From nobody Tue Nov 10 09:16:55 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A741E3A0E59; Tue, 10 Nov 2020 09:16:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sfyghrXu3iGl; Tue, 10 Nov 2020 09:16:51 -0800 (PST) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140080.outbound.protection.outlook.com [40.107.14.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 521C83A0EA1; Tue, 10 Nov 2020 09:16:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QaaFoXkCtqUemKIZPrr+UgSJjQb7/TP3iUJxux6FFx2e/TU9L3GwpeWScdu00aHqxt9G0z5WnO4+b2tbfOk7ND4vQWLf2tVM40qqgKZXRWGgdwut6GOc3rYjWqrNssx0l8YUVxpw1zHdxtWsKQPDqGi0m+q5/yZdNfCAtK8NO4eG9vivaV2JK7jpXsXO/hqKtRpl3iAY3/Ii8hoCFaPtjLbFQJIPeBiW7qhp6nfLJhWApiJj8Fx5Kt1VK8ALDR7pb/28ITB0+ajAfN1ZFVN//1KRDwSosGgq8ATM1jGg2vLqwLEG5QYHGETXsSuCfXrOSX5zkYKxd0tLJlPQIa0G6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0kdp1K8YKkRJqCzGN0MoOeNb/KttyHwuBcEFS/g3x9o=; b=Usi+F+i/i8cb8cTDhAUyJyB3rfVtGwxuEBXJon+5ISfaANCgn8ZLVgfjmwBz2qBJdmkTHlq1Xw3AwjtHFswYiRIVQ6Yw4ZEHhtdXM8rBardmD4X0z2MG7hUI/gAxeAYOX8is7Zw0uw3MuMwf+YIOtZ8sL+HHYnd82M4XorhxrZjej2d5Hj7wVHjrA6vzBDjsz1da9qis8vYd5qPJsUyC4OAT4QlLLCdNcMH9jgUhQS38cjCxrT1Ze/OgqVyjhw+1ofnSwSgA3MRagaMTRuP1kY0JqX0Es5Hqm0zWDszAyM8f94HduyKa+X366BZRt+p61tMqp7RHP7pVN6KiVJk9tg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0kdp1K8YKkRJqCzGN0MoOeNb/KttyHwuBcEFS/g3x9o=; b=k3JkWvnx5ZF3Y5FzhqMvw1z6FjiFuFlaoJAetME6eMvHZBVSJkNOXa8zZYJmnrarXVFkEN9sGJjgTB+c4ryCaatnCLdGOYHawn4T0J1UFDwSX5FnhwAehF7gr5Ik+kSDKYwVTIw8Jj9bxkgLn8z2JxLzJnB7LtokchrgQ326JjE= Received: from VI1PR07MB4477.eurprd07.prod.outlook.com (2603:10a6:803:74::33) by VI1PR0701MB2096.eurprd07.prod.outlook.com (2603:10a6:800:2e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.21; Tue, 10 Nov 2020 17:16:41 +0000 Received: from VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::1924:4b62:2704:55e4]) by VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::1924:4b62:2704:55e4%6]) with mapi id 15.20.3564.021; Tue, 10 Nov 2020 17:16:41 +0000 From: Francesca Palombini To: "secdispatch@ietf.org" CC: "secdispatch-chairs@ietf.org" Thread-Topic: IETF 109 agenda Thread-Index: AQHWt4VBB5Qgse29iUulpTvAU3vOIQ== Date: Tue, 10 Nov 2020 17:16:41 +0000 Message-ID: <10D1BFE8-3301-44E5-A459-CE576508CD3C@ericsson.com> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.42.20101102 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com; x-originating-ip: [158.174.219.143] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c1e143ce-314a-4fe7-b313-08d8859c6428 x-ms-traffictypediagnostic: VI1PR0701MB2096: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: PM4b9G6+Ml0/vyi+ODH5c7TP2AWkQ0fOflRhBvjG3uiZfsyxkniZHeheXZTUKddtMh1AwO80KOchEFB41VErW/fkrtPuizwCfECXn4lD0z1ADLifG4pEf9gUj4dKXqNING7f3OP35oKMQvLfMIlbb5WKuOw5E3wEDzVj4y4rjXE36D1WGbdgv5ix9/FCEvX7Jz1QWy6pJIXH2OhfV7FGsA8gVxj8FESJ3fo0Re+kZS/gECd0Cq6JyULJKvjOxnu4K9Oj5SexUNak/gM9QGqfKPDYKgizPlVc/emIZUivxY3EX3QMEdsp+j53nKfVk6lJZQCB1coEEb1+h4JGZoHLXaW/qG+C0Nn3LFNkpDfI6XV+Vx564Bg65gGzy7/GQGG5KHtA1T5Cw73bGbzSP+wWfg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB4477.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8936002)(44832011)(6506007)(36756003)(498600001)(450100002)(86362001)(5660300002)(8676002)(66946007)(76116006)(6916009)(7116003)(4326008)(66476007)(6512007)(2906002)(966005)(26005)(6486002)(83380400001)(91956017)(2616005)(71200400001)(66446008)(33656002)(53546011)(186003)(64756008)(66556008); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: JFN8T9GtyG7bMQImudTifUo4WmCLOXBicRm+XOhO8U+S6hpCEMtEOFRe0Hzm5MP49nfbSYHL6sEZVeDOk6pcoe2H4obOuH+WYWs9A58dSQ+eZQJaUwjR8PNC74eLsH9Ku/NhwjbR0N++jzzFQjvwLMdymOSyNdXFYUGko36NgKPcs95ypsd/k43IQeEbL2qrlBLOGTVQZj54/ZNWLKYPBdwqobrkzCY2VnweZxjGIjgtbNutmV/QKAaJXH3HiEt0nqM2LwTT+VTjnhqNnc9DHA0bC6hJpQghc4ffEFj1MeXIeGUM7tXN8IPrhIAaiNRSryu7gcJTm8GamqoOmZ8GXnMgIfqJ8KWxHBzjEnt1M/eCszPH9/Qcp3tsGDHnmHmaRuWFCmJBw5UMyz3UcUI696njyKy3aS0XgG4kTg+26DEkjrCwquN5ir3ixZ95wsaogN2M8bFpq5J7BrAxLQfTu7FwzZCgWITdcuFTW2TPGaoJySoyNyMKesuu/hH0F3Xsi1rgof9YaN3r/etgeX4FOgPcyVIesczRqJ8gB4n3Cvy0/Lc9+xRK2SLIc3Ce4voJioyuqwFANaNCcmse7ce15n9sfHRq9Q3SEjoioAMahrUQngSCVME7+HX7CiepRMFUMZO53ZoqzafE34fy6uoSQJVq+aMP92d7hxekFdciPTlN9IKl9hRvgnJm1VGpbSIGIMebzevkEMYhPcCu595qFA6tklKD7fFI02C0fR8yQ6ZPb2zGSdYVNJU+10EE/FA4cU0TltM+cgnc7HFLJl4k6uiyRgl5AJJjteSv0N6mqJO9qPTVdTgFOq4oGQEYuPGFrunrSiGdTU59+LDvoQgwC0GNYQaD9QmOYNqMKseElEbUebT7pRBpU6xB635XYiVGiRhN/QzatrYvE/uWzcWhfg== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <03EABC5B821D14489BC7ABD934464E98@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB4477.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c1e143ce-314a-4fe7-b313-08d8859c6428 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2020 17:16:41.3816 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4sjOeM02RhcuY/cBW65MOA9iz9tW7RO4Q8SGAr0vADEYCorTqdbGy1LtxPDe3zZ5/KW6xxnPvIDzw/AYiZlHQ2C7P+jAKm1RsLXYcRMOKXUUgKQqCOCIXCQmM6/13pTy X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2096 Archived-At: Subject: [Secdispatch] IETF 109 agenda X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2020 17:16:54 -0000 SGkgYWxsLA0KDQpBbiBhZ2VuZGEgZm9yIHRoZSBjb21pbmcgbWVldGluZyBoYXMgYmVlbiBwb3N0 ZWQ6IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvbWVldGluZy8xMDkvbWF0ZXJpYWxzL2Fn ZW5kYS0xMDktc2VjZGlzcGF0Y2gtMDAgIFBsZWFzZSBub3RlIHRoYXQgdGhlIGxhc3QgcHJlc2Vu dGF0aW9uIChTVlQpIHdhcyBkaXNjdXNzZWQgYXQgSUVURjEwNyBhbmQgaGFzIGFscmVhZHkgYmVl biBkaXNwYXRjaGVkLCBidXQgc2luY2Ugd2UgYXJlIG5vdCBsb3cgb24gdGltZSBvbiB0aGlzIG1l ZXRpbmcgd2UgY2FuIGdpdmUgaXQgYSBzbG90IGZvciBkaXNjdXNzaW9uIGFuZCBmZWVkYmFjayAo d2l0aG91dCBkaXNwYXRjaGluZyBvdXRjb21lcykuIA0KDQpXZSBhcmUgbG9va2luZyBmb3IgbWlu dXRlIHRha2VycyBhbmQgamFiYmVyIHNjcmliZS4gUGxlYXNlIGNvbnNpZGVyIHZvbHVudGVlcmlu ZyBpZiB5b3UgYXJlIHBsYW5uaW5nIHRvIGpvaW4gdGhlIHNlc3Npb24uDQoNClRhbGsgdG8geW91 IGFsbCBzb29uIQ0KRnJhbmNlc2NhDQoNCu+7v09uIDI3LzEwLzIwMjAsIDE1OjQ4LCAiU2VjZGlz cGF0Y2ggb24gYmVoYWxmIG9mIEZyYW5jZXNjYSBQYWxvbWJpbmkiIDxzZWNkaXNwYXRjaC1ib3Vu Y2VzQGlldGYub3JnIG9uIGJlaGFsZiBvZiBmcmFuY2VzY2EucGFsb21iaW5pPTQwZXJpY3Nzb24u Y29tQGRtYXJjLmlldGYub3JnPiB3cm90ZToNCg0KICAgIEhpIGFsbCwNCg0KICAgIEFzIHlvdSBt aWdodCBoYXZlIHNlZW4sIFNlY2Rpc3BhdGNoIGhhcyBiZWVuIHNjaGVkdWxlZCB0byBoYXZlIGFu IGFsbCB2aXJ0dWFsIG1lZXRpbmcgb24gTW9uZGF5LCAxNiBOb3ZlbWJlciAyMDIwLCAxNjAwLTE4 MDAgSUNUIChVVEMgKzcpLg0KICAgIFRoZSBzZXNzaW9uIHdpbGwgaGFwcGVuIG92ZXIgTWVldGVj aG8sIGFuZCB5b3Ugd2lsbCBuZWVkIHRvIHJlZ2lzdGVyIHRvIElFVEYgdG8gcGFydGljaXBhdGUu IEZvciBtb3JlIGluZm9ybWF0aW9uIG9uIGhvdyB0byBwYXJ0aWNpcGF0ZTogaHR0cHM6Ly9pZXRm Lm9yZy9ob3cvbWVldGluZ3MvMTA5L3Nlc3Npb24tcGFydGljaXBhbnQtZ3VpZGUvIA0KDQogICAg V2UgYXJlIHdvcmtpbmcgb24gdGhlIGFnZW5kYS4gQ3VycmVudGx5IHdlIGhhdmUgMyByZXF1ZXN0 ZWQgYWdlbmRhIGl0ZW1zLCB3aGljaCB5b3UgY2FuIGZpbmQgaW4gdGhlIHdpa2k6IGh0dHBzOi8v dHJhYy5pZXRmLm9yZy90cmFjL3NlY2Rpc3BhdGNoL3dpa2kvaWV0ZjEwOSANCg0KICAgIFRoaXMg aXMgb3VyIHNlY29uZCBjYWxsIGZvciBhZ2VuZGEgaXRlbXMuIElmIHlvdSB3b3VsZCBsaWtlIHRp bWUgb24gdGhlIGFnZW5kYSwgc2VuZCB5b3VyIHJlcXVlc3QgdG8gdGhlIG1haWxpbmcgbGlzdCBi ZWZvcmUgKk1vbmRheSwgTm92ZW1iZXIgMm5kKi4gIEd1aWRlbGluZXMgb24gaG93IHRvIHJlcXVl c3QgYSBzbG90IG9uIHRoZSBhZ2VuZGEgeW91IGFyZSBpbiB0aGUgd2lraTogaHR0cHM6Ly90cmFj LmlldGYub3JnL3RyYWMvc2VjZGlzcGF0Y2gvI1JlcXVlc3RpbmdUaW1lb250aGVBZ2VuZGEgDQoN CiAgICBJZiBuZWVkZWQsIHByZWNlZGVuY2UgaW4gdGhlIG1lZXRpbmcgd2lsbCBiZSBnaXZlbiB0 byBkb2N1bWVudHMgdGhhdCBoYXZlIGRlbW9uc3RyYXRlZCBpbnRlcmVzdCBpbiB0aGUgZm9ybSBv ZiBhY3RpdmUgZHJhZnRzIGFuZCBtYWlsaW5nIGxpc3QgZGlzY3Vzc2lvbi4NCiAgICBJZiB5b3Ug aGF2ZSBxdWVzdGlvbnMsIHBsZWFzZSByZWFjaCBvdXQgdG8gdGhlIGNoYWlycy4NCg0KICAgIFRo YW5rcywNCiAgICBGcmFuY2VzY2ENCg0KICAgIE9uIDIzLzEwLzIwMjAsIDIzOjE2LCAiIklFVEYg U2VjcmV0YXJpYXQiIiA8YWdlbmRhQGlldGYub3JnPiB3cm90ZToNCg0KICAgICAgICBEZWFyIEZy YW5jZXNjYSBQYWxvbWJpbmksDQoNCiAgICAgICAgVGhlIHNlc3Npb24ocykgdGhhdCB5b3UgaGF2 ZSByZXF1ZXN0ZWQgaGF2ZSBiZWVuIHNjaGVkdWxlZC4NCiAgICAgICAgQmVsb3cgaXMgdGhlIHNj aGVkdWxlZCBzZXNzaW9uIGluZm9ybWF0aW9uIGZvbGxvd2VkIGJ5DQogICAgICAgIHRoZSBvcmln aW5hbCByZXF1ZXN0LiANCg0KDQogICAgICAgICAgICBzZWNkaXNwYXRjaCBTZXNzaW9uIDEgKDI6 MDAgcmVxdWVzdGVkKQ0KICAgICAgICAgICAgTW9uZGF5LCAxNiBOb3ZlbWJlciAyMDIwLCBTZXNz aW9uIElJSSAxNjAwLTE4MDANCiAgICAgICAgICAgIFJvb20gTmFtZTogUm9vbSA3IHNpemU6IDUw Nw0KICAgICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tDQoNCg0KICAgICAgICBpQ2FsZW5kYXI6IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcv bWVldGluZy8xMDkvc2Vzc2lvbnMvc2VjZGlzcGF0Y2guaWNzDQoNCiAgICAgICAgUmVxdWVzdCBJ bmZvcm1hdGlvbjoNCg0KDQogICAgICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KICAgICAgICBXb3JraW5nIEdyb3VwIE5hbWU6IFNl Y3VyaXR5IERpc3BhdGNoDQogICAgICAgIEFyZWEgTmFtZTogU2VjdXJpdHkgQXJlYQ0KICAgICAg ICBTZXNzaW9uIFJlcXVlc3RlcjogRnJhbmNlc2NhIFBhbG9tYmluaQ0KDQoNCiAgICAgICAgTnVt YmVyIG9mIFNlc3Npb25zOiAxDQogICAgICAgIExlbmd0aCBvZiBTZXNzaW9uKHMpOiAgMiBIb3Vy cw0KICAgICAgICBOdW1iZXIgb2YgQXR0ZW5kZWVzOiAyMDANCiAgICAgICAgQ29uZmxpY3RzIHRv IEF2b2lkOiANCiAgICAgICAgIENoYWlyIENvbmZsaWN0OiBjYm9yIGNvcmUgZ2VuZGlzcGF0Y2gg aHR0cGJpcw0KICAgICAgICAgVGVjaG5vbG9neSBPdmVybGFwOiBzYWFnIGRpc3BhdGNoIGFjZSBh Y21lIGNvc2UgY3VyZGxlIGRvdHMgZW11IGkybnNmIGlwc2VjbWUga2l0dGVuIGxha2UgbGFtcHMg bWlsZSBtbHMgb2F1dGggcmF0cyBzYWNtIHNlY2V2ZW50IHN1aXQgdGVlcCB0bHMgdG9rYmluZCB0 cmFucw0KDQoNCg0KDQoNCg0KICAgICAgICBQZW9wbGUgd2hvIG11c3QgYmUgcHJlc2VudDoNCiAg ICAgICAgICBLYXRobGVlbiBNb3JpYXJ0eQ0KICAgICAgICAgIFJvbWFuIERhbnlsaXcNCiAgICAg ICAgICBSaWNoYXJkIEJhcm5lcw0KICAgICAgICAgIEJlbmphbWluIEthZHVrDQogICAgICAgICAg RnJhbmNlc2NhIFBhbG9tYmluaQ0KDQogICAgICAgIFJlc291cmNlcyBSZXF1ZXN0ZWQ6DQoNCiAg ICAgICAgU3BlY2lhbCBSZXF1ZXN0czoNCiAgICAgICAgICBQbGVhc2UgYXZvaWQgY29uZmxpY3Qg d2l0aCBhbnkgU2VjdXJpdHkgcmVsYXRlZCBCb0YuDQogICAgICAgIC0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQoNCg0KICAgIF9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQogICAgU2VjZGlzcGF0 Y2ggbWFpbGluZyBsaXN0DQogICAgU2VjZGlzcGF0Y2hAaWV0Zi5vcmcNCiAgICBodHRwczovL3d3 dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NlY2Rpc3BhdGNoDQoNCg== From nobody Sat Nov 14 17:28:53 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEFEA3A0E1F for ; Sat, 14 Nov 2020 17:28:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8T1uWiDdVCBi for ; Sat, 14 Nov 2020 17:28:50 -0800 (PST) Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FDB23A0E1D for ; Sat, 14 Nov 2020 17:28:49 -0800 (PST) Received: by mail-lj1-x235.google.com with SMTP id x9so15529784ljc.7 for ; Sat, 14 Nov 2020 17:28:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=W2iTwkDrXLwxEsPabUM0AGikpDm1KA+72YzI46WQ3F4=; b=cJZKl7cB2cMOoPsny/r2CSSDDrXUglb4/Ue8EEaqFxJWgTRV7fE23tfPxfao9r/1hG +6+TKtFXyB/akJH6pr/4Xvf1sgBNSlPQGr4pF3g3gN9tCh7LPsh+F9jFda58d9Vl82hn smjSmoHcw5B2FtEv6A7Og+aYQU2u1rS9YNepxtvLj2MkJ5RbuH6mrwSHFShF3tW0bgMX GUkgTPUXES05Ujmi6RfqgXN5PMP/x9bncLCjyO0v/VfEEkS/2kM5aznGRhw+QOrqWY/0 aCkwvcNRmeGE6uA9O7rhgVkQVMFqgorUBZSsjX75Fcl9v3zxxuy7aiiMOnUQNCvtidch Cl3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=W2iTwkDrXLwxEsPabUM0AGikpDm1KA+72YzI46WQ3F4=; b=Iv+8dbhd0pGD0YEfxFm4tbSr+vWPEIvF2FxcId2pCvTyPuUOhV87rRBzqXRkqfSrHm G0NQ/8V0Eu3m764awXzNVajsuF21wSGIUFE8ROh9XxzQikjlinvL+0YzmaEwkJzIspUG xCMbkj6ZJUYLOcNcEvepRlotFiKOmIl6T4ofOp6Naj11+U6H3+yYqnnddpc40e2oxjUX obeIhdAbSznDZ/9rKplIFIjLhMJgsjCpvhLMSMmWeBtumk9B7k9Lf0hewvuwAvrTLTgm ANOJJkVsUV9rGXPF9+xOD2BJBstVngQmDd6qPC8UCPIse4pFe06NLgT+UF0/K4tniLhM lnmQ== X-Gm-Message-State: AOAM532iGHN4Z8M2Yt8MMKufF0TzMImNRS+Lb3FQrpQ8sFZlw+rmMTiK U4amQxPSxbxhIVaN93C1+WpBOGwwr2VaWH31GmcPdQ== X-Google-Smtp-Source: ABdhPJy1A4+VuDO0/WLXHlUwDxfFQ72omdDl/txW99pm/KIhlxuQG8KWn3zFbvS2TNz3Anj06aZacZCZ4IxFiBefRYc= X-Received: by 2002:a05:651c:113b:: with SMTP id e27mr3420661ljo.17.1605403727680; Sat, 14 Nov 2020 17:28:47 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Eric Rescorla Date: Sat, 14 Nov 2020 17:28:11 -0800 Message-ID: To: Shumon Huque Cc: IETF SecDispatch Content-Type: multipart/alternative; boundary="000000000000e8e64305b41b2ed6" Archived-At: Subject: Re: [Secdispatch] Agenda time request: DANE for IOT security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Nov 2020 01:28:52 -0000 --000000000000e8e64305b41b2ed6 Content-Type: text/plain; charset="UTF-8" I have reviewed these drafts. While I don't have any strong opinions about whether this technology is a good thing or not. I do have some thoughts about the TLS binding. Overall, it's probably not good to try to do the same thing for TLS 1.3 and TLS 1.2, given the very different properties of client authentication in the two protocols. In 1.3 the right way to do this is for the server to indicate willingness/desire for DANE information in the CertificateRequest and the client to answer that in the Certificate. This will automatically encrypt the contents of the extension without resort to ECH, just as the client's cert is already encrypted. TLS 1.2 doesn't support ECH nor does it it encrypt the certificate, so it seems like ideally we would not support TLS 1.2 at all for this extension. Is there a strong need for it? Your encoding for the extension is not extensible because it does not contain a length as well as a type. struct { NameType name_type; select (name_type) { case host_name: HostName; } name; } ClientName; .. struct { ClientName client_name_list<1..2^16-1> } ClientNameList; The issue is that a receiver of an unknown type cannot properly skip past it because it doesn't know the length (note that this is a known problem in SNI as well). The correct approach is to have the ClientName include a length field: struct { NameType name_type; uint16 length; // NEW select (name_type) { case host_name: HostName; } name; } ClientName; struct { ClientName client_name_list<1..2^16-1> } ClientNameList; Note that this will create a redundant length but that's basically just the natural thing for TLS encoding and not really worth fixing. -Ekr On Mon, Oct 12, 2020 at 5:53 PM Shumon Huque wrote: > Dear SecDispatch chairs, > > We'd like to ask for a presentation slot at SecDispatch during > IETF109 to talk about the use of DNS and DANE for IOT security. > We'd cover the following set of topics: > > * DANE for TLS client authentication. Some proposed mechanisms > are described in the following drafts, which were originally > written a while back, and have recently been refreshed: > https://tools.ietf.org/html/draft-huque-dane-client-cert-04 > https://tools.ietf.org/html/draft-huque-tls-dane-clientid-02 > > * The use of DNS & DANE for certificate discovery. > > * Expanding the scope of DANE to cover the general use case of object > security (DANE currently offers TLSA for TLS channel authentication, > and SMIMEA for object security in email applications and email like > identities, so neither quite fit the bill in their current forms). > > Shumon Huque > (with some colleagues working in the IOT security space). > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000e8e64305b41b2ed6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I have reviewed these drafts. While I don't have = any strong opinions about
whether this technology is a good = thing or not. I do have some thoughts about
the TLS binding.

Over= all, it's probably not good to try to do the same thing for TLS
1.3 = and TLS 1.2, given the very different properties of client
authenticatio= n in the two protocols.

In 1.3 the right way to do this is for the s= erver to indicate
willingness/desire for DANE information in the Certifi= cateRequest and
the client to answer that in the Certificate. This will = automatically
encrypt the contents of the extension without resort to EC= H, just
as the client's cert is already encrypted.

TLS 1.2 do= esn't support ECH nor does it it encrypt the certificate,
so it seem= s like ideally we would not support TLS 1.2 at all for
this extension. I= s there a strong need for it?


Your encoding for the extension is= not extensible because it does
not contain a length as well as a type. =

=C2=A0 =C2=A0struct {
=C2=A0 =C2=A0 =C2=A0 =C2=A0NameType name_t= ype;
=C2=A0 =C2=A0 =C2=A0 =C2=A0select (name_type) {
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0case host_name: HostName;
=C2=A0 =C2=A0 =C2= =A0 =C2=A0} name;
=C2=A0 =C2=A0} ClientName;

=C2=A0 =C2=A0..
= =C2=A0 =C2=A0
=C2=A0 =C2=A0struct {
=C2=A0 =C2=A0 =C2=A0 =C2=A0Client= Name client_name_list<1..2^16-1>
=C2=A0 =C2=A0} ClientNameList;
The issue is that a receiver of an unknown type cannot properly skippast it because it doesn't know the length (note that this is a known=
problem in SNI as well). The correct approach is to have the ClientName=
include a length field:

=C2=A0 =C2=A0struct {
=C2=A0 =C2=A0 = =C2=A0 =C2=A0NameType name_type;
=C2=A0 =C2=A0 =C2=A0 =C2=A0uint16 lengt= h; =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 // NEW
=C2=A0 =C2=A0= =C2=A0 =C2=A0select (name_type) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0case host_name: HostName;
=C2=A0 =C2=A0 =C2=A0 =C2=A0} name;
= =C2=A0 =C2=A0} ClientName;

=C2=A0 =C2=A0struct {
=C2=A0 =C2=A0 = =C2=A0 =C2=A0ClientName client_name_list<1..2^16-1>
=C2=A0 =C2=A0}= ClientNameList;

Note that this will create a redundant length but t= hat's basically
just the natural thing for TLS encoding and not real= ly worth
fixing.

-Ekr










=

On Mon, Oct 12, 2020 at 5:53 PM Shumon Huque <shuque@gmail.com> wrote:
Dear SecDispatch chair= s,

We'd like to ask for a presentation slot at SecDispatch = during
IETF109 to talk about the use of DNS and DANE for IOT secu= rity.
We'd cover the following set of topics:

* = DANE for TLS client authentication. Some proposed mechanisms
=C2=A0 are = described in the following drafts, which were originally
=C2=A0 written = a while back, and have recently been refreshed:
=C2=A0 =C2=A0 https://tools.ietf.org/html/draft-huque-dane-client-cert-04
=C2= =A0 =C2=A0 https://tools.ietf.org/html/draft-huque-tls-dane= -clientid-02

* The use of DNS & DANE for certificate discove= ry.

* Expanding the scope of DANE to cover the general use case= of object
=C2=A0 security (DANE currently offers TLSA for TLS ch= annel authentication,
=C2=A0 and SMIMEA for object security in em= ail applications and email like
=C2=A0 identities, so neither qui= te fit the bill in their current forms).

Shumon Huque
(with some colleagues working in the IOT security space).
=
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000e8e64305b41b2ed6-- From nobody Sat Nov 14 19:41:33 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34DCA3A1047 for ; Sat, 14 Nov 2020 19:41:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FnOdEpu2TxAV for ; Sat, 14 Nov 2020 19:41:29 -0800 (PST) Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34BBD3A1044 for ; Sat, 14 Nov 2020 19:41:29 -0800 (PST) Received: by mail-ed1-x529.google.com with SMTP id m16so349844edr.3 for ; Sat, 14 Nov 2020 19:41:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QIw21dTvM1fK2zHZPUpDXnjpwKj1ud4CIEfA44xHkPM=; b=Q3D4+K0kNTogAGLAnsiEgoPbjJSW5PQblo2OinQfaxzng/40PC3Dww+EJz6uBK8/j3 PDT3+TQSq/HtyNRO9xQWPRQNu3rjloXbaafZxI4C0vC2KH7xZSKUqro390Qtl/x1HGda AqJX9IM1A82vVWevyHVM6Ovi0qh00AaFdcLXtluaurcTooHNSI6s3CBKOD7G+R13ihdl 9ztQLsF7BLMavSxsotuigPGpmA3iQ0cxtLfS5NPlYPg15Km2kBy3Y5SgZhzI1OiKAKJD 7zd4R50aos1xDSPpUoYiGgMpEHEvMZGQmE6niYEbFX7W1yK2oG6FEZhD9shkwpwBHO0k G3bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QIw21dTvM1fK2zHZPUpDXnjpwKj1ud4CIEfA44xHkPM=; b=E8BL8vzJY7SOLNe7CizAxcPqnTMddpm8ru5JpUICFCHLuxKwnUS7L4wiHqp28x01pt QQshekZ4byixseBeWfMqMTTspx2g6ZhEp0jDV769yrAyf4CsrRpN5NAEpq3CHxIZySZe L2QJunqoViv6Xln2bCU4oejWJi2wFiqPSiisCTcYL9cq1hghpuY8odudJa65j7oWYJmx z30S+hcDHh7TWBpvmyM9GTR96/NeORL3TAy2mRegwn8YFHFpUkmC0LyXn+7KqrV/jsKo DypaSTPBkPkGS8c+mFSAsm6byBDxRZCSQH2yxKG+kZa9ybYWgZN+TKhvI0qwgcRqhUZY 5csg== X-Gm-Message-State: AOAM532rZdUHCUtflKZpF+zTQHd/zzonRBvp31remLLaFwrwysAAop8r N+IMko8HMNeLcbjhn+CX1Sp572EGxFco/DYGENo= X-Google-Smtp-Source: ABdhPJw/RvXF7QmCDce7+p3X69PRNwg+w0RI16DECKIcrQR7ClLHdQLdzByBObja2hQsv5H4ZNc1NJcgocS0B6Ry+es= X-Received: by 2002:a05:6402:1c8e:: with SMTP id cy14mr10234173edb.39.1605411687309; Sat, 14 Nov 2020 19:41:27 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Shumon Huque Date: Sat, 14 Nov 2020 22:41:15 -0500 Message-ID: To: Eric Rescorla Cc: IETF SecDispatch Content-Type: multipart/alternative; boundary="00000000000057272e05b41d094c" Archived-At: Subject: Re: [Secdispatch] Agenda time request: DANE for IOT security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Nov 2020 03:41:31 -0000 --00000000000057272e05b41d094c Content-Type: text/plain; charset="UTF-8" On Sat, Nov 14, 2020 at 8:28 PM Eric Rescorla wrote: > I have reviewed these drafts. While I don't have any strong opinions about > whether this technology is a good thing or not. I do have some thoughts > about > the TLS binding. > Thanks for the review! > Overall, it's probably not good to try to do the same thing for TLS > 1.3 and TLS 1.2, given the very different properties of client > authentication in the two protocols. > > In 1.3 the right way to do this is for the server to indicate > willingness/desire for DANE information in the CertificateRequest and > the client to answer that in the Certificate. This will automatically > encrypt the contents of the extension without resort to ECH, just > as the client's cert is already encrypted. > > TLS 1.2 doesn't support ECH nor does it it encrypt the certificate, > so it seems like ideally we would not support TLS 1.2 at all for > this extension. Is there a strong need for it? > Yeah, we're aware the privacy protections can only be achieved with TLS 1.3. My assumption (possibly mistaken) has been that we will need to support deployed bases of both TLS 1.2 and 1.3. However, since this protocol requires code changes in TLS stacks anyway, perhaps we can mandate TLS 1.3 only, and modify the protocol according to your suggestion (adding the new protocol elements to CertificateRequest and Certificate and remove the need for ECH). I'll ponder and chat with some of the potential consumers of this technology re: TLS 1.2/1.3. > > > Your encoding for the extension is not extensible because it does > not contain a length as well as a type. > > struct { > NameType name_type; > select (name_type) { > case host_name: HostName; > } name; > } ClientName; > > .. > > struct { > ClientName client_name_list<1..2^16-1> > } ClientNameList; > > The issue is that a receiver of an unknown type cannot properly skip > past it because it doesn't know the length (note that this is a known > problem in SNI as well). The correct approach is to have the ClientName > include a length field: > > struct { > NameType name_type; > uint16 length; // NEW > select (name_type) { > case host_name: HostName; > } name; > } ClientName; > > struct { > ClientName client_name_list<1..2^16-1> > } ClientNameList; > > Note that this will create a redundant length but that's basically > just the natural thing for TLS encoding and not really worth > fixing. > Thanks for this suggestion. It was modelled after SNI, and thus inherited that defect :) At the moment, only one name type (and one instance of it) is supported, so it doesn't really matter. But it is best to design for extensibility, so I will plan to add the additional length field. Shumon. --00000000000057272e05b41d094c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sat, Nov 14, 2020 at 8:28 PM Eric Resc= orla <ekr@rtfm.com> wrote:
I have reviewed these drafts. While I don't = have any strong opinions about
whether this technology is a = good thing or not. I do have some thoughts about
the TLS binding.

Thanks for the review!
=

Overall, it's probably not good to try to do the same thing= for TLS
1.3 and TLS 1.2, given the very different properties of client<= br>authentication in the two protocols.

In 1.3 the right way to do t= his is for the server to indicate
willingness/desire for DANE informatio= n in the CertificateRequest and
the client to answer that in the Certifi= cate. This will automatically
encrypt the contents of the extension with= out resort to ECH, just
as the client's cert is already encrypted.
TLS 1.2 doesn't support ECH nor does it it encrypt the certificat= e,
so it seems like ideally we would not support TLS 1.2 at all for
t= his extension. Is there a strong need for it?
<= div>
Yeah, we're aware the privacy protections = can only be achieved
with TLS 1.3.

=
My assumption (possibly mistaken) has been that we will need
to support deployed bases of both TLS 1.2 and 1.3.

However, since this protocol requires code changes in TLS stacks
anyway, perhaps we can mandate TLS 1.3 only, and modify the
pro= tocol according to your suggestion (adding the new protocol
eleme= nts to CertificateRequest and Certificate and remove the
need for= ECH).

I'll ponder and chat with some of the p= otential consumers of this
technology re: TLS 1.2/1.3.
=
=C2=A0


Your encoding for the extension is not extensibl= e because it does
not contain a length as well as a type.

=C2=A0= =C2=A0struct {
=C2=A0 =C2=A0 =C2=A0 =C2=A0NameType name_type;
=C2=A0= =C2=A0 =C2=A0 =C2=A0select (name_type) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0case host_name: HostName;
=C2=A0 =C2=A0 =C2=A0 =C2=A0} name= ;
=C2=A0 =C2=A0} ClientName;

=C2=A0 =C2=A0..
=C2=A0 =C2=A0
= =C2=A0 =C2=A0struct {
=C2=A0 =C2=A0 =C2=A0 =C2=A0ClientName client_name_= list<1..2^16-1>
=C2=A0 =C2=A0} ClientNameList;

The issue is= that a receiver of an unknown type cannot properly skip
past it because= it doesn't know the length (note that this is a known
problem in SN= I as well). The correct approach is to have the ClientName
include a len= gth field:

=C2=A0 =C2=A0struct {
=C2=A0 =C2=A0 =C2=A0 =C2=A0NameT= ype name_type;
=C2=A0 =C2=A0 =C2=A0 =C2=A0uint16 length; =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 // NEW
=C2=A0 =C2=A0 =C2=A0 =C2=A0sel= ect (name_type) {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0case host_nam= e: HostName;
=C2=A0 =C2=A0 =C2=A0 =C2=A0} name;
=C2=A0 =C2=A0} Client= Name;

=C2=A0 =C2=A0struct {
=C2=A0 =C2=A0 =C2=A0 =C2=A0ClientName= client_name_list<1..2^16-1>
=C2=A0 =C2=A0} ClientNameList;
Note that this will create a redundant length but that's basically
= just the natural thing for TLS encoding and not really worth
fixing.
=

Thanks for this suggestion.

It was modelled after SNI, and thus inherited that d= efect :)

At the moment, only one name type (and on= e instance of it)
is supported, so it doesn't really matter. = But it is best to design
for extensibility, so I will plan to add= the additional length field.

Shumon.
--00000000000057272e05b41d094c-- From nobody Sun Nov 15 09:27:16 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8284E3A0A20; Sun, 15 Nov 2020 09:27:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYSuZKtec1cn; Sun, 15 Nov 2020 09:27:13 -0800 (PST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70049.outbound.protection.outlook.com [40.107.7.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE5123A0A00; Sun, 15 Nov 2020 09:27:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cC5hsfZgIjvpjJsfXwnFkA7Rd0VWUqot3A0+J1eS9IS6781MN7xjScWiEFZUpFCk0vQMGeNOAeBTP6HMGZwk0zSaQPRGuPfD/zE6S0Fvj0/4f+kI2+bUc+dfGVZFd/LGiaUhdc7ZsMMZ6JZgCeZurMJRYJOpHU7GPnlrWFpQwduXPVH+Nz9x7UJoEyB+op0UMKkJ6hgFR1ymVXkAp/SqILoIeMbyZ2O6z3DJ1JHIKux4O9olkKOdXPijkBSZimDu7VdQTsGgQfsZNgjF7zS0DkwMrUqZpq4BMY0bLo2vqBI5ypizP61xKYBM52c9XZeWHy4ijLxtMvC1w2Dgxn5OYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2d+xWRP7wyvHxXsnd4iGr/NqByHwQK2gKF1/MCA/sms=; b=UbZOMgbnxbu5Tt+ycDBRhcLIMP1ChQIxNvP/tbbYyPILLzhwFcqTPk/bmPLd5qleRVXf+Kf4Ap6um17piWfg2/coSTiJFd3epV/FwACAfeYKlKbFM3KUTqTQe5sS+7QtiCnvyPCT+w1ZYvaNG6edCFNDXMOdsSsXK83ezE9VfGc6pNO4ZkgS2i61Deb2j3E496tSVTdBr10wTMAtyFvy/30y/4olv2Ux6rfiKp3Hd7O+C9U9oy6DCHvsJO8SpuqvikB7fPl5dV+VIZL1y/kykT2xXzV+UzyaX/RxYpi6+Vn9fxLaMM9SGmYjtNHGkryerLmGqie/dCW2kJzjj6NYgA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2d+xWRP7wyvHxXsnd4iGr/NqByHwQK2gKF1/MCA/sms=; b=aYD1lT1N1XNl5bS4qB8PJbUL7QFIDPrjBZs5dKNwSiZRJpFBsMKczZY1OBlx4mG9tkkC/MoFXjYkLDGECEXZEgP1pbIds/sJYaOw9PdmU6QPdM6wRc2xaWapaSqdq/hgvgPVsut3ZM98YBHpiyNnPvLoQo6YP0pb1OlEGOVq9m4= Received: from VI1PR07MB4477.eurprd07.prod.outlook.com (2603:10a6:803:74::33) by VI1PR0701MB7007.eurprd07.prod.outlook.com (2603:10a6:800:197::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.16; Sun, 15 Nov 2020 17:27:10 +0000 Received: from VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::1924:4b62:2704:55e4]) by VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::1924:4b62:2704:55e4%6]) with mapi id 15.20.3564.025; Sun, 15 Nov 2020 17:27:10 +0000 From: Francesca Palombini To: "secdispatch@ietf.org" , "ietf@ietf.org" Thread-Topic: ISO minute takers in Secdispatch Thread-Index: AQHWu3SMUrpnSGlOkU2kU3eH4XZncA== Date: Sun, 15 Nov 2020 17:27:10 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.42.20101102 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com; x-originating-ip: [2001:1ba8:147a:c100:f025:1850:534c:eb47] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 680f9748-e830-4271-0650-08d8898baf03 x-ms-traffictypediagnostic: VI1PR0701MB7007: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: JMcOni7hL28yMLEOMgChyyhpWymbc+eTtG+vXKSHu5WmXMQixi9HPo/CdwrtDZ00wgbm+Np04Z/e5XZyhUtNvz+NGC9k2woJFzem5/Zy+9K0SCqkKAYKMXI+v5BiE9usT7PRQzle6GFTisFEF1EvdY71dTLYAZyZjSj4MEQu5ju/kgvPligKrMiWirCqdKvA4tMS2kUxGKX1LzizV+EAT8ifwykuFU/uq+fub/58ugbg6MJ9VzE82kGdODDSl/5WB+2micX8Rj39RK7rDEJ4g3RY039X78K9vxkfMspn7vAtbHNapwZkKjWBGp97p7IndEK3Sw6MDC8VxgpBy4OoBCS6BcWnJqJiuFas4qtXxHKWhyfY684OL6OPjR4DILBA2/sUkx7Lx3YtuMz6jRMAfw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB4477.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(376002)(366004)(39860400002)(346002)(2906002)(53546011)(6506007)(478600001)(86362001)(2616005)(186003)(44832011)(5660300002)(110136005)(64756008)(66556008)(66476007)(66446008)(966005)(33656002)(36756003)(450100002)(6512007)(83380400001)(76116006)(6486002)(71200400001)(8936002)(316002)(8676002)(66946007)(91956017); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?utf-8?B?L0FjYmVYM0xCeTRoRG01V2w0Sy9UbmVIRmxkN1piWHJzbWcrRU4vVEx6bzNv?= =?utf-8?B?QW55UUxUUzB2NWQ4V3Nxc3Z5b25CZFh0c1ZiZ0gzbEt6TUY3MTN0L1psejhO?= =?utf-8?B?cEVnekZ6NVNyczZFMENaYm1yK1JlaG5XaEVLa1BiSlBQSVgraUJSdzNhbllF?= =?utf-8?B?Mk9CY0dWSXgyNEVhSlhNZlVpMjFMVGpYckZOMVFKQlZRZWpWZDdJbDZjYktn?= =?utf-8?B?bnZCRzFMOVllcXZKNFc0eFpXOG5XTVc5OTluNFI4NnlNdm4vaStvazBJR1Z0?= =?utf-8?B?UVo3L2xtbkQvQlNLenFvVld1WS92S0hKVWNwMDlJZmVZb1VLRHovY002WFZI?= =?utf-8?B?TkJSc3dWYkJnR2tpWUw1cU1aamRLS3l2c21vbENqL3NPeUdMcEV5VjJBM09q?= =?utf-8?B?ZW5UWkNOWFJNUEtqSVEyU1c2cUkrSFNqeXM0VXNpT0JhRzJkcUxhOVZpMjUw?= =?utf-8?B?aTFPVGY0Q3ZNbXZkZnpuMVpBY1JpVDlONHZueCs2Z083SHlQWVNVaXZ3VjR1?= =?utf-8?B?YUZMSmxybUtFYUJnRjcyWEJIYkNhb0t3blhZMWppeTB0Q2xqUU1RaExHdy9r?= =?utf-8?B?NDRvcEdEbXZqb0R6dXBQaWM5d1dOV2Y2MjRWUGR5enQzdm9hM1dkZ0hYVTNk?= =?utf-8?B?K01kaHQ4dVJWbUp5YVNqUi9EVVpYVzdFelcyam92cWRYOUNBTjZUQzFKZmd3?= =?utf-8?B?Yk1uTVVzM2xXaDdDUmVwditUbnJ5cU9SUzlXK1oxL2Z0a09qVGVLeGp4cFRG?= =?utf-8?B?eXdaYkUybzM3L0pWczRydUFCWnNxNCtXdjlKMmIxZy81bTJrM3VwL1dkc2Rz?= =?utf-8?B?NVJDQ2RBUC8yRUo4RFVxWkVYQ3c4N2ppcFJPUzh6MWR6ZlRHNzQ4Q1QzWmxJ?= =?utf-8?B?elQ2REJ3TG45ZHJ5aXlYQVI0bktLM0lrVEhJdHU3VG5lNUZMakdPNUIxcndI?= =?utf-8?B?YWsyN2ZIMVZDYzBhQXNaMmYvYnBPanNOaTBJRHlUZmpqTFNqWXN5SCtHVytB?= =?utf-8?B?eXllbCtqaXRVVXBQem5McDIxN0dmaUlTazNvWVRFZzFuTmFNandYdjA0WElN?= =?utf-8?B?TnpldkQxMmdMeUk1Sk8zeXhFeTFkUndzcnNmQ2F3SGdJN1QzRml0S2dxWHR6?= =?utf-8?B?QnkzbVpnM0ZsdytDa282bFJpY2VHUE1JWlhQb0ZUU2d5c3dKWmlBNG44R3Vy?= =?utf-8?B?cU9WRFNBMC9hdVdMWHFmSkpYNUlGa081UXRUOVplYlNUanBMS1gyTWRJVGRD?= =?utf-8?B?SVNsSXVEZ3MxNzgwYW5RQ2RhVk84WVBFMXZzYm1qdmFKYmtRZz09?= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB4477.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 680f9748-e830-4271-0650-08d8898baf03 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2020 17:27:10.1436 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4ejbRSNMvrbi0lptydoTR9Ko3weWO28iDV1GqXgnWYLqQb0Egyw47Y+KMubnqjcbXNi555FrSfXZvtSwmNbjjaTzyLhGDF2eTGBRJTrIPYecVw1INCy+hYwjPPRd7lC+ X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB7007 Archived-At: Subject: [Secdispatch] ISO minute takers in Secdispatch X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Nov 2020 17:27:15 -0000 SGkgYWxsLA0KDQpBbnlib2R5IHBsYW5uaW5nIHRvIGF0dGVuZCBTZWNkaXNwYXRjaCB0b21vcnJv dyBhbmQga2luZCBlbm91Z2ggdG8gaGVscCB1cyBvdXQgd2l0aCB0aGUgbWludXRlcz8gV291bGQg YmUgZ3JlYXRseSBhcHByZWNpYXRlZC4NCg0KVGhhbmtzLA0KRnJhbmNlc2NhDQoNCu+7v09uIDEw LzExLzIwMjAsIDE4OjE3LCAiRnJhbmNlc2NhIFBhbG9tYmluaSIgPGZyYW5jZXNjYS5wYWxvbWJp bmlAZXJpY3Nzb24uY29tPiB3cm90ZToNCg0KICAgIEhpIGFsbCwNCg0KICAgIEFuIGFnZW5kYSBm b3IgdGhlIGNvbWluZyBtZWV0aW5nIGhhcyBiZWVuIHBvc3RlZDogaHR0cHM6Ly9kYXRhdHJhY2tl ci5pZXRmLm9yZy9tZWV0aW5nLzEwOS9tYXRlcmlhbHMvYWdlbmRhLTEwOS1zZWNkaXNwYXRjaC0w MCAgUGxlYXNlIG5vdGUgdGhhdCB0aGUgbGFzdCBwcmVzZW50YXRpb24gKFNWVCkgd2FzIGRpc2N1 c3NlZCBhdCBJRVRGMTA3IGFuZCBoYXMgYWxyZWFkeSBiZWVuIGRpc3BhdGNoZWQsIGJ1dCBzaW5j ZSB3ZSBhcmUgbm90IGxvdyBvbiB0aW1lIG9uIHRoaXMgbWVldGluZyB3ZSBjYW4gZ2l2ZSBpdCBh IHNsb3QgZm9yIGRpc2N1c3Npb24gYW5kIGZlZWRiYWNrICh3aXRob3V0IGRpc3BhdGNoaW5nIG91 dGNvbWVzKS4gDQoNCiAgICBXZSBhcmUgbG9va2luZyBmb3IgbWludXRlIHRha2VycyBhbmQgamFi YmVyIHNjcmliZS4gUGxlYXNlIGNvbnNpZGVyIHZvbHVudGVlcmluZyBpZiB5b3UgYXJlIHBsYW5u aW5nIHRvIGpvaW4gdGhlIHNlc3Npb24uDQoNCiAgICBUYWxrIHRvIHlvdSBhbGwgc29vbiENCiAg ICBGcmFuY2VzY2ENCg0KICAgIE9uIDI3LzEwLzIwMjAsIDE1OjQ4LCAiU2VjZGlzcGF0Y2ggb24g YmVoYWxmIG9mIEZyYW5jZXNjYSBQYWxvbWJpbmkiIDxzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYu b3JnIG9uIGJlaGFsZiBvZiBmcmFuY2VzY2EucGFsb21iaW5pPTQwZXJpY3Nzb24uY29tQGRtYXJj LmlldGYub3JnPiB3cm90ZToNCg0KICAgICAgICBIaSBhbGwsDQoNCiAgICAgICAgQXMgeW91IG1p Z2h0IGhhdmUgc2VlbiwgU2VjZGlzcGF0Y2ggaGFzIGJlZW4gc2NoZWR1bGVkIHRvIGhhdmUgYW4g YWxsIHZpcnR1YWwgbWVldGluZyBvbiBNb25kYXksIDE2IE5vdmVtYmVyIDIwMjAsIDE2MDAtMTgw MCBJQ1QgKFVUQyArNykuDQogICAgICAgIFRoZSBzZXNzaW9uIHdpbGwgaGFwcGVuIG92ZXIgTWVl dGVjaG8sIGFuZCB5b3Ugd2lsbCBuZWVkIHRvIHJlZ2lzdGVyIHRvIElFVEYgdG8gcGFydGljaXBh dGUuIEZvciBtb3JlIGluZm9ybWF0aW9uIG9uIGhvdyB0byBwYXJ0aWNpcGF0ZTogaHR0cHM6Ly9p ZXRmLm9yZy9ob3cvbWVldGluZ3MvMTA5L3Nlc3Npb24tcGFydGljaXBhbnQtZ3VpZGUvIA0KDQog ICAgICAgIFdlIGFyZSB3b3JraW5nIG9uIHRoZSBhZ2VuZGEuIEN1cnJlbnRseSB3ZSBoYXZlIDMg cmVxdWVzdGVkIGFnZW5kYSBpdGVtcywgd2hpY2ggeW91IGNhbiBmaW5kIGluIHRoZSB3aWtpOiBo dHRwczovL3RyYWMuaWV0Zi5vcmcvdHJhYy9zZWNkaXNwYXRjaC93aWtpL2lldGYxMDkgDQoNCiAg ICAgICAgVGhpcyBpcyBvdXIgc2Vjb25kIGNhbGwgZm9yIGFnZW5kYSBpdGVtcy4gSWYgeW91IHdv dWxkIGxpa2UgdGltZSBvbiB0aGUgYWdlbmRhLCBzZW5kIHlvdXIgcmVxdWVzdCB0byB0aGUgbWFp bGluZyBsaXN0IGJlZm9yZSAqTW9uZGF5LCBOb3ZlbWJlciAybmQqLiAgR3VpZGVsaW5lcyBvbiBo b3cgdG8gcmVxdWVzdCBhIHNsb3Qgb24gdGhlIGFnZW5kYSB5b3UgYXJlIGluIHRoZSB3aWtpOiBo dHRwczovL3RyYWMuaWV0Zi5vcmcvdHJhYy9zZWNkaXNwYXRjaC8jUmVxdWVzdGluZ1RpbWVvbnRo ZUFnZW5kYSANCg0KICAgICAgICBJZiBuZWVkZWQsIHByZWNlZGVuY2UgaW4gdGhlIG1lZXRpbmcg d2lsbCBiZSBnaXZlbiB0byBkb2N1bWVudHMgdGhhdCBoYXZlIGRlbW9uc3RyYXRlZCBpbnRlcmVz dCBpbiB0aGUgZm9ybSBvZiBhY3RpdmUgZHJhZnRzIGFuZCBtYWlsaW5nIGxpc3QgZGlzY3Vzc2lv bi4NCiAgICAgICAgSWYgeW91IGhhdmUgcXVlc3Rpb25zLCBwbGVhc2UgcmVhY2ggb3V0IHRvIHRo ZSBjaGFpcnMuDQoNCiAgICAgICAgVGhhbmtzLA0KICAgICAgICBGcmFuY2VzY2ENCg0KICAgICAg ICBPbiAyMy8xMC8yMDIwLCAyMzoxNiwgIiJJRVRGIFNlY3JldGFyaWF0IiIgPGFnZW5kYUBpZXRm Lm9yZz4gd3JvdGU6DQoNCiAgICAgICAgICAgIERlYXIgRnJhbmNlc2NhIFBhbG9tYmluaSwNCg0K ICAgICAgICAgICAgVGhlIHNlc3Npb24ocykgdGhhdCB5b3UgaGF2ZSByZXF1ZXN0ZWQgaGF2ZSBi ZWVuIHNjaGVkdWxlZC4NCiAgICAgICAgICAgIEJlbG93IGlzIHRoZSBzY2hlZHVsZWQgc2Vzc2lv biBpbmZvcm1hdGlvbiBmb2xsb3dlZCBieQ0KICAgICAgICAgICAgdGhlIG9yaWdpbmFsIHJlcXVl c3QuIA0KDQoNCiAgICAgICAgICAgICAgICBzZWNkaXNwYXRjaCBTZXNzaW9uIDEgKDI6MDAgcmVx dWVzdGVkKQ0KICAgICAgICAgICAgICAgIE1vbmRheSwgMTYgTm92ZW1iZXIgMjAyMCwgU2Vzc2lv biBJSUkgMTYwMC0xODAwDQogICAgICAgICAgICAgICAgUm9vbSBOYW1lOiBSb29tIDcgc2l6ZTog NTA3DQogICAgICAgICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tDQoNCg0KICAgICAgICAgICAgaUNhbGVuZGFyOiBodHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL21lZXRpbmcvMTA5L3Nlc3Npb25zL3NlY2Rpc3BhdGNoLmljcw0KDQogICAgICAg ICAgICBSZXF1ZXN0IEluZm9ybWF0aW9uOg0KDQoNCiAgICAgICAgICAgIC0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KICAgICAgICAgICAg V29ya2luZyBHcm91cCBOYW1lOiBTZWN1cml0eSBEaXNwYXRjaA0KICAgICAgICAgICAgQXJlYSBO YW1lOiBTZWN1cml0eSBBcmVhDQogICAgICAgICAgICBTZXNzaW9uIFJlcXVlc3RlcjogRnJhbmNl c2NhIFBhbG9tYmluaQ0KDQoNCiAgICAgICAgICAgIE51bWJlciBvZiBTZXNzaW9uczogMQ0KICAg ICAgICAgICAgTGVuZ3RoIG9mIFNlc3Npb24ocyk6ICAyIEhvdXJzDQogICAgICAgICAgICBOdW1i ZXIgb2YgQXR0ZW5kZWVzOiAyMDANCiAgICAgICAgICAgIENvbmZsaWN0cyB0byBBdm9pZDogDQog ICAgICAgICAgICAgQ2hhaXIgQ29uZmxpY3Q6IGNib3IgY29yZSBnZW5kaXNwYXRjaCBodHRwYmlz DQogICAgICAgICAgICAgVGVjaG5vbG9neSBPdmVybGFwOiBzYWFnIGRpc3BhdGNoIGFjZSBhY21l IGNvc2UgY3VyZGxlIGRvdHMgZW11IGkybnNmIGlwc2VjbWUga2l0dGVuIGxha2UgbGFtcHMgbWls ZSBtbHMgb2F1dGggcmF0cyBzYWNtIHNlY2V2ZW50IHN1aXQgdGVlcCB0bHMgdG9rYmluZCB0cmFu cw0KDQoNCg0KDQoNCg0KICAgICAgICAgICAgUGVvcGxlIHdobyBtdXN0IGJlIHByZXNlbnQ6DQog ICAgICAgICAgICAgIEthdGhsZWVuIE1vcmlhcnR5DQogICAgICAgICAgICAgIFJvbWFuIERhbnls aXcNCiAgICAgICAgICAgICAgUmljaGFyZCBCYXJuZXMNCiAgICAgICAgICAgICAgQmVuamFtaW4g S2FkdWsNCiAgICAgICAgICAgICAgRnJhbmNlc2NhIFBhbG9tYmluaQ0KDQogICAgICAgICAgICBS ZXNvdXJjZXMgUmVxdWVzdGVkOg0KDQogICAgICAgICAgICBTcGVjaWFsIFJlcXVlc3RzOg0KICAg ICAgICAgICAgICBQbGVhc2UgYXZvaWQgY29uZmxpY3Qgd2l0aCBhbnkgU2VjdXJpdHkgcmVsYXRl ZCBCb0YuDQogICAgICAgICAgICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KDQoNCiAgICAgICAgX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18NCiAgICAgICAgU2VjZGlzcGF0Y2ggbWFpbGluZyBs aXN0DQogICAgICAgIFNlY2Rpc3BhdGNoQGlldGYub3JnDQogICAgICAgIGh0dHBzOi8vd3d3Lmll dGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCg0KDQo= From nobody Sun Nov 15 20:35:57 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A46C3A12B9 for ; Sun, 15 Nov 2020 20:35:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=rdf7zpHS; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=blHemurq Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jy9pZSxn3HsI for ; Sun, 15 Nov 2020 20:35:49 -0800 (PST) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB9893A12BC for ; Sun, 15 Nov 2020 20:35:47 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id D332B7D8 for ; Sun, 15 Nov 2020 23:35:46 -0500 (EST) Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Sun, 15 Nov 2020 23:35:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=CGTiUd2Udn0OV54MeKFujLOXzH9mDt/ gNa5Mz2/URYw=; b=rdf7zpHSvaLAQpbjGz6olnqRsmos/ukpZx6NtHGbDhzbfcm S8DjjOtd+g+p9+144ZapK0tcLNnsrfzk6eyXsihCck5Nru0dchGJU3oZfjxwjnp3 jriYpQ3QXYosKpTr6s1Sb3fWGZt8l1Vng4iNvOc7pZhlb3vd92JNuMstwsG9wthT PhrNPLiZfYkAjr1ra/jXPUXV8oz7xPT5qxDiXf6c930c+TXjk8ZV2VAMVLbfB4q1 ExF9Gew8pPqzCNZcAZLTRg8okuVH7Xkm45KcU++zGmXKZymzwNpkT9fUPAa5lvFS qL0t3+1kEcaQI57ZCkBqA/USuh9bZxyvH+FkasQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=CGTiUd 2Udn0OV54MeKFujLOXzH9mDt/gNa5Mz2/URYw=; b=blHemurqZU0bbUAKqBSKL/ gb6TR8koQXQ934ZHdrgg31gT1ProZw6IBbQRzirIF8EaQlESNlJnbNtnp9T3lpjH Px6emJVQErM2I/4dS9a3EuUTySNZuSJQrQBw3EYn+6CeIrYmKbgKiUqKtLt3Xi8I yFNHYsFIDzqvz55QoJT6AHxVe0xNeIMCddOEJmhIV1kkxMBMJFQgMygLfIqfrVwO r4WWZgWL913ICoxYSWncD+9nvSJBgSCnGvYeGBDAragpZon2LnRrITs++0DLWlDw 9kFytVRidN5lsJHmK2wMj+RdYPdGNevAH3m8R2j4Kh1rwe5zWXFgJqZwV8zPxjWA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeftddgjeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpefhiedttdeviefhjeejgf evfeeuudfggfekveekheeugeegleevkeevkedthfeuieenucffohhmrghinhepihgvthhf rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epmhhtsehlohifvghnthhrohhphidrnhgvth X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 33AD7200BD; Sun, 15 Nov 2020 23:35:46 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.3.0-570-gba0a262-fm-20201106.001-gba0a2623 Mime-Version: 1.0 Message-Id: <99f34f67-c2f8-42fd-8c05-aff2094db6db@beta.fastmail.com> In-Reply-To: References: Date: Mon, 16 Nov 2020 15:35:27 +1100 From: "Martin Thomson" To: secdispatch@ietf.org Content-Type: text/plain Archived-At: Subject: Re: [Secdispatch] Agenda time request: DANE for IOT security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 04:35:56 -0000 Please DON'T design for extensibility. That is another aspect of the SNI design you don't want. If this fails, get a new extension point. On Sun, Nov 15, 2020, at 14:41, Shumon Huque wrote: > On Sat, Nov 14, 2020 at 8:28 PM Eric Rescorla wrote: > > I have reviewed these drafts. While I don't have any strong opinions about > > whether this technology is a good thing or not. I do have some thoughts about > > the TLS binding. > > Thanks for the review! > > > > > Overall, it's probably not good to try to do the same thing for TLS > > 1.3 and TLS 1.2, given the very different properties of client > > authentication in the two protocols. > > > > In 1.3 the right way to do this is for the server to indicate > > willingness/desire for DANE information in the CertificateRequest and > > the client to answer that in the Certificate. This will automatically > > encrypt the contents of the extension without resort to ECH, just > > as the client's cert is already encrypted. > > > > TLS 1.2 doesn't support ECH nor does it it encrypt the certificate, > > so it seems like ideally we would not support TLS 1.2 at all for > > this extension. Is there a strong need for it? > > Yeah, we're aware the privacy protections can only be achieved > with TLS 1.3. > > My assumption (possibly mistaken) has been that we will need > to support deployed bases of both TLS 1.2 and 1.3. > > However, since this protocol requires code changes in TLS stacks > anyway, perhaps we can mandate TLS 1.3 only, and modify the > protocol according to your suggestion (adding the new protocol > elements to CertificateRequest and Certificate and remove the > need for ECH). > > I'll ponder and chat with some of the potential consumers of this > technology re: TLS 1.2/1.3. > > > > > > > > Your encoding for the extension is not extensible because it does > > not contain a length as well as a type. > > > > struct { > > NameType name_type; > > select (name_type) { > > case host_name: HostName; > > } name; > > } ClientName; > > > > .. > > > > struct { > > ClientName client_name_list<1..2^16-1> > > } ClientNameList; > > > > The issue is that a receiver of an unknown type cannot properly skip > > past it because it doesn't know the length (note that this is a known > > problem in SNI as well). The correct approach is to have the ClientName > > include a length field: > > > > struct { > > NameType name_type; > > uint16 length; // NEW > > select (name_type) { > > case host_name: HostName; > > } name; > > } ClientName; > > > > struct { > > ClientName client_name_list<1..2^16-1> > > } ClientNameList; > > > > Note that this will create a redundant length but that's basically > > just the natural thing for TLS encoding and not really worth > > fixing. > > Thanks for this suggestion. > > It was modelled after SNI, and thus inherited that defect :) > > At the moment, only one name type (and one instance of it) > is supported, so it doesn't really matter. But it is best to design > for extensibility, so I will plan to add the additional length field. > > Shumon. > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > From nobody Mon Nov 16 01:51:23 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 616F13A16F8; Mon, 16 Nov 2020 01:51:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXOEX9eEyn8I; Mon, 16 Nov 2020 01:51:13 -0800 (PST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70074.outbound.protection.outlook.com [40.107.7.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B2873A170F; Mon, 16 Nov 2020 01:51:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fa7pFLCyTZbU1Sgaew4ImYc9K1bq3+yq/NoDD/HcNC9NvVfC0qg/d++6msft+b62ENZeB6Di1VfExrmVNVLLQkBXBNxrE5MqBagXU2wCiPJIJH7IRiYM1KURGn0raUmJHAJNBFSkQxtMc36pB1ehaO4yvB1u8AzlaqCa7JpTROyT09zKPVLv6t18iQHg5AZrSThJIk/22nePr9wJekhUbYiikLfnnJ3A0sDPxn5ZysQR5EVqGwzcDSHlNSq8FyRl5eSXZOsD0DH4Sv4bfKDhuox+vO6erTrQT34v2kh9FD08r83pLen2y26h2VSIQWKs4im0900VbImgSchSbQOvJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6AfXmx+RjU8PFqtK7Zbqgs8V0rFSBQfG3zKdQWm1o6E=; b=R6V0H72IptR059vdYzm+RnZxiib7OhgT67F5efLuF92kwUHwBEPfxo7X1pJEQzyJm+eRlNqtq0lZNh0eYYztqaLSiCePHbkEfbJjShIbtcPDCC61JKWtfOLmuf6EUkcowMAnsAZuke5zsbJyU8RcftFIuR/XmOyUl/TNlb+pCfP16SH+gsvMyuQlrbltaFmvUEAXWCzt5fZrsUJkbXuFiw1dx/34lpxgcJwPk+7OHdmgnhpuHQMLs3QZBW/BQfK0qrDsJidmTHWKR6IjrpXJnCyfktYBdQvgq4hoxKd5G/Kn/P4D5HOHQ8eRgQbvFF5GvUf28B2MqARo3SrmRazXkg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6AfXmx+RjU8PFqtK7Zbqgs8V0rFSBQfG3zKdQWm1o6E=; b=vTYUQB5k9PusVS0wlYwYjAN6qBj0XmAld6iM0qLB0Sy5RJXR0ZyB214oDQ+lU0fBW0JAmLps3lLIRQuYXCfGanZwqurUpb6S8iWAPgWSIOmFZKFL0Cas+Gb2AZfRIywuzH+1VQlYqrSBL1LPVRZRIxFmjTqMFjohn9y2ZHWXUs8= Received: from VI1PR07MB4477.eurprd07.prod.outlook.com (2603:10a6:803:74::33) by VI1PR0701MB6765.eurprd07.prod.outlook.com (2603:10a6:800:192::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.14; Mon, 16 Nov 2020 09:51:08 +0000 Received: from VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::1924:4b62:2704:55e4]) by VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::1924:4b62:2704:55e4%6]) with mapi id 15.20.3564.025; Mon, 16 Nov 2020 09:51:08 +0000 From: Francesca Palombini To: "secdispatch@ietf.org" CC: "secdispatch-chairs@ietf.org" Thread-Topic: Meetecho issue - audio stream Thread-Index: AQHWu/4CVPFCMGKZzEKG3XnqtXzh8w== Date: Mon, 16 Nov 2020 09:51:08 +0000 Message-ID: <72874FEE-BB2A-4BF3-B91B-9AD982315D02@ericsson.com> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.42.20101102 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com; x-originating-ip: [2001:1ba8:147a:c100:4884:53a6:747:fc1c] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6e2d6f6d-fd92-45b6-8c40-08d88a1524b0 x-ms-traffictypediagnostic: VI1PR0701MB6765: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2582; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: x1uofUOKjbQbFsSE6P8d3q7RifQr9Yj++bSYcwiekN/cysohsZsviHNR/qtRoYWA3UOZanU3V/lHybX8WANUdHBTdPc1BEMsIpk2zI4ggAHlK5PPTglxkDZ2yAeg45y3IeFh8fSAuZNRqUSFYdmTjtTdGHd4X/yuT+yKSCYALyCZX0TwoQT4R0KHM/UlnoGkXp4g2uMOFQ6vcSXEjiNx70E38nkvRrhqGSBKt4yT2/fTMfzdaQexi9n0RrztEa8XPk0XACF+QIsPIhNw8YSbIVWA98BBc32f8q50y0X2Cm/V51ogZjECT6gwR5aY0fF2L23/+BqJ5+oBw5jAKv4tbZQiQRU9hv4Z9Td5Z7eFr3OwICqjzxs0ZJ5IIS0KFvaxsWRpn8kyAlPVIwD8X2oNVQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB4477.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(366004)(396003)(39860400002)(136003)(6486002)(2906002)(2616005)(5660300002)(64756008)(33656002)(8676002)(44832011)(91956017)(66556008)(76116006)(316002)(6512007)(6916009)(478600001)(66476007)(66446008)(86362001)(6506007)(186003)(71200400001)(558084003)(4326008)(66946007)(8936002)(966005)(450100002)(36756003); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?utf-8?B?ZGpxVVNNMEsrd0ZKazR0QVdWRmNIRlJkUjFUZDFBc1cyZGo4Sm05Yk5YWEN4?= =?utf-8?B?Y0c4VkE3Zm9yYm1wcmpCVk1CYUE5YVlHUjNtdjJNSEVZZGZUWk8zUjBwNWtu?= =?utf-8?B?NTkwRGJ2RWo1NS9rQVBKbHMwNVFtNmJ0VG56NGM5eUlpeWczUklYVHUvUVJk?= =?utf-8?B?RkUxbjROUEtoNlhBb2pLNHBTUld5SjZSeko2WVVaT25BNS9WR0N0SDVraFVy?= =?utf-8?B?MHNkRW5NcUpyQXBOUFhhdkFiZk5oSHJQY2p5SUFmbXBLQmJpZlA0eklyUW8y?= =?utf-8?B?aWExZ05RMEhhNkxBa0NTYkZ3aUdiWFZyMVppR3Y3SnkwaTRDZGF5UFZXVG9E?= =?utf-8?B?WTBtc0U3U2d0dFExeStMWGl6akUrZmlKQXhEWTA0cjk2UTdFSVNKcm9VOUZq?= =?utf-8?B?VUlOTk05VVVqUGMyL29XMzhPRWhQTmhpaTNlTlJBY01RR3l2eHN6akEvWm5C?= =?utf-8?B?ZWR1Y3FaYk14ZFczYXBnN3pvUG1VQlBkNkFKdkVndFkvR2ZWdG1xbVVsdEl6?= =?utf-8?B?Y0NLL0d6d3BEZzgxaWptWEJRRzd2TWlTTzlnaWUyejk5Y1J0QzQ4bU56VFhE?= =?utf-8?B?dzNLL21wZzZtOGVkRHJrL25oNm1aeDZsKzNzeEcyUS9SclN6QUx1ZFdtZWVE?= =?utf-8?B?Y1ZwOW9QL2ZMblpCTHNPTEIvcnFpdGd1dTl0TkNuNHNmcmE3UkJibWZwbzBP?= =?utf-8?B?bFR2K3VEYU43UWw4Y0JvRyt2czVUbEs5QmpaMVRDMmp2b3FHUFNVY1AySGc3?= =?utf-8?B?bXUvWDZCMU91RHlvUHpXYmtMT3VpVTArKzg1T0pod3VCOFBHTU5ITjh3R0F3?= =?utf-8?B?ZnNhcDV4WDZTSEVGRU4yaSsrbGJUNjdkMGJ5RlZGdkY3ZW04MUg1NGFWOFN5?= =?utf-8?B?ZWQ4VnlvNDBaM0ZwK0dadStkNWdQNUw4OVFjblNNNFNHcTBReXJ6YmxjMkhn?= =?utf-8?B?S01Kb3JXVHhNamxzUU1pTmpDREU1NjVBODUvQkd1N1dTUmRBcjRiZVh1SC9W?= =?utf-8?B?dkUvSzBuNEczZFFZUVZIUWM2cTJ0V1BLbXYxZ2FpMG1Lc1pybjZqUWxTSFlQ?= =?utf-8?B?SEhLR1RxV3djb3REcXd5MW12MVRWaks0WlZjUUdyWm5IQy9zR0Z6bkJscDA3?= =?utf-8?B?NHZ0NnN3WHZlZHN0NnJQTzhrVFJwKytkV3pLdC9OZXh5VVVtMnk0Tm5hMzNm?= =?utf-8?B?N2hFamtlNzJaem1uUjJXS09xQmZmRHdVK0doSlJvTk00N1hWN1Y4VVltM1lm?= =?utf-8?B?TXpmY3BDUzNONTkwTjg4M2NYclJmZ2w5WHpUTnRqcTZrd1JqZz09?= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <4D9E2D43C853C6478D90699BC02F24E1@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB4477.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6e2d6f6d-fd92-45b6-8c40-08d88a1524b0 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2020 09:51:08.5932 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: oRmV3aM0rh26165uo4+sN8AZYUexQl7jCTNpQ+ofhvYVvYsp+cQuPM5F9k2GxflNAcW+TI/8trFDCMUkTtxO6WmqlGz7D/PafSku2+JwGGI6XJd74ky5Ii6LeV9FHmsr X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB6765 Archived-At: Subject: [Secdispatch] Meetecho issue - audio stream X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 09:51:22 -0000 SGkgYWxsLA0KDQpXZSBzZWVtIHRvIGhhdmUgaXNzdWVzIHdpdGggbWVldGVjaG8uIElmIHlvdSBj YW4ndCBqb2luIHRoZSBzZXNzaW9uIHRyeSB0aGUgYXVkaW8tb25seSBzdHJlYW06IGh0dHA6Ly9t cDMuY29uZi5tZWV0ZWNoby5jb20vaWV0ZjEwOS9zZWNkaXNwYXRjaC8xLm0zdSANCg0KQW5kIGpv aW4gdmlhIGphYmJlciB0byBwYXJ0aWNpcGF0ZS9zZW5kIHlvdXIgY29tbWVudDogc2VjZGlzcGF0 Y2hAamFiYmVyLmlldGYub3JnDQoNCkZyYW5jZXNjYQ0KDQo= From nobody Mon Nov 16 01:57:19 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 412063A16AA; Mon, 16 Nov 2020 01:57:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86xKGpJNedDM; Mon, 16 Nov 2020 01:57:16 -0800 (PST) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60042.outbound.protection.outlook.com [40.107.6.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B22163A167B; Mon, 16 Nov 2020 01:57:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=STQ1Q5xLlzWbbM+2C76K2XirluIZ3rsr2lrO+41XYQ0SZIxNITforF+25lL4X1P4gIU1q9rcM+LK4GaILiApgOndhJmrcnOdbGzmwi/nsYXGmS6BOs0gibo868RcUw+YrVpz5k8PfLYNV3SxOwzeci2JOO2yZdKidLpEPqElYqvwmJW+X/NKiuJ2f1D7bamQXoTYDE5QUHrqHLRhpeUCs9LwqGmkhjPhRuiNgJDBl0LpWnVrMX4IPznQmaXpZQIJXyLcMLZ38ruTSxUaLVkdpjHe7V9RjOMthT1RPLpO5CIq7Ut8QOm6P3hYIvyckTw+EHRjrpa4b0BYtt9KPeX+Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wH8b1Yx1bKLjumk6BmJPSR9D2h2yms9eHazioY6GpRk=; b=jXIXYn5ElgaATlUNMpmGSE4ya9vHYpPs9AZz2rRPNexut7BatsjJJqGcePCRLi09Ck1z8iT69VEfuAYOBr1DMRi7VS3LNitpjr4HkGcor5BxrreLF/420ys02laCJIGNKuLoBAvsVndWoq+uCpm8SWRZH3ONNY2Udnnr1QQnYCfdluiIxHWWJU5C3ALwjYnKQzUR8ysOOTM5lyNPLxYG2ZNA72WwiGgzDLyECBWkzqPeyuBH5d0XUQqCPgnlb+WFBYwhhUHfYUUbWrVHKwNG7jYm0agGxTT7LYoCLTy7AAuHW1NEOeHHchQicyhQkr45CTZu0JmOx7IH8PikonWV3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wH8b1Yx1bKLjumk6BmJPSR9D2h2yms9eHazioY6GpRk=; b=LmAb9L1ISbMT5ky/cMnOa3OjUYQfmzXusr5fzM5zusiBS/YFWvbKZhi4Nm6BcXUYGKHzn3lpH2F5hNI3MemqV7QR6Urbk6tQkSSJsnRH1nCcLYEev7TU9A0Zs6nPcOQqSjLA0Gyw6Z6DMw47NllqyO48UqXDd3TtGdIx6lFNDBY= Received: from VI1PR07MB4477.eurprd07.prod.outlook.com (2603:10a6:803:74::33) by VI1PR07MB3408.eurprd07.prod.outlook.com (2603:10a6:802:17::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.12; Mon, 16 Nov 2020 09:57:14 +0000 Received: from VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::1924:4b62:2704:55e4]) by VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::1924:4b62:2704:55e4%6]) with mapi id 15.20.3564.025; Mon, 16 Nov 2020 09:57:14 +0000 From: Francesca Palombini To: "secdispatch@ietf.org" CC: "secdispatch-chairs@ietf.org" Thread-Topic: Meetecho issue - audio stream Thread-Index: AQHWu/4CVPFCMGKZzEKG3XnqtXzh86nKln6A Date: Mon, 16 Nov 2020 09:57:14 +0000 Message-ID: References: <72874FEE-BB2A-4BF3-B91B-9AD982315D02@ericsson.com> In-Reply-To: <72874FEE-BB2A-4BF3-B91B-9AD982315D02@ericsson.com> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.42.20101102 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com; x-originating-ip: [2001:1ba8:147a:c100:4884:53a6:747:fc1c] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 55766be5-fc51-4574-fc0a-08d88a15feaf x-ms-traffictypediagnostic: VI1PR07MB3408: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2150; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: tbJZ38ldTtsPpVpsXpW0uFgfAXXGE3fFIOzMC+A0xGNvxnG8WjlzuilHnRhz/NXiUr3mfdAkQhLmNH29df7+A0AzpQ9FQAnE7lOS3EhHUpz/4+zCTDe/QlbSRv7eC7kHrGfUrgqMUYpDEbDSNqB+Ij6KCsUBAtVr5usbpAIn/vk2wXU8yQk08qxcKeX19zUUFrz1ixlHLJU6A/xJFlW/SvB8HnAYf2okfOf7fQeVXMSiuhOHd4LDYU5utUOaKIVE4kIvU5KIlm9QQTGW0jyyZiOHV8Gxq8HN55S+FzwErmME0jzpLxNMGCoNxePWz0kdrfkDX5dbhyadwhquPLKaN72wJ7yy3Pdm+Ka9glTzjBKsPbWzvO7L1/9T5Ei6C1can4x4f81uWIAcupAXDlxYtQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB4477.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(366004)(39860400002)(450100002)(478600001)(4326008)(83380400001)(86362001)(316002)(8676002)(66476007)(66556008)(6512007)(66946007)(76116006)(71200400001)(8936002)(6916009)(6486002)(5660300002)(91956017)(186003)(33656002)(2906002)(64756008)(6506007)(66446008)(966005)(4744005)(2616005)(36756003)(44832011); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?utf-8?B?WC9BV2J0SXFNYmVoNGNuUnowdkZyTnFYRVdmVEhUdFltVnB6UmxPM2Rpa0h3?= =?utf-8?B?MVE2bjhDMkFBMVE4OVQrS2phWFZ3WTRrTXNHcWZCMHFIMjFuNnY1VmtENTho?= =?utf-8?B?YjhXTGdObHlVL1d2YW80MU9CcnpLN2JnaVhaRFFJcHNVWGZEQXVRazBxZDVS?= =?utf-8?B?c1FLcE9uUFlRenl6RFd6Q3RxRW44M1FMSEZkVFJyUkRzV2Vva20zbE92Nzc2?= =?utf-8?B?ZU1nQjFoTVdqaVdjZndqNXRuUnlXaDF6SWVZOS9pN0tBVExJOGVCQ09UMmFO?= =?utf-8?B?eGxnNGN1M1RxdDZFN0tFM2hncjg3YU92TU5COGNaMVp0MEhscnNzaHpqa2NZ?= =?utf-8?B?VC9DK05FTHZlT3NNL09WOGJIdi9qZm5JNDhoZ0J5MGRTTFZ3ZXhpMnRLb09y?= =?utf-8?B?U00vM2Z3U2Rxdm9ORzJOQlF0b010ZG53ejhOR2dOUlB0M05MZjFQRXhCYzI5?= =?utf-8?B?V1kxdWN4Zk5BaUNIR0ZldDhjT2c3YS9HQTR6NmQ5YzVqSE9JVXpSVkVEdFFE?= =?utf-8?B?eUk3QkhDeUFrU3BLWFRxZUNOZ1prTjBTZlRxS0dFRHd3S091VU5IazduT0FE?= =?utf-8?B?dDE3UHN3WmI5T3RuTy9wUW1sRk9DWk5BNFcwVHZadm1lb2NxVDc5aGlQWEJr?= =?utf-8?B?VjZDeDFyS0pLbG1xQk53Umk0ZkxCdjMyNm5aOEVjd0o5SDBBbWFiai9CSDNB?= =?utf-8?B?R0RobmhvRlIwYWNnVk43Q3Z0Nm9KN1ZXUUlvT21YTldjR1crdXpXbmZ4bGpG?= =?utf-8?B?YmQyb0xxQm1taENtWWYzQ3NXd2o3TkFxd0xZM1hyeWNHdm44WGRJem5yVmdi?= =?utf-8?B?VjNzOVAyZ1JUNWxEdzhkWndBSEVKSU5wQlBKVnFPdlVFQ0FKdGI2Y2NCVlcy?= =?utf-8?B?dVc3MzNYamNUeUhsZERVQkY5cXpmMGF5dENJclA5Qkt2Y0FoWUlkaVNlM0dY?= =?utf-8?B?RzdUdjhxOE9WYllpeHE0cy9xQytYR3hZVk52aE80WWxWczUweWFKV29oV0NN?= =?utf-8?B?dkh1eGFMZU5zdVMvSCt5cjlqcmw3NUVUM1R4Vk9NN1BKYXJtbkszR1dXc1l1?= =?utf-8?B?K1BCN1NEcjJnQVdHOCtsekZjRFM4NjhrSlBjTE50YzJQN1RKa1FVZmFxcGxH?= =?utf-8?B?bitpeXFUdGEyVTl1RGg0bk1jdGR1RmhnaUViZjh6Rm1tbWova3RQRWtKZjY5?= =?utf-8?B?ZEl2YTRDVmQ4SXhSazlaZ1BJTFlpN1hXdk5WUVhNdmM1bVFpVmJWaGpqTWpr?= =?utf-8?B?d0QzNGNSMGp2MzFUVHNPOUVpcUtzSjg1STNIWEppTnFHa25zZz09?= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <5682213DF5D55C4C9DA87362AA7528AD@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB4477.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 55766be5-fc51-4574-fc0a-08d88a15feaf X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2020 09:57:14.3658 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SammCKNQxYL9H2LE0dnAFWadJ6TShH8xYUmHaxGf8p/8ztxw4uYot6dicUPFMPBGV8SlUBsz6Q2JE/A93es/23ka7zpOJkNZda4W2lbypPdr8Ekvnj9WG+d7nTzj6P+e X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3408 Archived-At: Subject: Re: [Secdispatch] Meetecho issue - audio stream X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 09:57:18 -0000 VXBkYXRlOiBUaGVyZSBpcyBhIHByb2JsZW0gd2l0aCBhbiBhdXRoZW50aWNhdGlvbiBWTSB0aGF0 IG1lYW5zIGl0IG5lZWRzIGEgcmVib290LCB3aGljaCB3aWxsIGtpbGwgYWxsIHNlc3Npb25zIGZv ciBmaXZlIG1pbnV0ZXMgb3Igc28uICANCg0KTWVldGluZyB3aWxsIHJlc3VtZSBpbiBhcm91bmQg NSBtaW51dGVzLg0KDQpGcmFuY2VzY2ENCg0K77u/T24gMTYvMTEvMjAyMCwgMTA6NTEsICJGcmFu Y2VzY2EgUGFsb21iaW5pIiA8ZnJhbmNlc2NhLnBhbG9tYmluaUBlcmljc3Nvbi5jb20+IHdyb3Rl Og0KDQogICAgSGkgYWxsLA0KDQogICAgV2Ugc2VlbSB0byBoYXZlIGlzc3VlcyB3aXRoIG1lZXRl Y2hvLiBJZiB5b3UgY2FuJ3Qgam9pbiB0aGUgc2Vzc2lvbiB0cnkgdGhlIGF1ZGlvLW9ubHkgc3Ry ZWFtOiBodHRwOi8vbXAzLmNvbmYubWVldGVjaG8uY29tL2lldGYxMDkvc2VjZGlzcGF0Y2gvMS5t M3UNCg0KICAgIEFuZCBqb2luIHZpYSBqYWJiZXIgdG8gcGFydGljaXBhdGUvc2VuZCB5b3VyIGNv bW1lbnQ6IHNlY2Rpc3BhdGNoQGphYmJlci5pZXRmLm9yZw0KDQogICAgRnJhbmNlc2NhDQoNCg0K From nobody Mon Nov 16 02:55:19 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04F583A08FA for ; Mon, 16 Nov 2020 02:55:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.6 X-Spam-Level: X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sFW1X7qpNhx6 for ; Mon, 16 Nov 2020 02:55:16 -0800 (PST) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4B083A08EB for ; Mon, 16 Nov 2020 02:55:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5203; q=dns/txt; s=iport; t=1605524115; x=1606733715; h=from:mime-version:subject:message-id:date:to; bh=4xya0VIFPfmiMiYnTg0b2QhxiD9zUNbOv+fpx1GW+54=; b=YUNXx7oAQMppWLbVjZdisyBgrP5RG3LZKduAjm7oDLw6y3jPQamIldzk 2um8wJedIwnnq7UkARki+azc1mJkNBmH+z+JbtQ0hnILUN+djFORp79Go bWZw+9BoVtyHpn+8n1Sgn0KOYWBnRzo+++NZW+8PeZdU6p9ifmEWQDYhq Y=; X-Files: signature.asc : 488 X-IPAS-Result: =?us-ascii?q?A0AMBQBaWrJf/xbLJq1iHgEBCxIMhgIBIBIuhDyJBYd4g?= =?us-ascii?q?SuTD4gZBAcBAQEKAwEBLwQBAYZrJjgTAgMBAQEDAgMBAQEBBQEBAQIBBgRxh?= =?us-ascii?q?W2GHHU7AwJIKoMmAYMGnXSOGnaBMoouEIE4gVOMCIIAgREnDBCCGoV+gkozg?= =?us-ascii?q?iwEmymBGptrgneDGoE3lkQDH5JRjyiwQYNkAgQGBQIVgWsjgVczGggbFTsqA?= =?us-ascii?q?YI+PhIZDY0pj0BAAzA3AgYBCQEBAwmOSAEB?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.77,482,1596499200"; d="asc'?scan'208,217";a="31151370" Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Nov 2020 10:55:01 +0000 Received: from [10.61.195.96] ([10.61.195.96]) by aer-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 0AGAsx1L023148 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 16 Nov 2020 10:55:01 GMT From: Eliot Lear Content-Type: multipart/signed; boundary="Apple-Mail=_DD7A2953-1AFE-45D7-B17E-74B27E72BA01"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Message-Id: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> Date: Mon, 16 Nov 2020 11:54:59 +0100 To: secdispatch@ietf.org X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Outbound-SMTP-Client: 10.61.195.96, [10.61.195.96] X-Outbound-Node: aer-core-1.cisco.com Archived-At: Subject: [Secdispatch] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 10:55:18 -0000 --Apple-Mail=_DD7A2953-1AFE-45D7-B17E-74B27E72BA01 Content-Type: multipart/alternative; boundary="Apple-Mail=_8FBD32AF-754B-4148-9052-D1979DFE605C" --Apple-Mail=_8FBD32AF-754B-4148-9052-D1979DFE605C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Thanks to Shumon for presenting the DANE use case for IOT. We discussed taking this to the iot-onboarding@ietf.org = list as there were a number of rather = big open issues that people wanted to discuss. We also discussed a non-WG forming BOF to look at, as Ted put it, the = broader context for onboarding. To give people a feel for the sort of = related work that is available, here are a list of related activities: draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a request/response = mechanism that uses RFC 8366 vouchers to introduce devices and network = infrastructure. Intel=E2=80=99s SDO provides an application level introduction using = vouchers as well. This work has been taken up by the FIDO alliance. The Wifi Alliance has Device Provisioning Protocol (DPP) which does not = attach to a global name space prior to provisioning having occurred, but = does represent a minimum case (just public keys). draft-friel-eap-tls-eap-dpp borrows from DPP, intended mostly for wired = use, where DPP is focused on 802.11 networks. There are a number of BRSKI related drafts by Owen as well, relating to = cloud-based registrars. There is also work by Michael Richardson and Peter Van Der Stock on = constrained vouchers. That work is taking place in ACE. Understanding the landscape might help us understand where DANE fits in. Regards, Eliot --Apple-Mail=_8FBD32AF-754B-4148-9052-D1979DFE605C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Thanks to Shumon for presenting the DANE use case for = IOT.

We discussed = taking this to the iot-onboarding@ietf.org list as there were a number of = rather big open issues that people wanted to discuss.

We also discussed a = non-WG forming BOF to look at, as Ted put it, the broader context for = onboarding.  To give people a feel for the sort of related work = that is available, here are a list of related activities:

  • draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a = request/response mechanism that uses RFC 8366 vouchers to introduce = devices and network infrastructure.
  • Intel=E2=80=99s = SDO provides an application level introduction using vouchers as well. =  This work has been taken up by the FIDO alliance.
  • The Wifi Alliance has Device Provisioning Protocol (DPP) = which does not attach to a global name space prior to provisioning = having occurred, but does represent a minimum case (just public = keys).
  • draft-friel-eap-tls-eap-dpp borrows from DPP, = intended mostly for wired use, where DPP is focused on 802.11 = networks.
  • There are a number of BRSKI related drafts = by Owen as well, relating to cloud-based registrars.
  • There is also work by Michael Richardson and Peter Van Der = Stock on constrained vouchers.  That work is taking place in = ACE.

Understanding the landscape might help us understand where = DANE fits in.

Regards,

Eliot
= --Apple-Mail=_8FBD32AF-754B-4148-9052-D1979DFE605C-- --Apple-Mail=_DD7A2953-1AFE-45D7-B17E-74B27E72BA01 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEmNC9kEYdsJKnsmEdh7ZrRtnSejMFAl+yWoMACgkQh7ZrRtnS ejM7Mwf/TIPk/qWgraa8mDFPNaNd4u+XRBbW8nyjDR8X5wMBhQ3G8tRgZ9Iu2hTj d/wjrw9ig5wz06Ut+EL5/DIt2agcua7W4pCBtl3/U570A6xTGcMuKWNKhc6r2JRE ZoHoVzPKNHgdd3uwC5z0SunBfnRGZoq7E2faSVezIUicMv4jrJuAarqwPGXdxteC 0TdwflR2GHUlbCPpmydQnEaosFHW5/Ka33G0zct1Lb0eOXe0WiumS44D4T3qlpAx WZHFi6UWc/Tzg1mf5OQXvTP2we0nuCaWpWZoy4lPOYgS8U9gxydcE2+R54s7Q4sd NGpIxSIJO2NZmOkLfiiGqZIH5Y1lvA== =ITMe -----END PGP SIGNATURE----- --Apple-Mail=_DD7A2953-1AFE-45D7-B17E-74B27E72BA01-- From nobody Mon Nov 16 04:02:39 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29A4B3A0DA4; Mon, 16 Nov 2020 04:02:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32uads4Gim8U; Mon, 16 Nov 2020 04:02:31 -0800 (PST) Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18E373A0D9B; Mon, 16 Nov 2020 04:02:31 -0800 (PST) Received: from fraeml710-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4CZSMX4n0hz67DNS; Mon, 16 Nov 2020 20:00:56 +0800 (CST) Received: from nkgeml707-chm.china.huawei.com (10.98.57.157) by fraeml710-chm.china.huawei.com (10.206.15.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 16 Nov 2020 13:02:27 +0100 Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml707-chm.china.huawei.com (10.98.57.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 16 Nov 2020 20:02:25 +0800 Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Mon, 16 Nov 2020 20:02:25 +0800 From: "Panwei (William)" To: Eliot Lear CC: "secdispatch@ietf.org" , "iot-onboarding@ietf.org" Thread-Topic: [Secdispatch] DANE IOT proposed outcome Thread-Index: AQHWvAcDj5ATxnClv0CbH9AVFrI7YanKopzg Date: Mon, 16 Nov 2020 12:02:25 +0000 Message-ID: References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.136.99.125] Content-Type: multipart/alternative; boundary="_000_b178d5066d6b4371a59ffe59bb6d6447huaweicom_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Secdispatch] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 12:02:33 -0000 --_000_b178d5066d6b4371a59ffe59bb6d6447huaweicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzIHRvIEVsaW90IGZvciBzdW1tYXJpemluZyB0aGVzZS4NCg0KSSB0aGluayB0aGUgY29y ZSBjb25jZXB0IG9mIHVzaW5nIERBTkUgaW4gSW9UIHNjZW5hcmlvIGlzIHRvIGdldCByaWQgb2Yg Y2VydGlmaWNhdGVzIGFuZCBQS0lYLiBUaGUgc29sdXRpb24gb2YgaG93IHRvIHNlY3VyZWx5IG9u Ym9hcmQgdGhlIElvVCBkZXZpY2VzIGFuZCBhbGxvY2F0ZSB0aGUgRE5TIGRvbWFpbiBuYW1lLCBi b3RoIHdpdGggYW5kIHdpdGhvdXQgaW5pdGlhbCBjZXJ0aWZpY2F0ZXMsIGlzIHRoZSBrZXkgcGFy dCB0byBmaWd1cmUgb3V0Lg0KSWYgdGhlIElvVCBkZXZpY2VzIGhhdmUgbm8gaW5pdGlhbCBjZXJ0 aWZpY2F0ZXMsIHN1Y2ggYXMgODAyLjFBUiBJRGV2SUQgY2VydGlmaWNhdGUsIGFzIHRoZWlyIGlu aXRpYWwgaWRlbnRpdHksIHRoZW4gdGhlIEJSU0tJIG1lY2hhbmlzbSB3b27igJl0IGJlIGFwcHJv cHJpYXRlIGZvciB0aGVzZSBkZXZpY2VzIGJlY2F1c2UgQlJTS0kgaGFzIGEgcmVxdWlyZW1lbnQg b2YgSURldklELg0KSWYgdGhlIElvVCBkZXZpY2VzIGhhdmUgYW4gSURldklEIGNlcnRpZmljYXRl LCBJIHRoaW5rIGl0IGNhbiBzdGlsbCB1c2UgQlJTS0kgdG8gb25ib2FyZCwgYnV0IGl0IHdvbuKA mXQgdXNlIEVTVCB0byByZXF1ZXN0IGEgY2VydGlmaWNhdGUgYW55IG1vcmUsIGluc3RlYWQsIGl0 IHdpbGwgYXBwbHkgZm9yIGEgRE5TIGRvbWFpbiBuYW1lIGJ5IHVzaW5nIHNvbWUgcHJvdG9jb2xz Lg0KDQpUaGF04oCZcyBteSBwcmVsaW1pbmFyeSB0aG91Z2h0cywgbWF5YmUgbm90IHJpZ2h0Lg0K DQpSZWdhcmRzICYgVGhhbmtzIQ0KV2VpIFBhbg0KDQpGcm9tOiBTZWNkaXNwYXRjaCBbbWFpbHRv OnNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBFbGlvdCBMZWFyDQpT ZW50OiBNb25kYXksIE5vdmVtYmVyIDE2LCAyMDIwIDY6NTUgUE0NClRvOiBzZWNkaXNwYXRjaEBp ZXRmLm9yZw0KU3ViamVjdDogW1NlY2Rpc3BhdGNoXSBEQU5FIElPVCBwcm9wb3NlZCBvdXRjb21l DQoNClRoYW5rcyB0byBTaHVtb24gZm9yIHByZXNlbnRpbmcgdGhlIERBTkUgdXNlIGNhc2UgZm9y IElPVC4NCg0KV2UgZGlzY3Vzc2VkIHRha2luZyB0aGlzIHRvIHRoZSBpb3Qtb25ib2FyZGluZ0Bp ZXRmLm9yZzxtYWlsdG86aW90LW9uYm9hcmRpbmdAaWV0Zi5vcmc+IGxpc3QgYXMgdGhlcmUgd2Vy ZSBhIG51bWJlciBvZiByYXRoZXIgYmlnIG9wZW4gaXNzdWVzIHRoYXQgcGVvcGxlIHdhbnRlZCB0 byBkaXNjdXNzLg0KDQpXZSBhbHNvIGRpc2N1c3NlZCBhIG5vbi1XRyBmb3JtaW5nIEJPRiB0byBs b29rIGF0LCBhcyBUZWQgcHV0IGl0LCB0aGUgYnJvYWRlciBjb250ZXh0IGZvciBvbmJvYXJkaW5n LiAgVG8gZ2l2ZSBwZW9wbGUgYSBmZWVsIGZvciB0aGUgc29ydCBvZiByZWxhdGVkIHdvcmsgdGhh dCBpcyBhdmFpbGFibGUsIGhlcmUgYXJlIGEgbGlzdCBvZiByZWxhdGVkIGFjdGl2aXRpZXM6DQoN Cg0KICAqICAgZHJhZnQtaWV0Zi1hbmltYS1ib290c3RyYXBwaW5nLWtleWluZnJhIChCUlNLSSkg aXMgYSByZXF1ZXN0L3Jlc3BvbnNlIG1lY2hhbmlzbSB0aGF0IHVzZXMgUkZDIDgzNjYgdm91Y2hl cnMgdG8gaW50cm9kdWNlIGRldmljZXMgYW5kIG5ldHdvcmsgaW5mcmFzdHJ1Y3R1cmUuDQogICog ICBJbnRlbOKAmXMgU0RPIHByb3ZpZGVzIGFuIGFwcGxpY2F0aW9uIGxldmVsIGludHJvZHVjdGlv biB1c2luZyB2b3VjaGVycyBhcyB3ZWxsLiAgVGhpcyB3b3JrIGhhcyBiZWVuIHRha2VuIHVwIGJ5 IHRoZSBGSURPIGFsbGlhbmNlLg0KICAqICAgVGhlIFdpZmkgQWxsaWFuY2UgaGFzIERldmljZSBQ cm92aXNpb25pbmcgUHJvdG9jb2wgKERQUCkgd2hpY2ggZG9lcyBub3QgYXR0YWNoIHRvIGEgZ2xv YmFsIG5hbWUgc3BhY2UgcHJpb3IgdG8gcHJvdmlzaW9uaW5nIGhhdmluZyBvY2N1cnJlZCwgYnV0 IGRvZXMgcmVwcmVzZW50IGEgbWluaW11bSBjYXNlIChqdXN0IHB1YmxpYyBrZXlzKS4NCiAgKiAg IGRyYWZ0LWZyaWVsLWVhcC10bHMtZWFwLWRwcCBib3Jyb3dzIGZyb20gRFBQLCBpbnRlbmRlZCBt b3N0bHkgZm9yIHdpcmVkIHVzZSwgd2hlcmUgRFBQIGlzIGZvY3VzZWQgb24gODAyLjExIG5ldHdv cmtzLg0KICAqICAgVGhlcmUgYXJlIGEgbnVtYmVyIG9mIEJSU0tJIHJlbGF0ZWQgZHJhZnRzIGJ5 IE93ZW4gYXMgd2VsbCwgcmVsYXRpbmcgdG8gY2xvdWQtYmFzZWQgcmVnaXN0cmFycy4NCiAgKiAg IFRoZXJlIGlzIGFsc28gd29yayBieSBNaWNoYWVsIFJpY2hhcmRzb24gYW5kIFBldGVyIFZhbiBE ZXIgU3RvY2sgb24gY29uc3RyYWluZWQgdm91Y2hlcnMuICBUaGF0IHdvcmsgaXMgdGFraW5nIHBs YWNlIGluIEFDRS4NCg0KVW5kZXJzdGFuZGluZyB0aGUgbGFuZHNjYXBlIG1pZ2h0IGhlbHAgdXMg dW5kZXJzdGFuZCB3aGVyZSBEQU5FIGZpdHMgaW4uDQoNClJlZ2FyZHMsDQoNCkVsaW90DQo= --_000_b178d5066d6b4371a59ffe59bb6d6447huaweicom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseTrlrovkvZM7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpA Zm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1 IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBh bm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 R2FkdWdpOw0KCXBhbm9zZS0xOjIgMTEgNSAyIDQgMiA0IDIgMiAzO30NCkBmb250LWZhY2UNCgl7 Zm9udC1mYW1pbHk6IlxA5a6L5L2TIjsNCglwYW5vc2UtMToyIDEgNiAwIDMgMSAxIDEgMSAxO30N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk65Y2O5paH57uG6buROw0KCXBhbm9zZS0xOjIgMSA2 IDAgNCAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiXEDljY7mlofnu4bp u5EiOw0KCXBhbm9zZS0xOjIgMSA2IDAgNCAxIDEgMSAxIDE7fQ0KLyogU3R5bGUgRGVmaW5pdGlv bnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2lu OjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250 LWZhbWlseTrlrovkvZM7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUt cHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30N CmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3Jp dHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0Kc3Bh bi5FbWFpbFN0eWxlMTcNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1m YW1pbHk6IkdhZHVnaSIsc2Fucy1zZXJpZjsNCgljb2xvcjpibGFjazsNCglmb250LXdlaWdodDpu b3JtYWw7DQoJZm9udC1zdHlsZTpub3JtYWw7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxl LXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlv bjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA5MC4wcHQgNzIuMHB0 IDkwLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi8qIExp c3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21zby1saXN0LWlkOjE5NjU3NzA2NDQ7DQoJ bXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xODIzMTcwNjA0O30NCkBsaXN0IGwwOmxldmVsMQ0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1z by1sZXZlbC10YWItc3RvcDozNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglm b250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDo3 Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0x OC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmll ciBOZXciOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCkBsaXN0 IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxMDguMHB0Ow0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQt c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNA0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0K CW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7 DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwt bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10 YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p bHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyMTYu MHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTgu MHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rpbmdz O30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGww OmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl eHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6 ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsOQ0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1z by1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ Zm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGNtO30NCnVsDQoJ e21hcmdpbi1ib3R0b206MGNtO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+ DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+ PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4 dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxh eW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IlpILUNOIiBsaW5r PSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2si PlRoYW5rcyB0byBFbGlvdCBmb3Igc3VtbWFyaXppbmcgdGhlc2UuPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkkgdGhpbmsgdGhl IGNvcmUgY29uY2VwdCBvZiB1c2luZyBEQU5FIGluIElvVCBzY2VuYXJpbyBpcyB0byBnZXQgcmlk IG9mIGNlcnRpZmljYXRlcyBhbmQgUEtJWC4gVGhlIHNvbHV0aW9uIG9mIGhvdyB0byBzZWN1cmVs eSBvbmJvYXJkIHRoZSBJb1QgZGV2aWNlcw0KIGFuZCBhbGxvY2F0ZSB0aGUgRE5TIGRvbWFpbiBu YW1lLCBib3RoIHdpdGggYW5kIHdpdGhvdXQgaW5pdGlhbCBjZXJ0aWZpY2F0ZXMsIGlzIHRoZSBr ZXkgcGFydCB0byBmaWd1cmUgb3V0LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+SWYgdGhl IElvVCBkZXZpY2VzIGhhdmUgbm8gaW5pdGlhbCBjZXJ0aWZpY2F0ZXMsIHN1Y2ggYXMgODAyLjFB UiBJRGV2SUQgY2VydGlmaWNhdGUsIGFzIHRoZWlyIGluaXRpYWwgaWRlbnRpdHksIHRoZW4gdGhl IEJSU0tJIG1lY2hhbmlzbSB3b27igJl0IGJlIGFwcHJvcHJpYXRlDQogZm9yIHRoZXNlIGRldmlj ZXMgYmVjYXVzZSBCUlNLSSBoYXMgYSByZXF1aXJlbWVudCBvZiBJRGV2SUQuPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNl cmlmO2NvbG9yOmJsYWNrIj5JZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBhbiBJRGV2SUQgY2VydGlm aWNhdGUsIEkgdGhpbmsgaXQgY2FuIHN0aWxsIHVzZSBCUlNLSSB0byBvbmJvYXJkLCBidXQgaXQg d29u4oCZdCB1c2UgRVNUIHRvIHJlcXVlc3QgYSBjZXJ0aWZpY2F0ZSBhbnkgbW9yZSwgaW5zdGVh ZCwNCiBpdCB3aWxsIGFwcGx5IGZvciBhIEROUyBkb21haW4gbmFtZSBieSB1c2luZyBzb21lIHBy b3RvY29scy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJp Zjtjb2xvcjpibGFjayI+VGhhdOKAmXMgbXkgcHJlbGltaW5hcnkgdGhvdWdodHMsIG1heWJlIG5v dCByaWdodC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibGluZS1oZWlnaHQ6 MTEwJSI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2xpbmUtaGVp Z2h0OjExMCU7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 YmxhY2siPlJlZ2FyZHMgJmFtcDsgVGhhbmtzITxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDoxMTAlIj48c3BhbiBsYW5nPSJFTi1V UyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7bGluZS1oZWlnaHQ6MTEwJTtmb250LWZhbWlseTom cXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+V2VpIFBhbjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0i RU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZx dW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3Bh ZGRpbmc6MGNtIDBjbSAwY20gNC4wcHQiPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25l O2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNt Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYi PkZyb206PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4gU2VjZGlzcGF0 Y2ggW21haWx0bzpzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnXQ0KPGI+T24gQmVoYWxmIE9m IDwvYj5FbGlvdCBMZWFyPGJyPg0KPGI+U2VudDo8L2I+IE1vbmRheSwgTm92ZW1iZXIgMTYsIDIw MjAgNjo1NSBQTTxicj4NCjxiPlRvOjwvYj4gc2VjZGlzcGF0Y2hAaWV0Zi5vcmc8YnI+DQo8Yj5T dWJqZWN0OjwvYj4gW1NlY2Rpc3BhdGNoXSBEQU5FIElPVCBwcm9wb3NlZCBvdXRjb21lPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5UaGFua3MgdG8mbmJz cDtTaHVtb24gZm9yIHByZXNlbnRpbmcgdGhlIERBTkUgdXNlIGNhc2UgZm9yIElPVC48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0i RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5XZSBkaXNjdXNzZWQgdGFraW5nIHRo aXMgdG8gdGhlIDxhIGhyZWY9Im1haWx0bzppb3Qtb25ib2FyZGluZ0BpZXRmLm9yZyI+DQppb3Qt b25ib2FyZGluZ0BpZXRmLm9yZzwvYT4gbGlzdCBhcyB0aGVyZSB3ZXJlIGEgbnVtYmVyIG9mIHJh dGhlciBiaWcgb3BlbiBpc3N1ZXMgdGhhdCBwZW9wbGUgd2FudGVkIHRvIGRpc2N1c3MuPG86cD48 L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5XZSBhbHNvIGRpc2N1 c3NlZCBhIG5vbi1XRyBmb3JtaW5nIEJPRiB0byBsb29rIGF0LCBhcyBUZWQgcHV0IGl0LCB0aGUg YnJvYWRlciBjb250ZXh0IGZvciBvbmJvYXJkaW5nLiAmbmJzcDtUbyBnaXZlIHBlb3BsZSBhIGZl ZWwgZm9yIHRoZSBzb3J0IG9mIHJlbGF0ZWQgd29yayB0aGF0IGlzIGF2YWlsYWJsZSwgaGVyZSBh cmUgYSBsaXN0IG9mIHJlbGF0ZWQgYWN0aXZpdGllczo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHVsIHR5cGU9ImRpc2Mi Pg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+DQo8c3Bh biBsYW5nPSJFTi1VUyI+ZHJhZnQtaWV0Zi1hbmltYS1ib290c3RyYXBwaW5nLWtleWluZnJhIChC UlNLSSkgaXMgYSByZXF1ZXN0L3Jlc3BvbnNlIG1lY2hhbmlzbSB0aGF0IHVzZXMgUkZDIDgzNjYg dm91Y2hlcnMgdG8gaW50cm9kdWNlIGRldmljZXMgYW5kIG5ldHdvcmsgaW5mcmFzdHJ1Y3R1cmUu PG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0Omww IGxldmVsMSBsZm8xIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5JbnRlbOKAmXMgU0RPIHByb3ZpZGVz IGFuIGFwcGxpY2F0aW9uIGxldmVsIGludHJvZHVjdGlvbiB1c2luZyB2b3VjaGVycyBhcyB3ZWxs LiAmbmJzcDtUaGlzIHdvcmsgaGFzIGJlZW4gdGFrZW4gdXAgYnkgdGhlIEZJRE8gYWxsaWFuY2Uu PG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0Omww IGxldmVsMSBsZm8xIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5UaGUgV2lmaSBBbGxpYW5jZSBoYXMg RGV2aWNlIFByb3Zpc2lvbmluZyBQcm90b2NvbCAoRFBQKSB3aGljaCBkb2VzIG5vdCBhdHRhY2gg dG8gYSBnbG9iYWwgbmFtZSBzcGFjZSBwcmlvciB0byBwcm92aXNpb25pbmcgaGF2aW5nIG9jY3Vy cmVkLCBidXQgZG9lcyByZXByZXNlbnQgYSBtaW5pbXVtIGNhc2UgKGp1c3QgcHVibGljIGtleXMp LjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDps MCBsZXZlbDEgbGZvMSI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+ZHJhZnQtZnJpZWwtZWFwLXRscy1l YXAtZHBwIGJvcnJvd3MgZnJvbSBEUFAsIGludGVuZGVkIG1vc3RseSBmb3Igd2lyZWQgdXNlLCB3 aGVyZSBEUFAgaXMgZm9jdXNlZCBvbiA4MDIuMTEgbmV0d29ya3MuPG86cD48L286cD48L3NwYW4+ PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCjxz cGFuIGxhbmc9IkVOLVVTIj5UaGVyZSBhcmUgYSBudW1iZXIgb2YgQlJTS0kgcmVsYXRlZCBkcmFm dHMgYnkgT3dlbiBhcyB3ZWxsLCByZWxhdGluZyB0byBjbG91ZC1iYXNlZCByZWdpc3RyYXJzLjxv OnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMCBs ZXZlbDEgbGZvMSI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+VGhlcmUgaXMgYWxzbyB3b3JrIGJ5IE1p Y2hhZWwgUmljaGFyZHNvbiBhbmQgUGV0ZXIgVmFuIERlciBTdG9jayBvbiBjb25zdHJhaW5lZCB2 b3VjaGVycy4gJm5ic3A7VGhhdCB3b3JrIGlzIHRha2luZyBwbGFjZSBpbiBBQ0UuPG86cD48L286 cD48L3NwYW4+PC9saT48L3VsPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5VbmRlcnN0YW5k aW5nIHRoZSBsYW5kc2NhcGUgbWlnaHQgaGVscCB1cyB1bmRlcnN0YW5kIHdoZXJlIERBTkUgZml0 cyBpbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlJl Z2FyZHMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5F bGlvdDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_b178d5066d6b4371a59ffe59bb6d6447huaweicom_-- From nobody Mon Nov 16 04:50:44 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF0613A0E6F; Mon, 16 Nov 2020 04:50:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.6 X-Spam-Level: X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJRtV2PdtQ9v; Mon, 16 Nov 2020 04:50:36 -0800 (PST) Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E77803A0E65; Mon, 16 Nov 2020 04:50:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=21139; q=dns/txt; s=iport; t=1605531036; x=1606740636; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=uOrI9I/EmZdiNwZvTpe4YnhE8jgWDiwC1GSYhwhqb6M=; b=i9QTHKg17phzPY1PTCa17qPjst04gETVagR+yT42J7Brw1/JhKryetC6 A8qAZ19WhO6lUCvsnbO2Nxy4qRypzk3C0j4ol4QH53N+OMF9UmIBmbsyT EuPfJzgH25T4LvThi9fcz+l26i08smFceBHNXURlBs0zSqxAFvzbxdOfn I=; X-Files: signature.asc : 488 X-IPAS-Result: =?us-ascii?q?A0ByAAB6dLJf/xbLJq1ZCRoBAQEBAQEBAQEBAwEBAQESA?= =?us-ascii?q?QEBAQICAQEBAYIPgSOBB0krVQEgEi6EPIkFh3gmgQWGZZRDBAcBAQEKAwEBG?= =?us-ascii?q?AEKDAQBAYRKAoIfJjgTAgMBAQEDAgMBAQEBBQEBAQIBBgRxhWEMhXIBAQEDA?= =?us-ascii?q?QEBIUsLBQsLEQQBAQEnAwICJx8JCAYTGwSDBwGCZiAPrRV2gTKFV4RXCgaBO?= =?us-ascii?q?IFTjAiCAIERJwwQghoHLj6CXQEBgTNigmEzgiwEmymBGptrgneDGoE3lkQDH?= =?us-ascii?q?6F5sEGDZAIEBgUCFYFrI4FXMxoIGxU7KgGCPj4SGQ2NKYECF4hihUVAAzA3A?= =?us-ascii?q?gYBCQEBAwmOSAEB?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.77,482,1596499200"; d="asc'?scan'208,217";a="31092087" Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Nov 2020 12:50:31 +0000 Received: from dhcp-10-61-99-159.cisco.com (dhcp-10-61-99-159.cisco.com [10.61.99.159]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 0AGCoUiP026386 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 16 Nov 2020 12:50:31 GMT From: Eliot Lear Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_BD74D807-38E1-48C3-8131-00FDF02C643E"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Date: Mon, 16 Nov 2020 13:50:30 +0100 In-Reply-To: Cc: Eliot Lear , "iot-onboarding@ietf.org" , "secdispatch@ietf.org" To: "Panwei (William)" References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Outbound-SMTP-Client: 10.61.99.159, dhcp-10-61-99-159.cisco.com X-Outbound-Node: aer-core-2.cisco.com Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 12:50:39 -0000 --Apple-Mail=_BD74D807-38E1-48C3-8131-00FDF02C643E Content-Type: multipart/alternative; boundary="Apple-Mail=_59561EC1-5C50-4F0E-A87A-B6CB0507B482" --Apple-Mail=_59561EC1-5C50-4F0E-A87A-B6CB0507B482 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Wei Pan, I agree with you that there is a need for something that doesn=E2=80=99t = require devices to have a full PKI built in. But there needs to be = something unique about the device that it can express and prove. Also, = we should separate out two problems: Proving the peer to the device Providing the device to the peer Each has slightly different characteristics, especially when it comes to = certificates. Nobody should expect a huge cert store to be on a light = weight client. As was said in the chat, that is one thing that BRSKI = solves. But DPP/POK also solves it without certificates, but still = requires at least a public/private key pair. Less than that I do not = know how to work the problem. Eliot > On 16 Nov 2020, at 13:02, Panwei (William) = wrote: >=20 > Thanks to Eliot for summarizing these. >=20 > I think the core concept of using DANE in IoT scenario is to get rid = of certificates and PKIX. The solution of how to securely onboard the = IoT devices and allocate the DNS domain name, both with and without = initial certificates, is the key part to figure out. > If the IoT devices have no initial certificates, such as 802.1AR = IDevID certificate, as their initial identity, then the BRSKI mechanism = won=E2=80=99t be appropriate for these devices because BRSKI has a = requirement of IDevID. > If the IoT devices have an IDevID certificate, I think it can still = use BRSKI to onboard, but it won=E2=80=99t use EST to request a = certificate any more, instead, it will apply for a DNS domain name by = using some protocols. >=20 > That=E2=80=99s my preliminary thoughts, maybe not right. >=20 > Regards & Thanks! > Wei Pan >=20 > From: Secdispatch [mailto:secdispatch-bounces@ietf.org = ] On Behalf Of Eliot Lear > Sent: Monday, November 16, 2020 6:55 PM > To: secdispatch@ietf.org > Subject: [Secdispatch] DANE IOT proposed outcome >=20 > Thanks to Shumon for presenting the DANE use case for IOT. >=20 > We discussed taking this to the iot-onboarding@ietf.org = list as there were a number of rather = big open issues that people wanted to discuss. >=20 > We also discussed a non-WG forming BOF to look at, as Ted put it, the = broader context for onboarding. To give people a feel for the sort of = related work that is available, here are a list of related activities: >=20 > draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a request/response = mechanism that uses RFC 8366 vouchers to introduce devices and network = infrastructure. > Intel=E2=80=99s SDO provides an application level introduction using = vouchers as well. This work has been taken up by the FIDO alliance. > The Wifi Alliance has Device Provisioning Protocol (DPP) which does = not attach to a global name space prior to provisioning having occurred, = but does represent a minimum case (just public keys). > draft-friel-eap-tls-eap-dpp borrows from DPP, intended mostly for = wired use, where DPP is focused on 802.11 networks. > There are a number of BRSKI related drafts by Owen as well, relating = to cloud-based registrars. > There is also work by Michael Richardson and Peter Van Der Stock on = constrained vouchers. That work is taking place in ACE. >=20 > Understanding the landscape might help us understand where DANE fits = in. >=20 > Regards, >=20 > Eliot > -- > Iot-onboarding mailing list > Iot-onboarding@ietf.org > https://www.ietf.org/mailman/listinfo/iot-onboarding = --Apple-Mail=_59561EC1-5C50-4F0E-A87A-B6CB0507B482 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Wei Pan,

I agree = with you that there is a need for something that doesn=E2=80=99t require = devices to have a full PKI built in.  But there needs to be something unique about the device that it can = express and prove.  Also, we should separate out two = problems:

  • Proving the peer to the = device
  • Providing the device to the peer

Each has slightly = different characteristics, especially when it comes to certificates. =  Nobody should expect a huge cert store to be on a light weight = client.  As was said in the chat, that is one thing that BRSKI = solves.  But DPP/POK also solves it without certificates, but still = requires at least a public/private key pair. Less than that I do not = know how to work the problem.

Eliot

On 16 = Nov 2020, at 13:02, Panwei (William) <william.panwei@huawei.com> wrote:

Thanks to Eliot for summarizing these.
 
I think the core = concept of using DANE in IoT scenario is to get rid of certificates and = PKIX. The solution of how to securely onboard the IoT devices and = allocate the DNS domain name, both with and without initial = certificates, is the key part to figure out.
If the IoT devices have no initial certificates, = such as 802.1AR IDevID certificate, as their initial identity, then the = BRSKI mechanism won=E2=80=99t be appropriate for these devices because = BRSKI has a requirement of IDevID.
If the IoT devices = have an IDevID certificate, I think it can still use BRSKI to onboard, = but it won=E2=80=99t use EST to request a certificate any more, instead, = it will apply for a DNS domain name by using some protocols.
 
That=E2=80=99s my = preliminary thoughts, maybe not right.
 
Regards= & Thanks!
Wei Pan
 
From: Secdispatch = [mailto:secdispatch-bounces@ietf.org] On Behalf = Of Eliot Lear
Sent: Monday, November 16, 2020 = 6:55 PM
To: secdispatch@ietf.org
Subject: [Secdispatch] DANE IOT = proposed outcome
 
Thanks = to Shumon for presenting the DANE use case for IOT.
 
We = discussed taking this to the iot-onboarding@ietf.org list as there were a number = of rather big open issues that people wanted to discuss.
 
We also = discussed a non-WG forming BOF to look at, as Ted put it, the broader = context for onboarding.  To give people a feel for the sort of = related work that is available, here are a list of related = activities:
 
  • draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a = request/response mechanism that uses RFC 8366 vouchers to introduce = devices and network infrastructure.
  • Intel=E2=80=99s SDO provides an application level = introduction using vouchers as well.  This work has been taken up = by the FIDO alliance.
  • The = Wifi Alliance has Device Provisioning Protocol (DPP) which does not = attach to a global name space prior to provisioning having occurred, but = does represent a minimum case (just public keys).
  • draft-friel-eap-tls-eap-dpp borrows from DPP, = intended mostly for wired use, where DPP is focused on 802.11 = networks.
  • There are a number = of BRSKI related drafts by Owen as well, relating to cloud-based = registrars.
  • There is also work = by Michael Richardson and Peter Van Der Stock on constrained vouchers. =  That work is taking place in ACE.
 
Understanding the landscape might help us understand where = DANE fits in.
 
Regards,
 
Eliot
-- 
Iot-onboarding mailing = list
Iot-onboarding@ietf.orghttps://www.ietf.org/mailman/listinfo/iot-onboarding

= --Apple-Mail=_59561EC1-5C50-4F0E-A87A-B6CB0507B482-- --Apple-Mail=_BD74D807-38E1-48C3-8131-00FDF02C643E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEmNC9kEYdsJKnsmEdh7ZrRtnSejMFAl+ydZYACgkQh7ZrRtnS ejOfcwgA0DH8DGmYcvjQZyILBlkanPrwodbDkx0ClWD1cs3ZGDoDk1f+65P6Sdlc NXeS0zR8L6lWpT7X1L/zbYoXBlf+Z6wC4O7oJZ4EbkNTiQZJglD0h4CrRcIO9sqy i81gTBElZDQ0BVyaEmt/ouNObZ/jUy1ElMKi6j0vsZS/60cl3F9C0k2Y9VbvzJm/ 0KQYHrYxapBljmZx6MnAajrboO7xb8iuNEAfkn7uSJpzWBjRfjGWqeHpLvVsP76F g5rzRyHE2ScsyqBH1S4ok4tscCSRygFceZfYwRexxrFtrShwIAR5OpyMFp7dsUA/ 4dyPChRQ3ZLhnH7kApyuikIDumorew== =itWn -----END PGP SIGNATURE----- --Apple-Mail=_BD74D807-38E1-48C3-8131-00FDF02C643E-- From nobody Mon Nov 16 06:46:40 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F2A33A10FA; Mon, 16 Nov 2020 06:46:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1TTDP-JxZEtf; Mon, 16 Nov 2020 06:46:35 -0800 (PST) Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2197B3A1103; Mon, 16 Nov 2020 06:46:24 -0800 (PST) Received: from fraeml711-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4CZWzt6KsQz67DpT; Mon, 16 Nov 2020 22:44:10 +0800 (CST) Received: from nkgeml707-chm.china.huawei.com (10.98.57.157) by fraeml711-chm.china.huawei.com (10.206.15.60) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 16 Nov 2020 15:46:18 +0100 Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml707-chm.china.huawei.com (10.98.57.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 16 Nov 2020 22:46:16 +0800 Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Mon, 16 Nov 2020 22:46:16 +0800 From: "Panwei (William)" To: Eliot Lear CC: "iot-onboarding@ietf.org" , "secdispatch@ietf.org" Thread-Topic: [Iot-onboarding] [Secdispatch] DANE IOT proposed outcome Thread-Index: AQHWvAcDj5ATxnClv0CbH9AVFrI7YanKopzg//+NWgCAAJZC8A== Date: Mon, 16 Nov 2020 14:46:16 +0000 Message-ID: <92211fff920744319daf91cb755f40fd@huawei.com> References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.52.234.111] Content-Type: multipart/alternative; boundary="_000_92211fff920744319daf91cb755f40fdhuaweicom_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 14:46:40 -0000 --_000_92211fff920744319daf91cb755f40fdhuaweicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRWxpb3QsDQoNCkkgdW5kZXJzdGFuZCB0aGVyZSBzaG91bGQgYmUgc29tZXRoaW5nIHVuaXF1 ZSB0byBpZGVudGl0eSB0aGUgZGV2aWNlLCBpdCBjYW4gYmUgdGhlIGNlcnRpZmljYXRlIG9yIHB1 YmxpYy9wcml2YXRlIGtleSBwYWlyIG9yIHNvbWV0aGluZyBlbHNlLiBJIHRoaW5rIHRoZSB1c2Ug b2YgREFORSBpbiBJb1Qgc2NlbmFyaW8gaXMgdG8gYmluZCB0aGUgZGV2aWNlIGlkZW50aXR5LCBp LmUuLCB0aGUgY2VydGlmaWNhdGUgb3IgcHVibGljIGtleSwgdG8gdGhlIEROUyBkb21haW4gbmFt ZS4NCkluIHRoZSBCUlNLSSBtZWNoYW5pc20sIGFmdGVyIHRoZSBkZXZpY2UgKHBsZWRnZSkgYW5k IHRoZSBuZXR3b3JrIChyZWdpc3RyYXIpIGF1dGhlbnRpY2F0ZSBlYWNoIG90aGVyLCB0aGUgZGV2 aWNlIHdpbGwgYXBwbHkgZm9yIGEgbG9jYWwgY2VydGlmaWNhdGUgZnJvbSB0aGUgbmV0d29yay4g V2hhdCBJIG1lYW4gaXMgdGhhdCB0aGUgbmV0d29yayBtYXkgZG9u4oCZdCBuZWVkIHRvIGhhdmUg dGhlIFBLSSBzeXN0ZW0gdG8gc2lnbiBhIGNlcnRpZmljYXRlIGZvciB0aGUgZGV2aWNlLCBpbnN0 ZWFkLCB0aGUgZGV2aWNlIGNhbiBnZW5lcmF0ZSBhIGtleSBwYWlyIGFuZCB0aGUgbmV0d29yayBh bGxvY2F0ZXMgYSBETlMgZG9tYWluIG5hbWUgdG8gYmUgcmVsYXRlZCB0byB0aGUgcHVibGljIGtl eS4gU28sIGFmdGVyIG9uYm9hcmRpbmcsIHRoZSBkZXZpY2Ugd2lsbCBoYXZlIGEgREFORSBUTFNB IHJlY29yZCwgdGhlcmVmb3JlIGl0IGNhbiB1c2UgdGhhdCB0byBhdXRoZW50aWNhdGUgaXRzZWxm IHRvIHRoZSBzZXJ2ZXIuDQpJbiB0aGUgY2FzZSB3aXRob3V0IGNlcnRpZmljYXRlcywgRFBQL1BP SyBjYW4gc29sdmUgdGhlIG9uYm9hcmRpbmcgcGhhc2UsIHRoZW4gc29tZSBvdGhlciBtZWNoYW5p c21zIG1heSBhbHNvIGJlIG5lZWRlZCB0byBwcm92aXNpb24gdGhlIEROUyBkb21haW4gbmFtZSB0 byB0aGUgZGV2aWNlLg0KDQpSZWdhcmRzICYgVGhhbmtzIQ0KV2VpIFBhbg0KDQpGcm9tOiBJb3Qt b25ib2FyZGluZyBbbWFpbHRvOmlvdC1vbmJvYXJkaW5nLWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJl aGFsZiBPZiBFbGlvdCBMZWFyDQpTZW50OiBNb25kYXksIE5vdmVtYmVyIDE2LCAyMDIwIDg6NTEg UE0NClRvOiBQYW53ZWkgKFdpbGxpYW0pIDx3aWxsaWFtLnBhbndlaUBodWF3ZWkuY29tPg0KQ2M6 IGlvdC1vbmJvYXJkaW5nQGlldGYub3JnOyBzZWNkaXNwYXRjaEBpZXRmLm9yZzsgRWxpb3QgTGVh ciA8bGVhcj00MGNpc2NvLmNvbUBkbWFyYy5pZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbSW90LW9u Ym9hcmRpbmddIFtTZWNkaXNwYXRjaF0gREFORSBJT1QgcHJvcG9zZWQgb3V0Y29tZQ0KDQpIaSBX ZWkgUGFuLA0KDQpJIGFncmVlIHdpdGggeW91IHRoYXQgdGhlcmUgaXMgYSBuZWVkIGZvciBzb21l dGhpbmcgdGhhdCBkb2VzbuKAmXQgcmVxdWlyZSBkZXZpY2VzIHRvIGhhdmUgYSBmdWxsIFBLSSBi dWlsdCBpbi4gIEJ1dCB0aGVyZSBuZWVkcyB0byBiZSBzb21ldGhpbmcgdW5pcXVlIGFib3V0IHRo ZSBkZXZpY2UgdGhhdCBpdCBjYW4gZXhwcmVzcyBhbmQgcHJvdmUuICBBbHNvLCB3ZSBzaG91bGQg c2VwYXJhdGUgb3V0IHR3byBwcm9ibGVtczoNCg0KDQogICogICBQcm92aW5nIHRoZSBwZWVyIHRv IHRoZSBkZXZpY2UNCiAgKiAgIFByb3ZpZGluZyB0aGUgZGV2aWNlIHRvIHRoZSBwZWVyDQoNCkVh Y2ggaGFzIHNsaWdodGx5IGRpZmZlcmVudCBjaGFyYWN0ZXJpc3RpY3MsIGVzcGVjaWFsbHkgd2hl biBpdCBjb21lcyB0byBjZXJ0aWZpY2F0ZXMuICBOb2JvZHkgc2hvdWxkIGV4cGVjdCBhIGh1Z2Ug Y2VydCBzdG9yZSB0byBiZSBvbiBhIGxpZ2h0IHdlaWdodCBjbGllbnQuICBBcyB3YXMgc2FpZCBp biB0aGUgY2hhdCwgdGhhdCBpcyBvbmUgdGhpbmcgdGhhdCBCUlNLSSBzb2x2ZXMuICBCdXQgRFBQ L1BPSyBhbHNvIHNvbHZlcyBpdCB3aXRob3V0IGNlcnRpZmljYXRlcywgYnV0IHN0aWxsIHJlcXVp cmVzIGF0IGxlYXN0IGEgcHVibGljL3ByaXZhdGUga2V5IHBhaXIuIExlc3MgdGhhbiB0aGF0IEkg ZG8gbm90IGtub3cgaG93IHRvIHdvcmsgdGhlIHByb2JsZW0uDQoNCkVsaW90DQoNCg0KT24gMTYg Tm92IDIwMjAsIGF0IDEzOjAyLCBQYW53ZWkgKFdpbGxpYW0pIDx3aWxsaWFtLnBhbndlaUBodWF3 ZWkuY29tPG1haWx0bzp3aWxsaWFtLnBhbndlaUBodWF3ZWkuY29tPj4gd3JvdGU6DQoNClRoYW5r cyB0byBFbGlvdCBmb3Igc3VtbWFyaXppbmcgdGhlc2UuDQoNCkkgdGhpbmsgdGhlIGNvcmUgY29u Y2VwdCBvZiB1c2luZyBEQU5FIGluIElvVCBzY2VuYXJpbyBpcyB0byBnZXQgcmlkIG9mIGNlcnRp ZmljYXRlcyBhbmQgUEtJWC4gVGhlIHNvbHV0aW9uIG9mIGhvdyB0byBzZWN1cmVseSBvbmJvYXJk IHRoZSBJb1QgZGV2aWNlcyBhbmQgYWxsb2NhdGUgdGhlIEROUyBkb21haW4gbmFtZSwgYm90aCB3 aXRoIGFuZCB3aXRob3V0IGluaXRpYWwgY2VydGlmaWNhdGVzLCBpcyB0aGUga2V5IHBhcnQgdG8g ZmlndXJlIG91dC4NCklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIG5vIGluaXRpYWwgY2VydGlmaWNh dGVzLCBzdWNoIGFzIDgwMi4xQVIgSURldklEIGNlcnRpZmljYXRlLCBhcyB0aGVpciBpbml0aWFs IGlkZW50aXR5LCB0aGVuIHRoZSBCUlNLSSBtZWNoYW5pc20gd29u4oCZdCBiZSBhcHByb3ByaWF0 ZSBmb3IgdGhlc2UgZGV2aWNlcyBiZWNhdXNlIEJSU0tJIGhhcyBhIHJlcXVpcmVtZW50IG9mIElE ZXZJRC4NCklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIGFuIElEZXZJRCBjZXJ0aWZpY2F0ZSwgSSB0 aGluayBpdCBjYW4gc3RpbGwgdXNlIEJSU0tJIHRvIG9uYm9hcmQsIGJ1dCBpdCB3b27igJl0IHVz ZSBFU1QgdG8gcmVxdWVzdCBhIGNlcnRpZmljYXRlIGFueSBtb3JlLCBpbnN0ZWFkLCBpdCB3aWxs IGFwcGx5IGZvciBhIEROUyBkb21haW4gbmFtZSBieSB1c2luZyBzb21lIHByb3RvY29scy4NCg0K VGhhdOKAmXMgbXkgcHJlbGltaW5hcnkgdGhvdWdodHMsIG1heWJlIG5vdCByaWdodC4NCg0KUmVn YXJkcyAmIFRoYW5rcyENCldlaSBQYW4NCg0KRnJvbTogU2VjZGlzcGF0Y2ggW21haWx0bzpzZWNk aXNwYXRjaC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgRWxpb3QgTGVhcg0KU2VudDog TW9uZGF5LCBOb3ZlbWJlciAxNiwgMjAyMCA2OjU1IFBNDQpUbzogc2VjZGlzcGF0Y2hAaWV0Zi5v cmc8bWFpbHRvOnNlY2Rpc3BhdGNoQGlldGYub3JnPg0KU3ViamVjdDogW1NlY2Rpc3BhdGNoXSBE QU5FIElPVCBwcm9wb3NlZCBvdXRjb21lDQoNClRoYW5rcyB0byBTaHVtb24gZm9yIHByZXNlbnRp bmcgdGhlIERBTkUgdXNlIGNhc2UgZm9yIElPVC4NCg0KV2UgZGlzY3Vzc2VkIHRha2luZyB0aGlz IHRvIHRoZSBpb3Qtb25ib2FyZGluZ0BpZXRmLm9yZzxtYWlsdG86aW90LW9uYm9hcmRpbmdAaWV0 Zi5vcmc+IGxpc3QgYXMgdGhlcmUgd2VyZSBhIG51bWJlciBvZiByYXRoZXIgYmlnIG9wZW4gaXNz dWVzIHRoYXQgcGVvcGxlIHdhbnRlZCB0byBkaXNjdXNzLg0KDQpXZSBhbHNvIGRpc2N1c3NlZCBh IG5vbi1XRyBmb3JtaW5nIEJPRiB0byBsb29rIGF0LCBhcyBUZWQgcHV0IGl0LCB0aGUgYnJvYWRl ciBjb250ZXh0IGZvciBvbmJvYXJkaW5nLiAgVG8gZ2l2ZSBwZW9wbGUgYSBmZWVsIGZvciB0aGUg c29ydCBvZiByZWxhdGVkIHdvcmsgdGhhdCBpcyBhdmFpbGFibGUsIGhlcmUgYXJlIGEgbGlzdCBv ZiByZWxhdGVkIGFjdGl2aXRpZXM6DQoNCg0KICAqICAgZHJhZnQtaWV0Zi1hbmltYS1ib290c3Ry YXBwaW5nLWtleWluZnJhIChCUlNLSSkgaXMgYSByZXF1ZXN0L3Jlc3BvbnNlIG1lY2hhbmlzbSB0 aGF0IHVzZXMgUkZDIDgzNjYgdm91Y2hlcnMgdG8gaW50cm9kdWNlIGRldmljZXMgYW5kIG5ldHdv cmsgaW5mcmFzdHJ1Y3R1cmUuDQogICogICBJbnRlbOKAmXMgU0RPIHByb3ZpZGVzIGFuIGFwcGxp Y2F0aW9uIGxldmVsIGludHJvZHVjdGlvbiB1c2luZyB2b3VjaGVycyBhcyB3ZWxsLiAgVGhpcyB3 b3JrIGhhcyBiZWVuIHRha2VuIHVwIGJ5IHRoZSBGSURPIGFsbGlhbmNlLg0KICAqICAgVGhlIFdp ZmkgQWxsaWFuY2UgaGFzIERldmljZSBQcm92aXNpb25pbmcgUHJvdG9jb2wgKERQUCkgd2hpY2gg ZG9lcyBub3QgYXR0YWNoIHRvIGEgZ2xvYmFsIG5hbWUgc3BhY2UgcHJpb3IgdG8gcHJvdmlzaW9u aW5nIGhhdmluZyBvY2N1cnJlZCwgYnV0IGRvZXMgcmVwcmVzZW50IGEgbWluaW11bSBjYXNlIChq dXN0IHB1YmxpYyBrZXlzKS4NCiAgKiAgIGRyYWZ0LWZyaWVsLWVhcC10bHMtZWFwLWRwcCBib3Jy b3dzIGZyb20gRFBQLCBpbnRlbmRlZCBtb3N0bHkgZm9yIHdpcmVkIHVzZSwgd2hlcmUgRFBQIGlz IGZvY3VzZWQgb24gODAyLjExIG5ldHdvcmtzLg0KICAqICAgVGhlcmUgYXJlIGEgbnVtYmVyIG9m IEJSU0tJIHJlbGF0ZWQgZHJhZnRzIGJ5IE93ZW4gYXMgd2VsbCwgcmVsYXRpbmcgdG8gY2xvdWQt YmFzZWQgcmVnaXN0cmFycy4NCiAgKiAgIFRoZXJlIGlzIGFsc28gd29yayBieSBNaWNoYWVsIFJp Y2hhcmRzb24gYW5kIFBldGVyIFZhbiBEZXIgU3RvY2sgb24gY29uc3RyYWluZWQgdm91Y2hlcnMu ICBUaGF0IHdvcmsgaXMgdGFraW5nIHBsYWNlIGluIEFDRS4NCg0KVW5kZXJzdGFuZGluZyB0aGUg bGFuZHNjYXBlIG1pZ2h0IGhlbHAgdXMgdW5kZXJzdGFuZCB3aGVyZSBEQU5FIGZpdHMgaW4uDQoN ClJlZ2FyZHMsDQoNCkVsaW90DQotLQ0KSW90LW9uYm9hcmRpbmcgbWFpbGluZyBsaXN0DQpJb3Qt b25ib2FyZGluZ0BpZXRmLm9yZzxtYWlsdG86SW90LW9uYm9hcmRpbmdAaWV0Zi5vcmc+DQpodHRw czovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2lvdC1vbmJvYXJkaW5nDQoNCg== --_000_92211fff920744319daf91cb755f40fdhuaweicom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 SGVsdmV0aWNhOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDIgMiAyIDIgMiA0O30NCkBmb250LWZhY2UN Cgl7Zm9udC1mYW1pbHk6V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7 fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTrlrovkvZM7DQoJcGFub3NlLTE6MiAxIDYgMCAz IDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0K CXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWls eTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UN Cgl7Zm9udC1mYW1pbHk6R2FkdWdpOw0KCXBhbm9zZS0xOjIgMTEgNSAyIDQgMiA0IDIgMiAzO30N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxA5a6L5L2TIjsNCglwYW5vc2UtMToyIDEgNiAw IDMgMSAxIDEgMSAxO30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGku TXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJvdHRvbTou MDAwMXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk65a6L5L2TO30NCmE6bGlu aywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJs dWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlw ZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsN Cgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnNwYW4uYXBwbGUtY29udmVydGVkLXNwYWNl DQoJe21zby1zdHlsZS1uYW1lOmFwcGxlLWNvbnZlcnRlZC1zcGFjZTt9DQpzcGFuLkVtYWlsU3R5 bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiR2Fk dWdpIixzYW5zLXNlcmlmOw0KCWNvbG9yOmJsYWNrO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1z dHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNl Y3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgOTAuMHB0IDcy LjBwdCA5MC4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQov KiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBsMA0KCXttc28tbGlzdC1pZDoxMDAzOTcyNjIz Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczotMTM5Mzg4NzE3MDt9DQpAbGlzdCBsMDpsZXZlbDEN Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsN Cgltc28tbGV2ZWwtdGFiLXN0b3A6MzYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7 DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNv dXJpZXIgTmV3IjsNCgltc28tYmlkaS1mb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjt9DQpA bGlzdCBsMDpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTA4LjBwdDsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1m b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZl bDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C pzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTQ0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAu MHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDUNCgl7bXNvLWxl dmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6MTgwLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt ZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 MjE2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5Oldpbmdk aW5nczt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0 Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjUyLjBwdDsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlz dCBsMDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl bC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVt YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250 LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDkN Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsN Cgltc28tbGV2ZWwtdGFiLXN0b3A6MzI0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0 Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMQ0KCXttc28tbGlzdC1pZDoyMDU1 NjE3NzEzOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczoxNzQwOTA4Mzg7fQ0KQGxpc3QgbDE6bGV2 ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv grc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAu MHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDINCgl7bXNvLWxldmVs LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwt dGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p bHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxMDguMHB0 Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0 Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBs aXN0IGwxOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl dmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZv bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNQ0K CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0K CW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7 DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNg0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWIt c3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6 U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0K CW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0 IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQt c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsOQ0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1z by1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ Zm9udC1mYW1pbHk6U3ltYm9sO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGNtO30NCnVsDQoJe21h cmdpbi1ib3R0b206MGNtO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8 bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFb ZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0i ZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91 dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IlpILUNOIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkhp IEVsaW90LDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtH YWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlm O2NvbG9yOmJsYWNrIj5JIHVuZGVyc3RhbmQgdGhlcmUgc2hvdWxkIGJlIHNvbWV0aGluZyB1bmlx dWUgdG8gaWRlbnRpdHkgdGhlIGRldmljZSwgaXQgY2FuIGJlIHRoZSBjZXJ0aWZpY2F0ZSBvciBw dWJsaWMvcHJpdmF0ZSBrZXkgcGFpciBvciBzb21ldGhpbmcgZWxzZS4gSSB0aGluaw0KIHRoZSB1 c2Ugb2YgREFORSBpbiBJb1Qgc2NlbmFyaW8gaXMgdG8gYmluZCB0aGUgZGV2aWNlIGlkZW50aXR5 LCBpLmUuLCB0aGUgY2VydGlmaWNhdGUgb3IgcHVibGljIGtleSwgdG8gdGhlIEROUyBkb21haW4g bmFtZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2Fk dWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkluIHRoZSBCUlNLSSBtZWNoYW5pc20s IGFmdGVyIHRoZSBkZXZpY2UgKHBsZWRnZSkgYW5kIHRoZSBuZXR3b3JrIChyZWdpc3RyYXIpIGF1 dGhlbnRpY2F0ZSBlYWNoIG90aGVyLCB0aGUgZGV2aWNlIHdpbGwgYXBwbHkgZm9yIGEgbG9jYWwg Y2VydGlmaWNhdGUNCiBmcm9tIHRoZSBuZXR3b3JrLiBXaGF0IEkgbWVhbiBpcyB0aGF0IHRoZSBu ZXR3b3JrIG1heSBkb27igJl0IG5lZWQgdG8gaGF2ZSB0aGUgUEtJIHN5c3RlbSB0byBzaWduIGEg Y2VydGlmaWNhdGUgZm9yIHRoZSBkZXZpY2UsIGluc3RlYWQsIHRoZSBkZXZpY2UgY2FuIGdlbmVy YXRlIGEga2V5IHBhaXIgYW5kIHRoZSBuZXR3b3JrIGFsbG9jYXRlcyBhIEROUyBkb21haW4gbmFt ZSB0byBiZSByZWxhdGVkIHRvIHRoZSBwdWJsaWMga2V5LiBTbywgYWZ0ZXINCiBvbmJvYXJkaW5n LCB0aGUgZGV2aWNlIHdpbGwgaGF2ZSBhIERBTkUgVExTQSByZWNvcmQsIHRoZXJlZm9yZSBpdCBj YW4gdXNlIHRoYXQgdG8gYXV0aGVudGljYXRlIGl0c2VsZiB0byB0aGUgc2VydmVyLjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fu cy1zZXJpZjtjb2xvcjpibGFjayI+SW4gdGhlIGNhc2Ugd2l0aG91dCBjZXJ0aWZpY2F0ZXMsIERQ UC9QT0sgY2FuIHNvbHZlIHRoZSBvbmJvYXJkaW5nIHBoYXNlLCB0aGVuIHNvbWUgb3RoZXIgbWVj aGFuaXNtcyBtYXkgYWxzbyBiZSBuZWVkZWQgdG8gcHJvdmlzaW9uIHRoZSBETlMgZG9tYWluDQog bmFtZSB0byB0aGUgZGV2aWNlLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tYm90dG9tOjMuNnB0O2xpbmUtaGVpZ2h0OjExMCUiPjxzcGFuIGxhbmc9IkVOLVVTIiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtsaW5lLWhlaWdodDoxMTAlO2ZvbnQtZmFtaWx5OiZxdW90 O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5SZWdhcmRzICZhbXA7IFRoYW5r cyE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luLWJvdHRvbTozLjZwdDtsaW5lLWhlaWdodDoxMTAlIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7bGluZS1oZWlnaHQ6MTEwJTtmb250LWZhbWlseTomcXVvdDtH YWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+V2VpIFBhbjxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2 Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0 O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNw YW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVO LVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWYiPiBJb3Qtb25ib2FyZGluZyBbbWFpbHRvOmlvdC1vbmJvYXJkaW5nLWJv dW5jZXNAaWV0Zi5vcmddDQo8Yj5PbiBCZWhhbGYgT2YgPC9iPkVsaW90IExlYXI8YnI+DQo8Yj5T ZW50OjwvYj4gTW9uZGF5LCBOb3ZlbWJlciAxNiwgMjAyMCA4OjUxIFBNPGJyPg0KPGI+VG86PC9i PiBQYW53ZWkgKFdpbGxpYW0pICZsdDt3aWxsaWFtLnBhbndlaUBodWF3ZWkuY29tJmd0Ozxicj4N CjxiPkNjOjwvYj4gaW90LW9uYm9hcmRpbmdAaWV0Zi5vcmc7IHNlY2Rpc3BhdGNoQGlldGYub3Jn OyBFbGlvdCBMZWFyICZsdDtsZWFyPTQwY2lzY28uY29tQGRtYXJjLmlldGYub3JnJmd0Ozxicj4N CjxiPlN1YmplY3Q6PC9iPiBSZTogW0lvdC1vbmJvYXJkaW5nXSBbU2VjZGlzcGF0Y2hdIERBTkUg SU9UIHByb3Bvc2VkIG91dGNvbWU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5I aSBXZWkgUGFuLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkkgYWdy ZWUgd2l0aCB5b3UgdGhhdCB0aGVyZSBpcyBhIG5lZWQgZm9yIHNvbWV0aGluZyB0aGF0IGRvZXNu 4oCZdCByZXF1aXJlIGRldmljZXMgdG8gaGF2ZSBhIGZ1bGwgUEtJIGJ1aWx0IGluLiAmbmJzcDtC dXQgdGhlcmUgbmVlZHMgdG8gYmUNCjxiPnNvbWV0aGluZzwvYj4mbmJzcDt1bmlxdWUgYWJvdXQg dGhlIGRldmljZSB0aGF0IGl0IGNhbiBleHByZXNzIGFuZCBwcm92ZS4gJm5ic3A7QWxzbywgd2Ug c2hvdWxkIHNlcGFyYXRlIG91dCB0d28gcHJvYmxlbXM6PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjx1bCB0eXBlPSJkaXNj Ij4NCjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPHNw YW4gbGFuZz0iRU4tVVMiPlByb3ZpbmcgdGhlIHBlZXIgdG8gdGhlIGRldmljZTxvOnA+PC9vOnA+ PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMCBsZXZlbDEgbGZv MSI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+UHJvdmlkaW5nIHRoZSBkZXZpY2UgdG8gdGhlIHBlZXI8 bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5FYWNoIGhhcyBz bGlnaHRseSBkaWZmZXJlbnQgY2hhcmFjdGVyaXN0aWNzLCBlc3BlY2lhbGx5IHdoZW4gaXQgY29t ZXMgdG8gY2VydGlmaWNhdGVzLiAmbmJzcDtOb2JvZHkgc2hvdWxkIGV4cGVjdCBhIGh1Z2UgY2Vy dCBzdG9yZSB0byBiZSBvbiBhIGxpZ2h0IHdlaWdodCBjbGllbnQuICZuYnNwO0FzIHdhcyBzYWlk IGluIHRoZSBjaGF0LCB0aGF0IGlzIG9uZSB0aGluZyB0aGF0IEJSU0tJIHNvbHZlcy4NCiAmbmJz cDtCdXQgRFBQL1BPSyBhbHNvIHNvbHZlcyBpdCB3aXRob3V0IGNlcnRpZmljYXRlcywgYnV0IHN0 aWxsIHJlcXVpcmVzIGF0IGxlYXN0IGEgcHVibGljL3ByaXZhdGUga2V5IHBhaXIuIExlc3MgdGhh biB0aGF0IEkgZG8gbm90IGtub3cgaG93IHRvIHdvcmsgdGhlIHByb2JsZW0uPG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5FbGlvdDxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIj48YnI+DQo8YnI+DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8YmxvY2txdW90ZSBz dHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+T24gMTYgTm92IDIwMjAsIGF0IDEz OjAyLCBQYW53ZWkgKFdpbGxpYW0pICZsdDs8YSBocmVmPSJtYWlsdG86d2lsbGlhbS5wYW53ZWlA aHVhd2VpLmNvbSI+d2lsbGlhbS5wYW53ZWlAaHVhd2VpLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmIj5UaGFua3MgdG8g RWxpb3QgZm9yIHN1bW1hcml6aW5nIHRoZXNlLjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx dW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmIj4mbmJzcDs8L3NwYW4+PHNwYW4gbGFuZz0iRU4t VVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZiI+SSB0aGluayB0aGUgY29yZSBjb25j ZXB0IG9mIHVzaW5nIERBTkUgaW4gSW9UIHNjZW5hcmlvIGlzIHRvIGdldCByaWQgb2YgY2VydGlm aWNhdGVzIGFuZCBQS0lYLiBUaGUgc29sdXRpb24gb2YgaG93IHRvIHNlY3VyZWx5IG9uYm9hcmQg dGhlIElvVCBkZXZpY2VzIGFuZCBhbGxvY2F0ZQ0KIHRoZSBETlMgZG9tYWluIG5hbWUsIGJvdGgg d2l0aCBhbmQgd2l0aG91dCBpbml0aWFsIGNlcnRpZmljYXRlcywgaXMgdGhlIGtleSBwYXJ0IHRv IGZpZ3VyZSBvdXQuPC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1V UyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7 LHNhbnMtc2VyaWYiPklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIG5vIGluaXRpYWwgY2VydGlmaWNh dGVzLCBzdWNoIGFzIDgwMi4xQVIgSURldklEIGNlcnRpZmljYXRlLCBhcyB0aGVpciBpbml0aWFs IGlkZW50aXR5LCB0aGVuIHRoZSBCUlNLSSBtZWNoYW5pc20gd29u4oCZdCBiZSBhcHByb3ByaWF0 ZSBmb3INCiB0aGVzZSBkZXZpY2VzIGJlY2F1c2UgQlJTS0kgaGFzIGEgcmVxdWlyZW1lbnQgb2Yg SURldklELjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5z LXNlcmlmIj5JZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBhbiBJRGV2SUQgY2VydGlmaWNhdGUsIEkg dGhpbmsgaXQgY2FuIHN0aWxsIHVzZSBCUlNLSSB0byBvbmJvYXJkLCBidXQgaXQgd29u4oCZdCB1 c2UgRVNUIHRvIHJlcXVlc3QgYSBjZXJ0aWZpY2F0ZSBhbnkgbW9yZSwgaW5zdGVhZCwgaXQgd2ls bA0KIGFwcGx5IGZvciBhIEROUyBkb21haW4gbmFtZSBieSB1c2luZyBzb21lIHByb3RvY29scy48 L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZiI+ Jm5ic3A7PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMt c2VyaWYiPlRoYXTigJlzIG15IHByZWxpbWluYXJ5IHRob3VnaHRzLCBtYXliZSBub3QgcmlnaHQu PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWYi PiZuYnNwOzwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhl aWdodDoxMy4ycHQiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZiI+UmVnYXJkcyAmYW1wOyBU aGFua3MhPC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibGluZS1oZWlnaHQ6MTMu MnB0Ij48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWYiPldlaSBQYW48L3NwYW4+PHNwYW4gbGFu Zz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmIj4mbmJzcDs8 L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRk aW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTti b3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZiI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2Ui PjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4g bGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssc2Fucy1zZXJpZiI+U2VjZGlzcGF0Y2gNCiBbPGEgaHJlZj0ibWFpbHRvOnNl Y2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmciPjxzcGFuIHN0eWxlPSJjb2xvcjpwdXJwbGUiPm1h aWx0bzpzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPC9zcGFuPjwvYT5dPHNwYW4gY2xhc3M9 ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxiPk9uIEJlaGFsZiBPZjxzcGFu IGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48L2I+RWxpb3QgTGVh cjxicj4NCjxiPlNlbnQ6PC9iPjxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZu YnNwOzwvc3Bhbj5Nb25kYXksIE5vdmVtYmVyIDE2LCAyMDIwIDY6NTUgUE08YnI+DQo8Yj5Ubzo8 L2I+PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxhIGhy ZWY9Im1haWx0bzpzZWNkaXNwYXRjaEBpZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImNvbG9yOnB1cnBs ZSI+c2VjZGlzcGF0Y2hAaWV0Zi5vcmc8L3NwYW4+PC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPjxz cGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5bU2VjZGlzcGF0 Y2hdIERBTkUgSU9UIHByb3Bvc2VkIG91dGNvbWU8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBsYW5nPSJFTi1VUyI+VGhhbmtzIHRvJm5ic3A7U2h1bW9uIGZvciBwcmVzZW50aW5n IHRoZSBEQU5FIHVzZSBjYXNlIGZvciBJT1QuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+V2UgZGlzY3Vzc2VkIHRh a2luZyB0aGlzIHRvIHRoZTxzcGFuIGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNw Ozwvc3Bhbj48YSBocmVmPSJtYWlsdG86aW90LW9uYm9hcmRpbmdAaWV0Zi5vcmciPjxzcGFuIHN0 eWxlPSJjb2xvcjpwdXJwbGUiPmlvdC1vbmJvYXJkaW5nQGlldGYub3JnPC9zcGFuPjwvYT48c3Bh biBjbGFzcz0iYXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+bGlzdA0KIGFzIHRo ZXJlIHdlcmUgYSBudW1iZXIgb2YgcmF0aGVyIGJpZyBvcGVuIGlzc3VlcyB0aGF0IHBlb3BsZSB3 YW50ZWQgdG8gZGlzY3Vzcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K PGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPldlIGFsc28gZGlzY3Vzc2Vk IGEgbm9uLVdHIGZvcm1pbmcgQk9GIHRvIGxvb2sgYXQsIGFzIFRlZCBwdXQgaXQsIHRoZSBicm9h ZGVyIGNvbnRleHQgZm9yIG9uYm9hcmRpbmcuICZuYnNwO1RvIGdpdmUgcGVvcGxlIGEgZmVlbCBm b3IgdGhlIHNvcnQgb2YgcmVsYXRlZCB3b3JrIHRoYXQgaXMgYXZhaWxhYmxlLCBoZXJlIGFyZSBh IGxpc3Qgb2YgcmVsYXRlZCBhY3Rpdml0aWVzOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRp dj4NCjx1bCBzdHlsZT0ibWFyZ2luLXRvcDowY20iIHR5cGU9ImRpc2MiPg0KPGxpIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+PHNwYW4gbGFuZz0iRU4t VVMiPmRyYWZ0LWlldGYtYW5pbWEtYm9vdHN0cmFwcGluZy1rZXlpbmZyYSAoQlJTS0kpIGlzIGEg cmVxdWVzdC9yZXNwb25zZSBtZWNoYW5pc20gdGhhdCB1c2VzIFJGQyA4MzY2IHZvdWNoZXJzIHRv IGludHJvZHVjZSBkZXZpY2VzIGFuZCBuZXR3b3JrIGluZnJhc3RydWN0dXJlLjxvOnA+PC9vOnA+ PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbGlzdDpsMSBsZXZl bDEgbGZvMiI+PHNwYW4gbGFuZz0iRU4tVVMiPkludGVsPC9zcGFuPuKAmTxzcGFuIGxhbmc9IkVO LVVTIj5zIFNETyBwcm92aWRlcyBhbiBhcHBsaWNhdGlvbiBsZXZlbCBpbnRyb2R1Y3Rpb24gdXNp bmcgdm91Y2hlcnMgYXMgd2VsbC4gJm5ic3A7VGhpcyB3b3JrIGhhcyBiZWVuIHRha2VuIHVwIGJ5 IHRoZSBGSURPIGFsbGlhbmNlLjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+PHNwYW4gbGFuZz0iRU4tVVMi PlRoZSBXaWZpIEFsbGlhbmNlIGhhcyBEZXZpY2UgUHJvdmlzaW9uaW5nIFByb3RvY29sIChEUFAp IHdoaWNoIGRvZXMgbm90IGF0dGFjaCB0byBhIGdsb2JhbCBuYW1lIHNwYWNlIHByaW9yIHRvIHBy b3Zpc2lvbmluZyBoYXZpbmcgb2NjdXJyZWQsIGJ1dCBkb2VzIHJlcHJlc2VudCBhIG1pbmltdW0g Y2FzZSAoanVzdCBwdWJsaWMNCiBrZXlzKS48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzIiPjxzcGFuIGxhbmc9 IkVOLVVTIj5kcmFmdC1mcmllbC1lYXAtdGxzLWVhcC1kcHAgYm9ycm93cyBmcm9tIERQUCwgaW50 ZW5kZWQgbW9zdGx5IGZvciB3aXJlZCB1c2UsIHdoZXJlIERQUCBpcyBmb2N1c2VkIG9uIDgwMi4x MSBuZXR3b3Jrcy48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzIiPjxzcGFuIGxhbmc9IkVOLVVTIj5UaGVyZSBh cmUgYSBudW1iZXIgb2YgQlJTS0kgcmVsYXRlZCBkcmFmdHMgYnkgT3dlbiBhcyB3ZWxsLCByZWxh dGluZyB0byBjbG91ZC1iYXNlZCByZWdpc3RyYXJzLjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxp IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+PHNwYW4g bGFuZz0iRU4tVVMiPlRoZXJlIGlzIGFsc28gd29yayBieSBNaWNoYWVsIFJpY2hhcmRzb24gYW5k IFBldGVyIFZhbiBEZXIgU3RvY2sgb24gY29uc3RyYWluZWQgdm91Y2hlcnMuICZuYnNwO1RoYXQg d29yayBpcyB0YWtpbmcgcGxhY2UgaW4gQUNFLjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PC91bD4N CjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZu YnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlVuZGVyc3Rh bmRpbmcgdGhlIGxhbmRzY2FwZSBtaWdodCBoZWxwIHVzIHVuZGVyc3RhbmQgd2hlcmUgREFORSBm aXRzIGluLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4t VVMiPkVsaW90PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBz dHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7SGVsdmV0aWNhJnF1b3Q7LHNhbnMtc2VyaWYiPi0tPHNw YW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxicj4NCklvdC1v bmJvYXJkaW5nIG1haWxpbmcgbGlzdDxicj4NCjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PGEg aHJlZj0ibWFpbHRvOklvdC1vbmJvYXJkaW5nQGlldGYub3JnIj48c3BhbiBzdHlsZT0iZm9udC1m YW1pbHk6JnF1b3Q7SGVsdmV0aWNhJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6cHVycGxlIj5Jb3Qt b25ib2FyZGluZ0BpZXRmLm9yZzwvc3Bhbj48L2E+PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIiBz dHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7SGVsdmV0aWNhJnF1b3Q7LHNhbnMtc2VyaWYiPjxicj4N Cjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcv bWFpbG1hbi9saXN0aW5mby9pb3Qtb25ib2FyZGluZyI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5 OiZxdW90O0hlbHZldGljYSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOnB1cnBsZSI+aHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pb3Qtb25ib2FyZGluZzwvc3Bhbj48L2E+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_92211fff920744319daf91cb755f40fdhuaweicom_-- From nobody Mon Nov 16 06:47:27 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E46DC3A1125; Mon, 16 Nov 2020 06:47:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.649 X-Spam-Level: X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVwr2JlMgDvI; Mon, 16 Nov 2020 06:47:21 -0800 (PST) Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83AA23A1124; Mon, 16 Nov 2020 06:47:21 -0800 (PST) Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id CFB25548658; Mon, 16 Nov 2020 15:47:15 +0100 (CET) Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id C8DCD440059; Mon, 16 Nov 2020 15:47:15 +0100 (CET) Date: Mon, 16 Nov 2020 15:47:15 +0100 From: Toerless Eckert To: Eliot Lear Cc: "Panwei (William)" , "iot-onboarding@ietf.org" , "secdispatch@ietf.org" Message-ID: <20201116144715.GL39343@faui48f.informatik.uni-erlangen.de> References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 14:47:26 -0000 Wrt. beyond thin device requiring at least a public key pair: I thought there where also mechanisms by which the thin (IOT) device might only have a unique symmetric key that is only shared with some less constrained proxy ("in the cloud") that is supporting the thin device in all more complex (crypto) operations and avoid the need for the thin device to support symmetric crypto - if thats the component beyond its capabilities. Aka: Many ways to cut the cake. On Mon, Nov 16, 2020 at 01:50:30PM +0100, Eliot Lear wrote: > Hi Wei Pan, > > I agree with you that there is a need for something that doesn???t require devices to have a full PKI built in. But there needs to be something unique about the device that it can express and prove. Also, we should separate out two problems: > > Proving the peer to the device > Providing the device to the peer > > Each has slightly different characteristics, especially when it comes to certificates. Nobody should expect a huge cert store to be on a light weight client. As was said in the chat, that is one thing that BRSKI solves. But DPP/POK also solves it without certificates, but still requires at least a public/private key pair. Less than that I do not know how to work the problem. > > Eliot > > > On 16 Nov 2020, at 13:02, Panwei (William) wrote: > > > > Thanks to Eliot for summarizing these. > > > > I think the core concept of using DANE in IoT scenario is to get rid of certificates and PKIX. The solution of how to securely onboard the IoT devices and allocate the DNS domain name, both with and without initial certificates, is the key part to figure out. > > If the IoT devices have no initial certificates, such as 802.1AR IDevID certificate, as their initial identity, then the BRSKI mechanism won???t be appropriate for these devices because BRSKI has a requirement of IDevID. > > If the IoT devices have an IDevID certificate, I think it can still use BRSKI to onboard, but it won???t use EST to request a certificate any more, instead, it will apply for a DNS domain name by using some protocols. > > > > That???s my preliminary thoughts, maybe not right. > > > > Regards & Thanks! > > Wei Pan > > > > From: Secdispatch [mailto:secdispatch-bounces@ietf.org ] On Behalf Of Eliot Lear > > Sent: Monday, November 16, 2020 6:55 PM > > To: secdispatch@ietf.org > > Subject: [Secdispatch] DANE IOT proposed outcome > > > > Thanks to Shumon for presenting the DANE use case for IOT. > > > > We discussed taking this to the iot-onboarding@ietf.org list as there were a number of rather big open issues that people wanted to discuss. > > > > We also discussed a non-WG forming BOF to look at, as Ted put it, the broader context for onboarding. To give people a feel for the sort of related work that is available, here are a list of related activities: > > > > draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a request/response mechanism that uses RFC 8366 vouchers to introduce devices and network infrastructure. > > Intel???s SDO provides an application level introduction using vouchers as well. This work has been taken up by the FIDO alliance. > > The Wifi Alliance has Device Provisioning Protocol (DPP) which does not attach to a global name space prior to provisioning having occurred, but does represent a minimum case (just public keys). > > draft-friel-eap-tls-eap-dpp borrows from DPP, intended mostly for wired use, where DPP is focused on 802.11 networks. > > There are a number of BRSKI related drafts by Owen as well, relating to cloud-based registrars. > > There is also work by Michael Richardson and Peter Van Der Stock on constrained vouchers. That work is taking place in ACE. > > > > Understanding the landscape might help us understand where DANE fits in. > > > > Regards, > > > > Eliot > > -- > > Iot-onboarding mailing list > > Iot-onboarding@ietf.org > > https://www.ietf.org/mailman/listinfo/iot-onboarding > > -- > Iot-onboarding mailing list > Iot-onboarding@ietf.org > https://www.ietf.org/mailman/listinfo/iot-onboarding -- --- tte@cs.fau.de From nobody Mon Nov 16 07:14:03 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B718A3A117C for ; Mon, 16 Nov 2020 07:14:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9pnIFI2YVudH for ; Mon, 16 Nov 2020 07:14:01 -0800 (PST) Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 111FB3A1176 for ; Mon, 16 Nov 2020 07:14:00 -0800 (PST) Received: by mail-ej1-x633.google.com with SMTP id w13so24895817eju.13 for ; Mon, 16 Nov 2020 07:14:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=djpWGS+yZ4+dXu9DjLuYhr+Innc03r1HMIyegUrqKWQ=; b=N3Gv6yZTsVayJlyl1RMzVfuN3L5YKh/bcaq6AWTxnCYlEeLB39qy01BDOlMMC2j1Nb enUYhLHgNYCKwUmkqQHYGh+zOq6cgO3KLNhrzUncz6I46UwgISHHk2aEfKWIwtGXl4PF S+84iYT10R71mQoGBeLq9UI9tlcFbKMU+fppmnSieR4uBxOGvYzWOuMX4mr67sGVazvJ +Jt0MjtJ9it0n7dzea9+NwetNkIZB6t7C0JCnyD6tBNzJWj93HDc9u3Cb3TZb1Qqetoe y0k4wRGHXJuwK0D7AYar2t2ImrP8uezD3WgiBZM9jD9ZxIWhQJlcWJN1ujIlA1+BuIvx oRLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=djpWGS+yZ4+dXu9DjLuYhr+Innc03r1HMIyegUrqKWQ=; b=m6ioh+1Wkwp9rflKAgDOhVSx92u7VeAmWbJkeQNHDy4rmZDNLp6K+BwwmkIyJmfT5O oAqMPyPPuCrzombp4u7dsCutQT0iwvZm/BTZDSOkFqBSNGMQibEQk3pbQnZ91pDqyk4h gn+dg4+dreMJM+pbFPuiHg4FxPpeXT+vgzXnMgAI2XiFdlPwSBPpEf5ImXVuA4x9ZpXW +RnBseDsHfngw4JMKROcCEFEusegPsE5C4yiyMQHHtJqoRI//+iHazBX9KQk9wreaFQh RHuNY2TzgSfySTuf1AwPgMJWdKhZzHm+ObLYz2rLvNBrRG3w/i4TVfqWkMBiYJbtavVJ QUMg== X-Gm-Message-State: AOAM530reYoGmQtpybACKoWF6GiETProqf/iQJAG2YkUMxzkXytyPtur u5odKwU30GgbzMRmAxWUd/fmAyGaYhIGV1Yu3Wgr+3kQGNk= X-Google-Smtp-Source: ABdhPJwnwBTLnYhgpP0wc9MLa3W2diJP/XAJyDezVyvBlVM3H6JjKeMR6xPfbqBMvXvvlX7GX4RR5To5nLl5JIudcn0= X-Received: by 2002:a17:906:ca93:: with SMTP id js19mr14600622ejb.124.1605539639253; Mon, 16 Nov 2020 07:13:59 -0800 (PST) MIME-Version: 1.0 References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> From: Shumon Huque Date: Mon, 16 Nov 2020 10:13:47 -0500 Message-ID: To: Eliot Lear Cc: IETF SecDispatch Content-Type: multipart/alternative; boundary="000000000000dedd4605b43ad3ae" Archived-At: Subject: Re: [Secdispatch] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 15:14:03 -0000 --000000000000dedd4605b43ad3ae Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thanks Elliott for this summary. We will start a discussion on the iot-onboarding list. Shumon. On Mon, Nov 16, 2020 at 5:55 AM Eliot Lear wrote: > Thanks to Shumon for presenting the DANE use case for IOT. > > We discussed taking this to the iot-onboarding@ietf.org list as there > were a number of rather big open issues that people wanted to discuss. > > We also discussed a non-WG forming BOF to look at, as Ted put it, the > broader context for onboarding. To give people a feel for the sort of > related work that is available, here are a list of related activities: > > > - draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a > request/response mechanism that uses RFC 8366 vouchers to introduce de= vices > and network infrastructure. > - Intel=E2=80=99s SDO provides an application level introduction using > vouchers as well. This work has been taken up by the FIDO alliance. > - The Wifi Alliance has Device Provisioning Protocol (DPP) which does > not attach to a global name space prior to provisioning having occurre= d, > but does represent a minimum case (just public keys). > - draft-friel-eap-tls-eap-dpp borrows from DPP, intended mostly for > wired use, where DPP is focused on 802.11 networks. > - There are a number of BRSKI related drafts by Owen as well, relating > to cloud-based registrars. > - There is also work by Michael Richardson and Peter Van Der Stock on > constrained vouchers. That work is taking place in ACE. > > > Understanding the landscape might help us understand where DANE fits in. > > Regards, > > Eliot > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000dedd4605b43ad3ae Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Elliott for this summary.

=
We will start a discussion on the iot-onboarding list.

<= /div>
Shumon.

On Mon, Nov 16, 2020 at 5:55 AM Eliot Lear <lear=3D= 40cisco.com@dmarc.ietf.org> wrote:
Thanks to=C2=A0Shumon for presenting the DANE use case for IOT.<= div>
We discussed taking this to the iot-onboarding@ietf.org list as th= ere were a number of rather big open issues that people wanted to discuss.<= /div>

We also discussed a non-WG forming BOF to look at,= as Ted put it, the broader context for onboarding.=C2=A0 To give people a = feel for the sort of related work that is available, here are a list of rel= ated activities:

  • draft-ietf-anima-bootstra= pping-keyinfra (BRSKI) is a request/response mechanism that uses RFC 8366 v= ouchers to introduce devices and network infrastructure.
  • Intel=E2= =80=99s SDO provides an application level introduction using vouchers as we= ll.=C2=A0 This work has been taken up by the FIDO alliance.
  • The Wif= i Alliance has Device Provisioning Protocol (DPP) which does not attach to = a global name space prior to provisioning having occurred, but does represe= nt a minimum case (just public keys).
  • draft-friel-eap-tls-eap-dpp b= orrows from DPP, intended mostly for wired use, where DPP is focused on 802= .11 networks.
  • There are a number of BRSKI related drafts by Owen as= well, relating to cloud-based registrars.
  • There is also work by Mi= chael Richardson and Peter Van Der Stock on constrained vouchers.=C2=A0 Tha= t work is taking place in ACE.

Understan= ding the landscape might help us understand where DANE fits in.
<= br>
Regards,

Eliot
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000dedd4605b43ad3ae-- From nobody Mon Nov 16 07:17:29 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA48F3A1154; Mon, 16 Nov 2020 07:17:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RPv7qrZQoSLx; Mon, 16 Nov 2020 07:17:21 -0800 (PST) Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93DC73A1148; Mon, 16 Nov 2020 07:17:21 -0800 (PST) Received: from fraeml709-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4CZXh438rtz67DmL; Mon, 16 Nov 2020 23:15:32 +0800 (CST) Received: from nkgeml707-chm.china.huawei.com (10.98.57.157) by fraeml709-chm.china.huawei.com (10.206.15.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 16 Nov 2020 16:17:18 +0100 Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml707-chm.china.huawei.com (10.98.57.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 16 Nov 2020 23:17:16 +0800 Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Mon, 16 Nov 2020 23:17:16 +0800 From: "Panwei (William)" To: Toerless Eckert CC: "iot-onboarding@ietf.org" , "secdispatch@ietf.org" , Eliot Lear Thread-Topic: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome Thread-Index: AQHWvCdupHu9Et5uqESJweqP6x79banK3KVg Date: Mon, 16 Nov 2020 15:17:16 +0000 Message-ID: <5d902684f6a940448ca986d0466bc941@huawei.com> References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> <20201116144715.GL39343@faui48f.informatik.uni-erlangen.de> In-Reply-To: <20201116144715.GL39343@faui48f.informatik.uni-erlangen.de> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.52.234.111] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 15:17:24 -0000 Hi Toerless, You're right, there're many ways to identify the device. But In the DANE cl= ient authentication case, the device's identity can only be the certificate= or a public key pair, I think, because the DNS Server needs to store the p= ublic key hash values. Except the initial identity, the device may be allocated a local identity a= fter onboarding. So if the device has an initial identity of symmetric key,= it has to be allocated a local identity of certificate or public key pair,= then the local identity can be bound to a DNS domain name. Regards & Thanks! Wei Pan -----Original Message----- From: Secdispatch [mailto:secdispatch-bounces@ietf.org] On Behalf Of Toerle= ss Eckert Sent: Monday, November 16, 2020 10:47 PM To: Eliot Lear Cc: iot-onboarding@ietf.org; secdispatch@ietf.org; Panwei (William) Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome Wrt. beyond thin device requiring at least a public key pair: I thought there where also mechanisms by which the thin (IOT) device might = only have a unique symmetric key that is only shared with some less constra= ined proxy ("in the cloud") that is supporting the thin device in all more = complex (crypto) operations and avoid the need for the thin device to supp= ort symmetric crypto - if thats the component beyond its capabilities.=20 Aka: Many ways to cut the cake.=20 On Mon, Nov 16, 2020 at 01:50:30PM +0100, Eliot Lear wrote: > Hi Wei Pan, >=20 > I agree with you that there is a need for something that doesn???t requir= e devices to have a full PKI built in. But there needs to be something uni= que about the device that it can express and prove. Also, we should separa= te out two problems: >=20 > Proving the peer to the device > Providing the device to the peer >=20 > Each has slightly different characteristics, especially when it comes to = certificates. Nobody should expect a huge cert store to be on a light weig= ht client. As was said in the chat, that is one thing that BRSKI solves. = But DPP/POK also solves it without certificates, but still requires at leas= t a public/private key pair. Less than that I do not know how to work the p= roblem. >=20 > Eliot >=20 > > On 16 Nov 2020, at 13:02, Panwei (William) = wrote: > >=20 > > Thanks to Eliot for summarizing these. > >=20 > > I think the core concept of using DANE in IoT scenario is to get rid of= certificates and PKIX. The solution of how to securely onboard the IoT dev= ices and allocate the DNS domain name, both with and without initial certif= icates, is the key part to figure out. > > If the IoT devices have no initial certificates, such as 802.1AR IDevID= certificate, as their initial identity, then the BRSKI mechanism won???t b= e appropriate for these devices because BRSKI has a requirement of IDevID. > > If the IoT devices have an IDevID certificate, I think it can still use= BRSKI to onboard, but it won???t use EST to request a certificate any more= , instead, it will apply for a DNS domain name by using some protocols. > >=20 > > That???s my preliminary thoughts, maybe not right. > >=20 > > Regards & Thanks! > > Wei Pan > >=20 > > From: Secdispatch [mailto:secdispatch-bounces@ietf.org=20 > > ] On Behalf Of Eliot Lear > > Sent: Monday, November 16, 2020 6:55 PM > > To: secdispatch@ietf.org > > Subject: [Secdispatch] DANE IOT proposed outcome > >=20 > > Thanks to Shumon for presenting the DANE use case for IOT. > >=20 > > We discussed taking this to the iot-onboarding@ietf.org list as there were a number of rather big open issues tha= t people wanted to discuss. > >=20 > > We also discussed a non-WG forming BOF to look at, as Ted put it, the b= roader context for onboarding. To give people a feel for the sort of relat= ed work that is available, here are a list of related activities: > >=20 > > draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a request/response m= echanism that uses RFC 8366 vouchers to introduce devices and network infra= structure. > > Intel???s SDO provides an application level introduction using vouchers= as well. This work has been taken up by the FIDO alliance. > > The Wifi Alliance has Device Provisioning Protocol (DPP) which does not= attach to a global name space prior to provisioning having occurred, but d= oes represent a minimum case (just public keys). > > draft-friel-eap-tls-eap-dpp borrows from DPP, intended mostly for wired= use, where DPP is focused on 802.11 networks. > > There are a number of BRSKI related drafts by Owen as well, relating to= cloud-based registrars. > > There is also work by Michael Richardson and Peter Van Der Stock on con= strained vouchers. That work is taking place in ACE. > >=20 > > Understanding the landscape might help us understand where DANE fits in= . > >=20 > > Regards, > >=20 > > Eliot > > -- > > Iot-onboarding mailing list > > Iot-onboarding@ietf.org =20 > > https://www.ietf.org/mailman/listinfo/iot-onboarding=20 > > >=20 > -- > Iot-onboarding mailing list > Iot-onboarding@ietf.org > https://www.ietf.org/mailman/listinfo/iot-onboarding --=20 --- tte@cs.fau.de _______________________________________________ Secdispatch mailing list Secdispatch@ietf.org https://www.ietf.org/mailman/listinfo/secdispatch From nobody Mon Nov 16 07:19:41 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A04DB3A1174; Mon, 16 Nov 2020 07:19:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K3CDPxKYzDKM; Mon, 16 Nov 2020 07:19:36 -0800 (PST) Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0C493A116E; Mon, 16 Nov 2020 07:19:35 -0800 (PST) Received: by mail-ed1-x529.google.com with SMTP id a15so19119116edy.1; Mon, 16 Nov 2020 07:19:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9+gmpoaa6OavgOxI1DNWWPwTrbzG3+/AEiNJ7YGd3S8=; b=Nnqmu84EAqnXXtCEyDaKGkbhrNRgn6GMlkN6Cbxw//o/fG3qjwxt+bV0PXBin0DhVV Rsuq2ALSh7M/1x7WJm8algbOpPfHbSIJ4y9q/fxouZzX7aZEEHzPcrY2RRxnojb3EKzl 217R8TPVtoXkHSix4yfVPgKMBpltNGCwRyzWboUT9/OQfmYtaVyFiu4P3GthSCjdqwhk k5xjuuPfzHyfGzR7Uod5It0b9drTHyv7YURoPDEYPl3/ugD9BNdPn0RshNR6aVr51OC9 f3GR3ljK59av33BL+XfYffm38C00tmQRDgloI/Ky1qSLIYcdljkyXtm8SLQ+ykuYblYn OW1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9+gmpoaa6OavgOxI1DNWWPwTrbzG3+/AEiNJ7YGd3S8=; b=rMQ4Z1Wc1fD050jQcBZ11o6+mbnfCaM0BvaJ3JvuHy6afAWJQTAbtv0Wc5QB6Q5y5O RauL41vqN9qPi/9giBshHeGvwUI3LdtSG6BQtTCvqtY9RwyjCgLPNYVfWlogLFg+i4IX YKnvLaOVNf+iasfbrsKGM11bqWCplNn/c7hEfU/dNyyY1TFvsBLQWOjKOZSQhbyyYW31 45ofFJlZTc9tgKc8zVN6A1I++QDZQ8FO60PiryCoV6yBFv0fEEvfhYvlLdVX98x+6da0 SLNjFZRz9RtcqnjU6Cy6RNH7LxfA921M1DmT7GDIpTIJWmWXOvzZcsibfuWVaWW9+bbi LsCQ== X-Gm-Message-State: AOAM533af4+VqrKCr3dpzYJWpOkslq1Ou5YSYeviIhOccMydgTdxHhXW XKx6XaBRrh8xTFondk6rYy+QCUvo/qPMpuS+lxc= X-Google-Smtp-Source: ABdhPJwQ6KrUp7ItIhW72p2Ri+tMl/i0J9q/ZqP69lVEA5Vy/MXEhFPBSXk05bsRCujGQHPxFVNw/3R+sJRTIVIxTLw= X-Received: by 2002:a50:ff05:: with SMTP id a5mr16492444edu.43.1605539974315; Mon, 16 Nov 2020 07:19:34 -0800 (PST) MIME-Version: 1.0 References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: From: Shumon Huque Date: Mon, 16 Nov 2020 10:19:23 -0500 Message-ID: To: "Panwei (William)" Cc: Eliot Lear , "iot-onboarding@ietf.org" , "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000d7819305b43ae728" Archived-At: Subject: Re: [Secdispatch] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 15:19:39 -0000 --000000000000d7819305b43ae728 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Wei Pan, I'll ask Ash (who is more plugged into the IOT ecosystem than I am) to confirm .. but yes, our use case expects devices to have IDevID or some other preconfigured unique value, so it should be possible to work with BRSKI. For the DNS record format naming, we were initially looking at the formats defined in draft-friel-pki-for-devices, specifically the LDevID organization managed form, but have a slightly simpler form currently specified in the draft. Shumon. On Mon, Nov 16, 2020 at 7:02 AM Panwei (William) wrote: > Thanks to Eliot for summarizing these. > > > > I think the core concept of using DANE in IoT scenario is to get rid of > certificates and PKIX. The solution of how to securely onboard the IoT > devices and allocate the DNS domain name, both with and without initial > certificates, is the key part to figure out. > > If the IoT devices have no initial certificates, such as 802.1AR IDevID > certificate, as their initial identity, then the BRSKI mechanism won=E2= =80=99t be > appropriate for these devices because BRSKI has a requirement of IDevID. > > If the IoT devices have an IDevID certificate, I think it can still use > BRSKI to onboard, but it won=E2=80=99t use EST to request a certificate a= ny more, > instead, it will apply for a DNS domain name by using some protocols. > > > > That=E2=80=99s my preliminary thoughts, maybe not right. > > > > Regards & Thanks! > > Wei Pan > > > > *From:* Secdispatch [mailto:secdispatch-bounces@ietf.org] *On Behalf Of *= Eliot > Lear > *Sent:* Monday, November 16, 2020 6:55 PM > *To:* secdispatch@ietf.org > *Subject:* [Secdispatch] DANE IOT proposed outcome > > > > Thanks to Shumon for presenting the DANE use case for IOT. > > > > We discussed taking this to the iot-onboarding@ietf.org list as there > were a number of rather big open issues that people wanted to discuss. > > > > We also discussed a non-WG forming BOF to look at, as Ted put it, the > broader context for onboarding. To give people a feel for the sort of > related work that is available, here are a list of related activities: > > > > - draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a > request/response mechanism that uses RFC 8366 vouchers to introduce de= vices > and network infrastructure. > - Intel=E2=80=99s SDO provides an application level introduction using > vouchers as well. This work has been taken up by the FIDO alliance. > - The Wifi Alliance has Device Provisioning Protocol (DPP) which does > not attach to a global name space prior to provisioning having occurre= d, > but does represent a minimum case (just public keys). > - draft-friel-eap-tls-eap-dpp borrows from DPP, intended mostly for > wired use, where DPP is focused on 802.11 networks. > - There are a number of BRSKI related drafts by Owen as well, relating > to cloud-based registrars. > - There is also work by Michael Richardson and Peter Van Der Stock on > constrained vouchers. That work is taking place in ACE. > > > > Understanding the landscape might help us understand where DANE fits in. > > > > Regards, > > > > Eliot > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000d7819305b43ae728 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Wei Pan,

I'll ask Ash= (who is more plugged into the IOT ecosystem than I am) to confirm .. but y= es, our use case expects devices to have IDevID or some other preconfigured= unique value, so it should be possible to work with BRSKI. For the DNS rec= ord format naming, we were initially looking at the formats defined in draf= t-friel-pki-for-devices, specifically the LDevID organization managed form,= but have a slightly simpler form currently specified in the draft.

Shumon.

On Mon, Nov 16, 2020 at 7:02 AM Panwei (Willi= am) <william.panwei@huawei.= com> wrote:

Thanks to Eliot for summari= zing these.

=C2=A0=

I think the core concept of= using DANE in IoT scenario is to get rid of certificates and PKIX. The sol= ution of how to securely onboard the IoT devices and allocate the DNS domain name, both with and without initial certificat= es, is the key part to figure out.

If the IoT devices have no = initial certificates, such as 802.1AR IDevID certificate, as their initial = identity, then the BRSKI mechanism won=E2=80=99t be appropriate for these devices because BRSKI has a requirement of IDevID.=

If the IoT devices have an = IDevID certificate, I think it can still use BRSKI to onboard, but it won= =E2=80=99t use EST to request a certificate any more, instead, it will apply for a DNS domain name by using some protocols.=

=C2=A0=

That=E2=80=99s my prelimina= ry thoughts, maybe not right.

=C2=A0=

Regards & Thanks!

Wei Pan

=C2=A0=

From: Secd= ispatch [mailto:secdispatch-bounces@ietf.org] On Behalf Of Eliot Lear
Sent: Monday, November 16, 2020 6:55 PM
To: secdis= patch@ietf.org
Subject: [Secdispatch] DANE IOT proposed outcome

=C2=A0

Thanks to=C2=A0Shumon for prese= nting the DANE use case for IOT.

=C2=A0

We discussed taking this to the= iot-onboarding@ietf.org list as there were a number of rather big open = issues that people wanted to discuss.

=C2=A0

We also discussed a non-WG form= ing BOF to look at, as Ted put it, the broader context for onboarding.=C2= =A0 To give people a feel for the sort of related work that is available, h= ere are a list of related activities:

=C2=A0

  • draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a r= equest/response mechanism that uses RFC 8366 vouchers to introduce devices = and network infrastructure.
  • Intel=E2=80=99s SDO provides an application level intr= oduction using vouchers as well.=C2=A0 This work has been taken up by the F= IDO alliance.
  • The Wifi Alliance has Device Provisioning Protocol (DP= P) which does not attach to a global name space prior to provisioning havin= g occurred, but does represent a minimum case (just public keys).=
  • draft-friel-eap-tls-eap-dpp borrows from DPP, intended= mostly for wired use, where DPP is focused on 802.11 networks.
  • There are a number of BRSKI related drafts by Owen as = well, relating to cloud-based registrars.
  • There is also work by Michael Richardson and Peter Van= Der Stock on constrained vouchers.=C2=A0 That work is taking place in ACE.=

=C2=A0

Understanding the landscape mig= ht help us understand where DANE fits in.

=C2=A0

Regards,

=C2=A0

Eliot

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000d7819305b43ae728-- From nobody Mon Nov 16 07:31:56 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA1B33A11C4; Mon, 16 Nov 2020 07:31:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hp4-yApY1zZO; Mon, 16 Nov 2020 07:31:43 -0800 (PST) Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 907253A11AC; Mon, 16 Nov 2020 07:31:43 -0800 (PST) Received: by mail-ed1-x536.google.com with SMTP id q16so3944679edv.10; Mon, 16 Nov 2020 07:31:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7rXSr7XAsPXxLmXVmnE99hMLs7nWgrQdikmqG+FIuUA=; b=htmHvn2AqrCwPXCiXU47FxwAu7Zs2ERYgaM3TDfMr21kLvdhJ75MPmmXvlFYew66pT L09aTAMf1IRfWtR+8mBtywaBwMlJogc7nywO4NO/L9WgtzLcFjKSKmxXoJ0eY45DbxNa Rkj4alrqb54nxYtqJjY4iJL6kB7ioIfMOZE0F1otUdrxzTrtJ2u9SKo9wiSywKxjjB2v icm+0U5l6mxz5n/Fq5NCjMkKnERsZx48aTEfNo7wUsRQVyi5Ttmz3AaHc0Z5Q3k1Yc7F yDEgSnl79cja+udRqiIunnwsVkBO4x61fQI3cPY/MJTjrSPitkxquY06xY+O1h7FiQ02 XP8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7rXSr7XAsPXxLmXVmnE99hMLs7nWgrQdikmqG+FIuUA=; b=Lt6CJ7wB6FKFD7oXPtvVrmN8sgLfbQ2/7ctSz+zPHVWWZpFBErMLjn757+CvFI5+Pq c/UeuLCQBpWyFrz33jZR9KHfVSKINC7UdAs9ziJKGGc//RrUIAJvvK4QsrigHZTgjIVd VUDFVSvZU9fHpr/xteJ+YWKmLTL3RLoleueQ4BB1u6AG7RrQdecOjvd+ILwupwym6ILs rDQ9ICLclkX0esYUWB3KbUQtb2OXd6ZKNtQN7y9h9q74bHweOeJIsuuA5FOrmemlLRBB YcXxtWXYXp0VJa/+26jklQDITeDuTKWC9B4em87uCKFekPzpoMCJfQtgwS58BtqdwFsW aEqg== X-Gm-Message-State: AOAM531h4kcunhEH91DLMscUE5xMKoEjtTiJ0hY7OEjDMG/XiWWK6WZ2 IplXnfoJAd6/iVMq1WHK8V6MbYLUT1hTqwZNKflq/WxG5KI= X-Google-Smtp-Source: ABdhPJx5HzOxVseKaNNNsvFY5tQBopdijcoOWZm8hfoPfXea09+0i3gi62gHOLJhVS0EOGrnIUYQiSoL0h352vnMJzg= X-Received: by 2002:aa7:d48d:: with SMTP id b13mr15770158edr.264.1605540701958; Mon, 16 Nov 2020 07:31:41 -0800 (PST) MIME-Version: 1.0 References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> <20201116144715.GL39343@faui48f.informatik.uni-erlangen.de> <5d902684f6a940448ca986d0466bc941@huawei.com> In-Reply-To: <5d902684f6a940448ca986d0466bc941@huawei.com> From: Shumon Huque Date: Mon, 16 Nov 2020 10:31:30 -0500 Message-ID: To: "Panwei (William)" Cc: Toerless Eckert , "iot-onboarding@ietf.org" , "secdispatch@ietf.org" , Eliot Lear Content-Type: multipart/alternative; boundary="0000000000003674c905b43b1348" Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 15:31:52 -0000 --0000000000003674c905b43b1348 Content-Type: text/plain; charset="UTF-8" On Mon, Nov 16, 2020 at 10:17 AM Panwei (William) wrote: > Hi Toerless, > > You're right, there're many ways to identify the device. But In the DANE > client authentication case, the device's identity can only be the > certificate or a public key pair, I think, because the DNS Server needs to > store the public key hash values. > Correct. DANE records store X.509 certificates, their public key components, or raw public keys -- most commonly hashes of them, but can store the full certificate/key too. Shumon. --0000000000003674c905b43b1348 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Toerless,

You're right, there're many ways to identify the device. But In the= DANE client authentication case, the device's identity can only be the= certificate or a public key pair, I think, because the DNS Server needs to= store the public key hash values.

Corr= ect. DANE records store X.509 certificates, their public key components, or= raw public keys -- most commonly hashes of them, but can store the full ce= rtificate/key too.

Shumon.

--0000000000003674c905b43b1348-- From nobody Mon Nov 16 07:51:44 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD4CC3A1219; Mon, 16 Nov 2020 07:51:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.895 X-Spam-Level: X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cKP_cG8BecJH; Mon, 16 Nov 2020 07:51:40 -0800 (PST) Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57D9C3A1218; Mon, 16 Nov 2020 07:51:40 -0800 (PST) Received: from fraeml706-chm.china.huawei.com (unknown [172.18.147.201]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4CZYRg6S7Rz67DmZ; Mon, 16 Nov 2020 23:49:51 +0800 (CST) Received: from nkgeml707-chm.china.huawei.com (10.98.57.157) by fraeml706-chm.china.huawei.com (10.206.15.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Mon, 16 Nov 2020 16:51:37 +0100 Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml707-chm.china.huawei.com (10.98.57.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 16 Nov 2020 23:51:35 +0800 Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Mon, 16 Nov 2020 23:51:35 +0800 From: "Panwei (William)" To: Shumon Huque CC: Eliot Lear , "iot-onboarding@ietf.org" , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] DANE IOT proposed outcome Thread-Index: AQHWvAcDj5ATxnClv0CbH9AVFrI7YanKopzg//+284CAAI17oA== Date: Mon, 16 Nov 2020 15:51:34 +0000 Message-ID: References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.52.234.111] Content-Type: multipart/alternative; boundary="_000_eb52017315ba45279dc686dbb610045ehuaweicom_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Secdispatch] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 15:51:43 -0000 --_000_eb52017315ba45279dc686dbb610045ehuaweicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgU2h1bW9uLA0KDQpUaGFua3MuDQoNCkkgd2FzIG5vdCBzbyBjbGVhciBhYm91dCBob3cgdG8g dXNlIERBTkUgYmVmb3JlLCBtb3N0bHkgbm90IGNsZWFyIGFib3V0IGhvdyB0byBiaW5kIHRoZSBk ZXZpY2XigJlzIGlkZW50aXR5IHRvIHRoZSBETlMgZG9tYWluIG5hbWUgc2VjdXJlbHkgYW5kIGF1 dG9tYXRpY2FsbHkuDQpBZnRlciBFbGlvdOKAmXMgZXhwbGFuYXRpb24sIEkgdW5kZXJzdGFuZCB0 aGVyZSBhcmUgdHdvIHBhcnRzOiB0aGUgZGV2aWNlIG9uYm9hcmRpbmcgcGFydCBhbmQgdGhlIERO UyBkb21haW4gbmFtZSBwcm92aXNpb25pbmcgcGFydC4gQW5kIHRoZXNlIHR3byBwYXJ0cyBjYW4g YmUgaW50ZWdyYXRlZCwgZm9yIGV4YW1wbGUsIHdoZW4gdXNpbmcgQlJTS0ksIHRoZSBhbGxvY2F0 ZWQgRE5TIGRvbWFpbiBuYW1lIGNhbiBiZSBib3VuZCB0byB0aGUgTERldklELg0KDQpSZWdhcmRz ICYgVGhhbmtzIQ0KV2VpIFBhbg0KDQpGcm9tOiBTaHVtb24gSHVxdWUgW21haWx0bzpzaHVxdWVA Z21haWwuY29tXQ0KU2VudDogTW9uZGF5LCBOb3ZlbWJlciAxNiwgMjAyMCAxMToxOSBQTQ0KVG86 IFBhbndlaSAoV2lsbGlhbSkgPHdpbGxpYW0ucGFud2VpQGh1YXdlaS5jb20+DQpDYzogRWxpb3Qg TGVhciA8bGVhcj00MGNpc2NvLmNvbUBkbWFyYy5pZXRmLm9yZz47IGlvdC1vbmJvYXJkaW5nQGll dGYub3JnOyBzZWNkaXNwYXRjaEBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtTZWNkaXNwYXRjaF0g REFORSBJT1QgcHJvcG9zZWQgb3V0Y29tZQ0KDQpIaSBXZWkgUGFuLA0KDQpJJ2xsIGFzayBBc2gg KHdobyBpcyBtb3JlIHBsdWdnZWQgaW50byB0aGUgSU9UIGVjb3N5c3RlbSB0aGFuIEkgYW0pIHRv IGNvbmZpcm0gLi4gYnV0IHllcywgb3VyIHVzZSBjYXNlIGV4cGVjdHMgZGV2aWNlcyB0byBoYXZl IElEZXZJRCBvciBzb21lIG90aGVyIHByZWNvbmZpZ3VyZWQgdW5pcXVlIHZhbHVlLCBzbyBpdCBz aG91bGQgYmUgcG9zc2libGUgdG8gd29yayB3aXRoIEJSU0tJLiBGb3IgdGhlIEROUyByZWNvcmQg Zm9ybWF0IG5hbWluZywgd2Ugd2VyZSBpbml0aWFsbHkgbG9va2luZyBhdCB0aGUgZm9ybWF0cyBk ZWZpbmVkIGluIGRyYWZ0LWZyaWVsLXBraS1mb3ItZGV2aWNlcywgc3BlY2lmaWNhbGx5IHRoZSBM RGV2SUQgb3JnYW5pemF0aW9uIG1hbmFnZWQgZm9ybSwgYnV0IGhhdmUgYSBzbGlnaHRseSBzaW1w bGVyIGZvcm0gY3VycmVudGx5IHNwZWNpZmllZCBpbiB0aGUgZHJhZnQuDQoNClNodW1vbi4NCg0K T24gTW9uLCBOb3YgMTYsIDIwMjAgYXQgNzowMiBBTSBQYW53ZWkgKFdpbGxpYW0pIDx3aWxsaWFt LnBhbndlaUBodWF3ZWkuY29tPG1haWx0bzp3aWxsaWFtLnBhbndlaUBodWF3ZWkuY29tPj4gd3Jv dGU6DQpUaGFua3MgdG8gRWxpb3QgZm9yIHN1bW1hcml6aW5nIHRoZXNlLg0KDQpJIHRoaW5rIHRo ZSBjb3JlIGNvbmNlcHQgb2YgdXNpbmcgREFORSBpbiBJb1Qgc2NlbmFyaW8gaXMgdG8gZ2V0IHJp ZCBvZiBjZXJ0aWZpY2F0ZXMgYW5kIFBLSVguIFRoZSBzb2x1dGlvbiBvZiBob3cgdG8gc2VjdXJl bHkgb25ib2FyZCB0aGUgSW9UIGRldmljZXMgYW5kIGFsbG9jYXRlIHRoZSBETlMgZG9tYWluIG5h bWUsIGJvdGggd2l0aCBhbmQgd2l0aG91dCBpbml0aWFsIGNlcnRpZmljYXRlcywgaXMgdGhlIGtl eSBwYXJ0IHRvIGZpZ3VyZSBvdXQuDQpJZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBubyBpbml0aWFs IGNlcnRpZmljYXRlcywgc3VjaCBhcyA4MDIuMUFSIElEZXZJRCBjZXJ0aWZpY2F0ZSwgYXMgdGhl aXIgaW5pdGlhbCBpZGVudGl0eSwgdGhlbiB0aGUgQlJTS0kgbWVjaGFuaXNtIHdvbuKAmXQgYmUg YXBwcm9wcmlhdGUgZm9yIHRoZXNlIGRldmljZXMgYmVjYXVzZSBCUlNLSSBoYXMgYSByZXF1aXJl bWVudCBvZiBJRGV2SUQuDQpJZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBhbiBJRGV2SUQgY2VydGlm aWNhdGUsIEkgdGhpbmsgaXQgY2FuIHN0aWxsIHVzZSBCUlNLSSB0byBvbmJvYXJkLCBidXQgaXQg d29u4oCZdCB1c2UgRVNUIHRvIHJlcXVlc3QgYSBjZXJ0aWZpY2F0ZSBhbnkgbW9yZSwgaW5zdGVh ZCwgaXQgd2lsbCBhcHBseSBmb3IgYSBETlMgZG9tYWluIG5hbWUgYnkgdXNpbmcgc29tZSBwcm90 b2NvbHMuDQoNClRoYXTigJlzIG15IHByZWxpbWluYXJ5IHRob3VnaHRzLCBtYXliZSBub3Qgcmln aHQuDQoNClJlZ2FyZHMgJiBUaGFua3MhDQpXZWkgUGFuDQoNCkZyb206IFNlY2Rpc3BhdGNoIFtt YWlsdG86c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2gtYm91 bmNlc0BpZXRmLm9yZz5dIE9uIEJlaGFsZiBPZiBFbGlvdCBMZWFyDQpTZW50OiBNb25kYXksIE5v dmVtYmVyIDE2LCAyMDIwIDY6NTUgUE0NClRvOiBzZWNkaXNwYXRjaEBpZXRmLm9yZzxtYWlsdG86 c2VjZGlzcGF0Y2hAaWV0Zi5vcmc+DQpTdWJqZWN0OiBbU2VjZGlzcGF0Y2hdIERBTkUgSU9UIHBy b3Bvc2VkIG91dGNvbWUNCg0KVGhhbmtzIHRvIFNodW1vbiBmb3IgcHJlc2VudGluZyB0aGUgREFO RSB1c2UgY2FzZSBmb3IgSU9ULg0KDQpXZSBkaXNjdXNzZWQgdGFraW5nIHRoaXMgdG8gdGhlIGlv dC1vbmJvYXJkaW5nQGlldGYub3JnPG1haWx0bzppb3Qtb25ib2FyZGluZ0BpZXRmLm9yZz4gbGlz dCBhcyB0aGVyZSB3ZXJlIGEgbnVtYmVyIG9mIHJhdGhlciBiaWcgb3BlbiBpc3N1ZXMgdGhhdCBw ZW9wbGUgd2FudGVkIHRvIGRpc2N1c3MuDQoNCldlIGFsc28gZGlzY3Vzc2VkIGEgbm9uLVdHIGZv cm1pbmcgQk9GIHRvIGxvb2sgYXQsIGFzIFRlZCBwdXQgaXQsIHRoZSBicm9hZGVyIGNvbnRleHQg Zm9yIG9uYm9hcmRpbmcuICBUbyBnaXZlIHBlb3BsZSBhIGZlZWwgZm9yIHRoZSBzb3J0IG9mIHJl bGF0ZWQgd29yayB0aGF0IGlzIGF2YWlsYWJsZSwgaGVyZSBhcmUgYSBsaXN0IG9mIHJlbGF0ZWQg YWN0aXZpdGllczoNCg0KDQogICogICBkcmFmdC1pZXRmLWFuaW1hLWJvb3RzdHJhcHBpbmcta2V5 aW5mcmEgKEJSU0tJKSBpcyBhIHJlcXVlc3QvcmVzcG9uc2UgbWVjaGFuaXNtIHRoYXQgdXNlcyBS RkMgODM2NiB2b3VjaGVycyB0byBpbnRyb2R1Y2UgZGV2aWNlcyBhbmQgbmV0d29yayBpbmZyYXN0 cnVjdHVyZS4NCiAgKiAgIEludGVs4oCZcyBTRE8gcHJvdmlkZXMgYW4gYXBwbGljYXRpb24gbGV2 ZWwgaW50cm9kdWN0aW9uIHVzaW5nIHZvdWNoZXJzIGFzIHdlbGwuICBUaGlzIHdvcmsgaGFzIGJl ZW4gdGFrZW4gdXAgYnkgdGhlIEZJRE8gYWxsaWFuY2UuDQogICogICBUaGUgV2lmaSBBbGxpYW5j ZSBoYXMgRGV2aWNlIFByb3Zpc2lvbmluZyBQcm90b2NvbCAoRFBQKSB3aGljaCBkb2VzIG5vdCBh dHRhY2ggdG8gYSBnbG9iYWwgbmFtZSBzcGFjZSBwcmlvciB0byBwcm92aXNpb25pbmcgaGF2aW5n IG9jY3VycmVkLCBidXQgZG9lcyByZXByZXNlbnQgYSBtaW5pbXVtIGNhc2UgKGp1c3QgcHVibGlj IGtleXMpLg0KICAqICAgZHJhZnQtZnJpZWwtZWFwLXRscy1lYXAtZHBwIGJvcnJvd3MgZnJvbSBE UFAsIGludGVuZGVkIG1vc3RseSBmb3Igd2lyZWQgdXNlLCB3aGVyZSBEUFAgaXMgZm9jdXNlZCBv biA4MDIuMTEgbmV0d29ya3MuDQogICogICBUaGVyZSBhcmUgYSBudW1iZXIgb2YgQlJTS0kgcmVs YXRlZCBkcmFmdHMgYnkgT3dlbiBhcyB3ZWxsLCByZWxhdGluZyB0byBjbG91ZC1iYXNlZCByZWdp c3RyYXJzLg0KICAqICAgVGhlcmUgaXMgYWxzbyB3b3JrIGJ5IE1pY2hhZWwgUmljaGFyZHNvbiBh bmQgUGV0ZXIgVmFuIERlciBTdG9jayBvbiBjb25zdHJhaW5lZCB2b3VjaGVycy4gIFRoYXQgd29y ayBpcyB0YWtpbmcgcGxhY2UgaW4gQUNFLg0KDQpVbmRlcnN0YW5kaW5nIHRoZSBsYW5kc2NhcGUg bWlnaHQgaGVscCB1cyB1bmRlcnN0YW5kIHdoZXJlIERBTkUgZml0cyBpbi4NCg0KUmVnYXJkcywN Cg0KRWxpb3QNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQpTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNClNlY2Rpc3BhdGNoQGlldGYub3JnPG1haWx0bzpT ZWNkaXNwYXRjaEBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vc2VjZGlzcGF0Y2gNCg== --_000_eb52017315ba45279dc686dbb610045ehuaweicom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 5a6L5L2TOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KQGZvbnQtZmFjZQ0KCXtm b250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0 O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUg MiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkdhZHVnaTsNCglwYW5v c2UtMToyIDExIDUgMiA0IDIgNCAyIDIgMzt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJc QOWui+S9kyI7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZp bml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXtt YXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0K CWZvbnQtZmFtaWx5OuWui+S9kzt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1z dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp bmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1w cmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQpzcGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglm b250LWZhbWlseToiR2FkdWdpIixzYW5zLXNlcmlmOw0KCWNvbG9yOmJsYWNrO30NCi5Nc29DaHBE ZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxp YnJpIixzYW5zLXNlcmlmO30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzky LjBwdDsNCgltYXJnaW46NzIuMHB0IDkwLjBwdCA3Mi4wcHQgOTAuMHB0O30NCmRpdi5Xb3JkU2Vj dGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxp c3QgbDANCgl7bXNvLWxpc3QtaWQ6MTk3NzYzODQ1NDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6 MzAxNzQ5NTkyO30NCkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7 DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxp c3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2 ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVt YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250 LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCglt c28tbGV2ZWwtdGFiLXN0b3A6MTA4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl ZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0K CWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6MTQ0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl bnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5 bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0 Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTgwLjBwdDsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBs MDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10 ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjE2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNp emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6MjUyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7 DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZv bnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJv bDt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K CW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzI0LjBwdDsNCgltc28t bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28t YW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpvbA0KCXttYXJn aW4tYm90dG9tOjBjbTt9DQp1bA0KCXttYXJnaW4tYm90dG9tOjBjbTt9DQotLT48L3N0eWxlPjwh LS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3Bp ZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1s Pg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRh dGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8 Ym9keSBsYW5nPSJaSC1DTiIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNz PSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5IaSBTaHVtb24sPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJs YWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPlRoYW5rcy48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMt c2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+SSB3 YXMgbm90IHNvIGNsZWFyIGFib3V0IGhvdyB0byB1c2UgREFORSBiZWZvcmUsIG1vc3RseSBub3Qg Y2xlYXIgYWJvdXQgaG93IHRvIGJpbmQgdGhlIGRldmljZeKAmXMgaWRlbnRpdHkgdG8gdGhlIERO UyBkb21haW4gbmFtZSBzZWN1cmVseSBhbmQgYXV0b21hdGljYWxseS48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7 Y29sb3I6YmxhY2siPkFmdGVyIEVsaW904oCZcyBleHBsYW5hdGlvbiwgSSB1bmRlcnN0YW5kIHRo ZXJlIGFyZSB0d28gcGFydHM6IHRoZSBkZXZpY2Ugb25ib2FyZGluZyBwYXJ0IGFuZCB0aGUgRE5T IGRvbWFpbiBuYW1lIHByb3Zpc2lvbmluZyBwYXJ0LiBBbmQgdGhlc2UgdHdvIHBhcnRzDQogY2Fu IGJlIGludGVncmF0ZWQsIGZvciBleGFtcGxlLCB3aGVuIHVzaW5nIEJSU0tJLCB0aGUgYWxsb2Nh dGVkIEROUyBkb21haW4gbmFtZSBjYW4gYmUgYm91bmQgdG8gdGhlIExEZXZJRC48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMt c2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjMuNnB0O2xpbmUtaGVpZ2h0OjExMCUi PjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtsaW5lLWhlaWdodDox MTAlO2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNr Ij5SZWdhcmRzICZhbXA7IFRoYW5rcyE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbTozLjZwdDtsaW5lLWhlaWdodDoxMTAlIj48 c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7bGluZS1oZWlnaHQ6MTEw JTtmb250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+ V2VpIFBhbjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtH YWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZiI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPiBTaHVt b24gSHVxdWUgW21haWx0bzpzaHVxdWVAZ21haWwuY29tXQ0KPGJyPg0KPGI+U2VudDo8L2I+IE1v bmRheSwgTm92ZW1iZXIgMTYsIDIwMjAgMTE6MTkgUE08YnI+DQo8Yj5Ubzo8L2I+IFBhbndlaSAo V2lsbGlhbSkgJmx0O3dpbGxpYW0ucGFud2VpQGh1YXdlaS5jb20mZ3Q7PGJyPg0KPGI+Q2M6PC9i PiBFbGlvdCBMZWFyICZsdDtsZWFyPTQwY2lzY28uY29tQGRtYXJjLmlldGYub3JnJmd0OzsgaW90 LW9uYm9hcmRpbmdAaWV0Zi5vcmc7IHNlY2Rpc3BhdGNoQGlldGYub3JnPGJyPg0KPGI+U3ViamVj dDo8L2I+IFJlOiBbU2VjZGlzcGF0Y2hdIERBTkUgSU9UIHByb3Bvc2VkIG91dGNvbWU8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+SGkgV2VpIFBhbiw8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1V UyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkknbGwgYXNrIEFzaCAod2hvIGlzIG1vcmUg cGx1Z2dlZCBpbnRvIHRoZSBJT1QgZWNvc3lzdGVtIHRoYW4gSSBhbSkgdG8gY29uZmlybSAuLiBi dXQgeWVzLCBvdXIgdXNlIGNhc2UgZXhwZWN0cyBkZXZpY2VzIHRvIGhhdmUgSURldklEIG9yIHNv bWUgb3RoZXIgcHJlY29uZmlndXJlZCB1bmlxdWUgdmFsdWUsIHNvIGl0IHNob3VsZCBiZSBwb3Nz aWJsZSB0byB3b3JrIHdpdGggQlJTS0kuDQogRm9yIHRoZSBETlMgcmVjb3JkIGZvcm1hdCBuYW1p bmcsIHdlIHdlcmUgaW5pdGlhbGx5IGxvb2tpbmcgYXQgdGhlIGZvcm1hdHMgZGVmaW5lZCBpbiBk cmFmdC1mcmllbC1wa2ktZm9yLWRldmljZXMsIHNwZWNpZmljYWxseSB0aGUgTERldklEIG9yZ2Fu aXphdGlvbiBtYW5hZ2VkIGZvcm0sIGJ1dCBoYXZlIGEgc2xpZ2h0bHkgc2ltcGxlciBmb3JtIGN1 cnJlbnRseSBzcGVjaWZpZWQgaW4gdGhlIGRyYWZ0LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+U2h1bW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gbGFuZz0iRU4tVVMiPk9uIE1vbiwgTm92IDE2LCAyMDIwIGF0IDc6MDIgQU0gUGFud2VpIChX aWxsaWFtKSAmbHQ7PGEgaHJlZj0ibWFpbHRvOndpbGxpYW0ucGFud2VpQGh1YXdlaS5jb20iPndp bGxpYW0ucGFud2VpQGh1YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpz b2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6 NC44cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5UaGFua3MgdG8g RWxpb3QgZm9yIHN1bW1hcml6aW5nIHRoZXNlLjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJF Ti1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1 b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPiZuYnNwOzwvc3Bhbj48c3BhbiBsYW5nPSJFTi1V UyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs YW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2Fk dWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkkgdGhpbmsgdGhlIGNvcmUgY29uY2Vw dCBvZiB1c2luZyBEQU5FIGluIElvVCBzY2VuYXJpbyBpcyB0byBnZXQgcmlkIG9mIGNlcnRpZmlj YXRlcyBhbmQNCiBQS0lYLiBUaGUgc29sdXRpb24gb2YgaG93IHRvIHNlY3VyZWx5IG9uYm9hcmQg dGhlIElvVCBkZXZpY2VzIGFuZCBhbGxvY2F0ZSB0aGUgRE5TIGRvbWFpbiBuYW1lLCBib3RoIHdp dGggYW5kIHdpdGhvdXQgaW5pdGlhbCBjZXJ0aWZpY2F0ZXMsIGlzIHRoZSBrZXkgcGFydCB0byBm aWd1cmUgb3V0Ljwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29s b3I6YmxhY2siPklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIG5vIGluaXRpYWwgY2VydGlmaWNhdGVz LCBzdWNoIGFzIDgwMi4xQVIgSURldklEIGNlcnRpZmljYXRlLCBhcyB0aGVpcg0KIGluaXRpYWwg aWRlbnRpdHksIHRoZW4gdGhlIEJSU0tJIG1lY2hhbmlzbSB3b27igJl0IGJlIGFwcHJvcHJpYXRl IGZvciB0aGVzZSBkZXZpY2VzIGJlY2F1c2UgQlJTS0kgaGFzIGEgcmVxdWlyZW1lbnQgb2YgSURl dklELjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6Ymxh Y2siPklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIGFuIElEZXZJRCBjZXJ0aWZpY2F0ZSwgSSB0aGlu ayBpdCBjYW4gc3RpbGwgdXNlIEJSU0tJIHRvIG9uYm9hcmQsDQogYnV0IGl0IHdvbuKAmXQgdXNl IEVTVCB0byByZXF1ZXN0IGEgY2VydGlmaWNhdGUgYW55IG1vcmUsIGluc3RlYWQsIGl0IHdpbGwg YXBwbHkgZm9yIGEgRE5TIGRvbWFpbiBuYW1lIGJ5IHVzaW5nIHNvbWUgcHJvdG9jb2xzLjwvc3Bh bj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPiZuYnNw Ozwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2si PlRoYXTigJlzIG15IHByZWxpbWluYXJ5IHRob3VnaHRzLCBtYXliZSBub3QgcmlnaHQuPC9zcGFu PjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+Jm5ic3A7 PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvO2xpbmUtaGVpZ2h0OjExMCUiPg0KPHNwYW4gbGFuZz0iRU4t VVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2xpbmUtaGVpZ2h0OjExMCU7Zm9udC1mYW1pbHk6 JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPlJlZ2FyZHMgJmFtcDsg VGhhbmtzITwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvO2xpbmUtaGVpZ2h0OjExMCUiPg0KPHNwYW4gbGFuZz0iRU4t VVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2xpbmUtaGVpZ2h0OjExMCU7Zm9udC1mYW1pbHk6 JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPldlaSBQYW48L3NwYW4+ PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2si PiZuYnNwOzwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgd2luZG93dGV4dCAxLjVw dDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0O2JvcmRlci1jb2xvcjpjdXJyZW50Y29sb3IgY3Vy cmVudGNvbG9yIGN1cnJlbnRjb2xvciBibHVlIj4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6 bm9uZTtib3JkZXItdG9wOnNvbGlkIHdpbmRvd3RleHQgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20g MGNtIDBjbTtib3JkZXItY29sb3I6Y3VycmVudGNvbG9yIGN1cnJlbnRjb2xvciI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjxiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPkZyb206PC9z cGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj4gU2VjZGlzcGF0Y2gNCiBbbWFp bHRvOjxhIGhyZWY9Im1haWx0bzpzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnIiB0YXJnZXQ9 Il9ibGFuayI+c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZzwvYT5dDQo8Yj5PbiBCZWhhbGYg T2YgPC9iPkVsaW90IExlYXI8YnI+DQo8Yj5TZW50OjwvYj4gTW9uZGF5LCBOb3ZlbWJlciAxNiwg MjAyMCA2OjU1IFBNPGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2hA aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXNwYXRjaEBpZXRmLm9yZzwvYT48YnI+DQo8 Yj5TdWJqZWN0OjwvYj4gW1NlY2Rpc3BhdGNoXSBEQU5FIElPVCBwcm9wb3NlZCBvdXRjb21lPC9z cGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86 cD48L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIGxhbmc9IkVOLVVTIj5UaGFua3MgdG8mbmJzcDtTaHVtb24gZm9yIHByZXNlbnRpbmcg dGhlIERBTkUgdXNlIGNhc2UgZm9yIElPVC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3Bh biBsYW5nPSJFTi1VUyI+V2UgZGlzY3Vzc2VkIHRha2luZyB0aGlzIHRvIHRoZQ0KPGEgaHJlZj0i bWFpbHRvOmlvdC1vbmJvYXJkaW5nQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aW90LW9uYm9h cmRpbmdAaWV0Zi5vcmc8L2E+IGxpc3QgYXMgdGhlcmUgd2VyZSBhIG51bWJlciBvZiByYXRoZXIg YmlnIG9wZW4gaXNzdWVzIHRoYXQgcGVvcGxlIHdhbnRlZCB0byBkaXNjdXNzLjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPldlIGFsc28gZGlzY3Vz c2VkIGEgbm9uLVdHIGZvcm1pbmcgQk9GIHRvIGxvb2sgYXQsIGFzIFRlZCBwdXQgaXQsIHRoZSBi cm9hZGVyIGNvbnRleHQgZm9yIG9uYm9hcmRpbmcuJm5ic3A7IFRvIGdpdmUgcGVvcGxlIGEgZmVl bCBmb3IgdGhlIHNvcnQgb2YgcmVsYXRlZCB3b3JrIHRoYXQNCiBpcyBhdmFpbGFibGUsIGhlcmUg YXJlIGEgbGlzdCBvZiByZWxhdGVkIGFjdGl2aXRpZXM6PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHVsIHR5cGU9ImRp c2MiPg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+DQo8 c3BhbiBsYW5nPSJFTi1VUyI+ZHJhZnQtaWV0Zi1hbmltYS1ib290c3RyYXBwaW5nLWtleWluZnJh IChCUlNLSSkgaXMgYSByZXF1ZXN0L3Jlc3BvbnNlIG1lY2hhbmlzbSB0aGF0IHVzZXMgUkZDIDgz NjYgdm91Y2hlcnMgdG8gaW50cm9kdWNlIGRldmljZXMgYW5kIG5ldHdvcmsgaW5mcmFzdHJ1Y3R1 cmUuPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0 OmwwIGxldmVsMSBsZm8xIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5JbnRlbDwvc3Bhbj7igJk8c3Bh biBsYW5nPSJFTi1VUyI+cyBTRE8gcHJvdmlkZXMgYW4gYXBwbGljYXRpb24gbGV2ZWwgaW50cm9k dWN0aW9uIHVzaW5nIHZvdWNoZXJzIGFzIHdlbGwuJm5ic3A7IFRoaXMgd29yayBoYXMgYmVlbiB0 YWtlbiB1cCBieSB0aGUgRklETyBhbGxpYW5jZS48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG87bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPHNwYW4gbGFuZz0i RU4tVVMiPlRoZSBXaWZpIEFsbGlhbmNlIGhhcyBEZXZpY2UgUHJvdmlzaW9uaW5nIFByb3RvY29s IChEUFApIHdoaWNoIGRvZXMgbm90IGF0dGFjaCB0byBhIGdsb2JhbCBuYW1lIHNwYWNlIHByaW9y IHRvIHByb3Zpc2lvbmluZyBoYXZpbmcgb2NjdXJyZWQsIGJ1dCBkb2VzIHJlcHJlc2VudCBhIG1p bmltdW0gY2FzZSAoanVzdCBwdWJsaWMga2V5cykuPG86cD48L286cD48L3NwYW4+PC9saT48bGkg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCjxzcGFuIGxhbmc9 IkVOLVVTIj5kcmFmdC1mcmllbC1lYXAtdGxzLWVhcC1kcHAgYm9ycm93cyBmcm9tIERQUCwgaW50 ZW5kZWQgbW9zdGx5IGZvciB3aXJlZCB1c2UsIHdoZXJlIERQUCBpcyBmb2N1c2VkIG9uIDgwMi4x MSBuZXR3b3Jrcy48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87 bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPHNwYW4gbGFuZz0iRU4tVVMiPlRoZXJlIGFyZSBh IG51bWJlciBvZiBCUlNLSSByZWxhdGVkIGRyYWZ0cyBieSBPd2VuIGFzIHdlbGwsIHJlbGF0aW5n IHRvIGNsb3VkLWJhc2VkIHJlZ2lzdHJhcnMuPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCjxzcGFuIGxhbmc9IkVO LVVTIj5UaGVyZSBpcyBhbHNvIHdvcmsgYnkgTWljaGFlbCBSaWNoYXJkc29uIGFuZCBQZXRlciBW YW4gRGVyIFN0b2NrIG9uIGNvbnN0cmFpbmVkIHZvdWNoZXJzLiZuYnNwOyBUaGF0IHdvcmsgaXMg dGFraW5nIHBsYWNlIGluIEFDRS48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286 cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5VbmRlcnN0YW5kaW5nIHRoZSBsYW5kc2NhcGUgbWlnaHQg aGVscCB1cyB1bmRlcnN0YW5kIHdoZXJlIERBTkUgZml0cyBpbi48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVO LVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5SZWdhcmRzLDxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPkVsaW90PG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPl9fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KU2VjZGlzcGF0Y2ggbWFpbGlu ZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOlNlY2Rpc3BhdGNoQGlldGYub3JnIiB0YXJnZXQ9 Il9ibGFuayI+U2VjZGlzcGF0Y2hAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaCIgdGFyZ2V0PSJfYmxhbmsi Pmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2g8L2E+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_eb52017315ba45279dc686dbb610045ehuaweicom_-- From nobody Mon Nov 16 11:13:35 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92CDD3A07C3 for ; Mon, 16 Nov 2020 11:13:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5Rf7r8_EEEU for ; Mon, 16 Nov 2020 11:13:18 -0800 (PST) Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F16203A0779 for ; Mon, 16 Nov 2020 11:13:17 -0800 (PST) Received: by mail-qk1-x730.google.com with SMTP id o66so4535363qkd.4 for ; Mon, 16 Nov 2020 11:13:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CorexOEcIr2fXlzw20mviJuoOSTgQQk3UtascQwv1wQ=; b=fbJ12J/8YKLBsw6JBH9nWGL4Eh0xBPPDgml4GoOI06j0wmfsMmfah8JO35YLvV3ooh vbD2sU6RJfE/DTwwOiM2BOcgi7gpKQE6NyRwVyft62Wl7jE5kN3mbwY8HGacBJCe+Pty utDSE2Ysxbtmymrq4suepqGM708OLgRhV/u1Y43D8c4yb6P8ZB8Mg7wYXBAX/SfY0Bei kYZsrq5/KIKkrOYXCMWXRsExycw0tfl27k3Mz7EZeeAJC6L/m4H6cmcaUbpsF7kKWVSr 9AhkW/WfgGPr6H0ybwq4bJ4jWzn6koOdl4uimckMC6h1WshdO6nwjrSqeHqvMzEYyHp/ RUWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CorexOEcIr2fXlzw20mviJuoOSTgQQk3UtascQwv1wQ=; b=OWzv6Z7xCcs9och5roOUUavdfuMzFS33G+J773FKb1Su+dFIMYFFlpXeC4H6FqsD0p M1ARPSifT0k77gjK0kS4Wju2Lpb9MAEdxQlu+zMgY61UqMkca9jXCRaY4nX0grDOmD7P UEGKvt1eHN2iBU8e/1ZRqQqlid9frdhsPr1TAmH6ERbUpidxyBa7aPA3D0dbpaMocOpu +lXWFTruZojLXJ5w/kPRxzvhZmLfRZRVM/GHRZjgq9TT9CAZ90RlGtc0aZHPd208faS7 SDvMKS1lC7YNNErnSuvGugAPI6IwUMeHEtZpkN8VvecA3CY4lZB7W+JLB6Y9oJ03hKTa iT/Q== X-Gm-Message-State: AOAM5337PWiNluzIJUyWIxVwxVpewBvJ5yGKNv5KzROBWNo7vG1xS/NO K6EboRorU9a4ix6CEQXyudv0hP0JY5Yz/OGK4tMQ8Q== X-Google-Smtp-Source: ABdhPJxhd81ucp+Q5Feq9wncO8xH5brPwBTlAyPdmWuntt0XG9eEcDgNup2wUOkY9V5BPt74XOmqfMfo82+PlJlWi0E= X-Received: by 2002:a37:6554:: with SMTP id z81mr15606606qkb.423.1605553996624; Mon, 16 Nov 2020 11:13:16 -0800 (PST) MIME-Version: 1.0 References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: From: Ash Wilson Date: Mon, 16 Nov 2020 11:13:05 -0800 Message-ID: To: Shumon Huque Cc: "Panwei (William)" , "iot-onboarding@ietf.org" , "secdispatch@ietf.org" , Eliot Lear Content-Type: multipart/alternative; boundary="000000000000a3094305b43e2b0d" Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2020 19:13:21 -0000 --000000000000a3094305b43e2b0d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Wei Pan, The process of bootstrapping the device's identity is outside the scope of our drafts, but I completely agree that getting the bootstrapping process right is important. We think that using DANE like this doesn't conflict with other bootstrapping processes; it just adds a DNS-discoverable public key to the identity of the device when it is provisioned. One of the processes we are seeking to simplify is that of establishing trust directly between devices in the field, both of which may have only a keypair, and not the benefit of PKI that chains to a publicly trusted CA. Supporting x.509 certificates is in the interest of providing broad protocol compatibility (including the support of other adjacent standards like MUD: https://tools.ietf.org/id/draft-ietf-opsawg-mud-22.html#mudx509). By using TLSA for client auth, we allow devices with only a raw public key in DNS, as well as devices with metadata-rich x.509 certificates, to mutually authenticate without requiring the distribution of CA certificates, just based on knowledge of the communicating peer's DNS name. SIM/UICC identity providers may provision public keys in DNS, and leave a record of the device's DNS name in the SIM card (likely to be found in the certificate). This gives the device that receives the SIM card the ability to do all the things that the PKI ecosystem supports now, with the additional benefit of being able to mutually authenticate without the other side of the handshake needing to possess and trust the CA certificate used to sign the certificate that ships with the SIM card. Naming collisions are prevented by binding the public key to the DNS name- only the possessor of the private key corresponding to the TLSA record is the 'real' identity holder. In a similar fashion, device manufacturers may provision a DANE identity for devices before they ship. These device identities may reside in a DNS zone under the manufacturer's control, or the implementer may present the device certificates in a DNS zone under the implementer's control. This allows the identity to more naturally indicate the party responsible for the device's behavior, and can make the mitigation of some types of network abuse a little more straightforward. On Mon, Nov 16, 2020 at 8:04 AM Shumon Huque wrote: > Hi Wei Pan, > > I'll ask Ash (who is more plugged into the IOT ecosystem than I am) to > confirm .. but yes, our use case expects devices to have IDevID or some > other preconfigured unique value, so it should be possible to work with > BRSKI. For the DNS record format naming, we were initially looking at the > formats defined in draft-friel-pki-for-devices, specifically the LDevID > organization managed form, but have a slightly simpler form currently > specified in the draft. > > Shumon. > > On Mon, Nov 16, 2020 at 7:02 AM Panwei (William) < > william.panwei@huawei.com> wrote: > >> Thanks to Eliot for summarizing these. >> >> >> >> I think the core concept of using DANE in IoT scenario is to get rid of >> certificates and PKIX. The solution of how to securely onboard the IoT >> devices and allocate the DNS domain name, both with and without initial >> certificates, is the key part to figure out. >> >> If the IoT devices have no initial certificates, such as 802.1AR IDevID >> certificate, as their initial identity, then the BRSKI mechanism won=E2= =80=99t be >> appropriate for these devices because BRSKI has a requirement of IDevID. >> >> If the IoT devices have an IDevID certificate, I think it can still use >> BRSKI to onboard, but it won=E2=80=99t use EST to request a certificate = any more, >> instead, it will apply for a DNS domain name by using some protocols. >> >> >> >> That=E2=80=99s my preliminary thoughts, maybe not right. >> >> >> >> Regards & Thanks! >> >> Wei Pan >> >> >> >> *From:* Secdispatch [mailto:secdispatch-bounces@ietf.org] *On Behalf Of = *Eliot >> Lear >> *Sent:* Monday, November 16, 2020 6:55 PM >> *To:* secdispatch@ietf.org >> *Subject:* [Secdispatch] DANE IOT proposed outcome >> >> >> >> Thanks to Shumon for presenting the DANE use case for IOT. >> >> >> >> We discussed taking this to the iot-onboarding@ietf.org list as there >> were a number of rather big open issues that people wanted to discuss. >> >> >> >> We also discussed a non-WG forming BOF to look at, as Ted put it, the >> broader context for onboarding. To give people a feel for the sort of >> related work that is available, here are a list of related activities: >> >> >> >> - draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a >> request/response mechanism that uses RFC 8366 vouchers to introduce d= evices >> and network infrastructure. >> - Intel=E2=80=99s SDO provides an application level introduction usin= g >> vouchers as well. This work has been taken up by the FIDO alliance. >> - The Wifi Alliance has Device Provisioning Protocol (DPP) which does >> not attach to a global name space prior to provisioning having occurr= ed, >> but does represent a minimum case (just public keys). >> - draft-friel-eap-tls-eap-dpp borrows from DPP, intended mostly for >> wired use, where DPP is focused on 802.11 networks. >> - There are a number of BRSKI related drafts by Owen as well, >> relating to cloud-based registrars. >> - There is also work by Michael Richardson and Peter Van Der Stock on >> constrained vouchers. That work is taking place in ACE. >> >> >> >> Understanding the landscape might help us understand where DANE fits in. >> >> >> >> Regards, >> >> >> >> Eliot >> _______________________________________________ >> Secdispatch mailing list >> Secdispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/secdispatch >> > -- > Iot-onboarding mailing list > Iot-onboarding@ietf.org > https://www.ietf.org/mailman/listinfo/iot-onboarding > --=20 *Ash Wilson* | Technical Director *e:* ash.wilson@valimail.com This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. --000000000000a3094305b43e2b0d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Wei Pan,
The process of bootstrapping the device= 9;s identity is outside the scope of our drafts, but I completely agree tha= t getting the bootstrapping process right is important. We think that using= DANE like this doesn't conflict with other bootstrapping processes; it= just adds a DNS-discoverable public key to the identity of the device when= it is provisioned.

One of the processes we are se= eking to simplify is that of=C2=A0establishing trust directly between devic= es in the field, both of which may have only a=C2=A0keypair,=C2=A0and not t= he benefit of PKI that chains to a publicly trusted=C2=A0CA. Supporting x.5= 09 certificates is in the interest of providing broad protocol compatibilit= y (including the support of other adjacent standards like MUD: https://too= ls.ietf.org/id/draft-ietf-opsawg-mud-22.html#mudx509). By using TLSA fo= r client auth, we allow devices with only a raw public key in DNS, as well = as devices with metadata-rich x.509 certificates, to mutually authenticate = without requiring the distribution of CA certificates, just based on knowle= dge of the communicating peer's DNS name.

SIM/= UICC identity providers may provision public keys in DNS, and leave a recor= d of the device's DNS name in the SIM card (likely to be found in the c= ertificate). This gives the device that receives the SIM card the ability t= o do all the things that the PKI ecosystem supports now, with the additiona= l benefit of being able to mutually authenticate without the other side of = the handshake needing to possess and trust the CA certificate used to sign = the certificate that ships with the SIM card. Naming collisions are prevent= ed by binding the public key to the DNS name- only the possessor of the pri= vate key corresponding to the TLSA record is the 'real' identity ho= lder.

In a similar fashion, device manufacturers m= ay provision a DANE identity for devices before they ship. These device ide= ntities may reside in a DNS zone under the manufacturer's control, or t= he implementer may present the device certificates in a DNS zone under the = implementer's control. This allows the identity to more naturally indic= ate the party responsible for the device's behavior, and can make the m= itigation of some types of network abuse a little more straightforward.


On Mon, Nov 16, 2020 at 8:04 AM Shumon Huque <shuque@gmail.com> wrote:
Hi Wei P= an,

I'll ask Ash (who is more plugged into the= IOT ecosystem than I am) to confirm .. but yes, our use case expects devic= es to have IDevID or some other preconfigured unique value, so it should be= possible to work with BRSKI. For the DNS record format naming, we were ini= tially looking at the formats defined in draft-friel-pki-for-devices, speci= fically the LDevID organization managed form, but have a slightly simpler f= orm currently specified in the draft.

Shumon.
<= /div>
O= n Mon, Nov 16, 2020 at 7:02 AM Panwei (William) <william.panwei@huawei.com> w= rote:

Thanks to Eliot for summarizing these.<= u>

=C2=A0

I think the core concept of using DANE = in IoT scenario is to get rid of certificates and PKIX. The solution of how= to securely onboard the IoT devices and allocate the DNS domain name, both with and without initial certificat= es, is the key part to figure out.

If the IoT devices have no initial cert= ificates, such as 802.1AR IDevID certificate, as their initial identity, th= en the BRSKI mechanism won=E2=80=99t be appropriate for these devices because BRSKI has a requirement of IDevID.=

If the IoT devices have an IDevID certi= ficate, I think it can still use BRSKI to onboard, but it won=E2=80=99t use= EST to request a certificate any more, instead, it will apply for a DNS domain name by using some protocols.=

=C2=A0

That=E2=80=99s my preliminary thoughts,= maybe not right.

=C2=A0

Regards & Thanks!

Wei Pan

=C2=A0

From: Secdispatch [mailto:secdispatch-boun= ces@ietf.org] On Behalf Of Eliot Lear
Sent: Monday, November 16, 2020 6:55 PM
To: secdis= patch@ietf.org
Subject: [Secdispatch] DANE IOT proposed outcome

=C2=A0

Thanks to=C2=A0Shumon for prese= nting the DANE use case for IOT.

=C2=A0

We discussed taking this to the= iot-onboarding@ietf.org list as there were a number of rather big open = issues that people wanted to discuss.

=C2=A0

We also discussed a non-WG form= ing BOF to look at, as Ted put it, the broader context for onboarding.=C2= =A0 To give people a feel for the sort of related work that is available, h= ere are a list of related activities:

=C2=A0

  • draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a r= equest/response mechanism that uses RFC 8366 vouchers to introduce devices = and network infrastructure.
  • Intel=E2=80=99s SDO provides an application level intr= oduction using vouchers as well.=C2=A0 This work has been taken up by the F= IDO alliance.
  • The Wifi Alliance has Device Provisioning Protocol (DP= P) which does not attach to a global name space prior to provisioning havin= g occurred, but does represent a minimum case (just public keys).=
  • draft-friel-eap-tls-eap-dpp borrows from DPP, intended= mostly for wired use, where DPP is focused on 802.11 networks.
  • There are a number of BRSKI related drafts by Owen as = well, relating to cloud-based registrars.
  • There is also work by Michael Richardson and Peter Van= Der Stock on constrained vouchers.=C2=A0 That work is taking place in ACE.=

=C2=A0

Understanding the landscape mig= ht help us understand where DANE fits in.

=C2=A0

Regards,

=C2=A0

Eliot

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--
Iot-onboarding mailing list
Iot-onboarding= @ietf.org
https://www.ietf.org/mailman/listinfo/iot-onboar= ding


--

Ash Wilson | Technical Dire= ctor


=

This email and all d= ata transmitted with it contains confidential and/or proprietary informatio= n intended solely for the use of individual(s) authorized to receive it. If= you are not an intended and authorized recipient you are hereby notified o= f any use, disclosure, copying or distribution of the information included = in this transmission is prohibited and may be unlawful. Please immediately = notify the sender by replying to this email and then delete it from your sy= stem.

--000000000000a3094305b43e2b0d-- From nobody Mon Nov 16 17:55:03 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F20243A182D; Mon, 16 Nov 2020 17:55:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jB_J1lf2kkCZ; Mon, 16 Nov 2020 17:54:59 -0800 (PST) Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0299B3A1868; Mon, 16 Nov 2020 17:54:59 -0800 (PST) Received: from fraeml712-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4CZpqn4rZpz67DjB; Tue, 17 Nov 2020 09:53:09 +0800 (CST) Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by fraeml712-chm.china.huawei.com (10.206.15.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Tue, 17 Nov 2020 02:54:56 +0100 Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml705-chm.china.huawei.com (10.98.57.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Tue, 17 Nov 2020 09:54:54 +0800 Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Tue, 17 Nov 2020 09:54:54 +0800 From: "Panwei (William)" To: Ash Wilson , Shumon Huque CC: "iot-onboarding@ietf.org" , "secdispatch@ietf.org" , Eliot Lear Thread-Topic: [Iot-onboarding] [Secdispatch] DANE IOT proposed outcome Thread-Index: AQHWvAcDj5ATxnClv0CbH9AVFrI7YanKopzg//+284CAAEFMgIAA9RJw Date: Tue, 17 Nov 2020 01:54:54 +0000 Message-ID: References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.136.99.125] Content-Type: multipart/related; boundary="_004_b9bded62178e44f8a57c850d0102259ehuaweicom_"; type="multipart/alternative" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2020 01:55:02 -0000 --_004_b9bded62178e44f8a57c850d0102259ehuaweicom_ Content-Type: multipart/alternative; boundary="_000_b9bded62178e44f8a57c850d0102259ehuaweicom_" --_000_b9bded62178e44f8a57c850d0102259ehuaweicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgQXNoLA0KDQpUaGFua3MgZm9yIHlvdXIgY2xhcmlmeWluZy4gSXTigJlzIGNsZWFyIHRvIG1l IG5vdy4gVXNpbmcgREFORSBkb2VzbuKAmXQgY29uZmxpY3Qgd2l0aCBvdGhlciBleGlzdGluZyBi b290c3RyYXBwaW5nIHByb2Nlc3NlcywgYnV0IEkgZmVlbCBzb21lIGV4dGVuc2lvbnMgbWF5IGJl IG5lZWRlZCB0byBpbnRlZ3JhdGUuDQoNClJlZ2FyZHMgJiBUaGFua3MhDQpXZWkgUGFuDQoNCkZy b206IEFzaCBXaWxzb24gW21haWx0bzphc2gud2lsc29uQHZhbGltYWlsLmNvbV0NClNlbnQ6IFR1 ZXNkYXksIE5vdmVtYmVyIDE3LCAyMDIwIDM6MTMgQU0NClRvOiBTaHVtb24gSHVxdWUgPHNodXF1 ZUBnbWFpbC5jb20+DQpDYzogUGFud2VpIChXaWxsaWFtKSA8d2lsbGlhbS5wYW53ZWlAaHVhd2Vp LmNvbT47IGlvdC1vbmJvYXJkaW5nQGlldGYub3JnOyBzZWNkaXNwYXRjaEBpZXRmLm9yZzsgRWxp b3QgTGVhciA8bGVhcj00MGNpc2NvLmNvbUBkbWFyYy5pZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBb SW90LW9uYm9hcmRpbmddIFtTZWNkaXNwYXRjaF0gREFORSBJT1QgcHJvcG9zZWQgb3V0Y29tZQ0K DQpIaSBXZWkgUGFuLA0KVGhlIHByb2Nlc3Mgb2YgYm9vdHN0cmFwcGluZyB0aGUgZGV2aWNlJ3Mg aWRlbnRpdHkgaXMgb3V0c2lkZSB0aGUgc2NvcGUgb2Ygb3VyIGRyYWZ0cywgYnV0IEkgY29tcGxl dGVseSBhZ3JlZSB0aGF0IGdldHRpbmcgdGhlIGJvb3RzdHJhcHBpbmcgcHJvY2VzcyByaWdodCBp cyBpbXBvcnRhbnQuIFdlIHRoaW5rIHRoYXQgdXNpbmcgREFORSBsaWtlIHRoaXMgZG9lc24ndCBj b25mbGljdCB3aXRoIG90aGVyIGJvb3RzdHJhcHBpbmcgcHJvY2Vzc2VzOyBpdCBqdXN0IGFkZHMg YSBETlMtZGlzY292ZXJhYmxlIHB1YmxpYyBrZXkgdG8gdGhlIGlkZW50aXR5IG9mIHRoZSBkZXZp Y2Ugd2hlbiBpdCBpcyBwcm92aXNpb25lZC4NCg0KT25lIG9mIHRoZSBwcm9jZXNzZXMgd2UgYXJl IHNlZWtpbmcgdG8gc2ltcGxpZnkgaXMgdGhhdCBvZiBlc3RhYmxpc2hpbmcgdHJ1c3QgZGlyZWN0 bHkgYmV0d2VlbiBkZXZpY2VzIGluIHRoZSBmaWVsZCwgYm90aCBvZiB3aGljaCBtYXkgaGF2ZSBv bmx5IGEga2V5cGFpciwgYW5kIG5vdCB0aGUgYmVuZWZpdCBvZiBQS0kgdGhhdCBjaGFpbnMgdG8g YSBwdWJsaWNseSB0cnVzdGVkIENBLiBTdXBwb3J0aW5nIHguNTA5IGNlcnRpZmljYXRlcyBpcyBp biB0aGUgaW50ZXJlc3Qgb2YgcHJvdmlkaW5nIGJyb2FkIHByb3RvY29sIGNvbXBhdGliaWxpdHkg KGluY2x1ZGluZyB0aGUgc3VwcG9ydCBvZiBvdGhlciBhZGphY2VudCBzdGFuZGFyZHMgbGlrZSBN VUQ6IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaWQvZHJhZnQtaWV0Zi1vcHNhd2ctbXVkLTIyLmh0 bWwjbXVkeDUwOSkuIEJ5IHVzaW5nIFRMU0EgZm9yIGNsaWVudCBhdXRoLCB3ZSBhbGxvdyBkZXZp Y2VzIHdpdGggb25seSBhIHJhdyBwdWJsaWMga2V5IGluIEROUywgYXMgd2VsbCBhcyBkZXZpY2Vz IHdpdGggbWV0YWRhdGEtcmljaCB4LjUwOSBjZXJ0aWZpY2F0ZXMsIHRvIG11dHVhbGx5IGF1dGhl bnRpY2F0ZSB3aXRob3V0IHJlcXVpcmluZyB0aGUgZGlzdHJpYnV0aW9uIG9mIENBIGNlcnRpZmlj YXRlcywganVzdCBiYXNlZCBvbiBrbm93bGVkZ2Ugb2YgdGhlIGNvbW11bmljYXRpbmcgcGVlcidz IEROUyBuYW1lLg0KDQpTSU0vVUlDQyBpZGVudGl0eSBwcm92aWRlcnMgbWF5IHByb3Zpc2lvbiBw dWJsaWMga2V5cyBpbiBETlMsIGFuZCBsZWF2ZSBhIHJlY29yZCBvZiB0aGUgZGV2aWNlJ3MgRE5T IG5hbWUgaW4gdGhlIFNJTSBjYXJkIChsaWtlbHkgdG8gYmUgZm91bmQgaW4gdGhlIGNlcnRpZmlj YXRlKS4gVGhpcyBnaXZlcyB0aGUgZGV2aWNlIHRoYXQgcmVjZWl2ZXMgdGhlIFNJTSBjYXJkIHRo ZSBhYmlsaXR5IHRvIGRvIGFsbCB0aGUgdGhpbmdzIHRoYXQgdGhlIFBLSSBlY29zeXN0ZW0gc3Vw cG9ydHMgbm93LCB3aXRoIHRoZSBhZGRpdGlvbmFsIGJlbmVmaXQgb2YgYmVpbmcgYWJsZSB0byBt dXR1YWxseSBhdXRoZW50aWNhdGUgd2l0aG91dCB0aGUgb3RoZXIgc2lkZSBvZiB0aGUgaGFuZHNo YWtlIG5lZWRpbmcgdG8gcG9zc2VzcyBhbmQgdHJ1c3QgdGhlIENBIGNlcnRpZmljYXRlIHVzZWQg dG8gc2lnbiB0aGUgY2VydGlmaWNhdGUgdGhhdCBzaGlwcyB3aXRoIHRoZSBTSU0gY2FyZC4gTmFt aW5nIGNvbGxpc2lvbnMgYXJlIHByZXZlbnRlZCBieSBiaW5kaW5nIHRoZSBwdWJsaWMga2V5IHRv IHRoZSBETlMgbmFtZS0gb25seSB0aGUgcG9zc2Vzc29yIG9mIHRoZSBwcml2YXRlIGtleSBjb3Jy ZXNwb25kaW5nIHRvIHRoZSBUTFNBIHJlY29yZCBpcyB0aGUgJ3JlYWwnIGlkZW50aXR5IGhvbGRl ci4NCg0KSW4gYSBzaW1pbGFyIGZhc2hpb24sIGRldmljZSBtYW51ZmFjdHVyZXJzIG1heSBwcm92 aXNpb24gYSBEQU5FIGlkZW50aXR5IGZvciBkZXZpY2VzIGJlZm9yZSB0aGV5IHNoaXAuIFRoZXNl IGRldmljZSBpZGVudGl0aWVzIG1heSByZXNpZGUgaW4gYSBETlMgem9uZSB1bmRlciB0aGUgbWFu dWZhY3R1cmVyJ3MgY29udHJvbCwgb3IgdGhlIGltcGxlbWVudGVyIG1heSBwcmVzZW50IHRoZSBk ZXZpY2UgY2VydGlmaWNhdGVzIGluIGEgRE5TIHpvbmUgdW5kZXIgdGhlIGltcGxlbWVudGVyJ3Mg Y29udHJvbC4gVGhpcyBhbGxvd3MgdGhlIGlkZW50aXR5IHRvIG1vcmUgbmF0dXJhbGx5IGluZGlj YXRlIHRoZSBwYXJ0eSByZXNwb25zaWJsZSBmb3IgdGhlIGRldmljZSdzIGJlaGF2aW9yLCBhbmQg Y2FuIG1ha2UgdGhlIG1pdGlnYXRpb24gb2Ygc29tZSB0eXBlcyBvZiBuZXR3b3JrIGFidXNlIGEg bGl0dGxlIG1vcmUgc3RyYWlnaHRmb3J3YXJkLg0KDQoNCk9uIE1vbiwgTm92IDE2LCAyMDIwIGF0 IDg6MDQgQU0gU2h1bW9uIEh1cXVlIDxzaHVxdWVAZ21haWwuY29tPG1haWx0bzpzaHVxdWVAZ21h aWwuY29tPj4gd3JvdGU6DQpIaSBXZWkgUGFuLA0KDQpJJ2xsIGFzayBBc2ggKHdobyBpcyBtb3Jl IHBsdWdnZWQgaW50byB0aGUgSU9UIGVjb3N5c3RlbSB0aGFuIEkgYW0pIHRvIGNvbmZpcm0gLi4g YnV0IHllcywgb3VyIHVzZSBjYXNlIGV4cGVjdHMgZGV2aWNlcyB0byBoYXZlIElEZXZJRCBvciBz b21lIG90aGVyIHByZWNvbmZpZ3VyZWQgdW5pcXVlIHZhbHVlLCBzbyBpdCBzaG91bGQgYmUgcG9z c2libGUgdG8gd29yayB3aXRoIEJSU0tJLiBGb3IgdGhlIEROUyByZWNvcmQgZm9ybWF0IG5hbWlu Zywgd2Ugd2VyZSBpbml0aWFsbHkgbG9va2luZyBhdCB0aGUgZm9ybWF0cyBkZWZpbmVkIGluIGRy YWZ0LWZyaWVsLXBraS1mb3ItZGV2aWNlcywgc3BlY2lmaWNhbGx5IHRoZSBMRGV2SUQgb3JnYW5p emF0aW9uIG1hbmFnZWQgZm9ybSwgYnV0IGhhdmUgYSBzbGlnaHRseSBzaW1wbGVyIGZvcm0gY3Vy cmVudGx5IHNwZWNpZmllZCBpbiB0aGUgZHJhZnQuDQoNClNodW1vbi4NCg0KT24gTW9uLCBOb3Yg MTYsIDIwMjAgYXQgNzowMiBBTSBQYW53ZWkgKFdpbGxpYW0pIDx3aWxsaWFtLnBhbndlaUBodWF3 ZWkuY29tPG1haWx0bzp3aWxsaWFtLnBhbndlaUBodWF3ZWkuY29tPj4gd3JvdGU6DQpUaGFua3Mg dG8gRWxpb3QgZm9yIHN1bW1hcml6aW5nIHRoZXNlLg0KDQpJIHRoaW5rIHRoZSBjb3JlIGNvbmNl cHQgb2YgdXNpbmcgREFORSBpbiBJb1Qgc2NlbmFyaW8gaXMgdG8gZ2V0IHJpZCBvZiBjZXJ0aWZp Y2F0ZXMgYW5kIFBLSVguIFRoZSBzb2x1dGlvbiBvZiBob3cgdG8gc2VjdXJlbHkgb25ib2FyZCB0 aGUgSW9UIGRldmljZXMgYW5kIGFsbG9jYXRlIHRoZSBETlMgZG9tYWluIG5hbWUsIGJvdGggd2l0 aCBhbmQgd2l0aG91dCBpbml0aWFsIGNlcnRpZmljYXRlcywgaXMgdGhlIGtleSBwYXJ0IHRvIGZp Z3VyZSBvdXQuDQpJZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBubyBpbml0aWFsIGNlcnRpZmljYXRl cywgc3VjaCBhcyA4MDIuMUFSIElEZXZJRCBjZXJ0aWZpY2F0ZSwgYXMgdGhlaXIgaW5pdGlhbCBp ZGVudGl0eSwgdGhlbiB0aGUgQlJTS0kgbWVjaGFuaXNtIHdvbuKAmXQgYmUgYXBwcm9wcmlhdGUg Zm9yIHRoZXNlIGRldmljZXMgYmVjYXVzZSBCUlNLSSBoYXMgYSByZXF1aXJlbWVudCBvZiBJRGV2 SUQuDQpJZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBhbiBJRGV2SUQgY2VydGlmaWNhdGUsIEkgdGhp bmsgaXQgY2FuIHN0aWxsIHVzZSBCUlNLSSB0byBvbmJvYXJkLCBidXQgaXQgd29u4oCZdCB1c2Ug RVNUIHRvIHJlcXVlc3QgYSBjZXJ0aWZpY2F0ZSBhbnkgbW9yZSwgaW5zdGVhZCwgaXQgd2lsbCBh cHBseSBmb3IgYSBETlMgZG9tYWluIG5hbWUgYnkgdXNpbmcgc29tZSBwcm90b2NvbHMuDQoNClRo YXTigJlzIG15IHByZWxpbWluYXJ5IHRob3VnaHRzLCBtYXliZSBub3QgcmlnaHQuDQoNClJlZ2Fy ZHMgJiBUaGFua3MhDQpXZWkgUGFuDQoNCkZyb206IFNlY2Rpc3BhdGNoIFttYWlsdG86c2VjZGlz cGF0Y2gtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9y Zz5dIE9uIEJlaGFsZiBPZiBFbGlvdCBMZWFyDQpTZW50OiBNb25kYXksIE5vdmVtYmVyIDE2LCAy MDIwIDY6NTUgUE0NClRvOiBzZWNkaXNwYXRjaEBpZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2hA aWV0Zi5vcmc+DQpTdWJqZWN0OiBbU2VjZGlzcGF0Y2hdIERBTkUgSU9UIHByb3Bvc2VkIG91dGNv bWUNCg0KVGhhbmtzIHRvIFNodW1vbiBmb3IgcHJlc2VudGluZyB0aGUgREFORSB1c2UgY2FzZSBm b3IgSU9ULg0KDQpXZSBkaXNjdXNzZWQgdGFraW5nIHRoaXMgdG8gdGhlIGlvdC1vbmJvYXJkaW5n QGlldGYub3JnPG1haWx0bzppb3Qtb25ib2FyZGluZ0BpZXRmLm9yZz4gbGlzdCBhcyB0aGVyZSB3 ZXJlIGEgbnVtYmVyIG9mIHJhdGhlciBiaWcgb3BlbiBpc3N1ZXMgdGhhdCBwZW9wbGUgd2FudGVk IHRvIGRpc2N1c3MuDQoNCldlIGFsc28gZGlzY3Vzc2VkIGEgbm9uLVdHIGZvcm1pbmcgQk9GIHRv IGxvb2sgYXQsIGFzIFRlZCBwdXQgaXQsIHRoZSBicm9hZGVyIGNvbnRleHQgZm9yIG9uYm9hcmRp bmcuICBUbyBnaXZlIHBlb3BsZSBhIGZlZWwgZm9yIHRoZSBzb3J0IG9mIHJlbGF0ZWQgd29yayB0 aGF0IGlzIGF2YWlsYWJsZSwgaGVyZSBhcmUgYSBsaXN0IG9mIHJlbGF0ZWQgYWN0aXZpdGllczoN Cg0KDQogICogICBkcmFmdC1pZXRmLWFuaW1hLWJvb3RzdHJhcHBpbmcta2V5aW5mcmEgKEJSU0tJ KSBpcyBhIHJlcXVlc3QvcmVzcG9uc2UgbWVjaGFuaXNtIHRoYXQgdXNlcyBSRkMgODM2NiB2b3Vj aGVycyB0byBpbnRyb2R1Y2UgZGV2aWNlcyBhbmQgbmV0d29yayBpbmZyYXN0cnVjdHVyZS4NCiAg KiAgIEludGVs4oCZcyBTRE8gcHJvdmlkZXMgYW4gYXBwbGljYXRpb24gbGV2ZWwgaW50cm9kdWN0 aW9uIHVzaW5nIHZvdWNoZXJzIGFzIHdlbGwuICBUaGlzIHdvcmsgaGFzIGJlZW4gdGFrZW4gdXAg YnkgdGhlIEZJRE8gYWxsaWFuY2UuDQogICogICBUaGUgV2lmaSBBbGxpYW5jZSBoYXMgRGV2aWNl IFByb3Zpc2lvbmluZyBQcm90b2NvbCAoRFBQKSB3aGljaCBkb2VzIG5vdCBhdHRhY2ggdG8gYSBn bG9iYWwgbmFtZSBzcGFjZSBwcmlvciB0byBwcm92aXNpb25pbmcgaGF2aW5nIG9jY3VycmVkLCBi dXQgZG9lcyByZXByZXNlbnQgYSBtaW5pbXVtIGNhc2UgKGp1c3QgcHVibGljIGtleXMpLg0KICAq ICAgZHJhZnQtZnJpZWwtZWFwLXRscy1lYXAtZHBwIGJvcnJvd3MgZnJvbSBEUFAsIGludGVuZGVk IG1vc3RseSBmb3Igd2lyZWQgdXNlLCB3aGVyZSBEUFAgaXMgZm9jdXNlZCBvbiA4MDIuMTEgbmV0 d29ya3MuDQogICogICBUaGVyZSBhcmUgYSBudW1iZXIgb2YgQlJTS0kgcmVsYXRlZCBkcmFmdHMg YnkgT3dlbiBhcyB3ZWxsLCByZWxhdGluZyB0byBjbG91ZC1iYXNlZCByZWdpc3RyYXJzLg0KICAq ICAgVGhlcmUgaXMgYWxzbyB3b3JrIGJ5IE1pY2hhZWwgUmljaGFyZHNvbiBhbmQgUGV0ZXIgVmFu IERlciBTdG9jayBvbiBjb25zdHJhaW5lZCB2b3VjaGVycy4gIFRoYXQgd29yayBpcyB0YWtpbmcg cGxhY2UgaW4gQUNFLg0KDQpVbmRlcnN0YW5kaW5nIHRoZSBsYW5kc2NhcGUgbWlnaHQgaGVscCB1 cyB1bmRlcnN0YW5kIHdoZXJlIERBTkUgZml0cyBpbi4NCg0KUmVnYXJkcywNCg0KRWxpb3QNCl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpTZWNkaXNwYXRj aCBtYWlsaW5nIGxpc3QNClNlY2Rpc3BhdGNoQGlldGYub3JnPG1haWx0bzpTZWNkaXNwYXRjaEBp ZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0 Y2gNCi0tDQpJb3Qtb25ib2FyZGluZyBtYWlsaW5nIGxpc3QNCklvdC1vbmJvYXJkaW5nQGlldGYu b3JnPG1haWx0bzpJb3Qtb25ib2FyZGluZ0BpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vaW90LW9uYm9hcmRpbmcNCg0KDQotLQ0KQXNoIFdpbHNvbiB8IFRl Y2huaWNhbCBEaXJlY3Rvcg0KZTogYXNoLndpbHNvbkB2YWxpbWFpbC5jb208bWFpbHRvOmFzaC53 aWxzb25AdmFsaW1haWwuY29tPg0KDQpb5Zu+5YOP5bey6KKr5Y+R5Lu25Lq65Yig6Zmk44CCXQ0K DQoNCg0KVGhpcyBlbWFpbCBhbmQgYWxsIGRhdGEgdHJhbnNtaXR0ZWQgd2l0aCBpdCBjb250YWlu cyBjb25maWRlbnRpYWwgYW5kL29yIHByb3ByaWV0YXJ5IGluZm9ybWF0aW9uIGludGVuZGVkIHNv bGVseSBmb3IgdGhlIHVzZSBvZiBpbmRpdmlkdWFsKHMpIGF1dGhvcml6ZWQgdG8gcmVjZWl2ZSBp dC4gSWYgeW91IGFyZSBub3QgYW4gaW50ZW5kZWQgYW5kIGF1dGhvcml6ZWQgcmVjaXBpZW50IHlv dSBhcmUgaGVyZWJ5IG5vdGlmaWVkIG9mIGFueSB1c2UsIGRpc2Nsb3N1cmUsIGNvcHlpbmcgb3Ig ZGlzdHJpYnV0aW9uIG9mIHRoZSBpbmZvcm1hdGlvbiBpbmNsdWRlZCBpbiB0aGlzIHRyYW5zbWlz c2lvbiBpcyBwcm9oaWJpdGVkIGFuZCBtYXkgYmUgdW5sYXdmdWwuIFBsZWFzZSBpbW1lZGlhdGVs eSBub3RpZnkgdGhlIHNlbmRlciBieSByZXBseWluZyB0byB0aGlzIGVtYWlsIGFuZCB0aGVuIGRl bGV0ZSBpdCBmcm9tIHlvdXIgc3lzdGVtLg0K --_000_b9bded62178e44f8a57c850d0102259ehuaweicom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OuWui+S9kzsNCglwYW5vc2UtMToyIDEgNiAwIDMgMSAxIDEgMSAxO30N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0 IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJ cGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWls eTpHYWR1Z2k7DQoJcGFub3NlLTE6MiAxMSA1IDIgNCAyIDQgMiAyIDM7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseToiXEDlrovkvZMiOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7 fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTrljY7mlofnu4bpu5E7DQoJcGFub3NlLTE6MiAx IDYgMCA0IDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJcQOWNjuaWh+e7 hum7kSI7DQoJcGFub3NlLTE6MiAxIDYgMCA0IDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0 aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJn aW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZv bnQtZmFtaWx5OuWui+S9kzt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHls ZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7 fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlv cml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpw DQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCglt YXJnaW4tcmlnaHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1s ZWZ0OjBjbTsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OuWui+S9kzt9DQpzcGFu LkVtYWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZh bWlseToiR2FkdWdpIixzYW5zLXNlcmlmOw0KCWNvbG9yOmJsYWNrOw0KCWZvbnQtd2VpZ2h0Om5v cm1hbDsNCglmb250LXN0eWxlOm5vcm1hbDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUt dHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQou TXNvUGFwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCgltYXJnaW4tYm90 dG9tOjEuNXB0Ow0KCW1zby1wYXJhLW1hcmdpbi1ib3R0b206LjNnZDsNCgl0ZXh0LWFsaWduOmp1 c3RpZnk7DQoJdGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDsNCglsaW5lLWhlaWdodDoxMjAl O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46 NzIuMHB0IDkwLjBwdCA3Mi4wcHQgOTAuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpX b3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxp c3QtaWQ6MjA3NzI0NTA3NTsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6LTE5NjI0NzU5NjI7fQ0K QGxpc3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t bGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1m b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDIN Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsN Cgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7 DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWIt c3RvcDoxMDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6 U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0Ow0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0K CW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0 IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQt c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNg0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1z by1sZXZlbC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ Zm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3Rv cDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu dDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3lt Ym9sO30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7 DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1z by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1z by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGww OmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl eHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6 ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGNt O30NCnVsDQoJe21hcmdpbi1ib3R0b206MGNtO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNv IDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAv Pg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxh eW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwv bzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IlpI LUNOIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9u MSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29s b3I6YmxhY2siPkhpIEFzaCw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVT IiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDss c2Fucy1zZXJpZjtjb2xvcjpibGFjayI+VGhhbmtzIGZvciB5b3VyIGNsYXJpZnlpbmcuIEl04oCZ cyBjbGVhciB0byBtZSBub3cuIFVzaW5nIERBTkUgZG9lc27igJl0IGNvbmZsaWN0IHdpdGggb3Ro ZXIgZXhpc3RpbmcgYm9vdHN0cmFwcGluZyBwcm9jZXNzZXMsIGJ1dCBJIGZlZWwgc29tZSBleHRl bnNpb25zDQogbWF5IGJlIG5lZWRlZCB0byBpbnRlZ3JhdGUuPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibGluZS1oZWlnaHQ6MTEwJSI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2xpbmUtaGVpZ2h0OjExMCU7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1 b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPlJlZ2FyZHMgJmFtcDsgVGhhbmtzITxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDox MTAlIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7bGluZS1oZWln aHQ6MTEwJTtmb250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjpi bGFjayI+V2VpIFBhbjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJsaW5lLWhlaWdodDoxMTAlIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7bGluZS1oZWlnaHQ6MTEwJTtmb250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRk aW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTti b3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5G cm9tOjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+IEFzaCBXaWxzb24g W21haWx0bzphc2gud2lsc29uQHZhbGltYWlsLmNvbV0NCjxicj4NCjxiPlNlbnQ6PC9iPiBUdWVz ZGF5LCBOb3ZlbWJlciAxNywgMjAyMCAzOjEzIEFNPGJyPg0KPGI+VG86PC9iPiBTaHVtb24gSHVx dWUgJmx0O3NodXF1ZUBnbWFpbC5jb20mZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBQYW53ZWkgKFdpbGxp YW0pICZsdDt3aWxsaWFtLnBhbndlaUBodWF3ZWkuY29tJmd0OzsgaW90LW9uYm9hcmRpbmdAaWV0 Zi5vcmc7IHNlY2Rpc3BhdGNoQGlldGYub3JnOyBFbGlvdCBMZWFyICZsdDtsZWFyPTQwY2lzY28u Y29tQGRtYXJjLmlldGYub3JnJmd0Ozxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogW0lvdC1vbmJv YXJkaW5nXSBbU2VjZGlzcGF0Y2hdIERBTkUgSU9UIHByb3Bvc2VkIG91dGNvbWU8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g bGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbTozLjZwdDttc28tcGFyYS1tYXJnaW4t Ym90dG9tOi4zZ2Q7dGV4dC1hbGlnbjpqdXN0aWZ5O3RleHQtanVzdGlmeTppbnRlci1pZGVvZ3Jh cGg7bGluZS1oZWlnaHQ6MTIwJSI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+SGkgV2VpIFBhbiw8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbi1ib3R0b206My42cHQ7bXNvLXBhcmEtbWFyZ2luLWJvdHRvbTouM2dkO3RleHQtYWxpZ246 anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRlb2dyYXBoO2xpbmUtaGVpZ2h0OjEyMCUiPg0K PHNwYW4gbGFuZz0iRU4tVVMiPlRoZSBwcm9jZXNzIG9mIGJvb3RzdHJhcHBpbmcgdGhlIGRldmlj ZSdzIGlkZW50aXR5IGlzIG91dHNpZGUgdGhlIHNjb3BlIG9mIG91ciBkcmFmdHMsIGJ1dCBJIGNv bXBsZXRlbHkgYWdyZWUgdGhhdCBnZXR0aW5nIHRoZSBib290c3RyYXBwaW5nIHByb2Nlc3Mgcmln aHQgaXMgaW1wb3J0YW50LiBXZSB0aGluayB0aGF0IHVzaW5nIERBTkUgbGlrZSB0aGlzIGRvZXNu J3QgY29uZmxpY3Qgd2l0aCBvdGhlciBib290c3RyYXBwaW5nDQogcHJvY2Vzc2VzOyBpdCBqdXN0 IGFkZHMgYSBETlMtZGlzY292ZXJhYmxlIHB1YmxpYyBrZXkgdG8gdGhlIGlkZW50aXR5IG9mIHRo ZSBkZXZpY2Ugd2hlbiBpdCBpcyBwcm92aXNpb25lZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToz LjZwdDttc28tcGFyYS1tYXJnaW4tYm90dG9tOi4zZ2Q7dGV4dC1hbGlnbjpqdXN0aWZ5O3RleHQt anVzdGlmeTppbnRlci1pZGVvZ3JhcGg7bGluZS1oZWlnaHQ6MTIwJSI+DQo8c3BhbiBsYW5nPSJF Ti1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206My42cHQ7bXNvLXBhcmEtbWFyZ2lu LWJvdHRvbTouM2dkO3RleHQtYWxpZ246anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRlb2dy YXBoO2xpbmUtaGVpZ2h0OjEyMCUiPg0KPHNwYW4gbGFuZz0iRU4tVVMiPk9uZSBvZiB0aGUgcHJv Y2Vzc2VzIHdlIGFyZSBzZWVraW5nIHRvIHNpbXBsaWZ5IGlzIHRoYXQgb2YmbmJzcDtlc3RhYmxp c2hpbmcgdHJ1c3QgZGlyZWN0bHkgYmV0d2VlbiBkZXZpY2VzIGluIHRoZSBmaWVsZCwgYm90aCBv ZiB3aGljaCBtYXkgaGF2ZSBvbmx5IGEmbmJzcDtrZXlwYWlyLCZuYnNwO2FuZCBub3QgdGhlIGJl bmVmaXQgb2YgUEtJIHRoYXQgY2hhaW5zIHRvIGEgcHVibGljbHkgdHJ1c3RlZCZuYnNwO0NBLiBT dXBwb3J0aW5nIHguNTA5DQogY2VydGlmaWNhdGVzIGlzIGluIHRoZSBpbnRlcmVzdCBvZiBwcm92 aWRpbmcgYnJvYWQgcHJvdG9jb2wgY29tcGF0aWJpbGl0eSAoaW5jbHVkaW5nIHRoZSBzdXBwb3J0 IG9mIG90aGVyIGFkamFjZW50IHN0YW5kYXJkcyBsaWtlIE1VRDoNCjxhIGhyZWY9Imh0dHBzOi8v dG9vbHMuaWV0Zi5vcmcvaWQvZHJhZnQtaWV0Zi1vcHNhd2ctbXVkLTIyLmh0bWwjbXVkeDUwOSI+ aHR0cHM6Ly90b29scy5pZXRmLm9yZy9pZC9kcmFmdC1pZXRmLW9wc2F3Zy1tdWQtMjIuaHRtbCNt dWR4NTA5PC9hPikuIEJ5IHVzaW5nIFRMU0EgZm9yIGNsaWVudCBhdXRoLCB3ZSBhbGxvdyBkZXZp Y2VzIHdpdGggb25seSBhIHJhdyBwdWJsaWMga2V5IGluIEROUywgYXMgd2VsbCBhcyBkZXZpY2Vz IHdpdGggbWV0YWRhdGEtcmljaA0KIHguNTA5IGNlcnRpZmljYXRlcywgdG8gbXV0dWFsbHkgYXV0 aGVudGljYXRlIHdpdGhvdXQgcmVxdWlyaW5nIHRoZSBkaXN0cmlidXRpb24gb2YgQ0EgY2VydGlm aWNhdGVzLCBqdXN0IGJhc2VkIG9uIGtub3dsZWRnZSBvZiB0aGUgY29tbXVuaWNhdGluZyBwZWVy J3MgRE5TIG5hbWUuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206My42cHQ7bXNvLXBhcmEtbWFyZ2lu LWJvdHRvbTouM2dkO3RleHQtYWxpZ246anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRlb2dy YXBoO2xpbmUtaGVpZ2h0OjEyMCUiPg0KPHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtYXJnaW4tYm90dG9tOjMuNnB0O21zby1wYXJhLW1hcmdpbi1ib3R0b206LjNnZDt0ZXh0LWFs aWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDoxMjAl Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIj5TSU0vVUlDQyBpZGVudGl0eSBwcm92aWRlcnMgbWF5IHBy b3Zpc2lvbiBwdWJsaWMga2V5cyBpbiBETlMsIGFuZCBsZWF2ZSBhIHJlY29yZCBvZiB0aGUgZGV2 aWNlJ3MgRE5TIG5hbWUgaW4gdGhlIFNJTSBjYXJkIChsaWtlbHkgdG8gYmUgZm91bmQgaW4gdGhl IGNlcnRpZmljYXRlKS4gVGhpcyBnaXZlcyB0aGUgZGV2aWNlIHRoYXQgcmVjZWl2ZXMgdGhlIFNJ TSBjYXJkIHRoZSBhYmlsaXR5IHRvIGRvIGFsbCB0aGUNCiB0aGluZ3MgdGhhdCB0aGUgUEtJIGVj b3N5c3RlbSBzdXBwb3J0cyBub3csIHdpdGggdGhlIGFkZGl0aW9uYWwgYmVuZWZpdCBvZiBiZWlu ZyBhYmxlIHRvIG11dHVhbGx5IGF1dGhlbnRpY2F0ZSB3aXRob3V0IHRoZSBvdGhlciBzaWRlIG9m IHRoZSBoYW5kc2hha2UgbmVlZGluZyB0byBwb3NzZXNzIGFuZCB0cnVzdCB0aGUgQ0EgY2VydGlm aWNhdGUgdXNlZCB0byBzaWduIHRoZSBjZXJ0aWZpY2F0ZSB0aGF0IHNoaXBzIHdpdGggdGhlIFNJ TSBjYXJkLg0KIE5hbWluZyBjb2xsaXNpb25zIGFyZSBwcmV2ZW50ZWQgYnkgYmluZGluZyB0aGUg cHVibGljIGtleSB0byB0aGUgRE5TIG5hbWUtIG9ubHkgdGhlIHBvc3Nlc3NvciBvZiB0aGUgcHJp dmF0ZSBrZXkgY29ycmVzcG9uZGluZyB0byB0aGUgVExTQSByZWNvcmQgaXMgdGhlICdyZWFsJyBp ZGVudGl0eSBob2xkZXIuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206My42cHQ7bXNvLXBhcmEtbWFy Z2luLWJvdHRvbTouM2dkO3RleHQtYWxpZ246anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRl b2dyYXBoO2xpbmUtaGVpZ2h0OjEyMCUiPg0KPHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tYm90dG9tOjMuNnB0O21zby1wYXJhLW1hcmdpbi1ib3R0b206LjNnZDt0ZXh0 LWFsaWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDox MjAlIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5JbiBhIHNpbWlsYXIgZmFzaGlvbiwgZGV2aWNlIG1h bnVmYWN0dXJlcnMgbWF5IHByb3Zpc2lvbiBhIERBTkUgaWRlbnRpdHkgZm9yIGRldmljZXMgYmVm b3JlIHRoZXkgc2hpcC4gVGhlc2UgZGV2aWNlIGlkZW50aXRpZXMgbWF5IHJlc2lkZSBpbiBhIERO UyB6b25lIHVuZGVyIHRoZSBtYW51ZmFjdHVyZXIncyBjb250cm9sLCBvciB0aGUgaW1wbGVtZW50 ZXIgbWF5IHByZXNlbnQgdGhlIGRldmljZSBjZXJ0aWZpY2F0ZXMNCiBpbiBhIEROUyB6b25lIHVu ZGVyIHRoZSBpbXBsZW1lbnRlcidzIGNvbnRyb2wuIFRoaXMgYWxsb3dzIHRoZSBpZGVudGl0eSB0 byBtb3JlIG5hdHVyYWxseSBpbmRpY2F0ZSB0aGUgcGFydHkgcmVzcG9uc2libGUgZm9yIHRoZSBk ZXZpY2UncyBiZWhhdmlvciwgYW5kIGNhbiBtYWtlIHRoZSBtaXRpZ2F0aW9uIG9mIHNvbWUgdHlw ZXMgb2YgbmV0d29yayBhYnVzZSBhIGxpdHRsZSBtb3JlIHN0cmFpZ2h0Zm9yd2FyZC48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibWFyZ2luLWJvdHRvbTozLjZwdDttc28tcGFyYS1tYXJnaW4tYm90dG9tOi4zZ2Q7dGV4dC1h bGlnbjpqdXN0aWZ5O3RleHQtanVzdGlmeTppbnRlci1pZGVvZ3JhcGg7bGluZS1oZWlnaHQ6MTIw JSI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjMu NnB0O21zby1wYXJhLW1hcmdpbi1ib3R0b206LjNnZDt0ZXh0LWFsaWduOmp1c3RpZnk7dGV4dC1q dXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDoxMjAlIj4NCjxzcGFuIGxhbmc9IkVO LVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjMuNnB0O21zby1wYXJhLW1hcmdpbi1i b3R0b206LjNnZDt0ZXh0LWFsaWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFw aDtsaW5lLWhlaWdodDoxMjAlIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5PbiBNb24sIE5vdiAxNiwg MjAyMCBhdCA4OjA0IEFNIFNodW1vbiBIdXF1ZSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNodXF1ZUBn bWFpbC5jb20iPnNodXF1ZUBnbWFpbC5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm dDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxl ZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjMuNnB0O21zby1wYXJhLW1hcmdpbi1ib3R0b206 LjNnZDt0ZXh0LWFsaWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5l LWhlaWdodDoxMjAlIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5IaSBXZWkgUGFuLDxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tYm90dG9tOjMuNnB0O21zby1wYXJhLW1hcmdpbi1ib3R0b206LjNnZDt0ZXh0LWFsaWdu Omp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDoxMjAlIj4N CjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbTozLjZwdDtt c28tcGFyYS1tYXJnaW4tYm90dG9tOi4zZ2Q7dGV4dC1hbGlnbjpqdXN0aWZ5O3RleHQtanVzdGlm eTppbnRlci1pZGVvZ3JhcGg7bGluZS1oZWlnaHQ6MTIwJSI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+ SSdsbCBhc2sgQXNoICh3aG8gaXMgbW9yZSBwbHVnZ2VkIGludG8gdGhlIElPVCBlY29zeXN0ZW0g dGhhbiBJIGFtKSB0byBjb25maXJtIC4uIGJ1dCB5ZXMsIG91ciB1c2UgY2FzZSBleHBlY3RzIGRl dmljZXMgdG8gaGF2ZSBJRGV2SUQgb3Igc29tZSBvdGhlciBwcmVjb25maWd1cmVkIHVuaXF1ZSB2 YWx1ZSwgc28gaXQgc2hvdWxkIGJlIHBvc3NpYmxlIHRvIHdvcmsgd2l0aCBCUlNLSS4gRm9yIHRo ZSBETlMgcmVjb3JkDQogZm9ybWF0IG5hbWluZywgd2Ugd2VyZSBpbml0aWFsbHkgbG9va2luZyBh dCB0aGUgZm9ybWF0cyBkZWZpbmVkIGluIGRyYWZ0LWZyaWVsLXBraS1mb3ItZGV2aWNlcywgc3Bl Y2lmaWNhbGx5IHRoZSBMRGV2SUQgb3JnYW5pemF0aW9uIG1hbmFnZWQgZm9ybSwgYnV0IGhhdmUg YSBzbGlnaHRseSBzaW1wbGVyIGZvcm0gY3VycmVudGx5IHNwZWNpZmllZCBpbiB0aGUgZHJhZnQu PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1hcmdpbi1ib3R0b206My42cHQ7bXNvLXBhcmEtbWFyZ2luLWJvdHRvbTouM2dk O3RleHQtYWxpZ246anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRlb2dyYXBoO2xpbmUtaGVp Z2h0OjEyMCUiPg0KPHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90 dG9tOjMuNnB0O21zby1wYXJhLW1hcmdpbi1ib3R0b206LjNnZDt0ZXh0LWFsaWduOmp1c3RpZnk7 dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDoxMjAlIj4NCjxzcGFuIGxh bmc9IkVOLVVTIj5TaHVtb24uPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbTozLjZwdDttc28tcGFyYS1tYXJnaW4t Ym90dG9tOi4zZ2Q7dGV4dC1hbGlnbjpqdXN0aWZ5O3RleHQtanVzdGlmeTppbnRlci1pZGVvZ3Jh cGg7bGluZS1oZWlnaHQ6MTIwJSI+DQo8c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bWFyZ2luLWJvdHRvbTozLjZwdDttc28tcGFyYS1tYXJnaW4tYm90dG9tOi4zZ2Q7dGV4dC1hbGln bjpqdXN0aWZ5O3RleHQtanVzdGlmeTppbnRlci1pZGVvZ3JhcGg7bGluZS1oZWlnaHQ6MTIwJSI+ DQo8c3BhbiBsYW5nPSJFTi1VUyI+T24gTW9uLCBOb3YgMTYsIDIwMjAgYXQgNzowMiBBTSBQYW53 ZWkgKFdpbGxpYW0pICZsdDs8YSBocmVmPSJtYWlsdG86d2lsbGlhbS5wYW53ZWlAaHVhd2VpLmNv bSIgdGFyZ2V0PSJfYmxhbmsiPndpbGxpYW0ucGFud2VpQGh1YXdlaS5jb208L2E+Jmd0OyB3cm90 ZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAw Y20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8ZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0dhZHVnaSZxdW90OyxzYW5zLXNlcmlmO2Nv bG9yOmJsYWNrIj5UaGFua3MgdG8gRWxpb3QgZm9yIHN1bW1hcml6aW5nIHRoZXNlLjwvc3Bhbj48 c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPiZuYnNwOzwv c3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkkg dGhpbmsgdGhlIGNvcmUgY29uY2VwdCBvZiB1c2luZyBEQU5FIGluIElvVCBzY2VuYXJpbyBpcyB0 byBnZXQgcmlkIG9mIGNlcnRpZmljYXRlcyBhbmQNCiBQS0lYLiBUaGUgc29sdXRpb24gb2YgaG93 IHRvIHNlY3VyZWx5IG9uYm9hcmQgdGhlIElvVCBkZXZpY2VzIGFuZCBhbGxvY2F0ZSB0aGUgRE5T IGRvbWFpbiBuYW1lLCBib3RoIHdpdGggYW5kIHdpdGhvdXQgaW5pdGlhbCBjZXJ0aWZpY2F0ZXMs IGlzIHRoZSBrZXkgcGFydCB0byBmaWd1cmUgb3V0Ljwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+ PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5n PSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdp JnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIG5v IGluaXRpYWwgY2VydGlmaWNhdGVzLCBzdWNoIGFzIDgwMi4xQVIgSURldklEIGNlcnRpZmljYXRl LCBhcyB0aGVpcg0KIGluaXRpYWwgaWRlbnRpdHksIHRoZW4gdGhlIEJSU0tJIG1lY2hhbmlzbSB3 b27igJl0IGJlIGFwcHJvcHJpYXRlIGZvciB0aGVzZSBkZXZpY2VzIGJlY2F1c2UgQlJTS0kgaGFz IGEgcmVxdWlyZW1lbnQgb2YgSURldklELjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1V UyIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7 LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIGFuIElEZXZJ RCBjZXJ0aWZpY2F0ZSwgSSB0aGluayBpdCBjYW4gc3RpbGwgdXNlIEJSU0tJIHRvIG9uYm9hcmQs DQogYnV0IGl0IHdvbuKAmXQgdXNlIEVTVCB0byByZXF1ZXN0IGEgY2VydGlmaWNhdGUgYW55IG1v cmUsIGluc3RlYWQsIGl0IHdpbGwgYXBwbHkgZm9yIGEgRE5TIGRvbWFpbiBuYW1lIGJ5IHVzaW5n IHNvbWUgcHJvdG9jb2xzLjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6YmxhY2siPiZuYnNwOzwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIg c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6YmxhY2siPlRoYXTigJlzIG15IHByZWxpbWluYXJ5IHRob3VnaHRzLCBt YXliZSBub3QgcmlnaHQuPC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtHYWR1Z2kmcXVvdDssc2Fucy1zZXJp Zjtjb2xvcjpibGFjayI+Jm5ic3A7PC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO2xpbmUtaGVpZ2h0OjEx MCUiPg0KPHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2xpbmUtaGVp Z2h0OjExMCU7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 YmxhY2siPlJlZ2FyZHMgJmFtcDsgVGhhbmtzITwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO2xpbmUtaGVpZ2h0OjEx MCUiPg0KPHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2xpbmUtaGVp Z2h0OjExMCU7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6 YmxhY2siPldlaSBQYW48L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyIg c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7R2FkdWdpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6YmxhY2siPiZuYnNwOzwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD48L286cD48L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6 c29saWQgd2luZG93dGV4dCAxLjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0O2JvcmRlci1j b2xvcjpjdXJyZW50Y29sb3IgY3VycmVudGNvbG9yIGN1cnJlbnRjb2xvciBibHVlIj4NCjxkaXY+ DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkIHdpbmRvd3RleHQgMS4w cHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbTtib3JkZXItY29sb3I6Y3VycmVudGNvbG9yIGN1 cnJlbnRjb2xvciI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxiPjxzcGFuIGxhbmc9IkVOLVVT IiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7 LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm Ij4gU2VjZGlzcGF0Y2gNCiBbbWFpbHRvOjxhIGhyZWY9Im1haWx0bzpzZWNkaXNwYXRjaC1ib3Vu Y2VzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9y ZzwvYT5dDQo8Yj5PbiBCZWhhbGYgT2YgPC9iPkVsaW90IExlYXI8YnI+DQo8Yj5TZW50OjwvYj4g TW9uZGF5LCBOb3ZlbWJlciAxNiwgMjAyMCA2OjU1IFBNPGJyPg0KPGI+VG86PC9iPiA8YSBocmVm PSJtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zZWNkaXNwYXRj aEBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0OjwvYj4gW1NlY2Rpc3BhdGNoXSBEQU5FIElP VCBwcm9wb3NlZCBvdXRjb21lPC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs YW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5UaGFua3MgdG8mbmJzcDtT aHVtb24gZm9yIHByZXNlbnRpbmcgdGhlIERBTkUgdXNlIGNhc2UgZm9yIElPVC48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJF Ti1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+V2UgZGlzY3Vzc2VkIHRha2luZyB0 aGlzIHRvIHRoZQ0KPGEgaHJlZj0ibWFpbHRvOmlvdC1vbmJvYXJkaW5nQGlldGYub3JnIiB0YXJn ZXQ9Il9ibGFuayI+aW90LW9uYm9hcmRpbmdAaWV0Zi5vcmc8L2E+IGxpc3QgYXMgdGhlcmUgd2Vy ZSBhIG51bWJlciBvZiByYXRoZXIgYmlnIG9wZW4gaXNzdWVzIHRoYXQgcGVvcGxlIHdhbnRlZCB0 byBkaXNjdXNzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0i RU4tVVMiPldlIGFsc28gZGlzY3Vzc2VkIGEgbm9uLVdHIGZvcm1pbmcgQk9GIHRvIGxvb2sgYXQs IGFzIFRlZCBwdXQgaXQsIHRoZSBicm9hZGVyIGNvbnRleHQgZm9yIG9uYm9hcmRpbmcuJm5ic3A7 IFRvIGdpdmUgcGVvcGxlIGEgZmVlbCBmb3IgdGhlIHNvcnQgb2YgcmVsYXRlZCB3b3JrIHRoYXQN CiBpcyBhdmFpbGFibGUsIGhlcmUgYXJlIGEgbGlzdCBvZiByZWxhdGVkIGFjdGl2aXRpZXM6PG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHVsIHR5cGU9ImRpc2MiPg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzt0ZXh0LWFs aWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDoxMjAl O21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5kcmFmdC1pZXRm LWFuaW1hLWJvb3RzdHJhcHBpbmcta2V5aW5mcmEgKEJSU0tJKSBpcyBhIHJlcXVlc3QvcmVzcG9u c2UgbWVjaGFuaXNtIHRoYXQgdXNlcyBSRkMgODM2NiB2b3VjaGVycyB0byBpbnRyb2R1Y2UgZGV2 aWNlcyBhbmQgbmV0d29yayBpbmZyYXN0cnVjdHVyZS48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxs aSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG87dGV4dC1hbGlnbjpqdXN0aWZ5O3RleHQtanVzdGlmeTppbnRl ci1pZGVvZ3JhcGg7bGluZS1oZWlnaHQ6MTIwJTttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+DQo8 c3BhbiBsYW5nPSJFTi1VUyI+SW50ZWw8L3NwYW4+4oCZPHNwYW4gbGFuZz0iRU4tVVMiPnMgU0RP IHByb3ZpZGVzIGFuIGFwcGxpY2F0aW9uIGxldmVsIGludHJvZHVjdGlvbiB1c2luZyB2b3VjaGVy cyBhcyB3ZWxsLiZuYnNwOyBUaGlzIHdvcmsgaGFzIGJlZW4gdGFrZW4gdXAgYnkgdGhlIEZJRE8g YWxsaWFuY2UuPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO3Rl eHQtYWxpZ246anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRlb2dyYXBoO2xpbmUtaGVpZ2h0 OjEyMCU7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPHNwYW4gbGFuZz0iRU4tVVMiPlRoZSBX aWZpIEFsbGlhbmNlIGhhcyBEZXZpY2UgUHJvdmlzaW9uaW5nIFByb3RvY29sIChEUFApIHdoaWNo IGRvZXMgbm90IGF0dGFjaCB0byBhIGdsb2JhbCBuYW1lIHNwYWNlIHByaW9yIHRvIHByb3Zpc2lv bmluZyBoYXZpbmcgb2NjdXJyZWQsIGJ1dCBkb2VzIHJlcHJlc2VudCBhIG1pbmltdW0gY2FzZSAo anVzdCBwdWJsaWMga2V5cykuPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvO3RleHQtYWxpZ246anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRlb2dyYXBoO2xp bmUtaGVpZ2h0OjEyMCU7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KPHNwYW4gbGFuZz0iRU4t VVMiPmRyYWZ0LWZyaWVsLWVhcC10bHMtZWFwLWRwcCBib3Jyb3dzIGZyb20gRFBQLCBpbnRlbmRl ZCBtb3N0bHkgZm9yIHdpcmVkIHVzZSwgd2hlcmUgRFBQIGlzIGZvY3VzZWQgb24gODAyLjExIG5l dHdvcmtzLjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzt0ZXh0 LWFsaWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDox MjAlO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj5UaGVyZSBh cmUgYSBudW1iZXIgb2YgQlJTS0kgcmVsYXRlZCBkcmFmdHMgYnkgT3dlbiBhcyB3ZWxsLCByZWxh dGluZyB0byBjbG91ZC1iYXNlZCByZWdpc3RyYXJzLjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxp IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0bzt0ZXh0LWFsaWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVy LWlkZW9ncmFwaDtsaW5lLWhlaWdodDoxMjAlO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj4NCjxz cGFuIGxhbmc9IkVOLVVTIj5UaGVyZSBpcyBhbHNvIHdvcmsgYnkgTWljaGFlbCBSaWNoYXJkc29u IGFuZCBQZXRlciBWYW4gRGVyIFN0b2NrIG9uIGNvbnN0cmFpbmVkIHZvdWNoZXJzLiZuYnNwOyBU aGF0IHdvcmsgaXMgdGFraW5nIHBsYWNlIGluIEFDRS48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwv dWw+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5i c3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5VbmRlcnN0YW5kaW5nIHRoZSBsYW5k c2NhcGUgbWlnaHQgaGVscCB1cyB1bmRlcnN0YW5kIHdoZXJlIERBTkUgZml0cyBpbi48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5SZWdhcmRzLDxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPkVsaW90 PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9InRleHQtYWxpZ246anVz dGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRlb2dyYXBoO2xpbmUtaGVpZ2h0OjEyMCUiPg0KPHNw YW4gbGFuZz0iRU4tVVMiPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fPGJyPg0KU2VjZGlzcGF0Y2ggbWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRv OlNlY2Rpc3BhdGNoQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+U2VjZGlzcGF0Y2hAaWV0Zi5v cmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5m by9zZWNkaXNwYXRjaCIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxt YW4vbGlzdGluZm8vc2VjZGlzcGF0Y2g8L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9ibG9j a3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJ0ZXh0 LWFsaWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDox MjAlIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj4tLSA8YnI+DQpJb3Qtb25ib2FyZGluZyBtYWlsaW5n IGxpc3Q8YnI+DQo8YSBocmVmPSJtYWlsdG86SW90LW9uYm9hcmRpbmdAaWV0Zi5vcmciIHRhcmdl dD0iX2JsYW5rIj5Jb3Qtb25ib2FyZGluZ0BpZXRmLm9yZzwvYT48YnI+DQo8YSBocmVmPSJodHRw czovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2lvdC1vbmJvYXJkaW5nIiB0YXJnZXQ9 Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pb3Qtb25ib2Fy ZGluZzwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJ0ZXh0LWFsaWduOmp1c3RpZnk7dGV4dC1qdXN0aWZ5 OmludGVyLWlkZW9ncmFwaDtsaW5lLWhlaWdodDoxMjAlIj4NCjxzcGFuIGxhbmc9IkVOLVVTIj48 YnIgY2xlYXI9ImFsbCI+DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9InRleHQtYWxpZ246anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXIt aWRlb2dyYXBoO2xpbmUtaGVpZ2h0OjEyMCUiPg0KPHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 InRleHQtYWxpZ246anVzdGlmeTt0ZXh0LWp1c3RpZnk6aW50ZXItaWRlb2dyYXBoO2xpbmUtaGVp Z2h0OjEyMCUiPg0KPHNwYW4gbGFuZz0iRU4tVVMiPi0tIDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibGluZS1oZWlnaHQ6MTIwJSI+PGI+ PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90Oyxz YW5zLXNlcmlmIj5Bc2ggV2lsc29uPC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9 ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWYiPiB8IFRlY2huaWNhbCBE aXJlY3Rvcjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjEyMCUiPjxiPjxzcGFuIGxh bmc9IkVOLVVTIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJp ZiI+ZTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1 b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+DQo8YSBocmVmPSJtYWlsdG86YXNoLndpbHNvbkB2 YWxpbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5hc2gud2lsc29uQHZhbGltYWlsLmNvbTwvYT4N CjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtYXJnaW46MGNtO21hcmdpbi1ib3R0 b206LjAwMDFwdDtiYWNrZ3JvdW5kOndoaXRlIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjpibGFjaztib3JkZXI6c29saWQgd2luZG93dGV4dCAxLjBwdDtwYWRkaW5nOjBjbSI+PGlt ZyBib3JkZXI9IjAiIHdpZHRoPSIxMDAiIGhlaWdodD0iMTAwIiBpZD0iX3gwMDAwX2kxMDI1IiBz cmM9ImNpZDp+V1JEMDAwLmpwZyIgYWx0PSLlm77lg4/lt7Looqvlj5Hku7bkurrliKDpmaTjgIIi Pjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFs JnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzIyMjIyMiI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgc3R5bGU9Im1hcmdpbjowY207bWFyZ2luLWJvdHRvbTouMDAwMXB0O2JhY2tncm91bmQ6d2hp dGUiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjojMjIyMjIyIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBzdHlsZT0ibWFyZ2luOjBjbTttYXJnaW4tYm90dG9tOi4wMDAxcHQ7YmFja2dyb3VuZDp3 aGl0ZSI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6OC4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojNjY2NjY2Ij5UaGlzIGVtYWls IGFuZCBhbGwgZGF0YSB0cmFuc21pdHRlZCB3aXRoIGl0IGNvbnRhaW5zIGNvbmZpZGVudGlhbCBh bmQvb3IgcHJvcHJpZXRhcnkgaW5mb3JtYXRpb24gaW50ZW5kZWQgc29sZWx5DQogZm9yIHRoZSB1 c2Ugb2YgaW5kaXZpZHVhbChzKSBhdXRob3JpemVkIHRvIHJlY2VpdmUgaXQuIElmIHlvdSBhcmUg bm90IGFuIGludGVuZGVkIGFuZCBhdXRob3JpemVkIHJlY2lwaWVudCB5b3UgYXJlIGhlcmVieSBu b3RpZmllZCBvZiBhbnkgdXNlLCBkaXNjbG9zdXJlLCBjb3B5aW5nIG9yIGRpc3RyaWJ1dGlvbiBv ZiB0aGUgaW5mb3JtYXRpb24gaW5jbHVkZWQgaW4gdGhpcyB0cmFuc21pc3Npb24gaXMgcHJvaGli aXRlZCBhbmQgbWF5IGJlIHVubGF3ZnVsLg0KIFBsZWFzZSBpbW1lZGlhdGVseSBub3RpZnkgdGhl IHNlbmRlciBieSByZXBseWluZyB0byB0aGlzIGVtYWlsIGFuZCB0aGVuIGRlbGV0ZSBpdCBmcm9t IHlvdXIgc3lzdGVtLjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_b9bded62178e44f8a57c850d0102259ehuaweicom_-- --_004_b9bded62178e44f8a57c850d0102259ehuaweicom_ Content-Type: image/jpeg; name="~WRD000.jpg" Content-Description: ~WRD000.jpg Content-Disposition: inline; filename="~WRD000.jpg"; size=823; creation-date="Tue, 17 Nov 2020 01:50:14 GMT"; modification-date="Tue, 17 Nov 2020 01:50:14 GMT" Content-ID: <~WRD000.jpg> Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCABkAGQDASIA AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3 ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iii gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKA CiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoo ooAKKKKACiiigAooooAKKKKACiiigD//2Q== --_004_b9bded62178e44f8a57c850d0102259ehuaweicom_-- From nobody Tue Nov 17 00:36:14 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4B23A0983; Tue, 17 Nov 2020 00:36:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V_WY_CZCicjn; Tue, 17 Nov 2020 00:36:08 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FCFB3A0989; Tue, 17 Nov 2020 00:36:07 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 092D4389EC; Tue, 17 Nov 2020 03:36:58 -0500 (EST) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id FJmruhQEaCid; Tue, 17 Nov 2020 03:36:57 -0500 (EST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 7BAA8389B3; Tue, 17 Nov 2020 03:36:57 -0500 (EST) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 1B6CDB20; Tue, 17 Nov 2020 03:36:06 -0500 (EST) From: Michael Richardson To: secdispatch@ietf.org, iot-onboarding@ietf.org In-Reply-To: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2020 08:36:10 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Eliot Lear wrote: > There is also work by Michael Richardson and Peter Van Der Stock on > constrained vouchers. That work is taking place in ACE. Just to clarify: it's occuring in ANIMA right now. {I also think that there is a lot of potential crossover between constrained vouchers/BRSKI, CORE RD, and ASYNC-Enrollment. And draft-selander-ace-ake-authz is a bytes-on-the-wire-incompatible, but semantically identical version of BRSKI for ultra-contrained environments. It has no obvious home at this point.} =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl+zi3UACgkQgItw+93Q 3WU0hwf+Lh4stuZ4r25MJZ69tXzSK8HHjnTmYvUHcwK/3BWc39dSYmWkqEWOZK2l BHkHv9yMBYaCyz2/qHUhkM/cZ+42eECMdvVd0tvxkgzzzU4KeifMICGXby3DSGR7 6wvwjii+wCJHgfeIRSy427nujxwbhu76ZTw9TI3SCDob7CTMaXljIckJMzyTvqNy 891QCgXZ/fX3eMfyfTR8/sjqPIIH+OP+2SzgIKgv0n2aPIlVN8OitnmVrF4a4LoV JakJ+E6mFjsv0ct17YnGl59bnjAO/G2bGGismbDL+3GzDRjgtV5O05nHw1a3oxVv bgIm7nswQVTBDAo3NNInBSEIXwLiTg== =Oogj -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Nov 18 04:10:18 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A5233A17F4; Wed, 18 Nov 2020 04:10:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1HQO8FX0cJcP; Wed, 18 Nov 2020 04:10:12 -0800 (PST) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2081.outbound.protection.outlook.com [40.107.20.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D05443A17F7; Wed, 18 Nov 2020 04:10:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BklwiU5nNgI50ITi6Vv1IRLETcN7ESs8ahJsDBq0LZFgRNpJR1nFrgyQIkvp1F/6M6UyRWI04hj9BNSULDo2qEunDYUkObW0dODtrHQUcDl7R4Z7zzVCCiS3UGatszsXs9p1lh7G8X4OOt/7XX4mSpwBTy8isS08ST3+X2v4+mxtxmj70Wbh8uGA60UOwBG6wfbaEcm2YhaUxoY4nD+VptQKd8ozGhIZubBg4ibVEY+XIG8HtaW4fk/oZ1Z9PpA1kzT2Eqm1h/h8d93hVvYDV8ynQHpACDBYmwp7ZXL8vZRyry7CY3Y6qT8i00GFkP6FMmx/YVF+45eINOGBSm0ZqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l40g54ZaRUZUPh68GWsg2zo8jzAMYMAD5vGIaX4I1ls=; b=U8uwKTXX8J8MzxXYhlyMlnkiok61gvMn4t/NUTvC9gD5JIGqrkKYohcm3YGfjgmOlOnylGkiYYYmpLnInknEHVWhNyc+Yt6fp/BECrfdtjjvs9TCDGzisjHHksnaaKUKIZC4aONZ7nUrykkXTOizMqE3mkzOwutasaK7EF2GMZOSfXxX9Uq+NYk4um3dUIoUr8eAgv3RE1PWuLmRzooRc1mZKNOc51SmFUuHCP+csBfh5sU/ItzFVJfI6BUfVtItNvHfoDY7LShjnN1x9fQXSARvPTS0WWj7+1/pvZJd06UQxyCU/aMgChXfr1Pkezom5E41M87ne1h/Rtz2jDB8hA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l40g54ZaRUZUPh68GWsg2zo8jzAMYMAD5vGIaX4I1ls=; b=NSOEG8liTGQDchBgnzkfKaVgyg1Ts15iqjhfGo+l7lSYC4fudNS/tBYhONq6esxetntoDYM4XLrtWnzA+nvzAA8uWxvCElBKhOM+HHCuL6xl5L4wwX7kh94GxTL6C5eLDrqTH8eBsxvlkMRqoYQGZ+ZfrTNt+or1L3/G4yfuA2o= Received: from VI1PR07MB3215.eurprd07.prod.outlook.com (2603:10a6:802:1c::21) by VI1PR07MB3920.eurprd07.prod.outlook.com (2603:10a6:803:37::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.9; Wed, 18 Nov 2020 12:10:09 +0000 Received: from VI1PR07MB3215.eurprd07.prod.outlook.com ([fe80::a926:3f37:978b:e40e]) by VI1PR07MB3215.eurprd07.prod.outlook.com ([fe80::a926:3f37:978b:e40e%6]) with mapi id 15.20.3589.017; Wed, 18 Nov 2020 12:10:08 +0000 From: Mohit Sethi M To: Eliot Lear , "Panwei (William)" CC: "iot-onboarding@ietf.org" , "secdispatch@ietf.org" Thread-Topic: Confusing terminology was Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome Thread-Index: AQHWvaPBBV8WGcj//kmCE55OUJIhJw== Date: Wed, 18 Nov 2020 12:10:08 +0000 Message-ID: <184ad9b2-fcee-ad01-5fe2-338ad3dcd65a@ericsson.com> References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com; x-originating-ip: [2001:14bb:150:569:3e8c:ae9:d0ae:34c] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b51742f8-e4a8-47dc-ab8f-08d88bbae4a2 x-ms-traffictypediagnostic: VI1PR07MB3920: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0nrGG2+n8+TZ1zdiA1SAgQUm3d6KkWB+7EDLekcv3t6Ir6IlyU09Aeu8BpbdMJLLkoQKiq6WTXK+iEHo0iq6UCJTij4QqnuXk98K0rQ/aUsbt1Tms20rSKk08Fkf8l0K1bxnVWQJj8V3ZdiuUaCz8AqyiE6je5NKvaBHRfdSAanx5JS/LK8aYDmks/hJNrRyxgmsqt2T1ymI6rG5k5M4zLgPiAGEVzoHazUrTxQag5cUne340J1t1lmRRqUYGZ8pZC16empdRVoYqbNnSUx0B0ezOR9iR+qVfEFv5XTOWTrpuQ6p1SQWLvn7IzMbLWeMI9UxuDTrZOCyR5R6AomHlZuBx0/Wkm10c46bZMbJHysAsxLF0zmnQS79DofF5BRW5Q0U3AcwT9eX/H5FJYTioEhoQ6ed++Wq+g91JJSE6ahEWre6C41nZYJLuf0lgF01XkOGZRh2UnAkOw4A04xiBA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB3215.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(346002)(366004)(39860400002)(396003)(8676002)(31686004)(31696002)(71200400001)(166002)(8936002)(54906003)(110136005)(6506007)(53546011)(2616005)(186003)(316002)(5660300002)(83380400001)(6512007)(36756003)(966005)(478600001)(6486002)(91956017)(66946007)(76116006)(4326008)(66476007)(66556008)(64756008)(86362001)(2906002)(66446008)(43740500002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?utf-8?B?eVlMZGNDbzRSNTkwVkFjaTE3V3lLTXpZUWpQVE0wdnk3K1c3WW5vemZWR21Y?= =?utf-8?B?WkQ0Qk1xelo5S1ZIbGdmck9sMUEvcVRNTzlyYVhOR1RaU3dvV2NSbXJydU5W?= =?utf-8?B?T09KM05ITERFRVhVWDd2bDUvdDRyTkg0QTBVam1BUVQ2dXZEY1IwOERIK0JX?= =?utf-8?B?L3h1cXFrMFdhMEtVL1dNaG9zcE5ETGFzVS90aHkvOUVxVk1nRXoxWUY1YnZx?= =?utf-8?B?ZWIxMmN6TnBqQ2hZU0J1RjRGOHZsVjBOcm9ZN1VrMzllZGk2MnpPSjlhM2hm?= =?utf-8?B?dnV3cUd5YlVXNmFqaHNVRlN6TWl4MHRxVEdhVVRmd3NPRktWaEFpTWxzcXF1?= =?utf-8?B?QTBkUFk2YTZZa2M3RE5YMnhwWWF0WFVGWTJTaFZYVlNtNFVnYkF4aXhCMDEr?= =?utf-8?B?VnNiNHlJZC91ZHI0eXlnL2EyaFpGckJSbHN5YmFTZjNKbWNqRXJtYU5rbERj?= =?utf-8?B?MnM4OUxrYnN6cmc0TzQ1dkZyU0hKeHc5MEhDMy9sbkltZkZ6WEMwTnNFS3cr?= =?utf-8?B?SWR2ZmFoa2lCSjg5dkk1QldwV3V3SHNRdVZ6NWFuRkpWVDgzSjRRTWtCQ1lh?= =?utf-8?B?bWljemZZMFYyN1VybDJscWYyQzcyUmdIdU9HWCszaUk4Mk5MYVk3ZlRteDBS?= =?utf-8?B?bWhPQkppYXo2V0t5OHRjVUhmMWZ4b3lKRVhneEpocTJFTmNRemdDb21qTXNx?= =?utf-8?B?WDRGZTJnMXdQalU3MEw3MTNtV1QxSWt0ZTJtNS91MUZPa3Q4OGZxcjNBdWZD?= =?utf-8?B?MDBVZEZJYStKUVpKZFFyUWJHdVBBUytCSTRwWEFIeFo5TUNjNEVNTWUwMlU4?= =?utf-8?B?T0M5SjlOSElHWDBmUGxSYm1qZFViQUZvSXdteU1tVjcxcTVqazNaNnloZUhF?= =?utf-8?B?TDQwTE10aytla2x4MlV2TG1JN2VVaUhmMFdPdHE2WUY3WWNTZGxQaGRDWCtY?= =?utf-8?B?SmhXZTBvYmlaRHRUYkpBcHZDdmc1MVZZYUxOT1B1d2xKaVBiaU5GaUhDWURk?= =?utf-8?B?OFJibllPb2ZWSGQwemU2TTNNZnlUc3pUM2xmOTdkTXVoZHRuSHVra2VmTG9W?= =?utf-8?B?WlFrVjZGVkRtNUF4a25sN21uVGNYMzFGMjZqL1RxL3BJcCtOK3ZUQndRZ0NZ?= =?utf-8?B?d3hBV2xoMExKMk44UEVoTlA1UE9CaW5hWjN3aTlWcGN1WTJnZzR1bHBIM1lN?= =?utf-8?B?RUkzTnpFZGRBT3ZaR25vSE0rM0t5djJ2N2hCVnU1SHdyRW92TE4zTGUwS0F4?= =?utf-8?B?SlJuS1VCLzAveUszNmNYc3VNcE0veHdsRjZwUkoxMEVTYlBlZz09?= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_184ad9b2fceead015fe2338ad3dcd65aericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB3215.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b51742f8-e4a8-47dc-ab8f-08d88bbae4a2 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2020 12:10:08.8409 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +kV2md9AjvcYbCWCjS8aqljuh4I77zBZzewOvklseDiegimt+iBO5Alm2dMDe5d0tnCxE4Gb3z0f1gVLbgDzF0Np9Zj37GIh0Zfw0x3HnWM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3920 Archived-At: Subject: [Secdispatch] Confusing terminology was Re: [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2020 12:10:17 -0000 --_000_184ad9b2fceead015fe2338ad3dcd65aericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRWxpb3QsDQoNCkkgZmluZCB5b3VyIHVzZSBvZiB0aGUgdGVybSBwZWVyIGNvbmZ1c2luZy4g TGV0IG1lIGV4cGxhaW4gd2hhdCBJIG1lYW4gd2l0aCB0aGlzIHRhYmxlIG9uIHZhcmlvdXMgdGVy bXMgZm9yIGFuIEVBUC1UTFMgaW1wbGVtZW50YXRpb246DQoNCiAgICstLS0tLS0tLS0tLS0tKy0t LS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tKw0KICAg fCAgICAgICAgICAgICB8IERldmljZSAgICAgICAgfCBHYXRld2F5ICAgICAgICAgfCBTZXJ2ZXIg ICAgICAgICAgICB8DQogICArLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgIHwgVExTICAgICAgICAgfCBDbGllbnQg ICAgICAgIHwgICAgICAgICAgICAgICAgIHwgU2VydmVyICAgICAgICAgICAgfA0KICAgfCAgICAg ICAgICAgICB8ICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAg ICAgICB8DQogICB8IEVBUC9BQUEgICAgIHwgUGVlciAgICAgICAgICB8IEF1dGhlbnRpY2F0b3Ig ICB8IEVBUCBzZXJ2ZXIvYmFja2VuZHwNCiAgIHwgICAgICAgICAgICAgfCAgICAgICAgICAgICAg IHwgICAgICAgICAgICAgICAgIHwgYXV0aCBzZXJ2ZXIgICAgICAgfA0KICAgfCAgICAgICAgICAg ICB8ICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICB8 DQogICB8IDgwMi4xeCAgICAgIHwgU3VwcGxpY2FudCAgICB8IEF1dGhlbnRpY2F0b3IgICB8IEF1 dGhlbnRpY2F0aW9uICAgIHwNCiAgIHwgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwgICAg ICAgICAgICAgICAgIHwgc2VydmVyIChBUykgICAgICAgfA0KICAgfCAgICAgICAgICAgICB8ICAg ICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICB8DQogICB8 IFJBRElVUyAgICAgIHwgICAgICAgICAgICAgICB8IE5ldHdvcmsgYWNjZXNzICB8IFJBRElVUyBz ZXJ2ZXIgICAgIHwNCiAgIHwgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwgc2VydmVyIChO QVMpICAgIHwgICAgICAgICAgICAgICAgICAgfA0KICAgfCAgICAgICAgICAgICB8ICAgICAgICAg ICAgICAgfCAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICB8DQogICB8IDgwMi4x MSAgICAgIHwgU3RhdGlvbiAgICAgICB8IEFjY2VzcyBQb2ludCAgICB8ICAgICAgICAgICAgICAg ICAgIHwNCiAgICstLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0t LSstLS0tLS0tLS0tLS0tLS0tLS0tKw0KDQpBc3N1bWluZyBlbWFpbCBjbGllbnRzIGFyZSBhYmxl IHRvIHJlbmRlciB0aGlzIGFzY2lpIHRhYmxlIGNvcnJlY3RseSwgSSBob3BlIHlvdSB1bmRlcnN0 YW5kIHRoYXQgaW4gc29tZSBjb250ZXh0cywgdGhlIGRldmljZSBpcyB0aGUgcGVlci4gV2hlbiB5 b3Ugc2F5IHByb3ZpbmcgcGVlciB0byBkZXZpY2UsIGFuZCBkZXZpY2UgdG8gcGVlciwgSSBhbSB1 bnN1cmUgaWYgeW91IGFyZSByZWZlcnJpbmcgdG8gYSBzZXJ2ZXIgb3IgYSBzbWFydHBob25lIHRo YXQgYWN0cyBhcyBhIGNvbXBhbmlvbiBkZXZpY2UgZHVyaW5nIGJvb3RzdHJhcHBpbmcuDQoNCkkg ZG9uJ3Qgd2FudCB0byBiZSB0aGUgdGVybWlub2xvZ3kgcG9saWNlIGhlcmUgYXNraW5nIHBlb3Bs ZSB0byBiZSBtb3JlIGNhdXRpb3VzIHdpdGggdGhlIHVzYWdlIG9mIHRlcm1zLiBJIGFsc28gdW5k ZXJzdGFuZCB0aGUgcmVhbGl0eSB0aGF0IGNvbXBhbmllcyBhcmUgb2Z0ZW4gZm9yY2VkIHRvIGRv IGJyYW5kaW5nIHRvIGxvb2sgY29vbCBhbmQgcGVyaGFwcyBpbXByb3ZlIGNoYW5jZXMgb2YgYWRv cHRpb24uDQoNCk1heWJlIGFzIHByb3RvY29sIGVuZ2luZWVycyB3ZSBjYW4gZG8gc29tZXdoYXQg YmV0dGVyPyBJIHRob3VnaHQgd2UgYWxyZWFkeSBoYWQgdG9vIG1hbnkgdGVybXMgZm9yIGRldmlj ZTogc3RhdGlvbi9wZWVyL2NsaWVudC9zdXBwbGljYW50LiBBbmQgdGhlbiBJIHNhdyB0aGUgdGVy bSBwbGVkZ2UuIEdvb2QgbHVjayB0cnlpbmcgdG8gdGVhY2ggbmV0d29yayBzZWN1cml0eSB0byBu ZXcgZm9sa3MuIE5vIHdvbmRlciBtYW55IHN0dWRlbnRzIEkgZW5jb3VudGVyIG5vdyB3YW50IHRv IGRvIEFJIG9yIGphdmFzY3JpcHQgYnV0IG5vdCBsb3ctbGV2ZWwgcHJvdG9jb2xzLiBJIGFtIHNp bWlsYXJseSBub3QgZW50aHVzaWFzdGljIHdpdGggdXNhZ2Ugb2YgbG9vc2UgdGVybXMgc3VjaCBh cyBvbmJvYXJkaW5nLiBBdCBsZWFzdCBpbiBteSBzdHVkeSBvZiBzZXZlcmFsIGRpZmZlcmVudCBz eXN0ZW1zIGluY2x1ZGluZyBibHVldG9vdGgvd2ktZmkvTFdNMk06IHRoZXkgcHJpbmNpcGFsbHkg Zm9sbG93IHRoZSBzYW1lIHRlcm1pbm9sb2d5IHBhdHRlcm46IGJvb3RzdHJhcHBpbmcgYW5kIGF1 dGhlbnRpY2F0aW9uIGZvbGxvd2VkIGJ5IHByb3Zpc2lvbmluZy9jb25maWd1cmF0aW9uLiBZb3Ug Y291bGQgcG9pbnQgbWUgdG8gT0NGIHdoaWNoIHVzZXMgb25ib2FyZGluZyBidXQgd2UgZG9uJ3Qg aGF2ZSB0byBtYWtlIHRoZSBzYW1lIG1pc3Rha2VzIGFzIGFub3RoZXIgU0RPLg0KDQotLU1vaGl0 DQoNCk9uIDExLzE2LzIwIDI6NTAgUE0sIEVsaW90IExlYXIgd3JvdGU6DQpIaSBXZWkgUGFuLA0K DQpJIGFncmVlIHdpdGggeW91IHRoYXQgdGhlcmUgaXMgYSBuZWVkIGZvciBzb21ldGhpbmcgdGhh dCBkb2VzbuKAmXQgcmVxdWlyZSBkZXZpY2VzIHRvIGhhdmUgYSBmdWxsIFBLSSBidWlsdCBpbi4g IEJ1dCB0aGVyZSBuZWVkcyB0byBiZSBzb21ldGhpbmcgdW5pcXVlIGFib3V0IHRoZSBkZXZpY2Ug dGhhdCBpdCBjYW4gZXhwcmVzcyBhbmQgcHJvdmUuICBBbHNvLCB3ZSBzaG91bGQgc2VwYXJhdGUg b3V0IHR3byBwcm9ibGVtczoNCg0KDQogICogICBQcm92aW5nIHRoZSBwZWVyIHRvIHRoZSBkZXZp Y2UNCiAgKiAgIFByb3ZpZGluZyB0aGUgZGV2aWNlIHRvIHRoZSBwZWVyDQoNCkVhY2ggaGFzIHNs aWdodGx5IGRpZmZlcmVudCBjaGFyYWN0ZXJpc3RpY3MsIGVzcGVjaWFsbHkgd2hlbiBpdCBjb21l cyB0byBjZXJ0aWZpY2F0ZXMuICBOb2JvZHkgc2hvdWxkIGV4cGVjdCBhIGh1Z2UgY2VydCBzdG9y ZSB0byBiZSBvbiBhIGxpZ2h0IHdlaWdodCBjbGllbnQuICBBcyB3YXMgc2FpZCBpbiB0aGUgY2hh dCwgdGhhdCBpcyBvbmUgdGhpbmcgdGhhdCBCUlNLSSBzb2x2ZXMuICBCdXQgRFBQL1BPSyBhbHNv IHNvbHZlcyBpdCB3aXRob3V0IGNlcnRpZmljYXRlcywgYnV0IHN0aWxsIHJlcXVpcmVzIGF0IGxl YXN0IGEgcHVibGljL3ByaXZhdGUga2V5IHBhaXIuIExlc3MgdGhhbiB0aGF0IEkgZG8gbm90IGtu b3cgaG93IHRvIHdvcmsgdGhlIHByb2JsZW0uDQoNCkVsaW90DQoNCk9uIDE2IE5vdiAyMDIwLCBh dCAxMzowMiwgUGFud2VpIChXaWxsaWFtKSA8d2lsbGlhbS5wYW53ZWlAaHVhd2VpLmNvbTxtYWls dG86d2lsbGlhbS5wYW53ZWlAaHVhd2VpLmNvbT4+IHdyb3RlOg0KDQpUaGFua3MgdG8gRWxpb3Qg Zm9yIHN1bW1hcml6aW5nIHRoZXNlLg0KDQpJIHRoaW5rIHRoZSBjb3JlIGNvbmNlcHQgb2YgdXNp bmcgREFORSBpbiBJb1Qgc2NlbmFyaW8gaXMgdG8gZ2V0IHJpZCBvZiBjZXJ0aWZpY2F0ZXMgYW5k IFBLSVguIFRoZSBzb2x1dGlvbiBvZiBob3cgdG8gc2VjdXJlbHkgb25ib2FyZCB0aGUgSW9UIGRl dmljZXMgYW5kIGFsbG9jYXRlIHRoZSBETlMgZG9tYWluIG5hbWUsIGJvdGggd2l0aCBhbmQgd2l0 aG91dCBpbml0aWFsIGNlcnRpZmljYXRlcywgaXMgdGhlIGtleSBwYXJ0IHRvIGZpZ3VyZSBvdXQu DQpJZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBubyBpbml0aWFsIGNlcnRpZmljYXRlcywgc3VjaCBh cyA4MDIuMUFSIElEZXZJRCBjZXJ0aWZpY2F0ZSwgYXMgdGhlaXIgaW5pdGlhbCBpZGVudGl0eSwg dGhlbiB0aGUgQlJTS0kgbWVjaGFuaXNtIHdvbuKAmXQgYmUgYXBwcm9wcmlhdGUgZm9yIHRoZXNl IGRldmljZXMgYmVjYXVzZSBCUlNLSSBoYXMgYSByZXF1aXJlbWVudCBvZiBJRGV2SUQuDQpJZiB0 aGUgSW9UIGRldmljZXMgaGF2ZSBhbiBJRGV2SUQgY2VydGlmaWNhdGUsIEkgdGhpbmsgaXQgY2Fu IHN0aWxsIHVzZSBCUlNLSSB0byBvbmJvYXJkLCBidXQgaXQgd29u4oCZdCB1c2UgRVNUIHRvIHJl cXVlc3QgYSBjZXJ0aWZpY2F0ZSBhbnkgbW9yZSwgaW5zdGVhZCwgaXQgd2lsbCBhcHBseSBmb3Ig YSBETlMgZG9tYWluIG5hbWUgYnkgdXNpbmcgc29tZSBwcm90b2NvbHMuDQoNClRoYXTigJlzIG15 IHByZWxpbWluYXJ5IHRob3VnaHRzLCBtYXliZSBub3QgcmlnaHQuDQoNClJlZ2FyZHMgJiBUaGFu a3MhDQpXZWkgUGFuDQoNCkZyb206IFNlY2Rpc3BhdGNoIFttYWlsdG86c2VjZGlzcGF0Y2gtYm91 bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIEVsaW90IExlYXINClNlbnQ6IE1vbmRheSwgTm92 ZW1iZXIgMTYsIDIwMjAgNjo1NSBQTQ0KVG86IHNlY2Rpc3BhdGNoQGlldGYub3JnPG1haWx0bzpz ZWNkaXNwYXRjaEBpZXRmLm9yZz4NClN1YmplY3Q6IFtTZWNkaXNwYXRjaF0gREFORSBJT1QgcHJv cG9zZWQgb3V0Y29tZQ0KDQpUaGFua3MgdG8gU2h1bW9uIGZvciBwcmVzZW50aW5nIHRoZSBEQU5F IHVzZSBjYXNlIGZvciBJT1QuDQoNCldlIGRpc2N1c3NlZCB0YWtpbmcgdGhpcyB0byB0aGUgaW90 LW9uYm9hcmRpbmdAaWV0Zi5vcmc8bWFpbHRvOmlvdC1vbmJvYXJkaW5nQGlldGYub3JnPiBsaXN0 IGFzIHRoZXJlIHdlcmUgYSBudW1iZXIgb2YgcmF0aGVyIGJpZyBvcGVuIGlzc3VlcyB0aGF0IHBl b3BsZSB3YW50ZWQgdG8gZGlzY3Vzcy4NCg0KV2UgYWxzbyBkaXNjdXNzZWQgYSBub24tV0cgZm9y bWluZyBCT0YgdG8gbG9vayBhdCwgYXMgVGVkIHB1dCBpdCwgdGhlIGJyb2FkZXIgY29udGV4dCBm b3Igb25ib2FyZGluZy4gIFRvIGdpdmUgcGVvcGxlIGEgZmVlbCBmb3IgdGhlIHNvcnQgb2YgcmVs YXRlZCB3b3JrIHRoYXQgaXMgYXZhaWxhYmxlLCBoZXJlIGFyZSBhIGxpc3Qgb2YgcmVsYXRlZCBh Y3Rpdml0aWVzOg0KDQoNCiAgKiAgIGRyYWZ0LWlldGYtYW5pbWEtYm9vdHN0cmFwcGluZy1rZXlp bmZyYSAoQlJTS0kpIGlzIGEgcmVxdWVzdC9yZXNwb25zZSBtZWNoYW5pc20gdGhhdCB1c2VzIFJG QyA4MzY2IHZvdWNoZXJzIHRvIGludHJvZHVjZSBkZXZpY2VzIGFuZCBuZXR3b3JrIGluZnJhc3Ry dWN0dXJlLg0KICAqICAgSW50ZWzigJlzIFNETyBwcm92aWRlcyBhbiBhcHBsaWNhdGlvbiBsZXZl bCBpbnRyb2R1Y3Rpb24gdXNpbmcgdm91Y2hlcnMgYXMgd2VsbC4gIFRoaXMgd29yayBoYXMgYmVl biB0YWtlbiB1cCBieSB0aGUgRklETyBhbGxpYW5jZS4NCiAgKiAgIFRoZSBXaWZpIEFsbGlhbmNl IGhhcyBEZXZpY2UgUHJvdmlzaW9uaW5nIFByb3RvY29sIChEUFApIHdoaWNoIGRvZXMgbm90IGF0 dGFjaCB0byBhIGdsb2JhbCBuYW1lIHNwYWNlIHByaW9yIHRvIHByb3Zpc2lvbmluZyBoYXZpbmcg b2NjdXJyZWQsIGJ1dCBkb2VzIHJlcHJlc2VudCBhIG1pbmltdW0gY2FzZSAoanVzdCBwdWJsaWMg a2V5cykuDQogICogICBkcmFmdC1mcmllbC1lYXAtdGxzLWVhcC1kcHAgYm9ycm93cyBmcm9tIERQ UCwgaW50ZW5kZWQgbW9zdGx5IGZvciB3aXJlZCB1c2UsIHdoZXJlIERQUCBpcyBmb2N1c2VkIG9u IDgwMi4xMSBuZXR3b3Jrcy4NCiAgKiAgIFRoZXJlIGFyZSBhIG51bWJlciBvZiBCUlNLSSByZWxh dGVkIGRyYWZ0cyBieSBPd2VuIGFzIHdlbGwsIHJlbGF0aW5nIHRvIGNsb3VkLWJhc2VkIHJlZ2lz dHJhcnMuDQogICogICBUaGVyZSBpcyBhbHNvIHdvcmsgYnkgTWljaGFlbCBSaWNoYXJkc29uIGFu ZCBQZXRlciBWYW4gRGVyIFN0b2NrIG9uIGNvbnN0cmFpbmVkIHZvdWNoZXJzLiAgVGhhdCB3b3Jr IGlzIHRha2luZyBwbGFjZSBpbiBBQ0UuDQoNCg0KVW5kZXJzdGFuZGluZyB0aGUgbGFuZHNjYXBl IG1pZ2h0IGhlbHAgdXMgdW5kZXJzdGFuZCB3aGVyZSBEQU5FIGZpdHMgaW4uDQoNClJlZ2FyZHMs DQoNCkVsaW90DQotLQ0KSW90LW9uYm9hcmRpbmcgbWFpbGluZyBsaXN0DQpJb3Qtb25ib2FyZGlu Z0BpZXRmLm9yZzxtYWlsdG86SW90LW9uYm9hcmRpbmdAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5p ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2lvdC1vbmJvYXJkaW5nDQoNCg0KDQoNCl9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpTZWNkaXNwYXRjaCBtYWls aW5nIGxpc3QNClNlY2Rpc3BhdGNoQGlldGYub3JnPG1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9y Zz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCg0K --_000_184ad9b2fceead015fe2338ad3dcd65aericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5Pg0KPHA+SGkgRWxpb3Qs PC9wPg0KPHA+SSBmaW5kIHlvdXIgdXNlIG9mIHRoZSB0ZXJtIHBlZXIgY29uZnVzaW5nLiBMZXQg bWUgZXhwbGFpbiB3aGF0IEkgbWVhbiB3aXRoIHRoaXMgdGFibGUgb24gdmFyaW91cyB0ZXJtcyBm b3IgYW4gRUFQLVRMUyBpbXBsZW1lbnRhdGlvbjo8L3A+DQo8cD48L3A+DQo8YmxvY2txdW90ZSB0 eXBlPSJjaXRlIj4NCjxwcmUgY2xhc3M9Im5ld3BhZ2UiPiAgICstLS0tLS0tLS0tLS0tKy0tLS0t LS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tKw0KICAgfCAg ICAgICAgICAgICB8IERldmljZSAgICAgICAgfCBHYXRld2F5ICAgICAgICAgfCBTZXJ2ZXIgICAg ICAgICAgICB8DQogICArLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0t LS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgIHwgVExTICAgICAgICAgfCBDbGllbnQgICAg ICAgIHwgICAgICAgICAgICAgICAgIHwgU2VydmVyICAgICAgICAgICAgfA0KICAgfCAgICAgICAg ICAgICB8ICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAg ICB8DQogICB8IEVBUC9BQUEgICAgIHwgUGVlciAgICAgICAgICB8IEF1dGhlbnRpY2F0b3IgICB8 IEVBUCBzZXJ2ZXIvYmFja2VuZHwNCiAgIHwgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwg ICAgICAgICAgICAgICAgIHwgYXV0aCBzZXJ2ZXIgICAgICAgfA0KICAgfCAgICAgICAgICAgICB8 ICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICB8DQog ICB8IDgwMi4xeCAgICAgIHwgU3VwcGxpY2FudCAgICB8IEF1dGhlbnRpY2F0b3IgICB8IEF1dGhl bnRpY2F0aW9uICAgIHwNCiAgIHwgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwgICAgICAg ICAgICAgICAgIHwgc2VydmVyIChBUykgICAgICAgfA0KICAgfCAgICAgICAgICAgICB8ICAgICAg ICAgICAgICAgfCAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICB8DQogICB8IFJB RElVUyAgICAgIHwgICAgICAgICAgICAgICB8IE5ldHdvcmsgYWNjZXNzICB8IFJBRElVUyBzZXJ2 ZXIgICAgIHwNCiAgIHwgICAgICAgICAgICAgfCAgICAgICAgICAgICAgIHwgc2VydmVyIChOQVMp ICAgIHwgICAgICAgICAgICAgICAgICAgfA0KICAgfCAgICAgICAgICAgICB8ICAgICAgICAgICAg ICAgfCAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICB8DQogICB8IDgwMi4xMSAg ICAgIHwgU3RhdGlvbiAgICAgICB8IEFjY2VzcyBQb2ludCAgICB8ICAgICAgICAgICAgICAgICAg IHwNCiAgICstLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLSst LS0tLS0tLS0tLS0tLS0tLS0tKzwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPHA+PC9wPg0KPHA+QXNz dW1pbmcgZW1haWwgY2xpZW50cyBhcmUgYWJsZSB0byByZW5kZXIgdGhpcyBhc2NpaSB0YWJsZSBj b3JyZWN0bHksIEkgaG9wZSB5b3UgdW5kZXJzdGFuZCB0aGF0IGluIHNvbWUgY29udGV4dHMsIHRo ZSBkZXZpY2UgaXMgdGhlIHBlZXIuIFdoZW4geW91IHNheSBwcm92aW5nIHBlZXIgdG8gZGV2aWNl LCBhbmQgZGV2aWNlIHRvIHBlZXIsIEkgYW0gdW5zdXJlIGlmIHlvdSBhcmUgcmVmZXJyaW5nIHRv IGEgc2VydmVyIG9yIGEgc21hcnRwaG9uZQ0KIHRoYXQgYWN0cyBhcyBhIGNvbXBhbmlvbiBkZXZp Y2UgZHVyaW5nIGJvb3RzdHJhcHBpbmcuIDxicj4NCjwvcD4NCjxwPkkgZG9uJ3Qgd2FudCB0byBi ZSB0aGUgdGVybWlub2xvZ3kgcG9saWNlIGhlcmUgYXNraW5nIHBlb3BsZSB0byBiZSBtb3JlIGNh dXRpb3VzIHdpdGggdGhlIHVzYWdlIG9mIHRlcm1zLiBJIGFsc28gdW5kZXJzdGFuZCB0aGUgcmVh bGl0eSB0aGF0IGNvbXBhbmllcyBhcmUgb2Z0ZW4gZm9yY2VkIHRvIGRvIGJyYW5kaW5nIHRvIGxv b2sgY29vbCBhbmQgcGVyaGFwcyBpbXByb3ZlIGNoYW5jZXMgb2YgYWRvcHRpb24uDQo8YnI+DQo8 L3A+DQo8cD5NYXliZSBhcyBwcm90b2NvbCBlbmdpbmVlcnMgd2UgY2FuIGRvIHNvbWV3aGF0IGJl dHRlcj8gSSB0aG91Z2h0IHdlIGFscmVhZHkgaGFkIHRvbyBtYW55IHRlcm1zIGZvciBkZXZpY2U6 IHN0YXRpb24vcGVlci9jbGllbnQvc3VwcGxpY2FudC4gQW5kIHRoZW4gSSBzYXcgdGhlIHRlcm0g cGxlZGdlLiBHb29kIGx1Y2sgdHJ5aW5nIHRvIHRlYWNoIG5ldHdvcmsgc2VjdXJpdHkgdG8gbmV3 IGZvbGtzLiBObyB3b25kZXIgbWFueSBzdHVkZW50cyBJDQogZW5jb3VudGVyIG5vdyB3YW50IHRv IGRvIEFJIG9yIGphdmFzY3JpcHQgYnV0IG5vdCBsb3ctbGV2ZWwgcHJvdG9jb2xzLiBJIGFtIHNp bWlsYXJseSBub3QgZW50aHVzaWFzdGljIHdpdGggdXNhZ2Ugb2YgbG9vc2UgdGVybXMgc3VjaCBh cyBvbmJvYXJkaW5nLiBBdCBsZWFzdCBpbiBteSBzdHVkeSBvZiBzZXZlcmFsIGRpZmZlcmVudCBz eXN0ZW1zIGluY2x1ZGluZyBibHVldG9vdGgvd2ktZmkvTFdNMk06IHRoZXkNCjxzcGFuPjxzcGFu IGRhdGEtZG9iaWQ9ImhkdyI+cHJpbmNpcGFsbHk8L3NwYW4+PC9zcGFuPiBmb2xsb3cgdGhlIHNh bWUgdGVybWlub2xvZ3kgcGF0dGVybjogYm9vdHN0cmFwcGluZyBhbmQgYXV0aGVudGljYXRpb24g Zm9sbG93ZWQgYnkgcHJvdmlzaW9uaW5nL2NvbmZpZ3VyYXRpb24uIFlvdSBjb3VsZCBwb2ludCBt ZSB0byBPQ0Ygd2hpY2ggdXNlcyBvbmJvYXJkaW5nIGJ1dCB3ZSBkb24ndCBoYXZlIHRvIG1ha2Ug dGhlIHNhbWUgbWlzdGFrZXMNCiBhcyBhbm90aGVyIFNETy4gPGJyPg0KPC9wPg0KLS1Nb2hpdDxi cj4NCjxicj4NCjxkaXYgY2xhc3M9Im1vei1jaXRlLXByZWZpeCI+T24gMTEvMTYvMjAgMjo1MCBQ TSwgRWxpb3QgTGVhciB3cm90ZTo8YnI+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUi IGNpdGU9Im1pZDpBODIxNDM2OS0yMTZFLTQ0MEItODc1Ny0xNzI0MTZDREYwMkJAY2lzY28uY29t Ij4NCkhpIFdlaSBQYW4sDQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRp diBjbGFzcz0iIj5JIGFncmVlIHdpdGggeW91IHRoYXQgdGhlcmUgaXMgYSBuZWVkIGZvciBzb21l dGhpbmcgdGhhdCBkb2VzbuKAmXQgcmVxdWlyZSBkZXZpY2VzIHRvIGhhdmUgYSBmdWxsIFBLSSBi dWlsdCBpbi4gJm5ic3A7QnV0IHRoZXJlIG5lZWRzIHRvIGJlDQo8YiBjbGFzcz0iIj5zb21ldGhp bmc8L2I+Jm5ic3A7dW5pcXVlIGFib3V0IHRoZSBkZXZpY2UgdGhhdCBpdCBjYW4gZXhwcmVzcyBh bmQgcHJvdmUuICZuYnNwO0Fsc28sIHdlIHNob3VsZCBzZXBhcmF0ZSBvdXQgdHdvIHByb2JsZW1z OjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9 IiI+DQo8dWwgY2xhc3M9Ik1haWxPdXRsaW5lIj4NCjxsaSBjbGFzcz0iIj5Qcm92aW5nIHRoZSBw ZWVyIHRvIHRoZSBkZXZpY2U8L2xpPjxsaSBjbGFzcz0iIj5Qcm92aWRpbmcgdGhlIGRldmljZSB0 byB0aGUgcGVlcjwvbGk+PC91bD4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+ DQo8ZGl2IGNsYXNzPSIiPkVhY2ggaGFzIHNsaWdodGx5IGRpZmZlcmVudCBjaGFyYWN0ZXJpc3Rp Y3MsIGVzcGVjaWFsbHkgd2hlbiBpdCBjb21lcyB0byBjZXJ0aWZpY2F0ZXMuICZuYnNwO05vYm9k eSBzaG91bGQgZXhwZWN0IGEgaHVnZSBjZXJ0IHN0b3JlIHRvIGJlIG9uIGEgbGlnaHQgd2VpZ2h0 IGNsaWVudC4gJm5ic3A7QXMgd2FzIHNhaWQgaW4gdGhlIGNoYXQsIHRoYXQgaXMgb25lIHRoaW5n IHRoYXQgQlJTS0kgc29sdmVzLiAmbmJzcDtCdXQgRFBQL1BPSyBhbHNvIHNvbHZlcw0KIGl0IHdp dGhvdXQgY2VydGlmaWNhdGVzLCBidXQgc3RpbGwgcmVxdWlyZXMgYXQgbGVhc3QgYSBwdWJsaWMv cHJpdmF0ZSBrZXkgcGFpci4gTGVzcyB0aGFuIHRoYXQgSSBkbyBub3Qga25vdyBob3cgdG8gd29y ayB0aGUgcHJvYmxlbS48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+ DQo8ZGl2IGNsYXNzPSIiPkVsaW90PC9kaXY+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjxibG9ja3F1 b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiAxNiBOb3YgMjAyMCwg YXQgMTM6MDIsIFBhbndlaSAoV2lsbGlhbSkgJmx0OzxhIGhyZWY9Im1haWx0bzp3aWxsaWFtLnBh bndlaUBodWF3ZWkuY29tIiBjbGFzcz0iIiBtb3otZG8tbm90LXNlbmQ9InRydWUiPndpbGxpYW0u cGFud2VpQGh1YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8L2Rpdj4NCjxiciBjbGFzcz0iQXBwbGUt aW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iV29yZFNl Y3Rpb24xIiBzdHlsZT0icGFnZTogV29yZFNlY3Rpb24xOw0KICAgICAgICAgICAgICAgIGNhcmV0 LWNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBIZWx2ZXRpY2E7DQogICAgICAgICAg ICAgICAgZm9udC1zaXplOiAxNnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFudC1j YXBzOg0KICAgICAgICAgICAgICAgIG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVy LXNwYWNpbmc6IG5vcm1hbDsNCiAgICAgICAgICAgICAgICB0ZXh0LWFsaWduOiBzdGFydDsgdGV4 dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06DQogICAgICAgICAgICAgICAgbm9uZTsgd2hp dGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7DQogICAgICAgICAgICAgICAgLXdl YmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0Ow0KICAg ICAgICAgICAgICAgICAgZm9udC1mYW1pbHk6IOWui+S9kzsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToNCiAgICAgICAgICAgICAgICAgICAgMTFwdDsgZm9udC1mYW1pbHk6IEdh ZHVnaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiIGxhbmc9IkVOLVVTIj5UaGFua3MgdG8gRWxpb3Qg Zm9yIHN1bW1hcml6aW5nIHRoZXNlLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0K PGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7DQog ICAgICAgICAgICAgICAgICBmb250LWZhbWlseTog5a6L5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBz dHlsZT0iZm9udC1zaXplOg0KICAgICAgICAgICAgICAgICAgICAxMXB0OyBmb250LWZhbWlseTog R2FkdWdpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiIgbGFuZz0iRU4tVVMiPjxvOnAgY2xhc3M9IiI+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAu MDAwMXB0OyBmb250LXNpemU6IDEycHQ7DQogICAgICAgICAgICAgICAgICBmb250LWZhbWlseTog 5a6L5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOg0KICAgICAgICAgICAg ICAgICAgICAxMXB0OyBmb250LWZhbWlseTogR2FkdWdpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiIg bGFuZz0iRU4tVVMiPkkgdGhpbmsgdGhlIGNvcmUgY29uY2VwdCBvZiB1c2luZyBEQU5FIGluIElv VCBzY2VuYXJpbyBpcyB0byBnZXQgcmlkIG9mIGNlcnRpZmljYXRlcyBhbmQgUEtJWC4gVGhlIHNv bHV0aW9uIG9mIGhvdyB0byBzZWN1cmVseSBvbmJvYXJkIHRoZSBJb1QgZGV2aWNlcw0KIGFuZCBh bGxvY2F0ZSB0aGUgRE5TIGRvbWFpbiBuYW1lLCBib3RoIHdpdGggYW5kIHdpdGhvdXQgaW5pdGlh bCBjZXJ0aWZpY2F0ZXMsIGlzIHRoZSBrZXkgcGFydCB0byBmaWd1cmUgb3V0LjxvOnAgY2xhc3M9 IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAw MXB0OyBmb250LXNpemU6IDEycHQ7DQogICAgICAgICAgICAgICAgICBmb250LWZhbWlseTog5a6L 5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOg0KICAgICAgICAgICAgICAg ICAgICAxMXB0OyBmb250LWZhbWlseTogR2FkdWdpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiIgbGFu Zz0iRU4tVVMiPklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIG5vIGluaXRpYWwgY2VydGlmaWNhdGVz LCBzdWNoIGFzIDgwMi4xQVIgSURldklEIGNlcnRpZmljYXRlLCBhcyB0aGVpciBpbml0aWFsIGlk ZW50aXR5LCB0aGVuIHRoZSBCUlNLSSBtZWNoYW5pc20gd29u4oCZdCBiZSBhcHByb3ByaWF0ZQ0K IGZvciB0aGVzZSBkZXZpY2VzIGJlY2F1c2UgQlJTS0kgaGFzIGEgcmVxdWlyZW1lbnQgb2YgSURl dklELjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2lu OiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7DQogICAgICAgICAgICAgICAgICBm b250LWZhbWlseTog5a6L5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOg0K ICAgICAgICAgICAgICAgICAgICAxMXB0OyBmb250LWZhbWlseTogR2FkdWdpLCBzYW5zLXNlcmlm OyIgY2xhc3M9IiIgbGFuZz0iRU4tVVMiPklmIHRoZSBJb1QgZGV2aWNlcyBoYXZlIGFuIElEZXZJ RCBjZXJ0aWZpY2F0ZSwgSSB0aGluayBpdCBjYW4gc3RpbGwgdXNlIEJSU0tJIHRvIG9uYm9hcmQs IGJ1dCBpdCB3b27igJl0IHVzZSBFU1QgdG8gcmVxdWVzdCBhIGNlcnRpZmljYXRlIGFueSBtb3Jl LCBpbnN0ZWFkLA0KIGl0IHdpbGwgYXBwbHkgZm9yIGEgRE5TIGRvbWFpbiBuYW1lIGJ5IHVzaW5n IHNvbWUgcHJvdG9jb2xzLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBz dHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7DQogICAgICAg ICAgICAgICAgICBmb250LWZhbWlseTog5a6L5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0i Zm9udC1zaXplOg0KICAgICAgICAgICAgICAgICAgICAxMXB0OyBmb250LWZhbWlseTogR2FkdWdp LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiIgbGFuZz0iRU4tVVMiPjxvOnAgY2xhc3M9IiI+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0 OyBmb250LXNpemU6IDEycHQ7DQogICAgICAgICAgICAgICAgICBmb250LWZhbWlseTog5a6L5L2T OyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOg0KICAgICAgICAgICAgICAgICAg ICAxMXB0OyBmb250LWZhbWlseTogR2FkdWdpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiIgbGFuZz0i RU4tVVMiPlRoYXTigJlzIG15IHByZWxpbWluYXJ5IHRob3VnaHRzLCBtYXliZSBub3QgcmlnaHQu PG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBj bSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsNCiAgICAgICAgICAgICAgICAgIGZvbnQt ZmFtaWx5OiDlrovkvZM7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6DQogICAg ICAgICAgICAgICAgICAgIDExcHQ7IGZvbnQtZmFtaWx5OiBHYWR1Z2ksIHNhbnMtc2VyaWY7IiBj bGFzcz0iIiBsYW5nPSJFTi1VUyI+PG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L3NwYW4+PC9k aXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0 OyBmb250LXNpemU6IDEycHQ7DQogICAgICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiDlrovk vZM7IGxpbmUtaGVpZ2h0OiAxNy42MDAwMDAzODE0Njk3MjdweDsiIGNsYXNzPSIiPg0KPHNwYW4g c3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsgbGluZS1oZWlnaHQ6DQogICAgICAgICAgICAgICAgICAg ICAgMTYuMTMzMzMzMjA2MTc2NzU4cHg7IGZvbnQtZmFtaWx5OiBHYWR1Z2ksDQogICAgICAgICAg ICAgICAgICAgICAgc2Fucy1zZXJpZjsiIGNsYXNzPSIiIGxhbmc9IkVOLVVTIj5SZWdhcmRzICZh bXA7IFRoYW5rcyE8bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9 Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0Ow0KICAgICAgICAgICAg ICAgICAgICBmb250LWZhbWlseTog5a6L5L2TOyBsaW5lLWhlaWdodDogMTcuNjAwMDAwMzgxNDY5 NzI3cHg7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IGxpbmUtaGVp Z2h0Og0KICAgICAgICAgICAgICAgICAgICAgIDE2LjEzMzMzMzIwNjE3Njc1OHB4OyBmb250LWZh bWlseTogR2FkdWdpLA0KICAgICAgICAgICAgICAgICAgICAgIHNhbnMtc2VyaWY7IiBjbGFzcz0i IiBsYW5nPSJFTi1VUyI+V2VpIFBhbjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0K PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog MTJwdDsNCiAgICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiDlrovkvZM7IiBjbGFzcz0iIj4N CjxzcGFuIHN0eWxlPSJmb250LXNpemU6DQogICAgICAgICAgICAgICAgICAgIDExcHQ7IGZvbnQt ZmFtaWx5OiBHYWR1Z2ksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+PG86cCBj bGFzcz0iIj4mbmJzcDs8L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXItc3R5 bGU6IG5vbmUgbm9uZSBub25lIHNvbGlkOw0KICAgICAgICAgICAgICAgICAgYm9yZGVyLWxlZnQt d2lkdGg6IDEuNXB0OyBib3JkZXItbGVmdC1jb2xvcjogYmx1ZTsNCiAgICAgICAgICAgICAgICAg IHBhZGRpbmc6IDBjbSAwY20gMGNtIDRwdDsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxk aXYgc3R5bGU9ImJvcmRlci1zdHlsZTogc29saWQgbm9uZSBub25lOw0KICAgICAgICAgICAgICAg ICAgICAgIGJvcmRlci10b3Atd2lkdGg6IDFwdDsgYm9yZGVyLXRvcC1jb2xvcjogcmdiKDIyNSwN CiAgICAgICAgICAgICAgICAgICAgICAyMjUsIDIyNSk7IHBhZGRpbmc6IDNwdCAwY20gMGNtOyIg Y2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6 ZToNCiAgICAgICAgICAgICAgICAgICAgICAgIDEycHQ7IGZvbnQtZmFtaWx5OiDlrovkvZM7IiBj bGFzcz0iIj4NCjxiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IGZvbnQt ZmFtaWx5Og0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIENhbGlicmksIHNhbnMtc2VyaWY7 IiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLA0KICAgICAgICAgICAgICAgICAgICAg ICAgICBzYW5zLXNlcmlmOyIgY2xhc3M9IiIgbGFuZz0iRU4tVVMiPjxzcGFuIGNsYXNzPSJBcHBs ZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5TZWNkaXNwYXRjaA0KIFs8YSBocmVmPSJt YWlsdG86c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZyIgc3R5bGU9ImNvbG9yOiBwdXJwbGU7 IHRleHQtZGVjb3JhdGlvbjoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICB1bmRlcmxpbmU7 IiBjbGFzcz0iIiBtb3otZG8tbm90LXNlbmQ9InRydWUiPm1haWx0bzpzZWNkaXNwYXRjaC1ib3Vu Y2VzQGlldGYub3JnPC9hPl08c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJz cDs8L3NwYW4+PGIgY2xhc3M9IiI+T24NCiBCZWhhbGYgT2Y8c3BhbiBjbGFzcz0iQXBwbGUtY29u dmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+PC9iPkVsaW90IExlYXI8YnIgY2xhc3M9IiI+DQo8 YiBjbGFzcz0iIj5TZW50OjwvYj48c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4m bmJzcDs8L3NwYW4+TW9uZGF5LCBOb3ZlbWJlciAxNiwgMjAyMCA2OjU1IFBNPGJyIGNsYXNzPSIi Pg0KPGIgY2xhc3M9IiI+VG86PC9iPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2Ui PiZuYnNwOzwvc3Bhbj48YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmciIHN0eWxl PSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246DQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgdW5kZXJsaW5lOyIgY2xhc3M9IiIgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIj5zZWNkaXNw YXRjaEBpZXRmLm9yZzwvYT48YnIgY2xhc3M9IiI+DQo8YiBjbGFzcz0iIj5TdWJqZWN0OjwvYj48 c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+W1NlY2Rpc3Bh dGNoXSBEQU5FIElPVCBwcm9wb3NlZCBvdXRjb21lPG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+ PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAw MXB0OyBmb250LXNpemU6IDEycHQ7DQogICAgICAgICAgICAgICAgICAgIGZvbnQtZmFtaWx5OiDl rovkvZM7IiBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSIiIGxhbmc9IkVOLVVTIj48bzpwIGNsYXNz PSIiPiZuYnNwOzwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNz PSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6DQog ICAgICAgICAgICAgICAgICAgICAgICAxMnB0OyBmb250LWZhbWlseTog5a6L5L2TOyIgY2xhc3M9 IiI+DQo8c3BhbiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+VGhhbmtzIHRvJm5ic3A7U2h1bW9uIGZv ciBwcmVzZW50aW5nIHRoZSBEQU5FIHVzZSBjYXNlIGZvciBJT1QuPG86cCBjbGFzcz0iIj48L286 cD48L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20g MGNtIDAuMDAwMXB0OyBmb250LXNpemU6DQogICAgICAgICAgICAgICAgICAgICAgICAgIDEycHQ7 IGZvbnQtZmFtaWx5OiDlrovkvZM7IiBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSIiIGxhbmc9IkVO LVVTIj48bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvc3Bhbj48L2Rpdj4NCjwvZGl2Pg0KPGRp diBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1z aXplOg0KICAgICAgICAgICAgICAgICAgICAgICAgICAxMnB0OyBmb250LWZhbWlseTog5a6L5L2T OyIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+V2UgZGlzY3Vzc2VkIHRh a2luZyB0aGlzIHRvIHRoZTxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNw Ozwvc3Bhbj48YSBocmVmPSJtYWlsdG86aW90LW9uYm9hcmRpbmdAaWV0Zi5vcmciIHN0eWxlPSJj b2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246DQogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB1bmRlcmxpbmU7IiBjbGFzcz0iIiBtb3otZG8tbm90LXNlbmQ9InRydWUiPmlvdC1vbmJv YXJkaW5nQGlldGYub3JnPC9hPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZu YnNwOzwvc3Bhbj5saXN0DQogYXMgdGhlcmUgd2VyZSBhIG51bWJlciBvZiByYXRoZXIgYmlnIG9w ZW4gaXNzdWVzIHRoYXQgcGVvcGxlIHdhbnRlZCB0byBkaXNjdXNzLjxvOnAgY2xhc3M9IiI+PC9v OnA+PC9zcGFuPjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6DQogICAgICAgICAgICAgICAgICAgICAg ICAgIDEycHQ7IGZvbnQtZmFtaWx5OiDlrovkvZM7IiBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSIi IGxhbmc9IkVOLVVTIj48bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvc3Bhbj48L2Rpdj4NCjwv ZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFw dDsgZm9udC1zaXplOg0KICAgICAgICAgICAgICAgICAgICAgICAgICAxMnB0OyBmb250LWZhbWls eTog5a6L5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+V2UgYWxz byBkaXNjdXNzZWQgYSBub24tV0cgZm9ybWluZyBCT0YgdG8gbG9vayBhdCwgYXMgVGVkIHB1dCBp dCwgdGhlIGJyb2FkZXIgY29udGV4dCBmb3Igb25ib2FyZGluZy4gJm5ic3A7VG8gZ2l2ZSBwZW9w bGUgYSBmZWVsIGZvciB0aGUgc29ydCBvZiByZWxhdGVkIHdvcmsgdGhhdCBpcyBhdmFpbGFibGUs IGhlcmUgYXJlIGEgbGlzdCBvZiByZWxhdGVkIGFjdGl2aXRpZXM6PG86cCBjbGFzcz0iIj48L286 cD48L3NwYW4+PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJn aW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZToNCiAgICAgICAgICAgICAgICAgICAgICAg ICAgMTJwdDsgZm9udC1mYW1pbHk6IOWui+S9kzsiIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IiIg bGFuZz0iRU4tVVMiPjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPC9k aXY+DQo8ZGl2IGNsYXNzPSIiPg0KPHVsIHN0eWxlPSJtYXJnaW4tYm90dG9tOiAwY207IiBjbGFz cz0iIiB0eXBlPSJkaXNjIj4NCjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAw Y20gMGNtDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgMC4wMDAxcHQ7IGZvbnQtc2l6ZTog MTJwdDsgZm9udC1mYW1pbHk6IOWui+S9kzsiPg0KPHNwYW4gY2xhc3M9IiIgbGFuZz0iRU4tVVMi PmRyYWZ0LWlldGYtYW5pbWEtYm9vdHN0cmFwcGluZy1rZXlpbmZyYSAoQlJTS0kpIGlzIGEgcmVx dWVzdC9yZXNwb25zZSBtZWNoYW5pc20gdGhhdCB1c2VzIFJGQyA4MzY2IHZvdWNoZXJzIHRvIGlu dHJvZHVjZSBkZXZpY2VzIGFuZCBuZXR3b3JrIGluZnJhc3RydWN0dXJlLjxvOnAgY2xhc3M9IiI+ PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBj bSAwY20NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAwLjAwMDFwdDsgZm9udC1zaXplOiAx MnB0OyBmb250LWZhbWlseTog5a6L5L2TOyI+DQo8c3BhbiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+ SW50ZWzigJlzIFNETyBwcm92aWRlcyBhbiBhcHBsaWNhdGlvbiBsZXZlbCBpbnRyb2R1Y3Rpb24g dXNpbmcgdm91Y2hlcnMgYXMgd2VsbC4gJm5ic3A7VGhpcyB3b3JrIGhhcyBiZWVuIHRha2VuIHVw IGJ5IHRoZSBGSURPIGFsbGlhbmNlLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvbGk+PGxp IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBjbSAwY20NCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTog5a6L 5L2TOyI+DQo8c3BhbiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+VGhlIFdpZmkgQWxsaWFuY2UgaGFz IERldmljZSBQcm92aXNpb25pbmcgUHJvdG9jb2wgKERQUCkgd2hpY2ggZG9lcyBub3QgYXR0YWNo IHRvIGEgZ2xvYmFsIG5hbWUgc3BhY2UgcHJpb3IgdG8gcHJvdmlzaW9uaW5nIGhhdmluZyBvY2N1 cnJlZCwgYnV0IGRvZXMgcmVwcmVzZW50IGEgbWluaW11bSBjYXNlIChqdXN0IHB1YmxpYyBrZXlz KS48bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luOiAwY20gMGNtDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgMC4wMDAx cHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6IOWui+S9kzsiPg0KPHNwYW4gY2xhc3M9 IiIgbGFuZz0iRU4tVVMiPmRyYWZ0LWZyaWVsLWVhcC10bHMtZWFwLWRwcCBib3Jyb3dzIGZyb20g RFBQLCBpbnRlbmRlZCBtb3N0bHkgZm9yIHdpcmVkIHVzZSwgd2hlcmUgRFBQIGlzIGZvY3VzZWQg b24gODAyLjExIG5ldHdvcmtzLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBjbSAwY20NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTog5a6L5L2T OyI+DQo8c3BhbiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+VGhlcmUgYXJlIGEgbnVtYmVyIG9mIEJS U0tJIHJlbGF0ZWQgZHJhZnRzIGJ5IE93ZW4gYXMgd2VsbCwgcmVsYXRpbmcgdG8gY2xvdWQtYmFz ZWQgcmVnaXN0cmFycy48bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtDQogICAgICAgICAgICAgICAgICAgICAg ICAgICAgMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6IOWui+S9kzsiPg0K PHNwYW4gY2xhc3M9IiIgbGFuZz0iRU4tVVMiPlRoZXJlIGlzIGFsc28gd29yayBieSBNaWNoYWVs IFJpY2hhcmRzb24gYW5kIFBldGVyIFZhbiBEZXIgU3RvY2sgb24gY29uc3RyYWluZWQgdm91Y2hl cnMuICZuYnNwO1RoYXQgd29yayBpcyB0YWtpbmcgcGxhY2UgaW4gQUNFLjxvOnAgY2xhc3M9IiI+ PC9vOnA+PC9zcGFuPjwvbGk+PC91bD4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJn aW46IDBjbSAwY20gMC4wMDAxcHQ7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9udC1z aXplOiAxMnB0OyBmb250LWZhbWlseTog5a6L5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0i IiBsYW5nPSJFTi1VUyI+PG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L3NwYW4+PC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBj bSAwLjAwMDFwdDsgZm9udC1zaXplOg0KICAgICAgICAgICAgICAgICAgICAgICAgICAxMnB0OyBm b250LWZhbWlseTog5a6L5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iIiBsYW5nPSJFTi1V UyI+VW5kZXJzdGFuZGluZyB0aGUgbGFuZHNjYXBlIG1pZ2h0IGhlbHAgdXMgdW5kZXJzdGFuZCB3 aGVyZSBEQU5FIGZpdHMgaW4uPG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8L2Rp dj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7 IGZvbnQtc2l6ZToNCiAgICAgICAgICAgICAgICAgICAgICAgICAgMTJwdDsgZm9udC1mYW1pbHk6 IOWui+S9kzsiIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IiIgbGFuZz0iRU4tVVMiPjxvOnAgY2xh c3M9IiI+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0K PGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6DQogICAgICAg ICAgICAgICAgICAgICAgICAgIDEycHQ7IGZvbnQtZmFtaWx5OiDlrovkvZM7IiBjbGFzcz0iIj4N CjxzcGFuIGNsYXNzPSIiIGxhbmc9IkVOLVVTIj5SZWdhcmRzLDxvOnAgY2xhc3M9IiI+PC9vOnA+ PC9zcGFuPjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2lu OiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6DQogICAgICAgICAgICAgICAgICAgICAgICAg IDEycHQ7IGZvbnQtZmFtaWx5OiDlrovkvZM7IiBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSIiIGxh bmc9IkVOLVVTIj48bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvc3Bhbj48L2Rpdj4NCjwvZGl2 Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsg Zm9udC1zaXplOg0KICAgICAgICAgICAgICAgICAgICAgICAgICAxMnB0OyBmb250LWZhbWlseTog 5a6L5L2TOyIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0iIiBsYW5nPSJFTi1VUyI+RWxpb3Q8bzpw IGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwv ZGl2Pg0KPC9kaXY+DQo8c3BhbiBzdHlsZT0iY2FyZXQtY29sb3I6IHJnYigwLCAwLCAwKTsgZm9u dC1mYW1pbHk6DQogICAgICAgICAgICAgICAgSGVsdmV0aWNhOyBmb250LXNpemU6IDE2cHg7IGZv bnQtc3R5bGU6IG5vcm1hbDsNCiAgICAgICAgICAgICAgICBmb250LXZhcmlhbnQtY2Fwczogbm9y bWFsOyBmb250LXdlaWdodDogbm9ybWFsOw0KICAgICAgICAgICAgICAgIGxldHRlci1zcGFjaW5n OiBub3JtYWw7IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDoNCiAgICAgICAgICAgICAg ICAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTogbm9ybWFsOw0KICAgICAg ICAgICAgICAgIHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAw cHg7DQogICAgICAgICAgICAgICAgdGV4dC1kZWNvcmF0aW9uOiBub25lOyBmbG9hdDogbm9uZTsg ZGlzcGxheTogaW5saW5lDQogICAgICAgICAgICAgICAgIWltcG9ydGFudDsiIGNsYXNzPSIiPi0t PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48 YnIgc3R5bGU9ImNhcmV0LWNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5Og0KICAgICAg ICAgICAgICAgIEhlbHZldGljYTsgZm9udC1zaXplOiAxNnB4OyBmb250LXN0eWxlOiBub3JtYWw7 DQogICAgICAgICAgICAgICAgZm9udC12YXJpYW50LWNhcHM6IG5vcm1hbDsgZm9udC13ZWlnaHQ6 IG5vcm1hbDsNCiAgICAgICAgICAgICAgICBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFs aWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6DQogICAgICAgICAgICAgICAgMHB4OyB0ZXh0LXRyYW5z Zm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsNCiAgICAgICAgICAgICAgICB3b3JkLXNw YWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4Ow0KICAgICAgICAgICAg ICAgIHRleHQtZGVjb3JhdGlvbjogbm9uZTsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImNhcmV0 LWNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5Og0KICAgICAgICAgICAgICAgIEhlbHZl dGljYTsgZm9udC1zaXplOiAxNnB4OyBmb250LXN0eWxlOiBub3JtYWw7DQogICAgICAgICAgICAg ICAgZm9udC12YXJpYW50LWNhcHM6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsNCiAgICAg ICAgICAgICAgICBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4 dC1pbmRlbnQ6DQogICAgICAgICAgICAgICAgMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hp dGUtc3BhY2U6IG5vcm1hbDsNCiAgICAgICAgICAgICAgICB3b3JkLXNwYWNpbmc6IDBweDsgLXdl YmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4Ow0KICAgICAgICAgICAgICAgIHRleHQtZGVjb3Jh dGlvbjogbm9uZTsgZmxvYXQ6IG5vbmU7IGRpc3BsYXk6IGlubGluZQ0KICAgICAgICAgICAgICAg ICFpbXBvcnRhbnQ7IiBjbGFzcz0iIj5Jb3Qtb25ib2FyZGluZw0KIG1haWxpbmcgbGlzdDwvc3Bh bj48YnIgc3R5bGU9ImNhcmV0LWNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5Og0KICAg ICAgICAgICAgICAgIEhlbHZldGljYTsgZm9udC1zaXplOiAxNnB4OyBmb250LXN0eWxlOiBub3Jt YWw7DQogICAgICAgICAgICAgICAgZm9udC12YXJpYW50LWNhcHM6IG5vcm1hbDsgZm9udC13ZWln aHQ6IG5vcm1hbDsNCiAgICAgICAgICAgICAgICBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0 LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6DQogICAgICAgICAgICAgICAgMHB4OyB0ZXh0LXRy YW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsNCiAgICAgICAgICAgICAgICB3b3Jk LXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4Ow0KICAgICAgICAg ICAgICAgIHRleHQtZGVjb3JhdGlvbjogbm9uZTsiIGNsYXNzPSIiPg0KPGEgaHJlZj0ibWFpbHRv OklvdC1vbmJvYXJkaW5nQGlldGYub3JnIiBzdHlsZT0iY29sb3I6DQogICAgICAgICAgICAgICAg cHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsgZm9udC1mYW1pbHk6DQogICAgICAg ICAgICAgICAgSGVsdmV0aWNhOyBmb250LXNpemU6IDE2cHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsN CiAgICAgICAgICAgICAgICBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDog bm9ybWFsOw0KICAgICAgICAgICAgICAgIGxldHRlci1zcGFjaW5nOiBub3JtYWw7IG9ycGhhbnM6 IGF1dG87IHRleHQtYWxpZ246DQogICAgICAgICAgICAgICAgc3RhcnQ7IHRleHQtaW5kZW50OiAw cHg7IHRleHQtdHJhbnNmb3JtOiBub25lOw0KICAgICAgICAgICAgICAgIHdoaXRlLXNwYWNlOiBu b3JtYWw7IHdpZG93czogYXV0bzsgd29yZC1zcGFjaW5nOiAwcHg7DQogICAgICAgICAgICAgICAg LXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OiBhdXRvOw0KICAgICAgICAgICAgICAgIC13ZWJraXQt dGV4dC1zdHJva2Utd2lkdGg6IDBweDsiIGNsYXNzPSIiIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSI+ SW90LW9uYm9hcmRpbmdAaWV0Zi5vcmc8L2E+PGJyIHN0eWxlPSJjYXJldC1jb2xvcjogcmdiKDAs IDAsIDApOyBmb250LWZhbWlseToNCiAgICAgICAgICAgICAgICBIZWx2ZXRpY2E7IGZvbnQtc2l6 ZTogMTZweDsgZm9udC1zdHlsZTogbm9ybWFsOw0KICAgICAgICAgICAgICAgIGZvbnQtdmFyaWFu dC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7DQogICAgICAgICAgICAgICAgbGV0 dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50Og0KICAg ICAgICAgICAgICAgIDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3Jt YWw7DQogICAgICAgICAgICAgICAgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJv a2Utd2lkdGg6IDBweDsNCiAgICAgICAgICAgICAgICB0ZXh0LWRlY29yYXRpb246IG5vbmU7IiBj bGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8v aW90LW9uYm9hcmRpbmciIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVu ZGVybGluZTsNCiAgICAgICAgICAgICAgICBmb250LWZhbWlseTogSGVsdmV0aWNhOyBmb250LXNp emU6IDE2cHg7IGZvbnQtc3R5bGU6DQogICAgICAgICAgICAgICAgbm9ybWFsOyBmb250LXZhcmlh bnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOw0KICAgICAgICAgICAgICAgIGxl dHRlci1zcGFjaW5nOiBub3JtYWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246DQogICAgICAg ICAgICAgICAgc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOw0K ICAgICAgICAgICAgICAgIHdoaXRlLXNwYWNlOiBub3JtYWw7IHdpZG93czogYXV0bzsgd29yZC1z cGFjaW5nOiAwcHg7DQogICAgICAgICAgICAgICAgLXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OiBh dXRvOw0KICAgICAgICAgICAgICAgIC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsiIGNs YXNzPSIiIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9pb3Qtb25ib2FyZGluZzwvYT48YnIgc3R5bGU9ImNhcmV0LWNvbG9yOiByZ2Io MCwgMCwgMCk7IGZvbnQtZmFtaWx5Og0KICAgICAgICAgICAgICAgIEhlbHZldGljYTsgZm9udC1z aXplOiAxNnB4OyBmb250LXN0eWxlOiBub3JtYWw7DQogICAgICAgICAgICAgICAgZm9udC12YXJp YW50LWNhcHM6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsNCiAgICAgICAgICAgICAgICBs ZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6DQog ICAgICAgICAgICAgICAgMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5v cm1hbDsNCiAgICAgICAgICAgICAgICB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0 cm9rZS13aWR0aDogMHB4Ow0KICAgICAgICAgICAgICAgIHRleHQtZGVjb3JhdGlvbjogbm9uZTsi IGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4N CjwvZGl2Pg0KPGJyPg0KPGZpZWxkc2V0IGNsYXNzPSJtaW1lQXR0YWNobWVudEhlYWRlciI+PC9m aWVsZHNldD4NCjxwcmUgY2xhc3M9Im1vei1xdW90ZS1wcmUiIHdyYXA9IiI+X19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NClNlY2Rpc3BhdGNoIG1haWxpbmcg bGlzdA0KPGEgY2xhc3M9Im1vei10eHQtbGluay1hYmJyZXZpYXRlZCIgaHJlZj0ibWFpbHRvOlNl Y2Rpc3BhdGNoQGlldGYub3JnIj5TZWNkaXNwYXRjaEBpZXRmLm9yZzwvYT4NCjxhIGNsYXNzPSJt b3otdHh0LWxpbmstZnJlZXRleHQiIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4v bGlzdGluZm8vc2VjZGlzcGF0Y2giPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vc2VjZGlzcGF0Y2g8L2E+DQo8L3ByZT4NCjwvYmxvY2txdW90ZT4NCjwvYm9keT4NCjwvaHRt bD4NCg== --_000_184ad9b2fceead015fe2338ad3dcd65aericssoncom_-- From nobody Wed Nov 18 04:58:46 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B3343A1873; Wed, 18 Nov 2020 04:58:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fH629TaBkfbQ; Wed, 18 Nov 2020 04:58:40 -0800 (PST) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00086.outbound.protection.outlook.com [40.107.0.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8B8F3A0995; Wed, 18 Nov 2020 04:58:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sisl7VhZkqoct3J2zd1Se4CztL4ZYzK1GALxpkRFvZx7gi+e7BApsob3FhxkpY6WhMXrJSfsEoXbmrb7k7Dm4BRWyEEOcFrdTNLP0mw6m791QOnGZWjJoXVIilfxTSSBqh6+i6rzQETiJmBEUB+fMtUpcRSgf7FMQcRUr9vZTy+c/l68to9gBPdu5v/SPBe/fqCEm2p7UomVqXZpOBNIgcmLb6rDCPjcrg/eROvfk+ohh1uQIAQTuDF8E0+/doTn1mcpV6YxIgYM3a36IF5R2EL35Nz8vTmMAGxgBLNoy5xxvDxQ7K9wWD2a8PQAWRU32vdHbGIVoKiBJPaO8vd8IA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iIKED9aTtifi03BoaTX5DM3hRd90t5I9sZkuHmyWy8o=; b=E9vPyCUE4YPaY1SgERbRHu3jsRDUQE1+AKJ0MK1Kyvm+aoC8whcXVkiWi0d2OnmrbJJuJ7mJKzOgjUHb9Ppdo6m7hyXnrZCmIFIOvFMcWtJCCE/ywYclnEihgIZy9Cr22YHIo4qDQ/pBZ3pM0v3iFrddPRCm6l2D7+J+lTP3Z2EzxC0P5xtp8vWSNTRY94n2yvKtsdFrGu97CatS1dRqFgwNhg+By87DonIjgC1h78EI6EVRRJB62YCKgMx7ID0XiOpDCpT+BKQ1zgtdv+Hym8Gj7smsdAc+/Yt3IPivh9qk0NPO0hDmaF9hge68Tvt1jKv+V5Gi9TcUw0ks/OF5ww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iIKED9aTtifi03BoaTX5DM3hRd90t5I9sZkuHmyWy8o=; b=jQ/fOlS3m6SIl6hY1audM/6Zqnc17ycIHCxPU7FFZj1g5oFqjCwa4gTv+MlAL36g4EZ7sV7q9Cwe+JuwBmkZz5tggAWTAo45qqKE2F9Kc/uD2M9klDelrc/4nn+vAwqL0aCZ6dppNdBqycqnC3AwB5sKEtsM93Qt1iq93zmlLuw= Received: from VI1PR07MB3215.eurprd07.prod.outlook.com (2603:10a6:802:1c::21) by VI1PR07MB3360.eurprd07.prod.outlook.com (2603:10a6:802:1c::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.16; Wed, 18 Nov 2020 12:58:35 +0000 Received: from VI1PR07MB3215.eurprd07.prod.outlook.com ([fe80::a926:3f37:978b:e40e]) by VI1PR07MB3215.eurprd07.prod.outlook.com ([fe80::a926:3f37:978b:e40e%6]) with mapi id 15.20.3589.017; Wed, 18 Nov 2020 12:58:34 +0000 From: Mohit Sethi M To: "iot-onboarding@ietf.org" , IETF SecDispatch Thread-Topic: [Iot-onboarding] [Secdispatch] DANE IOT proposed outcome Thread-Index: AQHWvaqFnnGKZdDDOEyooCaxxNmdOQ== Date: Wed, 18 Nov 2020 12:58:34 +0000 Message-ID: References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com; x-originating-ip: [2001:14bb:150:569:3e8c:ae9:d0ae:34c] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ce6eef9a-911d-4911-a587-08d88bc1a8c5 x-ms-traffictypediagnostic: VI1PR07MB3360: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: s1HJbgz5pD8c4IWMxBrGqnkpQRKfb/BDYBIq4Q+iwVin0N6RuNY6cTvTcIvH3At+S59grCHaL3cRAM7uwZ1qRKQmqMRVbUAnyz3njSqlJjgC998O94VMvxGAJodfUU9rlANUPK+R7OjG++kjcYj8f7Uan2YMJNF1QXPC+XnSi/xKm6dnbUfirbPiTqib7mwv2t5AS7LqU+iYc5eZZFqpboc0wVftv5Nuzc2eWbnEDy4AQ0GPZ6NPc3l54/HUjHjNoi+x55Y0bcsiSIPF56ePTMN3A0imtMIMUkIEuGYLsZzkPtsr5s+84K0GlyCrd6KFY8GGLB24atD4ppSwZENLjbkrZ+xn8oGlQyEH53jyHuwUO9g5K7O5sNb6HHaEKl4x5ZG0EuwIq+LMvRiZHNktWImiiC3Ds032GvvpyNw/AMTUdZ1jSdkgpT9p6Pomv9t9Kh4Y/5SHMu1J1jUsr/iFqg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB3215.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(366004)(39860400002)(376002)(346002)(966005)(110136005)(6512007)(450100002)(86362001)(53546011)(316002)(166002)(36756003)(31696002)(71200400001)(76116006)(5660300002)(6486002)(66446008)(478600001)(66946007)(66574015)(64756008)(66476007)(91956017)(83380400001)(6506007)(2616005)(66556008)(8676002)(8936002)(31686004)(2906002)(186003)(43740500002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?utf-8?B?RTRXd043R1dEZy9kVGZNMFBIU0xKNXM0THAvb2NBYjhERFBnQmZxM2pFR0Z3?= =?utf-8?B?WWNYRGpJWGhiK3pVYWxxcTJhbUowUzQ3SWhmUndTUUpkbzhCZmZWYmxnbFZ5?= =?utf-8?B?dDBFTG8wMVM0Mm1EVldoZS9oTDhhZUg0QUZpS0U2aFY0NGZYZ25ITHVHVk5R?= =?utf-8?B?aGdidTVKVi9zTC8vRi9mK09QekRvVjFJMmpJbjdjOU1MTmhNeFpkZ0dHaGNF?= =?utf-8?B?SmZ6TVNlcldNT3lzRjAxbVM2cXlxWWdXYXBGQ1AxMWNOMTNXTFpsVlRPU01Z?= =?utf-8?B?UFpIU09rL2wwcGNYSk9NREdBUE5pTzJDdExXVVQ0RDErN1JNUU95WkxaT202?= =?utf-8?B?WEcrM3dITDBiZFA3RC9RWkJuc3hmck81Q0FCc2lmTElzTmZTbHVFT25GN2M5?= =?utf-8?B?NXJtZHMvb1pubVNDc0s1eFJsMy9SYURDanlpKzdKMEJpZzczNlBJSXFydXFS?= =?utf-8?B?RWN6SkFFU2lJdjltQ1BNMFpCYWp1SmJXSlZyMGtlSk44QnQwY0RvaVl4THBB?= =?utf-8?B?d0pzY3pPcUlzMStwVDVmUDRyTTRqQUNDekc1RWtDYm1MemJNU0pwM3oxNFFW?= =?utf-8?B?TG5GdUtSQXoreERmTTBVNU1PSmQ2UTBKb2Q3ZkdhQkVyOXdKWFRzUVROSjMx?= =?utf-8?B?ZEpodmdVWHM2YzF2UlhrZGVNUjBiTlFxZG01Ym8rNzhVcDlpV3hRaWtHVHYr?= =?utf-8?B?Qk5ta0tLTHhYSnFBbm9qZU5aZWYwM3hKMy9DR0pmLzArMlVkbS95dlFuelU0?= =?utf-8?B?cm0xT2JZdDZvOU1VR0kwOFJ2dVUzUkFFQWNBYnJHTkV6dVViaVJRQkc2OGp5?= =?utf-8?B?NzRSR3EzVytHL2dMblY5RDRHUzd0NFJMV2VmZVBZbmlHTk9lQXVCOVlkS3Rs?= =?utf-8?B?Y2N4UHpjNXVnV25rTC9FY0FNN1p6MFFIQkNXeXJEa2ptcWhycExSZEVMNmF1?= =?utf-8?B?TXY4KzdjMXU3RVl1dHBzTlRSeng3cHN5T2g5K0N1S2xBZmM5MGRZOTZpbHJF?= =?utf-8?B?eTdaRUFhSHFSYkNHYnJWOHpZRGJtZng5Zlk1bE1Db1kzZGNieVRZbFBrSXNG?= =?utf-8?B?MmZTdWZXMDV3R0dCODhOV0FMaVpGL1RHUzRORCtPMGJMT2lKOFBkajZ2cWpO?= =?utf-8?B?MzdvTlBPM1pDanRaUmNhbkU1TnZFbDlVRlc1ZlJaUW9GdHZOZVhhV21EZHVQ?= =?utf-8?B?RmhmUEpydFRBUUFJUDZML2c0ZHp1dUxjMWcrdXVBUnV2R3VTT2JuQ2NFM0hT?= =?utf-8?B?clUvUXN1aml0MzdLa0RYWXdaUG84YU10QkRIeWpsMzcyVlMxZz09?= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_dedb5fb7f0bc7e354f90fddc2d093873ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB3215.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce6eef9a-911d-4911-a587-08d88bc1a8c5 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2020 12:58:34.8719 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hf2kDjKAq8ywiTkH9fEz8aq8fkUcYFHLsw/3KoVPbKppGZ0o8ryFDW2712GG/WNsayvUHVReJKtnft0PYi9JENV+aVuguCEHhEokrUNj4w8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB3360 Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2020 12:58:43 -0000 --_000_dedb5fb7f0bc7e354f90fddc2d093873ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgQXNoIGFuZCBTaHVtb24sDQoNCk15IHVuZGVyc3RhbmRpbmcgaXMgdGhhdCB5b3VyIHNvbHV0 aW9uIGlzIGFwcGxpY2FibGUgdG8gYW55IHNjZW5hcmlvIHRoYXQgdXNlcyBjbGllbnQgY2VydGlm aWNhdGVzLiBPYnZpb3VzbHkgSW9UIG1pZ2h0IGJlIG9uZSBhcHBsaWNhdGlvbiBhcmVhIGZvciB0 aGlzLCBidXQgdGhlcmUgYXJlIG1hbnkgb3RoZXIgdXNlcyBvZiBjbGllbnQgYXV0aGVudGljYXRp b24gd2l0aCBjZXJ0aWZpY2F0ZXMuIEkgZG9uJ3QgaGF2ZSBhbnkgc3Ryb25nIG9waW5pb25zIGFi b3V0IHdoZXRoZXIgdGhpcyBpcyB1c2VmdWwgb3Igbm90LiBCdXQgaXQgbWlnaHQgYmUgZ29vZCB0 byBoYXZlIGEgc2VwYXJhdGUgZm9jdXNlZCBEQU5FIHdvcmtpbmcgZ3JvdXAgZm9yIHRoZXNlIGRy YWZ0cyBpZiB0aGVyZSBpcyBzdHJvbmcgZGVtYW5kIGZvciBzdWNoIGEgc29sdXRpb24uIFlvdXIg cHJlc2VudGF0aW9uIGFsc28gaGlnaGxpZ2h0ZWQgeW91ciBpbnRlbnRpb24gb2YgZGVmaW5pbmcg bmV3IFJSdHlwZSBhbmQvb3IgZXhwYW5kaW5nIHRoZSBzY29wZSBvZiBUTFNBLiBUaGVzZSB0aGlu Z3MgKGFsb25nIHdpdGggREFORSBsaWdodCBldGMuKSB3b3VsZCByZXF1aXJlIHRoZSBpbnB1dCBv ZiBETlMgYW5kIFRMUyBmb2xrcyAoaW4gYWRkaXRpb24gdG8gdGhlIElvVCByZXF1aXJlbWVudHMp Lg0KDQpBbHNvLCBJIGRpZG4ndCB1bmRlcnN0YW5kIGhvdyB3b3VsZCBzZXJ2ZXIgYXV0aGVudGlj YXRpb24gd29yaz8gSSBwcm9iYWJseSBkaWQgbm90IGxpc3RlbiB0byB5b3VyIHByZXNlbnRhdGlv biBjYXJlZnVsbHkgZW5vdWdoIGJ1dCBJIHN1cHBvc2UgeW91IGNhbm5vdCB1c2UgREFORSBmb3Ig c2VydmVyIGF1dGhlbnRpY2F0aW9uIGluIHNjZW5hcmlvcyB3aGVyZSB0aGUgY2xpZW50IGRldmlj ZSBkb2VzIG5vdCB5ZXQgaGF2ZSBJbnRlcm5ldCBjb25uZWN0aXZpdHkuIFNvIGhvdyB3b3VsZCBz ZXJ2ZXIgYXV0aGVudGljYXRpb24gd29yayBpbiBFQVAtVExTL1NJTSBjYXJkL0lvVCBib290c3Ry YXBwaW5nIHNjZW5hcmlvcyB5b3UgZGlzY3Vzc2VkPw0KDQotLU1vaGl0DQoNCk9uIDExLzE2LzIw IDk6MTMgUE0sIEFzaCBXaWxzb24gd3JvdGU6DQpIaSBXZWkgUGFuLA0KVGhlIHByb2Nlc3Mgb2Yg Ym9vdHN0cmFwcGluZyB0aGUgZGV2aWNlJ3MgaWRlbnRpdHkgaXMgb3V0c2lkZSB0aGUgc2NvcGUg b2Ygb3VyIGRyYWZ0cywgYnV0IEkgY29tcGxldGVseSBhZ3JlZSB0aGF0IGdldHRpbmcgdGhlIGJv b3RzdHJhcHBpbmcgcHJvY2VzcyByaWdodCBpcyBpbXBvcnRhbnQuIFdlIHRoaW5rIHRoYXQgdXNp bmcgREFORSBsaWtlIHRoaXMgZG9lc24ndCBjb25mbGljdCB3aXRoIG90aGVyIGJvb3RzdHJhcHBp bmcgcHJvY2Vzc2VzOyBpdCBqdXN0IGFkZHMgYSBETlMtZGlzY292ZXJhYmxlIHB1YmxpYyBrZXkg dG8gdGhlIGlkZW50aXR5IG9mIHRoZSBkZXZpY2Ugd2hlbiBpdCBpcyBwcm92aXNpb25lZC4NCg0K T25lIG9mIHRoZSBwcm9jZXNzZXMgd2UgYXJlIHNlZWtpbmcgdG8gc2ltcGxpZnkgaXMgdGhhdCBv ZiBlc3RhYmxpc2hpbmcgdHJ1c3QgZGlyZWN0bHkgYmV0d2VlbiBkZXZpY2VzIGluIHRoZSBmaWVs ZCwgYm90aCBvZiB3aGljaCBtYXkgaGF2ZSBvbmx5IGEga2V5cGFpciwgYW5kIG5vdCB0aGUgYmVu ZWZpdCBvZiBQS0kgdGhhdCBjaGFpbnMgdG8gYSBwdWJsaWNseSB0cnVzdGVkIENBLiBTdXBwb3J0 aW5nIHguNTA5IGNlcnRpZmljYXRlcyBpcyBpbiB0aGUgaW50ZXJlc3Qgb2YgcHJvdmlkaW5nIGJy b2FkIHByb3RvY29sIGNvbXBhdGliaWxpdHkgKGluY2x1ZGluZyB0aGUgc3VwcG9ydCBvZiBvdGhl ciBhZGphY2VudCBzdGFuZGFyZHMgbGlrZSBNVUQ6IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaWQv ZHJhZnQtaWV0Zi1vcHNhd2ctbXVkLTIyLmh0bWwjbXVkeDUwOSkuIEJ5IHVzaW5nIFRMU0EgZm9y IGNsaWVudCBhdXRoLCB3ZSBhbGxvdyBkZXZpY2VzIHdpdGggb25seSBhIHJhdyBwdWJsaWMga2V5 IGluIEROUywgYXMgd2VsbCBhcyBkZXZpY2VzIHdpdGggbWV0YWRhdGEtcmljaCB4LjUwOSBjZXJ0 aWZpY2F0ZXMsIHRvIG11dHVhbGx5IGF1dGhlbnRpY2F0ZSB3aXRob3V0IHJlcXVpcmluZyB0aGUg ZGlzdHJpYnV0aW9uIG9mIENBIGNlcnRpZmljYXRlcywganVzdCBiYXNlZCBvbiBrbm93bGVkZ2Ug b2YgdGhlIGNvbW11bmljYXRpbmcgcGVlcidzIEROUyBuYW1lLg0KDQpTSU0vVUlDQyBpZGVudGl0 eSBwcm92aWRlcnMgbWF5IHByb3Zpc2lvbiBwdWJsaWMga2V5cyBpbiBETlMsIGFuZCBsZWF2ZSBh IHJlY29yZCBvZiB0aGUgZGV2aWNlJ3MgRE5TIG5hbWUgaW4gdGhlIFNJTSBjYXJkIChsaWtlbHkg dG8gYmUgZm91bmQgaW4gdGhlIGNlcnRpZmljYXRlKS4gVGhpcyBnaXZlcyB0aGUgZGV2aWNlIHRo YXQgcmVjZWl2ZXMgdGhlIFNJTSBjYXJkIHRoZSBhYmlsaXR5IHRvIGRvIGFsbCB0aGUgdGhpbmdz IHRoYXQgdGhlIFBLSSBlY29zeXN0ZW0gc3VwcG9ydHMgbm93LCB3aXRoIHRoZSBhZGRpdGlvbmFs IGJlbmVmaXQgb2YgYmVpbmcgYWJsZSB0byBtdXR1YWxseSBhdXRoZW50aWNhdGUgd2l0aG91dCB0 aGUgb3RoZXIgc2lkZSBvZiB0aGUgaGFuZHNoYWtlIG5lZWRpbmcgdG8gcG9zc2VzcyBhbmQgdHJ1 c3QgdGhlIENBIGNlcnRpZmljYXRlIHVzZWQgdG8gc2lnbiB0aGUgY2VydGlmaWNhdGUgdGhhdCBz aGlwcyB3aXRoIHRoZSBTSU0gY2FyZC4gTmFtaW5nIGNvbGxpc2lvbnMgYXJlIHByZXZlbnRlZCBi eSBiaW5kaW5nIHRoZSBwdWJsaWMga2V5IHRvIHRoZSBETlMgbmFtZS0gb25seSB0aGUgcG9zc2Vz c29yIG9mIHRoZSBwcml2YXRlIGtleSBjb3JyZXNwb25kaW5nIHRvIHRoZSBUTFNBIHJlY29yZCBp cyB0aGUgJ3JlYWwnIGlkZW50aXR5IGhvbGRlci4NCg0KSW4gYSBzaW1pbGFyIGZhc2hpb24sIGRl dmljZSBtYW51ZmFjdHVyZXJzIG1heSBwcm92aXNpb24gYSBEQU5FIGlkZW50aXR5IGZvciBkZXZp Y2VzIGJlZm9yZSB0aGV5IHNoaXAuIFRoZXNlIGRldmljZSBpZGVudGl0aWVzIG1heSByZXNpZGUg aW4gYSBETlMgem9uZSB1bmRlciB0aGUgbWFudWZhY3R1cmVyJ3MgY29udHJvbCwgb3IgdGhlIGlt cGxlbWVudGVyIG1heSBwcmVzZW50IHRoZSBkZXZpY2UgY2VydGlmaWNhdGVzIGluIGEgRE5TIHpv bmUgdW5kZXIgdGhlIGltcGxlbWVudGVyJ3MgY29udHJvbC4gVGhpcyBhbGxvd3MgdGhlIGlkZW50 aXR5IHRvIG1vcmUgbmF0dXJhbGx5IGluZGljYXRlIHRoZSBwYXJ0eSByZXNwb25zaWJsZSBmb3Ig dGhlIGRldmljZSdzIGJlaGF2aW9yLCBhbmQgY2FuIG1ha2UgdGhlIG1pdGlnYXRpb24gb2Ygc29t ZSB0eXBlcyBvZiBuZXR3b3JrIGFidXNlIGEgbGl0dGxlIG1vcmUgc3RyYWlnaHRmb3J3YXJkLg0K DQoNCk9uIE1vbiwgTm92IDE2LCAyMDIwIGF0IDg6MDQgQU0gU2h1bW9uIEh1cXVlIDxzaHVxdWVA Z21haWwuY29tPG1haWx0bzpzaHVxdWVAZ21haWwuY29tPj4gd3JvdGU6DQpIaSBXZWkgUGFuLA0K DQpJJ2xsIGFzayBBc2ggKHdobyBpcyBtb3JlIHBsdWdnZWQgaW50byB0aGUgSU9UIGVjb3N5c3Rl bSB0aGFuIEkgYW0pIHRvIGNvbmZpcm0gLi4gYnV0IHllcywgb3VyIHVzZSBjYXNlIGV4cGVjdHMg ZGV2aWNlcyB0byBoYXZlIElEZXZJRCBvciBzb21lIG90aGVyIHByZWNvbmZpZ3VyZWQgdW5pcXVl IHZhbHVlLCBzbyBpdCBzaG91bGQgYmUgcG9zc2libGUgdG8gd29yayB3aXRoIEJSU0tJLiBGb3Ig dGhlIEROUyByZWNvcmQgZm9ybWF0IG5hbWluZywgd2Ugd2VyZSBpbml0aWFsbHkgbG9va2luZyBh dCB0aGUgZm9ybWF0cyBkZWZpbmVkIGluIGRyYWZ0LWZyaWVsLXBraS1mb3ItZGV2aWNlcywgc3Bl Y2lmaWNhbGx5IHRoZSBMRGV2SUQgb3JnYW5pemF0aW9uIG1hbmFnZWQgZm9ybSwgYnV0IGhhdmUg YSBzbGlnaHRseSBzaW1wbGVyIGZvcm0gY3VycmVudGx5IHNwZWNpZmllZCBpbiB0aGUgZHJhZnQu DQoNClNodW1vbi4NCg0KT24gTW9uLCBOb3YgMTYsIDIwMjAgYXQgNzowMiBBTSBQYW53ZWkgKFdp bGxpYW0pIDx3aWxsaWFtLnBhbndlaUBodWF3ZWkuY29tPG1haWx0bzp3aWxsaWFtLnBhbndlaUBo dWF3ZWkuY29tPj4gd3JvdGU6DQpUaGFua3MgdG8gRWxpb3QgZm9yIHN1bW1hcml6aW5nIHRoZXNl Lg0KDQpJIHRoaW5rIHRoZSBjb3JlIGNvbmNlcHQgb2YgdXNpbmcgREFORSBpbiBJb1Qgc2NlbmFy aW8gaXMgdG8gZ2V0IHJpZCBvZiBjZXJ0aWZpY2F0ZXMgYW5kIFBLSVguIFRoZSBzb2x1dGlvbiBv ZiBob3cgdG8gc2VjdXJlbHkgb25ib2FyZCB0aGUgSW9UIGRldmljZXMgYW5kIGFsbG9jYXRlIHRo ZSBETlMgZG9tYWluIG5hbWUsIGJvdGggd2l0aCBhbmQgd2l0aG91dCBpbml0aWFsIGNlcnRpZmlj YXRlcywgaXMgdGhlIGtleSBwYXJ0IHRvIGZpZ3VyZSBvdXQuDQpJZiB0aGUgSW9UIGRldmljZXMg aGF2ZSBubyBpbml0aWFsIGNlcnRpZmljYXRlcywgc3VjaCBhcyA4MDIuMUFSIElEZXZJRCBjZXJ0 aWZpY2F0ZSwgYXMgdGhlaXIgaW5pdGlhbCBpZGVudGl0eSwgdGhlbiB0aGUgQlJTS0kgbWVjaGFu aXNtIHdvbuKAmXQgYmUgYXBwcm9wcmlhdGUgZm9yIHRoZXNlIGRldmljZXMgYmVjYXVzZSBCUlNL SSBoYXMgYSByZXF1aXJlbWVudCBvZiBJRGV2SUQuDQpJZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBh biBJRGV2SUQgY2VydGlmaWNhdGUsIEkgdGhpbmsgaXQgY2FuIHN0aWxsIHVzZSBCUlNLSSB0byBv bmJvYXJkLCBidXQgaXQgd29u4oCZdCB1c2UgRVNUIHRvIHJlcXVlc3QgYSBjZXJ0aWZpY2F0ZSBh bnkgbW9yZSwgaW5zdGVhZCwgaXQgd2lsbCBhcHBseSBmb3IgYSBETlMgZG9tYWluIG5hbWUgYnkg dXNpbmcgc29tZSBwcm90b2NvbHMuDQoNClRoYXTigJlzIG15IHByZWxpbWluYXJ5IHRob3VnaHRz LCBtYXliZSBub3QgcmlnaHQuDQoNClJlZ2FyZHMgJiBUaGFua3MhDQpXZWkgUGFuDQoNCkZyb206 IFNlY2Rpc3BhdGNoIFttYWlsdG86c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86 c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZz5dIE9uIEJlaGFsZiBPZiBFbGlvdCBMZWFyDQpT ZW50OiBNb25kYXksIE5vdmVtYmVyIDE2LCAyMDIwIDY6NTUgUE0NClRvOiBzZWNkaXNwYXRjaEBp ZXRmLm9yZzxtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmc+DQpTdWJqZWN0OiBbU2VjZGlzcGF0 Y2hdIERBTkUgSU9UIHByb3Bvc2VkIG91dGNvbWUNCg0KVGhhbmtzIHRvIFNodW1vbiBmb3IgcHJl c2VudGluZyB0aGUgREFORSB1c2UgY2FzZSBmb3IgSU9ULg0KDQpXZSBkaXNjdXNzZWQgdGFraW5n IHRoaXMgdG8gdGhlIGlvdC1vbmJvYXJkaW5nQGlldGYub3JnPG1haWx0bzppb3Qtb25ib2FyZGlu Z0BpZXRmLm9yZz4gbGlzdCBhcyB0aGVyZSB3ZXJlIGEgbnVtYmVyIG9mIHJhdGhlciBiaWcgb3Bl biBpc3N1ZXMgdGhhdCBwZW9wbGUgd2FudGVkIHRvIGRpc2N1c3MuDQoNCldlIGFsc28gZGlzY3Vz c2VkIGEgbm9uLVdHIGZvcm1pbmcgQk9GIHRvIGxvb2sgYXQsIGFzIFRlZCBwdXQgaXQsIHRoZSBi cm9hZGVyIGNvbnRleHQgZm9yIG9uYm9hcmRpbmcuICBUbyBnaXZlIHBlb3BsZSBhIGZlZWwgZm9y IHRoZSBzb3J0IG9mIHJlbGF0ZWQgd29yayB0aGF0IGlzIGF2YWlsYWJsZSwgaGVyZSBhcmUgYSBs aXN0IG9mIHJlbGF0ZWQgYWN0aXZpdGllczoNCg0KDQogICogICBkcmFmdC1pZXRmLWFuaW1hLWJv b3RzdHJhcHBpbmcta2V5aW5mcmEgKEJSU0tJKSBpcyBhIHJlcXVlc3QvcmVzcG9uc2UgbWVjaGFu aXNtIHRoYXQgdXNlcyBSRkMgODM2NiB2b3VjaGVycyB0byBpbnRyb2R1Y2UgZGV2aWNlcyBhbmQg bmV0d29yayBpbmZyYXN0cnVjdHVyZS4NCiAgKiAgIEludGVs4oCZcyBTRE8gcHJvdmlkZXMgYW4g YXBwbGljYXRpb24gbGV2ZWwgaW50cm9kdWN0aW9uIHVzaW5nIHZvdWNoZXJzIGFzIHdlbGwuICBU aGlzIHdvcmsgaGFzIGJlZW4gdGFrZW4gdXAgYnkgdGhlIEZJRE8gYWxsaWFuY2UuDQogICogICBU aGUgV2lmaSBBbGxpYW5jZSBoYXMgRGV2aWNlIFByb3Zpc2lvbmluZyBQcm90b2NvbCAoRFBQKSB3 aGljaCBkb2VzIG5vdCBhdHRhY2ggdG8gYSBnbG9iYWwgbmFtZSBzcGFjZSBwcmlvciB0byBwcm92 aXNpb25pbmcgaGF2aW5nIG9jY3VycmVkLCBidXQgZG9lcyByZXByZXNlbnQgYSBtaW5pbXVtIGNh c2UgKGp1c3QgcHVibGljIGtleXMpLg0KICAqICAgZHJhZnQtZnJpZWwtZWFwLXRscy1lYXAtZHBw IGJvcnJvd3MgZnJvbSBEUFAsIGludGVuZGVkIG1vc3RseSBmb3Igd2lyZWQgdXNlLCB3aGVyZSBE UFAgaXMgZm9jdXNlZCBvbiA4MDIuMTEgbmV0d29ya3MuDQogICogICBUaGVyZSBhcmUgYSBudW1i ZXIgb2YgQlJTS0kgcmVsYXRlZCBkcmFmdHMgYnkgT3dlbiBhcyB3ZWxsLCByZWxhdGluZyB0byBj bG91ZC1iYXNlZCByZWdpc3RyYXJzLg0KICAqICAgVGhlcmUgaXMgYWxzbyB3b3JrIGJ5IE1pY2hh ZWwgUmljaGFyZHNvbiBhbmQgUGV0ZXIgVmFuIERlciBTdG9jayBvbiBjb25zdHJhaW5lZCB2b3Vj aGVycy4gIFRoYXQgd29yayBpcyB0YWtpbmcgcGxhY2UgaW4gQUNFLg0KDQpVbmRlcnN0YW5kaW5n IHRoZSBsYW5kc2NhcGUgbWlnaHQgaGVscCB1cyB1bmRlcnN0YW5kIHdoZXJlIERBTkUgZml0cyBp bi4NCg0KUmVnYXJkcywNCg0KRWxpb3QNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fDQpTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNClNlY2Rpc3BhdGNoQGll dGYub3JnPG1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCi0tDQpJb3Qtb25ib2FyZGluZyBtYWlsaW5n IGxpc3QNCklvdC1vbmJvYXJkaW5nQGlldGYub3JnPG1haWx0bzpJb3Qtb25ib2FyZGluZ0BpZXRm Lm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vaW90LW9uYm9hcmRp bmcNCg0KDQotLQ0KQXNoIFdpbHNvbiB8IFRlY2huaWNhbCBEaXJlY3Rvcg0KZTogYXNoLndpbHNv bkB2YWxpbWFpbC5jb208bWFpbHRvOmFzaC53aWxzb25AdmFsaW1haWwuY29tPg0KDQpbaHR0cHM6 Ly9saDUuZ29vZ2xldXNlcmNvbnRlbnQuY29tL192c19fNmlSamZtVDJBZTVMTE5CYjhuRW9wbDJN NVRsNVFscFM2TFMwTGgwdnY0VFluWnUtTWZmMmtERk9xZTBMaGJuU1hwckF4NHlvYVR2cV9UY183 bjFiOHl6R0lxb3h1aGVkdGhEeFlRYW5zZzhDaFQyeDVFY1pWM3JqejE5LUR4OXJFU0xdDQoNCg0K VGhpcyBlbWFpbCBhbmQgYWxsIGRhdGEgdHJhbnNtaXR0ZWQgd2l0aCBpdCBjb250YWlucyBjb25m aWRlbnRpYWwgYW5kL29yIHByb3ByaWV0YXJ5IGluZm9ybWF0aW9uIGludGVuZGVkIHNvbGVseSBm b3IgdGhlIHVzZSBvZiBpbmRpdmlkdWFsKHMpIGF1dGhvcml6ZWQgdG8gcmVjZWl2ZSBpdC4gSWYg eW91IGFyZSBub3QgYW4gaW50ZW5kZWQgYW5kIGF1dGhvcml6ZWQgcmVjaXBpZW50IHlvdSBhcmUg aGVyZWJ5IG5vdGlmaWVkIG9mIGFueSB1c2UsIGRpc2Nsb3N1cmUsIGNvcHlpbmcgb3IgZGlzdHJp YnV0aW9uIG9mIHRoZSBpbmZvcm1hdGlvbiBpbmNsdWRlZCBpbiB0aGlzIHRyYW5zbWlzc2lvbiBp cyBwcm9oaWJpdGVkIGFuZCBtYXkgYmUgdW5sYXdmdWwuIFBsZWFzZSBpbW1lZGlhdGVseSBub3Rp ZnkgdGhlIHNlbmRlciBieSByZXBseWluZyB0byB0aGlzIGVtYWlsIGFuZCB0aGVuIGRlbGV0ZSBp dCBmcm9tIHlvdXIgc3lzdGVtLg0KDQoNCg== --_000_dedb5fb7f0bc7e354f90fddc2d093873ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <77FC9EA0FEEB9849BEE8CB1EB04F8FE4@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5Pg0KPHA+SGkgQXNoIGFu ZCBTaHVtb24sPGJyPg0KPGJyPg0KTXkgdW5kZXJzdGFuZGluZyBpcyB0aGF0IHlvdXIgc29sdXRp b24gaXMgYXBwbGljYWJsZSB0byBhbnkgc2NlbmFyaW8gdGhhdCB1c2VzIGNsaWVudCBjZXJ0aWZp Y2F0ZXMuIE9idmlvdXNseSBJb1QgbWlnaHQgYmUgb25lIGFwcGxpY2F0aW9uIGFyZWEgZm9yIHRo aXMsIGJ1dCB0aGVyZSBhcmUgbWFueSBvdGhlciB1c2VzIG9mIGNsaWVudCBhdXRoZW50aWNhdGlv biB3aXRoIGNlcnRpZmljYXRlcy4gSSBkb24ndCBoYXZlIGFueSBzdHJvbmcgb3BpbmlvbnMNCiBh Ym91dCB3aGV0aGVyIHRoaXMgaXMgdXNlZnVsIG9yIG5vdC4gQnV0IGl0IG1pZ2h0IGJlIGdvb2Qg dG8gaGF2ZSBhIHNlcGFyYXRlIGZvY3VzZWQgREFORSB3b3JraW5nIGdyb3VwIGZvciB0aGVzZSBk cmFmdHMgaWYgdGhlcmUgaXMgc3Ryb25nIGRlbWFuZCBmb3Igc3VjaCBhIHNvbHV0aW9uLiBZb3Vy IHByZXNlbnRhdGlvbiBhbHNvIGhpZ2hsaWdodGVkIHlvdXIgaW50ZW50aW9uIG9mIGRlZmluaW5n IG5ldyBSUnR5cGUgYW5kL29yIGV4cGFuZGluZw0KIHRoZSBzY29wZSBvZiBUTFNBLiBUaGVzZSB0 aGluZ3MgKGFsb25nIHdpdGggREFORSBsaWdodCBldGMuKSB3b3VsZCByZXF1aXJlIHRoZSBpbnB1 dCBvZiBETlMgYW5kIFRMUyBmb2xrcyAoaW4gYWRkaXRpb24gdG8gdGhlIElvVCByZXF1aXJlbWVu dHMpLg0KPGJyPg0KPC9wPg0KPHA+QWxzbywgSSBkaWRuJ3QgdW5kZXJzdGFuZCBob3cgd291bGQg c2VydmVyIGF1dGhlbnRpY2F0aW9uIHdvcms/IEkgcHJvYmFibHkgZGlkIG5vdCBsaXN0ZW4gdG8g eW91ciBwcmVzZW50YXRpb24gY2FyZWZ1bGx5IGVub3VnaCBidXQgSSBzdXBwb3NlIHlvdSBjYW5u b3QgdXNlIERBTkUgZm9yIHNlcnZlciBhdXRoZW50aWNhdGlvbiBpbiBzY2VuYXJpb3Mgd2hlcmUg dGhlIGNsaWVudCBkZXZpY2UgZG9lcyBub3QgeWV0IGhhdmUgSW50ZXJuZXQgY29ubmVjdGl2aXR5 Lg0KIFNvIGhvdyB3b3VsZCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gd29yayBpbiBFQVAtVExTL1NJ TSBjYXJkL0lvVCBib290c3RyYXBwaW5nIHNjZW5hcmlvcyB5b3UgZGlzY3Vzc2VkPzxicj4NCjwv cD4NCjxwPi0tTW9oaXQ8YnI+DQo8L3A+DQo8ZGl2IGNsYXNzPSJtb3otY2l0ZS1wcmVmaXgiPk9u IDExLzE2LzIwIDk6MTMgUE0sIEFzaCBXaWxzb24gd3JvdGU6PGJyPg0KPC9kaXY+DQo8YmxvY2tx dW90ZSB0eXBlPSJjaXRlIiBjaXRlPSJtaWQ6Q0FFZk09dlJvdEdmLVN1WXo4UEtOb3A4emRDQ0Ff LXgrM3hVODFyTVM2TGU2RVVPT0Z3QG1haWwuZ21haWwuY29tIj4NCjxkaXYgZGlyPSJsdHIiPkhp IFdlaSBQYW4sDQo8ZGl2PlRoZSBwcm9jZXNzIG9mIGJvb3RzdHJhcHBpbmcgdGhlIGRldmljZSdz IGlkZW50aXR5IGlzIG91dHNpZGUgdGhlIHNjb3BlIG9mIG91ciBkcmFmdHMsIGJ1dCBJIGNvbXBs ZXRlbHkgYWdyZWUgdGhhdCBnZXR0aW5nIHRoZSBib290c3RyYXBwaW5nIHByb2Nlc3MgcmlnaHQg aXMgaW1wb3J0YW50LiBXZSB0aGluayB0aGF0IHVzaW5nIERBTkUgbGlrZSB0aGlzIGRvZXNuJ3Qg Y29uZmxpY3Qgd2l0aCBvdGhlciBib290c3RyYXBwaW5nIHByb2Nlc3NlczsNCiBpdCBqdXN0IGFk ZHMgYSBETlMtZGlzY292ZXJhYmxlIHB1YmxpYyBrZXkgdG8gdGhlIGlkZW50aXR5IG9mIHRoZSBk ZXZpY2Ugd2hlbiBpdCBpcyBwcm92aXNpb25lZC48L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8 ZGl2Pk9uZSBvZiB0aGUgcHJvY2Vzc2VzIHdlIGFyZSBzZWVraW5nIHRvIHNpbXBsaWZ5IGlzIHRo YXQgb2YmbmJzcDtlc3RhYmxpc2hpbmcgdHJ1c3QgZGlyZWN0bHkgYmV0d2VlbiBkZXZpY2VzIGlu IHRoZSBmaWVsZCwgYm90aCBvZiB3aGljaCBtYXkgaGF2ZSBvbmx5IGEmbmJzcDtrZXlwYWlyLCZu YnNwO2FuZCBub3QgdGhlIGJlbmVmaXQgb2YgUEtJIHRoYXQgY2hhaW5zIHRvIGEgcHVibGljbHkg dHJ1c3RlZCZuYnNwO0NBLiBTdXBwb3J0aW5nIHguNTA5IGNlcnRpZmljYXRlcyBpcw0KIGluIHRo ZSBpbnRlcmVzdCBvZiBwcm92aWRpbmcgYnJvYWQgcHJvdG9jb2wgY29tcGF0aWJpbGl0eSAoaW5j bHVkaW5nIHRoZSBzdXBwb3J0IG9mIG90aGVyIGFkamFjZW50IHN0YW5kYXJkcyBsaWtlIE1VRDoN CjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaWQvZHJhZnQtaWV0Zi1vcHNhd2ctbXVk LTIyLmh0bWwjbXVkeDUwOSIgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIj4NCmh0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaWQvZHJhZnQtaWV0Zi1vcHNhd2ctbXVkLTIyLmh0bWwjbXVkeDUwOTwvYT4pLiBC eSB1c2luZyBUTFNBIGZvciBjbGllbnQgYXV0aCwgd2UgYWxsb3cgZGV2aWNlcyB3aXRoIG9ubHkg YSByYXcgcHVibGljIGtleSBpbiBETlMsIGFzIHdlbGwgYXMgZGV2aWNlcyB3aXRoIG1ldGFkYXRh LXJpY2ggeC41MDkgY2VydGlmaWNhdGVzLCB0byBtdXR1YWxseSBhdXRoZW50aWNhdGUgd2l0aG91 dCByZXF1aXJpbmcgdGhlDQogZGlzdHJpYnV0aW9uIG9mIENBIGNlcnRpZmljYXRlcywganVzdCBi YXNlZCBvbiBrbm93bGVkZ2Ugb2YgdGhlIGNvbW11bmljYXRpbmcgcGVlcidzIEROUyBuYW1lLjwv ZGl2Pg0KPGRpdj48YnI+DQo8L2Rpdj4NCjxkaXY+U0lNL1VJQ0MgaWRlbnRpdHkgcHJvdmlkZXJz IG1heSBwcm92aXNpb24gcHVibGljIGtleXMgaW4gRE5TLCBhbmQgbGVhdmUgYSByZWNvcmQgb2Yg dGhlIGRldmljZSdzIEROUyBuYW1lIGluIHRoZSBTSU0gY2FyZCAobGlrZWx5IHRvIGJlIGZvdW5k IGluIHRoZSBjZXJ0aWZpY2F0ZSkuIFRoaXMgZ2l2ZXMgdGhlIGRldmljZSB0aGF0IHJlY2VpdmVz IHRoZSBTSU0gY2FyZCB0aGUgYWJpbGl0eSB0byBkbyBhbGwgdGhlIHRoaW5ncyB0aGF0IHRoZQ0K IFBLSSBlY29zeXN0ZW0gc3VwcG9ydHMgbm93LCB3aXRoIHRoZSBhZGRpdGlvbmFsIGJlbmVmaXQg b2YgYmVpbmcgYWJsZSB0byBtdXR1YWxseSBhdXRoZW50aWNhdGUgd2l0aG91dCB0aGUgb3RoZXIg c2lkZSBvZiB0aGUgaGFuZHNoYWtlIG5lZWRpbmcgdG8gcG9zc2VzcyBhbmQgdHJ1c3QgdGhlIENB IGNlcnRpZmljYXRlIHVzZWQgdG8gc2lnbiB0aGUgY2VydGlmaWNhdGUgdGhhdCBzaGlwcyB3aXRo IHRoZSBTSU0gY2FyZC4gTmFtaW5nIGNvbGxpc2lvbnMNCiBhcmUgcHJldmVudGVkIGJ5IGJpbmRp bmcgdGhlIHB1YmxpYyBrZXkgdG8gdGhlIEROUyBuYW1lLSBvbmx5IHRoZSBwb3NzZXNzb3Igb2Yg dGhlIHByaXZhdGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhlIFRMU0EgcmVjb3JkIGlzIHRoZSAn cmVhbCcgaWRlbnRpdHkgaG9sZGVyLjwvZGl2Pg0KPGRpdj48YnI+DQo8L2Rpdj4NCjxkaXY+SW4g YSBzaW1pbGFyIGZhc2hpb24sIGRldmljZSBtYW51ZmFjdHVyZXJzIG1heSBwcm92aXNpb24gYSBE QU5FIGlkZW50aXR5IGZvciBkZXZpY2VzIGJlZm9yZSB0aGV5IHNoaXAuIFRoZXNlIGRldmljZSBp ZGVudGl0aWVzIG1heSByZXNpZGUgaW4gYSBETlMgem9uZSB1bmRlciB0aGUgbWFudWZhY3R1cmVy J3MgY29udHJvbCwgb3IgdGhlIGltcGxlbWVudGVyIG1heSBwcmVzZW50IHRoZSBkZXZpY2UgY2Vy dGlmaWNhdGVzIGluIGEgRE5TIHpvbmUNCiB1bmRlciB0aGUgaW1wbGVtZW50ZXIncyBjb250cm9s LiBUaGlzIGFsbG93cyB0aGUgaWRlbnRpdHkgdG8gbW9yZSBuYXR1cmFsbHkgaW5kaWNhdGUgdGhl IHBhcnR5IHJlc3BvbnNpYmxlIGZvciB0aGUgZGV2aWNlJ3MgYmVoYXZpb3IsIGFuZCBjYW4gbWFr ZSB0aGUgbWl0aWdhdGlvbiBvZiBzb21lIHR5cGVzIG9mIG5ldHdvcmsgYWJ1c2UgYSBsaXR0bGUg bW9yZSBzdHJhaWdodGZvcndhcmQuPC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPC9kaXY+DQo8 YnI+DQo8ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+DQo8ZGl2IGRpcj0ibHRyIiBjbGFzcz0iZ21h aWxfYXR0ciI+T24gTW9uLCBOb3YgMTYsIDIwMjAgYXQgODowNCBBTSBTaHVtb24gSHVxdWUgJmx0 OzxhIGhyZWY9Im1haWx0bzpzaHVxdWVAZ21haWwuY29tIiBtb3otZG8tbm90LXNlbmQ9InRydWUi PnNodXF1ZUBnbWFpbC5jb208L2E+Jmd0OyB3cm90ZTo8YnI+DQo8L2Rpdj4NCjxibG9ja3F1b3Rl IGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9Im1hcmdpbjowcHggMHB4IDBweA0KICAgICAgICAg IDAuOGV4O2JvcmRlci1sZWZ0OjFweCBzb2xpZCByZ2IoMjA0LDIwNCwyMDQpO3BhZGRpbmctbGVm dDoxZXgiPg0KPGRpdiBkaXI9Imx0ciI+DQo8ZGl2PkhpIFdlaSBQYW4sPC9kaXY+DQo8ZGl2Pjxi cj4NCjwvZGl2Pg0KPGRpdj5JJ2xsIGFzayBBc2ggKHdobyBpcyBtb3JlIHBsdWdnZWQgaW50byB0 aGUgSU9UIGVjb3N5c3RlbSB0aGFuIEkgYW0pIHRvIGNvbmZpcm0gLi4gYnV0IHllcywgb3VyIHVz ZSBjYXNlIGV4cGVjdHMgZGV2aWNlcyB0byBoYXZlIElEZXZJRCBvciBzb21lIG90aGVyIHByZWNv bmZpZ3VyZWQgdW5pcXVlIHZhbHVlLCBzbyBpdCBzaG91bGQgYmUgcG9zc2libGUgdG8gd29yayB3 aXRoIEJSU0tJLiBGb3IgdGhlIEROUyByZWNvcmQgZm9ybWF0IG5hbWluZywNCiB3ZSB3ZXJlIGlu aXRpYWxseSBsb29raW5nIGF0IHRoZSBmb3JtYXRzIGRlZmluZWQgaW4gZHJhZnQtZnJpZWwtcGtp LWZvci1kZXZpY2VzLCBzcGVjaWZpY2FsbHkgdGhlIExEZXZJRCBvcmdhbml6YXRpb24gbWFuYWdl ZCBmb3JtLCBidXQgaGF2ZSBhIHNsaWdodGx5IHNpbXBsZXIgZm9ybSBjdXJyZW50bHkgc3BlY2lm aWVkIGluIHRoZSBkcmFmdC48L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2PlNodW1vbi48 YnI+DQo8L2Rpdj4NCjxicj4NCjxkaXYgY2xhc3M9ImdtYWlsX3F1b3RlIj4NCjxkaXYgZGlyPSJs dHIiIGNsYXNzPSJnbWFpbF9hdHRyIj5PbiBNb24sIE5vdiAxNiwgMjAyMCBhdCA3OjAyIEFNIFBh bndlaSAoV2lsbGlhbSkgJmx0OzxhIGhyZWY9Im1haWx0bzp3aWxsaWFtLnBhbndlaUBodWF3ZWku Y29tIiB0YXJnZXQ9Il9ibGFuayIgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIj53aWxsaWFtLnBhbndl aUBodWF3ZWkuY29tPC9hPiZndDsgd3JvdGU6PGJyPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBjbGFz cz0iZ21haWxfcXVvdGUiIHN0eWxlPSJtYXJnaW46MHB4IDBweCAwcHgNCiAgICAgICAgICAgICAg ICAwLjhleDtib3JkZXItbGVmdDoxcHggc29saWQNCiAgICAgICAgICAgICAgICByZ2IoMjA0LDIw NCwyMDQpO3BhZGRpbmctbGVmdDoxZXgiPg0KPGRpdiBsYW5nPSJaSC1DTiI+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMXB0O2ZvbnQtZmFtaWx5 OkdhZHVnaSxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIiBsYW5nPSJFTi1VUyI+VGhhbmtzIHRvIEVs aW90IGZvciBzdW1tYXJpemluZyB0aGVzZS48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMXB0O2ZvbnQtZmFtaWx5OkdhZHVnaSxzYW5zLXNl cmlmO2NvbG9yOmJsYWNrIiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTFwdDtmb250LWZhbWlseTpHYWR1 Z2ksc2Fucy1zZXJpZjtjb2xvcjpibGFjayIgbGFuZz0iRU4tVVMiPkkgdGhpbmsgdGhlIGNvcmUg Y29uY2VwdCBvZiB1c2luZyBEQU5FIGluIElvVCBzY2VuYXJpbyBpcyB0byBnZXQgcmlkIG9mIGNl cnRpZmljYXRlcyBhbmQgUEtJWC4gVGhlIHNvbHV0aW9uIG9mIGhvdyB0byBzZWN1cmVseSBvbmJv YXJkIHRoZSBJb1QgZGV2aWNlcyBhbmQNCiBhbGxvY2F0ZSB0aGUgRE5TIGRvbWFpbiBuYW1lLCBi b3RoIHdpdGggYW5kIHdpdGhvdXQgaW5pdGlhbCBjZXJ0aWZpY2F0ZXMsIGlzIHRoZSBrZXkgcGFy dCB0byBmaWd1cmUgb3V0Ljwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExcHQ7Zm9udC1mYW1pbHk6R2FkdWdpLHNhbnMtc2VyaWY7Y29sb3I6 YmxhY2siIGxhbmc9IkVOLVVTIj5JZiB0aGUgSW9UIGRldmljZXMgaGF2ZSBubyBpbml0aWFsIGNl cnRpZmljYXRlcywgc3VjaCBhcyA4MDIuMUFSIElEZXZJRCBjZXJ0aWZpY2F0ZSwgYXMgdGhlaXIg aW5pdGlhbCBpZGVudGl0eSwgdGhlbiB0aGUgQlJTS0kgbWVjaGFuaXNtIHdvbuKAmXQgYmUgYXBw cm9wcmlhdGUNCiBmb3IgdGhlc2UgZGV2aWNlcyBiZWNhdXNlIEJSU0tJIGhhcyBhIHJlcXVpcmVt ZW50IG9mIElEZXZJRC48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMXB0O2ZvbnQtZmFtaWx5OkdhZHVnaSxzYW5zLXNlcmlmO2NvbG9yOmJs YWNrIiBsYW5nPSJFTi1VUyI+SWYgdGhlIElvVCBkZXZpY2VzIGhhdmUgYW4gSURldklEIGNlcnRp ZmljYXRlLCBJIHRoaW5rIGl0IGNhbiBzdGlsbCB1c2UgQlJTS0kgdG8gb25ib2FyZCwgYnV0IGl0 IHdvbuKAmXQgdXNlIEVTVCB0byByZXF1ZXN0IGEgY2VydGlmaWNhdGUgYW55IG1vcmUsIGluc3Rl YWQsDQogaXQgd2lsbCBhcHBseSBmb3IgYSBETlMgZG9tYWluIG5hbWUgYnkgdXNpbmcgc29tZSBw cm90b2NvbHMuPC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTFwdDtmb250LWZhbWlseTpHYWR1Z2ksc2Fucy1zZXJpZjtjb2xvcjpibGFjayIg bGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExcHQ7Zm9udC1mYW1pbHk6R2FkdWdpLHNhbnMtc2VyaWY7Y29s b3I6YmxhY2siIGxhbmc9IkVOLVVTIj5UaGF04oCZcyBteSBwcmVsaW1pbmFyeSB0aG91Z2h0cywg bWF5YmUgbm90IHJpZ2h0Ljwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExcHQ7Zm9udC1mYW1pbHk6R2FkdWdpLHNhbnMtc2VyaWY7Y29sb3I6 YmxhY2siIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDoxMTAlIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExcHQ7bGluZS1oZWlnaHQ6MTEwJTtmb250LWZhbWlseTpHYWR1Z2ksc2Fucy1zZXJpZjtjb2xv cjpibGFjayIgbGFuZz0iRU4tVVMiPlJlZ2FyZHMgJmFtcDsgVGhhbmtzITwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibGluZS1oZWlnaHQ6MTEwJSI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMXB0O2xpbmUtaGVpZ2h0OjExMCU7Zm9udC1mYW1pbHk6R2FkdWdpLHNhbnMt c2VyaWY7Y29sb3I6YmxhY2siIGxhbmc9IkVOLVVTIj5XZWkgUGFuPC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMXB0O2ZvbnQt ZmFtaWx5OkdhZHVnaSxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIiBsYW5nPSJFTi1VUyI+Jm5ic3A7 PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlci1jb2xvcjpjdXJyZW50Y29sb3IgY3VycmVu dGNvbG9yDQogICAgICAgICAgICAgICAgICAgICAgY3VycmVudGNvbG9yIGJsdWU7Ym9yZGVyLXN0 eWxlOm5vbmUgbm9uZSBub25lDQogICAgICAgICAgICAgICAgICAgICAgc29saWQ7Ym9yZGVyLXdp ZHRoOm1lZGl1bSBtZWRpdW0gbWVkaXVtDQogICAgICAgICAgICAgICAgICAgICAgMS41cHQ7cGFk ZGluZzowY20gMGNtIDBjbSA0cHQiPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlci1jb2xvcjpy Z2IoMjI1LDIyNSwyMjUpDQogICAgICAgICAgICAgICAgICAgICAgICAgIGN1cnJlbnRjb2xvciBj dXJyZW50Y29sb3I7Ym9yZGVyLXN0eWxlOnNvbGlkDQogICAgICAgICAgICAgICAgICAgICAgICAg IG5vbmUgbm9uZTtib3JkZXItd2lkdGg6MXB0IG1lZGl1bQ0KICAgICAgICAgICAgICAgICAgICAg ICAgICBtZWRpdW07cGFkZGluZzozcHQgMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExcHQ7Zm9udC1mYW1pbHk6Q2FsaWJyaSxzYW5zLXNl cmlmIiBsYW5nPSJFTi1VUyI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTFwdDtmb250LWZhbWlseTpDYWxpYnJpLHNhbnMtc2VyaWYiIGxhbmc9IkVOLVVTIj4gU2VjZGlz cGF0Y2ggW21haWx0bzo8YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9y ZyIgdGFyZ2V0PSJfYmxhbmsiIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSI+c2VjZGlzcGF0Y2gtYm91 bmNlc0BpZXRmLm9yZzwvYT5dDQo8Yj5PbiBCZWhhbGYgT2YgPC9iPkVsaW90IExlYXI8YnI+DQo8 Yj5TZW50OjwvYj4gTW9uZGF5LCBOb3ZlbWJlciAxNiwgMjAyMCA2OjU1IFBNPGJyPg0KPGI+VG86 PC9iPiA8YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5r IiBtb3otZG8tbm90LXNlbmQ9InRydWUiPg0Kc2VjZGlzcGF0Y2hAaWV0Zi5vcmc8L2E+PGJyPg0K PGI+U3ViamVjdDo8L2I+IFtTZWNkaXNwYXRjaF0gREFORSBJT1QgcHJvcG9zZWQgb3V0Y29tZTwv c3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5UaGFua3MgdG8mbmJzcDtTaHVtb24gZm9yIHByZXNl bnRpbmcgdGhlIERBTkUgdXNlIGNhc2UgZm9yIElPVC48L3NwYW4+PC9wPg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPldlIGRp c2N1c3NlZCB0YWtpbmcgdGhpcyB0byB0aGUgPGEgaHJlZj0ibWFpbHRvOmlvdC1vbmJvYXJkaW5n QGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayIgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIj4NCmlvdC1v bmJvYXJkaW5nQGlldGYub3JnPC9hPiBsaXN0IGFzIHRoZXJlIHdlcmUgYSBudW1iZXIgb2YgcmF0 aGVyIGJpZyBvcGVuIGlzc3VlcyB0aGF0IHBlb3BsZSB3YW50ZWQgdG8gZGlzY3Vzcy48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOzwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBsYW5nPSJFTi1VUyI+V2UgYWxzbyBkaXNjdXNzZWQgYSBub24tV0cgZm9ybWluZyBC T0YgdG8gbG9vayBhdCwgYXMgVGVkIHB1dCBpdCwgdGhlIGJyb2FkZXIgY29udGV4dCBmb3Igb25i b2FyZGluZy4mbmJzcDsgVG8gZ2l2ZSBwZW9wbGUgYSBmZWVsIGZvciB0aGUgc29ydCBvZiByZWxh dGVkIHdvcmsgdGhhdCBpcyBhdmFpbGFibGUsIGhlcmUgYXJlIGEgbGlzdCBvZiByZWxhdGVkIGFj dGl2aXRpZXM6PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHVs IHR5cGU9ImRpc2MiPg0KPGxpIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5k cmFmdC1pZXRmLWFuaW1hLWJvb3RzdHJhcHBpbmcta2V5aW5mcmEgKEJSU0tJKSBpcyBhIHJlcXVl c3QvcmVzcG9uc2UgbWVjaGFuaXNtIHRoYXQgdXNlcyBSRkMgODM2NiB2b3VjaGVycyB0byBpbnRy b2R1Y2UgZGV2aWNlcyBhbmQgbmV0d29yayBpbmZyYXN0cnVjdHVyZS48L3NwYW4+PC9saT48bGkg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkludGVs4oCZcyBTRE8gcHJvdmlk ZXMgYW4gYXBwbGljYXRpb24gbGV2ZWwgaW50cm9kdWN0aW9uIHVzaW5nIHZvdWNoZXJzIGFzIHdl bGwuJm5ic3A7IFRoaXMgd29yayBoYXMgYmVlbiB0YWtlbiB1cCBieSB0aGUgRklETyBhbGxpYW5j ZS48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRo ZSBXaWZpIEFsbGlhbmNlIGhhcyBEZXZpY2UgUHJvdmlzaW9uaW5nIFByb3RvY29sIChEUFApIHdo aWNoIGRvZXMgbm90IGF0dGFjaCB0byBhIGdsb2JhbCBuYW1lIHNwYWNlIHByaW9yIHRvIHByb3Zp c2lvbmluZyBoYXZpbmcgb2NjdXJyZWQsIGJ1dCBkb2VzIHJlcHJlc2VudCBhIG1pbmltdW0gY2Fz ZSAoanVzdCBwdWJsaWMga2V5cykuPC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IkVOLVVTIj5kcmFmdC1mcmllbC1lYXAtdGxzLWVhcC1kcHAgYm9ycm93cyBmcm9t IERQUCwgaW50ZW5kZWQgbW9zdGx5IGZvciB3aXJlZCB1c2UsIHdoZXJlIERQUCBpcyBmb2N1c2Vk IG9uIDgwMi4xMSBuZXR3b3Jrcy48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gbGFuZz0iRU4tVVMiPlRoZXJlIGFyZSBhIG51bWJlciBvZiBCUlNLSSByZWxhdGVkIGRyYWZ0 cyBieSBPd2VuIGFzIHdlbGwsIHJlbGF0aW5nIHRvIGNsb3VkLWJhc2VkIHJlZ2lzdHJhcnMuPC9z cGFuPjwvbGk+PGxpIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5UaGVyZSBp cyBhbHNvIHdvcmsgYnkgTWljaGFlbCBSaWNoYXJkc29uIGFuZCBQZXRlciBWYW4gRGVyIFN0b2Nr IG9uIGNvbnN0cmFpbmVkIHZvdWNoZXJzLiZuYnNwOyBUaGF0IHdvcmsgaXMgdGFraW5nIHBsYWNl IGluIEFDRS48L3NwYW4+PC9saT48L3VsPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+VW5kZXJzdGFuZGluZyB0 aGUgbGFuZHNjYXBlIG1pZ2h0IGhlbHAgdXMgdW5kZXJzdGFuZCB3aGVyZSBEQU5FIGZpdHMgaW4u PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlJlZ2FyZHMsPC9zcGFuPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0i RU4tVVMiPkVsaW90PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9kaXY+DQo8L2Rpdj4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fPGJyPg0KU2VjZGlzcGF0Y2ggbWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRv OlNlY2Rpc3BhdGNoQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayIgbW96LWRvLW5vdC1zZW5kPSJ0 cnVlIj5TZWNkaXNwYXRjaEBpZXRmLm9yZzwvYT48YnI+DQo8YSBocmVmPSJodHRwczovL3d3dy5p ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NlY2Rpc3BhdGNoIiByZWw9Im5vcmVmZXJyZXIiIHRh cmdldD0iX2JsYW5rIiBtb3otZG8tbm90LXNlbmQ9InRydWUiPmh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2g8L2E+PGJyPg0KPC9ibG9ja3F1b3RlPg0KPC9k aXY+DQo8L2Rpdj4NCi0tIDxicj4NCklvdC1vbmJvYXJkaW5nIG1haWxpbmcgbGlzdDxicj4NCjxh IGhyZWY9Im1haWx0bzpJb3Qtb25ib2FyZGluZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiIG1v ei1kby1ub3Qtc2VuZD0idHJ1ZSI+SW90LW9uYm9hcmRpbmdAaWV0Zi5vcmc8L2E+PGJyPg0KPGEg aHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pb3Qtb25ib2FyZGlu ZyIgcmVsPSJub3JlZmVycmVyIiB0YXJnZXQ9Il9ibGFuayIgbW96LWRvLW5vdC1zZW5kPSJ0cnVl Ij5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2lvdC1vbmJvYXJkaW5nPC9h Pjxicj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGJyIGNsZWFyPSJhbGwiPg0KPGRpdj48YnI+ DQo8L2Rpdj4NCi0tIDxicj4NCjxkaXYgZGlyPSJsdHIiIGNsYXNzPSJnbWFpbF9zaWduYXR1cmUi PjxzcGFuPg0KPGRpdiBzdHlsZT0idGV4dC1hbGlnbjpsZWZ0Ij48c3BhbiBzdHlsZT0idmVydGlj YWwtYWxpZ246YmFzZWxpbmU7d2hpdGUtc3BhY2U6cHJlLXdyYXA7Zm9udC1zaXplOnNtYWxsO2Zv bnQtZmFtaWx5OkFyaWFsIj48Yj5Bc2ggV2lsc29uPC9iPjwvc3Bhbj48c3BhbiBzdHlsZT0idmVy dGljYWwtYWxpZ246YmFzZWxpbmU7d2hpdGUtc3BhY2U6cHJlLXdyYXA7Zm9udC1zaXplOnNtYWxs O2ZvbnQtZmFtaWx5OkFyaWFsIj4gfCBUZWNobmljYWwgRGlyZWN0b3I8L3NwYW4+PC9kaXY+DQo8 c3BhbiBzdHlsZT0idmVydGljYWwtYWxpZ246YmFzZWxpbmU7d2hpdGUtc3BhY2U6cHJlLXdyYXA7 Zm9udC1zaXplOnNtYWxsO2ZvbnQtZmFtaWx5OkFyaWFsIj4NCjxkaXYgc3R5bGU9InRleHQtYWxp Z246bGVmdCI+PHNwYW4gc3R5bGU9InZlcnRpY2FsLWFsaWduOmJhc2VsaW5lIj48Yj5lOjwvYj48 L3NwYW4+PHNwYW4gc3R5bGU9InZlcnRpY2FsLWFsaWduOmJhc2VsaW5lIj4NCjxhIGhyZWY9Im1h aWx0bzphc2gud2lsc29uQHZhbGltYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiIG1vei1kby1ub3Qt c2VuZD0idHJ1ZSI+YXNoLndpbHNvbkB2YWxpbWFpbC5jb208L2E+DQo8L3NwYW4+PHNwYW4+PC9z cGFuPjwvZGl2Pg0KPC9zcGFuPg0KPHAgZGlyPSJsdHIiIHN0eWxlPSJjb2xvcjpyZ2IoMzQsMzQs MzQpO2ZvbnQtZmFtaWx5OkFyaWFsLEhlbHZldGljYSxzYW5zLXNlcmlmO2ZvbnQtc2l6ZTpzbWFs bDtiYWNrZ3JvdW5kLWNvbG9yOnJnYigyNTUsMjU1LDI1NSk7bGluZS1oZWlnaHQ6MS4zODttYXJn aW4tdG9wOjBwdDttYXJnaW4tYm90dG9tOjBwdCI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx cHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6cmdiKDAsMCwwKTtiYWNrZ3JvdW5kLWNvbG9yOnRy YW5zcGFyZW50O3ZlcnRpY2FsLWFsaWduOmJhc2VsaW5lO3doaXRlLXNwYWNlOnByZS13cmFwIj48 aW1nIHNyYz0iaHR0cHM6Ly9saDUuZ29vZ2xldXNlcmNvbnRlbnQuY29tL192c19fNmlSamZtVDJB ZTVMTE5CYjhuRW9wbDJNNVRsNVFscFM2TFMwTGgwdnY0VFluWnUtTWZmMmtERk9xZTBMaGJuU1hw ckF4NHlvYVR2cV9UY183bjFiOHl6R0lxb3h1aGVkdGhEeFlRYW5zZzhDaFQyeDVFY1pWM3JqejE5 LUR4OXJFU0wiIHN0eWxlPSJib3JkZXI6IG5vbmU7IGhlaWdodDogNDBweDsgd2lkdGg6IDE3N3B4 OyIgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIj48L3NwYW4+PC9wPg0KPHAgZGlyPSJsdHIiIHN0eWxl PSJjb2xvcjpyZ2IoMzQsMzQsMzQpO2ZvbnQtZmFtaWx5OkFyaWFsLEhlbHZldGljYSxzYW5zLXNl cmlmO2ZvbnQtc2l6ZTpzbWFsbDtiYWNrZ3JvdW5kLWNvbG9yOnJnYigyNTUsMjU1LDI1NSk7bGlu ZS1oZWlnaHQ6MS4zODttYXJnaW4tdG9wOjBwdDttYXJnaW4tYm90dG9tOjBwdCI+DQo8YnI+DQo8 L3A+DQo8cCBkaXI9Imx0ciIgc3R5bGU9ImJhY2tncm91bmQtY29sb3I6cmdiKDI1NSwyNTUsMjU1 KTtsaW5lLWhlaWdodDoxLjM4O21hcmdpbi10b3A6MHB0O21hcmdpbi1ib3R0b206MHB0Ij4NCjxm b250IGZhY2U9IkFyaWFsIiBjb2xvcj0iIzY2NjY2NiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MC42NjY3cHg7d2hpdGUtc3BhY2U6cHJlLXdyYXAiPlRoaXMgZW1haWwgYW5kIGFsbCBkYXRhIHRy YW5zbWl0dGVkIHdpdGggaXQgY29udGFpbnMgY29uZmlkZW50aWFsIGFuZC9vciBwcm9wcmlldGFy eSBpbmZvcm1hdGlvbiBpbnRlbmRlZCBzb2xlbHkgZm9yIHRoZSB1c2Ugb2YgaW5kaXZpZHVhbChz KSBhdXRob3JpemVkIHRvIHJlY2VpdmUgaXQuDQogSWYgeW91IGFyZSBub3QgYW4gaW50ZW5kZWQg YW5kIGF1dGhvcml6ZWQgcmVjaXBpZW50IHlvdSBhcmUgaGVyZWJ5IG5vdGlmaWVkIG9mIGFueSB1 c2UsIGRpc2Nsb3N1cmUsIGNvcHlpbmcgb3IgZGlzdHJpYnV0aW9uIG9mIHRoZSBpbmZvcm1hdGlv biBpbmNsdWRlZCBpbiB0aGlzIHRyYW5zbWlzc2lvbiBpcyBwcm9oaWJpdGVkIGFuZCBtYXkgYmUg dW5sYXdmdWwuIFBsZWFzZSBpbW1lZGlhdGVseSBub3RpZnkgdGhlIHNlbmRlciBieSByZXBseWlu Zw0KIHRvIHRoaXMgZW1haWwgYW5kIHRoZW4gZGVsZXRlIGl0IGZyb20geW91ciBzeXN0ZW0uPC9z cGFuPjwvZm9udD48L3A+DQo8L3NwYW4+PC9kaXY+DQo8YnI+DQo8ZmllbGRzZXQgY2xhc3M9Im1p bWVBdHRhY2htZW50SGVhZGVyIj48L2ZpZWxkc2V0PiA8L2Jsb2NrcXVvdGU+DQo8L2JvZHk+DQo8 L2h0bWw+DQo= --_000_dedb5fb7f0bc7e354f90fddc2d093873ericssoncom_-- From nobody Wed Nov 18 05:03:43 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A8163A187B; Wed, 18 Nov 2020 05:03:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.6 X-Spam-Level: X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKjLcL3xOkwb; Wed, 18 Nov 2020 05:03:36 -0800 (PST) Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52D7C3A1878; Wed, 18 Nov 2020 05:03:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=32625; q=dns/txt; s=iport; t=1605704615; x=1606914215; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=A9pwaR4n7vyV42osomWXNOy9gKav7H2h5eOcLhwZGyE=; b=ahEpEko+BeZZbPpPEoNF+VN6/McgTm1E0vxP6Ici+u8fDvR9GAEg1T60 VPmAt6IgRn1bm9f5SON0ONb99r18SIeUSkY3JHcf7uXeKs25qU00IXhZQ ebexhlN976mOKr54IxCl91jXPggt6PeGYS8k4bkkEBAIE55u8+Q4R48aF o=; X-Files: signature.asc : 488 X-IPAS-Result: =?us-ascii?q?A0BwAABtGrVf/xbLJq1ZCRoBAQEBAQEBAQEBAwEBAQESA?= =?us-ascii?q?QEBAQICAQEBAYIPgSOBB3RVATIuhD2JBYd9JoEFhmWSXIFoBAcBAQEKAwEBG?= =?us-ascii?q?AEKDAQBAYQGRAKCJiY4EwIDAQEBAwIDAQEBAQUBAQECAQYEcYVhDIVyAQEBA?= =?us-ascii?q?QIBAQEhSwsFCwsRBAEBASABBgMCAicfCQgGExsEgmQCIQGCZiAPrgx2gTKFV?= =?us-ascii?q?4RmCgaBOIFTjAiCAIERJwwQghoFMD6CXQEBAoEoAQgKAQlOgmEzgiwEkEGKb?= =?us-ascii?q?IEam26Cd4McgTeWRgMfoXqwRoNkAgQGBQIVgWsjZ3AzGggbFTsqAYI+PhIZD?= =?us-ascii?q?Y0pgQIXFIhOhUVAAzACAQEzAgYBCQEBAwmOSAEB?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.77,486,1596499200"; d="asc'?scan'208,217";a="31220990" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Nov 2020 13:03:33 +0000 Received: from dhcp-10-61-101-123.cisco.com (dhcp-10-61-101-123.cisco.com [10.61.101.123]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 0AID3V8J000781 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 18 Nov 2020 13:03:32 GMT From: Eliot Lear Message-Id: <27155BC8-36F3-48D4-8483-63E58ED0F524@cisco.com> Content-Type: multipart/signed; boundary="Apple-Mail=_A8FAEBE5-FD39-46EE-833C-7A00506B26DF"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Date: Wed, 18 Nov 2020 14:03:30 +0100 In-Reply-To: <184ad9b2-fcee-ad01-5fe2-338ad3dcd65a@ericsson.com> Cc: "Panwei (William)" , "iot-onboarding@ietf.org" , "secdispatch@ietf.org" To: Mohit Sethi M References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> <184ad9b2-fcee-ad01-5fe2-338ad3dcd65a@ericsson.com> X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Outbound-SMTP-Client: 10.61.101.123, dhcp-10-61-101-123.cisco.com X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: Re: [Secdispatch] Confusing terminology was Re: [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2020 13:03:38 -0000 --Apple-Mail=_A8FAEBE5-FD39-46EE-833C-7A00506B26DF Content-Type: multipart/alternative; boundary="Apple-Mail=_2F638C12-0B23-4353-A33B-0C9935CA585B" --Apple-Mail=_2F638C12-0B23-4353-A33B-0C9935CA585B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Mohit, Your confusion is entirely understandable. There the term means = different things at different layers at this point. Let me clarify: In the general context, a peer is the other side of a connection. In the EAP case, it=E2=80=99s the end device looking to be authenticated = by an authenticator. I think both uses are in context for this discussion=E2=80=A6 sadly. Eliot > On 18 Nov 2020, at 13:10, Mohit Sethi M = > wrote: >=20 > Hi Eliot, >=20 > I find your use of the term peer confusing. Let me explain what I mean = with this table on various terms for an EAP-TLS implementation: >=20 >=20 >> = +-------------+---------------+-----------------+-------------------+ >> | | Device | Gateway | Server = | >> = +-------------+---------------+-----------------+-------------------+ >> | TLS | Client | | Server = | >> | | | | = | >> | EAP/AAA | Peer | Authenticator | EAP = server/backend| >> | | | | auth server = | >> | | | | = | >> | 802.1x | Supplicant | Authenticator | Authentication = | >> | | | | server (AS) = | >> | | | | = | >> | RADIUS | | Network access | RADIUS server = | >> | | | server (NAS) | = | >> | | | | = | >> | 802.11 | Station | Access Point | = | >> = +-------------+---------------+-----------------+-------------------+ >=20 > Assuming email clients are able to render this ascii table correctly, = I hope you understand that in some contexts, the device is the peer. = When you say proving peer to device, and device to peer, I am unsure if = you are referring to a server or a smartphone that acts as a companion = device during bootstrapping. >=20 > I don't want to be the terminology police here asking people to be = more cautious with the usage of terms. I also understand the reality = that companies are often forced to do branding to look cool and perhaps = improve chances of adoption. >=20 > Maybe as protocol engineers we can do somewhat better? I thought we = already had too many terms for device: station/peer/client/supplicant. = And then I saw the term pledge. Good luck trying to teach network = security to new folks. No wonder many students I encounter now want to = do AI or javascript but not low-level protocols. I am similarly not = enthusiastic with usage of loose terms such as onboarding. At least in = my study of several different systems including bluetooth/wi-fi/LWM2M: = they principally follow the same terminology pattern: bootstrapping and = authentication followed by provisioning/configuration. You could point = me to OCF which uses onboarding but we don't have to make the same = mistakes as another SDO. >=20 > --Mohit >=20 > On 11/16/20 2:50 PM, Eliot Lear wrote: >> Hi Wei Pan, >>=20 >> I agree with you that there is a need for something that doesn=E2=80=99= t require devices to have a full PKI built in. But there needs to be = something unique about the device that it can express and prove. Also, = we should separate out two problems: >>=20 >> Proving the peer to the device >> Providing the device to the peer >>=20 >> Each has slightly different characteristics, especially when it comes = to certificates. Nobody should expect a huge cert store to be on a = light weight client. As was said in the chat, that is one thing that = BRSKI solves. But DPP/POK also solves it without certificates, but = still requires at least a public/private key pair. Less than that I do = not know how to work the problem. >>=20 >> Eliot >>=20 >>> On 16 Nov 2020, at 13:02, Panwei (William) = > wrote: >>>=20 >>> Thanks to Eliot for summarizing these. >>>=20 >>> I think the core concept of using DANE in IoT scenario is to get rid = of certificates and PKIX. The solution of how to securely onboard the = IoT devices and allocate the DNS domain name, both with and without = initial certificates, is the key part to figure out. >>> If the IoT devices have no initial certificates, such as 802.1AR = IDevID certificate, as their initial identity, then the BRSKI mechanism = won=E2=80=99t be appropriate for these devices because BRSKI has a = requirement of IDevID. >>> If the IoT devices have an IDevID certificate, I think it can still = use BRSKI to onboard, but it won=E2=80=99t use EST to request a = certificate any more, instead, it will apply for a DNS domain name by = using some protocols. >>>=20 >>> That=E2=80=99s my preliminary thoughts, maybe not right. >>>=20 >>> Regards & Thanks! >>> Wei Pan >>>=20 >>> From: Secdispatch [mailto:secdispatch-bounces@ietf.org = ] On Behalf Of Eliot Lear >>> Sent: Monday, November 16, 2020 6:55 PM >>> To: secdispatch@ietf.org >>> Subject: [Secdispatch] DANE IOT proposed outcome >>>=20 >>> Thanks to Shumon for presenting the DANE use case for IOT. >>>=20 >>> We discussed taking this to the iot-onboarding@ietf.org = list as there were a number of rather = big open issues that people wanted to discuss. >>>=20 >>> We also discussed a non-WG forming BOF to look at, as Ted put it, = the broader context for onboarding. To give people a feel for the sort = of related work that is available, here are a list of related = activities: >>>=20 >>> draft-ietf-anima-bootstrapping-keyinfra (BRSKI) is a = request/response mechanism that uses RFC 8366 vouchers to introduce = devices and network infrastructure. >>> Intel=E2=80=99s SDO provides an application level introduction using = vouchers as well. This work has been taken up by the FIDO alliance. >>> The Wifi Alliance has Device Provisioning Protocol (DPP) which does = not attach to a global name space prior to provisioning having occurred, = but does represent a minimum case (just public keys). >>> draft-friel-eap-tls-eap-dpp borrows from DPP, intended mostly for = wired use, where DPP is focused on 802.11 networks. >>> There are a number of BRSKI related drafts by Owen as well, relating = to cloud-based registrars. >>> There is also work by Michael Richardson and Peter Van Der Stock on = constrained vouchers. That work is taking place in ACE. >>>=20 >>> Understanding the landscape might help us understand where DANE fits = in. >>>=20 >>> Regards, >>>=20 >>> Eliot >>> -- >>> Iot-onboarding mailing list >>> Iot-onboarding@ietf.org >>> https://www.ietf.org/mailman/listinfo/iot-onboarding = >>=20 >>=20 >>=20 >> _______________________________________________ >> Secdispatch mailing list >> Secdispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/secdispatch = --Apple-Mail=_2F638C12-0B23-4353-A33B-0C9935CA585B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Hi Mohit,

Your confusion is entirely understandable.  There the = term means different things at different layers at this point.  Let = me clarify:

  • In the general context, a peer is = the other side of a connection.
  • In the EAP case, = it=E2=80=99s the end device looking to be authenticated by an = authenticator.

I think both uses are in context for this discussion=E2=80=A6 = sadly.

Eliot

On 18 = Nov 2020, at 13:10, Mohit Sethi M <mohit.m.sethi=3D40ericsson.com@dmarc.ietf.org> = wrote:

Hi Eliot,

I find your use = of the term peer confusing. Let me explain what I mean with this table = on various terms for an EAP-TLS implementation:


   =
+-------------+---------------+-----------------+-------------------+
   |             | Device        | Gateway         | Server            |
   +-------------+---------------+-----------------+-------------------+
   | TLS         | Client        |                 | Server            |
   |             |               |                 |                   |
   | EAP/AAA     | Peer          | Authenticator   | EAP server/backend|
   |             |               |                 | auth server       |
   |             |               |                 |                   |
   | 802.1x      | Supplicant    | Authenticator   | Authentication    |
   |             |               |                 | server (AS)       |
   |             |               |                 |                   |
   | RADIUS      |               | Network access  | RADIUS server     |
   |             |               | server (NAS)    |                   |
   |             |               |                 |                   |
   | 802.11      | Station       | Access Point    |                   |
   =
+-------------+---------------+-----------------+-------------------+

Assuming email = clients are able to render this ascii table correctly, I hope you = understand that in some contexts, the device is the peer. When you say = proving peer to device, and device to peer, I am unsure if you are = referring to a server or a smartphone that acts as a companion device during bootstrapping.

I don't want to be the terminology police here asking = people to be more cautious with the usage of terms. I also understand = the reality that companies are often forced to do branding to look cool = and perhaps improve chances of adoption.

Maybe as protocol engineers we can do somewhat better? = I thought we already had too many terms for device: = station/peer/client/supplicant. And then I saw the term pledge. Good = luck trying to teach network security to new folks. No wonder many = students I encounter now want to do AI or javascript but not low-level protocols. = I am similarly not enthusiastic with usage of loose terms such as = onboarding. At least in my study of several different systems including = bluetooth/wi-fi/LWM2M: they principally follow the same terminology = pattern: bootstrapping and authentication followed by = provisioning/configuration. You could point me to OCF which uses = onboarding but we don't have to make the same mistakes as another SDO.

--Mohit

On 11/16/20 2:50 PM, Eliot Lear wrote:
Hi Wei Pan,

I agree with you that there is a need for something that = doesn=E2=80=99t require devices to have a full PKI built in.  But = there needs to be something unique about the device that it can = express and prove.  Also, we should separate out two = problems:

  • Proving the peer to the device
  • Providing= the device to the peer

Each has slightly different characteristics, especially = when it comes to certificates.  Nobody should expect a huge cert = store to be on a light weight client.  As was said in the chat, = that is one thing that BRSKI solves.  But DPP/POK also solves it without certificates, but still requires at least a public/private = key pair. Less than that I do not know how to work the problem.

Eliot

On 16 Nov 2020, at 13:02, Panwei (William) <william.panwei@huawei.com> wrote:

Thanks to Eliot for summarizing these.
 
I think the core concept of using DANE in IoT scenario is = to get rid of certificates and PKIX. The solution of how to securely = onboard the IoT devices and allocate the DNS domain name, both with and without initial = certificates, is the key part to figure out.
If the IoT devices have no initial certificates, such as = 802.1AR IDevID certificate, as their initial identity, then the BRSKI = mechanism won=E2=80=99t be appropriate for these devices because BRSKI has a requirement of IDevID.
If the IoT devices have an IDevID certificate, I think it = can still use BRSKI to onboard, but it won=E2=80=99t use EST to request = a certificate any more, instead, it will apply for a DNS domain name by using some protocols.
 
That=E2=80=99s my preliminary thoughts, maybe not = right.
 
Regards = & Thanks!
Wei Pan
 
From: Secdispatch [mailto:secdispatch-bounces@ietf.org] On Behalf Of Eliot = Lear
Sent: Monday, November 16, 2020 = 6:55 PM
To: secdispatch@ietf.org
Subject: [Secdispatch] DANE IOT = proposed outcome
 
Thanks to Shumon for presenting the = DANE use case for IOT.
 
We discussed taking this to the iot-onboarding@ietf.org list as there were a number of rather big open issues that people wanted to = discuss.
 
We also discussed a non-WG forming BOF = to look at, as Ted put it, the broader context for onboarding.  To = give people a feel for the sort of related work that is available, here = are a list of related activities:
 
  • draft-ietf-anima-bootstrapping-keyinfra = (BRSKI) is a request/response mechanism that uses RFC 8366 vouchers to = introduce devices and network infrastructure.
  • Intel=E2=80=99s SDO provides an = application level introduction using vouchers as well.  This work = has been taken up by the FIDO alliance.
  • The Wifi Alliance has Device = Provisioning Protocol (DPP) which does not attach to a global name space = prior to provisioning having occurred, but does represent a minimum case = (just public keys).
  • draft-friel-eap-tls-eap-dpp borrows from = DPP, intended mostly for wired use, where DPP is focused on 802.11 = networks.
  • There are a number of BRSKI related = drafts by Owen as well, relating to cloud-based registrars.
  • There is also work by Michael Richardson = and Peter Van Der Stock on constrained vouchers.  That work is = taking place in ACE.
 
Understanding the landscape might help = us understand where DANE fits in.
 
Regards,
 
Eliot
-- 
Iot-onboarding mailing list
Iot-onboarding@ietf.org
https://www.ietf.org/mailman/listinfo/iot-onboard= ing


_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.org
https://www.iet=
f.org/mailman/listinfo/secdispatch

= --Apple-Mail=_2F638C12-0B23-4353-A33B-0C9935CA585B-- --Apple-Mail=_A8FAEBE5-FD39-46EE-833C-7A00506B26DF Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEmNC9kEYdsJKnsmEdh7ZrRtnSejMFAl+1G6MACgkQh7ZrRtnS ejNPHQf/VXvTN97LX5Zk7hr73VI6TeQkIDFPGMfUMboIio02jBisvjhax6OvB4Jc SNbQLbMQ5YPdTGH/nqaEwtgnj/7kdHr33Obu00hL2UAdPWslt58GsCBwp58Z5ZTP cUWaEyoIWaf/UFbvOqb94BEV2uriyBiJJEDAlT4Eij8e/7/AMcdacWQdkREMfGdE 6wSrYemY9WpBCgdQQBDu7x52tRR8cpG0xSCN3vi10xOHNWF3OXfz/KsPWWlB2QIk qCtp5PQPNvePLL3x/zsUlALiu40hwy1gtPsNJ9I1B1XtT7E9Pw0PBCDSmu8IgpGY KG7qVyoL1gEymrdFJckxQ0loTs+mIg== =ALBf -----END PGP SIGNATURE----- --Apple-Mail=_A8FAEBE5-FD39-46EE-833C-7A00506B26DF-- From nobody Wed Nov 18 06:10:14 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B3F53A0937; Wed, 18 Nov 2020 06:10:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ExLVXaQ41S7F; Wed, 18 Nov 2020 06:10:07 -0800 (PST) Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 810873A08EB; Wed, 18 Nov 2020 06:10:07 -0800 (PST) Received: by mail-ej1-x633.google.com with SMTP id i19so2917406ejx.9; Wed, 18 Nov 2020 06:10:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=I+lruvO1GHoYT49K1Vwn16xoJ9TtVkL1xFXefRx0j2M=; b=LgjaCpgVWY8EY5wvedBy5s42GbJXVyCERlfaxnDKT1ECMV50JFwP/CeObzBwNK4WsW 0J7Hr+YNo5yUoR9w5fGFWqPxKyO2XIYMa/tfpY+MElAWgfCvfLjQt4PWWYT9MBoY/YPB 981qZm1E1tt3h3U9F3NK0Xxptd2f99eJ+NORJEJ3rKNgZsEmd+YosFhsd1caSFHeJVIO 2XXhIkDZId70BCIPB4J40cZcplrEPf+jTRX3WHHKigaZyLsSdr8m2r0UqWjCikRYY/tQ 5MRYj6aa8zGq1YVYGsqu1Yqak999InMR/mfsBeBuKhXb2QJst6Oo6tQtYR04qfwpXcgK /3zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=I+lruvO1GHoYT49K1Vwn16xoJ9TtVkL1xFXefRx0j2M=; b=ajDGe8mbftBXc6KDNx/z1n45IQSOHHOkyZCFPfbw+iSGVj05L0+bJqrNcZtkC3XWRW kxgi2SXMcTmMZJN4EBj7gHaL3GTrYzE2EA/zj+XibtAW715lBTVKgIv7FWjR4V+SxHEj NIIb3U6Pdldrd/ggZHzrvpVsJ7c3AnUP9nwkVxr5tJJqAm+pANxNiNGOjFgxlrmTvhTq RSMl3eAz8KLqTQ4B0st/SoPfZq3ii0AH0WNQEDTxJdNGSICK9Fxj0HH9jPoqx7EOkZ/w 3JNeaZ3NaE7EHnaWf8OPvUl7TIHLFrdnQgKjNcoTah1aVpvflrdeiX3AOjB5Orj0mO2D S9qg== X-Gm-Message-State: AOAM531JoCAiiA8WhZffdbSzcVK7PK1VOlFvqL+Q+wun9W0sxkWs6foN RKUPKutN5i1p5Hg6iGH7PrFiMvrG5M5Z9ps20pc= X-Google-Smtp-Source: ABdhPJxq/cvCkyHOYk+haHhJaTBrTZ71nGOLsnalGoC0Y+zWcRF1XLtZ73AjN+8ohPB5geAeLWd/cVyNbZ6xWlg9o0Q= X-Received: by 2002:a17:906:178b:: with SMTP id t11mr15714368eje.152.1605708605993; Wed, 18 Nov 2020 06:10:05 -0800 (PST) MIME-Version: 1.0 References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: From: Shumon Huque Date: Wed, 18 Nov 2020 09:09:54 -0500 Message-ID: To: Mohit Sethi M Cc: "iot-onboarding@ietf.org" , IETF SecDispatch Content-Type: multipart/alternative; boundary="00000000000012b76e05b4622b3b" Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2020 14:10:10 -0000 --00000000000012b76e05b4622b3b Content-Type: text/plain; charset="UTF-8" On Wed, Nov 18, 2020 at 7:58 AM Mohit Sethi M wrote: > Hi Ash and Shumon, > > My understanding is that your solution is applicable to any scenario that > uses client certificates. Obviously IoT might be one application area for > this, but there are many other uses of client authentication with > certificates. > Mohit - yes, there are certainly other application use cases and the protocol is general purpose. Some SMTP transport security folks are interested in this to give one example. I don't have any strong opinions about whether this is useful or not. But > it might be good to have a separate focused DANE working group for these > drafts if there is strong demand for such a solution. Your presentation > also highlighted your intention of defining new RRtype and/or expanding the > scope of TLSA. These things (along with DANE light etc.) would require the > input of DNS and TLS folks (in addition to the IoT requirements). > Yup, we will certainly need to get their input on this topic. I think I saw a couple folks in the chat suggest resurrecting the DANE wg, which I'm open to, but there was pushback too (I think more detailed discussion on list was deemed necessary first). Also, I didn't understand how would server authentication work? I probably > did not listen to your presentation carefully enough but I suppose you > cannot use DANE for server authentication in scenarios where the client > device does not yet have Internet connectivity. So how would server > authentication work in EAP-TLS/SIM card/IoT bootstrapping scenarios you > discussed? > Yeah, the EAP-TLS case is trickier for DANE server authentication. There are possible mechanisms though - the TLS DNSSEC chain extension (which failed to gain consensus in the TLS WG a while back, but which will probably be published through the IETF's independent stream) would provide a way for the TLS server to deliver its DNS authentication chain inside the TLS handshake, obviating the need for the client to perform DNS queries prior to Internet connectivity. There are probably other solutions that could be devised. Shumon. --00000000000012b76e05b4622b3b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, Nov 18, 2020 at 7:58 AM Mohit Set= hi M <mohit.m.sethi=3D4= 0ericsson.com@dmarc.ietf.org> wrote:

Hi Ash and Shumon,

My understanding is that your solution is applicable to any scenario that u= ses client certificates. Obviously IoT might be one application area for th= is, but there are many other uses of client authentication with certificate= s.

Mohit - yes, there are certainly other applic= ation use cases and the protocol is general purpose. Some SMTP transport se= curity folks are interested in this to give one example.

=

I don'= t have any strong opinions about whether this is useful or not. But it might be good to have a separa= te focused DANE working group for these drafts if there is strong demand fo= r such a solution. Your presentation also highlighted your intention of def= ining new RRtype and/or expanding the scope of TLSA. These things (along with DANE light etc.) would require= the input of DNS and TLS folks (in addition to the IoT requirements).


Yup, we will certainly need = to get their input on this topic. I think I saw a couple folks in the chat = suggest resurrecting the DANE wg, which I'm open to, but there was push= back too (I think more detailed discussion on list was deemed necessary fir= st).

Also, I didn't understand how would server authentication work? I pr= obably did not listen to your presentation carefully enough but I suppose y= ou cannot use DANE for server authentication in scenarios where the client = device does not yet have Internet connectivity. So how would server authentication work in EAP-TLS/SIM card/IoT bootstrapp= ing scenarios you discussed?


Yeah,= the EAP-TLS case is trickier for DANE server authentication. There are pos= sible mechanisms though - the TLS DNSSEC chain extension (which failed to g= ain consensus in the TLS WG a while back, but which will probably be publis= hed through the IETF's independent stream) would provide a way for the = TLS server to deliver its DNS authentication chain inside the TLS handshake= , obviating the need for the client to perform DNS queries prior to Interne= t connectivity. There are probably other solutions that could be devised.

Shu= mon.

--00000000000012b76e05b4622b3b-- From nobody Wed Nov 18 07:10:17 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CD913A0AC4; Wed, 18 Nov 2020 07:10:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WO89xVbLtHUa; Wed, 18 Nov 2020 07:10:10 -0800 (PST) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00047.outbound.protection.outlook.com [40.107.0.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2636B3A0AAD; Wed, 18 Nov 2020 07:10:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qec3iXH3AkitBU629P2HJ6Ff+PYphqzqYKYisz7B/yQ24ryK3+corFWV5MAn3OXME/YUaa7/5WeS5iXh9CzFGvTPd9aC1oI4IzgwpQAP8lRzPbIvQ0hb+V4AmfLRLU/c1FQjhJ7EtKVPrlJDV0N5EIy27hrREGUua1KqdyEUr4//67J9dpE6wxTdFSaKJEFADNQ7ePEgQO+fva+4ogjHmNcevG4sOubLSIJ9prKMAFzoMYWSR9kKG9Zv7t1MCHlVZZpAJ4eU7BaFrI152Di4wxWDfk6YBnp6E5uMXRP5ngvU9bDkC1t8L0c1S45LkCislmO+sqdN5EXd01tLxWb6kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IUb8WPIGhvOiT9phvvaqALbKsd0suMDZiNSheYzXa90=; b=gz88/8vV3tetVeMDy1c/z64mk6p+Xwvij31977brT4JuSdl8qvIreDo5cIxXyVgx4smOhdMFhZg+elkggI8B7Kzr1h7X9IoOTS0cEFqhmHsdcrb4uXNQmWkHts3e90pr1YFv+gf1W4ZSFOMAxnPv+xMxUa1eU4uww7rwDIkXDp/p3WbvvjmDt6WFG40uc4SIAv6kzm3yt47niNvLcl7l5mKQWE6mqRTjmseYWClJB7qfcjcUYAH+A+bmuiWNHYOfMavu7GrMGI7JasaFq8GRRFa3vZAcAn+l/r59lfE0LeEb2zsDDUyD1VjmUcCeOdXI+0cg3rHQUajfZFLhYvv9ng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IUb8WPIGhvOiT9phvvaqALbKsd0suMDZiNSheYzXa90=; b=rU5XNPQCqFA3BgTm7tY2sPqxOMyItaT48x10VVVZMsBpnW6T2x+1vRHL6cAZ5PyIWJDHzxtGGKbnMkozv7Rg/N1RTgApTxtq7bBG9LLBU/uTGyWopkUKCpjO8wNHp5UM3vJnPBtHQr/haA+tNao/0PPujMD6KffOuEmwieXQhhw= Received: from VI1PR07MB3215.eurprd07.prod.outlook.com (2603:10a6:802:1c::21) by VI1PR0701MB6767.eurprd07.prod.outlook.com (2603:10a6:800:194::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.15; Wed, 18 Nov 2020 15:10:07 +0000 Received: from VI1PR07MB3215.eurprd07.prod.outlook.com ([fe80::a926:3f37:978b:e40e]) by VI1PR07MB3215.eurprd07.prod.outlook.com ([fe80::a926:3f37:978b:e40e%6]) with mapi id 15.20.3589.017; Wed, 18 Nov 2020 15:10:07 +0000 From: Mohit Sethi M To: Shumon Huque , Mohit Sethi M CC: "iot-onboarding@ietf.org" , IETF SecDispatch Thread-Topic: [Iot-onboarding] [Secdispatch] DANE IOT proposed outcome Thread-Index: AQHWvaqFnnGKZdDDOEyooCaxxNmdOanN7aQAgAAQ0gA= Date: Wed, 18 Nov 2020 15:10:07 +0000 Message-ID: <8f313965-c6e7-8c5f-4f04-9d3cd01ee41e@ericsson.com> References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com; x-originating-ip: [188.67.238.61] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cb689eed-d560-4f12-bb9f-08d88bd40952 x-ms-traffictypediagnostic: VI1PR0701MB6767: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Q4v33oecXCs0T9XDZ8kXmd9JqTLCIyKjUexqLnJcyym9i1+Trm6Lb3zNnYSpqGSJEDtfNTwWrW0PWdgnpi7vXaGVSP5MNIsxFbxoavyFK5ov3v/YiOqRef0/4ip54+kBcavKJbvs0SiY8vXQkfl4hWd9bpdIm43oKkstL8axtk+EN19j+MQ+J6LJU5hRyEPj0Lqvr9mGPVaX+wpa+9bxL1HFwzoLsDlodYcORP/RuINRd0GEclFIhoMZ6e39tPje1i/fuxKyomQOfpTK5LGXc3ESI89OtuvSFcOVWcWpL6U0SkLAHL6Uc8Ovo1JHSZXDeCpX2a6MVPqqLy+z5OR9shi2WD/J7FZ0E/GPEq9RfdrBv8Oe75MfmMKRM8EIf6pR x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB3215.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(396003)(376002)(136003)(346002)(6512007)(83380400001)(66446008)(31686004)(71200400001)(110136005)(86362001)(6506007)(54906003)(53546011)(4326008)(5660300002)(8936002)(36756003)(2906002)(478600001)(31696002)(64756008)(26005)(2616005)(6486002)(8676002)(66556008)(76116006)(66476007)(316002)(66574015)(91956017)(66946007)(186003)(43740500002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: eezZAmExzXar2Kgt/wkGQZjMQ2Gx9SOLhEE5qRN5tKbpHpFFiIhO9GCyzZcUJuUd6fqim/8BDYMhm4ORGqrsRdKCUGy3nlDPeBRwSOMO/qocw9oJXFbj7/8WmnwfTrrD613KLJuoLkmXWR515i2heQTmbYundxB7SskmGJX/7gJMeYC+jpFK8qsWG3IRKLgLs0wRPOSRnZrwQ/GdnhYfVN7A6ss15PwE3NHMl+N3gRIokZQma6Fb0aqTvu7Ws4dJDGBhcfenu4KZzaIYEjie97qUP7ZL7ASCvOOn1Tl8lXXMBUCXAy9AxhuwrQB5TuISHcWsKGfa41nFFSeMS8gG83t/HjNNs5yuPnv6KFbuHcMNui0Wwc6Iykvjk90eTYd5Ba7TXpRC7MwoTXgy9bpPdjat1k1jUiDuWCqpTc39trfOi6EHgGF0GlvW4PrJ/PJMW57ZgDHYudiErhKfiMMaJjRwPwtdxgBMV04QdSnsvn1Whbu1auMT1HkGFsgYE1AeJJLkeCUsNanlNdYtP/KZOTozWqFDN94EjJla4eVym37ZSXaja3h+4raoawH/gLxQbqfOnf9sKotyAKvVaumYPYYZgYX7Kyx9j5DDOyHE7JEvhlGOjrFQhmfhYWhFpIGVVi2zfDjZIHl8on8aKYR+RBTYMv6JNxSLCfr94oMjVjQj+YG7WOvVJR87vJ98EvTvoycuEhlG65IHXIpLxK1P848KWWIUx4Jw3cTSuAt4DG0EfUP5HqRLQ5FWifdWJR+fvYRaswtr8LhRI/b6VaB5yXYZGeQFQ4ptdyXo1iAA5sgmMDYmKwKVaWeiC5LkGeCuA8sTaANMl6X7Q8VffBbdoRsPAQSuPGBLywVJnRtr+0uCylQSdCIOSRJX0oAbgt+ssOUxHM80jaetRtmdeNA7tA== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_8f313965c6e78c5f4f049d3cd01ee41eericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB3215.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: cb689eed-d560-4f12-bb9f-08d88bd40952 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2020 15:10:07.7700 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: PRf5eHZizehOYu6mdEXPD4kIZHAN3Ij5ivgU3yNpRP5kedsHhSlIxrQyAqw7TrM9tMkv7H0Xwriq+5XUfIaGRYMhmt3EVPSyL4p5jTTR9Q4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB6767 Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2020 15:10:12 -0000 --_000_8f313965c6e78c5f4f049d3cd01ee41eericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgU2h1bW9uLA0KDQpXaHkgd29uJ3QgdGhlIHNhbWUgaXNzdWUgYXBwbHkgdG8gdGhlIElvVCBi b290c3RyYXBwaW5nIGFuZCB0aGUgU0lNIGNhcmQgdXNlIGNhc2UgeW91IGRlc2NyaWJlZC4gIFlv dSB3b3VsZCBsaWtlbHkgYXV0aGVudGljYXRlIHRoZSBzZXJ2ZXIgYmVmb3JlIHJldmVhbGluZyB0 aGUgY2xpZW50IGlkZW50aXR5LiBBbmQgdGhhdCBjYW5ub3QgaGFwcGVuIHdpdGggREFORSBiZWNh dXNlIG9mIGxhY2sgb2YgaW5pdGlhbCBJbnRlcm5ldCBjb25uZWN0aXZpdHkuIElmIHRoaXMgaXMg dGhlIGNhc2UsIHRoZW4gSSBmYWlsIHRvIHVuZGVyc3RhbmQgc29tZSBvZiB0aGUgZXhjaXRlbWVu dCBmb3IgdXNlIGluIElvVCBib290c3RyYXBwaW5nLiBBbHNvLCBJIGFtIG5vdCBzdXJlIGlmIHZl cmlmeWluZyBETlNTRUMgc2lnbmF0dXJlcyBzZW50IGluc2lkZSB0aGUgcHJvcG9zZWQgVExTIGV4 dGVuc2lvbiB3b3VsZCBiZSBzaW1wbGUgYW5kIGxpZ2h0d2VpZ2h0IGZvciBJb1QgZGV2aWNlcz8N Cg0KLS1Nb2hpdA0KDQpPbiAxMS8xOC8yMCA0OjA5IFBNLCBTaHVtb24gSHVxdWUgd3JvdGU6DQpP biBXZWQsIE5vdiAxOCwgMjAyMCBhdCA3OjU4IEFNIE1vaGl0IFNldGhpIE0gPG1vaGl0Lm0uc2V0 aGk9NDBlcmljc3Nvbi5jb21AZG1hcmMuaWV0Zi5vcmc8bWFpbHRvOjQwZXJpY3Nzb24uY29tQGRt YXJjLmlldGYub3JnPj4gd3JvdGU6DQoNCkhpIEFzaCBhbmQgU2h1bW9uLA0KDQpNeSB1bmRlcnN0 YW5kaW5nIGlzIHRoYXQgeW91ciBzb2x1dGlvbiBpcyBhcHBsaWNhYmxlIHRvIGFueSBzY2VuYXJp byB0aGF0IHVzZXMgY2xpZW50IGNlcnRpZmljYXRlcy4gT2J2aW91c2x5IElvVCBtaWdodCBiZSBv bmUgYXBwbGljYXRpb24gYXJlYSBmb3IgdGhpcywgYnV0IHRoZXJlIGFyZSBtYW55IG90aGVyIHVz ZXMgb2YgY2xpZW50IGF1dGhlbnRpY2F0aW9uIHdpdGggY2VydGlmaWNhdGVzLg0KDQpNb2hpdCAt IHllcywgdGhlcmUgYXJlIGNlcnRhaW5seSBvdGhlciBhcHBsaWNhdGlvbiB1c2UgY2FzZXMgYW5k IHRoZSBwcm90b2NvbCBpcyBnZW5lcmFsIHB1cnBvc2UuIFNvbWUgU01UUCB0cmFuc3BvcnQgc2Vj dXJpdHkgZm9sa3MgYXJlIGludGVyZXN0ZWQgaW4gdGhpcyB0byBnaXZlIG9uZSBleGFtcGxlLg0K DQoNCkkgZG9uJ3QgaGF2ZSBhbnkgc3Ryb25nIG9waW5pb25zIGFib3V0IHdoZXRoZXIgdGhpcyBp cyB1c2VmdWwgb3Igbm90LiBCdXQgaXQgbWlnaHQgYmUgZ29vZCB0byBoYXZlIGEgc2VwYXJhdGUg Zm9jdXNlZCBEQU5FIHdvcmtpbmcgZ3JvdXAgZm9yIHRoZXNlIGRyYWZ0cyBpZiB0aGVyZSBpcyBz dHJvbmcgZGVtYW5kIGZvciBzdWNoIGEgc29sdXRpb24uIFlvdXIgcHJlc2VudGF0aW9uIGFsc28g aGlnaGxpZ2h0ZWQgeW91ciBpbnRlbnRpb24gb2YgZGVmaW5pbmcgbmV3IFJSdHlwZSBhbmQvb3Ig ZXhwYW5kaW5nIHRoZSBzY29wZSBvZiBUTFNBLiBUaGVzZSB0aGluZ3MgKGFsb25nIHdpdGggREFO RSBsaWdodCBldGMuKSB3b3VsZCByZXF1aXJlIHRoZSBpbnB1dCBvZiBETlMgYW5kIFRMUyBmb2xr cyAoaW4gYWRkaXRpb24gdG8gdGhlIElvVCByZXF1aXJlbWVudHMpLg0KDQpZdXAsIHdlIHdpbGwg Y2VydGFpbmx5IG5lZWQgdG8gZ2V0IHRoZWlyIGlucHV0IG9uIHRoaXMgdG9waWMuIEkgdGhpbmsg SSBzYXcgYSBjb3VwbGUgZm9sa3MgaW4gdGhlIGNoYXQgc3VnZ2VzdCByZXN1cnJlY3RpbmcgdGhl IERBTkUgd2csIHdoaWNoIEknbSBvcGVuIHRvLCBidXQgdGhlcmUgd2FzIHB1c2hiYWNrIHRvbyAo SSB0aGluayBtb3JlIGRldGFpbGVkIGRpc2N1c3Npb24gb24gbGlzdCB3YXMgZGVlbWVkIG5lY2Vz c2FyeSBmaXJzdCkuDQoNCg0KQWxzbywgSSBkaWRuJ3QgdW5kZXJzdGFuZCBob3cgd291bGQgc2Vy dmVyIGF1dGhlbnRpY2F0aW9uIHdvcms/IEkgcHJvYmFibHkgZGlkIG5vdCBsaXN0ZW4gdG8geW91 ciBwcmVzZW50YXRpb24gY2FyZWZ1bGx5IGVub3VnaCBidXQgSSBzdXBwb3NlIHlvdSBjYW5ub3Qg dXNlIERBTkUgZm9yIHNlcnZlciBhdXRoZW50aWNhdGlvbiBpbiBzY2VuYXJpb3Mgd2hlcmUgdGhl IGNsaWVudCBkZXZpY2UgZG9lcyBub3QgeWV0IGhhdmUgSW50ZXJuZXQgY29ubmVjdGl2aXR5LiBT byBob3cgd291bGQgc2VydmVyIGF1dGhlbnRpY2F0aW9uIHdvcmsgaW4gRUFQLVRMUy9TSU0gY2Fy ZC9Jb1QgYm9vdHN0cmFwcGluZyBzY2VuYXJpb3MgeW91IGRpc2N1c3NlZD8NCg0KWWVhaCwgdGhl IEVBUC1UTFMgY2FzZSBpcyB0cmlja2llciBmb3IgREFORSBzZXJ2ZXIgYXV0aGVudGljYXRpb24u IFRoZXJlIGFyZSBwb3NzaWJsZSBtZWNoYW5pc21zIHRob3VnaCAtIHRoZSBUTFMgRE5TU0VDIGNo YWluIGV4dGVuc2lvbiAod2hpY2ggZmFpbGVkIHRvIGdhaW4gY29uc2Vuc3VzIGluIHRoZSBUTFMg V0cgYSB3aGlsZSBiYWNrLCBidXQgd2hpY2ggd2lsbCBwcm9iYWJseSBiZSBwdWJsaXNoZWQgdGhy b3VnaCB0aGUgSUVURidzIGluZGVwZW5kZW50IHN0cmVhbSkgd291bGQgcHJvdmlkZSBhIHdheSBm b3IgdGhlIFRMUyBzZXJ2ZXIgdG8gZGVsaXZlciBpdHMgRE5TIGF1dGhlbnRpY2F0aW9uIGNoYWlu IGluc2lkZSB0aGUgVExTIGhhbmRzaGFrZSwgb2J2aWF0aW5nIHRoZSBuZWVkIGZvciB0aGUgY2xp ZW50IHRvIHBlcmZvcm0gRE5TIHF1ZXJpZXMgcHJpb3IgdG8gSW50ZXJuZXQgY29ubmVjdGl2aXR5 LiBUaGVyZSBhcmUgcHJvYmFibHkgb3RoZXIgc29sdXRpb25zIHRoYXQgY291bGQgYmUgZGV2aXNl ZC4NCg0KU2h1bW9uLg0KDQoNCg0K --_000_8f313965c6e78c5f4f049d3cd01ee41eericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <9929D15318CA2D40874BBB3F9676F14B@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5Pg0KPHA+SGkgU2h1bW9u LDwvcD4NCjxwPldoeSB3b24ndCB0aGUgc2FtZSBpc3N1ZSBhcHBseSB0byB0aGUgSW9UIGJvb3Rz dHJhcHBpbmcgYW5kIHRoZSBTSU0gY2FyZCB1c2UgY2FzZSB5b3UgZGVzY3JpYmVkLiZuYnNwOyBZ b3Ugd291bGQgbGlrZWx5IGF1dGhlbnRpY2F0ZSB0aGUgc2VydmVyIGJlZm9yZSByZXZlYWxpbmcg dGhlIGNsaWVudCBpZGVudGl0eS4gQW5kIHRoYXQgY2Fubm90IGhhcHBlbiB3aXRoIERBTkUgYmVj YXVzZSBvZiBsYWNrIG9mIGluaXRpYWwgSW50ZXJuZXQgY29ubmVjdGl2aXR5Lg0KIElmIHRoaXMg aXMgdGhlIGNhc2UsIHRoZW4gSSBmYWlsIHRvIHVuZGVyc3RhbmQgc29tZSBvZiB0aGUgZXhjaXRl bWVudCBmb3IgdXNlIGluIElvVCBib290c3RyYXBwaW5nLiBBbHNvLCBJIGFtIG5vdCBzdXJlIGlm IHZlcmlmeWluZyBETlNTRUMgc2lnbmF0dXJlcyBzZW50IGluc2lkZSB0aGUgcHJvcG9zZWQgVExT IGV4dGVuc2lvbiB3b3VsZCBiZSBzaW1wbGUgYW5kIGxpZ2h0d2VpZ2h0IGZvciBJb1QgZGV2aWNl cz88YnI+DQo8YnI+DQotLU1vaGl0PGJyPg0KPC9wPg0KPGRpdiBjbGFzcz0ibW96LWNpdGUtcHJl Zml4Ij5PbiAxMS8xOC8yMCA0OjA5IFBNLCBTaHVtb24gSHVxdWUgd3JvdGU6PGJyPg0KPC9kaXY+ DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjaXRlPSJtaWQ6Q0FIUHVWZFZ5ZmlMYTBvbTg9LVda Kzh5dXRUT1lMTHJlMWZLa1NQakFkdmhuZmZRaGFnQG1haWwuZ21haWwuY29tIj4NCjxkaXYgZGly PSJsdHIiPg0KPGRpdiBkaXI9Imx0ciI+T24gV2VkLCBOb3YgMTgsIDIwMjAgYXQgNzo1OCBBTSBN b2hpdCBTZXRoaSBNICZsdDttb2hpdC5tLnNldGhpPTxhIGhyZWY9Im1haWx0bzo0MGVyaWNzc29u LmNvbUBkbWFyYy5pZXRmLm9yZyIgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIj40MGVyaWNzc29uLmNv bUBkbWFyYy5pZXRmLm9yZzwvYT4mZ3Q7IHdyb3RlOjxicj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0i Z21haWxfcXVvdGUiPg0KPGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0ibWFy Z2luOjBweCAwcHggMHB4DQogICAgICAgICAgICAwLjhleDtib3JkZXItbGVmdDoxcHggc29saWQN CiAgICAgICAgICAgIHJnYigyMDQsMjA0LDIwNCk7cGFkZGluZy1sZWZ0OjFleCI+DQo8ZGl2Pg0K PHA+SGkgQXNoIGFuZCBTaHVtb24sPGJyPg0KPGJyPg0KTXkgdW5kZXJzdGFuZGluZyBpcyB0aGF0 IHlvdXIgc29sdXRpb24gaXMgYXBwbGljYWJsZSB0byBhbnkgc2NlbmFyaW8gdGhhdCB1c2VzIGNs aWVudCBjZXJ0aWZpY2F0ZXMuIE9idmlvdXNseSBJb1QgbWlnaHQgYmUgb25lIGFwcGxpY2F0aW9u IGFyZWEgZm9yIHRoaXMsIGJ1dCB0aGVyZSBhcmUgbWFueSBvdGhlciB1c2VzIG9mIGNsaWVudCBh dXRoZW50aWNhdGlvbiB3aXRoIGNlcnRpZmljYXRlcy48L3A+DQo8L2Rpdj4NCjwvYmxvY2txdW90 ZT4NCjxkaXY+TW9oaXQgLSB5ZXMsIHRoZXJlIGFyZSBjZXJ0YWlubHkgb3RoZXIgYXBwbGljYXRp b24gdXNlIGNhc2VzIGFuZCB0aGUgcHJvdG9jb2wgaXMgZ2VuZXJhbCBwdXJwb3NlLiBTb21lIFNN VFAgdHJhbnNwb3J0IHNlY3VyaXR5IGZvbGtzIGFyZSBpbnRlcmVzdGVkIGluIHRoaXMgdG8gZ2l2 ZSBvbmUgZXhhbXBsZS48YnI+DQo8L2Rpdj4NCjxkaXY+PGJyPg0KPC9kaXY+DQo8YmxvY2txdW90 ZSBjbGFzcz0iZ21haWxfcXVvdGUiIHN0eWxlPSJtYXJnaW46MHB4IDBweCAwcHgNCiAgICAgICAg ICAgIDAuOGV4O2JvcmRlci1sZWZ0OjFweCBzb2xpZA0KICAgICAgICAgICAgcmdiKDIwNCwyMDQs MjA0KTtwYWRkaW5nLWxlZnQ6MWV4Ij4NCjxkaXY+DQo8cD5JIGRvbid0IGhhdmUgYW55IHN0cm9u ZyBvcGluaW9ucyBhYm91dCB3aGV0aGVyIHRoaXMgaXMgdXNlZnVsIG9yIG5vdC4gQnV0IGl0IG1p Z2h0IGJlIGdvb2QgdG8gaGF2ZSBhIHNlcGFyYXRlIGZvY3VzZWQgREFORSB3b3JraW5nIGdyb3Vw IGZvciB0aGVzZSBkcmFmdHMgaWYgdGhlcmUgaXMgc3Ryb25nIGRlbWFuZCBmb3Igc3VjaCBhIHNv bHV0aW9uLiBZb3VyIHByZXNlbnRhdGlvbiBhbHNvIGhpZ2hsaWdodGVkIHlvdXIgaW50ZW50aW9u IG9mDQogZGVmaW5pbmcgbmV3IFJSdHlwZSBhbmQvb3IgZXhwYW5kaW5nIHRoZSBzY29wZSBvZiBU TFNBLiBUaGVzZSB0aGluZ3MgKGFsb25nIHdpdGggREFORSBsaWdodCBldGMuKSB3b3VsZCByZXF1 aXJlIHRoZSBpbnB1dCBvZiBETlMgYW5kIFRMUyBmb2xrcyAoaW4gYWRkaXRpb24gdG8gdGhlIElv VCByZXF1aXJlbWVudHMpLg0KPGJyPg0KPC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2 Pjxicj4NCjwvZGl2Pg0KPGRpdj5ZdXAsIHdlIHdpbGwgY2VydGFpbmx5IG5lZWQgdG8gZ2V0IHRo ZWlyIGlucHV0IG9uIHRoaXMgdG9waWMuIEkgdGhpbmsgSSBzYXcgYSBjb3VwbGUgZm9sa3MgaW4g dGhlIGNoYXQgc3VnZ2VzdCByZXN1cnJlY3RpbmcgdGhlIERBTkUgd2csIHdoaWNoIEknbSBvcGVu IHRvLCBidXQgdGhlcmUgd2FzIHB1c2hiYWNrIHRvbyAoSSB0aGluayBtb3JlIGRldGFpbGVkIGRp c2N1c3Npb24gb24gbGlzdCB3YXMgZGVlbWVkIG5lY2Vzc2FyeSBmaXJzdCkuPGJyPg0KPC9kaXY+ DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHls ZT0ibWFyZ2luOjBweCAwcHggMHB4DQogICAgICAgICAgICAwLjhleDtib3JkZXItbGVmdDoxcHgg c29saWQNCiAgICAgICAgICAgIHJnYigyMDQsMjA0LDIwNCk7cGFkZGluZy1sZWZ0OjFleCI+DQo8 ZGl2Pg0KPHA+PC9wPg0KPHA+QWxzbywgSSBkaWRuJ3QgdW5kZXJzdGFuZCBob3cgd291bGQgc2Vy dmVyIGF1dGhlbnRpY2F0aW9uIHdvcms/IEkgcHJvYmFibHkgZGlkIG5vdCBsaXN0ZW4gdG8geW91 ciBwcmVzZW50YXRpb24gY2FyZWZ1bGx5IGVub3VnaCBidXQgSSBzdXBwb3NlIHlvdSBjYW5ub3Qg dXNlIERBTkUgZm9yIHNlcnZlciBhdXRoZW50aWNhdGlvbiBpbiBzY2VuYXJpb3Mgd2hlcmUgdGhl IGNsaWVudCBkZXZpY2UgZG9lcyBub3QgeWV0IGhhdmUgSW50ZXJuZXQgY29ubmVjdGl2aXR5Lg0K IFNvIGhvdyB3b3VsZCBzZXJ2ZXIgYXV0aGVudGljYXRpb24gd29yayBpbiBFQVAtVExTL1NJTSBj YXJkL0lvVCBib290c3RyYXBwaW5nIHNjZW5hcmlvcyB5b3UgZGlzY3Vzc2VkPzxicj4NCjwvcD4N CjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj48YnI+DQo8L2Rpdj4NClllYWgsIHRoZSBFQVAt VExTIGNhc2UgaXMgdHJpY2tpZXIgZm9yIERBTkUgc2VydmVyIGF1dGhlbnRpY2F0aW9uLiBUaGVy ZSBhcmUgcG9zc2libGUgbWVjaGFuaXNtcyB0aG91Z2ggLSB0aGUgVExTIEROU1NFQyBjaGFpbiBl eHRlbnNpb24gKHdoaWNoIGZhaWxlZCB0byBnYWluIGNvbnNlbnN1cyBpbiB0aGUgVExTIFdHIGEg d2hpbGUgYmFjaywgYnV0IHdoaWNoIHdpbGwgcHJvYmFibHkgYmUgcHVibGlzaGVkIHRocm91Z2gg dGhlIElFVEYncyBpbmRlcGVuZGVudA0KIHN0cmVhbSkgd291bGQgcHJvdmlkZSBhIHdheSBmb3Ig dGhlIFRMUyBzZXJ2ZXIgdG8gZGVsaXZlciBpdHMgRE5TIGF1dGhlbnRpY2F0aW9uIGNoYWluIGlu c2lkZSB0aGUgVExTIGhhbmRzaGFrZSwgb2J2aWF0aW5nIHRoZSBuZWVkIGZvciB0aGUgY2xpZW50 IHRvIHBlcmZvcm0gRE5TIHF1ZXJpZXMgcHJpb3IgdG8gSW50ZXJuZXQgY29ubmVjdGl2aXR5LiBU aGVyZSBhcmUgcHJvYmFibHkgb3RoZXIgc29sdXRpb25zIHRoYXQgY291bGQgYmUgZGV2aXNlZC48 YnI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9ImdtYWlsX3F1b3RlIj48YnI+DQo8L2Rpdj4NCjxkaXYg Y2xhc3M9ImdtYWlsX3F1b3RlIj5TaHVtb24uPC9kaXY+DQo8ZGl2IGNsYXNzPSJnbWFpbF9xdW90 ZSI+PGJyPg0KPC9kaXY+DQo8L2Rpdj4NCjxicj4NCjxmaWVsZHNldCBjbGFzcz0ibWltZUF0dGFj aG1lbnRIZWFkZXIiPjwvZmllbGRzZXQ+IDwvYmxvY2txdW90ZT4NCjwvYm9keT4NCjwvaHRtbD4N Cg== --_000_8f313965c6e78c5f4f049d3cd01ee41eericssoncom_-- From nobody Wed Nov 18 07:48:30 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 194703A0B91; Wed, 18 Nov 2020 07:48:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.096 X-Spam-Level: X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sMh0XXu_7GoQ; Wed, 18 Nov 2020 07:48:23 -0800 (PST) Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4575C3A03FC; Wed, 18 Nov 2020 07:48:23 -0800 (PST) Received: by mail-ed1-x52c.google.com with SMTP id k4so2523779edl.0; Wed, 18 Nov 2020 07:48:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8c4DWjtDrxYPH+TQthsBtTMUmnOD+MRUhCfBYu50cUY=; b=XAKW/Efujs/NF38LEdKZLTDYSAd1hUtHlDSd7yLGA5H0QzL5bTmHdMwp6StSsCnrGM eg5PNPiYzU6fYLeSogo3y4gkVEcXYSrTAGEcKGo8DtpunSONqjMInPNMpyq+46NO/His vwxz0s86OSBq2ycpgfbok39QCWcbygzvBmDB/gnu0djdLyAZ4TgBlyFFUM3VVIYZUsPh 1bFkJuqgBxKMLYPcMi70OYbDskltDH64lDK23BnX3RYKeP8+my/Ld3rKnhfy8yhxUV6i 69dDeWetX8GYzSRdirTqf/HYAnK5XZYm40Hqf7oUdy9foApSjveAnRuF0zYeDihXmDre ZV/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8c4DWjtDrxYPH+TQthsBtTMUmnOD+MRUhCfBYu50cUY=; b=Gy7D/PdAFbNfcLbZ1jQ6GeDxAxmsnvyCEB2G7jagzo1xWpSfE0wWAmu7piBcDy47Jy YJOJQ1+HkPDS7tUQwoM0Qp6mjNA9JEY2SN5nRxwUkC53cywhVFws6//5rTLIUxY2qlol NkSradpXNtdPHELkRWyC7qFsGEtfczhrg9XqB8DqRLxmrdsd9DblrY9dQf9v+9Ml91Tb 1NXjUJctDfpXtglaVdX40EXqzJlFYoB50pp6hbwRik0++9hgZakw+lcr8T7G9O5NzyFA BuUQ/64Eip2GNsU7ye+/biFa8O26tIdluoXclpfq8oyNW+pGjEKuAeMSF2RwgtiSak8o JhoQ== X-Gm-Message-State: AOAM531k+3Ht6xqs+yD9u4vSkInTNRcBThsoWK46GbJ9eDN8IYfAjZjs +wCUKbMpKY8uPThPiahsEfIRgUxrbLQ7cKYZrgbbpTdWv0A= X-Google-Smtp-Source: ABdhPJwQQpkrYZvI5HTJQXD7WkCvmtkL2KUfjD9Ifa8PxFAD42XmgrVydtBRkjyaPtbjzy8ysICR0Yz+/j0thM5zmpk= X-Received: by 2002:a05:6402:16d6:: with SMTP id r22mr27029961edx.246.1605714501758; Wed, 18 Nov 2020 07:48:21 -0800 (PST) MIME-Version: 1.0 References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> <8f313965-c6e7-8c5f-4f04-9d3cd01ee41e@ericsson.com> In-Reply-To: <8f313965-c6e7-8c5f-4f04-9d3cd01ee41e@ericsson.com> From: Shumon Huque Date: Wed, 18 Nov 2020 10:48:10 -0500 Message-ID: To: Mohit Sethi M Cc: Mohit Sethi M , "iot-onboarding@ietf.org" , IETF SecDispatch Content-Type: multipart/alternative; boundary="0000000000007cf7f605b4638a82" Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2020 15:48:25 -0000 --0000000000007cf7f605b4638a82 Content-Type: text/plain; charset="UTF-8" I assume we can cover this at tomorrow's side meeting. I'm not fully informed of the details of the network access authentication use case specifically (I'm sure Ash will elaborate), but I assume there are other possibilities for authenticating the server side in those environments, such as straight PKIX auth with a pre-provisioned small trust anchor set. Shumon. On Wed, Nov 18, 2020 at 10:10 AM Mohit Sethi M wrote: > Hi Shumon, > > Why won't the same issue apply to the IoT bootstrapping and the SIM card > use case you described. You would likely authenticate the server before > revealing the client identity. And that cannot happen with DANE because of > lack of initial Internet connectivity. If this is the case, then I fail to > understand some of the excitement for use in IoT bootstrapping. Also, I am > not sure if verifying DNSSEC signatures sent inside the proposed TLS > extension would be simple and lightweight for IoT devices? > > --Mohit > On 11/18/20 4:09 PM, Shumon Huque wrote: > > On Wed, Nov 18, 2020 at 7:58 AM Mohit Sethi M 40ericsson.com@dmarc.ietf.org> wrote: > >> Hi Ash and Shumon, >> >> My understanding is that your solution is applicable to any scenario that >> uses client certificates. Obviously IoT might be one application area for >> this, but there are many other uses of client authentication with >> certificates. >> > Mohit - yes, there are certainly other application use cases and the > protocol is general purpose. Some SMTP transport security folks are > interested in this to give one example. > > I don't have any strong opinions about whether this is useful or not. But >> it might be good to have a separate focused DANE working group for these >> drafts if there is strong demand for such a solution. Your presentation >> also highlighted your intention of defining new RRtype and/or expanding the >> scope of TLSA. These things (along with DANE light etc.) would require the >> input of DNS and TLS folks (in addition to the IoT requirements). >> > > Yup, we will certainly need to get their input on this topic. I think I > saw a couple folks in the chat suggest resurrecting the DANE wg, which I'm > open to, but there was pushback too (I think more detailed discussion on > list was deemed necessary first). > > Also, I didn't understand how would server authentication work? I probably >> did not listen to your presentation carefully enough but I suppose you >> cannot use DANE for server authentication in scenarios where the client >> device does not yet have Internet connectivity. So how would server >> authentication work in EAP-TLS/SIM card/IoT bootstrapping scenarios you >> discussed? >> > > Yeah, the EAP-TLS case is trickier for DANE server authentication. There > are possible mechanisms though - the TLS DNSSEC chain extension (which > failed to gain consensus in the TLS WG a while back, but which will > probably be published through the IETF's independent stream) would provide > a way for the TLS server to deliver its DNS authentication chain inside the > TLS handshake, obviating the need for the client to perform DNS queries > prior to Internet connectivity. There are probably other solutions that > could be devised. > > Shumon. > > > --0000000000007cf7f605b4638a82 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I assume we can cover this at tomorrow's side mee= ting. I'm not fully informed of the details of the network access authe= ntication use case specifically (I'm sure Ash will elaborate), but I as= sume there are other possibilities for authenticating the server side in th= ose environments, such as straight PKIX auth with a pre-provisioned small t= rust anchor set.

Shumon.

On Wed, Nov 18, 2020= at 10:10 AM Mohit Sethi M <mohit.m.sethi@ericsson.com> wrote:

Hi Shumon,

Why won't the same issue apply to the IoT bootstrapping and the SIM = card use case you described.=C2=A0 You would likely authenticate the server= before revealing the client identity. And that cannot happen with DANE bec= ause of lack of initial Internet connectivity. If this is the case, then I fail to understand some of the excitement for = use in IoT bootstrapping. Also, I am not sure if verifying DNSSEC signature= s sent inside the proposed TLS extension would be simple and lightweight fo= r IoT devices?

--Mohit

On 11/18/20 4:09 PM, Shumon Huque wrote:
On Wed, Nov 18, 2020 at 7:58 AM Mohit Sethi M <mohit.m.= sethi=3D= 40ericsson.com@dmarc.ietf.org> wrote:

Hi Ash and Shumon,

My understanding is that your solution is applicable to any scenario that u= ses client certificates. Obviously IoT might be one application area for th= is, but there are many other uses of client authentication with certificate= s.

Mohit - yes, there are certainly other application use cases and the p= rotocol is general purpose. Some SMTP transport security folks are interest= ed in this to give one example.

I don't have any strong opinions about whether this is useful or not= . But it might be good to have a separate focused DANE working group for th= ese drafts if there is strong demand for such a solution. Your presentation= also highlighted your intention of defining new RRtype and/or expanding the scope of TLSA. These things (alon= g with DANE light etc.) would require the input of DNS and TLS folks (in ad= dition to the IoT requirements).


Yup, we will certainly need to get their input on this topic. I think = I saw a couple folks in the chat suggest resurrecting the DANE wg, which I&= #39;m open to, but there was pushback too (I think more detailed discussion= on list was deemed necessary first).

Also, I didn't understand how would server authentication work? I pr= obably did not listen to your presentation carefully enough but I suppose y= ou cannot use DANE for server authentication in scenarios where the client = device does not yet have Internet connectivity. So how would server authentication work in EAP-TLS/SIM card/IoT bootstrapp= ing scenarios you discussed?


Yeah, the EAP-TLS case is trickier for DANE server authentication. There ar= e possible mechanisms though - the TLS DNSSEC chain extension (which failed= to gain consensus in the TLS WG a while back, but which will probably be p= ublished through the IETF's independent stream) would provide a way for the TLS server to deliver its DNS authenti= cation chain inside the TLS handshake, obviating the need for the client to= perform DNS queries prior to Internet connectivity. There are probably oth= er solutions that could be devised.

Shumon.


--0000000000007cf7f605b4638a82-- From nobody Wed Nov 18 10:38:18 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D244F3A064A for ; Wed, 18 Nov 2020 10:38:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gcaW_IPGYcfF for ; Wed, 18 Nov 2020 10:38:05 -0800 (PST) Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87A1C3A03FA for ; Wed, 18 Nov 2020 10:38:05 -0800 (PST) Received: by mail-qt1-x830.google.com with SMTP id z3so2364176qtw.9 for ; Wed, 18 Nov 2020 10:38:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RvSok90v9jWEK9JswVR8IGPWZXHzrzxgITwx2ZdLDgg=; b=DFeUCR7jm6aClrjn2Gr6vN193HSqRfZS18r4QMMHjBY4uu8KmrQB+XX1WljjF6IpTE Px5JBlQcrCnJRpIOS5plCuqs6Rb0deutwDGuws85h12r1RB4gONcZ2YBh1cm/D1/Q++G tgwNC2aRRgyzDUR1hQ/TjpHgFTkJqk8jUxc00Al0SCjqtnL97rKJTQPP3t+NNhPW+v3X gho4qty4KDyrHijg+oPDwsb1Sv87bqeSvtbVjgHU9bneGQH9QMm5jRP07DTyuWlFureG Q7RVJ3bx3yCFtBR/eHeO9QZwq+VYOUSRwVFvXlf0m5JEL3NXZ9m+zTL5t53IEV+1vVum nRTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RvSok90v9jWEK9JswVR8IGPWZXHzrzxgITwx2ZdLDgg=; b=V8ZCFfCEYgsoflpD+8OpBsWhnk8utzsXQm2ADigfGb6u9FKi+b88HFnuoJFQ5dNjCT o6O01uq0/5qLuWc7KU3E879SxK/4wNPDq2R6fswDU7PTie7XPLgbCfC1uoO7BkNb1Xhq VnOtOlnu1AK8Nu9/1gtCjRkWudN4BWpR+3bJgA4hHwTlvwBk/f3FiwJxTS3gCKq43CbP OPAKvvfvnyqR5XZ6Vt6NEVUEWe7A5nZgP5Q/6TDHzygNdXbgI8q6YQZZIuo9TMLEi67x PF0sNCDdYkJODMyZ/UWn46K3mvLCALf5NPwENWCUB1/g65DU4kyvqNbzFL98HmuWRX9z pXnw== X-Gm-Message-State: AOAM530dtr0K9uh1tLIuMBpjk6faqjNr9I8+NxLTiBs3W2KkRe622cyF LSSrVCJNIt2cS4HiiA9eYC2+412MVmG1xBbROaZuxQ== X-Google-Smtp-Source: ABdhPJyU727/tIB7yvvg6nG9b8UDZNNSjHS40AWcDLbahZHEZb46BlaI1b6WjneeQ98EgT1dPgacOoA8horTCU01yF4= X-Received: by 2002:a05:622a:14e:: with SMTP id v14mr5595428qtw.298.1605724684192; Wed, 18 Nov 2020 10:38:04 -0800 (PST) MIME-Version: 1.0 References: <2786E31F-2A4F-4901-8ECC-7AEF4B4D81E2@cisco.com> <8f313965-c6e7-8c5f-4f04-9d3cd01ee41e@ericsson.com> In-Reply-To: From: Ash Wilson Date: Wed, 18 Nov 2020 10:37:53 -0800 Message-ID: To: Shumon Huque Cc: Mohit Sethi M , "iot-onboarding@ietf.org" , IETF SecDispatch , Mohit Sethi M Content-Type: multipart/alternative; boundary="00000000000068a1f905b465e95e" Archived-At: Subject: Re: [Secdispatch] [Iot-onboarding] DANE IOT proposed outcome X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2020 18:38:09 -0000 --00000000000068a1f905b465e95e Content-Type: text/plain; charset="UTF-8" Hi Mohit, You are correct- using DANE for server authentication in use cases without Internet connectivity (EAP-TLS, for instance) is challenging, and may require other modifications to the process. It may make more sense for the EAP-TLS use case to use another mechanism like the TLS DNSSEC chain extension, or traditional PKI, to get around the lack of internet connectivity for the server part of mutual authentication. Using DANE for client identity is expected to work well because the authentication server typically has sufficient connectivity to interact with DNS. These proposals aren't intended to replace any identity bootstrapping protocols. Rather, they are intended to work in concert with existing protocols to make public keys easily discoverable. On Wed, Nov 18, 2020 at 7:48 AM Shumon Huque wrote: > I assume we can cover this at tomorrow's side meeting. I'm not fully > informed of the details of the network access authentication use case > specifically (I'm sure Ash will elaborate), but I assume there are other > possibilities for authenticating the server side in those environments, > such as straight PKIX auth with a pre-provisioned small trust anchor set. > > Shumon. > > On Wed, Nov 18, 2020 at 10:10 AM Mohit Sethi M > wrote: > >> Hi Shumon, >> >> Why won't the same issue apply to the IoT bootstrapping and the SIM card >> use case you described. You would likely authenticate the server before >> revealing the client identity. And that cannot happen with DANE because of >> lack of initial Internet connectivity. If this is the case, then I fail to >> understand some of the excitement for use in IoT bootstrapping. Also, I am >> not sure if verifying DNSSEC signatures sent inside the proposed TLS >> extension would be simple and lightweight for IoT devices? >> >> --Mohit >> On 11/18/20 4:09 PM, Shumon Huque wrote: >> >> On Wed, Nov 18, 2020 at 7:58 AM Mohit Sethi M > 40ericsson.com@dmarc.ietf.org> wrote: >> >>> Hi Ash and Shumon, >>> >>> My understanding is that your solution is applicable to any scenario >>> that uses client certificates. Obviously IoT might be one application area >>> for this, but there are many other uses of client authentication with >>> certificates. >>> >> Mohit - yes, there are certainly other application use cases and the >> protocol is general purpose. Some SMTP transport security folks are >> interested in this to give one example. >> >> I don't have any strong opinions about whether this is useful or not. But >>> it might be good to have a separate focused DANE working group for these >>> drafts if there is strong demand for such a solution. Your presentation >>> also highlighted your intention of defining new RRtype and/or expanding the >>> scope of TLSA. These things (along with DANE light etc.) would require the >>> input of DNS and TLS folks (in addition to the IoT requirements). >>> >> >> Yup, we will certainly need to get their input on this topic. I think I >> saw a couple folks in the chat suggest resurrecting the DANE wg, which I'm >> open to, but there was pushback too (I think more detailed discussion on >> list was deemed necessary first). >> >> Also, I didn't understand how would server authentication work? I >>> probably did not listen to your presentation carefully enough but I suppose >>> you cannot use DANE for server authentication in scenarios where the client >>> device does not yet have Internet connectivity. So how would server >>> authentication work in EAP-TLS/SIM card/IoT bootstrapping scenarios you >>> discussed? >>> >> >> Yeah, the EAP-TLS case is trickier for DANE server authentication. There >> are possible mechanisms though - the TLS DNSSEC chain extension (which >> failed to gain consensus in the TLS WG a while back, but which will >> probably be published through the IETF's independent stream) would provide >> a way for the TLS server to deliver its DNS authentication chain inside the >> TLS handshake, obviating the need for the client to perform DNS queries >> prior to Internet connectivity. There are probably other solutions that >> could be devised. >> >> Shumon. >> >> >> -- > Iot-onboarding mailing list > Iot-onboarding@ietf.org > https://www.ietf.org/mailman/listinfo/iot-onboarding > -- *Ash Wilson* | Technical Director *e:* ash.wilson@valimail.com This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. --00000000000068a1f905b465e95e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Mohit,
=C2=A0 You are correct- using DANE for serve= r authentication in use cases without Internet connectivity (EAP-TLS, for i= nstance) is challenging,=C2=A0and may require other=C2=A0modifications to t= he process. It may make more sense for the EAP-TLS use case to use another = mechanism like the TLS DNSSEC chain extension, or traditional PKI, to get a= round the lack of internet connectivity for the server part of mutual authe= ntication.=C2=A0

=C2=A0 Using DANE for client iden= tity is expected to work well because the authentication server typically h= as sufficient connectivity to interact with DNS.

= =C2=A0 These proposals=C2=A0aren't intended to replace any identity boo= tstrapping protocols. Rather, they are intended to work in concert with exi= sting protocols to make public keys easily discoverable.

On Wed, Nov 1= 8, 2020 at 7:48 AM Shumon Huque <shu= que@gmail.com> wrote:
I assume we can cover this at tomorrow&#= 39;s side meeting. I'm not fully informed of the details of the network= access authentication use case specifically (I'm sure Ash will elabora= te), but I assume there are other possibilities for authenticating the serv= er side in those environments, such as straight PKIX auth with a pre-provis= ioned small trust anchor set.

Shumon.
On Wed, N= ov 18, 2020 at 10:10 AM Mohit Sethi M <mohit.m.sethi@ericsson.com> wrote:

Hi Shumon,

Why won't the same issue apply to the IoT bootstrapping and the SIM = card use case you described.=C2=A0 You would likely authenticate the server= before revealing the client identity. And that cannot happen with DANE bec= ause of lack of initial Internet connectivity. If this is the case, then I fail to understand some of the excitement for = use in IoT bootstrapping. Also, I am not sure if verifying DNSSEC signature= s sent inside the proposed TLS extension would be simple and lightweight fo= r IoT devices?

--Mohit

On 11/18/20 4:09 PM, Shumon Huque wrote:
On Wed, Nov 18, 2020 at 7:58 AM Mohit Sethi M <mohit.m.= sethi=3D= 40ericsson.com@dmarc.ietf.org> wrote:

Hi Ash and Shumon,

My understanding is that your solution is applicable to any scenario that u= ses client certificates. Obviously IoT might be one application area for th= is, but there are many other uses of client authentication with certificate= s.

Mohit - yes, there are certainly other application use cases and the p= rotocol is general purpose. Some SMTP transport security folks are interest= ed in this to give one example.

I don't have any strong opinions about whether this is useful or not= . But it might be good to have a separate focused DANE working group for th= ese drafts if there is strong demand for such a solution. Your presentation= also highlighted your intention of defining new RRtype and/or expanding the scope of TLSA. These things (alon= g with DANE light etc.) would require the input of DNS and TLS folks (in ad= dition to the IoT requirements).


Yup, we will certainly need to get their input on this topic. I think = I saw a couple folks in the chat suggest resurrecting the DANE wg, which I&= #39;m open to, but there was pushback too (I think more detailed discussion= on list was deemed necessary first).

Also, I didn't understand how would server authentication work? I pr= obably did not listen to your presentation carefully enough but I suppose y= ou cannot use DANE for server authentication in scenarios where the client = device does not yet have Internet connectivity. So how would server authentication work in EAP-TLS/SIM card/IoT bootstrapp= ing scenarios you discussed?


Yeah, the EAP-TLS case is trickier for DANE server authentication. There ar= e possible mechanisms though - the TLS DNSSEC chain extension (which failed= to gain consensus in the TLS WG a while back, but which will probably be p= ublished through the IETF's independent stream) would provide a way for the TLS server to deliver its DNS authenti= cation chain inside the TLS handshake, obviating the need for the client to= perform DNS queries prior to Internet connectivity. There are probably oth= er solutions that could be devised.

Shumon.


--
Iot-onboarding mailing list
Iot-onboarding= @ietf.org
https://www.ietf.org/mailman/listinfo/iot-onboar= ding


--

Ash Wilson | Technical Dire= ctor


=

This email and all d= ata transmitted with it contains confidential and/or proprietary informatio= n intended solely for the use of individual(s) authorized to receive it. If= you are not an intended and authorized recipient you are hereby notified o= f any use, disclosure, copying or distribution of the information included = in this transmission is prohibited and may be unlawful. Please immediately = notify the sender by replying to this email and then delete it from your sy= stem.

--00000000000068a1f905b465e95e-- From nobody Fri Nov 20 02:17:27 2020 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B3483A1B76; Fri, 20 Nov 2020 02:17:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvvqVDYkiIVa; Fri, 20 Nov 2020 02:17:24 -0800 (PST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70040.outbound.protection.outlook.com [40.107.7.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA0893A1B79; Fri, 20 Nov 2020 02:17:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ULfRfmPh3k8a8nZBw8CUFQSc+uK7qHmmgsarAP3lTaUREq65wD8nuv5YcxaTAKP4TBGogkASi60xCvHmAmlCsRenNkbq/G+Q+cSxXds4xQeDxL378zOT9JSLJlBxJmpxmwuax1rO6ZZVjLvJsZEwia5Ns7Hc7lS/mo9GA/Iz01jP+6zzvLBV2BdOc9c+vCzrTGN96rHdKX2o9FOf0QTNXYDZYdIUpIrxtCSP0qMqPPaHSuleX1Zeb/TIlGhGKDDZ71UhmdPKhQ3lIV35wMd8YgqeZzaCmzgMI6SWPlOSmk5gDSeJUsn+w+NV+84xmkcRatQb0H2vrYS/8UvGDsk0wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OUtmqrlRIsHK1FRdNK+A4hWCjbwjEtAu+z2wWTSI3No=; b=SsSmAF87Y41N/Q9EYxHCzAY6BsCjJD91kFas5tDkqjxRSktOsNpqTEP8WYbsh+44siNdY/g95EVchP3Tlszdr5LwbscZiONDEFFG6YVAGUJrTnbpy2jIrR9qehCP/VV84g52aYVa6AHFJruuc0uhId+/tFv9VMfSfDDTTwVCvYJAvOgQBTZDTMenc/jqkGEiQLQhJLtXdseCf1zfOA5MfB2nS6FeJDB//WC73UCPTV0f0P2uyJ0wdeKlaadyo4FVz4Cn2J/NdhnktesiUDweBT/JIXkpf7GeXQELI0FN+bQLqhFKUXYo9P8/wPyxwXMwpaSPGF3XPrdSK6VRR9/I4A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OUtmqrlRIsHK1FRdNK+A4hWCjbwjEtAu+z2wWTSI3No=; b=QU5NKuADjr6aHVhnbCscX9YeOkKNzbWksginc5sG8lD3qJAx36PCxQ/EfixGxoc1d/cpu2cJ0wXfsPMZmGfnfzX4I0N09SgzMPkPtmP1Y+2yYbVZU18Zs83EPU7ED/4RWOlMkHZRt1so0SDRPUwSw8//sXBchyWvG5S+F4t0Udk= Received: from VI1PR07MB4477.eurprd07.prod.outlook.com (2603:10a6:803:74::33) by VI1PR07MB6303.eurprd07.prod.outlook.com (2603:10a6:800:140::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.9; Fri, 20 Nov 2020 10:17:21 +0000 Received: from VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::4957:ef58:c6d5:9aa2]) by VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::4957:ef58:c6d5:9aa2%6]) with mapi id 15.20.3611.011; Fri, 20 Nov 2020 10:17:21 +0000 From: Francesca Palombini To: "secdispatch@ietf.org" CC: "secdispatch-chairs@ietf.org" Thread-Topic: IETF 109 minutes Thread-Index: AQHWvyZVsHp7dXTvgkaz8pzEevQVjQ== Date: Fri, 20 Nov 2020 10:17:21 +0000 Message-ID: <2AF7F245-9639-4514-94B7-650898143CAA@ericsson.com> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.42.20101102 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com; x-originating-ip: [2001:1ba8:147a:c100:7d13:9302:6810:57c0] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b71749e9-81dc-4e10-dc18-08d88d3d77b0 x-ms-traffictypediagnostic: VI1PR07MB6303: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GF7QAxMwqEHASIMj9wLuFTnPGkeZZVrsdn+tlOjIeMIcr4XuRZ99ioDXq/Pn+oCOIDpC/skOccLx3Z97cbWcOG2XGuUEMGi7rHhFdw2ow0g93DB3e6i5j3VbZK4jIVfghQgBqKKYS9IJz6s/R7gWOZjORXl9j1sapTJ6qW8hV6c6+G9jeMKmBOWbwxsvc/6k99nGQ6VXKZ6tsnNpRVBlJpSeyrQltFIBTn8dWIu7Hk7Sj70Z+j+gMMNBGWoyrFiUkw0Njy+nWmPeBRgZ6Tn9+PtA6/Gqu9JdyrfXc/MKHiSe1lZwTQERmdgIfr9gIfOOyyljZYKJ288w9AvMrvyZfML/UCuuFcP2arpDrIDpV48NVDRn2LHQxdEVysnKJTJQ9HmuNNGWupg63iqx1xCH+g== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB4477.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(376002)(136003)(346002)(366004)(6506007)(66446008)(66556008)(64756008)(86362001)(91956017)(83380400001)(36756003)(6512007)(66476007)(316002)(966005)(76116006)(478600001)(66946007)(450100002)(71200400001)(6486002)(8676002)(7116003)(8936002)(5660300002)(4326008)(186003)(33656002)(44832011)(4001150100001)(2906002)(6916009)(2616005); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?utf-8?B?V3BIM2NzbEdFSmVSbmo0ZkMrYVJYWG5weDJOcGFOZDk1bXlJaEtYWHpDb1Nn?= =?utf-8?B?aVhodCs3ZTh0YUcyOFlhWFI1R3pSZklQQ0htSnp1Tkc5aFZFYW5LcU1rMEZy?= =?utf-8?B?b2VmYjZFZUh3RytFWlFRM003RWhBSFdxR3pyM1grOHFVdmI2emJHQTV4T0x1?= =?utf-8?B?TUhWeHpneWt3aklxMUs0Yzk0VTR1TldYWk9OSEkrSUR5RDdsUnJLR1psZGM4?= =?utf-8?B?cHF1STEyTlB1enVONm9FVElSWlhtMCt5QitodDVjN0lRVExUMmRjQmwzdVps?= =?utf-8?B?Z0FVUGZURThyRHd3cHlxYU51U29DOGlyL01sWUh5QU1kWWFnbWNIeFFkOWFi?= =?utf-8?B?SUlNYjU1YnRXT2hHZTNsc1ZrbklYSmhuYTYxOU1xUjcwTGl3ZUNPeFZPRUh5?= =?utf-8?B?VnZIeERIM2RxczAwa2dFWDRyZlJieGY1U0I4WUQ0T1hpYzJyOWhsZmNxaEIv?= =?utf-8?B?UmQ1TWtnVmo2ZkUvZmlsYVZHazIyeVB1REhiOUx2L2Nnc2FqZmdIOGwwbDNZ?= =?utf-8?B?bk5LRWJpRCtSQkxlVmszKytzQm42LzZpNjZSSnJ4TTNhenRDamRTQlhrbUY1?= =?utf-8?B?SDFNYmpsTHpMblN0WWF2WjVRSGJLUEw0T0E4Y1ZGUWN1Mjc2MVhUZG9uVHFV?= =?utf-8?B?UUk1Y0NMcGZVbXRzemVRZDV2UmRmQU9GV3BkNTlpWHhsb3dldVpWYlFJMmV6?= =?utf-8?B?ZkRKTWpnUUVYdEpNbDVhRWlGV041QWNjdTl0UGRvdmFMMkpDTXlvNXVOZUhC?= =?utf-8?B?ZVpEUkxEaTZqK242Z1BlZXVseXJPTytnelhLYWY1eEZqaXZLNjYxbEZmSUdI?= =?utf-8?B?WHBBcXZtMFdkVmhDTGlYSWF6VitMTDlSYTE2c09kR0NsZEpKRlA0SVJMRzNM?= =?utf-8?B?dC9ZbWhhbkhrZzRnT3FRVUI3QThXeHJ1MlhvWjRITUpkcW1xYUU4ZmJ3YXNh?= =?utf-8?B?bEpHSVdMdVYxZGI4VHFqNGp2cHRaMnlIc1NiS05pZi9jNDhPTWhnbWcrWGVD?= =?utf-8?B?UEVzZjg5NllWRjE3SEFQNHpqSEdTUGNVRmJCQWY1RUtkWCtIbGxKbFNFNU1t?= =?utf-8?B?eHVEejgvSVFTSGQ5dG1hd2k3dlBhRFZNVENhR1ZSUWpKTE83cnNyQTI5dlNX?= =?utf-8?B?VXJlOCsxcmZDb0o0YXhIV0xKT0pidG9ubDZXc2N6cDFBeWRhWVQyM1Vac3Zz?= =?utf-8?B?UzVIV2l5NFJjcEZTWTVqWWNTb2d5Z25TS2xtbThFbkRmcUpMWUY2UEZIaTFF?= =?utf-8?B?R0lLS0NwaCtLQ0lLNUM1dE4yQ2NZK2ZGZkcvZnlPZ2JUQ1pOa0VISVJEVSt1?= =?utf-8?B?ZGwvZ0JOOVl0N0E2OWh4QjVRbEt2aVlScHZ3b3dOQ1plVkpNYWVQSmdWSllU?= =?utf-8?B?c2diRFZIVmxwYjBwcnZSSVd2WlNrVjBEZ1g4U2dGY210V3JKd2hyemZvY2F4?= =?utf-8?Q?t2X/RUwe?= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB4477.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b71749e9-81dc-4e10-dc18-08d88d3d77b0 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Nov 2020 10:17:21.2176 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RqM7Vc/dp6ok2mg5ZPu+Pccz95kOmlFx3vjO8qL+dIycBjxHD+lnmwOvvlMUTbkTrSv9jYDX6qGc/e4lqdo2Ixp9XKyOme2lXUgg1D6Xk+nuDQq5HVK313X+U8okQFmf X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB6303 Archived-At: Subject: [Secdispatch] IETF 109 minutes X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2020 10:17:26 -0000 SGkgYWxsLA0KDQpEcmFmdCBtaW51dGVzIGhhdmUgYmVlbiB1cGxvYWRlZCB0byB0aGUgZGF0YXRy YWNrZXIuIEh1Z2UgdGhhbmtzIHRvIG91ciBmYW50YXN0aWMgbWludXRlIHRha2VyLCBka2chDQpo dHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL21lZXRpbmcvMTA5L21hdGVyaWFscy9taW51dGVz LTEwOS1zZWNkaXNwYXRjaC0wMCANCg0KVGhleSBjb250YWluIGFsc28gbGlua3MgdG8gdGhlIGph YmJlciBsb2dzOiBodHRwczovL3d3dy5pZXRmLm9yZy9qYWJiZXIvbG9ncy9zZWNkaXNwYXRjaC8y MDIwLTExLTE2Lmh0bWwgYW5kIHJlY29yZGluZ3M6IGh0dHBzOi8veW91dHUuYmUvdkEyUDRFa05D SVEgLg0KDQpJZiB5b3UgaGF2ZSBhbnkgY29ycmVjdGlvbnMgeW91J2QgbGlrZSB1cyB0byBtYWtl LCBwbGVhc2UgbGV0IHVzIGNoYWlycyBrbm93Lg0KU3VtbWFyeSBvdXRjb21lIHJlcG9ydGVkIGJl bG93Lg0KDQpUaGFua3MgYWxsIGZvciBhIHByb2R1Y3RpdmUgbWVldGluZywNCkZyYW5jZXNjYQ0K DQotLQ0KDQooMSkgQW4gSW50ZXJvcGVyYWJpbGl0eSBBcmNoaXRlY3R1cmUgZm9yIEJsb2NrY2hh aW4gR2F0ZXdheXMgKFRob21hcyBIYXJkam9ubykNCnNwZWNpZmljYXRpb246IGh0dHBzOi8vdG9v bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1oYXJkam9uby1ibG9ja2NoYWluLWludGVyb3AtYXJjaC0w MSANCuKAkz4gTmVlZHMgbW9yZSBkaXNjdXNzaW9uIGNvbW11bml0eSBkZXZlbG9wbWVudCDigJMg ZGlzcGF0Y2hlZCB0byBibG9ja2NoYWluLWludGVyb3BAaWV0Zi5vcmcNCg0KKDIpIERBTkUgZm9y IElPVCBzZWN1cml0eSAoU2h1bW9uIEh1cXVlIGFuZCBBc2ggV2lsc29uKQ0Kc3BlY2lmaWNhdGlv bnM6IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1odXF1ZS1kYW5lLWNsaWVudC1j ZXJ0LTA0IGFuZCBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaHVxdWUtdGxzLWRh bmUtY2xpZW50aWQtMDIgDQrigJM+IERpc3BhdGNoZWQgdG8gaW90LW9uYm9hcmRpbmdAaWV0Zi5v cmcgdG8gY2xhcmlmeSB0aGUgc2NvcGUsIHRoZW4gQm9GLg0KDQooMykgU2lnbmF0dXJlIFZhbGlk YXRpb24gVG9rZW4gKFNWVCkgKFN0ZWZhbiBTYW50ZXNzb24pDQpzcGVjaWZpY2F0aW9uOiBodHRw czovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtc2FudGVzc29uLXN2dC0wMCANCuKAkz4gRGlz cGF0Y2hlZCB0byB0aGUgbmV3IG1haWxpbmcgbGlzdCAodG8gYmUgY3JlYXRlZCksIHBvc3NpYmx5 IGZvbGxvd2VkIGJ5IGl0cyBvd24gZm9jdXNlZCBXRy4NCg0K