decisions have been a point in time ac= tivity during a meeting based on the participants in the room or virtually = participating. The motivation for this approach was to convene a discrete = event that provides immediate feedback on next steps to the draft authors. = The charter does allow for the WG "... com[ing] to a prompt resolution of = the appropriate disposition of each proposal ... on the mailing list". > Which list? :-) > no, seriously. I think that each propsal needs some CCs to other lists. I'm not sure what hard rule to apply on a per draft basis for post-dispatch= notifications. However, pre-dispatch, continued coordination with ART dis= patch process (and other areas) remains top of mind too. > Also, I would have thought that the virtual interim meeting results would > have been included in that summary email as well. (for SAAG) A pointer to the summary of the virtual interim meeting on 03/05= /2019:=20 https://mailarchive.ietf.org/arch/msg/secdispatch/9AfqrecZfFMlMGxSXOo4ENZtr= Vk > I'd like to see a paragraph for each proposal explaining why other option= s > (including "not relevant to IETF", or also, "conflicts with existing work= ") are > less relevant. As such each really needs it's own thread. > Yes, that is more work... "many hands" comes to mind. The summaries are intentionally terse as they are trying to share the resul= ts of the dispatch as soon as possible. More details will ultimately be pu= blished in the minutes and ground truth remains in the recording. I worry = on how to deliberate after the dispatch meeting but provide prompt resoluti= on. Roman > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- > >=20 From nobody Tue Mar 26 09:36:25 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51C0D1205FC for ; Tue, 26 Mar 2019 09:36:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MakgAZe9slft for ; Tue, 26 Mar 2019 09:36:21 -0700 (PDT) Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DFB01205F4 for ; Tue, 26 Mar 2019 09:36:21 -0700 (PDT) Received: by mail-wr1-x434.google.com with SMTP id t5so15094838wri.7 for ; Tue, 26 Mar 2019 09:36:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=aQLSdeCJmZPN9z4SsYe1d1ccOUvklOxkWTUGyDH8oEQ=; b=i+tp00A+KKjw1dSF15rYeGMbcACQ1P/O3Tv9ktGdoQKfToY7nUVF0Bo4ixuI5m63ci bEoXq+4nPLSWkxusqruRtF7idVt5HgiDbBm3OWzEAGT7O0Lh4USJs+1mXB0N8EwESrbL sdw1phiaBVWgTBAXlj0ufnR1qh8l2an/hYoGG0QRel7Tsr73T6ufWHz++BObOWjPrgwO XYTh3i+UcapeXVX+TbZD2aLIs0QYEyRwCXvdbmG9ENecZcpZT9kDVnddEWND059SobiO GwQSIgSTVGYm9Ju/Rd52vtEgMA0H0Cey/hNtw6VYTSpeuKLnlKa6rKBCmUidJA1bN+N4 96NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=aQLSdeCJmZPN9z4SsYe1d1ccOUvklOxkWTUGyDH8oEQ=; b=ujlXUyM//HJO8n1IQqWv9i/asEBuHVMnSm7DEhUyu9G3y5GsYo58INHngTRz6Gya+I Jbp8sMZQaCMgyH6bzU1a+0A8+bd5iCC8AwjGcQvZ61kG7nyouydVzzp2rGsko3F75k04 v5SU72gFvLp2ljK33F4bfLGQa+xW6SUWDbiHA0v8MuB/VKaWmz2LvFT9nJUoqXOTNvID 4yti1aEiug2ScnuM+PL6D5hGmjgjfXSD5g75XNykSCP5l56+hTndjnpPK6VtXuedHh+c bSNLUdeXFwfOEUI6ztdfyG+/QmDdMG1/z3LflvglwMLSEordLp3jRLOmoGETPm2dZ/Cz BYLQ== X-Gm-Message-State: APjAAAVAQMguJtvNZdj6TLThI39ZGp+2RZpi9+4TNbeCKkXTK6qAGwRl q4SbtuzhTJD7G4S2DLM7F3+4QxShvrA= X-Google-Smtp-Source: APXvYqxH7ivkehoHdauynvqV5HxoDEQl03Fd4PJaWcccw4TCl9egx+SvYP4bnrS8Vdgb5DYgcyyzpw== X-Received: by 2002:a5d:4a4f:: with SMTP id v15mr18918233wrs.5.1553618179633; Tue, 26 Mar 2019 09:36:19 -0700 (PDT) Received: from ?IPv6:2001:67c:370:128:9980:b4e6:152:a4aa? ([2001:67c:370:128:9980:b4e6:152:a4aa]) by smtp.gmail.com with ESMTPSA id g8sm42461613wro.77.2019.03.26.09.36.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Mar 2019 09:36:18 -0700 (PDT) From: Yoav Nir Message-Id: <2E91314E-F26D-4368-B02E-77D66FADDC59@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_8FD2CFF4-D56A-407F-B1E5-19F6EE4130EA" Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Date: Tue, 26 Mar 2019 17:36:17 +0100 In-Reply-To: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> Cc: Security Area Advisory Group To: "Dr. Pala" References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 16:36:24 -0000 --Apple-Mail=_8FD2CFF4-D56A-407F-B1E5-19F6EE4130EA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 26 Mar 2019, at 17:24, Dr. Pala wrote: >=20 > Hi SAAG, >=20 > I just wanted to provide some feedback based on the contents of some = presentations I have seen in the security area. In particular, I noticed = that some authors seem to confuse the definition of information objects = (ASN.1) and their encoding (e.g., DER). I noticed that, sometimes, when = ASN.1 was mentioned, what was really the topic of discussion was = actually related to DER encoding. >=20 > Since I have seen this happening multiple times, I am starting to = wonder if I am the one who is wrong. In particular, my question is: do = people in the security area support the statement that ASN.1 is = equivalent to DER encoding ? >=20 > I ask this because ASN.1 is "used for the definition of data types, = values, and constraints on data types." independently from the how the = data is actually encoded (BER, PER, XER, DER, etc.) - it just happens = that in X.509 PKIs, we use DER as the preferred encoding (and PEM for = 7-bit transport mode). Therefore when we talk about certificate parsing, = for example, we do parse DER/PEM, not ASN.1. For example, for the = proposal around CBOR-encoded certificates (not endorsing the idea, just = using this as an example), defining the CBOR Encoding Rules (CER ?) = would provide a path to provide CBOR encoding for all ASN.1 definitions = we use in PKIX. >=20 > Maybe this distinction is not important for people that already have a = good understanding of the information model, however there might be = newcomers (new IETF-ers or just new to the security area) that might = think the two are the same when they are not, in my opinion. >=20 > Therefore, my recommendation is to keep this distinction in mind when = talking about encoding and parsing of, for example, certificates. I hope = this helps. >=20 Hi, Max. I have noticed this as well. The thing is, although there are several = sets of encoding rules (like GSER = ), in practice all of our = certificates (and CRLs, certificate requests, and any other structure = defined in ASN.1) are encoded in DER or BER. So it has become common to = refer to =E2=80=9Cthings whose structure is defined with ASN.1=E2=80=9D = and =E2=80=9Cthings whose encoding is DER=E2=80=9D as the same sets. = Because they are. So a lot of us are referring to DER encoding as ASN.1 = even though this is a mistake. Maybe if some other encoding rule (like a CBOR encoding rule) got some = traction, people would be more motivated to use the terms correctly. Yoav --Apple-Mail=_8FD2CFF4-D56A-407F-B1E5-19F6EE4130EA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On 26 Mar 2019, at 17:24, Dr. Pala <madwolf@openca.org> = wrote:

=20 =20

Hi = SAAG,

I just wanted to provide some feedback based on = the contents of some presentations I have seen in the security area. In particular, I noticed that some authors seem to confuse the definition of information objects (ASN.1) and their encoding (e.g., DER). I noticed that, sometimes, when ASN.1 was mentioned, what was really the topic of discussion was actually related to DER encoding.

Since I have seen this happening = multiple times, I am starting to wonder if I am the one who is wrong. In particular, my question is: do people in the security area support the statement that ASN.1 is equivalent to DER encoding ?

I ask this = because ASN.1 is "used for the definition of data types, values, and constraints on data types." independently from the how the data is actually encoded (BER, PER, XER, DER, etc.) - it just happens that in X.509 PKIs, we use DER as the preferred encoding (and PEM for 7-bit transport mode). Therefore when we talk about certificate parsing, for example, we do parse DER/PEM, not ASN.1. For example, for the proposal around CBOR-encoded certificates (not endorsing the idea, just using this as an example), defining the CBOR Encoding Rules (CER ?) would provide a path to provide CBOR encoding for all ASN.1 definitions we use in PKIX.

Maybe this distinction is not important for people = that already have a good understanding of the information model, however there might be newcomers (new IETF-ers or just new to the security area) that might think the two are the same when they are not, in my opinion.

Therefore, my recommendation is to keep = this distinction in mind when talking about encoding and parsing of, for example, certificates. I hope this = helps.

Hi, Max.

I have noticed this as well. The thing is, = although there are several sets of encoding rules (like GSER), in = practice all of our certificates (and CRLs, certificate requests, and = any other structure defined in ASN.1) are encoded in DER or BER. So it = has become common to refer to =E2=80=9Cthings whose structure is defined = with ASN.1=E2=80=9D and =E2=80=9Cthings whose encoding is DER=E2=80=9D = as the same sets. Because they are. So a lot of us are referring to DER = encoding as ASN.1 even though this is a mistake.

Maybe if some other encoding rule (like a CBOR = encoding rule) got some traction, people would be more motivated to use = the terms correctly.

Yoav


= --Apple-Mail=_8FD2CFF4-D56A-407F-B1E5-19F6EE4130EA-- From nobody Tue Mar 26 09:50:10 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16A4B120611 for ; Tue, 26 Mar 2019 09:50:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErgY33Tq-Wrb for ; Tue, 26 Mar 2019 09:50:06 -0700 (PDT) Received: from bisque.maple.relay.mailchannels.net (bisque.maple.relay.mailchannels.net [23.83.214.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D2801202CB for ; Tue, 26 Mar 2019 09:50:05 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id C4E012C2339; Tue, 26 Mar 2019 16:50:04 +0000 (UTC) Received: from pdx1-sub0-mail-a57.g.dreamhost.com (100-96-9-134.trex.outbound.svc.cluster.local [100.96.9.134]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 2D29F2C21B2; Tue, 26 Mar 2019 16:50:04 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a57.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 16:50:04 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Fumbling-Glossy: 21dde86e1b2fe96c_1553619004570_2198946759 X-MC-Loop-Signature: 1553619004570:125989299 X-MC-Ingress-Time: 1553619004569 Received: from pdx1-sub0-mail-a57.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a57.g.dreamhost.com (Postfix) with ESMTP id 1C4F48017D; Tue, 26 Mar 2019 09:50:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=QDbX0pqxmWAEx3 jOjr58t3Kc6iQ=; b=Ra2R4HtQV6U6goy0gPFze9sK1nolpSOJkO5B8WSCUR98zI CwineTLKTyUWk1kynehaNVhq1rmYZNqSVykXbSvr59dCF7dkxNI9c/orWeVODMz3 jisqTBWJI+c0skx7y2wBF4iVR9kdBGVI7rh98NM99cDdpPaoQDt2nkQiJ2rCs= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a57.g.dreamhost.com (Postfix) with ESMTPSA id D34D780178; Tue, 26 Mar 2019 09:49:57 -0700 (PDT) Date: Tue, 26 Mar 2019 11:49:51 -0500 X-DH-BACKEND: pdx1-sub0-mail-a57 From: Nico Williams To: "Dr. Pala" Cc: "saag@ietf.org" Message-ID: <20190326164951.GX4211@localhost> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: 0 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdeklecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 16:50:09 -0000 On Tue, Mar 26, 2019 at 05:24:38PM +0100, Dr. Pala wrote: > I just wanted to provide some feedback based on the contents of some > presentations I have seen in the security area. In particular, I noticed > that some authors seem to confuse the definition of information objects > (ASN.1) and their encoding (e.g., DER). I noticed that, sometimes, when > ASN.1 was mentioned, what was really the topic of discussion was actually > related to DER encoding. And then they (rightly!) hate BER/DER/CER, so they propose inventing something new, often badly. In this field, there is nothing new. I'm sure even flatbuffers isn't new. I say "rightly" because TLV encodings are just terrible. We really do need non-TLV encodings (see below). To save everyone else the bother of reading the rest of this: I agree with you and we should have a non-TLV encoding for ASN.1 that makes IETFers happy, and CBOR is a good a basis for that. > Since I have seen this happening multiple times, I am starting to wonder if > I am the one who is wrong. In particular, my question is: do people in the > security area support the statement that ASN.1 is equivalent to DER encoding > ? I sure do not. However, it is true that BER/DER are pretty much the only encoding rules used in IETF documents, and that is mostly a result of lack of tooling. Mind you, XDR is basically a PER- or OER-like encoding with 4-byte alignment, for a subset of ASN.1. Seen this way we could could easily produce an ASN.1-compatible ER that nonetheless has no direct, normative link to ASN.1, and which has its own syntax, just to please those who can't bother to find or built the tools they need if they are based on a 40 year old technology. > I ask this because ASN.1 is "used for the definition of data types, values, > and constraints on data types." independently from the how the data is > actually encoded (BER, PER, XER, DER, etc.) - it just happens that in X.509 > PKIs, we use DER as the preferred encoding (and PEM for 7-bit transport > mode). Therefore when we talk about certificate parsing, for example, we do > parse DER/PEM, not ASN.1. For example, for the proposal around CBOR-encoded > certificates (not endorsing the idea, just using this as an example), > defining the CBOR Encoding Rules (CER ?) would provide a path to provide > CBOR encoding for all ASN.1 definitions we use in PKIX. Yes, but everybody knows you can't parse ASN.1 with a LALR(1) parser[*]! * That's something I heard as a truism eons ago, but here's a bison-based ASN.1 compiler: https://github.com/heimdal/heimdal/tree/master/lib/asn1 I would be quite happy with a CBORER. CER is already taken, as a flavor of BER that is canonical, but in different ways than DER is. BER/DER/CER and all TLV encoding rules are just awful, and we should really have an alternative to them for Internet protocols. I suspect proponents of new certificate encodings aren't interested only in new encodings, but new schemas as well. ASN.1 is too complicated and all that. > Maybe this distinction is not important for people that already have a good > understanding of the information model, however there might be newcomers > (new IETF-ers or just new to the security area) that might think the two are > the same when they are not, in my opinion. We are doomed to reinvent our wheels. Often badly. It's always easier to create new legacy than to deal with old legacy, even though new legacy very soon becomes old legacy, and so new legacy is invariably worse than old legacy, just not right away. Few understand this. > Therefore, my recommendation is to keep this distinction in mind when > talking about encoding and parsing of, for example, certificates. I hope > this helps. It probably won't. You're inviting a flame war, and I'm probably helping you. Nico -- From nobody Tue Mar 26 10:21:17 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5EAC1206CF for ; Tue, 26 Mar 2019 10:21:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mFAtuakeKoiM for ; Tue, 26 Mar 2019 10:21:13 -0700 (PDT) Received: from smtp.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08BCD1206B4 for ; Tue, 26 Mar 2019 10:21:01 -0700 (PDT) Received: from dhcp-8804.meeting.ietf.org (dhcp-8804.meeting.ietf.org [31.133.136.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.uni-bremen.de (Postfix) with ESMTPSA id 44THwB6nJnzyTl; Tue, 26 Mar 2019 18:20:58 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Carsten Bormann In-Reply-To: <20190326164951.GX4211@localhost> Date: Tue, 26 Mar 2019 18:20:57 +0100 Cc: "Dr. Pala" , "saag@ietf.org" X-Mao-Original-Outgoing-Id: 575313655.843281-0f5e83bf7983c34fba4baaec2ebab225 Content-Transfer-Encoding: quoted-printable Message-Id: <22089F23-6A37-498F-B4EE-5C528806985F@tzi.org> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20190326164951.GX4211@localhost> To: Nico Williams X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 17:21:15 -0000 On Mar 26, 2019, at 17:49, Nico Williams wrote: >=20 > CBORER Made my day :-) (Probably works for the Boring Company?) But seriously, we actually have a replacement for the ASN.1 level of the = picture, as well (the picture where CBOR is a replacement for DER): =20 CDDL. https://tools.ietf.org/html/draft-ietf-cbor-cddl-08 In RFC editor queue since 2019-03-25 (a.k.a. yesterday). https://datatracker.ietf.org/doc/draft-ietf-cbor-cddl/referencedby/ (RFCs/drafts referencing previous versions: = https://datatracker.ietf.org/doc/draft-greevenbosch-appsawg-cbor-cddl/refe= rencedby/ =E2=80=94 if your draft still does this, please update.) Gr=C3=BC=C3=9Fe, Carsten From nobody Tue Mar 26 10:25:51 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3748D120677 for ; Tue, 26 Mar 2019 10:25:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUdiT0rHkrcC for ; Tue, 26 Mar 2019 10:25:47 -0700 (PDT) Received: from smtp.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FC8E1206B5 for ; Tue, 26 Mar 2019 10:25:47 -0700 (PDT) Received: from dhcp-8804.meeting.ietf.org (dhcp-8804.meeting.ietf.org [31.133.136.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.uni-bremen.de (Postfix) with ESMTPSA id 44TJ1k0YxdzycW; Tue, 26 Mar 2019 18:25:46 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Carsten Bormann In-Reply-To: <20190326164951.GX4211@localhost> Date: Tue, 26 Mar 2019 18:25:45 +0100 Cc: "Dr. Pala" , "saag@ietf.org" X-Mao-Original-Outgoing-Id: 575313943.723559-8726f619e367ee51da4d43b4fdee31fd Content-Transfer-Encoding: quoted-printable Message-Id: <4BF013AF-DA67-45B0-9A06-9922EB07EAB5@tzi.org> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20190326164951.GX4211@localhost> To: Nico Williams X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 17:25:50 -0000 On Mar 26, 2019, at 17:49, Nico Williams wrote: >=20 > It's always easier to create new legacy than to deal with old legacy, > even though new legacy very soon becomes old legacy, and so new legacy > is invariably worse than old legacy, just not right away. Few > understand this. Oh, it=E2=80=99s legacy when you already have typed it in. But I=E2=80=99d still rather program in C++20 legacy than in FORTRAN II = legacy. Gr=C3=BC=C3=9Fe, Carsten From nobody Tue Mar 26 10:26:07 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 111971206DD for ; Tue, 26 Mar 2019 10:25:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oyul2_V_XoDm for ; Tue, 26 Mar 2019 10:25:55 -0700 (PDT) Received: from dragon.pibit.ch (dragon.pibit.ch [94.231.81.244]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8959C1206C6 for ; Tue, 26 Mar 2019 10:25:55 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by dragon.pibit.ch (Postfix) with ESMTP id D0DFA171C06B for ; Tue, 26 Mar 2019 18:25:53 +0100 (CET) Received: from dragon.pibit.ch ([127.0.0.1]) by localhost (dragon.pibit.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3SukJndE_ZxU for ; Tue, 26 Mar 2019 18:25:51 +0100 (CET) Received: from localhost (unknown [213.55.184.222]) by dragon.pibit.ch (Postfix) with ESMTPSA id CD865171C057 for ; Tue, 26 Mar 2019 18:25:50 +0100 (CET) Date: Tue, 26 Mar 2019 18:25:50 +0100 From: Volker Birk To: saag@ietf.org Message-ID: <20190326172550.rvjcqmzogehneldl@pep-project.org> Mail-Followup-To: saag@ietf.org References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wibadnrvskiynauj" Content-Disposition: inline In-Reply-To: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> X-PGP-Key: http://fdik.org/vb.key Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 17:26:05 -0000 --wibadnrvskiynauj Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 26, 2019 at 05:24:38PM +0100, Dr. Pala wrote: > Since I have seen this happening multiple times, I am starting to wonder = if > I am the one who is wrong. In particular, my question is: do people in the > security area support the statement that ASN.1 is equivalent to DER encod= ing > ? For sure not. And you're not mistaken AFAICS. > Therefore, my recommendation is to keep this distinction in mind when > talking about encoding and parsing of, for example, certificates.=20 I'm supporting this. Yours, VB. --=20 Volker Birk, p=E2=89=A1p project mailto:vb@pep-project.org https://pep.software --wibadnrvskiynauj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE20cTGDZgoSq6+ncU6+kNRBRvYvQFAlyaYJ4ACgkQ6+kNRBRv YvRnxw//YO8Awl8ErPLbB9Rkdm9m+nEnP8PiP8kOLDRYCHnr5EuTcIz0GBql8V/Q f1oS6JR6ZyGFtFJdmrhnQvbEFfzE0+PHKnp9VmtQgHKbuTLZ4ktAAqB0oroKPWDr smNFVd9OPLFpTWiMt1fQU07XIIG/dLbf7gPp5FZKSyG6P9G9Lp0vUVPuWstX/uRd KXYqhHa+MPX0ERmzaYLABOMOTq3UbdWNG1s6qCevpjvvyS3VfObmsD7IYUQI+Rpi pPMnIMrelJN90PmW1X3LKTH1+BfQ8kALzabwDjbYTDe7UxQXpB8aljD6dJxoVmsS zJvNEe03kEDtVHsNyauLdhRR0OZ1BGi5w2FFMW/v1Dy7O8sLw1FZAzlt7eaRicEP EFs+KwpCW4g7eAqQ3u40w/AA3CDa1XoxF0JfzaZ54IisC00TqHOZHfFu+4GqpTeS YMOSmLXCv/8LCyVvlYo6qc8G8UqDccjZINurh6rIKIRJbSOOVxxz+eDtwK5eG2jC Zxbmwy5ox+2PXlE6AECyoxM9jNRpZsKziqqw7pUL/pzJxXOYsWvt+z9woJkjBXHM MdQJYo7TnaRAp1iqBj09aILJuAO1Uj6bnYh1xpxqFcpAAKtU4owcyxDMcebpF9dt vDQAeO8ZrflrQzlWqjRHcHqrayGgdRdzj+tKNwfGpa00SMjMtPI= =mSlF -----END PGP SIGNATURE----- --wibadnrvskiynauj-- From nobody Tue Mar 26 10:29:21 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B2E91206C6 for ; Tue, 26 Mar 2019 10:29:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbY_agyqSEqX for ; Tue, 26 Mar 2019 10:29:17 -0700 (PDT) Received: from dragon.pibit.ch (dragon.pibit.ch [94.231.81.244]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BF301206CC for ; Tue, 26 Mar 2019 10:29:09 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by dragon.pibit.ch (Postfix) with ESMTP id B09BA171C06B for ; Tue, 26 Mar 2019 18:29:07 +0100 (CET) Received: from dragon.pibit.ch ([127.0.0.1]) by localhost (dragon.pibit.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zaUtdkAfqLD for ; Tue, 26 Mar 2019 18:29:05 +0100 (CET) Received: from localhost (unknown [213.55.184.222]) by dragon.pibit.ch (Postfix) with ESMTPSA id D150E171C057 for ; Tue, 26 Mar 2019 18:29:04 +0100 (CET) Date: Tue, 26 Mar 2019 18:29:04 +0100 From: Volker Birk To: saag@ietf.org Message-ID: <20190326172904.22g5luiuptdhmca3@pep-project.org> Mail-Followup-To: saag@ietf.org References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20190326164951.GX4211@localhost> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ffefddrxihvwro26" Content-Disposition: inline In-Reply-To: <20190326164951.GX4211@localhost> X-PGP-Key: http://fdik.org/vb.key Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 17:29:19 -0000 --ffefddrxihvwro26 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 26, 2019 at 11:49:51AM -0500, Nico Williams wrote: > However, it is true that BER/DER are pretty much the only encoding rules > used in IETF documents, and that is mostly a result of lack of tooling. p=E2=89=A1p is using PER and XER. We're using this Free Software tool for i= t: http://lionet.info/asn1c/compiler.html Yours, VB. --=20 Volker Birk, p=E2=89=A1p project mailto:vb@pep-project.org https://pep.software --ffefddrxihvwro26 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE20cTGDZgoSq6+ncU6+kNRBRvYvQFAlyaYWAACgkQ6+kNRBRv YvTKog//WR5+BpOzUDRQB6UAw65A+FyFkhrurwqE6mXzGbntR3qgSVzivw7VIy5D +7Iuo7848pZJzTJpjL5J1ubL4roEU4n+dKoihKLyxnjAsDlowfVZKTks8cwRCIIc vvpvmHBcD/BIa+rRI9w53oMj0981FvTOWBrdwgyJFzzL5nZ5nrt+bC8muJX/yh2v wyzcYFr6ccUzy9V8HyNGlc5SJc73eeu/oHISYryZlLlQuJRWuURQUAi0TpS9ViEH bO+OhXAXu99GL2WaFNw+xIc6JzQSBA9fR3qiWGMXeMkpfOuiLMJ0yDIk65q5kgwR ghP52A3nMdNE/bspD8W72mleQ2Dbmh5wSOE67rrXMuogExugWE9zSK4qSM52Qn8u Lf1C/9Ez5JK3UJ0T/rcWP8KHVIB3JIgIxeQsXe3fZGvdGjTse+AaV3S8B3pUDXfG Ig60kH8dz2IkXY5AJkc8tVXccSxwdXZyFGoW3BTc70hx0o6I8QHaKBQxzdYv5fCT 5ZBx+jT/2ho9Dvtv+EQx+AkU6EyO4LB6dHCRf2WekDaBD3MKRf0qUY3OeM2MPbvf CaSgKK4xDURZV7TMaHkRAKCj9Dhir9n42Wy7u8e+mIJdYelgWQXoskBAuGA8o1BC L591d7KbVpdn6ElOoCea4Zzp7oqRhUqyko92LprYdv1NAg7RGrg= =tm7Z -----END PGP SIGNATURE----- --ffefddrxihvwro26-- From nobody Tue Mar 26 10:32:06 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCC061206A4 for ; Tue, 26 Mar 2019 10:32:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wkyaW-gYNZBE for ; Tue, 26 Mar 2019 10:32:02 -0700 (PDT) Received: from lavender.maple.relay.mailchannels.net (lavender.maple.relay.mailchannels.net [23.83.214.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26E331203A0 for ; Tue, 26 Mar 2019 10:32:02 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 337205E2706; Tue, 26 Mar 2019 17:32:01 +0000 (UTC) Received: from pdx1-sub0-mail-a60.g.dreamhost.com (100-96-4-94.trex.outbound.svc.cluster.local [100.96.4.94]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 761DF5E1D86; Tue, 26 Mar 2019 17:32:00 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a60.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 17:32:01 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Juvenile-Society: 12a307725244721b_1553621520942_2205250055 X-MC-Loop-Signature: 1553621520942:509287150 X-MC-Ingress-Time: 1553621520941 Received: from pdx1-sub0-mail-a60.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTP id 4B868800D0; Tue, 26 Mar 2019 10:31:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to:content-transfer-encoding; s=cryptonector.com; bh=6 JTJ3rKpIJtD4dUv0ouJ29QxScA=; b=x/2iQfR24ZmUAMi2YOVLOPDlDTNps2jbG So7IYiFM0YyxDtHTDASYo1yuqS5RyjV/4CW7FVajwcLlORUe1uLvGmnsEk+eW/Pm XI47XXAB5O19of+G7Jp4ksfhftEQju8tx08GM/Pe8xcMG0abcluro0oyPhEtRn4e aCXrKVBiM8= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTPSA id 9A7C0800CD; Tue, 26 Mar 2019 10:31:57 -0700 (PDT) Date: Tue, 26 Mar 2019 12:31:54 -0500 X-DH-BACKEND: pdx1-sub0-mail-a60 From: Nico Williams To: saag@ietf.org Message-ID: <20190326173154.GY4211@localhost> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20190326164951.GX4211@localhost> <20190326172904.22g5luiuptdhmca3@pep-project.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190326172904.22g5luiuptdhmca3@pep-project.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: 0 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdelvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtugfgjggfsehtkeertddtreejnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecuffhomhgrihhnpehlihhonhgvthdrihhnfhhonecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 17:32:05 -0000 On Tue, Mar 26, 2019 at 06:29:04PM +0100, Volker Birk wrote: > On Tue, Mar 26, 2019 at 11:49:51AM -0500, Nico Williams wrote: > > However, it is true that BER/DER are pretty much the only encoding ru= les > > used in IETF documents, and that is mostly a result of lack of toolin= g. >=20 > p=E2=89=A1p is using PER and XER. We're using this Free Software tool f= or it: >=20 > http://lionet.info/asn1c/compiler.html Cool! The lack of tooling in question is in the past. And, of course, if you're writing in Go, Rust, node, etc., then the tooling has to support your choice of programming language. Nico --=20 From nobody Tue Mar 26 10:33:44 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39745120466 for ; Tue, 26 Mar 2019 10:33:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rwdIrgbUrWz for ; Tue, 26 Mar 2019 10:33:41 -0700 (PDT) Received: from insect.birch.relay.mailchannels.net (insect.birch.relay.mailchannels.net [23.83.209.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8127C1203A0 for ; Tue, 26 Mar 2019 10:33:41 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DBEBF5C4D4F; Tue, 26 Mar 2019 17:33:39 +0000 (UTC) Received: from pdx1-sub0-mail-a60.g.dreamhost.com (unknown [100.96.11.48]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 47BBD5C4BD8; Tue, 26 Mar 2019 17:33:39 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a60.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 17:33:39 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Thoughtful-Snatch: 73a1c6254c6a9407_1553621619525_3565882458 X-MC-Loop-Signature: 1553621619525:3082741076 X-MC-Ingress-Time: 1553621619524 Received: from pdx1-sub0-mail-a60.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTP id 7AD09800D9; Tue, 26 Mar 2019 10:33:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=gZpztsqnSP3JSb/cgCrm4Be6khQ=; b=MqXLEuu2LVb wlqnrnhka+Xf3XxSO7zfCVBaeyCy3p4u9dEp/gniwFlAdS+WGq9ws86xAo7XQ6Cf ReSOrlutDV3FlvzkF5VUWJMX09YfGfq7u4r6UI8MGyVCAQnpoTc9sKBkU9NCbnMY yEckfbplZXfO2KY0PmYiwb1pM+F2qKd0= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTPSA id 2789B800AA; Tue, 26 Mar 2019 10:33:35 -0700 (PDT) Date: Tue, 26 Mar 2019 12:33:33 -0500 X-DH-BACKEND: pdx1-sub0-mail-a60 From: Nico Williams To: Carsten Bormann Cc: "Dr. Pala" , "saag@ietf.org" Message-ID: <20190326173332.GZ4211@localhost> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20190326164951.GX4211@localhost> <4BF013AF-DA67-45B0-9A06-9922EB07EAB5@tzi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4BF013AF-DA67-45B0-9A06-9922EB07EAB5@tzi.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdelvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggugfgjfgesthekredttderjeenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 17:33:44 -0000 On Tue, Mar 26, 2019 at 06:25:45PM +0100, Carsten Bormann wrote: > On Mar 26, 2019, at 17:49, Nico Williams wrote: > >=20 > > It's always easier to create new legacy than to deal with old legacy, > > even though new legacy very soon becomes old legacy, and so new legac= y > > is invariably worse than old legacy, just not right away. Few > > understand this. >=20 > Oh, it=E2=80=99s legacy when you already have typed it in. Yes. > But I=E2=80=99d still rather program in C++20 legacy than in FORTRAN II= legacy. And I'd rather program in Rust. But a lot of legacy is in C, so I've to deal with C as well. Thankfully no Fortran. But someone will still have to maintain the legacy you and I would rather not touch. Nico --=20 From nobody Tue Mar 26 10:34:51 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 481A7120466 for ; Tue, 26 Mar 2019 10:34:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nyPnMczqCH7s for ; Tue, 26 Mar 2019 10:34:47 -0700 (PDT) Received: from purple.birch.relay.mailchannels.net (purple.birch.relay.mailchannels.net [23.83.209.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39A8C1203A0 for ; Tue, 26 Mar 2019 10:34:47 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DD5503E5322; Tue, 26 Mar 2019 17:34:45 +0000 (UTC) Received: from pdx1-sub0-mail-a60.g.dreamhost.com (unknown [100.96.28.55]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 642553E5B9E; Tue, 26 Mar 2019 17:34:45 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a60.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 17:34:45 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Cooing-Language: 22e964bd19bd50f7_1553621685573_2829966121 X-MC-Loop-Signature: 1553621685573:1354251857 X-MC-Ingress-Time: 1553621685573 Received: from pdx1-sub0-mail-a60.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTP id 159D9800AA; Tue, 26 Mar 2019 10:34:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=FzDT8f13Eq+f5pQX+QcnZgJ+QqM=; b=ER7k8fAS291 4M6of2K/bCLWs5HaUp9TJfCUTs/VYgyvM3uW0sMNPdWI98GZmDGExCvospV2M94h yPUxuwttsibpIobf5Vb6cuf1bSKcRRxejCp9ReBbbn2MwvU7Gz8FaeTyXxCnEKqN N61zqBNDTOUVqKBwCBIjAevbq7hWeU2s= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a60.g.dreamhost.com (Postfix) with ESMTPSA id A3BD7800D9; Tue, 26 Mar 2019 10:34:42 -0700 (PDT) Date: Tue, 26 Mar 2019 12:34:40 -0500 X-DH-BACKEND: pdx1-sub0-mail-a60 From: Nico Williams To: Carsten Bormann Cc: "Dr. Pala" , "saag@ietf.org" Message-ID: <20190326173439.GA4211@localhost> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20190326164951.GX4211@localhost> <22089F23-6A37-498F-B4EE-5C528806985F@tzi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <22089F23-6A37-498F-B4EE-5C528806985F@tzi.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdelvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggugfgjfgesthekredttderjeenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucffohhmrghinhepihgvthhfrdhorhhgnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 17:34:50 -0000 On Tue, Mar 26, 2019 at 06:20:57PM +0100, Carsten Bormann wrote: > On Mar 26, 2019, at 17:49, Nico Williams wrote: > >=20 > > CBORER >=20 > Made my day :-) > (Probably works for the Boring Company?) >=20 > But seriously, we actually have a replacement for the ASN.1 level of th= e picture, as well (the picture where CBOR is a replacement for DER): =20 >=20 > CDDL. >=20 > https://tools.ietf.org/html/draft-ietf-cbor-cddl-08 >=20 > In RFC editor queue since 2019-03-25 (a.k.a. yesterday). >=20 > https://datatracker.ietf.org/doc/draft-ietf-cbor-cddl/referencedby/ > (RFCs/drafts referencing previous versions: https://datatracker.ietf.or= g/doc/draft-greevenbosch-appsawg-cbor-cddl/referencedby/ =E2=80=94 if you= r draft still does this, please update.) There had better be something remarkably new and interesting in that DL, otherwise I don't see the point of abandoning ASN.1. At the very least it'd better have nicer syntax and have a great deal of functionality. From nobody Tue Mar 26 12:39:01 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5150120A22 for ; Tue, 26 Mar 2019 12:38:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tAtJ7Qg8U_b9 for ; Tue, 26 Mar 2019 12:38:56 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A757012089A for ; Tue, 26 Mar 2019 12:38:56 -0700 (PDT) Received: from dooku.sandelman.ca (dhcp-94a3.meeting.ietf.org [31.133.148.163]) by relay.sandelman.ca (Postfix) with ESMTPS id BCC3D1F45B; Tue, 26 Mar 2019 19:38:54 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 090A32DA0; Tue, 26 Mar 2019 20:38:58 +0100 (CET) From: Michael Richardson To: "Dr. Pala" cc: "saag\@ietf.org" In-reply-to: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> Comments: In-reply-to "Dr. Pala" message dated "Tue, 26 Mar 2019 17:24:38 +0100." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Tue, 26 Mar 2019 20:38:58 +0100 Message-ID: <20198.1553629138@dooku.sandelman.ca> Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 19:38:59 -0000 --=-=-= Content-Type: text/plain Dr. Pala wrote: > I just wanted to provide some feedback based on the contents of some > presentations I have seen in the security area. In particular, I > noticed that some authors seem to confuse the definition of information > objects (ASN.1) and their encoding (e.g., DER). I noticed that, > sometimes, when ASN.1 was mentioned, what was really the topic of > discussion was actually related to DER encoding. > Since I have seen this happening multiple times, I am starting to > wonder if I am the one who is wrong. In particular, my question is: do > people in the security area support the statement that ASN.1 is > equivalent to DER encoding ? ASN.1 is the goo the causes DER encoding to be present on the wire. While it is true that ASN.1 could be used with different encoding rules, nobody really cares about that. Almost nobody uses encoders/decoders that generate code from ASN.1 today, it's all hand-coded... This is why we hate DER, and we like CDDL/CBOR. > Maybe this distinction is not important for people that already have a > good understanding of the information model, however there might be > newcomers (new IETF-ers or just new to the security area) that might > think the two are the same when they are not, in my opinion. They are, from a practical point of view, the same. That wasn't true back in 1986, but many of the people who would make the mistake were not even alive then. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAlyaf9EACgkQlUzhVv38 QpAM3Af/QsDWo+6DE9WU2t4jBaHXdkxzWinmWBMd//uE4UdcSoTneJXVCuuekLj8 ItcssXQkYAgMAuNeXeLSeCq8u5PrNtzyJD/hxVmH/egOycqLd4ok8J1AsJ2TrBfX Z2Ksg+8toXYcxryYLLi7cIPGXpidQvYnoz8oumHJGX7hphNuoY2IGrpDPRRnpgQ7 9cjyxIVL7UEb+FuipBUbZW0Ib3Wtyb2AfIKEta13SBCdB94uvFEne7SJZJQ6dSED R9ZlJJAMRnLqL0v8D4pXataGkkJRPLGb4Y1yso+VLPghEoPIjjpmPquRQfWZ84fN 05VEjXLHvd52et/p7CWejRvUGfZSRQ== =SXAj -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Mar 26 13:01:17 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EBBC120A7F for ; Tue, 26 Mar 2019 13:01:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUgAB4UIXPBl for ; Tue, 26 Mar 2019 13:01:14 -0700 (PDT) Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CACF2120A7C for ; Tue, 26 Mar 2019 13:01:04 -0700 (PDT) Received: by straasha.imrryr.org (Postfix, from userid 1001) id 9F890319E9E; Tue, 26 Mar 2019 16:01:03 -0400 (EDT) Date: Tue, 26 Mar 2019 16:01:03 -0400 From: Viktor Dukhovni To: saag@ietf.org Message-ID: <20190326200103.GR3822@straasha.imrryr.org> Reply-To: saag@ietf.org References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20198.1553629138@dooku.sandelman.ca> User-Agent: Mutt/1.11.1 (2018-12-01) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 20:01:16 -0000 On Tue, Mar 26, 2019 at 08:38:58PM +0100, Michael Richardson wrote: > Almost nobody uses encoders/decoders that > generate code from ASN.1 today, it's all hand-coded... The exceptions are notable and praiseworthy. Heimdal's (Kerberos and X.509) ASN.1 codecs are generated by an ASN.1 compiler from the ASN.1 module definitions. > This is why we hate DER, and we like CDDL/CBOR. Whatever the abstract syntax, the real solution is probably more widely available/used compilers. Hand-rolled codecs will have more (frequent and subtle) bugs. -- Viktor. From nobody Tue Mar 26 13:09:12 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55490120A69 for ; Tue, 26 Mar 2019 13:09:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RASZYa4nPkw0 for ; Tue, 26 Mar 2019 13:09:08 -0700 (PDT) Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7ECB61209A0 for ; Tue, 26 Mar 2019 13:09:08 -0700 (PDT) Received: by mail-qt1-x830.google.com with SMTP id d13so11510187qth.5 for ; Tue, 26 Mar 2019 13:09:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=+oIxbj1wY5RZK6NACd1NkOAMAj3WEXjtfC1hS1PXiwI=; b=xb4J5XfaHjdG9C1nR+fdVlqSFyaaadWOW31lXyULAqlttMriGuQvTDrDuU9a/FMnkE ZGsPyHs3cRlX5t7jrzD+XGD+B1pXIb5NLQ4JBIUW0M+1qDABbDlZdWPYUTW2qVfCC5h+ YSUwfncx+2MeY5BEpDvbuMjxEy/A8DgoiqRJ8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=+oIxbj1wY5RZK6NACd1NkOAMAj3WEXjtfC1hS1PXiwI=; b=NLvZmHmui4TtdWZYpNyElJEya/VnjUWMOpNXVoZzp/4EbN4qxYUWN7X+rDCHK/L279 LA+1QAqGO4lp0M89mKkN8UVjPBmecgWm/m8fEvZmyrilnPiQPgzFHUaW03WuWDdfvcMa HOJG/WSECXGe5UrPPmepANbPe8mNb8zk/PNo248KVH5K2XbOqKLtDkNCmh0jFSAc34qr mG7hRN00yn7c5+y41uBAlN49S9Cj9B9XrDbhikhqLQfEYkKEZALq8vSojE5px3u8Dd3A SNyW6uyP8urFesNFBEvUvnybb3TYyqYHEs1BcVfWP0EP0T7HauJSRTroGmuYxFa/If0Q mdxw== X-Gm-Message-State: APjAAAUNNLTex0Cxme+D4Z+BsOw0hm4xdJdnr3pvLMKckSUs4QJdksN+ kzk2Kb97+YGBRRt8HC+03h53uhgFVaQ= X-Google-Smtp-Source: APXvYqwJSz1tVJ4zB91Pc9wcWKP773zG3w9PpGLWRINNXmbx7dJy+BKoXLlrj2PVALbR3d70g1mtCg== X-Received: by 2002:a0c:b3c4:: with SMTP id b4mr3886731qvf.176.1553630947140; Tue, 26 Mar 2019 13:09:07 -0700 (PDT) Received: from [192.168.2.27] (pool-108-28-114-43.washdc.fios.verizon.net. [108.28.114.43]) by smtp.googlemail.com with ESMTPSA id d34sm14590019qta.18.2019.03.26.13.09.03 for (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 26 Mar 2019 13:09:06 -0700 (PDT) User-Agent: Microsoft-MacOutlook/14.7.6.170621 Date: Tue, 26 Mar 2019 16:08:58 -0400 From: Carl Wallace To: Message-ID: Thread-Topic: [saag] ASN.1 vs. DER Encoding References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> <20190326200103.GR3822@straasha.imrryr.org> In-Reply-To: <20190326200103.GR3822@straasha.imrryr.org> Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 20:09:11 -0000 > > > >> This is why we hate DER, and we like CDDL/CBOR. > >Whatever the abstract syntax, the real solution is probably more >widely available/used compilers. Hand-rolled codecs will have more >(frequent and subtle) bugs. Fully agree with this. The first time I had to consume CBOR/COSE the encoded structures were every bit as buggy as folks complain about DER/CMS structures. > >-- > Viktor. > >_______________________________________________ >saag mailing list >saag@ietf.org >https://www.ietf.org/mailman/listinfo/saag From nobody Tue Mar 26 13:20:41 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4898D120B15 for ; Tue, 26 Mar 2019 13:20:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AMzhiZf266hE for ; Tue, 26 Mar 2019 13:20:28 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A25F2120AFE for ; Tue, 26 Mar 2019 13:20:28 -0700 (PDT) Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2QKKPF3002672 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Mar 2019 16:20:27 -0400 Date: Tue, 26 Mar 2019 15:20:24 -0500 From: Benjamin Kaduk To: "Dr. Pala" Cc: "saag@ietf.org" Message-ID: <20190326202024.GN86501@kduck.mit.edu> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 20:20:39 -0000 Hi Max, On Tue, Mar 26, 2019 at 05:24:38PM +0100, Dr. Pala wrote: > Hi SAAG, > > I just wanted to provide some feedback based on the contents of some > presentations I have seen in the security area. In particular, I noticed > that some authors seem to confuse the definition of information objects > (ASN.1) and their encoding (e.g., DER). I noticed that, sometimes, when > ASN.1 was mentioned, what was really the topic of discussion was > actually related to DER encoding. Thanks for raising the topic. > Since I have seen this happening multiple times, I am starting to wonder > if I am the one who is wrong. In particular, my question is: do people > in the security area support the statement that ASN.1 is equivalent to > DER encoding ? I don't, though the comment downthread that in modern practice they appear together is also t rue. > I ask this because ASN.1 is "used for the definition of data types, > values, and constraints on data types." independently from the how the > data is actually encoded (BER, PER, XER, DER, etc.) - it just happens > that in X.509 PKIs, we use DER as the preferred encoding (and PEM for > 7-bit transport mode). Therefore when we talk about certificate parsing, > for example, we do parse DER/PEM, not ASN.1. For example, for the > proposal around CBOR-encoded certificates (not endorsing the idea, just > using this as an example), defining the CBOR Encoding Rules (CER ?) > would provide a path to provide CBOR encoding for all ASN.1 definitions > we use in PKIX. > > Maybe this distinction is not important for people that already have a > good understanding of the information model, however there might be > newcomers (new IETF-ers or just new to the security area) that might > think the two are the same when they are not, in my opinion. > > Therefore, my recommendation is to keep this distinction in mind when > talking about encoding and parsing of, for example, certificates. I hope > this helps. Well, we should generally aim for precision in language, to the extent reasonable. Even occasionally being precise in this particular matter is probably enough to keep us honest, whether we use sloppy shorthand the rest of the time or not. -Ben From nobody Tue Mar 26 14:48:29 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED0BA120303 for ; Tue, 26 Mar 2019 14:48:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.515 X-Spam-Level: X-Spam-Status: No, score=-0.515 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FAKE_REPLY_C=1.486, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b9Q-2-YkEhGD for ; Tue, 26 Mar 2019 14:48:25 -0700 (PDT) Received: from bisque.maple.relay.mailchannels.net (bisque.maple.relay.mailchannels.net [23.83.214.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB2E11200EC for ; Tue, 26 Mar 2019 14:48:24 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 080A75C5B59; Tue, 26 Mar 2019 21:48:23 +0000 (UTC) Received: from pdx1-sub0-mail-a5.g.dreamhost.com (unknown [100.96.28.55]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 823CB5C5C71; Tue, 26 Mar 2019 21:48:22 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a5.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 21:48:22 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Oafish-Absorbed: 4a8bcc49385ea9a5_1553636902746_805013837 X-MC-Loop-Signature: 1553636902746:248588738 X-MC-Ingress-Time: 1553636902746 Received: from pdx1-sub0-mail-a5.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTP id 2628E7FC36; Tue, 26 Mar 2019 14:48:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:mime-version:content-type :in-reply-to; s=cryptonector.com; bh=lzX852U0eJNqAUd8JC3wy3f6tSw =; b=DUkfS6+jYrooei2PL53WU8GtkpE90pVSzwEvfigd2edGVNujzv0Ez3tVoIz 7ekFpvwrNtxJLJp3pEUVwhdREtN1ufs/NHLRq6TLQd62TQXW3qlVlLxCOw9rk1xq kfbiuBCqz0GavbAB4Z/8t3uDy5S2DQdRgwAHzSXxxu4eSKKI= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTPSA id 0400A7FC30; Tue, 26 Mar 2019 14:48:20 -0700 (PDT) Date: Tue, 26 Mar 2019 16:48:18 -0500 X-DH-BACKEND: pdx1-sub0-mail-a5 From: Nico Williams To: "Dr. Pala" Cc: "saag@ietf.org" Message-ID: <20190326214816.GB4211@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190326164951.GX4211@localhost> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: 0 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdduudekucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 21:48:27 -0000 I wrote earlier that: > And then they (rightly!) hate BER/DER/CER, so they propose inventing > something new, often badly. In this field, there is nothing new. I'm > sure even flatbuffers isn't new. > > I say "rightly" because TLV encodings are just terrible. We really do > need non-TLV encodings (see below). Now to back up that assertion: 1) TLV encodings are bloated by nature due to being highly redundant. 2) That redundancy is a source of errors when manually coding a codec. Now, this is not that big a deal because we should all be using code generators, and none should be manually writing a codec. Yet there is so much hand-rolled BER/DER codec code out there... Also, all encodings will have lengths buried in structures whose lengths are also written elsewhere -- this redundancy is not entirely avoidable, but TLVs add more of it than is absolutely necessary. 3) DER is a canonical variant of BER, using a) definite length encodings of structures (SEQUENCEs) and other things, and b) minimal-length variable-length encodings of lengths and values. This has a few negative side-effects: a) it's not possible to know a length until the value it is the length of has been encoded, which means one must encode "from the right", b) there is no possibility of on-line encoding. On the other hand, CER uses indefinite length encoding, which avoids those two isses, but then nobody uses CER, not in Internet protocols anyways. IIRC some other choice made in CER's specification turns out to be suboptimal, thus the choice of DER or CER is always dissatisfying in some sense. To be fair, we shouldn't need canonical encodings at all. And yet isn't there a canonical JSON effort? We never seem to fully stop having to re-encode structures... Also, it's fair to note that while DER has no possibility of on-line encoding, CER's use of indefinite length encodings means that decoding is necessarily online, with the recipient not able to know the total size of a message as it reads it. On the whole, indefinite length encodings are better. 4) BER (and DER and CER) is supposed to be self-describing, which means "you don't need to know the schema in order to parse the message", but this is only half true, as type information is lost when using IMPLICIT tags (you get to know if a value is of structured or scalar type, but not the actual type). Using EXPLICIT tags, on the other hand, makes the encoding a TLTLV encoding, thus adding even more bloat! We use EXPLICIT tags in Kerberos, FYI. 5) If you're doing anything other than dump a structure, you don't need it to be self-describing -- you'll know the schema not least because we publish them. As long as there's an indicator of top-level type on the outside, you can decode the inside by reference to the schema and encoding rules without needing TLV encoding rules. Thus there is almost zero benefit to self-describing encodings. Self-describing encodings are merely a crutch. Perhaps they had their utility before compilers became the norm, but they have provide no real benefit now. I think I could make more arguments in this vein. I'll stop here. Nico -- From nobody Tue Mar 26 14:56:36 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38B5A1203B6 for ; Tue, 26 Mar 2019 14:56:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJ6jkaZ7a8wT for ; Tue, 26 Mar 2019 14:56:32 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ABA61203AD for ; Tue, 26 Mar 2019 14:56:32 -0700 (PDT) Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2QLuQf7003009 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Mar 2019 17:56:28 -0400 Date: Tue, 26 Mar 2019 16:56:26 -0500 From: Benjamin Kaduk To: Nico Williams Cc: "Dr. Pala" , "saag@ietf.org" Message-ID: <20190326215626.GS86501@kduck.mit.edu> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190326214816.GB4211@localhost> User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 21:56:34 -0000 On Tue, Mar 26, 2019 at 04:48:18PM -0500, Nico Williams wrote: > I wrote earlier that: > > > And then they (rightly!) hate BER/DER/CER, so they propose inventing > > something new, often badly. In this field, there is nothing new. I'm > > sure even flatbuffers isn't new. > > > > I say "rightly" because TLV encodings are just terrible. We really do > > need non-TLV encodings (see below). > > Now to back up that assertion: > > 1) TLV encodings are bloated by nature due to being highly redundant. Before I dig in too far to the rest, just to check: you're limiting to TLV encodings that are nested and still do TLV at every level of the hierarchy? I can't tell if you don't like things that are more like "a flat array of things, each of which has tag, length, and (usually not nested) value. -Ben From nobody Tue Mar 26 15:05:25 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 801011203B6 for ; Tue, 26 Mar 2019 15:05:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ebMNq580zC3N for ; Tue, 26 Mar 2019 15:05:20 -0700 (PDT) Received: from catfish.maple.relay.mailchannels.net (catfish.maple.relay.mailchannels.net [23.83.214.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA3CC12034E for ; Tue, 26 Mar 2019 15:05:19 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 0BAF33E530F; Tue, 26 Mar 2019 22:05:19 +0000 (UTC) Received: from pdx1-sub0-mail-a5.g.dreamhost.com (unknown [100.96.11.48]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 763183E568A; Tue, 26 Mar 2019 22:05:18 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a5.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 22:05:18 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Spot-Wipe: 32fcd7aa172b087f_1553637918793_82986774 X-MC-Loop-Signature: 1553637918793:1144012841 X-MC-Ingress-Time: 1553637918793 Received: from pdx1-sub0-mail-a5.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTP id 304BD7FC3A; Tue, 26 Mar 2019 15:05:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=IRax0CIIrIbXPN TU9yE3e7VbOM0=; b=LPUYM8Jhwgo/sUAAQ54d3PWjcSTkHA+9vKKqXccVLljc1+ GlwRT3NgM9OYJIAsbFEgrCKHDHp+uQz/HERQ6L86lTY9yLTGG9vvhWf6HIcdr4cI J7he+FeumuIGaL7lMCgLOOiU5UWuwR+jgNKaKxviBxFgmz4T3cC39xPY4LKdo= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTPSA id C93E67FC39; Tue, 26 Mar 2019 15:05:16 -0700 (PDT) Date: Tue, 26 Mar 2019 17:05:13 -0500 X-DH-BACKEND: pdx1-sub0-mail-a5 From: Nico Williams To: Michael Richardson Cc: "Dr. Pala" , "saag@ietf.org" Message-ID: <20190326220512.GC4211@localhost> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20198.1553629138@dooku.sandelman.ca> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: 0 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdduvdduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 22:05:23 -0000 On Tue, Mar 26, 2019 at 08:38:58PM +0100, Michael Richardson wrote: > ASN.1 is the goo the causes DER encoding to be present on the wire. ASN.1 has a number of encoding rules options. One can always add more. Indeed, the IETF already has! (Search for GSER.) It would be more accurate to say that "ASN.1 is the goo that generally causes us to use DER encoding", but to be truly accurate I'd rephrase it as "often, because we've chosen DER in the past, we tend to or have to stick to DER in the future". E.g., if you're working on an extension to PKIX/CMS/Kerberos, it's pretty natural to use DER for it because if you have a PKIX or Kerberos implementation, chances are you have an ASN.1/DER implementation You could use a different encoding, but sticking to what you already have tooling for is the simplest thing to do. If you're making changes to PKIX/CMS/Kerberos that don't even fit in BIT STRING / OCTET STRING typed holes, then you must use DER. > While it is true that ASN.1 could be used with different encoding rules, > nobody really cares about that. Almost nobody uses encoders/decoders that > generate code from ASN.1 today, it's all hand-coded... > > This is why we hate DER, and we like CDDL/CBOR. It would be easier for me to adapt Heimdal's ASN.1 compiler to support alternate encoding rules than to start from scratch or add a new syntax to it. The syntax is just a syntax, but by ditching ASN.1 gratouitously you force me to spend a lot more effort on my tooling, thus creating more new legacy, and also more old legacy if I do start from scratch (because now I have TWO implementations of different but similar things to maintain). That is huge cost that CDDL is going to force on the rest of us, which is why, unless there is some compelling reason for it, or unless there is a straightforward mapping between the two syntaxes (which would make clear that the one is not necessary, but at least not too problematic) I'm opposed. If there's a simple mapping between CDDL and ASN.1, then I'll grudgingly accept CDDL. > > Maybe this distinction is not important for people that already have a > > good understanding of the information model, however there might be > > newcomers (new IETF-ers or just new to the security area) that might > > think the two are the same when they are not, in my opinion. > > They are, from a practical point of view, the same. > That wasn't true back in 1986, but many of the people who would make the > mistake were not even alive then. It's the reverse. In 1984 BER/DER/CER were pretty much the only ERs, and PER was a thing the ITU-T was building in response to the Internet community's dislike of TLV encodings. Now there's a plethora of encoding rules. You might say that perception trumps things, but if it's your perception and you're not willing to consider that it's wrong, then I'd say that's a problem because it causes me to do more work to deal with the fallout of your incorrect perception. CBOR is fine, and we do need better alternatives to BER/DER in the IETF, but we don't need a new syntax. Nico -- From nobody Tue Mar 26 15:11:07 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ED621200B9 for ; Tue, 26 Mar 2019 15:11:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9bdn_o65zcsu for ; Tue, 26 Mar 2019 15:11:02 -0700 (PDT) Received: from common.maple.relay.mailchannels.net (common.maple.relay.mailchannels.net [23.83.214.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D826120058 for ; Tue, 26 Mar 2019 15:11:02 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9363B1419F0; Tue, 26 Mar 2019 22:11:01 +0000 (UTC) Received: from pdx1-sub0-mail-a5.g.dreamhost.com (100-96-4-94.trex.outbound.svc.cluster.local [100.96.4.94]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 9AC481415A6; Tue, 26 Mar 2019 22:11:00 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a5.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 22:11:01 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Soft-Wide-Eyed: 1da4794a556d9276_1553638261114_3412191686 X-MC-Loop-Signature: 1553638261114:2222414837 X-MC-Ingress-Time: 1553638261114 Received: from pdx1-sub0-mail-a5.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTP id C6B0E7FC30; Tue, 26 Mar 2019 15:10:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=0vCExuSNIvuRay mffuhJd5aYTcY=; b=JevCB7SD4yWIpwkfiy407Uh0axXV4Rl832qfSU4k7MdSl6 IyAdCouihBso846WP5lrCX8zq6nwr9wF3M9TJaTVu+86OHJGaVZRQb1OJm9+FxPl FCHI2k4IiepE59wWFyA1Bm2KIYms/4H08O6mT8hOdqPHUuEKYPVZIfIH7Ox34= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTPSA id 89D177FC3A; Tue, 26 Mar 2019 15:10:57 -0700 (PDT) Date: Tue, 26 Mar 2019 17:10:55 -0500 X-DH-BACKEND: pdx1-sub0-mail-a5 From: Nico Williams To: Benjamin Kaduk Cc: "Dr. Pala" , "saag@ietf.org" Message-ID: <20190326221053.GD4211@localhost> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <20190326215626.GS86501@kduck.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190326215626.GS86501@kduck.mit.edu> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 22:11:05 -0000 On Tue, Mar 26, 2019 at 04:56:26PM -0500, Benjamin Kaduk wrote: > On Tue, Mar 26, 2019 at 04:48:18PM -0500, Nico Williams wrote: > > I wrote earlier that: > > > > > And then they (rightly!) hate BER/DER/CER, so they propose inventing > > > something new, often badly. In this field, there is nothing new. I'm > > > sure even flatbuffers isn't new. > > > > > > I say "rightly" because TLV encodings are just terrible. We really do > > > need non-TLV encodings (see below). > > > > Now to back up that assertion: > > > > 1) TLV encodings are bloated by nature due to being highly redundant. > > Before I dig in too far to the rest, just to check: you're limiting to TLV > encodings that are nested and still do TLV at every level of the hierarchy? > I can't tell if you don't like things that are more like "a flat array of > things, each of which has tag, length, and (usually not nested) value. The former. Specifically the BER family of encoding rules. I indicated further down that it's not possible or easy to entirely avoid nested lengths, but that TLV ERs necessarily have many more of them than is absolutely necessary. Each unnecessary length nesting is one more place where a careless or inexperienced programmer can make a serious mistake in a hand-rolled codec. Sure, we should all be using Rust, and none should be hand-coding a codec, which, if it were the case, would limit the TLV damage to bloat, and possibly precluding on-line encoding (see further below in my post). Bloat, however, is still a problem. If you have tooling, then there's no use whatsoever to TLV ERs for new protocols, and then you don't need to suffer even just the bloat. Nico -- From nobody Tue Mar 26 15:27:55 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D10CF120071 for ; Tue, 26 Mar 2019 15:27:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g9D8VL4UcJQc for ; Tue, 26 Mar 2019 15:27:52 -0700 (PDT) Received: from eastern.maple.relay.mailchannels.net (eastern.maple.relay.mailchannels.net [23.83.214.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBCB9120072 for ; Tue, 26 Mar 2019 15:27:51 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 4D0606A23DC; Tue, 26 Mar 2019 22:27:50 +0000 (UTC) Received: from pdx1-sub0-mail-a5.g.dreamhost.com (100-96-9-134.trex.outbound.svc.cluster.local [100.96.9.134]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 9EA516A25CA; Tue, 26 Mar 2019 22:27:49 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a5.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 22:27:50 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Spicy-Thoughtful: 388612fb77cfe705_1553639270098_3289543994 X-MC-Loop-Signature: 1553639270098:1957264116 X-MC-Ingress-Time: 1553639270098 Received: from pdx1-sub0-mail-a5.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTP id 5B1CA7FC47; Tue, 26 Mar 2019 15:27:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=2y0EntSCxzqkEa 9sqsmAjhxIvC0=; b=ZoHnbfaUza5MnGqjypgBw3PPm/4Kotv5m+K9TqjBSlV8Bx OwvPhWO/wBEqNIZmSiUUi8RH8mYVF1A1/Aoq+AzjsoXNjTsdkVHWIsSXjfWz7k1A t+tpv+3jhYdZ91mRWo7ZmvpcHzcs57PwcMPdHAW86WGt71TIAzaWQNhvJGhvY= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTPSA id 81F107FC3E; Tue, 26 Mar 2019 15:27:43 -0700 (PDT) Date: Tue, 26 Mar 2019 17:27:41 -0500 X-DH-BACKEND: pdx1-sub0-mail-a5 From: Nico Williams To: Carl Wallace Cc: saag@ietf.org Message-ID: <20190326222740.GE4211@localhost> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> <20190326200103.GR3822@straasha.imrryr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdduvdeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 22:27:54 -0000 On Tue, Mar 26, 2019 at 04:08:58PM -0400, Carl Wallace wrote: > >> This is why we hate DER, and we like CDDL/CBOR. > > > >Whatever the abstract syntax, the real solution is probably more > >widely available/used compilers. Hand-rolled codecs will have more > >(frequent and subtle) bugs. > > Fully agree with this. The first time I had to consume CBOR/COSE the > encoded structures were every bit as buggy as folks complain about DER/CMS > structures. I recently had to review a hand-rolled codec by a seasoned developer. It had a number of fatal security bugs, exactly as one might have expected (as I did, going in). Hand-coding codecs is simply very difficult. It's easier when you have "bits on the wire" specifications, like TCP/IP, or when you have XDR specifications. No one uses a compiler to generate TCP/IP packet parsers, though this is first and foremost a result of not having anything like a machine-readable formal language specification for TCP/IP packet headers. XDR is so darned obvious and simple that in Heimdal we have just library functions for it and simply don't have or need a compiler. The traditional XDR compiler, rpcgen, is also very limited, so generally XDR codecs are hand-coded using well-maintained and well-tested libraries that make it easy. Something similar can be said of SSHv2's encoding rules. The ASN.1 packed-like encoding rules are XDR-like, though with 1-octet instead of 4-octet alignment -- these too are easier to hand-code, but because there's often an escape to BER (e.g., for encoding of lengths of fields that cannot have fixed lengths, or encoding OIDs), it's still tricky by comparison to XDR. But it is a very strong truism that, whatever the encoding rules, having a compiler for an abstract syntax that generates codecs with usable APIs and characteristics, is inordinately easier, safer, and less time- consuming than hand-rolling a codec for any encoding rules. It is also a strong truism that simple syntaxes with simple encodings admit safer hand-coding of codecs, but also that, by being informal, also typically preclude compilation. I would and do accept informal syntaxes and encoding rules for protocols like SSHv2, or TLS, because a) it's already done, b) the messages are simple enough, c) it's easy enough to build libraries that make mistakes unlikely, d) often the implementors do not believe they have access to proper tooling, e) having access to ASN.1 tooling doesn't help if the only ERs you get are TLV ones. CDDL is not an informal syntax. For new formal syntaxes I have a higher bar just because it is very difficult to come up with something that ASN.1 does not already have -- unless there's a trivial mapping between the two. BTW, who can forget FastInfoSet? That's... XML with transliteration to ASN.1 and application of PER as a compression of XML. While XER is essentially the reverse: transliteration of ASN.1 to XML, with XML as the encoding rules. These, for me, prove the point that syntaxes are likely interchangeable (so why build a new one?). Nico -- From nobody Tue Mar 26 16:36:22 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 923B412012E for ; Tue, 26 Mar 2019 16:36:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U6QG3hzgfuBn for ; Tue, 26 Mar 2019 16:36:17 -0700 (PDT) Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 8ACD5120126 for ; Tue, 26 Mar 2019 16:36:17 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 3BCFB374128E for ; Tue, 26 Mar 2019 23:36:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at katezarealty.com Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id TrTvjbrwAycz for ; Tue, 26 Mar 2019 19:36:16 -0400 (EDT) Received: from Maxs-MacBook-Pro.local (unknown [62.168.35.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 260613740F7B for ; Tue, 26 Mar 2019 19:36:10 -0400 (EDT) To: saag@ietf.org References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> <20190326200103.GR3822@straasha.imrryr.org> <20190326222740.GE4211@localhost> From: "Dr. Pala" Message-ID: <46912a6f-cfb9-c682-b438-27863a91a486@openca.org> Date: Wed, 27 Mar 2019 00:36:06 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 In-Reply-To: <20190326222740.GE4211@localhost> Content-Type: multipart/alternative; boundary="------------CFA303963D744A692DEE6E1E" Content-Language: en-US Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 23:36:21 -0000 This is a multi-part message in MIME format. --------------CFA303963D744A692DEE6E1E Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi Nico, all, thanks to everybody for your messages - I think the conversation is very interesting. A complier for TCP/IP packet parser is really an interesting idea :D But only if we (just a joke, do not kill me!) use ASN.1 and define a TIED (TCP/IP Encoding Rules) :D Back to be serious... At the end of this thread, you ask "/why build a new one/" ? I think, but there might be other reasons I am not aware of, that the main argument was to save few hundreds bytes per certificate (but the first step was to change your certificates' profile as an interim solution - which in many environments you can not really do for many reasons. ... and this consideration reminds me about an observation that I have not brought up during the meeting, but I should have: the current trend in cryptography seems to be oriented towards the need to use larger structures (signatures and keys) to cryptographically authenticate data (e.g., certificates, etc.). I think that ECC was a pleasant aberration from this point of view that made everybody think we discovered gold - same or increased security at a fraction of the price! That is great - and we are all very happy we can now use a quite efficient crypto-systems like ECC. However, I think, things are going to change: most of the quantum-resistant algorithms come with increased signature and/or key sizes (up to 40K for signatures in some cases) or with new usage paradigms (stateful keys) that are not trivial to handle. Besides the fact that I am all for being more efficient - the added efficiency (that frees more resources that can be dedicated to other tasks) can be leveraged to increase security and/or to provide more services without incurring in additional costs. However, my fear is that people will start to feel "comfortable" with the idea that the size of authentication data is very small and will start designing systems that do not take in consideration the envisioned evolution of crypto algorithms... leading to some inevitable disaster down the road. In this view, maybe pushing for such an herculean effort to save few hundred bytes per certificate might come with costs so high (in terms of the needed changes to support the new format(s)) that would not justify its deployment, IMHO. Last consideration about "This is why we hate DER, and we like CDDL/CBOR." statement - I think that each format has its own merits and downfalls (even the amount of code that exists out there that supports a format can be seen as a merit) and it is up to us to provide good indications about when and where the different formats make sense (i.e., it depends on the environment). For example, in most of my application the CDDL/CBOR approach would not be secure enough because of the "relaxed" nature of the parsers - but that is just one environment, other environments might have different reasons to deploy/use this format based on their requirements. Bottom line I would say rephrase your statement to "In our environment/ecosystem DER is not the right choice because of these reasons ... the pair CDDL/CBOR, on the other hand, satisfies these requirements because .... " Thanks again to everybody for the interesting discussion :D Cheers, Max On 3/26/19 11:27 PM, Nico Williams wrote: > On Tue, Mar 26, 2019 at 04:08:58PM -0400, Carl Wallace wrote: >>>> This is why we hate DER, and we like CDDL/CBOR. >>> Whatever the abstract syntax, the real solution is probably more >>> widely available/used compilers. Hand-rolled codecs will have more >>> (frequent and subtle) bugs. >> Fully agree with this. The first time I had to consume CBOR/COSE the >> encoded structures were every bit as buggy as folks complain about DER/CMS >> structures. > I recently had to review a hand-rolled codec by a seasoned developer. > It had a number of fatal security bugs, exactly as one might have > expected (as I did, going in). Hand-coding codecs is simply very > difficult. It's easier when you have "bits on the wire" specifications, > like TCP/IP, or when you have XDR specifications. > > No one uses a compiler to generate TCP/IP packet parsers, though this > is first and foremost a result of not having anything like a > machine-readable formal language specification for TCP/IP packet > headers. > > XDR is so darned obvious and simple that in Heimdal we have just library > functions for it and simply don't have or need a compiler. The > traditional XDR compiler, rpcgen, is also very limited, so generally XDR > codecs are hand-coded using well-maintained and well-tested libraries > that make it easy. > > Something similar can be said of SSHv2's encoding rules. > > The ASN.1 packed-like encoding rules are XDR-like, though with 1-octet > instead of 4-octet alignment -- these too are easier to hand-code, but > because there's often an escape to BER (e.g., for encoding of lengths of > fields that cannot have fixed lengths, or encoding OIDs), it's still > tricky by comparison to XDR. > > But it is a very strong truism that, whatever the encoding rules, having > a compiler for an abstract syntax that generates codecs with usable APIs > and characteristics, is inordinately easier, safer, and less time- > consuming than hand-rolling a codec for any encoding rules. > > It is also a strong truism that simple syntaxes with simple encodings > admit safer hand-coding of codecs, but also that, by being informal, > also typically preclude compilation. > > I would and do accept informal syntaxes and encoding rules for protocols > like SSHv2, or TLS, because a) it's already done, b) the messages are > simple enough, c) it's easy enough to build libraries that make mistakes > unlikely, d) often the implementors do not believe they have access to > proper tooling, e) having access to ASN.1 tooling doesn't help if the > only ERs you get are TLV ones. > > CDDL is not an informal syntax. For new formal syntaxes I have a higher > bar just because it is very difficult to come up with something that > ASN.1 does not already have -- unless there's a trivial mapping between > the two. > > BTW, who can forget FastInfoSet? That's... XML with transliteration to > ASN.1 and application of PER as a compression of XML. While XER is > essentially the reverse: transliteration of ASN.1 to XML, with XML as > the encoding rules. These, for me, prove the point that syntaxes are > likely interchangeable (so why build a new one?). > > Nico -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo --------------CFA303963D744A692DEE6E1E Content-Type: multipart/related; boundary="------------FA250D71609988D4A5DEFD6D" --------------FA250D71609988D4A5DEFD6D Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

Hi Nico, all,

thanks to everybody for your messages - I think the conversation is very interesting. A complier for TCP/IP packet parser is really an interesting idea :D But only if we (just a joke, do not kill me!) use ASN.1 and define a TIED (TCP/IP Encoding Rules) :D

Back to be serious... At the end of this thread, you ask "why build a new one" ?

I think, but there might be other reasons I am not aware of, that the main argument was to save few hundreds bytes per certificate (but the first step was to change your certificates' profile as an interim solution - which in many environments you can not really do for many reasons.

... and this consideration reminds me about an observation that I have not brought up during the meeting, but I should have: the current trend in cryptography seems to be oriented towards the need to use larger structures (signatures and keys) to cryptographically authenticate data (e.g., certificates, etc.). I think that ECC was a pleasant aberration from this point of view that made everybody think we discovered gold - same or increased security at a fraction of the price! That is great - and we are all very happy we can now use a quite efficient crypto-systems like ECC. However, I think, things are going to change: most of the quantum-resistant algorithms come with increased signature and/or key sizes (up to 40K for signatures in some cases) or with new usage paradigms (stateful keys) that are not trivial to handle.

Besides the fact that I am all for being more efficient - the added efficiency (that frees more resources that can be dedicated to other tasks) can be leveraged to increase security and/or to provide more services without incurring in additional costs. However, my fear is that people will start to feel "comfortable" with the idea that the size of authentication data is very small and will start designing systems that do not take in consideration the envisioned evolution of crypto algorithms... leading to some inevitable disaster down the road.

In this view, maybe pushing for such an herculean effort to save few hundred bytes per certificate might come with costs so high (in terms of the needed changes to support the new format(s)) that would not justify its deployment, IMHO.

Last consideration about "This is why we hate DER, and we like CDDL/CBOR." statement - I think that each format has its own merits and downfalls (even the amount of code that exists out there that supports a format can be seen as a merit) and it is up to us to provide good indications about when and where the different formats make sense (i.e., it depends on the environment). For example, in most of my application the CDDL/CBOR approach would not be secure enough because of the "relaxed" nature of the parsers - but that is just one environment, other environments might have different reasons to deploy/use this format based on their requirements.

Bottom line I would say rephrase your statement to "In our environment/ecosystem DER is not the right choice because of these reasons ... the pair CDDL/CBOR, on the other hand, satisfies these requirements because .... "

Thanks again to everybody for the interesting discussion :D

Cheers,
Max


On 3/26/19 11:27 PM, Nico Williams wrote:
On Tue, Mar 26, 2019 at 04:08:58PM -0400, Carl Wallace wrote:

This is why we hate DER, and we like CDDL/CBOR.

Whatever the abstract syntax, the real solution is probably more
widely available/used compilers.  Hand-rolled codecs will have more
(frequent and subtle) bugs.

Fully agree with this. The first time I had to consume CBOR/COSE the
encoded structures were every bit as buggy as folks complain about DER/CMS
structures. 

I recently had to review a hand-rolled codec by a seasoned developer.
It had a number of fatal security bugs, exactly as one might have
expected (as I did, going in).  Hand-coding codecs is simply very
difficult.  It's easier when you have "bits on the wire" specifications,
like TCP/IP, or when you have XDR specifications.

No one uses a compiler to generate TCP/IP packet parsers, though this
is first and foremost a result of not having anything like a
machine-readable formal language specification for TCP/IP packet
headers.

XDR is so darned obvious and simple that in Heimdal we have just library
functions for it and simply don't have or need a compiler.  The
traditional XDR compiler, rpcgen, is also very limited, so generally XDR
codecs are hand-coded using well-maintained and well-tested libraries
that make it easy.

Something similar can be said of SSHv2's encoding rules.

The ASN.1 packed-like encoding rules are XDR-like, though with 1-octet
instead of 4-octet alignment -- these too are easier to hand-code, but
because there's often an escape to BER (e.g., for encoding of lengths of
fields that cannot have fixed lengths, or encoding OIDs), it's still
tricky by comparison to XDR.

But it is a very strong truism that, whatever the encoding rules, having
a compiler for an abstract syntax that generates codecs with usable APIs
and characteristics, is inordinately easier, safer, and less time-
consuming than hand-rolling a codec for any encoding rules.

It is also a strong truism that simple syntaxes with simple encodings
admit safer hand-coding of codecs, but also that, by being informal,
also typically preclude compilation.

I would and do accept informal syntaxes and encoding rules for protocols
like SSHv2, or TLS, because a) it's already done, b) the messages are
simple enough, c) it's easy enough to build libraries that make mistakes
unlikely, d) often the implementors do not believe they have access to
proper tooling, e) having access to ASN.1 tooling doesn't help if the
only ERs you get are TLV ones.

CDDL is not an informal syntax.  For new formal syntaxes I have a higher
bar just because it is very difficult to come up with something that
ASN.1 does not already have -- unless there's a trivial mapping between
the two.

BTW, who can forget FastInfoSet?  That's... XML with transliteration to
ASN.1 and application of PER as a compression of XML.  While XER is
essentially the reverse: transliteration of ASN.1 to XML, with XML as
the encoding rules.  These, for me, prove the point that syntaxes are
likely interchangeable (so why build a new one?).

Nico
--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
--------------FA250D71609988D4A5DEFD6D Content-Type: image/png; name="fknklhpnnjphnbnj.png" Content-Transfer-Encoding: base64 Content-ID: Content-Disposition: inline; filename="fknklhpnnjphnbnj.png" iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1 SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27 PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7 gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5 giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/ 85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf 70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq 1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM 9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9 wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX 3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco 9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/ JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3 +B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59 qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a 8XoAAAAASUVORK5CYII= --------------FA250D71609988D4A5DEFD6D-- --------------CFA303963D744A692DEE6E1E-- From nobody Tue Mar 26 19:49:30 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ADCD120424 for ; Tue, 26 Mar 2019 19:49:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ju3blUVpCwsM for ; Tue, 26 Mar 2019 19:49:19 -0700 (PDT) Received: from golden.birch.relay.mailchannels.net (golden.birch.relay.mailchannels.net [23.83.209.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EC0E120433 for ; Tue, 26 Mar 2019 19:49:18 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 89144123E90; Wed, 27 Mar 2019 02:49:16 +0000 (UTC) Received: from pdx1-sub0-mail-a36.g.dreamhost.com (unknown [100.96.20.50]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 1B531123F8B; Wed, 27 Mar 2019 02:49:16 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a36.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Wed, 27 Mar 2019 02:49:16 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Scare-Cellar: 49db54373cf52480_1553654956365_2165079691 X-MC-Loop-Signature: 1553654956365:140390802 X-MC-Ingress-Time: 1553654956365 Received: from pdx1-sub0-mail-a36.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a36.g.dreamhost.com (Postfix) with ESMTP id BBE2E816D5; Tue, 26 Mar 2019 19:49:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=+a/MNABQIyfArd wobjgCF9yRlIY=; b=wbKFfLLGFnshVEWobZk5VYa0cwKzh/Q17R5UFzLKoQUcm1 aY/SiLUfLKZT35I4D8isbP2gnl+jS8CI2ZJC53Fe6G3TA2E4boRevYSWMDLXb474 fvzWTtp9CdVTSRyuERfZu3gkSafWuL6b9m2c6mRCoIeJ22jigTkF3vvGZKEhg= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a36.g.dreamhost.com (Postfix) with ESMTPSA id B7FD980FF8; Tue, 26 Mar 2019 19:49:14 -0700 (PDT) Date: Tue, 26 Mar 2019 21:49:12 -0500 X-DH-BACKEND: pdx1-sub0-mail-a36 From: Nico Williams To: "Dr. Pala" Cc: saag@ietf.org Message-ID: <20190327024911.GF4211@localhost> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> <20190326200103.GR3822@straasha.imrryr.org> <20190326222740.GE4211@localhost> <46912a6f-cfb9-c682-b438-27863a91a486@openca.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46912a6f-cfb9-c682-b438-27863a91a486@openca.org> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: 0 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedugdeglecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 02:49:29 -0000 On Wed, Mar 27, 2019 at 12:36:06AM +0100, Dr. Pala wrote: > Back to be serious... At the end of this thread, you ask "/why build a new > one/" ? I agree we need new encoding rules. I'm skeptical that we need new syntax. > I think, but there might be other reasons I am not aware of, that the main > argument was to save few hundreds bytes per certificate [...] Yes, that's one reason to need new encoding rules. (Though OER should fit the bill, but I understand that's not likely to happen, so I won't mention it again.) > .... and this consideration reminds me about an observation that I have not > brought up during the meeting, but I should have: the current trend in > cryptography seems to be oriented towards the need to use larger structures > (signatures and keys) to cryptographically authenticate data (e.g., > certificates, etc.). I think that ECC was a pleasant aberration from this > point of view that made everybody think we discovered gold - same or > increased security at a fraction of the price! That is great - and we are > all very happy we can now use a quite efficient crypto-systems like ECC. > However, I think, things are going to change: most of the quantum-resistant > algorithms come with increased signature and/or key sizes (up to 40K for > signatures in some cases) or with new usage paradigms (stateful keys) that > are not trivial to handle. Sure. Encoding efficiency is not a great motivator for new encoding rules for PKIX. It is for Kerberos though. > [...]. However, my fear is that people will > start to feel "comfortable" with the idea that the size of authentication > data is very small and will start designing systems that do not take in > consideration the envisioned evolution of crypto algorithms... leading to > some inevitable disaster down the road. We can always push the PK to edges of the system and use symmetrically- keyed tokens elsewhere. Needham-Schroeder is post-quantum by dint of being symmetrically keyed, but that also keeps it from scaling to Internet scale. An automatic, PK-based federation system can always be added, and then use PQ PK to get a fully PQ system that scales up and also amortizes the transmission and compute cost of the PQ PK. (Otherwise I'm actually not fond of Kerberos, or Needham-Schroeder. The one nice thing about Kerberos is not needing CRLs/OCSP, and that's easily accomplished in PKIX with online CAs that vend short-lived, fresh certificates.) > In this view, maybe pushing for such an herculean effort to save few hundred > bytes per certificate might come with costs so high (in terms of the needed > changes to support the new format(s)) that would not justify its deployment, > IMHO. Yes. Nico -- From nobody Wed Mar 27 02:09:51 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23A07120476 for ; Wed, 27 Mar 2019 02:09:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=T9p6054h; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dV8C0xNV Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gNvfOUiLs1oB for ; Wed, 27 Mar 2019 02:09:38 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5E341202B8 for ; Wed, 27 Mar 2019 02:09:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3749; q=dns/txt; s=iport; t=1553677777; x=1554887377; h=from:to:subject:date:message-id:mime-version; bh=9e3ThYpdjnG+TVcCjGL/a6Sd35ZoqNWvSId69/xlHIg=; b=T9p6054hCh19uCi/pIZrqZ4ODULXFMSJe1T/Z+ZpSqy9Y6zLq+OtuJsq zpx0DTY6oRrJ7rfcXTFZTixhz5Ta7KmH9vG2JloIjooi7NjnuHneLHJ+A 0Jvsu8c7CG8i6JZJMt8vTuYSYGd4HOv7iN9yYT29PgFDTndzWLsF6YBiS 0=; IronPort-PHdr: =?us-ascii?q?9a23=3AUu0diRdG2/9TupdU4QZxDdMGlGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwGQD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFn?= =?us-ascii?q?pnwd4TgxRmBceEDUPhK/u/aSczGdtDUlBN9HCgOk8TE8H7NBXf?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BdAABhPZtc/5pdJa1kHQIFCAWBUwc?= =?us-ascii?q?MAYEOL1ADaHQECyeEDoNHA48tSpRShEmBLoEkA1QNAQEshFmFFCI1CA0BAQM?= =?us-ascii?q?BAQkBAwJtHAELhXQdAQE4EQEMPgIEMCcEgzUBgRFMAxUBnycCihRxgS+CeAE?= =?us-ascii?q?BBYJHgkAYggwIgS8BizEXgX+BEScfg3OGZTGCJox8hCKUEAkCk0UalAyLLJM?= =?us-ascii?q?6AgQCBAUCDgEBBYFPATWBVnAVZQGCQYV4ilNygSiOTQEB?= X-IronPort-AV: E=Sophos;i="5.60,276,1549929600"; d="scan'208,217";a="455108026" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Mar 2019 09:09:36 +0000 Received: from XCH-ALN-020.cisco.com (xch-aln-020.cisco.com [173.36.7.30]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x2R99aPn018501 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Wed, 27 Mar 2019 09:09:36 GMT Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 27 Mar 2019 04:09:35 -0500 Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 27 Mar 2019 04:09:35 -0500 Received: from NAM05-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 27 Mar 2019 04:09:35 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9e3ThYpdjnG+TVcCjGL/a6Sd35ZoqNWvSId69/xlHIg=; b=dV8C0xNVrXrHEV42vlH8R30k+/dkJa3U/5rruj21Ah/dsh/x+pUPyqRzyaxA9yQV0VkZlXvITy3Ayeca7K3d6bk26PB55aQ0OJETRsRoIVGObVjGgXQtdWEJvIMM7wJWkBZI3JHoII1ZRUrHkSLY3JZvg41v+AzzQnWJE0oJWD4= Received: from MWHPR11MB1791.namprd11.prod.outlook.com (10.175.53.18) by MWHPR11MB1629.namprd11.prod.outlook.com (10.172.54.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.18; Wed, 27 Mar 2019 09:09:34 +0000 Received: from MWHPR11MB1791.namprd11.prod.outlook.com ([fe80::9428:e141:c68e:a9fa]) by MWHPR11MB1791.namprd11.prod.outlook.com ([fe80::9428:e141:c68e:a9fa%8]) with mapi id 15.20.1730.019; Wed, 27 Mar 2019 09:09:34 +0000 From: "Nancy Cam-Winget (ncamwing)" To: "saag@ietf.org" Thread-Topic: RATS WG report Thread-Index: AQHU5HzLwQM8MRwibUanV/CxgLNLmw== Date: Wed, 27 Mar 2019 09:09:34 +0000 Message-ID: <2840EDB3-D6E2-45FB-A7F8-E2BBB5BCE20D@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.16.1.190220 x-originating-ip: [2001:420:c0c8:1004::1c8] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e1e8a568-a953-4fa6-900d-08d6b293ee3a x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:MWHPR11MB1629; x-ms-traffictypediagnostic: MWHPR11MB1629: x-microsoft-antispam-prvs: x-forefront-prvs: 0989A7979C x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(396003)(376002)(39860400002)(136003)(346002)(189003)(199004)(316002)(83716004)(33656002)(5660300002)(106356001)(71200400001)(6116002)(97736004)(105586002)(71190400001)(2906002)(8676002)(6506007)(3480700005)(102836004)(99286004)(82746002)(478600001)(2351001)(2501003)(6436002)(486006)(2616005)(476003)(6512007)(7736002)(6916009)(186003)(36756003)(25786009)(6486002)(46003)(6346003)(256004)(558084003)(1730700003)(86362001)(54896002)(81166006)(7116003)(68736007)(6306002)(14454004)(53936002)(8936002)(58126008)(81156014)(5640700003); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1629; H:MWHPR11MB1791.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=ncamwing@cisco.com; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: gAj4jEvODZ2YTK+yDCta+qcCak5zEECzFMYkz3fpnBYv0qVgEFML8yzQXcZ8JZP5RfJbpiHbpEyN2ihxC7bqoArroEQ620VOfxo5r4iM7fVwwppCq5bnJdyh6GyZvddqSwwdhsv6dHp2nMZDn8OdXPu8HhoiEaDr4ePx8GBt2FyK206x1m07aGugmZhB2EPxFPlOFWsnyxs9Lc3kE/EpT4L+qodxJOGkJHYuB04ja2TSkRX46sQrsIAyUOpkfWQOLhEuH/SBVumfY68kOsGtM+Pd0mAocXaolJDcq7PI7KiNd7Ghvjhd2I2WS8QXjR2pxSWZ6uasu9bzI36XQUAmmcShYxIrmeRejU7cCnnifih82fv6DPqZ5pjw6wx5O2ML+7w7bCoHLJvm9SFmIl3t38nJNIF/CWDB2ZhhdnttqEs= Content-Type: multipart/alternative; boundary="_000_2840EDB3D6E245FBA7F8E2BBB5BCE20Dciscocom_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: e1e8a568-a953-4fa6-900d-08d6b293ee3a X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2019 09:09:34.4534 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1629 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.30, xch-aln-020.cisco.com X-Outbound-Node: rcdn-core-3.cisco.com Archived-At: Subject: [saag] RATS WG report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 09:09:49 -0000 --_000_2840EDB3D6E245FBA7F8E2BBB5BCE20Dciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UkFUUyB3aWxsIG1lZXQgZm9yIHRoZSBmaXJzdCB0aW1lIGFzIGEgV29ya2luZyBHcm91cCBvbiBU aHVyc2RheSAoTWFyY2ggMjgpIGZyb20gMTY6MTAtMTg6MTAuDQpUaGUgZ3JvdXAgd2lsbCBoYXZl IGEgZnVsbCBhZ2VuZGEgdG8ga2lja3N0YXJ0IGRpc2N1c3Npb24gb2YgcG90ZW50aWFsIHdvcmtp bmcgZ3JvdXAgZHJhZnRzIGFuZCBtaWxlc3RvbmVzLg0KQSByZXBvcnQgd2lsbCBiZSBwcm92aWRl ZCBhZnRlciB0aGUgZ3JvdXAgbWVldHMuDQoNCldhcm0gcmVnYXJkcywgTmFuY3kNCg0KDQo= --_000_2840EDB3D6E245FBA7F8E2BBB5BCE20Dciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <170682F669F47C4BA6446EEE6031E9F1@namprd11.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6 IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0Ij5SQVRTIHdpbGwgbWVldCBmb3IgdGhlIGZpcnN0IHRpbWUgYXMgYSBXb3JraW5n IEdyb3VwIG9uIFRodXJzZGF5IChNYXJjaCAyOCkgZnJvbSAxNjoxMC0xODoxMC48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdCI+VGhlIGdyb3VwIHdpbGwgaGF2ZSBhIGZ1bGwgYWdlbmRhIHRvIGtpY2tzdGFydCBk aXNjdXNzaW9uIG9mIHBvdGVudGlhbCB3b3JraW5nIGdyb3VwIGRyYWZ0cyBhbmQgbWlsZXN0b25l cy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0Ij5BIHJlcG9ydCB3aWxsIGJlIHByb3ZpZGVkIGFmdGVyIHRo ZSBncm91cCBtZWV0cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQi Pldhcm0gcmVnYXJkcywgTmFuY3k8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9o dG1sPg0K --_000_2840EDB3D6E245FBA7F8E2BBB5BCE20Dciscocom_-- From nobody Wed Mar 27 02:19:41 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CB0F120277 for ; Wed, 27 Mar 2019 02:19:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTJK26cR17P9 for ; Wed, 27 Mar 2019 02:19:37 -0700 (PDT) Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32D4112027D for ; Wed, 27 Mar 2019 02:19:37 -0700 (PDT) Received: by mail-wr1-x432.google.com with SMTP id y13so17638723wrd.3 for ; Wed, 27 Mar 2019 02:19:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=UF7/of5ufkMceyN7ai7vuw3PKcbxhOpEES1QnJXrT6s=; b=T0+o7Q7oa9GKb4ajV2Q0Tpr815Z/5QdbtexOfOuJkkE/C8C8lGc6rErayNe1DydxC8 oMZHcHW8GAxClYG9zIy4hlhSC99Te5SzMhM7KtA1WCke6pkDZrrtNhNx8p+aH/+YZh0u kpdzL3Eiau/UAMs9fWu+bh4E0rHOBHaLaSM4tKnmiO8bK7mLyyu+9jrztEJOe0/47WfA mmiyT2bpNQ9pWEFnRTr9p5mUNIoK+5vKi1Qs4wiHgNMk84OH1pV3hLYSnuDkiZQ8cz3J pQexLbg5rsIEub93gGZ1Fudyw635uOPExlhj4qz3f2tpVNahtQRHQxJZvAUj8XjeQlfe 3Fyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=UF7/of5ufkMceyN7ai7vuw3PKcbxhOpEES1QnJXrT6s=; b=Zd7ggQDfd/45nvDzQmMuuoNcYlmGJyCp0cg+j+q4xsC88YJC2T69BklhcXqM4nsOOV YtnmhNBd4tpzrv8KGSbDzOEdGBt32Md+gqz7A7CsU72ooKvQv7I+RznvoVQvtiwQ5ubg ZUH7OZ82Y1Pr+pAgn6yakoT4i5WdY/PpsYObGGowvY5I8cquod+JOSrPiSQpyWQseGTo hayecIgM6wuuwrRK960ckl5peQYzZXbHZo9wDYcm1o/iXVkYfot4NiNrqQEEoVLuXzRP cpFVbYBHKGNYSGDdHLPumdEw/E6b5c/xB28iLKO8p0RLU9Fq2jTLV9bBzba/bP3I4cKN 0BtQ== X-Gm-Message-State: APjAAAWHJKzalixYN6kiJVIF//c5pqPg2iMr/BvkRX1Qq4whi0hlRQWF k9ltdTEyT9XUi7lyeG3ubZP7C5hF X-Google-Smtp-Source: APXvYqzGMxfvuEkK73A0msdQF+Isx0cuLQre3gmduBz3wlQ2OUK67nmBF1lTq59AMSSazBRbGodnDg== X-Received: by 2002:a5d:69c7:: with SMTP id s7mr21722808wrw.71.1553678375365; Wed, 27 Mar 2019 02:19:35 -0700 (PDT) Received: from ?IPv6:2001:67c:370:128:a088:6f7d:1641:efe7? ([2001:67c:370:128:a088:6f7d:1641:efe7]) by smtp.gmail.com with ESMTPSA id a11sm7135606wmm.35.2019.03.27.02.19.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Mar 2019 02:19:34 -0700 (PDT) From: Yoav Nir Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Message-Id: <0A4A239E-85FA-4A87-905F-B6C69C01910C@gmail.com> Date: Wed, 27 Mar 2019 10:19:33 +0100 To: Security Area Advisory Group X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: [saag] I2NSF Report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 09:19:40 -0000 Hi The I2NSF Working Group met on Tuesday.=20 We are ready to start WGLC on the IPsec document soon, pending a = consultation with the YANG doctors about what the =E2=80=9Ccorrect=E2=80=9D= way is to handle updates to IANA registries. The problem is that the = data model in the draft represents a snapshot of the current IANA = registry for IPsec encruyption algorithms. Do we need to rev this = document every time somebody adds an encryption algorithm? We are also ready to move forward with our other documents, and WGLCs = for them should follow in short order. With any luck, we will not need another F2F meeting. Linda & Yoav From nobody Wed Mar 27 02:23:16 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D05A012027F for ; Wed, 27 Mar 2019 02:23:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GpJZFFcnX8ZI for ; Wed, 27 Mar 2019 02:23:13 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64A0212025C for ; Wed, 27 Mar 2019 02:23:13 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 21CEA300AA0 for ; Wed, 27 Mar 2019 05:04:55 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id MmaMosAt0aY9 for ; Wed, 27 Mar 2019 05:04:53 -0400 (EDT) Received: from dhcp-8a9b.meeting.ietf.org (dhcp-8a9b.meeting.ietf.org [31.133.138.155]) by mail.smeinc.net (Postfix) with ESMTPSA id AA1473009FB for ; Wed, 27 Mar 2019 05:04:53 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Message-Id: <64A6756C-7328-45EA-AE5D-4558B45EA9C4@vigilsec.com> Date: Wed, 27 Mar 2019 05:23:09 -0400 To: IETF SAAG X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: [saag] SUIT WG Summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 09:23:15 -0000 ITU-T SG17 Question 6/17 has produced a document that defines a = terminology and architecture for IoT Software Update. It points to the = IETF SUIT work. The editor of the document is watching the SUIT mail = list and attended the Hackathon, so a discussion on our mail list will = influence the document. At the Hackathon, the team worked on manifest generators, manifest = parsers, and demonstrated end-to-end workflow on two micro controllers = and a simulated micro controller. The architecture document includes some linkage to the TEEP WG. The = terminology is aligned with the ITU-T SG17 Question 6/17. WG Last Call = began during the meeting. The information model has been updated to address comments from recent = reviews and add additional use cases. It needs a minor revision, and = then it will be ready for an extended WG Last Call. It will last 4 = weeks to ensure that people in the TEEP WG have time to check alignment = with that work. The manifest document had a major revision, adopting a very different = design based on WG feedback. A WG Call for Adoption will begin shortly. The Information Model for Behavioral Description document describes an = approach to formally defining the behavior of a system under firmware = update and secure boot conditions. This was discussed to ensure there = is a common understanding. This document will not become an RFC. Russ & Dave & Dave= From nobody Wed Mar 27 02:45:28 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06F921202A7 for ; Wed, 27 Mar 2019 02:45:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eeOFnk5b94Gy for ; Wed, 27 Mar 2019 02:45:22 -0700 (PDT) Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 630181202A0 for ; Wed, 27 Mar 2019 02:45:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1553679921; x=1585215921; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=i6DXfpK1HOY7tFqyx1tHMQh/wq/ZYgG0ZEXOE123yEQ=; b=RldUSIGJqFyO2pwGRWICN9pnI7g+VC6woTUxeghpHv+HniMPF4bidPgK 5Vz1KlEwecmmuC3zzWQvzQAmF94bO5UtzukHhfrO+x87xYXGDoRIOxa9a qX/0x5N/OMEzZuTCSGd2BoIgb2DkYUDjfWG68ljoatd9Yw6avBiRIgVQ1 aWL/Ewvnk0/bffKmAyPRZOKJSWwZNAdFJjZnYr1ORD/zS0+1PlYn8FnNP eFPdHbcmgfZCTWA7FFTsAbd/Kxu2jFjrUYrGXMOCArhxE+zxcjMyou43/ WZ8X3HhpyTdyFzRrSqKpNIRpoA65M5rAcalGpXtmamez9cn93p5vPlRyX Q==; X-IronPort-AV: E=Sophos;i="5.60,276,1549882800"; d="scan'208";a="53346680" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.2 - Outgoing - Outgoing Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-a.UoA.auckland.ac.nz) ([10.6.2.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 27 Mar 2019 22:45:17 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 27 Mar 2019 02:45:17 -0700 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Wed, 27 Mar 2019 22:45:17 +1300 From: Peter Gutmann To: Nico Williams , "Dr. Pala" CC: "saag@ietf.org" Thread-Topic: [saag] ASN.1 vs. DER Encoding Thread-Index: AQHU4/B7Wn4JSCcuPE2ed5Fjno127KYdRg2AgABTYgCAAaGbjg== Date: Wed, 27 Mar 2019 09:45:16 +0000 Message-ID: <1553679912618.8510@cs.auckland.ac.nz> References: <20190326164951.GX4211@localhost>, <20190326214816.GB4211@localhost> In-Reply-To: <20190326214816.GB4211@localhost> Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 09:45:25 -0000 Nico Williams writes:=0A= =0A= I realise this is the standard ASN.1-vs-everything-else debate that comes u= p=0A= every year or so, without wanting to dig up the standard responses from eve= ry=0A= previous time it's occurred I'll try and make just one comment:=0A= =0A= >Now to back up that assertion:=0A= >=0A= >1) TLV encodings are bloated by nature due to being highly redundant.=0A= >=0A= >2) That redundancy is a source of errors when manually coding a codec.=0A= =0A= It's actually the opposite, with a proper TLV encoding you can create a=0A= simple, universal recursive-descent parser that will take any arbitrary=0A= encoded blob and report "valid" or "not valid". It's with the non-redundan= t,=0A= or at least non-self-describing, encodings where you need to hand-roll a=0A= parser each time any field anywhere is updated, and which can't be statical= ly=0A= checked like ASN.1 (meaning BER/DER) can.=0A= =0A= >Thus there is almost zero benefit to self-describing encodings.=0A= =0A= ... apart from the fact that they can be statically analysed to check wheth= er=0A= they're well-formed or not, unlike the encodings in PGP, TLS, IPsec, SSH, .= ..=0A= =0A= Peter.=0A= From nobody Wed Mar 27 02:48:17 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 813971202AE for ; Wed, 27 Mar 2019 02:48:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.276 X-Spam-Level: X-Spam-Status: No, score=-1.276 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JWJ8l_D65pGh for ; Wed, 27 Mar 2019 02:48:15 -0700 (PDT) Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5817120292 for ; Wed, 27 Mar 2019 02:48:14 -0700 (PDT) Received: by mail-wr1-x42a.google.com with SMTP id s15so17690526wra.12 for ; Wed, 27 Mar 2019 02:48:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=psXIESesXOoNuflUd1EgK1PKnNUaxQwyCXLWO7cMYy0=; b=E29oNgUNZje9GaRwQcbkHaCnjBfSvRuawAIHiUryM6O5vFwvgwK2lAW6A4rsLP2lgf 7YdG88IyUCKXhzJ35cIffppAL+F7FZoSiUz7r46xiEVKOCbEI0yDaaC2Lpok2t1KAYJy s6Nqm2J3TN1cxmNIy4ZxuNl7jTHjGETSIUa33i0wJzUZWM89smNUXXTY3xY+3NmHNBTe KbisYSTyPkb4eAhkLq8hdDdbSZbfqE+k+eWL2TjxKH6bPvU/pcbA54cEx6a394gVFMDl DB1fbljIVf+3FSdeaaApnfha6LAjOJX+oQ2XddpPEjdk0sUI2wS1pGo05MIm23RMtWL7 LLqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=psXIESesXOoNuflUd1EgK1PKnNUaxQwyCXLWO7cMYy0=; b=KAkOj8VIyYmCJfF6re57o/B/ao8oz3XuqSKhz7RbjJg0Bd4mhje1fLUlmeR/3ulhsI Xp824L0+0YPMpvDooS7m0TffI5kbUOxqWEexswhnVJaSRFCdL2TkVuQJJz/Uqr/HxpQd +6UbN5Tgvcl3BI31F9b3CvTV3kbZ1AQyTp0Z188DEEv24rr23HZyLdMpT4VxfClyU9DT NFBk48sf9O+y07p/iO3os38xj308QTLxd5qvqriw5DhIR5bbp/pENkd7sJa3s1vTvVg9 UpHQkNXu5V+nTaIc0sf3YQzSxgqic4sSWnEOXbujVVqEDC0g5awNtZw+Hn5MSY7iRb6z SX4w== X-Gm-Message-State: APjAAAU1pvgqGk9F8uqAXKvx0819bGnLe9EM3Ul8a7DdxrjKjdYz37qj tmo2jMPyZIB03ZDERpIKJa8zMZClVEA= X-Google-Smtp-Source: APXvYqyhKuuP7GyNnpFmBdE/MUIxq1vYpNzuknb8OcQAQK6FxriwMgpckTZj9XmFRIMMdWGLnFJnHg== X-Received: by 2002:adf:ea0b:: with SMTP id q11mr16457774wrm.233.1553680093122; Wed, 27 Mar 2019 02:48:13 -0700 (PDT) Received: from ?IPv6:2001:67c:1232:144:a8e4:f5d6:8ea1:fcff? ([2001:67c:1232:144:a8e4:f5d6:8ea1:fcff]) by smtp.gmail.com with ESMTPSA id h131sm5605568wmh.1.2019.03.27.02.48.12 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Mar 2019 02:48:12 -0700 (PDT) To: saag@ietf.org From: Yaron Sheffer Message-ID: <66deccd9-8338-93af-1deb-d6e1611898b4@gmail.com> Date: Wed, 27 Mar 2019 10:48:11 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 Content-Type: text/html; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: [saag] SecEvent WG summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 09:48:17 -0000

The group met on Wednesday. Our main outstanding document, Push Delivery, was unable to elicit sufficient consensus at WGLC, and we are soliciting additional reviews before it can be published. The Poll document is nearly done, and Subject ID will probably be done before Montreal. So we may be able to wind down either before or at IETF-105.


Thanks,

    Yaron


From nobody Wed Mar 27 02:49:16 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D949120292 for ; Wed, 27 Mar 2019 02:49:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OJGsM8YzEAnS for ; Wed, 27 Mar 2019 02:49:13 -0700 (PDT) Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2DFB1202B8 for ; Wed, 27 Mar 2019 02:49:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1553680153; x=1585216153; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=4mJDpBNZAN0UhAk6+w675lz5+A3kcAJEINL6u2WDGCs=; b=kdytXrCkEMqWFX6LQUo4NWCaMTYtyjAyCF3RVllpVynrL07CZNg5foiA 7VEFj3lVjPtMdaK5g62tn3AQZ3Mv1FLlRtjdBDoH3gwcz1zBBVfQ0brNg 9bySTibsJZyip3PwAjQl/1e9ZbU60g4nQZY7RGoE6bYhjdkyyNMZU76rc ql0boCsVAVCLE0LNuQh44ayKhAl+HdBFsf5vP5JPn3wnRDSmUrJIcUHXy YG+yVvsTWUP+KkdQMPTrFIOiFHvpM8JpKRycIjrW8ySMhwBMhEnrDkoQW yn0D/nwmppJcMWGPe5Uiqay+zIPH8ki+Cz9KBjA/AMzyKaUhcOHtR0nNh g==; X-IronPort-AV: E=Sophos;i="5.60,276,1549882800"; d="scan'208";a="53346911" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.3.5 - Outgoing - Outgoing Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-tdc-d.UoA.auckland.ac.nz) ([10.6.3.5]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 27 Mar 2019 22:49:10 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 27 Mar 2019 22:49:10 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Wed, 27 Mar 2019 22:49:10 +1300 From: Peter Gutmann To: Nico Williams , Carl Wallace CC: "saag@ietf.org" Thread-Topic: [saag] ASN.1 vs. DER Encoding Thread-Index: AQHU4/B7Wn4JSCcuPE2ed5Fjno127KYddU0AgAAGK4CAAAI3AIAAJsGAgAGYLW4= Date: Wed, 27 Mar 2019 09:49:09 +0000 Message-ID: <1553680145271.97708@cs.auckland.ac.nz> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> <20190326200103.GR3822@straasha.imrryr.org> ,<20190326222740.GE4211@localhost> In-Reply-To: <20190326222740.GE4211@localhost> Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 09:49:15 -0000 Nico Williams writes:=0A= =0A= >Something similar can be said of SSHv2's encoding rules.=0A= =0A= The ones that arbitrarily mix binary data and comma-delimited text strings?= =0A= Of all the encodings I've had to write parsers for, SSH's one scares me the= =0A= most.=0A= =0A= It's also the one where I've found the most crashes in the other system whi= le=0A= developing the code and getting various bits slightly wrong, e.g. sending= =0A= "foo," or ",," as a value, or getting a binary length field slightly wrong = in=0A= combination with text-string data.=0A= =0A= Peter.=0A= From nobody Wed Mar 27 03:29:07 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5270B120292 for ; Wed, 27 Mar 2019 03:29:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rGm2rMrdKrwy for ; Wed, 27 Mar 2019 03:29:03 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66419120294 for ; Wed, 27 Mar 2019 03:29:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 21E13300AB3 for ; Wed, 27 Mar 2019 06:10:45 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ZAJTmA6GlRX6 for ; Wed, 27 Mar 2019 06:10:44 -0400 (EDT) Received: from dhcp-8a9b.meeting.ietf.org (dhcp-8a9b.meeting.ietf.org [31.133.138.155]) by mail.smeinc.net (Postfix) with ESMTPSA id C5501300465 for ; Wed, 27 Mar 2019 06:10:43 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Message-Id: <10D44497-0EF0-4A66-9B8C-9733B15E770D@vigilsec.com> Date: Wed, 27 Mar 2019 06:28:59 -0400 To: IETF SAAG X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: [saag] LAMPS WG Summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 10:29:05 -0000 Many documents are with the IESG. The WG is prepared to address = comments when they come. draft-ietf-lamps-cms-mix-with-psk is ready for WG Last Call. A recharter is before the IESG to include header protection. Two = documents were discussed on the assumption that the IESG will approve = the revised charter. First, draft-luck-lamps-pep-header-protection = explores all of the cases that need to be addressed for header = protection. Second, draft-melnikov-lamps-header-protection describes = two possible ways forward. The WG needs to pick one. draft-vangeest-x509-hash-sigs offers a way forward for using hash-based = signatures for certificates and CRLs. A call for WG adoption is = underway. Several people suggested a new charter item to work on quantum-safe = certificates. Since we don=E2=80=99t fully trust post-quantum = algorithms yet, the idea is to sign with multiple algorithms. The = assumption is that invention of a large-scale quantum computer will not = break all of the signatures. A recharter is needed for the WG to take = on this topic. Further discussion on the mail list is needed to = determine if there is interest in this topic. =09 draft-luck-lamps-pep-header-protection suggests the creation of a = lightweight profile of CMP. A recharter is needed for the WG to take on = this topic. Further discussion on the mail list is needed to determine = if there is interest in this topic. From nobody Wed Mar 27 04:03:00 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 180711202AC for ; Wed, 27 Mar 2019 04:02:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ackl-io.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqAFW3JRKWFK for ; Wed, 27 Mar 2019 04:02:56 -0700 (PDT) Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C958120291 for ; Wed, 27 Mar 2019 04:02:56 -0700 (PDT) Received: by mail-wm1-x336.google.com with SMTP id w15so1408122wmc.3 for ; Wed, 27 Mar 2019 04:02:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ackl-io.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=UmoiTvAO9bWhA64hkuKTP54luFG5yAwnYCEvT7KttXc=; b=ZMMpGPub5iEQkKWOvNSFPRQ9EsNJfMFPXKL6W9tsfcRpWE/iorL7PJ+60z6CH4HewT DjrdpLAzPoHuEyIJ1rkN7WtDRRav4ZWSSr+tZ34oVCrjDqBUxgjYHwQTiWVi+WlBQq++ 9TMSRJmLOv8tlEuhEoInzrD8nFdng+whXiAb6uTZMg7zhamw8rQPggFbQirQvqZbA0T/ R+5/XWsXuA38cWc+eevw1juwSyE3SyfKjPOtmmMjEJRVlSRfxWXY6Uc2by4zZtCCRJMJ oz4lIW0DxG+DpigpH8jIh6UF35I1IsFf+NuyDDofEkwEICS7cYBv0dmCZClKpx13hZnG oOKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=UmoiTvAO9bWhA64hkuKTP54luFG5yAwnYCEvT7KttXc=; b=pPMc90ls4Pa7y81C5SsPinZw3pCuc3WlX3buC0dY1T2T53MVbJfuV15mJ+ZfLe/6Cp 1RTQR0XSuD4QNnbwFVKAXK0jCo9rvr0N09Lo3jQfofzyT97kAxQu2skeMadIJ9ZWNuJU 8ZXKL5ZWN9eWsL6PTHrq1ZwXPhtfCwGjFe07J3Ho65Sq4SwA5Xk34pl7W4IFrUXXp0R1 i1ODMmR/Rm+XTeN5ojo9Nx0kPHsOsH3Cw+yTWXzpd98qLcw8bFOmNB44NWz0o10ZNGTQ JPgU8Vslf3hmEKJXGjPnDpUlUB/yzpWTC3EKYcXIOhiveNWUyUg0rxUlwvhwFEe0BDeE R/7Q== X-Gm-Message-State: APjAAAXHNUkxn9KmcDI1LsGBIajcb4nu2NLGIdF63tLoWNddTXkoBbC7 zDyFfuYkz+cjqJl8vvE8apctUiklDgM2qiTRGnkU2+lAkJYifA== X-Google-Smtp-Source: APXvYqyPrtlce3XnmXN3NXurQuR2dc5MW327vyS/Zz98uSs8hz+K2pNEK8vWrUiaDTE2RgJav79NonueBF03HnRzvrY= X-Received: by 2002:a1c:dfc5:: with SMTP id w188mr5151671wmg.79.1553684574514; Wed, 27 Mar 2019 04:02:54 -0700 (PDT) MIME-Version: 1.0 From: ivaylo petrov Date: Wed, 27 Mar 2019 12:02:28 +0100 Message-ID: To: saag@ietf.org Content-Type: multipart/alternative; boundary="0000000000002847c105851161ae" Archived-At: Subject: [saag] COSE WG Report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 11:02:59 -0000 --0000000000002847c105851161ae Content-Type: text/plain; charset="UTF-8" The COSE WG met on Tuesday (March 26) between 09:00 - 11:00. The WG discussed proposed changes to 8152bis around countersignatures and core algorithms, in preparation of a WGLC by IETF-105. We discussed updates to the hash algorithms document, and starting WGLC once the revision is published. The WG finished adoption of the webauthn algorithms document, which has now been published. We also discussed updates to the hash signatures document, and starting WGLC once the revision is published. Additionally, the X509 draft was discussed and it was concluded that some additional work is needed. Finally, we agreed to a virtual interim in May focused on finalizing the 8152bis documents, and a plan for an interop event at the Montreal Hackathon. Matthew and Ivaylo --0000000000002847c105851161ae Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

The CO= SE WG met on Tuesday (March 26) between 09:00 - 11:00. The WG discussed pro= posed changes to 8152bis around countersignatures and core algorithms, in p= reparation of a WGLC by IETF-105. We discussed updates to the hash algorith= ms document, and starting WGLC once the revision is published.=C2=A0 The WG= finished adoption of the webauthn algorithms document, which has now been = published. We also discussed updates to the hash signatures document, and s= tarting WGLC once the revision is published. Additionally, the X509 draft w= as discussed and it was concluded that some additional work is needed.


Finally, we agreed to = a virtual interim in May focused on finalizing the 8152bis documents, and a= plan for an interop event at the Montreal Hackathon.


Matthew and Ivaylo

--0000000000002847c105851161ae-- From nobody Wed Mar 27 04:37:20 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F228120456 for ; Wed, 27 Mar 2019 04:37:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.851 X-Spam-Level: X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, KHOP_DYNAMIC=0.85, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWtXkA2YAUwv for ; Wed, 27 Mar 2019 04:37:05 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 348231202A5 for ; Wed, 27 Mar 2019 04:37:05 -0700 (PDT) Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x2RBWnUS011660 for ; Wed, 27 Mar 2019 11:37:05 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=xJXyw5+dmIvgkIkfiqFE5XjHKn5dqIr6DvBHs6fnSjo=; b=htxEx/dNmf8l5OCT/o6QCRQuDtPZVKKfXu0TUEyTODg1NM7N1Yn2IWIWCy3S1mFIN1vu ToXv8gnZRRMW1Bv5ileFZ9d4UB38ML93YaKL/4a3zrmSkbwx4pRxCC6BUoNgKdiciBRL o9mByXH/tI0R4l8o1nvpznyIZMayUoLBlUayG+wR+w5Bs955ob23mEvYFE5H5fYv84H8 gGd9reB6rLa2DRwTjTOq251PlUgfLXbnyqoSkfPI+6W8WgFgoPW8OO6ovt+FUTlBkcuq q8w9/uLgywmpZImXeeAuuf6vcNJ7HeR6W7GhVS0Qs76EGE8Yc785grYY5fEkAgQnX6H6 7Q== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by mx0a-00190b01.pphosted.com with ESMTP id 2rf51np8sq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 27 Mar 2019 11:37:04 +0000 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x2RBWjhq023837 for ; Wed, 27 Mar 2019 07:37:03 -0400 Received: from email.msg.corp.akamai.com ([172.27.27.25]) by prod-mail-ppoint2.akamai.com with ESMTP id 2rdg4w86cu-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 27 Mar 2019 07:37:00 -0400 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.27.102) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 27 Mar 2019 06:36:42 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1473.003; Wed, 27 Mar 2019 06:36:42 -0500 From: "Salz, Rich" To: saag Thread-Topic: ACME report Thread-Index: AQHU5JFYpySvqq4YxkiytXbgcUqM5A== Date: Wed, 27 Mar 2019 11:36:41 +0000 Message-ID: <981139C7-4CEA-409A-86D7-05037C5015F4@akamai.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.0.190309 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.153.109] Content-Type: multipart/alternative; boundary="_000_981139C74CEA409A86D705037C5015F4akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-27_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=393 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903270082 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-27_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=428 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903270082 Archived-At: Subject: [saag] ACME report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 11:37:18 -0000 --_000_981139C74CEA409A86D705037C5015F4akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 QUNNRSBtZWV0IFdlZG5lc2RheSAxMToyMC0xMjoyMC4NCg0KV2UgY2VsZWJyYXRlZCB0aGUgb2Zm aWNpYWwgcHVibGljYXRpb24gb2YgdGhlIGNvcmUgQUNNRSBwcm90b2NvbCwgUkZDIDg1NTUsIHdp dGggZnJlZSBiZWVyIGFuZCBjYXNoIHByaXplcy4gSWYgeW91IG1pc3NlZCBvdXQsIG1ha2Ugc3Vy ZSB0byBhdHRlbmQgaW4gTW9udHJlYWwuIDopDQoNCllvYXYgcHJlc2VudGVkIHN0YXR1cyBvbiB0 aGUgb3RoZXIgZHJhZnRzLCBzb21lIGFyZSByZWFkeSBmb3IgSUVTRyAocmUpcmV2aWV3LCBzb21l IG5lZWQgYSBiaXQgbW9yZSB3b3JrLiBZYXJvbiBwcmVzZW50ZWQgb24gdGhlIGxhdGVzdCBTVEFS IHVwZGF0ZSwgdGhlcmUgd2FzIHNvbWUgZGlzY3Vzc2lvbiBhYm91dCBleHBlcmltZW50YWwgdnMg c3RhbmRhcmRzIHRyYWNrLiBXRyBtZW1iZXJzIHdlcmUgYXNrZWQgdG8gKHJlKXJlYWQgdGhlIHNw ZWMgYW5kIHJhaXNlIG9iamVjdGlvbnMgdG8gcmVzdWJtaXR0aW5nIHRvIElFU0cgKG1vcmUgaW5m b3JtYWwgdGhhbiByZWRvaW5nIFdHTEMpLg0KDQpXZSBoYWQgcHJlc2VudGF0aW9ucyBvbiB0aGly ZC1wYXJ0eSBkZXZpY2UgYXR0ZXN0YXRpb24gYW5kIG9uZSBvbiB2YXJpb3VzIGNsaWVudCBjZXJ0 aWZpY2F0ZXMuIE5laXRoZXIgd2FzIHJlYWR5IHRvIGNvbnNpZGVyIGZvciBhZG9wdGlvbiwgYW5k IHdvcmsgd2lsbCBjb250aW51ZSBvbiB0aGUgZW1haWwgbGlzdC4gV2UgaGFyZCBhIHByZXNlbnRh dGlvbiBvbiBhdXRob3JpdHkgdG9rZW5zLCB3aGljaCBpcyBhIGdlbmVyYWwgbWVjaGFuaXNtIGZv ciB0aGlyZC1wYXJ0eSBhcHByb3ZpbmcgYW4gQUNNRSByZXF1ZXN0LiBJdCBpcyBiZWluZyB1c2Vk IGluIFNUSVIsIHN1Y2ggYXMgYW4gb3BlcmF0b3IgZ3JhbnRpbmcgYW4gRW50ZXJwcmlzZSBhIHN1 Yi1DQSBjYXBhYmlsaXR5IHRvIG1ha2UgQUNNRSByZXF1ZXN0cyB0byB0aGUgd29yayBjZWxscGhv bmVzIGl0IGlzc3VlcyB0byBpdHMgZW1wbG95ZWVzLg0KDQo= --_000_981139C74CEA409A86D705037C5015F4akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <6BF29414DED43C42B4519628710854BD@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6 IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0Ij5BQ01FIG1lZXQgV2VkbmVzZGF5IDExOjIwLTEyOjIwLjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+V2UgY2VsZWJyYXRlZCB0aGUgb2ZmaWNpYWwg cHVibGljYXRpb24gb2YgdGhlIGNvcmUgQUNNRSBwcm90b2NvbCwgUkZDIDg1NTUsIHdpdGggZnJl ZSBiZWVyIGFuZCBjYXNoIHByaXplcy4gSWYgeW91IG1pc3NlZCBvdXQsIG1ha2Ugc3VyZSB0byBh dHRlbmQgaW4gTW9udHJlYWwuIDopPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0Ij5Zb2F2IHByZXNlbnRlZCBzdGF0dXMgb24gdGhlIG90aGVyIGRyYWZ0cywgc29tZSBh cmUgcmVhZHkgZm9yIElFU0cgKHJlKXJldmlldywgc29tZSBuZWVkIGEgYml0IG1vcmUgd29yay4g WWFyb24gcHJlc2VudGVkIG9uIHRoZSBsYXRlc3QgU1RBUiB1cGRhdGUsIHRoZXJlIHdhcyBzb21l IGRpc2N1c3Npb24gYWJvdXQgZXhwZXJpbWVudGFsIHZzIHN0YW5kYXJkcw0KIHRyYWNrLiBXRyBt ZW1iZXJzIHdlcmUgYXNrZWQgdG8gKHJlKXJlYWQgdGhlIHNwZWMgYW5kIHJhaXNlIG9iamVjdGlv bnMgdG8gcmVzdWJtaXR0aW5nIHRvIElFU0cgKG1vcmUgaW5mb3JtYWwgdGhhbiByZWRvaW5nIFdH TEMpLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+V2UgaGFkIHBy ZXNlbnRhdGlvbnMgb24gdGhpcmQtcGFydHkgZGV2aWNlIGF0dGVzdGF0aW9uIGFuZCBvbmUgb24g dmFyaW91cyBjbGllbnQgY2VydGlmaWNhdGVzLiBOZWl0aGVyIHdhcyByZWFkeSB0byBjb25zaWRl ciBmb3IgYWRvcHRpb24sIGFuZCB3b3JrIHdpbGwgY29udGludWUgb24gdGhlIGVtYWlsIGxpc3Qu IFdlIGhhcmQgYSBwcmVzZW50YXRpb24gb24NCiBhdXRob3JpdHkgdG9rZW5zLCB3aGljaCBpcyBh IGdlbmVyYWwgbWVjaGFuaXNtIGZvciB0aGlyZC1wYXJ0eSBhcHByb3ZpbmcgYW4gQUNNRSByZXF1 ZXN0LiBJdCBpcyBiZWluZyB1c2VkIGluIFNUSVIsIHN1Y2ggYXMgYW4gb3BlcmF0b3IgZ3JhbnRp bmcgYW4gRW50ZXJwcmlzZSBhIHN1Yi1DQSBjYXBhYmlsaXR5IHRvIG1ha2UgQUNNRSByZXF1ZXN0 cyB0byB0aGUgd29yayBjZWxscGhvbmVzIGl0IGlzc3VlcyB0byBpdHMgZW1wbG95ZWVzLjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYm9k eT4NCjwvaHRtbD4NCg== --_000_981139C74CEA409A86D705037C5015F4akamaicom_-- From nobody Wed Mar 27 04:45:36 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47C26120260; Wed, 27 Mar 2019 04:45:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.648 X-Spam-Level: X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Is_nt3A4IctK; Wed, 27 Mar 2019 04:45:32 -0700 (PDT) Received: from mail-lj1-f172.google.com (mail-lj1-f172.google.com [209.85.208.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBE4112024A; Wed, 27 Mar 2019 04:45:31 -0700 (PDT) Received: by mail-lj1-f172.google.com with SMTP id q66so14098374ljq.7; Wed, 27 Mar 2019 04:45:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NV4N/YX98w0Xt539SsWEGfnx4BANjP9f4DC1q8yZNMo=; b=lP72jVV1E0CbcFcnhddXqGADpttAJIM0UaPrZWbuIaJPuG1W0feHWeuFrCowj+y/qf L2y+4kO4ABGW9OUjy3zk3kA7nvDTknHPBxdslgvAJ2JRf0TjBhDLxW6cptdL4gPoD4Oy OpLa7ug7QRR9jfUKQ1SlNtOMKaFrOhNLr4RfzYVKr3DH6gNM99ezwi4NxuIC/feklgNs jZRvGHwbzAAQWmibdVCuEVwNjAHkDid6zS+9TrqoOf++KBTO7Gy7Tlpn5VwaJPWg0IAE OYkV+o0Kr9LwYzn+61YcD/lo0Z/U1hqipZWAOPdOlQh8gdHFWnGtZoaiX9QMkli3lx5n Yb6w== X-Gm-Message-State: APjAAAXMnu/gMgUq+SkqHRvABYOF76CoUAFznZoGq5abyslnv9NtFNuU AVuRWEUE34qtAGixp7wYx0CGzZX3g18zcYAnJAA= X-Google-Smtp-Source: APXvYqxrPOlrrHjPhpX+Sot9eOytgwoNEQdhfzOkUtE2TVKFZi3V0GxKfRoMrif+80PWb48uHAYYqtUl8Ny72qRZir0= X-Received: by 2002:a2e:9597:: with SMTP id w23mr14542926ljh.111.1553687130158; Wed, 27 Mar 2019 04:45:30 -0700 (PDT) MIME-Version: 1.0 References: <981139C7-4CEA-409A-86D7-05037C5015F4@akamai.com> In-Reply-To: <981139C7-4CEA-409A-86D7-05037C5015F4@akamai.com> From: Daniel Migault Date: Wed, 27 Mar 2019 07:45:18 -0400 Message-ID: To: "Salz, Rich" Cc: saag , curdle Content-Type: multipart/alternative; boundary="0000000000007c3934058511f96f" Archived-At: Subject: Re: [saag] CURDLE X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 11:45:33 -0000 --0000000000007c3934058511f96f Content-Type: text/plain; charset="UTF-8" > > Curdle did not met this week. The current drafts have all been move > forward to the AD, so the WG is not any more actively working on any > document. > Yours, Daniel --0000000000007c3934058511f96f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Curdle did not met this week. The current drafts have al= l been move forward to the AD, so the WG is not any more actively working o= n any document.=C2=A0
Yours,=C2=A0
Daniel=C2= =A0
=C2=A0
--0000000000007c3934058511f96f-- From nobody Wed Mar 27 04:52:05 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76DCE1202AF for ; Wed, 27 Mar 2019 04:51:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=IUBmX0Nv; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=TuN6SMjI Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8Sw1ra6kd6j for ; Wed, 27 Mar 2019 04:51:55 -0700 (PDT) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94FE1120260 for ; Wed, 27 Mar 2019 04:51:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10461; q=dns/txt; s=iport; t=1553687515; x=1554897115; h=from:to:subject:date:message-id:mime-version; bh=+nrlXYAQo8nITAmEsU/KlxTN2icfbdEpevrn1uzK1y4=; b=IUBmX0NvtBOyscd6y89HCplMQFVNzAWW9BKRpxDYcQmzhhFFBVbPy4Rb qnuzeDBRqxgdsOk+YN9MtR4Tf+ESFznej/q4xHWIBf4nk31Pojhywrhfm i242269NtiS33F7IdlB26NiHmwgeZ67etgfDhmH6dX5ImdVe214w3Lpi5 s=; IronPort-PHdr: =?us-ascii?q?9a23=3AxyGJsx/pmsBRYf9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVciOAEjkLfjlRyc7B89FElRi+iLzPA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BHAADRYptc/4YNJK1jHgEGBwaBUQk?= =?us-ascii?q?LAYEOL1ADaHQECyeEDoNHA48sSoFokmqESYEugSQDVA0BASMJhEAZhRYiNAk?= =?us-ascii?q?NAQEDAQEJAQMCbRwBC4V0HQEBOBEBGjACBDAPCBAEgzUBgRFMAxUBDp5/Aoo?= =?us-ascii?q?UcYEvgngBAQWBRUFBgj8YggwDBYEvAYsxF4F/gREnDBODc4F4AgMBgT0BAUu?= =?us-ascii?q?CXTGCJox8hCKHSoxGCQKHaotbGpQMiyyGCY0xAgQCBAUCDgEBBYFNOIFWcBU?= =?us-ascii?q?7KgGCQYIKg26FFIU/coEojA+CPgEB?= X-IronPort-AV: E=Sophos;i="5.60,276,1549929600"; d="scan'208,217";a="321937278" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Mar 2019 11:51:54 +0000 Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x2RBpswN004264 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Wed, 27 Mar 2019 11:51:54 GMT Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 27 Mar 2019 06:51:53 -0500 Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 27 Mar 2019 06:51:53 -0500 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 27 Mar 2019 06:51:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+nrlXYAQo8nITAmEsU/KlxTN2icfbdEpevrn1uzK1y4=; b=TuN6SMjIAbmgcZlMG85t3ukQwrZ5+aUzUFuyfZl19QXSkK2tNtBnBr+GYtzc6xXJ+jHTswizyDb+VpvS0J78cIm2HXkfOCfHGeOq6ot/8gst+amujAfDYHiEsTRWgHcvtuNDRK3vtHNJzboxvT0CHyCpKLvS2ExvgU/6GVK+ocs= Received: from MWHPR11MB1791.namprd11.prod.outlook.com (10.175.53.18) by MWHPR11MB1856.namprd11.prod.outlook.com (10.175.53.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.18; Wed, 27 Mar 2019 11:51:52 +0000 Received: from MWHPR11MB1791.namprd11.prod.outlook.com ([fe80::9428:e141:c68e:a9fa]) by MWHPR11MB1791.namprd11.prod.outlook.com ([fe80::9428:e141:c68e:a9fa%8]) with mapi id 15.20.1730.019; Wed, 27 Mar 2019 11:51:52 +0000 From: "Nancy Cam-Winget (ncamwing)" To: "saag@ietf.org" Thread-Topic: TEEP report Thread-Index: AQHU5JN3YzATLOxv2kKgs6Fd58hjtA== Date: Wed, 27 Mar 2019 11:51:51 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.16.1.190220 authentication-results: spf=none (sender IP is ) smtp.mailfrom=ncamwing@cisco.com; x-originating-ip: [2001:420:c0c8:1004::1c8] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0baed579-2213-4f3e-5c0c-08d6b2aa9a2e x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:MWHPR11MB1856; x-ms-traffictypediagnostic: MWHPR11MB1856: x-ms-exchange-purlcount: 3 x-microsoft-antispam-prvs: x-forefront-prvs: 0989A7979C x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(396003)(39860400002)(346002)(136003)(376002)(189003)(199004)(81166006)(186003)(6116002)(2351001)(102836004)(99286004)(81156014)(606006)(3480700005)(6436002)(7736002)(106356001)(236005)(36756003)(71190400001)(83716004)(14454004)(5640700003)(33656002)(97736004)(2616005)(6506007)(6486002)(82746002)(256004)(8936002)(966005)(53936002)(7116003)(25786009)(58126008)(316002)(221733001)(71200400001)(68736007)(54896002)(6512007)(105586002)(2906002)(5660300002)(2501003)(486006)(6916009)(476003)(6306002)(86362001)(478600001)(8676002)(1730700003)(46003); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1856; H:MWHPR11MB1791.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: k4UnIT19AHmSnx4o9Nw2qtFqnqn8433UnPjcksF/Q7ZRYbheesAe+QI5R3B9uppNz+XHDVToJG0hLuAr8qbVPVKBZSMYmohmXZXVA/gwbvgn5ck4cpXs95c+tAxAeqqYWkulzCIRaVysc4+TByjxqrJjluLk7qQubtcpCmAcEeX3jn92DrgYa9zJp/JunjaedZ0O4Y06cvNiY8JCoX//qJdgyUhQu+xG87YOMq8yV7ee3mpriqf9F4A0wAM42W3vW+TB4ulGbj0DJPhwD/0XGXGGrsL9zH2T1WS3xkwgmenix5j1R2Wdxgr9ZvhjT5PTX0FI3tAk/+LHeX/u18MI3LMsADm7245BujTGp+FNq+JtbfPAPPxo1zaGTsS7buIxUB3gEDdxYFfJhhTfYAT+O8jAX4NNMkkGNWj33tp5OtY= Content-Type: multipart/alternative; boundary="_000_C42BF355050349C5992C4AB0646234A5ciscocom_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 0baed579-2213-4f3e-5c0c-08d6b2aa9a2e X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2019 11:51:51.8716 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1856 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com X-Outbound-Node: alln-core-12.cisco.com Archived-At: Subject: [saag] TEEP report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 11:51:59 -0000 --_000_C42BF355050349C5992C4AB0646234A5ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhlIFRFRVAgV0cgbWV0IG9uIFR1ZXNkYXkgKE1hcmNoIDI2KSBmcm9tIDk6MDAtMTFhbS4NCk1v c3Qgb2YgdGhlIHNlc3Npb24gd2FzIHNwZW50IGRpc2N1c3NpbmcgdGhlIHVwZGF0ZXMgdG8gdGhl IGFyY2hpdGVjdHVyZSBkcmFmdA0KKGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2Ry YWZ0LWlldGYtdGVlcC1hcmNoaXRlY3R1cmUvKSBhbmQgdGhlIGlzc3VlcyB0cmFja2VkIGluIEdp dGh1Yg0KKGh0dHBzOi8vZ2l0aHViLmNvbS9pZXRmLXRlZXAvYXJjaGl0ZWN0dXJlL2lzc3Vlcyku ICBJbiB0aGUgZGlzY3Vzc2lvbnMgYW5kIGlzc3VlIHJlc29sdXRpb24sDQp0aGUgZ3JvdXAgaWRl bnRpZmllZCAgdG8gZW5zdXJlIHRoYXQgdGhlIG1hbmlmZXN0KHMpIHVzZWQgd291bGQgaW50ZXJv cGVyYXRlIHdpdGggdGhvc2UgZGVmaW5lZA0KaW4gdGhlIFNVSVQgd29ya2luZyBncm91cC4gIEFz IFNVSVQgYWxyZWFkeSBoYXMgYSBwcm9wb3NlZCBmb3JtYXQsIHdlIGFncmVlZCB0byBjb2xsYWJv cmF0ZQ0Kd2l0aCB0aGUgU1VJVCB3b3JraW5nIGdyb3VwLCBiZWdpbm5pbmcgd2l0aCByZXF1ZXN0 aW5nIGEgcHJlc2VudGF0aW9uIGFuZCByZXZpZXcgb2YgdGhhdCBkcmFmdA0KYXMgd2VsbCBhcyBw cm92aWRpbmcgcmVxdWlyZW1lbnRzIHRvIFNVSVQuDQpTaW1pbGFybHksIGFzIFRFRVAgZGlzY3Vz c2VkIGF0dGVzdGF0aW9uIG1lY2hhbmlzbXMsIHRoZSBncm91cCBpZGVudGlmaWVkIHRoZSBuZWVk IHRvIHdvcmsgd2l0aA0KdGhlIFJBVFMgd29ya2luZyBncm91cCBhbmQgaW5pdGlhbGx5IHByb3Zp ZGUgdGhlbSB3aXRoIFRFRVDigJlzIHVzZSBjYXNlcy4gIFRoZSBoYWNrYXRob24gcmVwb3J0DQpo aWdobGlnaHRlZCBzaW1pbGFyIGZpbmRpbmdzLg0KDQpMYXN0bHksIGEgbmV3IGRyYWZ0IGRlc2Ny aWJpbmcgaHR0cChzKSBhcyBhIHRyYW5zcG9ydCBmb3IgdGhlIE9UclAgcHJvdG9jb2wuICBUaGVy ZSB3YXMgbm8gb2JqZWN0aW9uDQp0byBhZG9wdCBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn L2RvYy9kcmFmdC10aGFsZXItdGVlcC1vdHJwLW92ZXItaHR0cC8gYXMgYSB3b3JraW5nIGdyb3Vw DQpkcmFmdCB3aGljaCB3aWxsIGJlIGNvbmZpcm1lZCBvbiB0aGUgbWFpbCBsaXN0Lg0K --_000_C42BF355050349C5992C4AB0646234A5ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <0DC92647F3B2184EA8D2792FDA7A638D@namprd11.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0K CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6IzA1NjNDMTsNCgl0ZXh0LWRlY29yYXRp b246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXtt c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Izk1NEY3MjsNCgl0ZXh0LWRlY29yYXRpb246 dW5kZXJsaW5lO30NCnAuTXNvTGlzdFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2 Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1hcmdpbi10b3A6 MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFyZ2luLWJvdHRvbTowaW47DQoJbWFyZ2luLWxl ZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglm b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUxNw0KCXtt c28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0 eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBp biAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rp b24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21zby1saXN0LWlkOjk0 MTMwMDA1ODsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6 MTE2NDIzMDMwIC03NzUyNDExNzAgNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEg Njc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTM7fQ0KQGxpc3QgbDA6bGV2ZWwxDQoJ e21zby1sZXZlbC1zdGFydC1hdDowOw0KCW1zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN Cgltc28tbGV2ZWwtdGV4dDotOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJbXNvLWZhcmVhc3QtZm9udC1mYW1pbHk6Q2FsaWJy aTt9DQpAbGlzdCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K CW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWls eToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpu b25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1 aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNA0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZl bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNQ0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCglt c28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7 DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxp c3QgbDA6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2 ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJl ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5n ZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNv LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250 LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9y bWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47 DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxl dmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4 dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpvbA0KCXttYXJnaW4t Ym90dG9tOjBpbjt9DQp1bA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQotLT48L3N0eWxlPg0KPC9o ZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIj4N CjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdCI+VGhlIFRFRVAgV0cgbWV0IG9uIFR1ZXNkYXkgKE1hcmNo IDI2KSBmcm9tIDk6MDAtMTFhbS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+TW9zdCBvZiB0aGUgc2Vzc2lv biB3YXMgc3BlbnQgZGlzY3Vzc2luZyB0aGUgdXBkYXRlcyB0byB0aGUgYXJjaGl0ZWN0dXJlIGRy YWZ0DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdCI+KDxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0 Zi5vcmcvZG9jL2RyYWZ0LWlldGYtdGVlcC1hcmNoaXRlY3R1cmUvIj5odHRwczovL2RhdGF0cmFj a2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXRlZXAtYXJjaGl0ZWN0dXJlLzwvYT4pIGFuZCB0 aGUgaXNzdWVzIHRyYWNrZWQgaW4gR2l0aHViPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPig8YSBocmVmPSJo dHRwczovL2dpdGh1Yi5jb20vaWV0Zi10ZWVwL2FyY2hpdGVjdHVyZS9pc3N1ZXMiPmh0dHBzOi8v Z2l0aHViLmNvbS9pZXRmLXRlZXAvYXJjaGl0ZWN0dXJlL2lzc3VlczwvYT4pLiZuYnNwOyBJbiB0 aGUgZGlzY3Vzc2lvbnMgYW5kIGlzc3VlIHJlc29sdXRpb24sPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPnRo ZSBncm91cCBpZGVudGlmaWVkICZuYnNwO3RvIGVuc3VyZSB0aGF0IHRoZSBtYW5pZmVzdChzKSB1 c2VkIHdvdWxkIGludGVyb3BlcmF0ZSB3aXRoIHRob3NlIGRlZmluZWQ8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dCI+aW4gdGhlIFNVSVQgd29ya2luZyBncm91cC4mbmJzcDsgQXMgU1VJVCBhbHJlYWR5IGhhcyBh IHByb3Bvc2VkIGZvcm1hdCwgd2UgYWdyZWVkIHRvIGNvbGxhYm9yYXRlPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQiPndpdGggdGhlIFNVSVQgd29ya2luZyBncm91cCwgYmVnaW5uaW5nIHdpdGggcmVxdWVzdGlu ZyBhIHByZXNlbnRhdGlvbiBhbmQgcmV2aWV3IG9mIHRoYXQgZHJhZnQ8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dCI+YXMgd2VsbCBhcyBwcm92aWRpbmcgcmVxdWlyZW1lbnRzIHRvIFNVSVQuPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQiPlNpbWlsYXJseSwgYXMgVEVFUCBkaXNjdXNzZWQgYXR0ZXN0YXRpb24gbWVjaGFuaXNt cywgdGhlIGdyb3VwIGlkZW50aWZpZWQgdGhlIG5lZWQgdG8gd29yayB3aXRoPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQiPnRoZSBSQVRTIHdvcmtpbmcgZ3JvdXAgYW5kIGluaXRpYWxseSBwcm92aWRlIHRoZW0g d2l0aCBURUVQ4oCZcyB1c2UgY2FzZXMuJm5ic3A7IFRoZSBoYWNrYXRob24gcmVwb3J0DQo8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdCI+aGlnaGxpZ2h0ZWQgc2ltaWxhciBmaW5kaW5ncy48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPkxhc3RseSwgYSBuZXcgZHJhZnQgZGVzY3Jp YmluZyBodHRwKHMpIGFzIGEgdHJhbnNwb3J0IGZvciB0aGUgT1RyUCBwcm90b2NvbC4mbmJzcDsg VGhlcmUgd2FzIG5vIG9iamVjdGlvbjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij50byBhZG9wdCA8YSBocmVm PSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC10aGFsZXItdGVlcC1vdHJw LW92ZXItaHR0cC8iPg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtdGhh bGVyLXRlZXAtb3RycC1vdmVyLWh0dHAvPC9hPiBhcyBhIHdvcmtpbmcgZ3JvdXA8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdCI+ZHJhZnQgd2hpY2ggd2lsbCBiZSBjb25maXJtZWQgb24gdGhlIG1haWwgbGlzdC48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdCI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+ DQo8L2h0bWw+DQo= --_000_C42BF355050349C5992C4AB0646234A5ciscocom_-- From nobody Wed Mar 27 06:23:01 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C8881202BD for ; Wed, 27 Mar 2019 06:22:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZIvy1KmzExGP for ; Wed, 27 Mar 2019 06:22:57 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB2BF1202C0 for ; Wed, 27 Mar 2019 06:22:57 -0700 (PDT) Received: from LHREML712-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 7DC5A3A067B36E49AC0D for ; Wed, 27 Mar 2019 13:22:55 +0000 (GMT) Received: from DGGEMM401-HUB.china.huawei.com (10.3.20.209) by LHREML712-CAH.china.huawei.com (10.201.108.35) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 27 Mar 2019 13:22:55 +0000 Received: from DGGEMM511-MBX.china.huawei.com ([169.254.1.21]) by DGGEMM401-HUB.china.huawei.com ([10.3.20.209]) with mapi id 14.03.0415.000; Wed, 27 Mar 2019 21:22:40 +0800 From: "Xialiang (Frank, Network Standard & Patent Dept)" To: "saag@ietf.org" Thread-Topic: DOTS WG Report: Thread-Index: AdTknbLgA0KMi8eQTNCkMsClKWLgCg== Date: Wed, 27 Mar 2019 13:22:39 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.220.68.19] Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F12CA1D02Adggemm511mbxchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: [saag] DOTS WG Report: X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 13:23:00 -0000 --_000_C02846B1344F344EB4FAA6FA7AF481F12CA1D02Adggemm511mbxchi_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable DOTS WG session will be at 10:50 ~ 12:10 in Thursday morning. All of the basic WG drafts (i.e., requirements, architecture, protocols doc= uments) are being or waiting for IESG review for publication, as well as so= me IANA allocation expert review. Now, all of them are progressed well. We = believe the first set of DOTS RFCs can be published according to plan. Besides, we have some new individual drafts mainly from big operators talki= ng about the possible new use cases, new issues about provisioning guidance= and protocol extensions, we will discuss them all and identify the valuabl= e next step work for the WG. Looking forward to seeing guys at that time. --_000_C02846B1344F344EB4FAA6FA7AF481F12CA1D02Adggemm511mbxchi_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

DOTS WG session will be at 10:5= 0 ~ 12:10 in Thursday morning.

 

All of the basic WG drafts (i.e= ., requirements, architecture, protocols documents) are being or waiting fo= r IESG review for publication, as well as some IANA allocation expert revie= w. Now, all of them are progressed well. We believe the first set of DOTS RFCs can be published according to plan.<= o:p>

 

Besides, we have some new indiv= idual drafts mainly from big operators talking about the possible new use c= ases, new issues about provisioning guidance and protocol extensions, we wi= ll discuss them all and identify the valuable next step work for the WG.

 

Looking forward to seeing guys = at that time.

--_000_C02846B1344F344EB4FAA6FA7AF481F12CA1D02Adggemm511mbxchi_-- From nobody Wed Mar 27 07:49:08 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B70B12004B; Wed, 27 Mar 2019 07:49:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3aNvMHxgi6wC; Wed, 27 Mar 2019 07:49:05 -0700 (PDT) Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C7B0120096; Wed, 27 Mar 2019 07:49:05 -0700 (PDT) Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x2REn2JI010516; Wed, 27 Mar 2019 10:49:02 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu x2REn2JI010516 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1553698142; bh=9Mb5/6Xs/oTuVTWCt1t6R3BLhHeAx1x82MsK6T6i8pc=; h=From:To:Subject:Date:From; b=PGosxFyqbcLhEgF1vllui1/cep86Fdy18wQFnL8vQwV+fJ/7Ipxr0RxwL5ZutTOIy CBq2kNXI3xc1CSrBYIh/wCS6EiLCWsq61cVwXwgtJ1PRHY0Cg085nw33lmmJH7562W IFSag+PHSTcOhyPWwSRUNeQNivY0Bs3wITsAeZKE= Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x2REmwng017246; Wed, 27 Mar 2019 10:48:58 -0400 Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0435.000; Wed, 27 Mar 2019 10:48:58 -0400 From: Chris Inacio To: "saag@ietf.org" , "sacm@ietf.org" Thread-Topic: SACM report @ IETF-104 Thread-Index: AQHU5Kw1OP/+/pU2jEynR/XlQ/z/tQ== Date: Wed, 27 Mar 2019 14:48:57 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.201.115] Content-Type: text/plain; charset="us-ascii" Content-ID: <7D5010E0A1A03547AD04F8A5F175F0F4@sei.cmu.edu> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [saag] SACM report @ IETF-104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 14:49:07 -0000 SACM met on Wednesday morning 27-Mar-2019. We met and discussed Hackathon progress and architecture refinement. Terminology is blocked by architecture to ensure alignment. Multiple drafts are progressing towards WGLC and eventual publication to in= clude: Endpoint Posture Collection Profile (EPCP) Concise Software Identifier (CoSWID) ROLIE Software Descriptor The working group is working on another approach to the information model n= eeded to progress the overall architecture. This will potentially reboot t= he IM work. From nobody Wed Mar 27 08:16:02 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96A78120275 for ; Wed, 27 Mar 2019 08:16:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RmlYqBcKAsSS for ; Wed, 27 Mar 2019 08:15:59 -0700 (PDT) Received: from cichlid.maple.relay.mailchannels.net (cichlid.maple.relay.mailchannels.net [23.83.214.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7F251200EF for ; Wed, 27 Mar 2019 08:15:58 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 4B8555C57B2; Wed, 27 Mar 2019 15:15:55 +0000 (UTC) Received: from pdx1-sub0-mail-a27.g.dreamhost.com (unknown [100.96.28.55]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id AEADA5C5749; Wed, 27 Mar 2019 15:15:54 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a27.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Wed, 27 Mar 2019 15:15:55 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Fumbling-Wiry: 73ca539e7da83a68_1553699755030_3714520341 X-MC-Loop-Signature: 1553699755030:2495271067 X-MC-Ingress-Time: 1553699755030 Received: from pdx1-sub0-mail-a27.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a27.g.dreamhost.com (Postfix) with ESMTP id BC593807C0; Wed, 27 Mar 2019 08:15:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=e82z/s7KCsEf4E BuDWAJE1jvn44=; b=ZN9EGsdo56/prTQ9AwrYmBVRXdY/oY0AdkNu1gpDsnw4ZS 5P5JjuTMLlTL/iyEfMmO53cYeb6fblMpL1esZq4TPlMyMw86tXnqYiELYTcilPmO CAnE6s69qTxedvBgW8m9j18Y6v6EmiGqaS4P/ZIOrFUgsLqsY1olXXRJZPu1o= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a27.g.dreamhost.com (Postfix) with ESMTPSA id 26321807BF; Wed, 27 Mar 2019 08:15:48 -0700 (PDT) Date: Wed, 27 Mar 2019 10:15:46 -0500 X-DH-BACKEND: pdx1-sub0-mail-a27 From: Nico Williams To: Peter Gutmann Cc: "Dr. Pala" , "saag@ietf.org" Message-ID: <20190327151545.GG4211@localhost> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1553679912618.8510@cs.auckland.ac.nz> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedvgdeilecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 15:16:02 -0000 On Wed, Mar 27, 2019 at 09:45:16AM +0000, Peter Gutmann wrote: > Nico Williams writes: > > I realise this is the standard ASN.1-vs-everything-else debate that comes up > every year or so, without wanting to dig up the standard responses from every > previous time it's occurred I'll try and make just one comment: It does. > >Now to back up that assertion: > > > >1) TLV encodings are bloated by nature due to being highly redundant. > > > >2) That redundancy is a source of errors when manually coding a codec. > > It's actually the opposite, with a proper TLV encoding you can create a > simple, universal recursive-descent parser that will take any arbitrary > encoded blob and report "valid" or "not valid". It's with the non-redundant, > or at least non-self-describing, encodings where you need to hand-roll a > parser each time any field anywhere is updated, and which can't be statically > checked like ASN.1 (meaning BER/DER) can. I covered that. I understand that one can built BER/DER/CER dumpers that know nothing of the schema, with some lossage of type information when using IMPLICIT tagging (none otherwise). I don't think that's important because as long as you know the outermost type, you can always parse PER/OER/XDR/whatever by reference to the actual schema. The price to pay for self-describing data is bloat and more chances for hand-rolled codecs to have security vulnerabilities. > >Thus there is almost zero benefit to self-describing encodings. > > ... apart from the fact that they can be statically analysed to check whether > they're well-formed or not, unlike the encodings in PGP, TLS, IPsec, SSH, ... The protocols you list don't use a formal syntax, which instantly makes validity checking harder (can't generate the code!). But if they had used XDR, or ASN.1 with PER/OER/..., you could in fact automatically check the validity of the encoding of a message. A protocol using ASN.1 BER/DER/CER with IMPLICT tagging will lose some type information, so while you can check a lot of an encoded message's validity without reference to its schema, you cannot check all of it. Whereas if you have reference to its schema, then you can check all of it regardless of whether the encoding rules are TLV or not. Nico -- From nobody Wed Mar 27 09:14:34 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D50612032A for ; Wed, 27 Mar 2019 09:14:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7hZX9N_40tIc for ; Wed, 27 Mar 2019 09:14:29 -0700 (PDT) Received: from relay12.mail.gandi.net (relay12.mail.gandi.net [217.70.178.232]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3307C1203A4 for ; Wed, 27 Mar 2019 09:14:17 -0700 (PDT) Received: from dhcp-8a20.meeting.ietf.org (dhcp-8a20.meeting.ietf.org [31.133.138.32]) (Authenticated sender: sean@seantek.org) by relay12.mail.gandi.net (Postfix) with ESMTPSA id 0B22720000E; Wed, 27 Mar 2019 16:14:12 +0000 (UTC) From: Sean Leonard Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_1B24F828-F197-4A05-8DB8-AC6AED8E7B23" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Date: Wed, 27 Mar 2019 17:14:11 +0100 In-Reply-To: <20190327151545.GG4211@localhost> Cc: Peter Gutmann , "Dr. Pala" , Nico Williams To: "saag@ietf.org" References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 16:14:32 -0000 --Apple-Mail=_1B24F828-F197-4A05-8DB8-AC6AED8E7B23 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Mar 27, 2019, at 4:15 PM, Nico Williams = wrote: >=20 > I covered that. I understand that one can built BER/DER/CER dumpers Back to the original topic of this thread, which is =E2=80=9Cdistinguish = between ASN.1 and BER/CER/DER=E2=80=9D: I agree that more care ought to be taken in distinguishing between the = abstract syntax (ASN.1) and the encodings. If not sure which of = BER/CER/DER to use, you can and should say =E2=80=9CX.690 encoding=E2=80=9D= . My suggestion is to say DER when that is required, and X.690 when it is = not. This is because =E2=80=9CBER=E2=80=9D in people=E2=80=99s minds = reads as =E2=80=9Cnot DER=E2=80=9D, which is not true. DER-encoded PDUs = are BER-encoded, but not vice-versa. There is nothing good to say about CER since it did not adequately solve = any problems, and only created more. :-) Usually when people say =E2=80=9Cthis is ASN.1 encoded=E2=80=9D, they = mean =E2=80=9Cthis is BER encoded; it could be CER or DER too, but this = is not a guarantee of the protocol.=E2=80=9D They almost never mean XER, = PER, OER, or any other such encodings. Hence, s/ASN\.1 encod/X.690 = encode/ and you are done. > that know nothing of the schema, with some lossage of type information > when using IMPLICIT tagging (none otherwise). Dealing with tagging issues is supposed to be fixed with AUTOMATIC TAGS = but I have yet to see an IETF spec that uses that ASN.1 feature. > On Mar 26, 2019, at 5:24 PM, Dr. Pala wrote: > in X.509 PKIs, we use DER as the preferred encoding (and PEM for 7-bit = transport mode). Therefore when we talk about certificate parsing, for = example, we do parse DER/PEM, not ASN.1. >=20 While we are arguing about nomenclature, it is =E2=80=9Ctextual = encoding=E2=80=9D, not PEM. RFC 7468, thank you. :-) https://tools.ietf.org/html/rfc7468 Sean --Apple-Mail=_1B24F828-F197-4A05-8DB8-AC6AED8E7B23 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
On = Mar 27, 2019, at 4:15 PM, Nico Williams <nico@cryptonector.com> wrote:

I covered that.  I understand that one = can built BER/DER/CER dumpers

Back = to the original topic of this thread, which is =E2=80=9Cdistinguish = between ASN.1 and BER/CER/DER=E2=80=9D:

I agree that more care ought to be taken in = distinguishing between the abstract syntax (ASN.1) and the encodings. If = not sure which of BER/CER/DER to use, you can and should say =E2=80=9CX.69= 0 encoding=E2=80=9D.

My suggestion = is to say DER when that is required, and X.690 when it is not. This is = because =E2=80=9CBER=E2=80=9D in people=E2=80=99s minds reads as =E2=80=9C= not DER=E2=80=9D, which is not true. DER-encoded PDUs are BER-encoded, = but not vice-versa.

There is nothing = good to say about CER since it did not adequately solve any problems, = and only created more. :-)

Usually = when people say =E2=80=9Cthis is ASN.1 encoded=E2=80=9D, they mean = =E2=80=9Cthis is BER encoded; it could be CER or DER too, but this is = not a guarantee of the protocol.=E2=80=9D They almost never mean XER, = PER, OER, or any other such encodings. Hence, s/ASN\.1 encod/X.690 = encode/ and you are done.

that know = nothing of the schema, with some lossage of type information
when using IMPLICIT tagging (none otherwise).

Dealing= with tagging issues is supposed to be fixed with AUTOMATIC TAGS but I = have yet to see an IETF spec that uses that ASN.1 feature.

On Mar 26, 2019, at 5:24 PM, Dr. Pala <madwolf@openca.org> = wrote:

in X.509 PKIs, we use DER as the preferred = encoding (and PEM for 7-bit transport mode). Therefore when we talk = about certificate parsing, for example, we do parse DER/PEM, not = ASN.1.

While we are arguing about = nomenclature, it is =E2=80=9Ctextual encoding=E2=80=9D, not PEM. RFC = 7468, thank you. :-)


Sean

= --Apple-Mail=_1B24F828-F197-4A05-8DB8-AC6AED8E7B23-- From nobody Wed Mar 27 09:16:56 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BBD41202FC for ; Wed, 27 Mar 2019 09:16:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hwgzf0wPBAUi for ; Wed, 27 Mar 2019 09:16:53 -0700 (PDT) Received: from ns1.nict.go.jp (ns1.nict.go.jp [IPv6:2001:df0:232:300::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AA07120283 for ; Wed, 27 Mar 2019 09:16:53 -0700 (PDT) Received: from gw1.nict.go.jp (gw1.nict.go.jp [133.243.18.250]) by ns1.nict.go.jp with ESMTPS id x2RGGqrX065792 for ; Thu, 28 Mar 2019 01:16:52 +0900 (JST) Received: from mail2.nict.go.jp (mail2.nict.go.jp [133.243.18.15]) by gw1.nict.go.jp with ESMTP id x2RGGqJh065777 for ; Thu, 28 Mar 2019 01:16:52 +0900 (JST) Received: from LAPTOP9DLCDU5S (ssh1.nict.go.jp [133.243.3.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.nict.go.jp (NICT Mail Spool Server2) with ESMTPSA id D2347113EC for ; Thu, 28 Mar 2019 01:16:51 +0900 (JST) From: "Takeshi Takahashi" To: Date: Thu, 28 Mar 2019 01:16:54 +0900 Message-ID: <000e01d4e4b8$7ecbfc40$7c63f4c0$@nict.go.jp> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000F_01D4E503.EEB44080" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdTkt1XrV8+SU67KTUi6UZTzT2UiTw== Content-Language: ja X-Virus-Scanned: clamav-milter 0.101.1 at zenith1m8 X-Virus-Status: Clean Archived-At: Subject: [saag] MILE repot@IETF104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 16:16:55 -0000 This is a multipart message in MIME format. ------=_NextPart_000_000F_01D4E503.EEB44080 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit MILE met at IETF104 at 11:20 on Tuesday. There were about 10-15 attendees in the room. We have discussed the progress of the following three WG drafts. 1. Xmpp-grid [1] (under IESG reviews): We discussed whether to keep the draft as a proposed standard document and agreed to do so. 2. JSON IODEF [2] (WGLC completed): We discussed the pros and cons of creating an IANA repository and decided not to create one for the draft. 3. CSIRT ROLIE [3] (Adopted as a WG document): We discussed whether to divide the document into two separate documents, and agreed to keep it a signle document. Additionally, new draft on ROLIE Vulnerability Extension [4] was discussed, and several people agreed to provide review comments. Changes to the current milestone was discussed and agreed. [1] https://datatracker.ietf.org/doc/draft-ietf-mile-xmpp-grid/ [2] https://datatracker.ietf.org/doc/draft-ietf-mile-jsoniodef/ [3] https://datatracker.ietf.org/doc/draft-ietf-mile-rolie-csirt/ [4] https://datatracker.ietf.org/doc/draft-banghart-mile-rolie-vuln/ ------=_NextPart_000_000F_01D4E503.EEB44080 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

MILE met = at IETF104 at 11:20 on Tuesday.

There = were about 10-15 attendees in the room.

 

We have = discussed the progress of the following three WG = drafts.

 

1. = Xmpp-grid [1] (under IESG reviews):

We = discussed whether to keep the draft as a proposed standard document and = agreed to do so.

 

2. JSON = IODEF [2] (WGLC completed):

We = discussed the pros and cons of creating an IANA repository and decided = not to create one for the draft.

 

3. CSIRT = ROLIE [3] (Adopted as a WG document):

We = discussed whether to divide the document into two separate documents, = and agreed to keep it a signle document.

 

Additionally, new draft on ROLIE = Vulnerability Extension [4] was discussed, and several people agreed to = provide review comments.

 

Changes = to the current milestone was discussed and = agreed.

 

[1] = https://datatracker.ietf.org/doc/draft-ietf-mile-xmpp-grid/

[2] = https://datatracker.ietf.org/doc/draft-ietf-mile-jsoniodef/

[3] = https://datatracker.ietf.org/doc/draft-ietf-mile-rolie-csirt/<= /span>

[4] = https://datatracker.ietf.org/doc/draft-banghart-mile-rolie-vuln/

 

------=_NextPart_000_000F_01D4E503.EEB44080-- From nobody Wed Mar 27 09:27:51 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81DF2120301 for ; Wed, 27 Mar 2019 09:27:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chxaZO8gx0I5 for ; Wed, 27 Mar 2019 09:27:47 -0700 (PDT) Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-cwlgbr01on0711.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe14::711]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C51841202FF for ; Wed, 27 Mar 2019 09:27:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HQ2MgVrUYuuD86od8lOy7zQzgfQ4gqW1cVo+2sNwboo=; b=CG+VlIw5JUMYi6SrDPW8fZd/wxPIyRIirgLDHXDWIHKy4H8wCmDcaIBY1GY6mokSzjYHyB2wlMln8cv0T6ZeymzsmQVNKNeP9wd7f5ZchwHpkJBMUnPgL4mWoloqnygZebCdf0uW+KKvxt3ewkZ0CHGy1igYW9Z7bspBI7eVHWY= Received: from CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM (20.176.62.15) by CWLP123MB2068.GBRP123.PROD.OUTLOOK.COM (20.176.60.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.18; Wed, 27 Mar 2019 16:27:44 +0000 Received: from CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM ([fe80::da8:590:973e:c17c]) by CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM ([fe80::da8:590:973e:c17c%4]) with mapi id 15.20.1730.019; Wed, 27 Mar 2019 16:27:44 +0000 From: Kirsty P To: Stephen Farrell , Kathleen Moriarty , "saag@ietf.org" Thread-Topic: [saag] SMART summary Thread-Index: AQHU48TN/lDvZi1cxUWeV3Jyk8TnLaYd0LkAgAHbeC4= Date: Wed, 27 Mar 2019 16:27:43 +0000 Message-ID: References: , <60234e9a-e1aa-37eb-b159-f3022fd3c677@cs.tcd.ie> In-Reply-To: <60234e9a-e1aa-37eb-b159-f3022fd3c677@cs.tcd.ie> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kirsty.p@ncsc.gov.uk; x-originating-ip: [51.140.78.31] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4d610755-6164-431f-e148-08d6b2d12405 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:CWLP123MB2068; x-ms-traffictypediagnostic: CWLP123MB2068: x-microsoft-antispam-prvs: x-forefront-prvs: 0989A7979C x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(136003)(366004)(376002)(39850400004)(199004)(189003)(66066001)(52536014)(81156014)(72206003)(7696005)(486006)(105004)(53546011)(74316002)(476003)(14454004)(102836004)(54896002)(76176011)(186003)(446003)(33656002)(6436002)(6246003)(55016002)(2501003)(53936002)(9686003)(7736002)(11346002)(2906002)(106356001)(229853002)(8936002)(105586002)(74482002)(75922002)(26005)(316002)(296002)(110136005)(6506007)(478600001)(97736004)(99286004)(3846002)(68736007)(6116002)(71200400001)(71190400001)(14444005)(81166006)(86362001)(8676002)(55236004)(5660300002)(256004)(25786009)(19627405001); DIR:OUT; SFP:1102; SCL:1; SRVR:CWLP123MB2068; H:CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: uWx+GzoDtwk/r6vXjbX3lhoWNqVbIPekyri0HZXw5AIZlPZWGQqBC5dUCTQUiIbR2xMlrbj1whraRbdmf6Ex9cntBpBsYv6bo92REDYEBcmXML9WVshquevUNWakkAFXO2loQqmdDjOndRtBGtJrgyYrVhjcB0pV2DMLesDLlWqeWb/s2tc0Po3pW3lXDOxB2CmPCYHbwXXaDrK8et2V/O7/SZaJaxKYHUQhpL3F+V7fXoCRUJcLk1a8smN6o4G8tDzKLv4fiXEjZN6r1bD96YwG1zzN8RcA4qZ1dsPtOxWYshxBk8oeaCvZ8ck+LWSu+vqMl67y2bVZeMtws2/M/QW+QFkQ5pJgM6usHjO0qEBF3vLERcODA0EpAmTf4fUyzlnEFaYdy/0PwqWFO2NPUb2ga60hODFioikPyhR/Fgg= Content-Type: multipart/alternative; boundary="_000_CWLP123MB2467DC2F8A82AC918E0C2F41D7580CWLP123MB2467GBRP_" MIME-Version: 1.0 X-OriginatorOrg: ncsc.gov.uk X-MS-Exchange-CrossTenant-Network-Message-Id: 4d610755-6164-431f-e148-08d6b2d12405 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2019 16:27:44.0186 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWLP123MB2068 Archived-At: Subject: Re: [saag] SMART summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 16:27:50 -0000 --_000_CWLP123MB2467DC2F8A82AC918E0C2F41D7580CWLP123MB2467GBRP_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Stephen, Thanks for your message. Sorry we ran very tight on time and tried to make = it clear that we'd stay until they kicked us out to clear the line, and be = in the bar afterwards for more questions. The session wasn't quite a propos= ed RG, so there's of course plenty of time for this discussion. In the inte= rest of transparency, feel free to start the discussion on SMART's mailing = list with your questions or concerns about the group. The concern you raise= d at the meeting (about some of the work taking a long time) was noted and = will be discussed as we move forward. If you have more concerns that you wo= uld prefer to chat in person on, let's meet up and discuss them sometime th= is week. Kirsty ________________________________ From: saag on behalf of Stephen Farrell Sent: 26 March 2019 12:04 To: Kathleen Moriarty; saag@ietf.org Subject: Re: [saag] SMART summary Hiya, On 26/03/2019 11:10, Kathleen Moriarty wrote: > Room was surveyed to determine interest in contributing or reviewing work= . > About half the room raised hands. Scope needs to be determined and hand > offs to the IETF Security Area are likely depending on the work that come= s > in. I think it was a bit of a pity that the room weren't asked about concerns with this work going forward. (If you asked that and I missed it, apologies;-) Given it wasn't an IETF BoF that's ok, but were this proposed as IETF work, I would have concerns. As a potential RG, I also have (a non-identical set of) concerns. I guess that discussion as to how to take this forward will give a chance for such concerns to be raised and discussed, so not asking that we try do that here/now. S. This information is exempt under the Freedom of Information Act 2000 (FOIA)= and may be exempt under other UK information legislation. Refer any FOIA q= ueries to ncscinfoleg@ncsc.gov.uk --_000_CWLP123MB2467DC2F8A82AC918E0C2F41D7580CWLP123MB2467GBRP_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi Stephen,

Thanks for your message. Sorry we ran very tigh= t on time and tried to make it clear that we'd stay until they kicked us ou= t to clear the line, and be in the bar afterwards for more questions. The session wasn't quite a proposed RG,= so there's of course plenty of time for this discussion. In the interest o= f transparency, feel free to start the discussion on SMART's mailing list w= ith your questions or concerns about the group. The concern you raised at the meeting (about some of the work t= aking a long time) was noted and will be discussed as we move forward. If y= ou have more concerns that you would prefer to chat in person on, let's mee= t up and discuss them sometime this week.

Kirsty

From: saag <saag-bounces= @ietf.org> on behalf of Stephen Farrell <stephen.farrell@cs.tcd.ie>= ;
Sent: 26 March 2019 12:04
To: Kathleen Moriarty; saag@ietf.org
Subject: Re: [saag] SMART summary
 

Hiya,

On 26/03/2019 11:10, Kathleen Moriarty wrote:
> Room was surveyed to determine interest in contributing or reviewing w= ork.
> About half the room raised hands.  Scope needs to be determined a= nd hand
> offs to the IETF Security Area are likely depending on the work that c= omes
> in.

I think it was a bit of a pity that the room weren't asked about
concerns with this work going forward. (If you asked that and I
missed it, apologies;-) Given it wasn't an IETF BoF  that's ok,
but were this proposed as IETF work, I would have concerns. As
a potential RG, I also have (a non-identical set of) concerns.

I guess that discussion as to how to take this forward will give
a chance for such concerns to be raised and discussed, so not asking
that we try do that here/now.

S.
This information is exempt under the Freedom of Information Act 2000 (FOIA)= and may be exempt under other UK information legislation. Refer any FOIA q= ueries to ncscinfoleg@ncsc.gov.uk --_000_CWLP123MB2467DC2F8A82AC918E0C2F41D7580CWLP123MB2467GBRP_-- From nobody Wed Mar 27 10:00:21 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C23112031D for ; Wed, 27 Mar 2019 10:00:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lj5PaeSTbdLw for ; Wed, 27 Mar 2019 10:00:18 -0700 (PDT) Received: from lavender.maple.relay.mailchannels.net (lavender.maple.relay.mailchannels.net [23.83.214.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 570DC12029E for ; Wed, 27 Mar 2019 10:00:18 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DCA9D3E573B; Wed, 27 Mar 2019 17:00:15 +0000 (UTC) Received: from pdx1-sub0-mail-a26.g.dreamhost.com (unknown [100.96.11.48]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 2A99F3E5652; Wed, 27 Mar 2019 17:00:15 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a26.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Wed, 27 Mar 2019 17:00:15 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Inform-Battle: 0c54e1ff0c539d93_1553706015482_1811229303 X-MC-Loop-Signature: 1553706015482:574987615 X-MC-Ingress-Time: 1553706015481 Received: from pdx1-sub0-mail-a26.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a26.g.dreamhost.com (Postfix) with ESMTP id A399B8073F; Wed, 27 Mar 2019 10:00:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=EnWS5v1qhUE7QtxD6o+wi4yvmv0=; b=Y1g1i3l3YUB pZIjmTmOMYpRwl158gD6lc7Dss4kHWXasihc5ehyOFTzNzKcVDX+s7JWyJ+COnBv SCoFqnAxvdVysrqjTDRDR7PvJ7Me6PRywMgDHrLOnLChBTE9n874SJFb+QWI0qUd BkyV3ev0jj1kbaSuZ6+diFlev/38js7Q= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a26.g.dreamhost.com (Postfix) with ESMTPSA id DBAE280750; Wed, 27 Mar 2019 10:00:11 -0700 (PDT) Date: Wed, 27 Mar 2019 12:00:09 -0500 X-DH-BACKEND: pdx1-sub0-mail-a26 From: Nico Williams To: Sean Leonard Cc: "saag@ietf.org" , Peter Gutmann , "Dr. Pala" Message-ID: <20190327170007.GH4211@localhost> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedvgdeklecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggugfgjfgesthekredttderjeenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 17:00:21 -0000 On Wed, Mar 27, 2019 at 05:14:11PM +0100, Sean Leonard wrote: > Back to the original topic of this thread, which is =E2=80=9Cdistinguis= h > between ASN.1 and BER/CER/DER=E2=80=9D: >=20 > I agree that more care ought to be taken in distinguishing between the > abstract syntax (ASN.1) and the encodings. If not sure which of > BER/CER/DER to use, you can and should say =E2=80=9CX.690 encoding=E2=80= =9D. +1 > My suggestion is to say DER when that is required, and X.690 when it > is not. This is because =E2=80=9CBER=E2=80=9D in people=E2=80=99s minds= reads as =E2=80=9Cnot DER=E2=80=9D, > which is not true. DER-encoded PDUs are BER-encoded, but not > vice-versa. >=20 > There is nothing good to say about CER since it did not adequately > solve any problems, and only created more. :-) There is little good to say about DER either... Both made suboptimal choices of constraints on BER. > > that know nothing of the schema, with some lossage of type informatio= n > > when using IMPLICIT tagging (none otherwise). >=20 > Dealing with tagging issues is supposed to be fixed with AUTOMATIC > TAGS but I have yet to see an IETF spec that uses that ASN.1 feature. Yes, sadly we don't use that. Even with AUTOMATIC TAGS you can have some loss of type information in the encoding due to automatically-added context tags being implicit. Nico --=20 From nobody Wed Mar 27 10:09:05 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A367120287 for ; Wed, 27 Mar 2019 10:09:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sqR6hoysaawj for ; Wed, 27 Mar 2019 10:09:01 -0700 (PDT) Received: from eastern.maple.relay.mailchannels.net (eastern.maple.relay.mailchannels.net [23.83.214.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BF40120306 for ; Wed, 27 Mar 2019 10:08:57 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 831931425A6; Wed, 27 Mar 2019 17:08:56 +0000 (UTC) Received: from pdx1-sub0-mail-a26.g.dreamhost.com (100-96-3-137.trex.outbound.svc.cluster.local [100.96.3.137]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 4E7AF1423D7; Wed, 27 Mar 2019 17:08:55 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a26.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Wed, 27 Mar 2019 17:08:56 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Versed-Gusty: 258d0eb81d0ae1f2_1553706535987_347150508 X-MC-Loop-Signature: 1553706535987:2374941727 X-MC-Ingress-Time: 1553706535987 Received: from pdx1-sub0-mail-a26.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a26.g.dreamhost.com (Postfix) with ESMTP id 412AB80751; Wed, 27 Mar 2019 10:08:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=s85x56awalJKYz /49xxRquv3bEY=; b=xxEaYNTM7tR+1+RnPT9eymE599yApWpSIgOzPgZ+BUcSYs 2H1gs+WXBwmG8y+3R0NP79NNW3f2Kl+9tcJHN3cUfNmU+qvnTT7SYba1YwCGd5Dp zf9j8nrt+HjyrXREhjN6cOtED34WczyqsaysGnfi5oAk9uqijDvpw7TNpNPg0= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a26.g.dreamhost.com (Postfix) with ESMTPSA id AAFBD80752; Wed, 27 Mar 2019 10:08:49 -0700 (PDT) Date: Wed, 27 Mar 2019 12:08:47 -0500 X-DH-BACKEND: pdx1-sub0-mail-a26 From: Nico Williams To: Peter Gutmann Cc: Carl Wallace , "saag@ietf.org" Message-ID: <20190327170846.GI4211@localhost> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> <20190326200103.GR3822@straasha.imrryr.org> <20190326222740.GE4211@localhost> <1553680145271.97708@cs.auckland.ac.nz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1553680145271.97708@cs.auckland.ac.nz> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedvgdelvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 17:09:03 -0000 On Wed, Mar 27, 2019 at 09:49:09AM +0000, Peter Gutmann wrote: > Nico Williams writes: > > >Something similar can be said of SSHv2's encoding rules. > > The ones that arbitrarily mix binary data and comma-delimited text strings? You can do that in ASN.1 too if you want... That was just lack of discipline in using the features of the encoding. I agree that it's awful. > Of all the encodings I've had to write parsers for, SSH's one scares me the > most. I've seen terrible DER hand-rolled codecs... It's hard to say which is worse for hand-coding. But ad-hoc, informal designs like TLS' or SSH's preclude code generation, so in that sense they are easily the worst. XDR is one that's in the middle: you get a formal language, and the encoding is trivial enough that you can hand-roll it with very good chances of getting it right *if* you have suitable library. (In Heimdal we have the krb5_{storage,store,ret}_*() functions, a subset of which gives you XDR, and which make it easy to write safe codecs. These should really be renamed heim_*() and moved from libkrb5 to libheimbase, where they can do more good outside krb5 context.) > It's also the one where I've found the most crashes in the other > system while developing the code and getting various bits slightly > wrong, e.g. sending "foo," or ",," as a value, or getting a binary > length field slightly wrong in combination with text-string data. I believe that. From nobody Wed Mar 27 11:14:31 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6579C1203FD for ; Wed, 27 Mar 2019 11:14:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.75 X-Spam-Level: X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxNktZMArTvQ for ; Wed, 27 Mar 2019 11:14:24 -0700 (PDT) Received: from mail-yw1-xc33.google.com (mail-yw1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED7A71203C3 for ; Wed, 27 Mar 2019 11:14:23 -0700 (PDT) Received: by mail-yw1-xc33.google.com with SMTP id e76so13230793ywa.9 for ; Wed, 27 Mar 2019 11:14:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=be/KqsWxI6cmxUEJYru2GeBKroXv2pu1aAvlVSDw5Xs=; b=nJGnEueUAIjBgMYrLeZgUE4hahV5Dk2Y5V1ESlptBr2/1ArO8izgJmAAj1weUvRS1s 89+coOXGpcw7ZYbh01pmqknWwr2UyhySpSTN1fp79HB/0IL6/PFvuSH9Wysr84VwEZng WMGTEpvBfP2XMYulUvf+iggkET4kzvn0Ps8ZGXAWVsjWw/v3OknteDr96VxPK7RX992n 6VjqS7t7G016Y1N4kqS/aYDRpGPWBftbqGyR9kqMylq5sHIKiNthhBPHzVZu+nUCbZrW G/JXBeFiPrJ0/3xkgIFLphhWhPqoAu1+HptlZr4zg2oy41ipfLC5Yq5/dkZky+VOyYMw RmRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=be/KqsWxI6cmxUEJYru2GeBKroXv2pu1aAvlVSDw5Xs=; b=uivloenHwJq/gKxnKVTIMTqyX7eaG8zgkJQUu/gEFFi5RIE+/fdq9P/OPSIvkLkhMf Ln2Vfn+leArz2R546i/WaeYjqfp/b1bcZwfB0Zd+Pb/55i0kg+16qK/OaKtMxXGedUzQ T61CqcJ0Ng4PDhsiaiT6dHBGB02dgFlAotN1UBkFls/tfFjfPrJAwbsPedfctbJ+Zja6 Uj+UKlMnezlfEMmZJ4y2QrFaMR+Gd39ppEQXMeUY3Jk9JD6LrYjeGvaWITeJKZPsmHu4 cb5hf4lUlW6r/+1UomVL0omB+1lMNydUhgeZPEKGZfvGAd1Wy6dssQ+eFb1puLkRTNdm sKcQ== X-Gm-Message-State: APjAAAWh/ExyAAOMt2lLc23F/UaU03bGSK5taEYgc0Dco9qwsdbB4EVo 3ZTqEmcY44yCHnxP1BceCEENT8k3zPXLTgVTxGz8f+r0fnt4fg== X-Google-Smtp-Source: APXvYqwUFQvsSaoF9jLr9f/qpcZBxTlmKYzIJ7LIFKtc+ZoPBY/acL6df8WYnoVVcfN8pAmPtn5cvHZHKdxvgTZ4yNk= X-Received: by 2002:a25:bb8a:: with SMTP id y10mr30588042ybg.168.1553710462398; Wed, 27 Mar 2019 11:14:22 -0700 (PDT) MIME-Version: 1.0 From: Christopher Wood Date: Wed, 27 Mar 2019 11:14:06 -0700 Message-ID: To: saag@ietf.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: [saag] TLS WG report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 18:14:29 -0000 TLS met on Monday and Tuesday. Several documents are ready for submission to the IESG. The WG is prepared to address comments when they come. draft-ietf-tls-dtls13-30 is nearly complete with a few issues to address. Initial interop between Mint and NSS was completed prior to the meeting, with mbedTLS support coming soon. The document will not go through another WGLC once interop is complete and issues are resolved. draft-ietf-tls-subcerts is ready for WGLC having received formal analysis since its last update. draft-ietf-tls-oldversions-deprecate is also ready for WGLC after deprecating DTLS 1.0 in addition to TLS 1.0 and 1.1. The WG discussed draft-ietf-tls-certificate-compression and the outstanding issue regarding how to include the compressed certificate in the transcript. Participants signalled disinterest in changing the current draft. Authors will write up the changes and chairs will begin the WGLC process. draft-ietf-tls-tls13-cert-with-extern-psk will likely be ready for WGLC with experimental status after more review. There are no implementations nor formal analysis for the design. The WG discussed updates to draft-ietf-tls-esni, including an initial multi-CDN solution and improved robustness. Participants raised concerns about the current solution=E2=80=99s operational impacts and unkno= wn edge cases. Representative ESNI clients also expressed the desire to minimize performance regressions for any solution. Authors will work with members in the DNS community for additional feedback going forward, though not block on that feedback. draft-sy-tls-resumption-group and draft-wood-tls-external-psk-importer have rough consensus to adopt as WG items. Chairs will confirm on the list. The WG discussed draft-kinnear-tls-client-net-address and general NAT detection use cases. Concerns around client usage of address information were raised. Authors will continue engaging on the list for further discussion. Draft-tschofenig-tls-cwt was also presented with no time for comments or questions. The WG also discussed draft-sullivan-tls-opaque as a way to add OPAQUE to TLS 1.3. Concerns around PAKE usefulness and lack of formal analysis were raised. This PAKE will also be discussed in the CRFG. draft-stebila-tls-hybrid-design discussed a framework for supporting multiple key exchange algorithms in TLS 1.3. Participants signaled an interest in choosing one design general that minimizes complexity instead of surveying different design decisions. Concerns about immaturity of the field of key exchange combiners were raised. The WG also discussed draft-wang-tls-raw-public-key-with-ibc. This document will not be adopted, and the authors will request codepoint allocations from the designated experts. Draft-belyavskiy-fakesni was discussed. Participants raised concerns about the proposed approach and its efficacy when compared to the attacks listed in draft-ietf-tls-sni-encryption. From nobody Wed Mar 27 15:55:20 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A00B120385 for ; Wed, 27 Mar 2019 15:55:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oasAeHT0ehov for ; Wed, 27 Mar 2019 15:55:13 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FB381203E1 for ; Wed, 27 Mar 2019 15:55:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id A7506BEE5; Wed, 27 Mar 2019 22:55:09 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n-QX6YHx6JLi; Wed, 27 Mar 2019 22:55:04 +0000 (GMT) Received: from [31.133.146.21] (dhcp-9215.meeting.ietf.org [31.133.146.21]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 7F58DBE24; Wed, 27 Mar 2019 22:55:04 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1553727304; bh=M+DFHpvfhNWktZ8Lcb6yz2BM6pGLUGwEIAQm3C8UztQ=; h=Subject:To:References:From:Date:In-Reply-To:From; b=E/EjMrQ18gV7qsCFyfgAKTwPKBdhItDjeXP5WQ6brTJZY4q7GH9LH1xD3TWBXSVB2 kctbKFneaU+2/2MKPfz+2CFfIrZ4qDL1iHvazFqkYhSHWEnZrJ9RSx2ci7KhMIwCKY yd+G4aCSAx9LTToREAGcMPFGZyrA9N778B3K+UWw= To: Kirsty P , Kathleen Moriarty , "saag@ietf.org" References: <60234e9a-e1aa-37eb-b159-f3022fd3c677@cs.tcd.ie> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <05c32629-471a-fab6-c2dc-7dcef166c31a@cs.tcd.ie> Date: Wed, 27 Mar 2019 22:55:03 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ea2tUKO0JL77bJo0oz51IpOBu6khCcx5y" Archived-At: Subject: Re: [saag] SMART summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 22:55:19 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ea2tUKO0JL77bJo0oz51IpOBu6khCcx5y Content-Type: multipart/mixed; boundary="ww3OMbVniLLd2re4nHfzZgRKjmW2oLHaN"; protected-headers="v1" From: Stephen Farrell To: Kirsty P , Kathleen Moriarty , "saag@ietf.org" Message-ID: <05c32629-471a-fab6-c2dc-7dcef166c31a@cs.tcd.ie> Subject: Re: [saag] SMART summary References: <60234e9a-e1aa-37eb-b159-f3022fd3c677@cs.tcd.ie> In-Reply-To: --ww3OMbVniLLd2re4nHfzZgRKjmW2oLHaN Content-Type: multipart/mixed; boundary="------------5A81DCC8CAAB60D63BA36D0A" Content-Language: en-GB This is a multi-part message in MIME format. --------------5A81DCC8CAAB60D63BA36D0A Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 27/03/2019 16:27, Kirsty P wrote: > Hi Stephen, >=20 > Thanks for your message. Sorry we ran very tight on time and tried to > make it clear that we'd stay until they kicked us out to clear the > line, and be in the bar afterwards for more questions. The session > wasn't quite a proposed RG, so there's of course plenty of time for > this discussion.=20 Agreed. Nonetheless, it's not a bad plan to take advantage of the folks being in a room to see who has concerns - trying to take the temperature of a room is otherwise fraught as we often end up only roughly measuring one side of a question. > In the interest of transparency, feel free to start > the discussion on SMART's mailing list with your questions or > concerns about the group. The concern you raised at the meeting > (about some of the work taking a long time) was noted and will be > discussed as we move forward. If you have more concerns that you > would prefer to chat in person on, let's meet up and discuss them > sometime this week. I do have more substantive concerns yes, and am happy to chat about those on the smart list. I'll try send a mail on that soon but at the highest level I'm not convinced that the proposed RG will actually get the input required for it to be effective, given the tensions between keeping attack details confidential and our need to design protocols based on openly available information. Cheers, Stephen F(arrell). >=20 > Kirsty >=20 > ________________________________ From: saag > on behalf of Stephen Farrell Sent: 26 > March 2019 12:04 To: Kathleen Moriarty; saag@ietf.org Subject: Re: > [saag] SMART summary >=20 >=20 > Hiya, >=20 > On 26/03/2019 11:10, Kathleen Moriarty wrote: >> Room was surveyed to determine interest in contributing or >> reviewing work. About half the room raised hands. Scope needs to >> be determined and hand offs to the IETF Security Area are likely >> depending on the work that comes in. >=20 > I think it was a bit of a pity that the room weren't asked about=20 > concerns with this work going forward. (If you asked that and I=20 > missed it, apologies;-) Given it wasn't an IETF BoF that's ok, but > were this proposed as IETF work, I would have concerns. As a > potential RG, I also have (a non-identical set of) concerns. >=20 > I guess that discussion as to how to take this forward will give a > chance for such concerns to be raised and discussed, so not asking=20 > that we try do that here/now. >=20 > S. This information is exempt under the Freedom of Information Act > 2000 (FOIA) and may be exempt under other UK information legislation. > Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk >=20 --------------5A81DCC8CAAB60D63BA36D0A Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------5A81DCC8CAAB60D63BA36D0A-- --ww3OMbVniLLd2re4nHfzZgRKjmW2oLHaN-- --ea2tUKO0JL77bJo0oz51IpOBu6khCcx5y Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlyb/0cACgkQWrL68XsX K+pO+xAAm9jwM2PUb20867AFAYULiGWtxvHnZybr367hTMHTtOSis6ZBDAW/O8/s 1egWR0wMt6vmHMvyQ99kiK/+uX8s7BAwNSb/7+KJCX+XdJaxa3GxMEyFnBo4zBF4 e7UYPeH8mtPD71nyhZhClrbna85dixL5cjlhCj7mhN4rgqK01ogX76sc6U9BWQTn f4N2QFSCGpsQBVRHhV5+YJpoUbznmn+gfjXWPg4MyryC0IF4MKDargCXn/tO0NX4 sieUpiy7osCrl4wX21vGUp09OMZbIdK4cKsHxYY0w1Zk/W7vZPmcbcveCGKlYzjc 6ke3PO6Bm0sT55aVwlKXq0L3TOtZAmJ2mIruW8ZTlyCBgI1VUNqvmiQiWPqYrivg Y1o5cdq5am5Q2YCXMzDJNPc0FnLSj2Xtb3K4ckotSJFf4vSdEDk8reOvNYB6PLBP Zob3YyNcnvregBdIFZ5Wqv9QcfHtqLcMTcQJNIEFIl4XmGQcbQJftVZHy90aR8KE F0+dmyjvAaZIfXtnOcAjgHrcBcW944nN8WaD2oGRk8KMhiNJphXTg0L5KawU7JjM 7kMhsoldtqpfjgRIRRUXPoGY0wjb38UsYa/PTpCveYLCeQSdNrhOkd5Hd4rzaeB3 LUkp6q/P+XwpJPieQT13Wzz/ipNhOHmKy5lvb2DsxCVF3DXGD9s= =B8Xs -----END PGP SIGNATURE----- --ea2tUKO0JL77bJo0oz51IpOBu6khCcx5y-- From nobody Wed Mar 27 18:39:25 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35F91120433 for ; Wed, 27 Mar 2019 18:39:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8NMauwM3H4PE for ; Wed, 27 Mar 2019 18:39:02 -0700 (PDT) Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECBEC120425 for ; Wed, 27 Mar 2019 18:39:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1553737142; x=1585273142; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=pxpNzzxG00LG4EL1OTKEXWQNrs65g5ro8msTuzte5x8=; b=0l8gMNHOvaOLmkDT2oNZ3l/rSKbQPfmKw7S+mSjZM9lmspej2/qE2LsQ y2fRpgfqnaN0L6zzlWXEq92gx28inb3ZBJZ096hrI9cXWnTTQrGwmRCE2 OxDDVZ7m91uHGab5g6EAGIDUFGdmdARLCzD64vsSMh4oM97NL86KrMWeF xG3ltioNNRJgO5dZHin1iF3gbPSddf2r1l3sPa9HyomD5rmB2Rv7e+VAg vK4LRmTRpFFr/RzwortiGqK2yw8khEA1TNWKtj0giGBeVGcP//vTf78rq /tM7iT/3WLcJLxV386AzhQT6+kJWNWvuGTGJMM625CL4DghumnfeJmoS1 Q==; X-IronPort-AV: E=Sophos;i="5.60,278,1549882800"; d="scan'208";a="53457508" X-Ironport-HAT: MAIL-SERVERS - $RELAYED X-Ironport-Source: 10.6.2.3 - Outgoing - Outgoing Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-b.UoA.auckland.ac.nz) ([10.6.2.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 28 Mar 2019 14:38:59 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-b.UoA.auckland.ac.nz (10.6.2.3) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 28 Mar 2019 14:38:59 +1300 Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Thu, 28 Mar 2019 14:38:59 +1300 From: Peter Gutmann To: Nico Williams CC: "Dr. Pala" , "saag@ietf.org" Thread-Topic: [saag] ASN.1 vs. DER Encoding Thread-Index: AQHU4/B7Wn4JSCcuPE2ed5Fjno127KYdRg2AgABTYgCAAaGbjv//gw4AgAGH5cs= Date: Thu, 28 Mar 2019 01:38:59 +0000 Message-ID: <1553737133841.88796@cs.auckland.ac.nz> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz>,<20190327151545.GG4211@localhost> In-Reply-To: <20190327151545.GG4211@localhost> Accept-Language: en-NZ, en-GB, en-US Content-Language: en-NZ X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [130.216.158.4] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 01:39:23 -0000 Nico Williams writes:=0A= =0A= >A protocol using ASN.1 BER/DER/CER with IMPLICT tagging will lose some typ= e=0A= >information, so while you can check a lot of an encoded message's validity= =0A= >without reference to its schema, you cannot check all of it.=0A= =0A= You can check it, you just need to use heurstics. That's what dumpasn1 doe= s,=0A= it's aware of the situations in which there's encapsulation and can dig dow= n=0A= into both implicit-tagged data and hole encodings.=0A= =0A= (Don't look at the code, it's full of hacks to handle broken encodings and= =0A= display things in twenty different custom ways, so it's not representative = of=0A= what a decoder should look like).=0A= =0A= >Whereas if you have reference to its schema, then you can check all of it= =0A= >regardless of whether the encoding rules are TLV or not.=0A= =0A= And that's the problem, you need to have the schema for the latest version = of=0A= every possible protocol you're likely to examine, and update the code every= =0A= time anything anywhere changes. With a self-describing data type, you only= =0A= need to write the format firewall once and it'll work indefinitely. I've b= een=0A= using the same ASN.1 firewall code for over fifteen years...=0A= =0A= Peter.=0A= From nobody Wed Mar 27 21:43:03 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFE981201DB for ; Wed, 27 Mar 2019 21:43:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOq6TtMjxvVW for ; Wed, 27 Mar 2019 21:42:58 -0700 (PDT) Received: from palegreen.birch.relay.mailchannels.net (palegreen.birch.relay.mailchannels.net [23.83.209.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41F761201D9 for ; Wed, 27 Mar 2019 21:42:58 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id D6A533E283A; Thu, 28 Mar 2019 04:42:56 +0000 (UTC) Received: from pdx1-sub0-mail-a70.g.dreamhost.com (unknown [100.96.39.118]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 7A9503E19C2; Thu, 28 Mar 2019 04:42:56 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a70.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Thu, 28 Mar 2019 04:42:56 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Continue-Obese: 279e533a6c56c687_1553748176685_1005090396 X-MC-Loop-Signature: 1553748176685:4016597563 X-MC-Ingress-Time: 1553748176684 Received: from pdx1-sub0-mail-a70.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a70.g.dreamhost.com (Postfix) with ESMTP id 07CE480FC9; Wed, 27 Mar 2019 21:42:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=vNhpsUccdhXRAY wYR0gBGiJ19WE=; b=I+AVwpfsvFq5oJsHiY+jUqPRmNDhKHr49sHgBbT+uxiDDq XXVAPshmbPVRgOWXWDIjj24d9ausVZg9CqVYD65uL1LpskL5b3HLLKI7O2q89Cde tuGvAvij+PtosUu3T0x8ld2h2slrVPRTL/OfZ3VTEsVQOBVn6V1JIVv4SJBl0= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a70.g.dreamhost.com (Postfix) with ESMTPSA id 908DB80FC3; Wed, 27 Mar 2019 21:42:53 -0700 (PDT) Date: Wed, 27 Mar 2019 23:42:51 -0500 X-DH-BACKEND: pdx1-sub0-mail-a70 From: Nico Williams To: Peter Gutmann Cc: "Dr. Pala" , "saag@ietf.org" Message-ID: <20190328044250.GJ4211@localhost> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <1553737133841.88796@cs.auckland.ac.nz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1553737133841.88796@cs.auckland.ac.nz> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkeefgdekhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 04:43:01 -0000 On Thu, Mar 28, 2019 at 01:38:59AM +0000, Peter Gutmann wrote: > Nico Williams writes: > >A protocol using ASN.1 BER/DER/CER with IMPLICT tagging will lose some type > >information, so while you can check a lot of an encoded message's validity > >without reference to its schema, you cannot check all of it. > > You can check it, you just need to use heurstics. That's what dumpasn1 does, > it's aware of the situations in which there's encapsulation and can dig down > into both implicit-tagged data and hole encodings. Yup. > >Whereas if you have reference to its schema, then you can check all of it > >regardless of whether the encoding rules are TLV or not. > > And that's the problem, you need to have the schema for the latest version of > every possible protocol you're likely to examine, and update the code every > time anything anywhere changes. With a self-describing data type, you only > need to write the format firewall once and it'll work indefinitely. I've been > using the same ASN.1 firewall code for over fifteen years... Consider extensibility markers: extensions your dumper doesn't know will be skippable. Or consider typed-holes: if a hole contains something that isn't BER, dumpasn1 won't be able to understand it. Non-TLV encodings exist and get used. NFSv4 uses XDR -- not TLV. CBOR isn't TLV and you can see it's likely going to get used for important applications. At some point a generic dumper needs to know the various schemas, and hopefully it can figure out contextually the type of the outer-most value and then use schema to drive the rest. Once you accept this your dumper no longer needs heuristics. Keeping up to date is no different than keeping any TLS/whatever library up to date, but it's easier because there are no compatibility requirements (it being just a dumper). Code bloat is not really an issue. The Heimdal ASN.1 compiler has an option for something it calls "templates", but which is really a bit more like a bytecode compiler and interpreter. That reduces code size (because the bytecode is much smaller than the alternative generated C) and improves performance (for the same reason, which reduces pressure on the instruction cache). With byte-compiled modules you could afford to have all of them built-in to the dumper, and you could even make new modules downloadable. Nico -- From nobody Thu Mar 28 01:40:52 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3049F120258 for ; Thu, 28 Mar 2019 01:40:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HgX2SYpsyh1I for ; Thu, 28 Mar 2019 01:40:48 -0700 (PDT) Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C07DB120243 for ; Thu, 28 Mar 2019 01:40:48 -0700 (PDT) Received: by mail-qt1-x82e.google.com with SMTP id k2so22149494qtm.1 for ; Thu, 28 Mar 2019 01:40:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=rtwTumcqAO3aebF7gqJfRCkIe9w1257WZa4Ha03+7p8=; b=roukHor80e3uvwgG4MGryjSNNz4m9xdJ2jYkCCCidGxRKYS/VJIi4I8eedhc8xZHH3 nn3PaAv/xR/sI2m6ffYbg4FOZZafvE8whbjlDdjA8Lcqcxi4qmSNCLmXXwUliVrKX+hT o8T4Bw09TIkVtTnkD2bEcujn9Wjl1dyUoTvcb7Cop2zMAgtBBygKfCQ0F+wAwR1UARe8 cmbqOhv9/qT+rkqD2O4UvOsajUfV/AQSR22aVFXFzd24vrU0ZI2GlQTIee/M8yPblAOg MmifTKnrEHZV7irQPUzUyBkrRDatMK+k0W5BLQf/IRUp1fW8OzZfvE5r11Eu2LO5Gr/G M5tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rtwTumcqAO3aebF7gqJfRCkIe9w1257WZa4Ha03+7p8=; b=QVPX5jxAh9+6KSE/aXVCOwZclfoZNo4+pFv0fGYoVV6M20RuJuGuEv1/E6WlRjpYnh xauZb61JlfKQKbO1w4IrFAoeq1SlmeBRPTFuYyAEgd0C+3nnUUiBf3/RL6KoHKQcv8sB 22hXd+KBfbcQSfMbwUD1gq7WP9qQiuBLxq8xgAjPmh8N9IPxrivwBTK3ZCHVHFJJ1yRN P0wfsq6fbuS4pWUUgeq95sPD3R5ZhAWKWGjNe83nzxxuxX/ncpDHRBE40pnb9wUhWsOm TKOo4f952eKo9nmwLd+W8V6cyNw/bYGHiiagBM5jWW0jXNveGpwi+E4aIAPBbUpONDRx 8kfg== X-Gm-Message-State: APjAAAU18MpSPxD2Sp/TarlqY2SfGThhDN/whvXoYzedfdHnc4sYL6My zf6KmlufCgxeSt9bhZzr3Lh3ExV8IaA/TKuMgplyinQTx8pyM2fx X-Google-Smtp-Source: APXvYqwwbrIKyfHPRaT5UTvIVSGgpEhENoaoIqCY2icqXG1WBLjtToFHd3Kkkk5qXbYuVgEVqVYTlnlYiiv44vdnc30= X-Received: by 2002:a0c:b785:: with SMTP id l5mr34372151qve.225.1553762447534; Thu, 28 Mar 2019 01:40:47 -0700 (PDT) MIME-Version: 1.0 From: Joseph Salowey Date: Thu, 28 Mar 2019 09:40:36 +0100 Message-ID: To: saag@ietf.org Content-Type: multipart/alternative; boundary="000000000000c041a605852382f5" Archived-At: Subject: [saag] CACAO BOF Preview X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 08:40:51 -0000 --000000000000c041a605852382f5 Content-Type: text/plain; charset="UTF-8" The CACO BOF will be meeting on Friday morning. Operational security teams create run books to define courses of action (COA) to remediate and mitigate specific threats. Today these COA are specific to an organization and are not easily shared for collaboration between organizations. In addition, the COA process is largely manual which makes them slow to apply and difficult to track their results and effectiveness. The CACAO BOF proposes to develop a machine processable format for defining a high level course of action so it can be shared and collaborated on between organizations. The ultimate goal is to allow for automation of parts or all of the course of action by defining protocols to allow for collaboration on the COA and by interfacing with existing protocols to take the necessary actions. Please join us in Berlin/Brussels from 9:00 - 10:30 on Friday morning. --000000000000c041a605852382f5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The CACO BOF will be meeting on Friday morning.=C2=A0=

Operational security teams create run books to define = courses of action (COA) to remediate and mitigate specific threats.=C2=A0 = =C2=A0Today these COA are specific to an organization and are not easily sh= ared for collaboration between organizations.=C2=A0 In addition, the COA pr= ocess is largely manual=C2=A0 which makes them slow to apply and difficult = to track their results and effectiveness.=C2=A0 =C2=A0

T= he CACAO BOF proposes to develop a machine processable format for defining = a high level course of action so it can be shared and collaborated on betwe= en organizations.=C2=A0 The ultimate goal is to allow for automation of par= ts or all of the course of action by defining protocols to allow for collab= oration on the COA and by interfacing with existing protocols to take the n= ecessary actions.=C2=A0=C2=A0

Please join us in Be= rlin/Brussels from 9:00 - 10:30 on Friday morning.=C2=A0
--000000000000c041a605852382f5-- From nobody Thu Mar 28 03:24:04 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F942120453 for ; Thu, 28 Mar 2019 03:23:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sunet.se Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gpzBWWCYULOy for ; Thu, 28 Mar 2019 03:23:46 -0700 (PDT) Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 911DE120444 for ; Thu, 28 Mar 2019 03:23:45 -0700 (PDT) Received: by mail-wm1-x333.google.com with SMTP id q16so2972311wmj.3 for ; Thu, 28 Mar 2019 03:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sunet.se; s=google; h=to:from:openpgp:autocrypt:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=Xq6W2kmix0WSxtAp/uf7rt9WBdxVHH3JGAp/+XvfiLM=; b=S/zE0DCNuCv47sWe8bfMgTPfayWmpRm4yOw9+4FDVDk9XLjL41JTgrwhAobs17aeP9 8V5NSgIGtVuSmqhzBkQCmk7aviRp63rwFIGnYxDjTNKnn+5Y8syYHwKnwyQeKB40iO9v KFWuObblkOKxymlQhXtVFqHVlXF1SO23Wui33CQuCX6jX7m7LJfaxzz6/4o3uzGpuDBB 3VSN3KLDvOrHCsxQbGCQGNNxicMOGYSP9IcPaaYM9oCTuZQP9YVrfsWldDFmkvKNbUQE I1Sz9uNFf0Qm9RDWDe1+kd1MT3rJ9wQDZ4zStfFlfuW2O8JD1pOM8zi0FlGCvSNzNvhj o/zA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:openpgp:autocrypt:subject:message-id :date:user-agent:mime-version:content-language :content-transfer-encoding; bh=Xq6W2kmix0WSxtAp/uf7rt9WBdxVHH3JGAp/+XvfiLM=; b=Daao9Re48CNvSZeGMla+6DqENrhx7wEnbxKikJwxs3TFRF1U9Cfghg971zbAzGXvPN h9SGG5Z8mxpnTO0rS7sDL9InBgUKQGhCo2M2eeIivgGDFpXVYSyNapZlAZDAv8WAa9zq hgCG3dUzrpjASGchYTMtCF9C0DbKLaR7ihb/sEOwJm4SD162mRojD1geXaUZKd4KHj4A 0UJCms7R3LrqCewDBcxWrvva/WUtvbowJjFbBOQAuCqqpu2nMgquUHS9VOJVDVnAXj1B 2olqM1ilOmpsYS5f67TYWaxECaQBoYWF3REmKnWpLALOuh2zqXuKvj99ANpXp6nc/h+t EzGA== X-Gm-Message-State: APjAAAWHRD8XS/8+VuDKP1qrUrt4nMkSwIsQHgrDrMGlzZXaCs7/ACef 5LZ8W4S1HpDCs0Z3e1ToDaKEYuZKbnu5AA== X-Google-Smtp-Source: APXvYqyEyLUCDS9rE335MI2FLbG40Y0zPZ3c0z1QFiP1BkiUZTuDC64pM21BCL9qUEGKyMBxpyPuRw== X-Received: by 2002:a1c:3d6:: with SMTP id 205mr15337225wmd.66.1553768623320; Thu, 28 Mar 2019 03:23:43 -0700 (PDT) Received: from [10.0.1.236] ([62.168.35.69]) by smtp.gmail.com with ESMTPSA id o130sm135942wmo.43.2019.03.28.03.23.41 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Mar 2019 03:23:41 -0700 (PDT) To: saag@ietf.org From: Leif Johansson Openpgp: preference=signencrypt Autocrypt: addr=leifj@sunet.se; prefer-encrypt=mutual; keydata= mQENBFJK9qIBCACypED81H1N4YmhMJrb4uOtTDzo+lFZDVVOcK11+NhTFl+AZZFnWH/7UPn+ q5ZZBd/IhONfb5QGw5FzTyBWHsbAteXgCvHAIyumwhQzhZnow6myyC6/MwDhomT5rb3MkCKC yQMNfj/yMgL6ZRsXVhlGOLMmOekRfKe2wiC5BhRaQQwPZPwgFS5D0Tro8Xfxjk98u8rNpQXi 9walRAffRY+byhkPiBj0sVA2RXK9Dx2DL3EY0xx07r6Qhs2XkbXNDDCHRuChhHSHwWC16VS9 x7Nhfg2EwKqmMGRNREikjwzDl/aHKz+FXTLONdmc83sRyklqgH90f3na6s/RT5XTb08xABEB AAG0H0xlaWYgSm9oYW5zc29uIDxsZWlmakBzdW5ldC5zZT6JAT4EEwEIACgCGwMGCwkIBwMC BhUIAgkKCwQWAgMBAh4BAheABQJbtiDqBQkPDsTFAAoJENc61kMK1HjWF/8H/3JZj9Ruv9FI yrntpyCGRDv889XG+cYsUDbl7nZAYbcLUJKq9BfaMzwivPx7M0grYD84squTG/jybh2ONlxb tEANU84JWFCmWWiGnD98JvZmOWqueaOYavef2frN28zLaGh5hPBZnK3PGGCX69hPkoHD76ox NX124d8aZvPpDHuzqGibaJ3/yHPmcC7yTJ/ZKTshQe5LhHI+ev92SMSQFaJIfVq6BcHK6kNT 7tG9U8WCcdGmZ618r0HApAbgFksvnW/Eafxv0vcwZlwr32K0U2VV6fA6rFpdXjlQpV3BldDD d/eq9iwP7EZ4Jgvv38tVI2blBPfAzULVMIy1d8Y2WVm5AQ0EUkr2ogEIAL6TW0U54NLiAzES BGR+JUscV6bAlZCIZkdiG0OCOHrDqYHwbdZn7+APYIynkOAcVELWxbaIyPeA7Ot/LHN30CZZ uFdhx5HoQWRNzo5Wxohv54cf9mjcMrIHUOr0IDl+OOcRDO2L4opJlhbMHQWS3uqt85LpgzXM yMRTFRTCyXWqKvHkO4HJYsNftQtTsf/GY9WEdRVk7xcRoVXab4gLHxjoH3wox4nRDPxvzCna Du9YSTBLZHoiMXSQytHGfFS/ADoRSJm4WmGG5j+VYIm6wuXWiWA4T4EowRRK0lYSLSz6l3wU vW84t40pshQWujT6hmv1vIAGmQ82MzEpXfq6PV0AEQEAAYkBJQQYAQgADwIbDAUCW7YfnAUJ Dw7DdwAKCRDXOtZDCtR41tJUCACZFLpfHO2JT2lzNTASU6eiWacAhShxJd1+WVkAHEtfUyRn hifSMRskoyk84Ay7txCziCeL8Cmucxp7be1qommvBYITqVNw4SF080pIWF0vh4T5QJ31n1L/ w8IzQaSMMX0UBZysgGbJKIeZl8DApseTf4CEOZjY/M36Y7OBTu3znn461ygjTY8MRckZMJT0 xyVi0w0CWuYyZsxQCktIigWW5jfmeUFUMUPdsO4Jvn01uz1oEn1u73nobThdRxi32xOyeQ+m nNfzaPIJzo56D0d7wXV6nsASixx+VQq7Cf1gX+xuWqrbsY7h38FA+1o3DSIbPUfULVBYoRLi 2ThtlFYU Message-ID: <13c87f89-6164-c45e-3524-6c5b1145dc07@sunet.se> Date: Thu, 28 Mar 2019 11:23:41 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: [saag] tokenbind status IETF-104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 10:24:00 -0000 The WG did not meet in Prague. Currently the WG is working on getting the remaining documents ready for IESG. Cheers Leif & John From nobody Thu Mar 28 03:42:58 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCF39120444 for ; Thu, 28 Mar 2019 03:42:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PoPk9vN3SlSU for ; Thu, 28 Mar 2019 03:42:47 -0700 (PDT) Received: from edge10.ethz.ch (edge10.ethz.ch [82.130.75.186]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 759031202B1 for ; Thu, 28 Mar 2019 03:42:46 -0700 (PDT) Received: from CAS22.d.ethz.ch (172.31.51.112) by edge10.ethz.ch (82.130.75.186) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 28 Mar 2019 11:41:18 +0100 Received: from MBX217.d.ethz.ch ([fe80::d403:aa60:5c6b:34c0]) by CAS22.d.ethz.ch ([fe80::dd0e:466a:b055:c090%10]) with mapi id 14.03.0439.000; Thu, 28 Mar 2019 11:41:26 +0100 From: "Paterson Kenneth" To: "saag@ietf.org" Thread-Topic: CFRG at IETF-104 Thread-Index: AQHU5VLKEWxqXyRMR06PTFxz2lcLJw== Date: Thu, 28 Mar 2019 10:41:24 +0000 Message-ID: <64055536-3679-4D1E-828B-2C49CF499A07@inf.ethz.ch> Accept-Language: de-CH, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [129.132.139.34] Content-Type: text/plain; charset="utf-8" Content-ID: <419FBDEF6F418148BAA86FF8DC24CE5D@intern.ethz.ch> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: [saag] CFRG at IETF-104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 10:42:58 -0000 Q0ZSRyBtZXQgaW4gUHJhZ3VlLiANCg0KU2V2ZXJhbCB1cGRhdGVzIGFuZCBuZXcgSURzIHdlcmUg cHJlc2VudGVkOg0KDQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1jcmVt ZXJzLWNmcmctcmFuZG9tbmVzcy1pbXByb3ZlbWVudHMvDQpodHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9kcmFmdC1ib25laC1ibHMtc2lnbmF0dXJlLw0KaHR0cHM6Ly90b29scy5pZXRm Lm9yZy9odG1sL2RyYWZ0LWJhcm5lcy1jZnJnLWhwa2UtMDAgDQoNClRoZSBtYWluIGZvY3VzIG9m IHRoZSBtZWV0aW5nIHdhcyBvbiBQQUtFcy4gU3RhbmlzbGF2IFNteXNobHlhZXYgZ2l2aW5nIGEg cHJlc2VudGF0aW9uIG9uIFBBS0UgcmVxdWlyZW1lbnRzIGFuZCBleGlzdGluZyBQQUtFIGNhbmRp ZGF0ZXM6DQoNCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvbWVldGluZy8xMDQvbWF0ZXJp YWxzL3NsaWRlcy0xMDQtY2ZyZy1wYWtlLXNlbGVjdGlvbi0wMS5wZGYNCg0KVGhlIFJHIGNoYWly cyB3aWxsIGRpc2N1c3MgbmV4dCBzdGVwcyBmb3IgYSBQQUtFIHNlbGVjdGlvbiBwcm9jZXNzIGFu ZCBtYWtlIHByb3Bvc2FscyBvbiB0aGUgQ0ZSRyBtYWlsaW5nIGxpc3QuDQoNCg0K From nobody Thu Mar 28 04:16:40 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 267721202B7 for ; Thu, 28 Mar 2019 04:16:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.42 X-Spam-Level: X-Spam-Status: No, score=-3.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c9aUfPrCSFsp for ; Thu, 28 Mar 2019 04:16:26 -0700 (PDT) Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F26B6120295 for ; Thu, 28 Mar 2019 04:16:25 -0700 (PDT) Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id x2SBGIut020828 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 28 Mar 2019 13:16:18 +0200 (EET) Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id x2SBGIEP011252; Thu, 28 Mar 2019 13:16:18 +0200 (EET) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <23708.44290.154988.229877@fireball.acr.fi> Date: Thu, 28 Mar 2019 13:16:18 +0200 From: Tero Kivinen To: saag@ietf.org X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd) X-Edit-Time: 3 min X-Total-Time: 1 min Archived-At: Subject: [saag] IPsecME Summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 11:16:36 -0000 IPsecME met on Thursday just before SAAG. We had very tight schedule, and needed to forward some discussion to the list. EdDSA has been published as RFC8420, Split DNS finally managed to get approved by the IESG, and is now in the RFC editor queue. Publication requested has been issued for Implicit IV. Quantum resistance should be ready for IETF last call. About the new chartered items the ipv6 and ipv4 status codes is progressing nicely, and should be ready for WGLC soon. The labeled IPsec and Intermediate Exchange drafts were adopted as WG documents. The hybrid qske draft already have some implementation experience, and should be adopted as WG draft very soon. G-DOI IKEv2 work will hopefully start going forward again as there are some external organizations which would like to refer to it. Diet ESP work is still work in progress. We also have one new draft to clean up some entries from the IANA registries, and to make statemenent that IKEv1 is really deprecated. -- kivinen@iki.fi From nobody Thu Mar 28 05:30:55 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4019212048A for ; Thu, 28 Mar 2019 05:30:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56QSyuiPEQAd for ; Thu, 28 Mar 2019 05:30:42 -0700 (PDT) Received: from mail-yw1-xc36.google.com (mail-yw1-xc36.google.com [IPv6:2607:f8b0:4864:20::c36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74FD71204AE for ; Thu, 28 Mar 2019 05:30:42 -0700 (PDT) Received: by mail-yw1-xc36.google.com with SMTP id d132so2620826ywa.2 for ; Thu, 28 Mar 2019 05:30:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :cc:to; bh=rFtfegI/fsQzq29UYDXRLj+sNESsW/BdlNoLM0CU8uE=; b=mRQKcFfPt9/fXvOpMCCd+NakwfcNZlyET+7dv0Q5/a/z3oZzS0EmKiH3VDoJCx1ztj ZVXsWMuYcgncqR3P+lx7OOa1b4Yg83/8IhX1/ERerXGtzuARIszUg1hI8/MWwp79pdeZ 1qKfHzoZe2AlTc+Z2bWhrnOEoWbNDPTdeE+50= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:cc:to; bh=rFtfegI/fsQzq29UYDXRLj+sNESsW/BdlNoLM0CU8uE=; b=EGgq23fy9cmKtUQmlab4rutjvgb0ktfS80XL7yWHDg2k6P+fDx0UjMZ95A+DveT56c B43QwZsR4pLjd7yYpGtxO8qQR/4X3qXDbK7Ezqa27dYddkQ8Aj21sci9YbFmi7bR47yc zqOutV6/yC4r4hYCxhyWMwYu9MQVP4ebuqrDeiahWrQp2OuMMIEt0/3a8cYWqB1zpiVF bwYXVBrqFFs/1BVDDwkwJ1doFLaoptDVSpuBvdnosU3C1cAbDo9ja1CeldK5arCT6nxV jUiE9J+2a/YD7qSkTtm6NMluzmzHqS9qnru49sMdlAKWEG5F/9mNDIhFzJ9MTK0+Jelj dqRA== X-Gm-Message-State: APjAAAXlpdent+z9pMbszZaxmIdZJCgv6ByffxiZQ5JFV84cjH8zlG9r lLtaAFX7gICx+I+KOcF+JPGF/O7WjQWf4g== X-Google-Smtp-Source: APXvYqxXRsIojskurQ27BnMCv1m7RzbXOngWApVt1VzGMOI/m2lwo1gRi5MVQieRd04/O72onxZ6qA== X-Received: by 2002:a25:9945:: with SMTP id n5mr34078208ybo.453.1553776241522; Thu, 28 Mar 2019 05:30:41 -0700 (PDT) Received: from ?IPv6:2001:67c:370:128:c1ec:6bbe:60d6:361d? ([2001:67c:370:128:c1ec:6bbe:60d6:361d]) by smtp.gmail.com with ESMTPSA id l82sm7460569ywl.6.2019.03.28.05.30.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Mar 2019 05:30:40 -0700 (PDT) From: Sean Turner Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Message-Id: Date: Thu, 28 Mar 2019 13:30:37 +0100 Cc: mls@ietf.org To: saag@ietf.org X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: [saag] MLS@IETF104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 12:30:48 -0000 MLS met on Tuesday and Thursday. Both active WG drafts, the = architecture and protocol, were discussed along with a potential new WG = draft that supports federations and the status of security analysis. draft-ietf-mls-architecture - Benjamin Beurdouche (Inria) provided a = summary of revisions since the last meeting. As the plan is to = essentially move this draft substantially toward completion the WG will = focus on the open issues (concurrency of group operations, metadata = retention, ephemeral signature, and deniability) and the editorial (more = precise security guarantees, privacy recommendations for Application = metadata, and federated-related additions). gh repo can be found here: = https://github.com/mlswg/mls-architecture draft-ietf-mls-protocol - Richard Barnes (CIsco) and Raphael Robert = (Wire) provided a summary of changes from version -04 and reviewed a = number of open issues and PR related to simplifying the key schedule, = decoupling identifiers, server initiated removes, and using a common = framing, Work continues =E2=80=A6 the gh repo can be found here: = https://github.com/mlswg/mls-protocol draft-omara-mls-federation - Emad Omara's (Google) individual draft = intends to standardize the minimum information needed to allow different = MLS clients to encrypt/decrypt messages to each other. Use cases = include different clients and a single, shared delivery service as well = different clients and different delivery services. Much of the = discussion centered on whether the entire roster who be shared and. In = the end, there was no objection to working on federation and the WG call = for adoption will begin on the list shortly after IETF 104. Deniability - Sofia Celi (Centro de Autonomia Digital) presented an = overview of deniability including it=E2=80=99s security properties, = previous work, and limitations as deniability applies in the group = messaging. There were no objections to the WG considering this as a = feature for MLS. While there were no objections to exploring deniability = properties for MLS, there were preferences expressed for making = deniability an optional feature in order to support enterprise = environments where deniability is not a desired featured. Formal security analysis - Karthikeyan Bhargavan (Inria) explained that = the MLS protocol is not so simple any more with multiple drafts and = features (key exchange, Sender/Message/Key Authentication, and message = protection). However, there are multiple symbolic analyses and = cryptographic definition proofs as well as one verified implementation; = there are security definitions and proofs for core key exchange. = However, the drafts are changing at a great rate making analysis harder. = He proposed a more TLS-like process proposal where certain drafts are = called =E2=80=9Cstable=E2=80=9D for review and changes include rationale = for change including security performance goals (and why what was there = previously does not work). The WG felt that this was a fair request and = will investigate adopting such the proposals to make security analysis = for future versions easier. Cheers, Nick and Sean= From nobody Thu Mar 28 05:39:42 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F94112029B for ; Thu, 28 Mar 2019 05:39:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7ioFKYeA2m9 for ; Thu, 28 Mar 2019 05:39:38 -0700 (PDT) Received: from raoul.w3.org (raoul.w3.org [128.30.52.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A102120260 for ; Thu, 28 Mar 2019 05:39:38 -0700 (PDT) Received: from dhcp-9ec3.meeting.ietf.org ([31.133.158.195]) by raoul.w3.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1h9UJk-0003Hs-It; Thu, 28 Mar 2019 12:39:36 +0000 From: Wendy Seltzer Openpgp: preference=signencrypt Autocrypt: addr=wseltzer@w3.org; prefer-encrypt=mutual; keydata= mQINBE8C3C8BEADabu7Vrde6QYKH4c0gIza3Z3WqlOC+Mcj4BZGaA7IAJTcjOAV8CDW90KJA vk11zIN70SIIgZnA0RK3+7axHD4qbJLnUA51lyX4XcHyV1XLfa/P+5ners1qI2oIgl/T2x/T ismEGXRg3nHuG06+tih4Q0NEEhR3ONP0GRtAlslZYypc1VP2nEmHum86QAIAmQn2n6J5RjOG HqUwP4Tn1X47LbMcWF1ECKXFG0wm+Dzfw4GwPTLEv6eFjRs8q6ZgmbQKfsWMOFJcRFPcoDjU 7D71gQ+s/cv1iFI3rUy1tUgkuRuk3H0/pJM1FI4JvDygP0c6PfUpw09U6ao0MccFg/YyxZMn DXfuf4GhPv0MYjAwiOZVMk5MOcUC5Fxl+1WlzT6FKWKwnYsiWmDGRiowMC90O6Y+ecmeTRE9 8HHy4fSLyE58/nsvOARTH8dJRPQLpCY9ZJmEPI3X+GCN+SnnVZJONhW6kfKKcsPeLx2SXQby kaLpYcmCPul99Gd/ULJJ2aCGvdMCxCSy782QgK/LlDeg9sxcVpuCqrfsIjYqYijV9nnKNVKd kt2q1DmnhCr5NBWHdXFfmE0BCPQvxowj0Uk3yrlZKlnh9WbQkq5Cw48uuKjfrjvxSa4j6Fpc ggXtvpzEs3eaNKheyNxYCnu8mMc9I3yFgyecBFC2i6Br5jB02QARAQABtB9XZW5keSBTZWx0 emVyIDx3c2VsdHplckB3My5vcmc+iQI4BBMBAgAiBQJPAtwvAhsDBgsJCAcDAgYVCAIJCgsE FgIDAQIeAQIXgAAKCRDU8t8HIJNHpcVHEACQwxQi8LSL1lyAJgHBd8lIcKCMSQr5bK6moF3m yPVds+zb3hFbradmdeDS/Cf4tCNOSgl5XY0vwZSWjdE54TO0bBspZNxZ2/uSNwnld2Ykf051 OzWYANU+zDaj1BD99LBVmk8r/pUEY0D21Ga+yw58eYcMF/GCPui2KPRtLa9bP6Tw2WTabJS2 91lnMzPFdBMq+nCnRZH8MOX+xSyj4i1EgDNV6mWs6nLhuSatemEwJHT4TFePavtvb4YUgK9F 7xVea+dbNmDqxbl9xeHZZ64EK2drd/RbCx0I+8M14QMqI4ipuR0CmEIUH5aaazZY8PQwGL2B q5n/g/92izuRGKIpJkN/N7WR5hN1A5WNZWziwUxA7oA6k6kh/7VqD8mmDFeG7dBn5DQVjReC rHmJxX10uhZOBRJHiJdCmiZgHOIpqJTiWf80gmjgWJvGwo+FUXS0H9QnVSTVuih4odhTJjGP eht0712apnwgSpDRll8Ej1+SKdjpCBrdFOt23hNG5nfTb0XXrK3npfsz3nxUWTDOOWrTvHfL diGudvX0H3IdKVuPBV18qAa+6uPnDAn5QLFNI6lWhDZLXPRtqoZ9iR3fvr5Lf0Sav7mtdvSY pD5qfYowt2DWkuslHIYH7pTqvNeAvHivKsEnh7iys7PcA/21rgLzBz5LJ0jH53cANukEdbkC DQRPAtwvARAA6hUhyUe/xnzsjlujThyGXVrFRimd6o1uwzcMLaJQlClOyBzUrnRWbHOWqq3v +bsQy3dKHR/WvrbDGQnGOzRJuBbQAYevJ14J83EBszQ181wg+nqzPuBlZ3cLobpf9PxnG7fX TWIuJIi5WkyiGZxG5Drv7iXSTYnk1/Aj6RMjt/BNDq2M9LbKqzE0QUhBAnzQTZduTNSoGWqO 6P3UkZn9JEmyd1vrtipfFMtGsebtBIUqVMuqHjUL1sQk6gLVJYcG7ybCNa2xnxGYVnF0kT4m whTL+xLr30Fw8c08h2qscvqkAPebOQsvQp81rEga7fFNzKR2AOLTbhaQpZhF+h03mDYmCFBf 2jCUY0lJYsmmTKt2rwgCcdNjjRY1J5/SqBv1GAt5nVkypLIRXG17zNRnysPqcZuH8DwM8zDb RlUhrPhwZpMTIyJTRPAFaWuhoFrP0xWnPQ1jt1RgNMFLrkbminx7KRE+oNd8cPdPtsRaJmOp XoBKfiyvVqi8h3wj7oPGyz2JZ6h6riYd1KTA1xkBRcWT+JT6pFjV/wKWRT5G2Q0pBvU28/k5 RW3tWzB8K4rujK4DtJKGGOTLVp4fF8ienPAsjJ+oGXKula7owCfOhxhedD7bKgFZuV+5DWs9 f2SLXI2iql+QaRVkZlS5VvqG2w8K+vnssie3OihZcKg2nykAEQEAAYkCHgQYAQIACQUCTwLc LwIbDAAKCRDU8t8HIJNHpVEoD/jJosaASVl2OdPTbNMDRD//I1INsNZUlFKYnIwm9/dE2KGN nULqqanjNi8w52+c/5EzRliik46d0MEWpwPr2PDsZWOUS9aAhJql7cPeGvrffTGYDNithscX aiboN0ZjsEiHwGOOT6EO2kJRai1+/kO1mEq+OHFXQYl0Bj5FxKJv41YbcFe20xraMIStejmw j9tjd1JfAnnvMp6s4lWA+qMCsvn5yJyHM8P145wyr6NgakQqaR+qYl12IrwOJNU1W4VAVo/Q MYzhL59Ml+eXhkUOCl31nerR/6/B3M2yJ/Idvz1W6Jo/YhFNp9ykRK4TOd8SC1tSSjq4wdWi 8Arc3G8T7VQjppdNRUXXwPx6ujgaOO7Dc+qODWs3rXmnG+YnBsUdgKO5tnG1TBqOfOD+eL+q p61yRrDm24eOG+gvoNAki6XMHb02LbeZhzmNxqlCfJ0WByqHbL/ifqyJXfdHr3Y6kYhemm4W rVTwSeX4bzLnMZc8vfD//deuGIA8pbNs6rM+i+WniJ3dBNH3qGRAjvSZDbFutjiDmn+OcBLn PNzOAe++pWiTU6AVYfURY9SM09dIHhZ2DHTPW+fxJKgHT3r1LBwWcCJVxIJOhl+lShfkNlli nnPDLgzObcHuH5jldv2iwfSfH9BFmdXrbEyT2d0UDryebODvSWATGs6RaqsR Organization: W3C To: Security Area Advisory Group Message-ID: <78a2ef79-d79e-4e60-7aeb-3244854afcdd@w3.org> Date: Thu, 28 Mar 2019 08:39:35 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: [saag] W3C Update for IETF104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 12:39:41 -0000 Some web security updates from W3C: Web Authentication WG published WebAuthn Level 1 as a Recommendation. https://www.w3.org/TR/webauthn/ The WG continues with Level 2 work. Web Application Security WG is extending its charter, taking up new work on Feature-Policy, Fetch Metadata https://www.w3.org/2011/webappsec/ https://www.w3.org/2019/02/webappsec-2019-proposed-charter-rev.html Privacy Interest Group (PING) published Mitigating Browser Fingerprinting in Web Specifications: https://www.w3.org/TR/fingerprinting-guidance/ Thanks, --Wendy -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Strategy Lead and Counsel, World Wide Web Consortium (W3C) https://wendy.seltzer.org/ +1.617.863.0613 (mobile) From nobody Thu Mar 28 05:48:21 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE851120260 for ; Thu, 28 Mar 2019 05:48:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XK5tJcU3nXZd for ; Thu, 28 Mar 2019 05:48:16 -0700 (PDT) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150054.outbound.protection.outlook.com [40.107.15.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E65F012025C for ; Thu, 28 Mar 2019 05:48:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bbl2mUweBs5qiDG7R6HN5kzzPOt2Je1Yw0Mkvjj/sI8=; b=U1Zsh3HrIdYLbs9Knjqazf4E1SmWt2OObvtwIDSOi7FYULqjEyNe9WZ8d9mlnW1TPJjSYD1cOXmxKTO7mtCkNOPPdCULKdgDqN+tpAk+OASYjDy6/F/cwXsOHqojUVJIbCaD8ari3kBCsNkOixfO9zZE7vjJ8hV8SJbjWRtVMi0= Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB2125.eurprd08.prod.outlook.com (10.168.67.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.16; Thu, 28 Mar 2019 12:48:13 +0000 Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::dd0a:bfcc:b6ce:8d65]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::dd0a:bfcc:b6ce:8d65%11]) with mapi id 15.20.1750.017; Thu, 28 Mar 2019 12:48:13 +0000 From: Hannes Tschofenig To: "saag@ietf.org" Thread-Topic: OAuth Meeting Notes Thread-Index: AdTlZDRUGNhoLZW4Q7+i7crV0uWIUg== Date: Thu, 28 Mar 2019 12:48:12 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; x-originating-ip: [2001:67c:1232:144:7820:4dcb:178b:775f] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2fadab8b-7507-46cd-0ec3-08d6b37ba3d9 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4618075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB2125; x-ms-traffictypediagnostic: VI1PR0801MB2125: x-ms-exchange-purlcount: 11 x-microsoft-antispam-prvs: x-forefront-prvs: 0990C54589 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(396003)(136003)(376002)(366004)(199004)(45074003)(40434004)(189003)(97736004)(6306002)(33656002)(9686003)(68736007)(14454004)(186003)(55016002)(46003)(5640700003)(6116002)(478600001)(99286004)(72206003)(52536014)(7696005)(6916009)(81166006)(5660300002)(8676002)(966005)(81156014)(8936002)(1730700003)(6436002)(14444005)(66574012)(5024004)(256004)(305945005)(86362001)(7736002)(102836004)(6506007)(53936002)(71200400001)(486006)(316002)(2501003)(105586002)(74316002)(7116003)(106356001)(476003)(3480700005)(2906002)(25786009)(2351001)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2125; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: S/FLXy2hRlGZvd3LwDU3SqyWnHJ/UJZp61QLtAEGv6s6x5ETFGj+ciWo1z14YUm8mB6o3tBdUFEVQLnbY4JLZ7z7AYQ500W6cmDAjP3JwZqXBUIVFp6kt8YtHvzlMJIdOxfgjdCN0Lue8bFckWvcM/4l6CLyE0zhYAQeDRsuUcDu6OIU5HJV9PuwC+h2aCEPw6bRbuwJw+sW+li0cXrFaXXKWkNh5n2DICukQviOHkPrBb50PvjRe/phLnm06aN4Yq3klVe+Yv0BFlP7BGdgC6pgwAvYjVF4apcF+Wgc7vUbYONsvElovUXYfNoqA12e91X4dkMN5BWU1+DD4HQ3x5VdUteZwIilQpaS85GsPR8qRiqwzROjn83B3/ws6djxaZRorLFukjdLo2jdxa1UTA5F5racniz906ecdGCnwDo= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2fadab8b-7507-46cd-0ec3-08d6b37ba3d9 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2019 12:48:12.9743 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2125 Archived-At: Subject: [saag] OAuth Meeting Notes X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 12:48:20 -0000 We held the 5th OAuth Security workshop last week in Stuttgart. We had tuto= rials, presentations, unconference sessions, and keynote speeches. The workshop was well attended and well received. All material can be found= at https://sec.uni-stuttgart.de/events/osw2019 During the two OAuth WG sessions we talked about the following items: * OAuth Security BCP https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/ Torsten gave an update on the OAuth security BCP. The recommendation agains= t the use of the implicit grant is probably the most significant recent add= ition to the draft. * JWT Introspection Response: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-respons= e/ The group agreed that the spec is ready for WGLC. * User Managed Access (UMA) https://datatracker.ietf.org/doc/draft-maler-oauth-umagrant/ https://datatracker.ietf.org/doc/draft-maler-oauth-umafedauthz/ Eve and Maciej presented specifications put together in the Kantara Allianc= e. The UMA specifications describe a number of use cases and we discussed t= hem during the meeting. Eve clarified the intention with the document submi= ssions: she wants to have the OAuth WG to work on them. * JWT Usage in OAuth2 Access Tokens https://datatracker.ietf.org/doc/draft-bertocci-oauth-access-token-jwt/ This document was produced during the OAuth Security Workshop and describes= best current practices of what claims are contained in an access token. * Browser-based App BCP https://datatracker.ietf.org/doc/draft-ietf-oauth-browser-based-apps/ This document defines best current practices for apps running in a browser.= Aaron presented open issues and the group came up with suggestions on how = to resolved them. * PoP Key Distribution https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/ The group discussed whether the document is missing a recommendation for de= monstrating the possession of the private key for the public key that is pl= aced in a JWT/CWT. * MTLS Update https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ Torsten presented the current status of the document and further open issue= s were presented. * Nested JWT https://datatracker.ietf.org/doc/draft-yusef-oauth-nested-jwt/ Rifaat presented the idea of a nested JWT. * OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer https://tools.ietf.org/html/draft-fett-oauth-dpop-00 This document was added to the agenda short notice and was a result of disc= ussions at the OAuth Security Workshop. The focus of the document is to provide an = security solution for use of OAuth in browsers. IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. From nobody Thu Mar 28 06:14:44 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E14891204B7 for ; Thu, 28 Mar 2019 06:14:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4L_B2fffPEyQ for ; Thu, 28 Mar 2019 06:14:31 -0700 (PDT) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 400891204A2 for ; Thu, 28 Mar 2019 06:14:31 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 44VQLr2wL0zJk8; Thu, 28 Mar 2019 14:14:28 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1553778868; bh=R2D28lcXBznzQ/6aPGeW+5ClItF0yRUZOWb5Yqn+EH0=; h=Date:From:To:cc:Subject; b=sHTLQS4Yo13v3gAOx/8IA+Jzj51C4EbXvYhDSfgWXGKVKeodMqrZM8C1wdr+ntv7q pZnmBomVtsJjDOVzL9y4GIqRjak832pBAise7KePriyUktlcLy07pTv092+d33SMEX wUpP+O3kq58u/z3+srqCJXe+k8lOOS9RAoDJITFg= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id h3wdP9lGh23M; Thu, 28 Mar 2019 14:14:27 +0100 (CET) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 28 Mar 2019 14:14:27 +0100 (CET) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 578E294F; Thu, 28 Mar 2019 09:14:26 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 578E294F Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 4EBD440D358A; Thu, 28 Mar 2019 09:14:26 -0400 (EDT) Date: Thu, 28 Mar 2019 09:14:26 -0400 (EDT) From: Paul Wouters To: saag@ietf.org Message-ID: User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: [saag] TRANS report IETF 104 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 13:14:42 -0000 TRANS did not meet. 6962bis is ready. One ambiguous syntax was discovered, and we send a message yesterday to the list to ensure no one objects to the syntax correction. Assuming no one objects, all DISCUSS items from the IESG have been addressed and we can request publication and shutdown the WG. Paul & Melinda From nobody Thu Mar 28 08:04:50 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 605F01200B3 for ; Thu, 28 Mar 2019 08:04:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ImAxpq5qafEF for ; Thu, 28 Mar 2019 08:04:43 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1FC4120013 for ; Thu, 28 Mar 2019 08:04:43 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [IPv6:2001:67c:1232:144:6e88:14ff:fe34:93bc]) by relay.sandelman.ca (Postfix) with ESMTPS id E9FBD1F47E for ; Thu, 28 Mar 2019 15:04:41 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 1143E2D2B; Thu, 28 Mar 2019 16:04:46 +0100 (CET) From: Michael Richardson To: saag@ietf.org In-reply-to: <46912a6f-cfb9-c682-b438-27863a91a486@openca.org> References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> <20190326200103.GR3822@straasha.imrryr.org> <20190326222740.GE4211@localhost> <46912a6f-cfb9-c682-b438-27863a91a486@openca.org> Comments: In-reply-to "Dr. Pala" message dated "Wed, 27 Mar 2019 00:36:06 +0100." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Thu, 28 Mar 2019 16:04:46 +0100 Message-ID: <6979.1553785486@dooku.sandelman.ca> Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 15:04:49 -0000 --=-=-= Content-Type: text/plain Dr. Pala wrote: > thanks to everybody for your messages - I think the conversation is > very interesting. A complier for TCP/IP packet parser is really an > interesting idea :D But only if we (just a joke, do not kill me!) use > ASN.1 and define a TIED (TCP/IP Encoding Rules) :D Did this back in 2000. It was intended to enable generation of code/rules/tables for NPUs. http://www.sandelman.ca/SSW/ietf/pax-pdl/pax-pdl-00.txt -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAlyc4o0ACgkQlUzhVv38 QpClaQf9FePk+ULWliwmkmQ1GcCpRGVUViXOBWsE2N6MVBggkpFpB36aKqtHBZ3z dGH2M0djEjXkkazNjd/hLwg/q4bn1vT1pRnTGlFPhul1Ya5rtxrFOhgw30PkJ/yZ oSl0HNsVVNj0AO0CfVgggGHA1O+w1U1tXRzCV/tppnP/sIPys7P14P3E76FmTqIN adqvXJOJbm5GPvAa7HUG+Hn9eHBAx/R9YRrvU9Lv90gEwX3sCFI/LU++C4seUvZJ mNa2vb6kYJ43qqiKMcHAJDLP6WlV04p9jyXTeQZuVWz2Qf5Ginuw6m8LeY/ogwEc eH65mzuEonSG3Ue8JycE38v7xBuwig== =dIJ0 -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Mar 28 15:32:22 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4DC612025C for ; Tue, 26 Mar 2019 01:46:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dpzRZVx1Peu3 for ; Tue, 26 Mar 2019 01:45:29 -0700 (PDT) Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAFE31202F4 for ; Tue, 26 Mar 2019 01:45:29 -0700 (PDT) Received: by mail-oi1-x234.google.com with SMTP id v7so9266148oie.8 for ; Tue, 26 Mar 2019 01:45:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=pfRuMTZtsSuMfjGEJk7i+xBKg8Tqzm+N68Cq2cg3U1c=; b=NiBh4dwH0m8XM19h4Z2vukEfOWw6rlvQUMqrBsPUWsLhNWM8tKEZYqA46w4B3oMDqI naVPwmgGY4qLfjRsWyiTR9FL+QDlTYiiGQPcpxMtVEbRhHoXVkOVmlTgL2iGEe0paadX TrC2xpGPs5tjO2Lk4if1ZMPDqNvz87YoIohJM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=pfRuMTZtsSuMfjGEJk7i+xBKg8Tqzm+N68Cq2cg3U1c=; b=E29q60CC5hAOM590pQQxWZEbyVv3dumeP1QaSgWqYYF8y04Uc/XppZbnj9fnbI7jb8 Nj4R82S4UlSqi5efN9yyLdcbS+aoDPSJ8nj8oKWDrEVZpQ570N9uRU4MKCLcIDJo9pfS ogZs8IAtOx5JJmiF7zzwCHIGtKDbMZ+Rk+CBYPqOsMS3AsabExC/13ss562iYzW5Hb8S Vi9D8/dCD3s4Bi9+dt8Fp/bDyn2GmzEEo5a47L7MtR74qEorWa8h5slPbGD5csWAmjLb K3Is/w4WOuEacR9W15ukA8SChmgvyHYmA8v6tG8hziUp4+B+n8ltnEznoX3gMWsvbMpz k+4Q== X-Gm-Message-State: APjAAAWajcsLH2plYp8KTQxM0Wnq0j8rwHO0Zl60SWXZH0PoneZBDdnO 453/m4qDWGMNdMGYJw7959F8qbD3HvjVMnl2Gwk8Yw== X-Google-Smtp-Source: APXvYqz9HvF+SK54qqRRw3i4eWbDpNuqmwkDzK/iB6/qZgooeqmjL187qL1mr75cq8q3fvQAveoScMHZ0FXrvF+Cp4w= X-Received: by 2002:aca:4507:: with SMTP id s7mr4425411oia.127.1553589928675; Tue, 26 Mar 2019 01:45:28 -0700 (PDT) MIME-Version: 1.0 From: Joseph Lorenzo Hall Date: Tue, 26 Mar 2019 04:45:17 -0400 Message-ID: To: pearg@irtf.org, Stan Adams , Nick Feamster Content-Type: multipart/alternative; boundary="000000000000d3637d0584fb574e" Archived-At: X-Mailman-Approved-At: Thu, 28 Mar 2019 15:32:21 -0700 Subject: [saag] descriptive censorship work: draft-hall-censorship-tech X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Mar 2019 08:46:13 -0000 --000000000000d3637d0584fb574e Content-Type: text/plain; charset="UTF-8" (Bcc'ing SECDISPATCH and SAAG as an FYI; thread on PEARG) Hello, apologies for cross-posting. At IETF 91 in 2014 we presented some very early work before SAAG that describes how global censors use protocols to censor data flows (block, impair, modify, etc.). After some editing in subsequent years based on superb feedback from SAAG folks (Stephane B., Andrew M., thank you!) we had tentative AD sponsorship and some thoughts that this was better on the IETF side of the house rather than in a RG. We've started to work on it again* and since the original draft we now have SECDISPATCH to help "the misfit toys of security" find a home in terms of IETF process... I very briefly described this work yesterday in SECDISPATCH and Chris Wood, the new PEARG co-chair, suggested that PEARG would be a good place for this work since part of what they would like to do in that RG is document certain privacy-implicating things in the real world. We don't really have a preference where this ends up -- there's even a case to be made that given the dynamic nature of censorship that this will necessarily always be a work in progress. We have heard people find it useful and PEARG seems as good as anywhere, and obviously the process to get to an RG RFC would help it get better (at least that is my impression!). Here is the current version of the draft and the repo we're using to track issues and version the doc: draft: https://tools.ietf.org/html/draft-hall-censorship-tech-07 repo: https://github.com/josephlhall/rfc-censorship-tech Would love to hear if this is something people think PEARG would like to work on and we have some ideas about additional documents in a series like this (e.g., having some real-world descriptive reference on research and practice in terms of traffic analysis could be really useful for IETF folks, I suspect.) Cheers! --Joe Hall (copying two co-authors, Stan from CDT and Nick from Princeton) * IASA2 has been a big focus of my own for the last two years. -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 Don't miss out! CDT's Tech Prom is April 10, 2019, at The Anthem. Please join us: https://cdt.org/annual-dinner/ --000000000000d3637d0584fb574e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
(Bcc'ing SECDIS= PATCH and SAAG as an FYI; thread on PEARG)

Hel= lo, apologies for cross-posting.

At IETF 91 in 201= 4 we presented some very early work before SAAG that describes how global c= ensors use protocols to censor data flows (block, impair, modify, etc.). Af= ter some editing in subsequent years based on superb feedback from SAAG fol= ks (Stephane B., Andrew M., thank you!) we had tentative AD sponsorship and= some thoughts that this was better on the IETF side of the house rather th= an in a RG.

We've started to work on it ag= ain* and since the original draft we now have SECDISPATCH to help "the= misfit toys of security" find a home in terms of IETF process... I ve= ry briefly described this work yesterday in SECDISPATCH and Chris Wood, the= new PEARG co-chair, suggested that PEARG would be a good place for this wo= rk since part of what they would like to do in that RG is document certain = privacy-implicating things in the real world.

We d= on't really have a preference where this ends up -- there's even a = case to be made that given the dynamic nature of censorship that this will = necessarily always be a work in progress. We have heard people find it usef= ul and PEARG seems as good as anywhere, and obviously the process to get to= an RG RFC would help it get better (at least that is my impression!).

Here is the current version of the draft and the repo = we're using to track issues and version the doc:

draft: https://tools.ietf.org/html/draft-hall-censorship-tech-07
repo: http= s://github.com/josephlhall/rfc-censorship-tech

Would love to hear if this is something people think PEARG would like to w= ork on and we have some ideas about additional documents in a series like t= his (e.g., having some real-world descriptive reference on research and pra= ctice in terms of traffic analysis could be really useful for IETF folks, I= suspect.)

Cheers! --Joe Hall

=
(copying two co-authors, Stan from CDT and Nick from Princeton)

* IASA2 has been a big focus of my own for the last = two years.

--
Joseph Lorenzo Hall
Chie= f Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE = 200, Washington DC 20005-3497
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
= Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 =C2=A01607 5F86 6987 40A9 A871

Don't miss out! CDT's Tech Prom is April 10,= 2019, at The
Anthem. Please join us: https://cdt.org/annual-dinner/
--000000000000d3637d0584fb574e-- From nobody Sat Mar 30 08:31:27 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F4EC12023B for ; Sat, 30 Mar 2019 08:31:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xeVi6yIJwA4W for ; Sat, 30 Mar 2019 08:31:12 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3523120228 for ; Sat, 30 Mar 2019 08:31:11 -0700 (PDT) Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2UFV2Ql007842 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 30 Mar 2019 11:31:04 -0400 Date: Sat, 30 Mar 2019 10:31:02 -0500 From: Benjamin Kaduk To: Nico Williams Cc: Peter Gutmann , "Dr. Pala" , "saag@ietf.org" Message-ID: <20190330153101.GT35679@kduck.mit.edu> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190327151545.GG4211@localhost> User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Mar 2019 15:31:26 -0000 On Wed, Mar 27, 2019 at 10:15:46AM -0500, Nico Williams wrote: > On Wed, Mar 27, 2019 at 09:45:16AM +0000, Peter Gutmann wrote: > > > >Thus there is almost zero benefit to self-describing encodings. > > > > ... apart from the fact that they can be statically analysed to check whether > > they're well-formed or not, unlike the encodings in PGP, TLS, IPsec, SSH, ... > > The protocols you list don't use a formal syntax, which instantly makes > validity checking harder (can't generate the code!). But if they had > used XDR, or ASN.1 with PER/OER/..., you could in fact automatically > check the validity of the encoding of a message. N.b. that the protocol descriptions in RFC 8446 were run through an automated syntax checker (IIRC, by Kazuho, though I'm not confident of that and only bought 20MB of data for this plane flight). So I'm not entirely convinced that this claim applies to TLS 1.3. -Ben From nobody Sat Mar 30 09:32:03 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6049A1201E8 for ; Sat, 30 Mar 2019 09:32:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MODUfnkSesYr for ; Sat, 30 Mar 2019 09:32:00 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B97D120158 for ; Sat, 30 Mar 2019 09:32:00 -0700 (PDT) Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2UGVuKs022325 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 30 Mar 2019 12:31:58 -0400 Date: Sat, 30 Mar 2019 11:31:56 -0500 From: Benjamin Kaduk To: Russ Housley Cc: IETF SAAG Message-ID: <20190330163156.GV35679@kduck.mit.edu> References: <64A6756C-7328-45EA-AE5D-4558B45EA9C4@vigilsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <64A6756C-7328-45EA-AE5D-4558B45EA9C4@vigilsec.com> User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [saag] SUIT WG Summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Mar 2019 16:32:02 -0000 On Wed, Mar 27, 2019 at 05:23:09AM -0400, Russ Housley wrote: > > The Information Model for Behavioral Description document describes an approach to formally defining the behavior of a system under firmware update and secure boot conditions. This was discussed to ensure there is a common understanding. This document will not become an RFC. Thank you for considering this path and making the intent explicit; I'm sure the IESG will appreciate not having to review the document. -Ben From nobody Sat Mar 30 15:25:48 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5574D1201BE for ; Sat, 30 Mar 2019 15:25:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4dGA9hyhekvq for ; Sat, 30 Mar 2019 15:25:44 -0700 (PDT) Received: from purple.birch.relay.mailchannels.net (purple.birch.relay.mailchannels.net [23.83.209.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D95B212004F for ; Sat, 30 Mar 2019 15:25:43 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 1DBEE5C4FF9; Sat, 30 Mar 2019 22:25:42 +0000 (UTC) Received: from pdx1-sub0-mail-a20.g.dreamhost.com (unknown [100.96.20.50]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id AC6D05C4F25; Sat, 30 Mar 2019 22:25:41 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a20.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Sat, 30 Mar 2019 22:25:42 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Soft-Daffy: 542f0f6535c3347d_1553984741931_3001048800 X-MC-Loop-Signature: 1553984741931:2192769259 X-MC-Ingress-Time: 1553984741930 Received: from pdx1-sub0-mail-a20.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a20.g.dreamhost.com (Postfix) with ESMTP id 52C3B818FB; Sat, 30 Mar 2019 15:25:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=wO0kHqsCb+LTkU hUrJvAPW+tQI4=; b=py2XEkBlWVuxlKjhwEX8Z+uqSR4l62oB8LFODpfHHeaMe7 oRUHTJB2p7umwD2i9jAHwpPA4x5gYud3oOIzP8dw1QFLLePGMZKZ4f1nFQjc/dLd rZVqBKmpKZsyUYCOkDBsjpfdclTdx1Q0ubmXtwItj2T0IUguzCmNDO15yMBD4= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a20.g.dreamhost.com (Postfix) with ESMTPSA id 8F489818FF; Sat, 30 Mar 2019 15:25:38 -0700 (PDT) Date: Sat, 30 Mar 2019 17:25:35 -0500 X-DH-BACKEND: pdx1-sub0-mail-a20 From: Nico Williams To: Benjamin Kaduk Cc: Peter Gutmann , "Dr. Pala" , "saag@ietf.org" Message-ID: <20190330222534.GK4211@localhost> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190330153101.GT35679@kduck.mit.edu> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkeelgdduieefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Mar 2019 22:25:46 -0000 On Sat, Mar 30, 2019 at 10:31:02AM -0500, Benjamin Kaduk wrote: > On Wed, Mar 27, 2019 at 10:15:46AM -0500, Nico Williams wrote: > > On Wed, Mar 27, 2019 at 09:45:16AM +0000, Peter Gutmann wrote: > > > >Thus there is almost zero benefit to self-describing encodings. > > > > > > ... apart from the fact that they can be statically analysed to check whether > > > they're well-formed or not, unlike the encodings in PGP, TLS, IPsec, SSH, ... > > > > The protocols you list don't use a formal syntax, which instantly makes > > validity checking harder (can't generate the code!). But if they had > > used XDR, or ASN.1 with PER/OER/..., you could in fact automatically > > check the validity of the encoding of a message. > > N.b. that the protocol descriptions in RFC 8446 were run through an > automated syntax checker (IIRC, by Kazuho, though I'm not confident of that > and only bought 20MB of data for this plane flight). So I'm not entirely > convinced that this claim applies to TLS 1.3. ISTR hearing about that, but the RFC does say: 3. Presentation Language This document deals with the formatting of data in an external representation. The following very basic and somewhat casually defined presentation syntax will be used. which is basically saying it's not a formal syntax. Now, perhaps it can be be formalized. If so, was that done for the checking you mentioned, and was it lost? That would be unfortunate. Are there implementations that generate codecs for TLS? Nico -- From nobody Sat Mar 30 20:44:06 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E977120127 for ; Sat, 30 Mar 2019 20:44:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qi3g_ZSfNqeR for ; Sat, 30 Mar 2019 20:44:01 -0700 (PDT) Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47F5512011D for ; Sat, 30 Mar 2019 20:43:56 -0700 (PDT) Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx147.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from ) id 1hARNk-000qkB-2r for saag@ietf.org; Sun, 31 Mar 2019 05:43:54 +0200 Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1hARNX-0006vB-AS for saag@ietf.org; Sat, 30 Mar 2019 23:43:28 -0400 Received: (qmail 28042 invoked from network); 30 Mar 2019 18:43:24 -0000 Received: from unknown (HELO [10.252.110.129]) (Authenticated-user:_huitema@huitema.net@[198.134.98.50]) (envelope-sender ) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 30 Mar 2019 18:43:23 -0000 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Christian Huitema X-Mailer: iPhone Mail (16D57) In-Reply-To: <20190330153101.GT35679@kduck.mit.edu> Date: Sat, 30 Mar 2019 11:43:22 -0700 Cc: Nico Williams , "Dr. Pala" , "saag@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> To: Benjamin Kaduk X-Originating-IP: 168.144.250.232 X-Spampanel-Domain: xsmtpout.mail2web.com X-Spampanel-Username: 168.144.250.0/24 Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com X-Spampanel-Outgoing-Class: ham X-Spampanel-Outgoing-Evidence: Combined (0.07) X-Recommended-Action: accept X-Filter-ID: EX5BVjFpneJeBchSMxfU5lrJtdcpY/4G7YGwwUmWvqp602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO4aMtG2lQcetUzONmBGEKwds1ujulqUFmMITHM77eiVi+Z/F5GkA5Zc/R72EJgnNic7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pB8RBibF9DNITiqTP9hfS9zU5EpHPznVavQp4h 1cyzxbRC4xvs/7iGgDKhZ45D5vihvZAdx4vjUFLh0kXGIOazxFpgLxqZUFZdwbOLffZB9SIbeA2G NaAif0QyGEAJd8kel+zffa+S3paXsykGResyE7dAzbZabvf4+eAvvSn0D5YzxzA4C4+ILjmdkQoL 6F7cCSavQBrPoagEXfZ210Cx8bwqyT5p50x81ZKcmzCu2U1l0pLLr6Q2GfeLeJGF+80DrsibCyBr x+YtCB8oetqRijWKtLT9WR57oxUvRixjadcobnduoQv5Sp6y3SmK1n5SK/lIPtlUiBhTzlv5XU8Y E2iH1Wgh6RAenBR+licROGZo/5bs71XwBmcfZ8NfeEmrvy7NvAbxEgZSsI+HSLa0ceWBBulHluUZ /Ien+66f/ypk354Leo8WHhg9Xcph2esmZk4AVtnYApSiFQp1w3dnUjMTi5Xt/sRoctxyu5EZ7wRl sQ6lNTZIrBtlLeoEHaVN0z6bhalFEM/pjPCQA+BAlsmxjTcEgjAf7uHQSebz5itZYSpQQtCkh8qZ SV0LCxteLaZEAHk2LN6MCYMXWHrmyKiE/9fhE5t2jvMC1yN4N4ghu1/rdU1t/SWu+yxj6TsAzBpI RKEYj3P5LT70ZY4uKy6Ua8iVFQnyU0X+eDelmfS9UshveVgoiypAicYsWUtdqW+JovcC0XtHTtan zqbG/I4cvttr0tmBjeIn/Z/emtVQvYq5Gwe6V5p1dZXUJLl9UHdlPJIlgYKUOVb4Kg3Ivfi62j4u w/K+m8SGihSRsuS3byv3CjhKpQiDxiH2EAzS5xSvMev/h5X3p2+rThvFRg== X-Report-Abuse-To: spam@quarantine9.antispamcloud.com Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2019 03:44:04 -0000 =20 > On Mar 30, 2019, at 8:31 AM, Benjamin Kaduk wrote: >=20 > N.b. that the protocol descriptions in RFC 8446 were run through an > automated syntax checker (IIRC, by Kazuho, though I'm not confident of tha= t > and only bought 20MB of data for this plane flight). So I'm not entirely= > convinced that this claim applies to TLS 1.3. The TLS messages are defined with a formal syntax. It may be an ad hoc synta= x, but the descriptions are readable and verifiable by compilation or verifi= cation tools. The TLS syntax appears specifically designed to avoid many of the pitfalls T= LV encodings. For example, the syntax defines the fixed encoding length of a= ll integer and length fields, and uses intermediate octet array encodings fo= r extensions. It is certainly much easier to get right than BER or DER. -- Christian Huitema= From nobody Sat Mar 30 23:21:50 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF34E1200B6 for ; Sat, 30 Mar 2019 23:21:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6zfiAO5fyUFe for ; Sat, 30 Mar 2019 23:21:47 -0700 (PDT) Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F011712006A for ; Sat, 30 Mar 2019 23:21:46 -0700 (PDT) Received: from [192.168.1.161] (unknown [192.168.1.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 9A5426F206 for ; Sun, 31 Mar 2019 02:21:45 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) From: Viktor Dukhovni In-Reply-To: Date: Sun, 31 Mar 2019 02:21:45 -0400 Content-Transfer-Encoding: quoted-printable Reply-To: saag@ietf.org Message-Id: <8395D12F-9965-4893-A62C-2CEAAEF4D0D6@dukhovni.org> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> To: saag@ietf.org X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2019 06:21:49 -0000 > On Mar 30, 2019, at 2:43 PM, Christian Huitema = wrote: >=20 > The TLS syntax appears specifically designed to avoid many of the = pitfalls TLV encodings. For example, the syntax defines the fixed = encoding length of all integer and length fields, and uses intermediate = octet array encodings for extensions. It is certainly much easier to get = right than BER or DER. Yes, for bespoke codecs, written by hand. Are there TLS implementations that use the structures from the RFC in a machine-readable form, to = produce automatically generated codecs? --=20 Viktor. From nobody Sun Mar 31 00:39:23 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A631E12018B for ; Sun, 31 Mar 2019 00:39:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MXFOvfFwkfOE for ; Sun, 31 Mar 2019 00:39:20 -0700 (PDT) Received: from smtp.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88BEC1201C2 for ; Sun, 31 Mar 2019 00:39:19 -0700 (PDT) Received: from [192.168.217.120] (p54A6CE73.dip0.t-ipconnect.de [84.166.206.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.uni-bremen.de (Postfix) with ESMTPSA id 44X6mj0wqgzyNM; Sun, 31 Mar 2019 09:39:17 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Carsten Bormann In-Reply-To: Date: Sun, 31 Mar 2019 09:39:16 +0200 Cc: Benjamin Kaduk , "Dr. Pala" , "saag@ietf.org" X-Mao-Original-Outgoing-Id: 575710754.508714-7cf8936474ed9dac25fa35a0d31843fe Content-Transfer-Encoding: quoted-printable Message-Id: References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> To: Christian Huitema X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2019 07:39:23 -0000 On Mar 30, 2019, at 19:43, Christian Huitema = wrote: >=20 > The TLS syntax appears specifically designed to avoid many of the = pitfalls TLV encodings. For example, the syntax defines the fixed = encoding length of all integer and length fields,=20 =E2=80=A6 which causes the result to be larger than it needs to be. Compare https://tools.ietf.org/html/draft-rescorla-tls-ctls-01 or other = proposals in this field. > and uses intermediate octet array encodings for extensions. It is = certainly much easier to get right Yeah, as we all saw in heartbleed. :-) [Don=E2=80=99t forget to celebrate its fifth discovery birthday = tomorrow.] > than BER or DER. Oh, that I can concede. There is no free lunch in this space. The TLS encoding works by opting for simplicity, but it requires bespoke = en-/decoders, which may or may not (more often) be compiled from the TLS = =E2=80=9Cpresentation language=E2=80=9D. These are built from a small = set of primitives that are reasonably easy to get right even when = manually coding. TLS can do that because it delegates its more complex parts to other = formats such as ASN.1 DER. Since the mid-1990s, there has been a trend in the industry towards = encodings that enable generic en-/decoders, handling the lexical level = of (de-)serialization. This, of course, was not new (RFC 713 had it in = 1976, and ASN.1 BER decoding is generic on the lowest level, too). The = good thing is that these generic codecs can be hardened and used in a = variety of applications; the bad thing is that the hardening does not = always happen and gets more complicated with the complexity of the = generic codec. While the focus has been on text codecs (XML, JSON) for = a while, binary codecs also exist (CBOR being an example from this = decade, patterned on the earlier msgpack). Binary generic codecs can opt to have redundant bytewise length = information (such as BER does), or opt to count items instead of bytes = except at the lowest level (as CBOR does). Apart from causing pain when = serially encoding, the ability to exploit this redundancy with = inconsistent data is an attacker=E2=80=99s play field. It also is = useful when it is necessary to skip entire subtrees in one go; CBOR = requires visiting all nodes on the subtree being skipped (unless the = =E2=80=9Cwrap in byte string=E2=80=9D design pattern is employed). Generic codecs can be intricately tied to an arcane data model that = calls for a data description language (as in ASN.1, where the tie is = perceived so tight that it triggered this entire exchange, or in XML, = which at least had an evolution of data description languages over its = lifetime), or try to map to a generic data model that a programmer might = want to use directly. JSON, msgpack, and CBOR share most of one such = generic data model and mostly differ on coverage and extensibility at = this level. Data description languages can then help map from that = generic data model to the application data model, also possibly = validating input data in the process, but are not required = (=E2=80=9Cschemaless=E2=80=9D decoding); CDDL is one such data = description language. Gr=C3=BC=C3=9Fe, Carsten From nobody Sun Mar 31 04:36:22 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55A28120074 for ; Sun, 31 Mar 2019 04:36:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PpXFHcta0fwz for ; Sun, 31 Mar 2019 04:36:19 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3C78120043 for ; Sun, 31 Mar 2019 04:36:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id E7C70BF70 for ; Sun, 31 Mar 2019 12:36:14 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WzqMBo1F6F8V for ; Sun, 31 Mar 2019 12:36:13 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 57337BF2A for ; Sun, 31 Mar 2019 12:36:13 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1554032173; bh=rnOcHur5F1+WUiClUZ3+/ZAQ7nLDl/Sx+hgUMUczwCc=; h=Subject:References:To:From:Date:In-Reply-To:From; b=oUMmeFZ3p/x8J4r66rHyv79BIY36RqdfDlkUHxrDiZ3thloTyFiYRvmkZjMgfZE4F j4bB4xhdYORfXc+dIYxNk/V1dYbroLCe1OAWDpIoJP1O/khFqS7cMFzUHNGqRMU9ni dX0PPdQGYZqzRNp5E6A1Wg+bviV4bqcHeQN1pZHQ= References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> To: "saag@ietf.org" From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <269bee5d-e225-3484-04ed-3e5de6c19081@cs.tcd.ie> Date: Sun, 31 Mar 2019 12:36:12 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="XKyQ6ZsvyhrPeUwiL0TkPGNJwibkAlqji" Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2019 11:36:21 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XKyQ6ZsvyhrPeUwiL0TkPGNJwibkAlqji Content-Type: multipart/mixed; boundary="MN0lrAsV8FyHIOtlixqu0O9j4F8YFvnIz"; protected-headers="v1" From: Stephen Farrell To: "saag@ietf.org" Message-ID: <269bee5d-e225-3484-04ed-3e5de6c19081@cs.tcd.ie> Subject: Re: [saag] ASN.1 vs. DER Encoding References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> In-Reply-To: --MN0lrAsV8FyHIOtlixqu0O9j4F8YFvnIz Content-Type: multipart/mixed; boundary="------------F719C622C90DACFB4023CE21" Content-Language: en-GB This is a multi-part message in MIME format. --------------F719C622C90DACFB4023CE21 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 31/03/2019 08:39, Carsten Bormann wrote: > There is no free lunch in this space. Oddly, there sort-of is... if one ignores the ~every-5-years debate that the new-way (asn.1/der,asn.1/,xml+dtd,xml+ schema,json,cbor...) is obviously the right answer to everything, and just go eat your lunch... then that's nearly a free lunch:-) I never understood how so many people get so excited by this topic myself. Seems to me programmers will always find a way to do as well or badly as ever despite the differences in this kind of tooling. (Training, experience and other kinds of tools like more strict compiler options can make a difference.) S. --------------F719C622C90DACFB4023CE21 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------F719C622C90DACFB4023CE21-- --MN0lrAsV8FyHIOtlixqu0O9j4F8YFvnIz-- --XKyQ6ZsvyhrPeUwiL0TkPGNJwibkAlqji Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlygpiwACgkQWrL68XsX K+pHHxAAmhseIK6CBCRmWnsFbrNPTCTufzpX0iPfBEKWsbgVbyQPcxRjgC9qK+Hz 6gIGnPwuMwpMzoHD3mgiCuAcrVNT3IuC0Sowfpltrplbp86pCvozC3tQwxy2zTkM guQhHZPYHMLLqJi4oQKesL5F3go0IAYjdEyhk//2iy3hg+uhlShrgH62tdTRxfTa qEFPCfK0xMA3jlFf9Jah7wMxGNoYTxqaLYPSZ2BZMtrlRMX6BwgvoB78SbOrSSgX n87LzzTM0S+plSLAqPx0Mld76n0VmdhSI35pVDlIG/2lK46B6bDtwjNTUIW/eWmu s1LvLYrbQ5OvZHQO87+/ncjDwCTm0VE8+1pPYrutZ+04durUsLDB4i8lEuXVXR8T bFvVNbKFQS/EDk1Vew3Woh8jHHIDBthwBp4r5CmMeG3tdbuQ1p43gIB0vdTCqvf8 fH9ZVY2t6glukPzlpAcuerWwRd+Ri6sV0V4S850Tos0gnCJxGeu8HeNktsgACgV6 XUojO/YmknIOb4hr9tlqZZwd/N7zn3olU82remXXhG2Ztd/r2Sk3wMfitrLXugBk AGdQdmRwXc+22YBSISKX/sjWMTLQhh2NnZLlI7VyVvtKDxGfjj2khoVn+tCcw3zf Dj8CUNThlClmXXzmCWHbWDOKoFTLJBgMaOxZy9hnJrX0bKihU9s= =umCc -----END PGP SIGNATURE----- --XKyQ6ZsvyhrPeUwiL0TkPGNJwibkAlqji-- From nobody Sun Mar 31 08:38:59 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3F0A1201A0 for ; Sun, 31 Mar 2019 08:38:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.852 X-Spam-Level: X-Spam-Status: No, score=-1.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=0.85, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OnJjzI0e2LHX for ; Sun, 31 Mar 2019 08:38:57 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26B78120199 for ; Sun, 31 Mar 2019 08:38:57 -0700 (PDT) Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.27/8.16.0.27) with SMTP id x2VFXNGr021640; Sun, 31 Mar 2019 16:38:55 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=QdPilhR6WdqY2sCoiqCwfDi3eDSkq8maEyaDoYCPHHU=; b=D5zj/3lSzV20cpNDk/9rjoJU9OCCBt1zuWKF+mZy7+o4h/Gsd6EN1Tq4QZhIGsaY/nzK LyvWvjwzKqCQ3YU8RifcTLRSlIRvnduZSotMVtIyq0X+YMhQAmaPXCAlAbWk0/IwmS+V zvclBx5+V6s3jj6PlVbxDSOFst3pkGEIt8uHDhS8bkgJVfV3p+FCT/0UQqozll9mK6qR IG3wjIYDEze7uVJXWpo7HrQR4xvdowhziDyxwgIGHaxXrZh4ESMm/b3RAXBkNG5G4C7G J5q0kQKOBRlO+8u+0i/jmhAW/p19hCbC7x/LWM1aSI0rzDFPVLnkNEesDMK5imExkBdB IA== Received: from prod-mail-ppoint4 (a96-6-114-87.deploy.static.akamaitechnologies.com [96.6.114.87] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 2rj1rb51qm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 31 Mar 2019 16:38:54 +0100 Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x2VFWPjb026971; Sun, 31 Mar 2019 11:38:54 -0400 Received: from email.msg.corp.akamai.com ([172.27.27.25]) by prod-mail-ppoint4.akamai.com with ESMTP id 2rj3sv6c64-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 31 Mar 2019 11:38:54 -0400 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.27.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 31 Mar 2019 10:38:53 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1473.003; Sun, 31 Mar 2019 10:38:53 -0500 From: "Salz, Rich" To: Nico Williams , Benjamin Kaduk CC: "Dr. Pala" , "saag@ietf.org" Thread-Topic: [saag] ASN.1 vs. DER Encoding Thread-Index: AQHU4/B0XqgHF4NySESckptpVwRCCqYec8yAgABTYwCAAMhSAIAAXFcAgAS7QgCAAHPTgIABQjuA Date: Sun, 31 Mar 2019 15:38:53 +0000 Message-ID: <73DF88B8-D21A-4816-A292-6F3417CC663D@akamai.com> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> <20190330222534.GK4211@localhost> In-Reply-To: <20190330222534.GK4211@localhost> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.1.190326 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.32.128] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-31_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=707 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903310117 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-31_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=737 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903310117 Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2019 15:38:59 -0000 ICANCj4gICAgd2hpY2ggaXMgYmFzaWNhbGx5IHNheWluZyBpdCdzIG5vdCBhIGZvcm1hbCBzeW50 YXguDQoNCkkgdHJpZWQgdG8gZG8gdGhhdCBzb21lIHRpbWUgYWdvLCBhbmQgZm91bmQgYSBidW5j aCBvZiBlcnJvcnMgb3IgYW1iaWd1aXRpZXMgaW4gdGhlIHNwZWMuICBZYWNjLWJhc2VkIHRvb2ws IGFuZCBub3RlcywgaGVyZTogaHR0cHM6Ly9naXRodWIuY29tL3JpY2hzYWx6L3Rsc3BhcnNlcg0K DQogDQoNCg== From nobody Sun Mar 31 10:47:06 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 156811201AF for ; Sun, 31 Mar 2019 10:47:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0fPtFuqdkTE for ; Sun, 31 Mar 2019 10:47:02 -0700 (PDT) Received: from bonobo.maple.relay.mailchannels.net (bonobo.maple.relay.mailchannels.net [23.83.214.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25C2F1201AE for ; Sun, 31 Mar 2019 10:47:02 -0700 (PDT) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DC6C45C3BA8; Sun, 31 Mar 2019 17:47:00 +0000 (UTC) Received: from pdx1-sub0-mail-a50.g.dreamhost.com (unknown [100.96.39.118]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 732615C3ABC; Sun, 31 Mar 2019 17:47:00 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com Received: from pdx1-sub0-mail-a50.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Sun, 31 Mar 2019 17:47:00 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com X-MailChannels-Auth-Id: dreamhost X-Reign-Vacuous: 52fce3ba530ddc26_1554054420730_506557563 X-MC-Loop-Signature: 1554054420729:105136189 X-MC-Ingress-Time: 1554054420729 Received: from pdx1-sub0-mail-a50.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a50.g.dreamhost.com (Postfix) with ESMTP id 0AAB68192B; Sun, 31 Mar 2019 10:47:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=Po/MmADbQWURgu p9kU4jDCoVNB0=; b=N9fW5oNOxZ4TPhEXM8YW6ZaI44iYYboZpE3/p+xt9Q/mew KSUFMxX2yaHghykYArDiAmvqBDnM+pajvW5/AY/Go8864uKwFMSlaBqzcZTgHjE/ RRHCEZAIvPvb56a+y+SJXhPKuNy0/DiPQ1TRYzKTF3HJ16ELrV66fQxrUGqBw= Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a50.g.dreamhost.com (Postfix) with ESMTPSA id E18B281925; Sun, 31 Mar 2019 10:46:57 -0700 (PDT) Date: Sun, 31 Mar 2019 12:46:55 -0500 X-DH-BACKEND: pdx1-sub0-mail-a50 From: Nico Williams To: "Salz, Rich" Cc: Benjamin Kaduk , "Dr. Pala" , "saag@ietf.org" Message-ID: <20190331174654.GL4211@localhost> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> <20190330222534.GK4211@localhost> <73DF88B8-D21A-4816-A292-6F3417CC663D@akamai.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <73DF88B8-D21A-4816-A292-6F3417CC663D@akamai.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: -100 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrledvgdduudelucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2019 17:47:04 -0000 On Sun, Mar 31, 2019 at 03:38:53PM +0000, Salz, Rich wrote: > > which is basically saying it's not a formal syntax. > > I tried to do that some time ago, and found a bunch of errors or > ambiguities in the spec. Yacc-based tool, and notes, here: > https://github.com/richsalz/tlsparser ISTR that as well. Thanks. Can the ambiguities/errors be addressed? From nobody Sun Mar 31 13:31:02 2019 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 093A6120160 for ; Sun, 31 Mar 2019 13:30:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.852 X-Spam-Level: X-Spam-Status: No, score=-1.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=0.85, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZtOO97mwd2uu for ; Sun, 31 Mar 2019 13:30:52 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63E29120003 for ; Sun, 31 Mar 2019 13:30:52 -0700 (PDT) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.27/8.16.0.27) with SMTP id x2VKGkjs031430; Sun, 31 Mar 2019 21:30:50 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=uev4o/1OW4hudA1gNqbKi6APvXwlxvu+3n0iR5Z+25s=; b=Q7nFBMiH1kusibxFeFkZPweNmabvFoe+8CqDgKPAAdhP9ul2iLxVctmVHZ5fsoYA9RGm psx1zf66e2+BtLTGihYh1jUXIfFVk+WV0p3vO59Y2TJ/dE7es7gLnqkS6OdhcDaa3AlE ULIbiORZAhZwZZqThZt/QD3V4j+ClGgYtxt1VIWyZgrzVhdHB7phuk5T5B2fiblzY9eU AyxSKhJLdo2mLulnQ7+oUBJxRGxWWaWRmHIlakd2JZ1Avx8RZMH+6911fIceHzZWdxZn d+KtTkZrRIE/G7grG2CyA7W52bRlVtAZuW8xSysJUEndhqnDM1KIui41d15S4UlKF4L4 OA== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050095.ppops.net-00190b01. with ESMTP id 2rj0v6ns64-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 31 Mar 2019 21:30:50 +0100 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x2VKHN9S006767; Sun, 31 Mar 2019 16:30:49 -0400 Received: from email.msg.corp.akamai.com ([172.27.25.30]) by prod-mail-ppoint2.akamai.com with ESMTP id 2rj3svdaac-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 31 Mar 2019 16:30:49 -0400 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.27.102) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 31 Mar 2019 15:30:47 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1473.003; Sun, 31 Mar 2019 15:30:47 -0500 From: "Salz, Rich" To: Nico Williams CC: Benjamin Kaduk , "Dr. Pala" , "saag@ietf.org" Thread-Topic: [saag] ASN.1 vs. DER Encoding Thread-Index: AQHU4/B0XqgHF4NySESckptpVwRCCqYec8yAgABTYwCAAMhSAIAAXFcAgAS7QgCAAHPTgIABQjuAgAACPoCAAE9PAA== Date: Sun, 31 Mar 2019 20:30:46 +0000 Message-ID: <763CB346-F9E5-4821-87B7-1690436F8766@akamai.com> References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> <20190330222534.GK4211@localhost> <73DF88B8-D21A-4816-A292-6F3417CC663D@akamai.com> <20190331174654.GL4211@localhost> In-Reply-To: <20190331174654.GL4211@localhost> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.1.190326 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.32.128] Content-Type: text/plain; charset="utf-8" Content-ID: <7A26DE66DDCBF541AD55E401550E9316@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-31_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=592 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903310155 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-31_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=625 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903310155 Archived-At: Subject: Re: [saag] ASN.1 vs. DER Encoding X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Mar 2019 20:30:54 -0000 PiAgICBJU1RSIHRoYXQgYXMgd2VsbC4gIFRoYW5rcy4gIENhbiB0aGUgYW1iaWd1aXRpZXMvZXJy b3JzIGJlIGFkZHJlc3NlZD8NCg0KWWVzLiAgVGhlIFdHIGhhZCBubyBpbnRlcmVzdCBpbiBkb2lu ZyBzby4NCiAgDQoNCg==