From nobody Tue Oct 4 09:02:16 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9CAF129593 for ; Tue, 4 Oct 2016 09:02:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v_758TgCRhBN for ; Tue, 4 Oct 2016 09:02:12 -0700 (PDT) Received: from mail-ua0-x22d.google.com (mail-ua0-x22d.google.com [IPv6:2607:f8b0:400c:c08::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08D621293DC for ; Tue, 4 Oct 2016 09:02:01 -0700 (PDT) Received: by mail-ua0-x22d.google.com with SMTP id p25so63139998uaa.1 for ; Tue, 04 Oct 2016 09:02:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=RkcNQMHPpRN0yxDoB5b+o44bAtaTIjJcjDAgci8WiGqtR/RWjyHyUqbmq/GO3a08De WXBs9d1HSdkxVq9G5jfd8kpWKaaHfLZFSECIvN44szcMP8mqceU2/pVXV+wR3cQ7zoSM ENNG4eE4OnBsdO7acv8cE7MkGNs4HnPqu9buVnRwkrF5lHhiUUKUcDAvO/asiHm75PZy RbePMpl0rjVsqAVejp6KLXPgdIeQuIr/iKtLEn7zbavLKi351ODrKipvFt4c4xwe8UHo SHqidWA/keQpAZ7GEOHcHzccgrDYTWk7lQnP5x2JHL5RdR2I/CdaRhMiZIxBlb1hv1HP NROQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=OFqoAdMHwoqLqmyYRMDaXJaZJT+9SCYbXLJqEk1FdrT6FPL6yqOktJuUVytiTJMwDX n0TkG9wby2g67TQBQS6XGGDl3NBIv3i/qnAWt9luFAWM16f7gY/7wnNYltdL0icBouN2 6UuNkg4iDv7tXsMd6zPVEx0fgCvPwPyG/pk2N+9cKGBgdZ1xiuDJE+r67NIYKJkvSHYF iVtC6m9diNlsPNr49Ivmjd3HHWdnHQlscudwMkE+3iO822oTpI2WOp++xtZMgIj1rm9Y wdLTK5gncxysuLkRKt2WEinIpUQnG/hD9fm/cXUua7DUXJxxV1tC6bc8HiNdf+Y153Bc Dq2A== X-Gm-Message-State: AA6/9RlxdkCTpfVqezn+lsW6fqK+DO9WBpFD8WqHDfOdqte+0GU1911X1sRaD73fed4+hB1w0ql+IFGRmC/n3w== X-Received: by 10.176.16.21 with SMTP id f21mr2370922uab.151.1475596920030; Tue, 04 Oct 2016 09:02:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.67.130 with HTTP; Tue, 4 Oct 2016 09:01:59 -0700 (PDT) From: Toerless Eckert Date: Tue, 4 Oct 2016 09:01:59 -0700 Message-ID: To: anima-bootstrap@ietf.org Content-Type: text/plain; charset=UTF-8 Archived-At: Subject: [Anima-bootstrap] Test from non-subscribed email. Trying to see that i get a notification on my list moderator email. X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Oct 2016 16:02:15 -0000 From nobody Tue Oct 11 08:06:33 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD90412948D for ; Tue, 11 Oct 2016 08:06:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.515 X-Spam-Level: X-Spam-Status: No, score=-17.515 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C30h6G2eDC0j for ; Tue, 11 Oct 2016 08:06:28 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AEFE12941C for ; Tue, 11 Oct 2016 08:06:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7085; q=dns/txt; s=iport; t=1476198388; x=1477407988; h=from:to:subject:date:message-id:mime-version; bh=jPObuUtjXLJcYCvrxWQNg24T0CbLLZ+1lxgSqHNcRG4=; b=JMxqsZuz5+PSssSQWE/CYkT5vVb4vBsFRo584+su3z0TJcYry3sVpHQK LyPBbKWe6wiW1ZIh3F/Kc+sNxgDApeZc87VGnUVNwb6+rrxt1l0uArauG lSJP58egH/DiDqXgfqEXjei9CQN7WfAHkxwaq/fuBSRPy1FC4y0VUMsy+ A=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AFAAD6/vxX/5JdJa1CFwMaAQEBAQIBA?= =?us-ascii?q?QEBCAEBAQGDBzUBAQEBAR1XfAeEK4kBpiSDBYIPgSMFYyiFGXuBazgUAQIBAQE?= =?us-ascii?q?BAQEBXhwLhGgjCjklAQwoBAwDAwIEMBQQAgEBAxMIiEgOLaVXj2yFFod2AQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEPD4Y9iGAtVgeCNoJbBY54iwoBhiaJT4JDjTmQdwE?= =?us-ascii?q?PDzZNgnEcgQhLcgGHIYEAAQEB?= X-IronPort-AV: E=Sophos;i="5.31,329,1473120000"; d="scan'208,217";a="333553671" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2016 15:06:27 +0000 Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u9BF6REC026840 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Tue, 11 Oct 2016 15:06:27 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 11 Oct 2016 10:06:26 -0500 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Tue, 11 Oct 2016 10:06:26 -0500 From: "Michael Behringer (mbehring)" To: "anima-bootstrap@ietf.org" Thread-Topic: Weekly ANIMA Bootstrap Invite Thread-Index: AdIj0Id4YPVGP6rLRzyHtxEode6pPQAAIAtw Date: Tue, 11 Oct 2016 15:06:26 +0000 Message-ID: <0c683686ca8641b480ba5d0f8cb548a6@XCH-RCD-006.cisco.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.134] Content-Type: multipart/alternative; boundary="_000_0c683686ca8641b480ba5d0f8cb548a6XCHRCD006ciscocom_" MIME-Version: 1.0 Archived-At: Subject: [Anima-bootstrap] Weekly ANIMA Bootstrap Invite X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2016 15:06:33 -0000 --_000_0c683686ca8641b480ba5d0f8cb548a6XCHRCD006ciscocom_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Weekly anima-bootstrap design-team meeting https://ietf.webex.com/ietf/j.php?MTID=3Dm0e0d148dad8af4468112c83bbb3181bc http://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFont= =3Dtrue 648 921 326 Meeting password: boostrap Hostkey: 275713 Audio connection: 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) Show toll-free dialing restrictions Access code: 648 921 326 When Weekly from 11am to 12pm on Tuesday from Tue 13 Sep to Tue = 8 Nov Eastern Time Where https://cisco.webex.com/cisco (map) Calendar mbehring@cisco.com Who * Michael Richardson- organiser * Michael Behringer * anima-bootstrap@ietf.org --_000_0c683686ca8641b480ba5d0f8cb548a6XCHRCD006ciscocom_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Weekly anima-bootstrap design-team meeting
http://etherpad.tools.iet= f.org:9000/p/anima-boostrapping?useMonospaceFont=3Dtrue
 
648 921 326
Meeting password: boostrap
Hostkey: 275713
Audio connection:
1-877-668-4493 Call-in toll free number (US/Canada)
1-650-479-3208 Call-in toll number (US/Canada)
Show toll-free dialing restrictions
Access code: 648 921 326
 
 
When           = Weekly from 11am to 12pm on Tuesday from Tue 13 Sep to Tue 8 Nov Eastern T= ime
Where           https://ci= sco.webex.com/cisco (map)
Calendar          &n= bsp;     mbehring@cisco.com
Who           &= nbsp; •          &n= bsp;    Michael Richardson- organiser
•          &nb= sp;    Michael Behringer
•          &nb= sp;    anima-bootstrap@ietf.org
 
 
 --_000_0c683686ca8641b480ba5d0f8cb548a6XCHRCD006ciscocom_ Content-Type: text/calendar; charset="utf-8"; method=REQUEST Content-Transfer-Encoding: base64 QkVHSU46VkNBTEVOREFSDQpNRVRIT0Q6UkVRVUVTVA0KUFJPRElEOk1pY3Jvc29mdCBFeGNoYW5n ZSBTZXJ2ZXIgMjAxMA0KVkVSU0lPTjoyLjANCkJFR0lOOlZUSU1FWk9ORQ0KVFpJRDpSb21hbmNl IFN0YW5kYXJkIFRpbWUNCkJFR0lOOlNUQU5EQVJEDQpEVFNUQVJUOjE2MDEwMTAxVDAzMDAwMA0K VFpPRkZTRVRGUk9NOiswMjAwDQpUWk9GRlNFVFRPOiswMTAwDQpSUlVMRTpGUkVRPVlFQVJMWTtJ TlRFUlZBTD0xO0JZREFZPS0xU1U7QllNT05USD0xMA0KRU5EOlNUQU5EQVJEDQpCRUdJTjpEQVlM SUdIVA0KRFRTVEFSVDoxNjAxMDEwMVQwMjAwMDANClRaT0ZGU0VURlJPTTorMDEwMA0KVFpPRkZT RVRUTzorMDIwMA0KUlJVTEU6RlJFUT1ZRUFSTFk7SU5URVJWQUw9MTtCWURBWT0tMVNVO0JZTU9O VEg9Mw0KRU5EOkRBWUxJR0hUDQpFTkQ6VlRJTUVaT05FDQpCRUdJTjpWRVZFTlQNCk9SR0FOSVpF UjtDTj1NaWNoYWVsIEJlaHJpbmdlciAobWJlaHJpbmcpOk1BSUxUTzptYmVocmluZ0BjaXNjby5j b20NCkFUVEVOREVFO1JPTEU9UkVRLVBBUlRJQ0lQQU5UO1BBUlRTVEFUPU5FRURTLUFDVElPTjtS U1ZQPVRSVUU7Q049YW5pbWEtYm9vdA0KIHN0cmFwQGlldGYub3JnOk1BSUxUTzphbmltYS1ib290 c3RyYXBAaWV0Zi5vcmcNCkRFU0NSSVBUSU9OO0xBTkdVQUdFPWVuLVVTOldlZWtseSBhbmltYS1i b290c3RyYXAgZGVzaWduLXRlYW0gbWVldGluZ1xuaHR0cA0KIHM6Ly9pZXRmLndlYmV4LmNvbS9p ZXRmL2oucGhwP01USUQ9bTBlMGQxNDhkYWQ4YWY0NDY4MTEyYzgzYmJiMzE4MWJjXG5odHRwDQog Oi8vZXRoZXJwYWQudG9vbHMuaWV0Zi5vcmc6OTAwMC9wL2FuaW1hLWJvb3N0cmFwcGluZz91c2VN b25vc3BhY2VGb250PXRydWUNCiBcblxuNjQ4IDkyMSAzMjZcbk1lZXRpbmcgcGFzc3dvcmQ6IGJv b3N0cmFwXG5Ib3N0a2V5OiAyNzU3MTNcbkF1ZGlvIGNvbm5lYw0KIHRpb246XG4xLTg3Ny02Njgt NDQ5MyBDYWxsLWluIHRvbGwgZnJlZSBudW1iZXIgKFVTL0NhbmFkYSlcbjEtNjUwLTQ3OS0zMjA4 DQogIENhbGwtaW4gdG9sbCBudW1iZXIgKFVTL0NhbmFkYSlcblNob3cgdG9sbC1mcmVlIGRpYWxp bmcgcmVzdHJpY3Rpb25zXG5BY2MNCiBlc3MgY29kZTogNjQ4IDkyMSAzMjZcblxuXG5XaGVuICAg ICAgICAgICAgV2Vla2x5IGZyb20gMTFhbSB0byAxMnBtIG9uIFR1ZQ0KIHNkYXkgZnJvbSBUdWUg MTMgU2VwIHRvIFR1ZSA4IE5vdiBFYXN0ZXJuIFRpbWVcbldoZXJlICAgICAgICAgICBodHRwczov L2NpDQogc2NvLndlYmV4LmNvbS9jaXNjbyAobWFwKVxuQ2FsZW5kYXIgICAgICAgICAgICAgICAg bWJlaHJpbmdAY2lzY28uY29tPG1haWwNCiB0bzptYmVocmluZ0BjaXNjby5jb20+XG5XaG8gICAg ICAgICAgICAg4oCiICAgICAgICAgICAgICAgTWljaGFlbCBSaWNoYXJkcw0KIG9uLSBvcmdhbmlz ZXJcbuKAoiAgICAgICAgICAgICAgIE1pY2hhZWwgQmVocmluZ2VyXG7igKIgICAgICAgICAgICAg ICBhbmltDQogYS1ib290c3RyYXBAaWV0Zi5vcmc8bWFpbHRvOmFuaW1hLWJvb3RzdHJhcEBpZXRm Lm9yZz5cblxuXG4NClJSVUxFOkZSRVE9V0VFS0xZO1VOVElMPTIwMTYxMDI1VDE1MDAwMFo7SU5U RVJWQUw9MTtCWURBWT1UVTtXS1NUPU1PDQpTVU1NQVJZO0xBTkdVQUdFPWVuLVVTOldlZWtseSBB TklNQSBCb290c3RyYXAgSW52aXRlDQpEVFNUQVJUO1RaSUQ9Um9tYW5jZSBTdGFuZGFyZCBUaW1l OjIwMTYxMDExVDE3MDAwMA0KRFRFTkQ7VFpJRD1Sb21hbmNlIFN0YW5kYXJkIFRpbWU6MjAxNjEw MTFUMTgwMDAwDQpVSUQ6MDQwMDAwMDA4MjAwRTAwMDc0QzVCNzEwMUE4MkUwMDgwMDAwMDAwMDIw QUIwMTRCRTEyM0QyMDEwMDAwMDAwMDAwMDAwMDANCiAwMTAwMDAwMDA5QzI4NjRDNEVGOTM1RjRC OEI2NUU0RkM5NjhEQzYxNw0KQ0xBU1M6UFVCTElDDQpQUklPUklUWTo1DQpEVFNUQU1QOjIwMTYx MDExVDE1MDYyM1oNClRSQU5TUDpPUEFRVUUNClNUQVRVUzpDT05GSVJNRUQNClNFUVVFTkNFOjAN CkxPQ0FUSU9OO0xBTkdVQUdFPWVuLVVTOndlYmV4DQpYLU1JQ1JPU09GVC1DRE8tQVBQVC1TRVFV RU5DRTowDQpYLU1JQ1JPU09GVC1DRE8tT1dORVJBUFBUSUQ6MTU0ODQ2MjA0OA0KWC1NSUNST1NP RlQtQ0RPLUJVU1lTVEFUVVM6VEVOVEFUSVZFDQpYLU1JQ1JPU09GVC1DRE8tSU5URU5ERURTVEFU VVM6QlVTWQ0KWC1NSUNST1NPRlQtQ0RPLUFMTERBWUVWRU5UOkZBTFNFDQpYLU1JQ1JPU09GVC1D RE8tSU1QT1JUQU5DRToxDQpYLU1JQ1JPU09GVC1DRE8tSU5TVFRZUEU6MQ0KWC1NSUNST1NPRlQt RElTQUxMT1ctQ09VTlRFUjpGQUxTRQ0KRU5EOlZFVkVOVA0KRU5EOlZDQUxFTkRBUg0K --_000_0c683686ca8641b480ba5d0f8cb548a6XCHRCD006ciscocom_-- From nobody Thu Oct 13 04:26:18 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A3D612973F for ; Thu, 13 Oct 2016 04:26:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.517 X-Spam-Level: X-Spam-Status: No, score=-17.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bR4xuKjubvcM for ; Thu, 13 Oct 2016 04:26:15 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BCFF12973C for ; Thu, 13 Oct 2016 04:26:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8126; q=dns/txt; s=iport; t=1476357975; x=1477567575; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=SHS5Fbe1nntk6WdKk8x1ofmSOu52SxOctEktHQEE7mA=; b=WObcM5pA7+P1FdshSwrfwCPmZCe8W/XzQQZnXKSygNpOoYkFu/gsK4K+ F+/7moEpRrRxrMVCp2GDKzcc3wpCf0LGV3pGnc8lWqnxBnJkTKHDVffwP 2ludoJaeprXZJClSb/6lSxRqv4r+VfS8xni2EgfZIZ0U72uJkNQdJBh8k Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BtAQAnbv9X/5ldJa1cGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgzwBAQEBAR1XfAeNLZcEkiWCD4IKKYJCgzYCGoFmOBQBAgEBAQEBAQF?= =?us-ascii?q?eJ4RhAQEEASMRSg0BCBcDAiYCBDAVCAoEARKISAgOtiCNAgEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBGQWBB4czCIJQgU6DEIJtLIIvBZoCAYYmiVaPdZB3AR42UIJyH4F?= =?us-ascii?q?TcodkgQABAQE?= X-IronPort-AV: E=Sophos;i="5.31,339,1473120000"; d="scan'208";a="159304622" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Oct 2016 11:26:14 +0000 Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u9DBQELT012860 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 13 Oct 2016 11:26:14 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 13 Oct 2016 06:26:13 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Thu, 13 Oct 2016 06:26:13 -0500 From: "Max Pritikin (pritikin)" To: "anima-bootstrap@ietf.org" , Michael Richardson Thread-Topic: authz in the form a cert chain.. from SIDR work Thread-Index: AQHSJUSbQHgJ65sWwEi06mUUCMbO8w== Date: Thu, 13 Oct 2016 11:26:13 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.61.167.92] Content-Type: text/plain; charset="utf-8" Content-ID: <86D9E3AB80F4334BB4307AD3D1188CAD@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Anima-bootstrap] authz in the form a cert chain.. from SIDR work X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2016 11:26:17 -0000 DQpCZWNhdXNlIHRoaXMgY2FtZSB1cCBpbiBkaXNjdXNzaW9uIGR1cmluZyB0aGUgbWVldGluZyB0 b2RheSBJ4oCZbSByZXNwb25kaW5nIHRvIHRoaXMgb2xkZXIgbWVzc2FnZSBvcmlnaW5hbGx5IGZy b20gTWljaGFlbCBSaWNoYXJkc29uOg0KaHR0cHM6Ly9tYWlsYXJjaGl2ZS5pZXRmLm9yZy9hcmNo L21zZy82dGlzY2gtc2VjdXJpdHkvMmtPYkpMa0xsaHVJLUhVOXM1eXFmUm0wbjAwDQoNCk15IGNv bmNlcm4gYWJvdXQgdGhpcyBhcHByb2FjaCBwYXJhbGxlbHMgbXkgY29uY2VybiBhYm91dCB0aGUg Y3VycmVudCBuZXRjb25mIGFwcHJvYWNoLCBvbmx5IG1vcmUgc28uIElmIEkgdW5kZXJzdGFuZCB0 aGlzIGNvcnJlY3RseSBpdCByZXF1aXJlcyBlYWNoIGxldmVsIG9mIHRoZSBzYWxlcyBjaGFubmVs IHRvIGhhdmUgc3VmZmljaWVudCBkaWdpdGl6YXRpb24gdG8gYnVpbGQgdGhlIGJpbGwtb2Ytc2Fs ZSBjaGFpbiBhbmQgaXNzdWUgdGhhdCB0byBlYWNoIHJlc2VsbGVyIOKAlCByaWdodCB1cCB0aGUg ZmluYWwgb3duZXIuDQoNCk9yaWdpbmFsIG1lc3NhZ2UgcXVvdGVkIGhlcmU6IA0KPiBJbiBteSBv cmlnaW5hbCA4MDIuMUFSIGVuYWJsZWQgZGV2aWNlIGNsYWltIGlkZWEsIEkgaW1hZ2luZSBhIGNl cnRpZmljYXRlDQo+IGNoYWluIHJvb3RlZCBpbiB0aGUgRmFjdG9yeSBDQSB0aGF0IHdvdWxkIGFs cmVhZHkgYmUgcHJlc2VudCBpbiB0aGUgbW90ZS4NCj4gDQo+IFRvIG1ha2UgaXQgZWFzaWVyIHRv IGV4cGxhaW4sIGFuZCB0YWxrIGFib3V0LCBJJ20gZ29pbmcgdG8gZ2l2ZSBzb21lIG5hbWVzLg0K PiAgICBGYWN0b3J5OiAgICAgICBBQ01FDQo+ICAgIE5hdGlvbmFsLVZBUjogIENhZGFicmENCj4g ICAgUmVnaW9uYWwtVmFyOiAgU2VzYW1lDQo+ICAgIFBsYW50OiAgICAgICAgIENveW90ZQ0KPiAN Cj4gU28sIHRoZSBtYW5hZ2VyIChXaWxleSkgYXQgdGhlIENveW90ZSBQbGFuLCBoYXMganVzdCBy ZWNlaXZlZCAxMDAwIG5ldw0KPiAod2lyZWxlc3MpIFJvYWQtUnVubmVyIERldGVjdG9yLCBhbmQg cGxhbnMgdG8gc3ByZWFkIHRoZW0gYWxvbmcgdGhlIGhpZ2h3YXkuDQoNClBvb3JseSBXaWxleSBp cyB0aGUgY3VzdG9tZXIuIEhl4oCZcyBydW5uaW5nIGEg4oCcUGxhbnTigJ0uIGJlZXAgYmVlcCEN Cg0KPiBUaGUgZGV0ZWN0b3JzIGFyZSBJRGV2SUQgMjEwMDAxIHRocm91Z2ggMjEwOTk5LiAgRWFj aCBEZXRlY3RvciBoYXMNCj4gYW4gODAyLjFBUiBjZXJ0aWZpY2F0ZSBwcmUtaW5zdGFsbGVkIHRo YXQgbG9va3MgbGlrZToNCj4gICAgICAgICBJc3N1ZXI6IEM9VVMsIFNUPU5ldyBKZXJzZXksIEw9 RmFpcmZpZWxkLA0KPiAgICAgICAgICAgICAgICAgTz1BQ01FIFJvY2tldC1Qb3dlcmVkIFByb2R1 Y3RzLA0KPiAgICAgICAgICAgICAgICAgT1U9U2Vuc29yLU5ldHdvcmstRGl2aXNpb24NCj4gICAg ICAgICBWYWxpZGl0eQ0KPiAgICAgICAgICAgICBOb3QgQmVmb3JlOiBGZWIgMTcgMTk6NTE6NTAg MjAxMCBHTVQNCj4gICAgICAgICAgICAgTm90IEFmdGVyIDogRGVjIDMxIDIzOjU5OjU5IDk5OTkg R01UDQo+ICAgICAgICAgU3ViamVjdDogQ049cm9hZHJ1bm5lcjIxMDAwMQ0KPiAgICAgICAgIERh dGE6DQo+ICAgICAgICAgICAgIFNlcmlhbCBOdW1iZXI6IDIxOjAwOjAxDQo+ICAgICAgICAgU3Vi amVjdCBQdWJsaWMgS2V5IEluZm86IC4uLg0KPiANCj4gDQo+IFdoZW4gQUNNRSBGYWN0b3J5J3Mg U2Vuc29yIE5ldG93cmsgRGl2aXNpb24gc2hpcHMgMTAwIGNyYXRlcyBvZiBzZW5zb3JzIHRvDQo+ IENhZGFicmEsIGl0IGlzc3VlcyBhIGNlcnRpZmljYXRlOg0KPiANCj4gICAgICAgICBJc3N1ZXI6 IEM9VVMsIFNUPU5ldyBKZXJzZXksIEw9RmFpcmZpZWxkLA0KPiAgICAgICAgICAgICAgICAgTz1B Q01FIFJvY2tldC1Qb3dlcmVkIFByb2R1Y3RzLA0KPiAgICAgICAgICAgICAgICAgT1U9U2Vuc29y LU5ldHdvcmstRGl2aXNpb24NCj4gICAgICAgICBWYWxpZGl0eQ0KPiAgICAgICAgICAgICBOb3Qg QmVmb3JlOiBGZWIgMTcgMTk6NTE6NTAgMjAxMCBHTVQNCj4gICAgICAgICAgICAgTm90IEFmdGVy IDogRGVjIDMxIDIzOjU5OjU5IDk5OTkgR01UDQo+ICAgICAgICAgU3ViamVjdDogQz1VUyxTVD1X YXNoaW5ndG9uLEw9U2VhdHRsZSxPPUNhZGFicmEsT1U9TG9naXN0aWNzDQo+ICAgICAgICAgICAg ICAgICAgUkZDMzc3OS1MaWtlLUV4dGVuc2lvbjogUmFuZ2UoMjEwMDAwLCAyMTk5OTkpDQoNClNv IHRoZSBmaXJzdCBsZXZlbCBvZiBzYWxlcyBjaGFpbiBpbnRlZ3JhdGlvbiBpcyB0aGUgaXNzdWFu Y2Ugb2YgYSBjZXJ0aWZpY2F0ZSBmb3IgdGhlIGZpcnN0IFZBUi4gDQoNCj4gDQo+IFdoZW4gQ2Fk YWJyYSBzaGlwcyBjYXNlcyAxLTIwIHRvIFNlc2FtZSwgaXQgaXNzdWVzIGEgY2VydGlmaWNhdGU6 DQo+IA0KPiAgICAgICAgIElzc3VlcjogQz1VUyxTVD1XYXNoaW5ndG9uLEw9U2VhdHRsZSxPPUNh ZGFicmEsT1U9TG9naXN0aWNzDQo+ICAgICAgICAgVmFsaWRpdHkNCj4gICAgICAgICAgICAgTm90 IEJlZm9yZTogRmViIDE3IDE5OjUxOjUwIDIwMTAgR01UDQo+ICAgICAgICAgICAgIE5vdCBBZnRl ciA6IERlYyAzMSAyMzo1OTo1OSA5OTk5IEdNVA0KPiAgICAgICAgIFN1YmplY3Q6IEM9VVMsIFNU PUFya2Fuc3VzLCBMPUJlbnRvbnZpbGxlLA0KPiAgICAgICAgICAgICAgICAgTz1TZXNhbWUgQml4 IEJveCBSZXRhaWwsDQo+ICAgICAgICAgICAgICAgICBPVT1TbWFsbCBTdHVmZiBEaXN0cmlidXRp b24NCj4gICAgICAgICAgICAgICAgIFJGQzM3NzktTGlrZS1FeHRlbnNpb246IFJhbmdlKDIxMDAw MCwgMjExOTk5KQ0KDQpBbmQgZWFjaCBtZW1iZXIgb2YgdGhlIHNhbGVzIGNoYW5uZWwgcmVwZWF0 cyB0aGlzIHByb2Nlc3MgYXMgaXQgcmVzYWxlcyB0aGUgZGV2aWNlPw0KUmlnaHQgZG93biB0byB0 aGUg4oCcU2VzYW1lIEJpeCBCb3ggUmV0YWls4oCdIGhhdmluZyBhIFBLSSBhbmQgaXNzdWluZyB0 aGUgZmluYWwgYmlsbCBvZiBzYWxlOg0KDQo+IA0KPiBXaGVuIENveW90ZSBJbmMgYnV5cyB0aG9z ZSAxMCBib3hlcyBvZiAxMDAgc2Vuc29ycywgdGhlIGJpbGwgb2Ygc2FsZSBpbmNsdWRlczoNCj4g DQo+ICAgICAgICAgSXNzdWVyOiBDPVVTLCBTVD1BcmthbnN1cywgTD1CZW50b252aWxsZSwNCj4g ICAgICAgICAgICAgICAgIE89U2VzYW1lIEJpeCBCb3ggUmV0YWlsLA0KPiAgICAgICAgICAgICAg ICAgT1U9U21hbGwgU3R1ZmYgRGlzdHJpYnV0aW9uDQo+ICAgICAgICAgVmFsaWRpdHkNCj4gICAg ICAgICAgICAgTm90IEJlZm9yZTogRmViIDE3IDE5OjUxOjUwIDIwMTAgR01UDQo+ICAgICAgICAg ICAgIE5vdCBBZnRlciA6IERlYyAzMSAyMzo1OTo1OSA5OTk5IEdNVA0KPiAgICAgICAgIFN1Ympl Y3Q6IEM9VVMsIFNUPU5ldmFkYSwgTD1Ub25vcGFoLA0KPiAgICAgICAgICAgICAgICAgIE89Q295 b3RlIEluYywgT1U9U3VwcGVyDQo+ICAgICAgICAgICAgICAgICAgUkZDMzc3OS1MaWtlLUV4dGVu c2lvbjogUmFuZ2UoMjEwMDAwLCAyMTAwOTkpDQo+ICAgICAgICAgICAgICAgICAgUkZDMzc3OS1M aWtlLUV4dGVuc2lvbjogUmFuZ2UoMjEwMjAwLCAyMTAyOTkpDQo+ICAgICAgICAgICAgICAgICAg UkZDMzc3OS1MaWtlLUV4dGVuc2lvbjogUmFuZ2UoMjEwNDAwLCAyMTA0OTkpDQo+ICAgICAgICAg ICAgICAgICAgUkZDMzc3OS1MaWtlLUV4dGVuc2lvbjogUmFuZ2UoMjEwNjAwLCAyMTA2OTkpDQo+ ICAgICAgICAgICAgICAgICAgUkZDMzc3OS1MaWtlLUV4dGVuc2lvbjogUmFuZ2UoMjEwODAwLCAy MTA4OTkpDQo+ICAgICAgICAgICAgICAgICAgUkZDMzc3OS1MaWtlLUV4dGVuc2lvbjogUmFuZ2Uo MjExMDAwLCAyMTEwOTkpDQo+ICAgICAgICAgICAgICAgICAgUkZDMzc3OS1MaWtlLUV4dGVuc2lv bjogUmFuZ2UoMjExMjAwLCAyMTEyOTkpDQo+ICAgICAgICAgICAgICAgICAgUkZDMzc3OS1MaWtl LUV4dGVuc2lvbjogUmFuZ2UoMjExNjAwLCAyMTE2OTkpDQo+ICAgICAgICAgICAgICAgICAgUkZD Mzc3OS1MaWtlLUV4dGVuc2lvbjogUmFuZ2UoMjExODAwLCAyMTE4OTkpDQo+IChjYXVzZSwgYSBz aGlwcGVyIHNlbnQgdGhlbSBldmVyeSBvdGhlciBib3gsIHRoZSByYW5nZXMgYXJlIG5vdCBjb250 aWd1b3VzKQ0KPiANCj4gVGhlIG1vdGUvc2Vuc29yIHdoZW4gaXQgc2VlcyB0aGlzIGNlcnRpZmlj YXRlLCBjYW4gdmVyaXR5IHRoYXQgaXQncyBEZXZJRA0KPiBpcyBpbiB0aGUgcmFuZ2UsIGFuZCB0 aGVyZWZvcmUga25vd3MgdGhhdCBpdCBoYXMgZm91bmQgdGhlIHJpZ2h0IG5ldHdvcmsuDQo+IA0K PiBTaG91bGQgQ295b3RlIGZpbmQgdGhhdCB0aGV5IGhhZCB0b28gbWFueSwgdGhleSBjYW4gc2Vs bCBzb21lIG9mIHRoZXNlDQo+IHNlbnNvcnMgdG8gU2hlZXBkb2cgU2FtIEluYywgYnkgaXNzdWlu ZyBhIGNlcnRpZmljYXRlOg0KPiANCj4gICAgICAgICBJc3N1ZXI6IEM9VVMsIFNUPU5ldmFkYSwg TD1Ub25vcGFoLA0KPiAgICAgICAgICAgICAgICAgIE89Q295b3RlIEluYywgT1U9U3VwcGVyDQo+ ICAgICAgICAgVmFsaWRpdHkNCj4gICAgICAgICAgICAgTm90IEJlZm9yZTogRmViIDE3IDE5OjUx OjUwIDIwMTAgR01UDQo+ICAgICAgICAgICAgIE5vdCBBZnRlciA6IERlYyAzMSAyMzo1OTo1OSA5 OTk5IEdNVA0KPiAgICAgICAgIFN1YmplY3Q6IEM9R0IsIFNUPVNjb3RsYW5kLCBMPUVkaW5idXJn aCwNCj4gICAgICAgICAgICAgICAgICBPPVNoZWVwc1JVcywgT1U9U2hlZXBkb2cNCj4gICAgICAg ICAgICAgICAgICBSRkMzNzc5LUxpa2UtRXh0ZW5zaW9uOiBSYW5nZSgyMTAwNTAsIDIxMDA5OSkN Cj4gICAgICAgICAgICAgICAgICBSRkMzNzc5LUxpa2UtRXh0ZW5zaW9uOiBSYW5nZSgyMTE2MTEs IDIxMTYyMykNCg0KU28gYmFzaWNhbGx5IGFsb25nIHdpdGggZWFjaCBkZXZpY2Ugd2UgaGF2ZSBh IOKAnHZpcnR1YWzigJ0gY29weSBvZiB0aGUgZGV2aWNlIChhIGRpZ2l0YWwgYmlsbCBvZiBzYWxl KSB0aGF0IHRyYXZlbHMgKHZpcnR1YWxseSkgYWxvbmcgdGhlIHNhbGVzIGNoYW5uZWwgYW5kIHRv IHRoZSBmaW5hbCBjdXN0b21lci4gVGhlIGZpbmFsIGN1c3RvbWVyIHRoZW4gcGFpcnMgdGhpcyB2 aXJ0dWFsIGJpbGwtb2Ytc2FsZSBjaGFpbiB0byB0aGUgZGV2aWNlIHRvIHByb3ZlIGl0IGhhcyBv d25lcnNoaXA/IA0KDQpBbmQgdGhlbiB5b3UgdXNlIHRoaXMgdG8ga2ljayBvZmYgeW91ciBub3Jt YWwgZW5yb2xsbWVudCBieSB0aGUgY3VzdG9tZXIuIFNvIHRoZXJlIGhhcyB0byBiZSBzb21lIGJp bmRpbmcgYmV0d2VlbiB0aGUgZmluYWwgYmlsbCBvZiBzYWxlIGFuZCB0aGUgQ0EgdGhlIGRldmlj ZSBpcyBlbnJvbGxpbmcgaW4/DQoNCi0gbWF4DQoNCj4gDQo+IG9mIGNvdXJzZSwgc2luY2UgQ295 b3RlIGFjdHVhbGx5IHN0aWxsIGhhcyBhIHZhbGlkIGNlcnRpZmljYXRlLCBhbGwgcGFydGllcw0K PiB3b3VsZCBiZSBhZHZpc2VkIHRvIHVzZSB0aGUgRW5yb2xsbWVudCBvdmVyIFNlY3VyZSBUcmFu c3BvcnQgb3IgYW4gQVBJIGludG8NCj4gODAyLjFBUiwgdG8gcHV0IGFuIG9wZXJhdGlvbmFsIGNl cnRpZmljYXRlIGluIHBsYWNlLiAgICBHZXR0aW5nIGJhY2sgdG8NCj4gZmFjdG9yeSBkZWZhdWx0 IG1pZ2h0IGJlIGltcG9zc2libGUgKFdpcmVsZXNzSGFydCBkb2VzIHRoaXMsIEkgdGhpbmspLCBv cg0KPiBhdCBsZWFzdCwgd2lsbCB3aXBlIHRoZSBwcml2YXRlIGtleSBhc3NvY2lhdGVkIHdpdGgg dGhlIG5ldyBjZXJ0aWZpY2F0ZSBmcm9tDQo+IHRoZSBkZXZpY2UuDQo+IA0KPiBCVFc6IHRoZSBl eHRlbnNpb24gaXMgbGlrZWx5IGFib3V0IDIwIGJ5dGVzIGJhc2UsIHdpdGggNSBieXRlcyBwZXIg SURFVklELg0KPiANCj4gLS0NCj4gTWljaGFlbCBSaWNoYXJkc29uIDxtY3IrSUVURkBzYW5kZWxt YW4uY2E+LCBTYW5kZWxtYW4gU29mdHdhcmUgV29ya3MNCj4gIC09IElQdjYgSW9UIGNvbnN1bHRp bmcgPS0NCg== From nobody Thu Oct 13 04:48:11 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CB2A1294E8 for ; Thu, 13 Oct 2016 04:48:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g8Vo4ZTByrq4 for ; Thu, 13 Oct 2016 04:48:09 -0700 (PDT) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D57DD1294A3 for ; Thu, 13 Oct 2016 04:48:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id u9DBm3Nc003291; Thu, 13 Oct 2016 13:48:03 +0200 (CEST) Received: from nar-4.local (p5DC7E34C.dip0.t-ipconnect.de [93.199.227.76]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3svprg1NNNz3PmT; Thu, 13 Oct 2016 13:48:03 +0200 (CEST) Message-ID: <57FF74B5.5020004@tzi.org> Date: Thu, 13 Oct 2016 13:49:09 +0200 From: Carsten Bormann User-Agent: Postbox 4.0.8 (Macintosh/20151105) MIME-Version: 1.0 To: "Max Pritikin (pritikin)" References: In-Reply-To: X-Enigmail-Version: 1.2.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Archived-At: Cc: Michael Richardson , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] authz in the form a cert chain.. from SIDR work X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2016 11:48:10 -0000 Max Pritikin (pritikin) wrote: > And each member of the sales channel repeats this process as it resales the device? > Right down to the “Sesame Bix Box Retail” having a PKI and issuing the final bill of sale: Actually, for some organizations investing in designing security solutions that's the point: Security solutions can be designed to favor certain business arrangements and make others artificially hard. (In this, case, of course the manufacturer would build a platform to enable Sesame to run this process. Manufacturer is happy: more control over the channel. This also probably easily justifies the entire expense of running the platform. And then later, that platform can be turned into a "profit center", because security ensures lock-in.) Grüße, Carsten From nobody Fri Oct 14 07:42:20 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 530301297AE for ; Fri, 14 Oct 2016 07:42:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.517 X-Spam-Level: X-Spam-Status: No, score=-17.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kKpUDWs6qOkw for ; Fri, 14 Oct 2016 07:42:16 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E8831297A9 for ; Fri, 14 Oct 2016 07:42:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=51757; q=dns/txt; s=iport; t=1476456136; x=1477665736; h=from:to:subject:date:message-id:mime-version; bh=j8ESo8DylWLvrn62Sr1KAl1gTwWYHY/CqQM9O2UGvKk=; b=aNei7Byp5Ae1NkV7YcIBz2dtb8+8xhikiu1rvb+JbgS648qFkk+W0dBE 3gjIz2mjaIKAi9QO+HxrLOnJn5lJHIThPTmZ/nJbLG6jzezwsZKTAnP9a 5GCcNSfoctOMKBHIFTJ+h7fj2HGtYTDHmewCgO+nu2cx4Ge4N/MwOda2i g=; X-Files: brski state machine.pptx : 33735 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D5AQAW7gBY/4ENJK1TCRwBBQELAYM9A?= =?us-ascii?q?QEBAQEdgVqNLakugg+CCIg3OBQBAgEBAQEBAQFeHAuEaCdkAVAwJgEEGwYLiDm?= =?us-ascii?q?mI5xoAQEBAQEFAQEBAQEBEw+GPYhtCIYGBYhNkTkBgz+BeIpBj3yQdwEeNlKEa?= =?us-ascii?q?YZ6K4ECgQABAQE?= X-IronPort-AV: E=Sophos;i="5.31,493,1473120000"; d="xml'?pptx'72,48?scan'72,48,208,145,72,48?jpeg'72,48,208,145,72,48,145?rels'72,48,208,145,72,48,145"; a="157966496" Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Oct 2016 14:42:15 +0000 Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id u9EEgElj004959 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Fri, 14 Oct 2016 14:42:14 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 14 Oct 2016 09:42:14 -0500 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Fri, 14 Oct 2016 09:42:14 -0500 From: "Michael Behringer (mbehring)" To: "anima-bootstrap@ietf.org" Thread-Topic: BRSKI State Machine Thread-Index: AdImIxW8sCw9I7ieQW++wlMDDTidqA== Date: Fri, 14 Oct 2016 14:42:14 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.134] Content-Type: multipart/mixed; boundary="_002_c41c231f3906477f97f1641617de025eXCHRCD006ciscocom_" MIME-Version: 1.0 Archived-At: Subject: [Anima-bootstrap] BRSKI State Machine X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Oct 2016 14:42:18 -0000 --_002_c41c231f3906477f97f1641617de025eXCHRCD006ciscocom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Folks,=20 You know that I'm doing a complete thorough top-to-bottom review on the brs= ki draft, but I'm only half-way through right now. (Yes, I'm taking it seri= ously ;-)=20 I'm bringing forward here a single topic that I think is fairly important, = so that we can start discussion about that. And that is the state machine. = My high-level observation is that I think the draft isn't precise enough ye= t to allow for independent, interoperable implementations. There are too ma= ny "lose ends".=20 So, I started looking through the state machine (figure 3), and thought thi= s through in more detail.=20 * First of all, one thing isn't coming out clearly (it's there, but somehow= not obvious at all): We have three "paths" through the algorithm, and it i= s the *pledge* that has "hard coded" which paths we're taking:=20 1) join any domain (first come first join) =20 --> No MASA required 2) require audit token=20 --> MASA required, audit mode 3) require authentication token=20 --> MASA required, ownership tracking mode [I really hope we agree on that!!!] This needs to come out much more clearly. Should this "hard coded" behaviou= r be changeable under certain conditions? (Don't think so, but...)=20 The knee-jerk reaction would be to put this under 3.1, but I think it's mor= e important than that! It should be explained very early, somewhere in 1), = maybe in 1.2. Happy to write up some text if the team wants me to (and if = we agree ;-)=20 * When you try to do a state machine with figure 3, there are a few things = that don't quite gel. Main points are:=20 - "Identity" isn't really a state in itself. I would argue a pledge USES it= s identity in the next step.=20 - I think we need to bring out more strongly that the state machine needs t= o track peer and domain. Because, if there is a failure, the pledge should,= depending on the failure of course, not try the same domain again, and pro= bably not the same peer either. This isn't coming out today.=20 In fact, this is why I liked the "adjacency table" so much that I presented= in Berlin (and before): Because there you see much clearer that, if enrolm= ent fails with peer x, you may just move to the next one. As mentioned it's= all there, but to a new reader this won't come out clearly, I'm afraid. - We may want a "reason for rejection" if the domain rejects a device (for = all negative cases). In some case, it could be a "wait a minute, I'm curren= tly overloaded", in others "we don't like you in this domain", or "your enr= olment mode (see first point) is not acceptable".=20 In "real life" this would allow some visual feedback at the install site, s= o that the engineer knows whether he should wait or can go.=20 [note: there may be security reasons to NOT give a reason for rejection, ne= ed to think more about this] - I didn't quite like "imprint" as a state either. To me, the next logical = state was "validation". see attached ppt for more details. But bottom line,= we need to reflect the 3 "paths" through the algorithm here again.=20 - And finally, I suggest we rename "being managed" to "enrolled". Reason is= : I'm also drawing up a complete state machine for an ANIMA node, and there= I think the main "transition points" between BRSKI and ACP is when the dev= ice is "enrolled". Thus I suggest to call the final state in BRSKI "Enrolle= d", and the first one in ACP the same. (Besides, "being managed" doesn't so= und right when we're talking a fully autonomic device.) In the attached ppt I made those few changes, and I marked with a red star,= where I think we need more work before any last call, apart from what I a= lready mentioned:=20 - we need to specify precisely the discovery method, with mDNS field names,= and other details. In my head we're using mDNS here, and I *think* we agre= ed on that? But, we'll need the same method also for the ACP draft: When bo= th nodes have a certificate, they need to discover each other as well.=20 I've been haggling with Toerless about this :-) I think we should take th= e mDNS insecure discovery into a separate, new draft. This is likely very s= hort, BUT: I think it doesn't really belong in the BRSKI draft (specificall= y if we use BRSKI also for non-ANIMA environments), neither in the ACP draf= t (because we also need it in BRSKI). Having a separate draft would be very= clean. However I understand (when pushed hard) we may not want to do this = for admin reasons.=20 Alternatively, we specify the discovery in the ACP draft, and BRSKI refers = to it. I like this less, but will not scream murder if others insist.=20 So much for now. Still on the full review, but this is pretty high level, a= nd pretty fundamental. Happy to help with text and/or ASCII art if we decid= e to take on some of these points.=20 Michael --_002_c41c231f3906477f97f1641617de025eXCHRCD006ciscocom_ Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation; name="brski state machine.pptx" Content-Description: brski state machine.pptx Content-Disposition: attachment; filename="brski state machine.pptx"; size=33735; creation-date="Fri, 14 Oct 2016 13:57:57 GMT"; modification-date="Fri, 14 Oct 2016 14:36:43 GMT" Content-Transfer-Encoding: base64 UEsDBBQABgAIAAAAIQAuFw2NrAEAANIJAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAAC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM lsluwjAQhu+V+g6RrxUx0EVVReDQ5dQFqfQB3GQAt45t2QOFt+8kAZQiILSAyiXSxPP/83kZy63O JFXBGJyXRkesEdZZADo2idSDiL31HmrXLPAodCKU0RCxKXjWaZ+etHpTCz4gtfYRGyLaG859PIRU +NBY0DTSNy4VSKEbcCviTzEA3qzXr3hsNILGGmYerN26g74YKQzuJ/S7IPmwMGDBbZGY1YqYTDOD fICv1DhQfkkjrFUyFkjjfKyTJbLajCokZZ7jh9L6M0pYUyEbWV9gpnuh5XQygaArHD6LlLK4tcit A0+6PDfc7LQC1fT7MobExKOUJGHZLFU/wjAVUs8nsQ7GK/r5JDzS1peDxr7JSt5bMc1oDsNRRaAN gp+vSinYO03Ju4opU3adsf4QZyY3riIYS/g6CMHCuIoA6V6B4rv7VuQ2lRXFu4JXnCrY+6xL1lt1 xKOYmhHO+qIIDtMdhfdfmZpHyHR+hEwXR8h0+Y9Mpd7e/QhV9jZl5jcOvUEc/L7c/MGQqWuWjMCh 3NzHi4pkvfP8IHuLJJCsqM3zF1n7GwAA//8DAFBLAwQUAAYACAAAACEAaPh0oQMBAADiAgAACwAI Al9yZWxzLy5yZWxzIKIEAiigAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAKyS20oDMRCG7wXfIcx9N9sqItJsb0Toncj6AGMyuxvdHEim0r69 oeBhYS2CvczMPx/fJFlv9m4U75SyDV7BsqpBkNfBWN8reG4fFrcgMqM3OAZPCg6UYdNcXqyfaEQu Q3mwMYtC8VnBwBzvpMx6IIe5CpF86XQhOeRyTL2MqN+wJ7mq6xuZfjKgmTDF1ihIW3MFoj1E+h9b OmI0yCh1SLSIqUwntmUX0WLqiRWYoB9LOR8TVSGDnBdanVeIh5178WjHGZWvXvUaqf9NaPl3odB1 VtN90DtHnue8polvpxhZxkS5FI/pUzd0fU4h2jN5Q+b0o2GMn0Zy8jObDwAAAP//AwBQSwMEFAAG AAgAAAAhAEv1Pey9AAAANwEAACAAAABwcHQvc2xpZGVzL19yZWxzL3NsaWRlMS54bWwucmVsc4zP vQrCMBAH8F3wHcLtJtVBRJq6iCA4iT7AkVzbYJuEXBT79ma04OB4X78/Vx/e4yBelNgFr2EtKxDk TbDOdxrut9NqB4IzeotD8KRhIoZDs1zUVxowlyPuXWRRFM8a+pzjXik2PY3IMkTyZdKGNGIuZepU RPPAjtSmqrYqfRvQzExxthrS2a5B3KZI/9ihbZ2hYzDPkXz+EaF4cJYuOIVnLiymjrIGKb/7s6WN LBGgmlrN3m0+AAAA//8DAFBLAwQUAAYACAAAACEAPy0ZnhoBAABnBAAAHwAIAXBwdC9fcmVscy9w cmVzZW50YXRpb24ueG1sLnJlbHMgogQBKKAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACs lMFKxDAQhu+C7xDmbtOuuopsuhcR9iCIrg+QbadtME1CElf79oZVa7osxUOO82fmz8c/Iav1Zy/J Hq0TWjEoshwIqkrXQrUMXrcPF7dAnOeq5lIrZDCgg3V5frZ6Rsl9GHKdMI4EF+UYdN6bO0pd1WHP XaYNqnDSaNtzH0rbUsOrN94iXeT5ktrYA8qJJ9nUDOymvgSyHQz+x1s3jajwXlfvPSp/4gqqtEf3 yJ1HG2y5bdEziMRJR5EFf6CnsW5SYnm+k/jiBxnCHbEicQ5kkRLESVHjH8Kh/FFn0yiSQxwvKRIn HbNYy6RLCrNRNofyW5xluE7JsBf48WS1iZ7JKM1BXKWEMBbdEcQo/ULQyfdQfgEAAP//AwBQSwME FAAGAAgAAAAhAPR3BHKaAgAAew0AABQAAABwcHQvcHJlc2VudGF0aW9uLnhtbOyX3W7aMBSA7yft HSLfTmnIf0CEqqzLNIlJqLQP4CamRHXsyDYUOu3dd5w4CaXV1AfIFbbP8fn5bJxz5tfHiloHImTJ WYrcqwmyCMt5UbKnFD3cZ3aCLKkwKzDljKToRCS6Xnz9Mq9ntSCSMIUVbLXADJMznKKdUvXMcWS+ IxWWV7wmDGRbLiqsYCqenELgFzBfUcebTCKnwiVDZr/4zH6+3ZY5ueX5vgL3rRFBaBOH3JW17KzV n7F2nsXbkCQ+kM3+URKVcaYk0EELSFvS4jeWiohfxUqqixWrLFLkuUEcJH4UADsx0ysgcZGzmDsf bWdcEfm/tcGIb4x8tAUMvx23scSTsyC8IYhz3c2rlR8hP8+dQv6wIT+lKErCRE+cPh6j1gkarakb BL1WQbZ4T9U9OaqNOlGymGO9tl4LM7pbC4tifbUIsx82TTTnKvRA3Rp0KixWKQIXmD7BtaTIAp17 /Lh57TxCUoo2KgSv2FI86+Ox9CVgZgqiHbiCm7bes1y1x9dHIcGSm2g7z0Tomw+JN3LJaVlkJaXN RN8b8p0K64DBmzq2p3ih1Xi11KmG9HP4j3yrmE2V1sQzgi8EBLeCXF4IcjnguNM4nJ6HQeMNaIIw 1gGPfBooho8/8OkgjHw0FMMnGPi4fuxGI6COigEUngFKvKSJfgSkqRhA0QDI85Ko+QqMgDQVAyg+ AxQH/vhG91QMoGQApOmMj3RPxQCangGKwnh8pHsqTeX6vsSsZzA2tSyMrL0oU/TnR3aTLT3ftyeR n9mBtwztBD569vQ287PQXd64k5u/up53Q10B/9yXBQEjXefghu96h6rMBZd8q65yXpkmxKn5CxE1 L5s+xPXazqGtsSGW7reJznnbMS3+AQAA//8DAFBLAwQUAAYACAAAACEAw8KrQOwMAAAveQAAFQAA AHBwdC9zbGlkZXMvc2xpZGUxLnhtbOxd627bOBb+v8C+A+EfgxRoavGmSzqZQZI2ne62M0XS2cX+ WigSZauVJQ9F57IXYIB9jV1gn21eYF9heZFky5Yd15YTt1V/1IpEkTzkuXw855D69vvbUQKuGc/j LD3uwWdWD7A0yMI4HRz3fn5/fuj2QC78NPSTLGXHvTuW977/7ve/+3Z8lCchkG+n+ZF/3BsKMT7q 9/NgyEZ+/iwbs1Q+izI+8oX8kw/6IfdvZK2jpI8sy+6P/DjtFe/zdd7PoigO2IssmIxYKkwlnCW+ kD3Ph/E4L2sbr1PbmLNcVqPfrnXpO0lZcJmE6jcfv+eMqav0+hUfX47fcf34x+t3HMShHK8eSP2R HJZev3hQFNN/ptf6oj/3+qC89I9uIz5Sv5I2cHvck4N/p/7vq3vsVoDA3Aymd4PhTw1lg+HLhtL9 soH+TKOKKtO5RXJQSc77WCQMwIqqsr/5+E0WfMxBmkl6FPmGvKqEoVn9jodA3I1lVUJVVZQzD/XF tDONI+FiV06JJhHbFCK7PibQopDaqoAilmJK3QWKTc3jI3F7moV36u0r+WtaSyUnnExEFsUCRFkq LgM/kX31LPmvqGdaOMnFpbhLmO7BWP2nb3M5aImvxISlh69OeyCMudBDD/KROEuYn1bzI767lKzG wFs/GMYpOwKnF5d/fA3eJSwcMNWa0G3qelkavvO5f7G0etO/sSayJE7Tu3py7XJyL1ggBXogJ5jW JniBZ++ZI+RYlmubSUIQuQ7W9c3Mkm1DQqGZJIIxQag2SZIInotXLBsBdXHc47JnPXXfv36Ti4LO okhtTnM1H3pu0gsWSfJUd/SbWuTZWcLBtZ8c9/wgkFIOzaOhHzJzm85MdPWG/ktXqEpHcZJUdRcV NNdtqinKa/qjSBJSvWzd/3L1hm5ZMmT18iiWvNpUQTJt2ZQ3A2QGZpHrARfJWZZo9vTTYJhJnRsI biZskcPlOAM/GaQzhZqZPv+bHB0tqivZ/0WcB5k0M3drMntDtSvZPrhNLwvOP1OX88zvlsx/Kbgf D4YCnHCe3YCzLE3lyGccOJUsVBXIMRfyD10BkTUUbGZ4PA3LR3bxxHSxXkVdoGZuL5EpTDGkrq1l CtoIW86cTJUqz6K2XVd5C9KUF6RWNBoubpQtxfh6pvw4eZmGpe7msVYURTuqyD1CuIagNEvYGkLy 0BImbldImJrnkueW61yvMqhy/k6zW+DWNC5QfKxH7VN1LyYeJbZr+MSxHGTrOmZ0L8GupRhJcQty bM/zttG9ymSey/E33VtmWsEN9yUsSCVS7M0oHIMclL09j4uaP926rqlofNnK4ZySWb9CxrkGdQ0V B1kabVxvQ30gTgXjkR+wfEc6cTlbQmsRC2j22BILQAPYLNtxYYcFOizQzPkX7JcJy8XhH7I4rbG+ YeUdtXqQMmkMr7IJfwrCTC31njwSFoHVqnEpGIG6ieVopIQci2BEifZO0AiiNoJUo6QZqZ6iEapN W4dG9hiNQDIPRyDeAR5BtmVDOufFwNhzLVLgEWJLc6ANxBePRyQZLL6WK/7ffv13nF7HgoGISyK/ ScTzSiN9MxDPgcj0TaOb1J3ffv0PWK4f1+5ViTdaBS8HQz8NJWooyAvBiOW5P2D55s2swF5RHGVt dv8pmKQiTtScsJRniRrpXDlodmUSVshkg1vGYKdW/DLEsmzX67BYh8WaJeFPfhKH2gn+WGDIuR8M aefvcjBUQZ4GNLS1bwZESTz+oeS0BlyEqQUR7nDR54yLKu9ghYum3sD2cBGmLi1U7ZRTJFZC0EFf nZ9mFhcpHhgLcDCFP0DwSS4KhajRkXqmbbUK/oE4jTJ1+8k/DvSTXYAOfxLG4q8i+8jmdeNWhBfd 3l2vxXBHnZYo6ZGMBKr8VS+Tq7ptmLqtVtuG0j06tQ0IFo/IxraBZ0I14SrUYsSnhGDIdgj2zHKI QMd2dSNTsS9Ql5Z615aP9UJsudRfSa6vqDaIqrMQD2chFK8YBvxJVgnQ1D2zEUCHHkUWMtyBHIws zcWzzntCHGK4o7heyR0skSAlZx1E31OIvkRPbqcTK2fOUuCMpt6dRuVYacAyu2IxpjmT4bGxFxFh 7NlO4UXEhBIyl82BbQjdgt27mObe68JqxVaiZZOd0wJahh60qVWsq5BL6Hzej4Oh51HDKTaxMS6p +UrAcgvuwKb6JQbn7IMcq101oNBuidm/fzwcifEyHIn1smwFjqwpxGYcaZxo7eLIWaTQpDoLD4NB Cq7jwvuSQmpAEk9lQ10MwmJ0/PCDJCoaJf5xT+EdKZeOVfoxiuKdqt29qsV0XtVijQTbULXEQS42 nCVXIg5ZwKBYal8VMfrKAjbXlUcURJKbWbgjlXgw5tl1LFF1xFh45Qcf67GHTWIJuCGWYHIyW8nr IB6hnjPv6exiCV0swXD0S+WeS+J08FjW/f5QAr4vlLA8sUIJ104SK+T63sLG4dwYQOjSPPfeTpPK P1nZ6Xo63RYBBBU+QCaAINdDhFpznkQol0G2WjN9ZQGEGTudTyQP5Hk0SbY2oaRy9BUmdJL4HJz5 SZJNBCDb+f2o43mW8mWr5a2HLXc+nQojqRQ8p4DzNiauWQAvn8wbtYFEdbXo4pqA/tAr9Uq9EKoV wlCixJWov4lXOru9Y7t9n9hcafPRLDy6s5mUHDVv+g8+uKr6rdef1dhPiyl5Mhw9mzHQvjti+969 jjZOQNq+ceXleA04+2USc7Z1ItT2/dk+FtjCmAzE86MW+GT7ngAA4qiVaPGXMzOqdBweAZAqE6RT 4I5AM45/xGljSS67Ba4SuUpO4lzM5Uk+r/W+eafZhsqptQlXJMQb7x9pYRT3TzdtnV3RknJqw4p9 adppT+amVE+ddtpN703XG0f32eZOnI37NW1jGzcQqU4xmA/ykOmBBo3en8rF8xhBHnxPkMcrVvgu dBC5x8e6UZAHOR41I9QFeR7UeVQFJUvnkZneNoI8GLlYhQeVKxE6xF7IU/5KgzzTTNLPLcZDKid3 o4OqnonxqfxCPIwpJeWJHjYpfUQlv3gEWV7JLpbteKV7qGX3FIQWKXeQLfVPUWTI7bxTn5N3alee n7c/X74HCn/Ngda9cEu9PfkLyCWc2FtQtULhVJsjLrJJGrIQTIPLxjvcykY1CF3PpjphcZvgsuqi 6t9yRVPTIDOj1qRCOr3x+Uajz30Ffu9AyCJ/kogH39hJp2dsLMrNlodt2B6FiBpY50LkovnDXzq5 6eRmqyyOOUj8cEkcimvvSeIwwHCNZfxiEocSyp3sB0XUVT3XhxE6HjYx+JkVvKM6ta40dhkdj74o V4ug+qLcYJNWMjps6NlmbxiVWto2SUkz2ptato0L7f2FZnSU6/A2NylWa/oW80FolYHbtNym9Wzc T+UEBzoeVS1o/Kt2Ac7ng2Bp6NU2wp3ng0CplkzO0sqEEEruSQPvltz7vOTefiF7AqI6rpa/13HA wMFYn2X7BMQ5iFMg1QjIIiCGLGdglIUsfwqGPg9BIK/DVTE3pVtHPn+j9s4jT3U/lug5lbx9WNzQ 4zRROunHyagweBKaXMWBRCgsvSgBiOnzAw7Oh0xS7qd3xfli4CCKpWhIkkcMmMtW1F07HX0CHi9T xjzT11cP1KoyXA9BpfzjzjClOtrxuPfnOB2ow9TzHhj7aZbLW5ZWaPV/8mksguG5P4oTZfWlypfi kjNRRpxmZu9///ov+DEDb08uT8qA/n44lj5/CS7zI3QEHOgI+LyUdAy7EcPWuPVpMcDKMHwxluAB BnLKntKwpiIOTP5zU6bGrtl0x9R+2dyf3aSMq29WALnSDz7K9hZF4fOIDtBqyxk9fCdRhQCXQi6Q 6Ha7zmzHw6V/06MOmj/ADkPHIcWyCCMPmhX0KoeKz+mqFfLysTs/X8Y4xu+y/M2z5aO+hj+mWyDt 35EcK8RgPiqvPq6xXSzeoxiq7WhaBmwPkYV9P9RV8feWvERruoYeMknjCLzNpLG7yfhHkDIW7swn vWJeq+BnXb1tF/dUeVaOiqvqQ+Gg7bnzB6J0+q3Tb3ul36oPWdTloP45i0+VA9dGRNl2sx9OKby5 wxE7OejkYK/kQCWrNMnBdvF8YlnEsZ0i7c5BjjnWqJODTg72VQ6qKH1NDky66OZ5LcRTRyGUuMiz 7LkweicHnRzslxxUe03qclD/cuYnp+1biNoeKQLDcoEgcVInCJ0gPLIg6J/yg7iSE3X8X1+BCY+P e38/PfVsdOaeHp5Ccn5IXnjO4cm5TQ/PKSbk7NQ9OcMv/6k+sAvJUcCZdl6/Lr8hLG8ufLd3FAc8 y7NIPAuyUfEB4P44u2F8rIStjyxoFR8S1oOIkEVcbLlmPd3XfSt/TbbC9Nu+QcLf+uOfrrUAysYE 42f61jhOB0Vy2LSIol2+938AAAD//wMAUEsDBBQABgAIAAAAIQDV0ZLxvAAAADcBAAAsAAAAcHB0 L3NsaWRlTGF5b3V0cy9fcmVscy9zbGlkZUxheW91dDEueG1sLnJlbHOMz70KwjAQB/Bd8B3C7Sat g4g0dRHBwUX0AY7k2gbbJOSi6Nub0YKD4339/lyzf02jeFJiF7yGWlYgyJtgne813K7H1RYEZ/QW x+BJw5sY9u1y0VxoxFyOeHCRRVE8axhyjjul2Aw0IcsQyZdJF9KEuZSpVxHNHXtS66raqPRtQDsz xclqSCdbg7i+I/1jh65zhg7BPCby+UeE4tFZOiNnSoXF1FPWIOV3f7ZUyxIBqm3U7N32AwAA//8D AFBLAwQUAAYACAAAACEA1dGS8bwAAAA3AQAALAAAAHBwdC9zbGlkZUxheW91dHMvX3JlbHMvc2xp ZGVMYXlvdXQyLnhtbC5yZWxzjM+9CsIwEAfwXfAdwu0mrYOINHURwcFF9AGO5NoG2yTkoujbm9GC g+N9/f5cs39No3hSYhe8hlpWIMibYJ3vNdyux9UWBGf0FsfgScObGPbtctFcaMRcjnhwkUVRPGsY co47pdgMNCHLEMmXSRfShLmUqVcRzR17Uuuq2qj0bUA7M8XJakgnW4O4viP9Y4euc4YOwTwm8vlH hOLRWTojZ0qFxdRT1iDld3+2VMsSAapt1Ozd9gMAAP//AwBQSwMEFAAGAAgAAAAhANXRkvG8AAAA NwEAACwAAABwcHQvc2xpZGVMYXlvdXRzL19yZWxzL3NsaWRlTGF5b3V0NS54bWwucmVsc4zPvQrC MBAH8F3wHcLtJq2DiDR1EcHBRfQBjuTaBtsk5KLo25vRgoPjff3+XLN/TaN4UmIXvIZaViDIm2Cd 7zXcrsfVFgRn9BbH4EnDmxj27XLRXGjEXI54cJFFUTxrGHKOO6XYDDQhyxDJl0kX0oS5lKlXEc0d e1Lrqtqo9G1AOzPFyWpIJ1uDuL4j/WOHrnOGDsE8JvL5R4Ti0Vk6I2dKhcXUU9Yg5Xd/tlTLEgGq bdTs3fYDAAD//wMAUEsDBBQABgAIAAAAIQDV0ZLxvAAAADcBAAAsAAAAcHB0L3NsaWRlTGF5b3V0 cy9fcmVscy9zbGlkZUxheW91dDQueG1sLnJlbHOMz70KwjAQB/Bd8B3C7Satg4g0dRHBwUX0AY7k 2gbbJOSi6Nub0YKD4339/lyzf02jeFJiF7yGWlYgyJtgne813K7H1RYEZ/QWx+BJw5sY9u1y0Vxo xFyOeHCRRVE8axhyjjul2Aw0IcsQyZdJF9KEuZSpVxHNHXtS66raqPRtQDszxclqSCdbg7i+I/1j h65zhg7BPCby+UeE4tFZOiNnSoXF1FPWIOV3f7ZUyxIBqm3U7N32AwAA//8DAFBLAwQUAAYACAAA ACEA1dGS8bwAAAA3AQAALAAAAHBwdC9zbGlkZUxheW91dHMvX3JlbHMvc2xpZGVMYXlvdXQzLnht bC5yZWxzjM+9CsIwEAfwXfAdwu0mrYOINHURwcFF9AGO5NoG2yTkoujbm9GCg+N9/f5cs39No3hS Yhe8hlpWIMibYJ3vNdyux9UWBGf0FsfgScObGPbtctFcaMRcjnhwkUVRPGsYco47pdgMNCHLEMmX SRfShLmUqVcRzR17Uuuq2qj0bUA7M8XJakgnW4O4viP9Y4euc4YOwTwm8vlHhOLRWTojZ0qFxdRT 1iDld3+2VMsSAapt1Ozd9gMAAP//AwBQSwMEFAAGAAgAAAAhAEC+GyqHAwAAdAsAACEAAABwcHQv c2xpZGVMYXlvdXRzL3NsaWRlTGF5b3V0NS54bWzkVl1u2zgQfi/QOxDss6J/WTbqFJYdBwWybVCn B2AkKhZKkSxJu3aLAr3W9jg5SYeUlDhpYLTYfVh0gSAcDocz3wy/keflq13L0JYq3Qg+xeFJgBHl pagafjPF76+WXo6RNoRXhAlOp3hPNX51+vzZSznRrLoge7ExCHxwPSFTvDZGTnxfl2vaEn0iJOVw VgvVEgNbdeNXinwC3y3zoyDI/JY0HPf31a/cF3XdlHQhyk1LuemcKMqIAfx63Ug9eJO/4k0qqsGN u/0QktlLyPaaEf4BI2emtqAI8SlkXq5YhThpQVE4C6vU8kpRaiW+PVdyJS+Vs32zvVSoqezd/g72 +4PezG351gn+o+s3g0gmu1q1doUSoN0Uw0vt7X/f6ujOoLJTlvfacv32CdtyffaEtT8E8A+C2qw6 cD+nkw7pLIih6JKRkq4Fq6hC8V2CA3QtL0T5QSMuIDVbiS7TO4sufbvKdV/6ygDxPsMjElZjCAhw o/5aZ+uEe5hP1iiPc3hTl3wWp/D3qFzRKImdgS1DnKVhlD6oBZlIpc05FS2ywhQrWhps9WR7oU1n Opg4SB0QOTG7QlR7a3kNK5QMegzur4X6jBF7zfUUj8MkgdDGbZJ0FMFGHZ5cPzgxbC6YezPCS/Az xaVRXTpMm5XZM+rkLQsBAyLsBhqaObAVrd+BypYztOm6JxGsqZYNY25jW4TOGcAkEMPsLM/JxDTc dJpRGgQDTe6Mu929H3+I5MQeSCcfAJTuAXh1SRSxqKCB4FNDuXdeYFQ1yhwwUrqaDrV05T1Oymwg 5VIIA1Q8pGXyb9Cyhpq7Qn7cEAURemo6yv8WNZMgzrNj3EzCMMn/ZG5ak/8XO0cDO1eAiqI3m/b6 EUfdE/9TjsIPM7h+iqauBX7vC5qFwVGa/vGf0P8qSWuYQSypvhRRMcvT6MwrglnsJWlQePl4Fnh5 ES0WRZgs4zT/Okw02jKPAzusC/WY4Lo1c0YJv5sVzOntt79f3H77biEYBwTiHumRI53hlmFGAvrA 6/cS2qjGJlKMs2ieF54F7SWL8cibLbPUW6ZxksyLfDaPz77aWStMJqWibmp7XQ3zXpj8NPG1TamE FrU5KUXbj46+FJ+okqJx02MY9PNe90R5PIqyaDTu2wSgDasDa/tuZdOHlam/iHy7dT0DsaDH5k4l YbrtW/TexKY+TMunPwAAAP//AwBQSwMEFAAGAAgAAAAhAKNabBTNAwAAxgwAACEAAABwcHQvc2xp ZGVMYXlvdXRzL3NsaWRlTGF5b3V0NC54bWzkV9tu2zgQfV9g/4HgPiu627JRp7DsOCiQNkGdfgAj UbFQiuSStGu3KNDf2v2cfkmHlBQ7iRs0u31YdAHDvA2HZw7PEKMXL7cNQxuqdC34BIcnAUaUF6Ks +e0Ev7teeBlG2hBeEiY4neAd1fjl6e+/vZBjzcoLshNrg8AH12MywStj5Nj3dbGiDdEnQlIOa5VQ DTEwVLd+qcgH8N0wPwqCgd+QmuNuv/qR/aKq6oLORbFuKDetE0UZMYBfr2qpe2/yR7xJRTW4cbvv QzI7CdGa2jB6ydkOI2eqNjAZ4lOIvliyEnHSwMS1tULOzK5oea0otT2+OVdyKa+U2/Bmc6VQXVoH 3UbsdwudmRvyjev4D7bf9l0y3laqsS1wgbYTDFe2s/++naNbg4p2stjPFqvLI7bF6uyItd8f4B8c aqNqwT0OJ+rDaXkI76Lq8Wp5IYr3GnEB8djw2/DuLNqYbStXh8R3du2i6+zBdGSZbS7KnT3kBlo3 ScZMm6XZMeoG0v45GArwMmJ1Tbn3bgm6bsyMUcLvCDGnM1YX75ERiJa1Qa+JNlQhBwayAFxadozj yLmkvLwiirw99HyedyxKB7pH6PcUfp/IQU/knBiKrhgp6EqwEhDEP4PT0kDIHyEtCKswHLi1V/ck xUfElsUZZIlT0SBO4fdAd9EwiZ2B1VM8SMMovScqoEVpc05Fg2xnghUtDLbzZHOhTcdcZ9Kx1gJ6 eNX21YL9K6E+YsRecT3BozBJ4GjjBkk6jGCgDldu7q0YNhPMiZ/wAvxMcGFUG04vIdffsBAwIMJu QSrMgS1pZS/d0hnacN2VCFaXi5oxN7CPDp0xgEngDLO1rwZop+amnRmmQdDn251xO9r78fuTXLcD 0vYPADqJf0eKqKyVOUjtZ4ty2ItyIYRNhkNZJj9DlhVw7oj8c00UnNBJ00n+WdJMgjgbPKXNJAyT 7FfWpjX5f6kz69W5BFQUvVk3Nw806q7432oUSh1wfUymLgWe94IOwuBJmf7yT+h/VaQVVHRWVJ/y KJ9maXTm5cE09pI0yL1sNA28LI/m8zxMFnGafe5rRG2Vx0Edj2oMK/AjNcbXL3/98fXL3/tSAs79 Z8WEa/piE+QDt9/10FrVNpB8NIhmWe5Z0F4yHw296WKQeos0TpJZnk1n8dlnW7SGybhQ1NXBr8q+ gg6TRzV0UxdKaFGZk0I0XTHuS/GBKilqV4+HQVdBuytKozgYRWGQdWkC0PrWgbV5t7ThQ8vUayIv Ny5nGld5zdyUhO+FLkX3Jjb0/vvj9BsAAAD//wMAUEsDBBQABgAIAAAAIQAR7FNwZAQAAEgTAAAh AAAAcHB0L3NsaWRlTGF5b3V0cy9zbGlkZUxheW91dDMueG1s7Fjbbts4EH1fYP+B0D47utuyUaeI nLgokDbBOv0ARqJjbSlSS9KO3aJAf2v3c/olOxxJtpM4gd3koegWCMzbcDiXc6gJX71elpwsmNKF FEPHP/IcwkQm80LcDJ0PV+NO4hBtqMgpl4INnRXTzuvj3397VQ00z8/pSs4NAR1CD+jQmRlTDVxX ZzNWUn0kKyZgbSpVSQ0M1Y2bK3oLukvuBp7XdUtaCKfZr/bZL6fTImOnMpuXTJhaiWKcGrBfz4pK t9qqfbRVimlQg7vvmmRWFXhrbuXF9V8OQTm1gBnfOQbXswnPiaAlTFzdSjKSwoAaXNLVlWLM9sTi jaom1aXCHe8Xl4oUudXQ7HTcZqERw6FYYMe9t/2m7dLBcqpK20IkyHLoQMJW9te1c2xpSFZPZpvZ bHaxQzabne2QdtsD3K1DrVe1cQ/dCVp3rgrDGfHXXrX26upcZh81ERL8se7X7q0lap9tW83asFtV jVy9iJ2NMU2wzDKV+coecg0tTtIB12ZiVpzhoLI/aIYCezm1qGai82ECqC7NiDMq1gExxyNeZB+J kYTlhSHvqDZMETQGOAAqbXQMxghVMpFfUkX/3Nb8Jm2iWKHRrYVuG8LHAxm2gWzQRC45zdhM8hyM CJ4XVv0J2ED51IGTlhvhR2K7A2VJmAA5ED5+EsTdIL4LuNhP/K4VsECKwtgPw+Q+nGrVe2etsmFd 8HV6nplFaykmUd/JYp2p+0digA44csIyKXLC2YLxPdRjNg9QfzUr1P7awwO1j+Vcmdne6qND1RfT ndpfmj/RU/zBmLwYfzB/B/Gn6/eCXwT6RaAfmUBJS6BTathLsqf+qOfGefAdqkuO7/wQdcMY/u5V PkEvClHA8ijsxn5NtDWNIC5KmzdMlsR2ho5imS3c6IAuzrVpQteIPMk6WzXD/plUnxzC3wo9dPp+ FMHRBgdR3AtgoLZXru+sGD6SSE9CRQZ6hk5mVO1Oy2bsL7hvwUP5DcCCo7E5m9qs23j61l3MieRF Pi44x4EtetmIg5kUzjBLW7gCeAq4GHGmF3teW/GthevRRo/bnoTdxpC6v2UgwvsRLJK8UGaruDwY lf0WlWMp7T20jUtk0nNxOYWYYyD/nlMFJzTYRMwfBM3ICxO8wh/DZuT7UfIzY9OK/L/QCTdYA88J mMXI+3l5fQ+kmOPnghT+1wbVu3CKHDjsCu363pM4/env0B8VpVOeI6o+p0F6ksTBWSf1TsJOFHtp J+mfeJ0kDU5PUz8ah3HypX2k0BZ5AtDxoKCwCN9RUHz7+s8f377+uykm4NzvKyewad87AD6Q/aZH 5qqwjqT9bjBK0o41uhOd9nudk3E37ozjMIpGaXIyCs++2HcTPxpkiuFDzNu8fcLxowePOGWRKanl 1Bxlsmxeg9xK3jJVyQIfhHyvecLBFPlBEPWiKPD6DU/AtrZFay3xJtZ/aLl6R6uLBZKmxLJ3hFNV IW4ajm5ErO/tC9jxfwAAAP//AwBQSwMEFAAGAAgAAAAhAIDQU2p4BwAAtjAAACEAAABwcHQvc2xp ZGVNYXN0ZXJzL3NsaWRlTWFzdGVyMS54bWzsWutu47oR/l+g7yCoP1utdZdsrHMQJ+ttgJxtsMl5 AEaiYjUUpVK0N9niAPssfYv2cfZJOhyRtuy1U+eyxWbhBLCo0Wg4nO/jcEj77S93FbMWVLRlzce2 98a1LcqzOi/5zdj+7WrqpLbVSsJzwmpOx/Y9be1fjv74h7fNqGX5r6SVVFhgg7cjMrZnUjajwaDN ZrQi7Zu6oRyeFbWoiIRbcTPIBfkEtis28F03HlSk5LZ+X+zzfl0UZUZP62xeUS47I4IyIsH/dlY2 rbHW7GOtEbQFM/j2mktHML7skuXqen3TfX6khVXmdxAl1/VAg4zQMj1hwloQNravbzx7cPR2oJV1 S73cNleCUtXii/eiuWwuBPbwYXEhwCaYtC1OKoivMoAPtBre8gU2Bhuv35gmGd0VolJXCI8FHgKK 9+pzoGT0TlpZJ8xW0mz2ty262ezdFu2B6WDQ61SNqnPu2+H4ZjhXpWTUumAko7Oa5cAVDBHqGt/b 5rzObluL1zA2FYpuqEuNbvzq2swsed+AWanMar3uITZWjm2NShqkgDAON4gjz4/W4+O5kRfFSkEN 3Av8KIqDteGTUSNa+Z7WlaUaY1vQTCITyOK8lZ2qUUGfOk+akbyb1Pm90ryGK0QJphy8P6vFZ9ti Z7wd20MvDKFviTdhlPhwI/pPrteeSHZSM4SJ8AzsjO1MCvSFA8GP57IuSu1R16V6xFp5Ke8ZxXE3 6gPFAhxiRM14yp3fLmHGV/KEUcKXvJBHJ6zMbi1ZWzQvpaUnPuIA+QFMqo4kdocmKc8viCAf+5bf T3Q0G4yNiQmG6WE+BUs+KbD6dPJfgk4qQLae289hlZf6UfwwrcIg8oIg/fFp9WgmNQrqBb6Lwu3M ykshMa3szzEVSKRYu8axjkebnSN+T+r8kmY1zy1GF5Tt0RES70kdXc1KsX8/mIGe1M+0ngs527uj 8OkdlcXWfnZmgZW5J+aD2OSDS1bm1Powr66BKf28gJPwuXkBKhwwDWP+PLb/MScC6KjTBAbrcWki 9lzMAjDuOICVJdpYnv0kDDCRqDSxWp9e0eKDwzGJAdsL5il+EXYDfOlWp5wWig4qpJ4aLkJTA4zT krEtRZW862otWXLZSZLIdQ1zlsrd3crOwPSETe1I1+45iDOgYDmS6p8Tf3KcRv47Z+IeB04YuRMn HR67TjrxT08nXjgNovR3e8kNYB4HdnwzXxTBt8ySr1/+/aevX/6zmiGFKi9feqUc9lfKSX1n4VKz pLmlTJllrqOvNW+pOIWyXNX/S1r/Lzb7fjwcajIP3cRLNha9cOgNw0ST2U3g7zlkVkuRwrXzbiev PwkCM5vDRmVzJWsbtY5Nn1YRIaCKr6Gang+mwrN3V1NrIwk+y+Aw+Yv1oV68qE3f9eI9E/UWi08k pucaZn4EqKEPKByHa9x8HiND3w291NOUhEIs2civgTuMvDB4KUruycP/J/lgb11Ip6SycAgvK+II WlAB23nqVHVOmeMGb+Sd/C7Q48VsciHkEDHdsuaiVMl1Moz9k3TiqETqhKfDxDmexpEzjYIwPJmk xyfBu9/VvtsLR5mguCU/y81m3gu/2c5XZSbqti7km6yu9LnAoKk/UdHUJR4NeK4+X8BlI07TJAk9 1yzd4Jq5orOqFtA7/oyJX0ljwX5+bDMJnIJFaGznt9C6vvGVzFcyX8mgRbKMcgkaumEkvpEsdQIj CYwkNJLQSCIjiYwkNhIoe2as5LcQC3WxraJmf+0EptXNKChczsl9PZdnuQaiJ+l26F6YhGkQh5DE xUhJxFmuV4VdupFa+o2u3njt1PV7uljDPqAb9nQRngd0o55uVyBtG+6ssGa5wIlSyO6aS01hxV2c di221RZ2R8XC4C1aXJHry8+6EOqKH7RHyTmfiFs8u1HnT1zfwqMZzKOS31zMeSbVc7TML5usywbZ RaZLmaG7KmX6ChN1erSuuqx4lk+v5x8gw+Dc7xVVnZO3VKjkuW+BpU33tXBIWOsUUFWP7T9Xf3eY 1CmVbDygRB8ftRsPslbb3lqMrUe/wcz4DRQVEeeAv59i9VxyqLogqI4R/DhIybZT9XrlaQ+saQ0F 7Co6x6Ik4HVDeN3Creu7E9gfhHA1/zArmlJmsympSqbWLBBkMyJaapiszJ6ABMVj++uXf3XSHh38 9HvRge+iA99FB/4wHbDpryCP0widfwWQRz8S4t8tAbwg4gpmjXiwQtyD+kzF/AD5IyHHoP3gkCuc NeRhD3KAF089DpA/CnLvNeR1hbOGPOot5W6UIIwHyH8+yBXOGvK4BznsvF9L+XaA/JGQK5w15EkP 8mHSeX+A/OeDXOGsIU9XkAehr4J+gPxnhFzhrCEf9iBP0/hQvv2kkCucux8xrc5lmlEtZ1QsT2ng jYuOGHp0/a+Nl0a1yvqRznchyWuL8fajD/ye9RCfnQcFJgiH+OzYVQeJ2lgfArRrD+qlforeHwK0 Y8eGy/ghQLv3N+bnOocA7dgNgLuHJP1Q7RxHySFJr1ea/eISf2RgvqjtvuXtfhJ69F8AAAD//wMA UEsDBBQABgAIAAAAIQBw7wM4RQQAADINAAAhAAAAcHB0L3NsaWRlTGF5b3V0cy9zbGlkZUxheW91 dDEueG1stJdrbts4EID/L7B3ELS/Hb1l2ahTRM4DBdI0WKcHoCU6FkqRWpJ27S4K9Fq7x+lJdoai LDvJpnm0QBBR1PDjDOfB8Zu3m5o5aypVJfjEDY5816G8EGXFbyfux5vzQeY6ShNeEiY4nbhbqty3 x7//9qYZK1Zekq1YaQcYXI3JxF1q3Yw9TxVLWhN1JBrK4dtCyJpoeJW3XinJZ2DXzAt9P/VqUnHX rpdPWS8Wi6qgp6JY1ZTrFiIpIxr0V8uqUR2teQqtkVQBxqw+VElvG7BWV5pR1zFicg0TgXsMlhcz Vjqc1DBxgxLOjFUlNZ9UcyMpxRFfX8hm1lxLs+JqfS2dqkSCXel69oMVM698bQbeneW33ZCMNwtZ 4xMOwtlMXPDXFv97OEc32inayaKfLZYfHpAtlmcPSHvdBt7epmhVq9x9c8LOnPYggp1Vnb6quRTF J+VwAfag+a15O4nWZnw2S3vqhZaGZkXb72bQ6/PgYQRJGPt+a2YQhGGURocHMwriVgANDqNsmPr3 zG7ZzVhvclFucfUcnmAu4cVSQJDOWyZTeqa3jJrxmgUNirBbbvR3cbakiz9hUn2ZuCnu2m5kZdvx HqPBf8YqCYsYwQSkfPBxBglY6ymjhO+cp4+nrCo+OVo4tKy0854oTaVjwhXSFYhI12YPg6S8vCaS oDo78kVuNWqM3Z295gged3rUOX22mrd7hj/D72o1b/0Om6A3X+X/KPVDP8oe8X+QJskwNZo/xf// 6/SayEuTRRUvoZiY4WEgzFdXUDwNYC8mUNe7MWGGYU+Nk2GI+j4XfRBuyLPoqEe3Z/FsdJDto5Fn 0XGPDqJhgJn1bHafjhZo2ckeOwszVOF1bARadtqzwzAzifo6NgIte7jHHsbRS1x5yEagZWc9G8Ev 8uUBG4GWPdpjp4mpkq9jI/BXVDzVFaBfX/RGu6KHl71ztarnoMA1IwVdClbCOPkpRZCVgHbNGf61 IhKstPUwfnY9zNLAN76DapdGCfzdaRR2QYn1EDwdhMaGXTmEY5JKX1BROziYuJIW2jidrC+Vtidp RR6/PaHHhPVwgX5xHfaOK1uAoNMyL6bQuY7c/zI/+KLZVLA2/OxFjAH4g6v43kUcoLnGNQLceF4x Zl6wRaRTBmoS2ENvsM+DWKq4bmeGSV9Rd8LtW8/xup1+fM8voIHEoPo7D/OTLAnPBrl/Eg3ixM8H 2ejEH2R5eHqaB/F5lGRfu3ZUYeRxiI57OQNh/VDOfP/2zx/fv/3b5wXs+7LMMI+utYXwAe/bkbOS FRqSj9JwmuUDVHoQn46Gg5PzNBmcJ1EcT/PsZBqdfcUWOYjHhaSm5X5Xds16EN9r1+uqkEKJhT4q RG37fq8Rn6lsRGVa/8C3zbpxEbwn/igaJu2NbnTrnkZbTLwZ2g9PJt+T5sPaJE1tSsnUTDXw28Tm aC+Ctne/dY7/AwAA//8DAFBLAwQUAAYACAAAACEAsd2Mfi4EAACkDwAAIQAAAHBwdC9zbGlkZUxh eW91dHMvc2xpZGVMYXlvdXQyLnhtbORX227bOBB9X2D/gdA+O7rbslGnsJw4KJC2QZ1+ACPRkbaU qCVp125RoL+1+zn9kg5Hkm9xCnvdh0UXMMyLhoczh4eXefFyWXCyYFLlohxa7oVjEVYmIs3Lx6H1 /n7SiSyiNC1TykXJhtaKKevl5e+/vagGiqe3dCXmmgBGqQZ0aGVaVwPbVknGCqouRMVK+DYTsqAa mvLRTiX9CNgFtz3H6doFzUurGS+PGS9mszxhVyKZF6zUNYhknGrwX2V5pVq06hi0SjIFMDh61yW9 qiBa8fCnRdBILqDpWpcQdzLlKSlpAR33ueaMADtkLEoNSGigqnvJmKmVixtZTas7iePeLO4kyVOD 04y37OZDY4bNcoEVe2/4Y1ulg+VMFqYEMshyaMGarcy/bfrYUpOk7kw2vUn29oBtkl0fsLbbCeyt SU1UtXNPw/HacGo63HVUrb+quhXJB0VKAfGY8Ovw1hZ1zKassoZ5baAau/ojVjbONGTpZSzSlZnk AUrspAOu9FSvOMNGZf7QDQn+cmqEzcrO+ykIu9Bjzmi5JkRfjnmefCBaEJbmmrymSjNJ0BnYBgBp 2NHIEUKyMr2jkr7bRr6JGxYrdLr10G4pfJ5IvyWyURO54zRhmeApOOGdR2ueLjcmP4HRyoS84Gvq zmTYyBYJVjsM1yzuT4lhnDDllCUC9ihnC8aPgEemT4C/z3J5PLp/IvpEzKXOjoYPToXPZwfRf7a2 e622r6hmO8JGQs49L1IN0X2CM5/ymVWLHZfxebEfOEgjP4IrAE/Irh/Cb+9M9XqBjwbmrPS7oeuF Owcm0CKVvmGiIKYytCRLzJVAB3Rxq3TDXGPSsFY7tL/pzJUM4zMhP1mEvyrV0Oq7QQBTa2wEYc+D htz+8rDzRfOxwN0J11MCOEMr0bIOp93MWF9w12iH8kdQBUdnUzYzi27odE24uCSC5+kk5xwb5kZl Yw5uUphDL83FCNrJ4cjCnl7oOO1dsjauWxscu50Jq40jdX3LQVT3M1IkaS711rV1siijVpQTIcwx tC1L3EjnynIGnCORf82phBkaaaLkT5Jm4PhR90faDFw3iH5lbRqT/5c6+606p+AVI2/mxcOeRnGJ z9UovOMB+pBMcQucdoJ2XeeHMv3lj9D/qkhnkLQYUX2OvXgUhd51J3ZGficInbgT9UdOJ4q9q6vY DSZ+GH1pEyBllFeCOp48J4zADzwnvn39+49vX//ZPCVg3n/3mMCiTaRAPrD6TY3MZW4CiftdbxzF HeN0J7jq9zqjSTfsTEI/CMZxNBr7119MQuYGg0QyTPJepW166AZPEsQiT6RQYqYvElE0maZdiY9M ViLHZNN1mvQQl8iLek4/cvpO+9IA39oSvTUbb2rih5LL17R6u8BNU+Cjd4xdFWTDzR7dmJjY2+z6 8jsAAAD//wMAUEsDBBQABgAIAAAAIQCWZ8cY8AAAACYEAAAsAAAAcHB0L3NsaWRlTWFzdGVycy9f cmVscy9zbGlkZU1hc3RlcjEueG1sLnJlbHPE081qxCAQB/B7oe8gc68m2Q/KsmYvZWGhp7J9ANFJ Ik1UdHZp3r7SUtjAEnoo5CI4Ov/5Ibg/fA49u2JM1jsJJS+AodPeWNdKeD8fn56BJVLOqN47lDBi gkP9+LB/w15RbkqdDYnlFJckdERhJ0TSHQ4qcR/Q5ZPGx0FR3sZWBKU/VIuiKoqtiLcZUE8y2clI iCezAnYeA/4l2zeN1fji9WVAR3dGiNRbg69q9BfKsSq2SBI4v61PLq14HgHivqxaUlbNycolZeWc bPufMsq9ODF9V37WWcZmyQfazMnWS8rWvzIx+d31FwAAAP//AwBQSwMEFAAGAAgAAAAhALTPWBm5 AAAAJAEAACwAAABwcHQvbm90ZXNNYXN0ZXJzL19yZWxzL25vdGVzTWFzdGVyMS54bWwucmVsc4zP wQrCMAwG4LvgO5TcbbcdRGTtLiLsKvMBSpd1xa0tbRX39hZ2ceDBSyAJ/xdSN+95Ii8M0TjLoaQF ELTK9cZqDvfuejgBiUnaXk7OIocFIzRiv6tvOMmUQ3E0PpKs2MhhTMmfGYtqxFlG6jzavBlcmGXK bdDMS/WQGllVFEcWvg0QG5O0PYfQ9iWQbvH4j+2GwSi8OPWc0aYfJ1jKWcygDBoTB0rXyVormj1g omab38QHAAD//wMAUEsDBAoAAAAAAAAAIQA4SOabhB8AAIQfAAAXAAAAZG9jUHJvcHMvdGh1bWJu YWlsLmpwZWf/2P/gABBKRklGAAEBAQBgAGAAAP/bAEMAAwICAwICAwMDAwQDAwQFCAUFBAQFCgcH BggMCgwMCwoLCw0OEhANDhEOCwsQFhARExQVFRUMDxcYFhQYEhQVFP/bAEMBAwQEBQQFCQUFCRQN Cw0UFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFP/AABEI AJABAAMBIgACEQEDEQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMD AgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUm JygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaX mJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4 +fr/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncA AQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6 Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeo qaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhED EQA/AP1TooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoooo AKKKKACiiigAooooAKKKKACiiigAooooAKKK891r4yafonxf0TwFJY3EkupW+9tSVh5NvM6zyW8D DrukSzu2B7eUAfvrQB6FRXJ/FDx0/wAOvCDazDp39rXLX1hp0Fn54hDy3d5Dax7n2ttUPOpJweAe KzPCPxYTVL7xRpniXTk8Kar4bigutQ8+9SW0FtMrtHOs+F+T91KDvVSpjPGCCQDv6K8m+JX7RnhD wj8K7rxjo/ijw3q9s17BpVndf2tCbNruWVIwrSqxHyBzI6j5giMeMZrodN+K3hqytfD1nr3jXwqN b1iGOWzS21GKJNQVzhJLZHkLOrcY2ls9iaAO4orDuvHXhux8QW2hXPiDSrfXLp2ig02W9iW5lcIJ CqRFtzEIysQB0IPQ1BoXxI8JeKL7UbLRvFOi6veaaCb23sdQhnktcEg+aqsSnII+bHINAHR0Vzug /Ebwp4q1a60vRPE+jaxqdrGs1xZWGoRTzQocYd0RiyqcjBIxyKXRviL4U8RapqWm6T4n0bVNR0zd 9us7PUIpprXBKnzUViUwQQdwHIoA6GisDwn8QPC/j6G5l8MeJNI8RxWriOd9JvorpYmIyFcxsdpI 7GuV8K/G6x8S/Gbxl8Om024sb7w+sTQ3srqYtQBt7aafywOQYhe2obPXzlIoA9JorzrR/jPZa58b NX+Hdrp1wz6Zpxu5tV3r5JmUwF7cL1LKl1bsW6fPjqDXReG/iR4S8Z6je6f4f8U6Lrt/Zf8AH1a6 bqENxLB8xX94qMSvII5xyMUAdHRXm1x8cfDt74+8N+GPD+s6N4gub+/uLLUEsNQjmlsDHbTzDeiE lSWhK4bHf0rqNK+InhXXfEV74f03xNo+oa9Y7jdaXa38Ut1b7SA3mRKxZcEgHIHJoA6GivNdI+NF ivwFh+Jmvi20mzGlHUp43uAkanBxGHfAyzYUZ6lgKpeB/jtoE3w20bxT4x8a+C9Oh1b5re5tNVjj tM7AzQiSSTDyRncrEY+7navQAHq9Fc/r3xC8LeFbO2vNa8S6Po9pcx+bBcX9/FBHKmUG5WdgGGZI xkcZdfUV0FABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABXy1rnwv+KHijwp4z8VWd5pFhrF/rn/CS abod9oszX6tYSIthb/aRdqsYlitYtw8khftMwIbJJ+pa5nwV8SPD3xCm1+LQb/7a+h6lLpN+PLZP LuY8b1G4DcBnG5cqSGAPBoA5L46aDefEb4S2NlaWGoeZe614fuZbaF3t7qGBNVs5pm3IweNo41di ysGXYSCCK8n8dfBvX/D+n+NPDmg22tX2i3Gs6L4pi1KORL7UZ447lPtdoZrsSG4khFuk0az78rII xwoA+q6o6Lrlh4j02LUNMu4r6ylLKk8LZVirFWAPsykfhQB8533gWXxB4a8T6xo93428S6tquq+G lnk8T6PFprNHZ6nHKzxwLa2zErG775HQ5WNACQlZ/jr4c3l542+LOleItU8e2mkeNLiE2ieFdFtL 63u7U2FvbmJp3s5mtpEkjmI8ySNBvV1O5nNfVVFAHii/DfVrjWvjrPp8B0zWfEVtBZaZrMg2tJt0 xI42DjnCTM/0Oa4v4aeB/tltoomufiB/bfh7w5dadFpGtaHZ2VjZeZCkb2yzw2cSzjcibfKlkQ+W GPQGvp+igD538P8Awx1fSvDvwNstL0o6Jc6R4butPu5YYRGLCSXT4xh9vTM6KSO7KD1rFfQ7/wAY fszv8PNJ8F61oni3TPCS6XP9o05beJHQQrPZQ3Mw8qbz/LbDJviYKDIRwD9KR6xFJrlxpYhuhPDb x3LTNayC3ZXZ1CrMV2M4MZLICWUMhIAdSb1AHi3wf0K1vvHNx4lOr+O9T1CHSRpj/wDCVaHBpcMc ZlEgjUR2duZWQq2GG9FDvtPzc8n4u8F+KdC8RfELx9ofh661PXtG8ZW2s6XYQlUfV7BtF06zvII2 JwchZioPHm20fpmvXND+NXg/xJo/jHU9P1Uz2vhG7vLHWcwSK9tLbbvOAUqC6jY2GUEMVIBJBrsd PvodTsba8t2329xGssbEEZVgCDg9ODQB80ap8EvF1vpt7pmnuf8AhJNU+Huv2tzrkZKRf25fTQyl g3VR5pcoP4UQDoorTvtPvfiZqvgmHwl4Y1fwRN4c0rUILi41LTpLFLES2TW8VjGzACYCYwy7od8Y FqDuyVB9+XXLBtbfRxdxHVEt1u2td3ziFmKB8ehZWH4VeoA+YvBul3Gsa18DrSx8A6v4fufCFlcW Go317pnkR6Yx02SH7PHI2PORpFQ74d8R2rlskCqnwB+HV1pkPwx0bxJqXj7/AISLwbGTLp93o1pF pMNyLSW3mcXsdknnxSebIy7Z3diyNINwbH1RRQB4t4T8J6xZ/skjw5Pp08Wuf8IvcWn2Bl/e+c0L qEx6kkD8ay7BLz4b/EPTfEGu+HtY1LS7nwVp2jWsul6bLfyWN3DLO9zC8cSs6CZZbb58bM2uGYYX Pr/g/wAY2XjWz1C5sYp4o7HUrvS5BcKoJlt5micjBPylkJB64xkDpWhoesRa/pNrqMEN1bw3Cb1i vrWS2mUejxSKrofZgDQB4F8IvhTqvh/xZ8KrrV9B+zR6N4d8R+WjhJBpD3eoWMttaBlJVXS28yH5 SRiJwCR1+i6KKACiiigAooooAKKKKACiiigAooooAKKzte16y8M6Y+oahKYbVHjjZwpb5nkWNRgc 8syj8a0aAOP+L3jWb4e/DfXdcs4VutUihEGm2rdLi+mdYbWH/gc8kSf8CrxH4caP4k+D/wAQvCem avolrpGmeINAXw015b6obtrvVLRJbmCWTMUe15Y2vizclmWMdhXv11460ax8SS6HcXLQ3kUMM8sk kbLBH50hihRpSNgeR1ZVTO4kDjlc695qENi1uJfMzcSiFPLid/mIJGdoO0cH5jge/IoA+XPhv8R9 K8YaT+zl4ZTxB/amrnS2h16xjuWeaJ00eaOWO7wcpIJVcbZMNujcgZRscx4Ij8I+G/hd4G0s6hBp nh1vF11ZeNhHqLJ9mVf7RFtDeHfmGNrlLdCG2hjtVsq7A/ZFzc2Ojxme4lt7KOaaOMySMsYeWRlj RcnqzMyKB1JIA5IrN03xBpOra9rmj2sUkl1YOkd+32VhD5jxJIIzIV2s3lyRsQCeHHvgA+YdQSzv 7PX9J8Kavdn4dzeN/D9nYT6TqMoiVpJIVvoLWdGysOSoIjbartMBtIIF7xkg8AN8RfD+mXN3ovgi 21zw7NqK2tzIg0+wuHRb5kcNuhiZUBkKEBVeZ8qctX1VHGkMaxxoscajaqqMAAdABUNxqENtdWts /mebclhHtidl+Vdx3MBheB/ERnoOaAPkjxpcaTZ6b8T7T4bawyeC10fSfNl0K/Z7W01J751f7PIr FUlaDyzIqHj90xGXy274i+E+gQ+PPipokQ1KHRtN8F6drFlYpqdwI4NQmk1WOS8X58+eVsrf95nc CrMDudifp+3t4rWFYoIkhiX7qRqFUfQCpKAPkzxR4w8Q3Wh+KNRXUtQjeX4feEry/ns5HWSCCa+v hqFxHs5SQW4kbeuGGxSPuivcvhIvw8ji1WP4ealYX1kGiN1HpOom7tYpChKkYdkR2XDNtwWyrNnI J9BrD/4STS9P8SW3huFJBfywNdeVbWzmKGMlsNI6jam5lcDcRuKnGcUAfIfirT7nwT8FPHnxD02C Sa3fUPGmh+I7eFSzS2L6zqfkXOByWtppCT6RT3B5IWtTxtKdQ8cxad4o1jw3o+hw+EdMl0b/AISj VJ7CJXInF1PbOjovnoRCGfO+NfKI2hyW+xKjmt4rjZ5sSS7GDpvUHaw6EZ6H3oA+ZfD/AIR8PW3x 38Nv4v1ez1XxFqPgWwhj1hrtrcaveJI0c0sC7wGLK6NtXOBIp75rz2H4s+JfA7WPi7U7zU9Q0v4V RnwXr1sGYnUrqTz4vOZf45HeHRZFbst5J0zX248MckkbvGrPGcozKCVJGCR6cVJQB8qWmi+H/DHi m08M/GfxBbiy0/wfp89lNrWptbWl1qDTXR1S4jZnUNMrfZsclokddm0O2Zfhr4fu/H3iT4W2njSb VNQhh8HX16LPUJ5UNyVvbVbWe6TILzCFlb5+Q7FiNwBH1FNbxXGwSxJKEYOu9QdrDoRnv71JQB8p /CPULqw+L16nii4ng8NXHifXI/DJt5GjtG1P7dc+dHdgfemMXMAY7CBLx5gUlvw40OH4j3nwS07x HPe6nps3gbV725s5buUQ3cy3WlojTqGHm7RI+A+QCc9QK+ndW16y0OTTo7yUxtqF0tnb4UtulKsw HHThG5PHFLrOvWWgR2j3spiW6uorOLClsyyNtQcdMnv0oA+MdW8aR2Gk/DDT/EllfeLdCjt/FFr/ AGbdX8kayPa6lDbWk0kpJMjxRB1y5yBIzgllAP05+z3pMGg/BHwVp8GsWniAW+lwpLqljdG5hupt v72RZScuDJv5PPqAeKyvi5YeHtO8S6X4hvPGuseCNbjsLi2+1aPFBOXsg8bytNHNbzokUbeWWmKq E3AM4BxW34HufCngP7H4G03UJ3vBJNMHvFdjeXErPdTt520RvMxkeZkQ5AYnaFHAB3lFV4tQtZ7y e0juYZLq3CtNArgvGGztLL1AO04z1waP7QtTfGyFzCb1YxMbfePMEZJAfb125BGemRQBYooooAKK KKACiiigAooooA8M+Lvw51rxV4qvJY/Dsmu+c+lPpmpC9jhTS1guvMuVIZw4LqM/u1bzeEfAQVR8 QfCfWY/C9xBB4ci1W81bxDqd3qbs0NxcG3a5u3sivnyrHtVZY+DuMYY7E3fMv0DRQB813HwCvdU0 C8vtc8K6brfiObS/DP2qS4S3luL6ezmWS8jMjnDMyxquXYKx25OBken674R1+7bQJNPvJYbSHUoL gac0UES6dAsMqlB5fDgFkG3LD5eOOa9FooA+W9F+A+tP4Cls9e0K91vVIJtFuL2y1H+z5LbU5rW9 jmuZ4iHzJLJGsq+ZceWzh1V8fw+p+DfhfLoOu+NdR0u2t/CD6zrcF8slnaWzSXFuthaxtHJgED98 k/fOckfeyfUaKAPme6+FvjrWtc8SyS6VJpcOp288N01ndQ28dzJ/aNu8MiSRymZiLdZv3khVhuKq qDC1teKvhL4ljs/FGneHLQWelyT6kdKtYLpYo4o5tFjhQIu4BAbzzjjjBYt3zXv1FAHh9x8EZNJ8 RXl/oentB5d/odxYyfbWJiEd0n9ouoZzteSBSJG+9N0Ysaq/D3wF45h8ca3qN2j+E0vrRluLi0S1 kimuVuCyui75HlBjJHmzYc5I2oMKPUfGnxN8N/DySzXxBqK6ct0skiSPGxQIjRozMQDgbpol+rjs CRX0H4qaJ4kvobezF0Um3+VcNEPLcqiuRwSRwT1A5Rh1HIB5n4u+Dut3sOsX0FtJeXd34kF1eRo8 Es+oaYLYIsCrOwiCCbZKYWKodj8ZbnH1D4C6w2m6hd6bYzpqz6TpttFe3xtDqJij1Kae6sw6koAb VxAq7vLKlULYBI9Z0j40+G9fW0fTXu72K6uvsUckNuxHm+W0mGHVRtRzlgPu/StLTPiZoWreE9G8 SW080mk6vNBBaTLAz7mmkEce7aDsBYgZbABIBweKAPMvDfwd1Br7QJJbe+trOws9WktYNWa226de Sy2TWpSC3dotqeTO6AbghPG3IAwvCHwS15fDcVhqdpq8ckl3o/8AalvdXVqlvdiCVmuZlaCTfKXB w7yhXlUIGU4IHsej/Fzwtrmj22q22pY0+4upLNLiaJ408xIXmYEsBgBI2JJ6EFThgVF/SfiB4f1z VrzTbTU7eS9trlbUxeYMvIYfOATn5hsD/wDft/SgDyvT/hvq+kX2mRan4Zm8R6Jaz6pHYWMF5Co0 zfqLy2swEkigKLcoqlMvCE2quGIB8N/hd4o0fxZq95qN9rFhqkq3qvrCLYyWt4JLpZImI3GZ2SNQ qCVAIgZEU7cZ7W6+O3hGxjunnur2P7LHNJOn9nXBePyxOWUqEzuxa3BAHaJvbPTaH4y0nxJqmr6f p10tzc6VKsN2FHCOQfl98YIPbII6g4APKtb+Ct5rmvanqOoQSajdyeINOkjvGuzEZNPS0torpdis FVJGWcPGABIMBgwC4xtU+FfiKPTbixufDs3iGzEGqWmi20OoRxDR5Hv7h7WfLSKUAt3tlV4t0kIh KqvzEV9E0UAfPGpfCvxXeeL7C4l0x7zXLbWBejxk11Esa2v2BoVjEW/f8spz5Ozy85kB3kiofAHw g8SaTpditza6pb38d9pEt6l7NZm3me3kdp7qMxOWkdt3zSShZJAI8jK4H0bRQB5B4k8K+LNH1y8v 7e2l8cPqWhS6Tvka2tTbS+YWjMgJQeS3mMHZAzjy1wjZ4Xw/oGv2/jLw1pmqaBqM2geE7WODTNTj mtTDc3P2Qwvdygz+auEeWJEEZ/1js2crs9eooA8F1/4b6trHiDxVrFl4PTSPEHiTSdLMGtxyWol0 u7jk+fzXV98jQnypdqho5RBszyBV34c/DG88O+OfD2tav4YhudVXRZNOu9cDQTSpdJPKz3DOzCTb ceYzKEBK7yrBK9tooAKKKKACiiigAooooAKKKKACs+38Q6VeSWiQanZzveRia2WOdGMyEEhkwfmX AJyOODWhXiml/su6To0Filrr2pKbO2ntIWYIcQyRbTEQAMxiRpZdp7ysM4AwAey295BeCQwTRziN 2ify3DbXBwVOOhHcVXvtc03S1uGvNQtbRbZElnM8yoIkdiqM2T8oZlYAnqVIHSvM5/2e7FpoprfV 57B/t9rqEy2kCRq7wPIyhQOU+/gYPCqByCajt/glpXg3wRqls+u3FtbrBZyzX9xLKRGLK4e5ErMZ d4LEkuUdedzLsJoA9WOoWoa1BuYQbriAeYP33ylvk/vfKCeOwJqSO4imeVI5Ed4m2SKrAlGwGwfQ 4ZTj0I9a8E8O/B3wZaiztx4lulu4ri3S1/tTzILvzoYDHHiOYgblE67THGpA2KScDEHiv4c+D9M8 F38lt47t7Ge1sZoLa7NzGTHM1nCjMAuWLuId7BQWbzX4O7kA+hqit7qG8jZ4Jo50V2jLRsGAZWKs px3DAgjsQRXi3wy+D+jWerWl9JrUOoanp7pLcWFvLJsjKxtEitEWChQVEqnyl/eeYy7VfYuWPCPh HWNY1O9ufF8cFzBd3cbrdebFbx7dTkuTGyuyRujG4EcikESBBtYbTQB65qmi+GPiZY2/2o2uvWCr 5iRx3JkgkVxgMyq21xxlSwOCMjBGav6Pp+keH7GXSbJ0ihtw9xNFJcNJIvmu7tI7OxY728w7mPJ3 eleN2PwQ8KWtvb6TZ+LRNcqsOiPIojln8yGK7KxsVPyOqTyyKD914Ymx8u1ut8KeCLR5LqXR9agm 0nUNJhtZlWMNPKA94fMbptJe4PUZzCQe+ADd8L+FPB1hpumHRDDJp32hprDyr95ofN8uVWMWXK52 tNkL/tE8jItXHgXQ4dDFjcG4TSbWa3vIomvpY47b7OsYiCkOMIphR9pO0tljkk14teeEvAHg3wpb XF949SGN0TE8gMwKPHezlWQlpBHIk8sjZbOIgQy7VK9L4b8F+DNF8I6jZjxss0Oq2EdjLd3l1Esp aNSwdw/Vwsi5Vx0wCMGgDs9L+F3gm68N29np9lHcaMxeWLyL2V0Ytb/ZiwcOc4h/dqc/KB8uMVPp Hwn8N6D4gsNYsLOSC6s47hIw0zSBmmECvIxcli+23RQ2ejP13GuA8TfDPS/FGtateTeN7OTXL5ZL OK1jeOKEXa2skKrsDElo2m8wA5kUkfMcLihpPw/8B3WpXTy+Lobz7PObO6t55DFDE8Wo+dJbCMuI 1jMg8vy2ViRgg4PIB6JF8GPBclg1ounyzQC3eybdqNy7bGEqsCxkLbv9InG4nd+9k5+Y50tG0nwr 4U8STW1lNb22u6jErNbTXrSTyohY7lR3JxuZ2YqPmYszZOTXkejfC3wJNpsF1H42hntfLvIjNPc+ TIzvHtuJHAkUGUmTLmRW+XyuAVDHuPHHhPS9WsdAbWvEFpY3FvYyQLI0KLZXAL28rloydvl/6OuF LY+brwKAPR7q7gsYTNcTR28QKqZJWCrkkADJ9SQB7mpq8F8PfDfwLFdXcq+NDqEkV4YDJf3xeb7Q 8ySoWMjlTJiJ40dFXdGcfNtzVW3+GfhHQWXSj4x+xy2qDTGlvfNYSTxkXe4PNIyNIiRNIyr8m4lp EYbUAB7xDrFhcXl3aRXtvLdWe37TAkql4Nw3LvUHK5HIz1FT2t1De20Vxbyxz28yCSOWJgyOpGQw I4II5yK8rvfDvhzUNc1DVT4y0421zqy6obd51kjWSC0WCRcNKUG1CkmVVSrbWbdgVg+FPgz4N8Py WkTeL01dLXyNPVLy9DsxSZJlgZfM2Nu8rkMhcku275myAe4i8gYQETxkT/6r5x+84LfL68AnjsKm rzDSvhkJvBXh7TNJ8Q2v9naSPL066tLON1+zGzNsRjcUZ/nkffgrkgFCBg1tC+ANvo8lukmvXt3Y QytOLKQZj3ma3k2jczHy1FrGiIScBnyWyMAHqskiQxs8jqiLyWY4Ap9eMQ/sx6PHoo099TubjFut vvuA04YBLhcsJHbO9p1kcAhWeFWAXt7Mq7VA44GOBgUALRRRQAUUUUAFFFFABRRRQAUUUUAFUtb0 e18RaPfaXfRmWyvYHt5kVihKOpVgGBBBweoORV2igDzrWvgV4d8RXa3ep3GpXl4JJpzcNdbX86S2 FsZl2gBHWMDaUC4IB/hXGBrX7MPhzUdWt7u0u7qwtxE1rc2u4yLNbFlYQgk8BcEKWDlAV27THGU9 kooA4vRPhRpHh3xS+vafcX0F3KzGaNpt8ciMGzHgjITcwfaCMMuR95s5S/s++D/tt7dtaztNeS3U 0mJQi5uG3SfKoAJz/EctgAFiFUD0migDzjwn8F7fwvHeKNYu5Wk1uXW7eSNFDwSyK6MCX378pIy8 8AY2qpGa0fCPwl0jwLMG0W5v7SAQpB9nM+9NimZlXkZxvuJpOuSzDnCqo7aigDzaD9n3wdb+biyk LSweQ8hKiUg2Zs2JkC7zmEgEE7cqGABzmeX4E+FJG1V0tWt5tRNwZZ4FjSUedcJcOQ4TOfNjDKzE shPylcLj0KigDhbX4M+GrTVF1ERXMl1GVETyTk+XGt1HdLGP9kSxK3OTywJIxinqHwD8IajqF7fN bXMNzetKbhobllEnmm483K9Mut1NGWxu2lACCiFfRqKAPOm+A3hR7eeKSC4mMgwHmkEmwebBMoCs CpCyW0TAMCDggggkVpXXwr0q+0/S7Oa4u/L0tt9h5RSMWzLKkkJRVULiLy0VVI27Rhg1dnRQB55D 8BvB9tp6WUVlMlukDW6r9oYkIYZ4cZJznZcyjPXkelXNc+EHh/xFqepX96tw9xqACzlHChk+zz2+ 04HI8u5mGWyRkYICgDt6KAPOZ/gP4auL++vS159pvbm4u5pGdJCzzKqsDvQ5QBEwjZXKISCUQq9v gP4Ra+srxrOSa5tG3RyXTi4J/wBIluDnzQ3zGWZm3/fBAww7+h0UAVNJ02DRdLs9PtVKWtpCkESk 5wiqFUfkBVuiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACii igAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKK ACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP/ZUEsDBBQABgAIAAAAIQDg2Bvw GQYAAJcaAAAUAAAAcHB0L3RoZW1lL3RoZW1lMi54bWzsWU+LGzcUvxf6HcTcHY/tGf9Z4g322E7a 7CYhu0nJUZ6RZ5TVjIwk764JgZIcC4XStPRS6K2H0jaQQC/pp9k2pU0hX6EajceWbJklzRYCjQ0e 6c3vPf303tOTxnP5ymlKwDFiHNOs69QuuQ5AWUgjnMVd587hqNJ2ABcwiyChGeo6c8SdK7sffnAZ 7ogEpQhI/YzvwK6TCDHdqVZ5KMWQX6JTlMl7E8pSKGSXxdWIwRNpNyXVuus2qynEmQMymEqzNycT HCJwmJt0dkvjQyJ/MsFzQUjYQW4aGRoKGx3V8guf84AwcAxJ15HjRPTkEJ0KBxDIhbzRdVz1caq7 l6tLJSK26Gp6I/VZ6C0UoqO60mPxeKnoeb7X7C3tKwARm7hha9gcNpf2FACGoZxpwUXH+v1Of+Av sBqoaFpsD1qDRs3Aa/YbG/ien38NvAIVTW8DPxoFKx9qoKLpW3zSqgeegVegotncwLfc3sBrGXgF SgjOjjbQrt9sBOVsl5AJJdes8I7vjVr1BXyFqmrZVehnYluupfA+ZSMJUMGFAmdAzKdoAkOJCyDB Y4bBHo4TmXhTmFEuxW7dHbkN+Zt/PdVSHoE7CGrahSjkG6KcD+Ahw1PRdT6WVh0N8vrFj69fPAOv Xzw9e/T87NEvZ48fnz362aJ4DWaxrvjq+y/+/vZT8Nez7149+cqO5zr+958+++3XL+1AoQNffv30 j+dPX37z+Z8/PLHAewyOdfghThEHN9AJuE1TOTfLAGjM3kzjMIFY1+hlMYcZzHUs6KFIDPSNOSTQ gusj04N3mawUNuDV2X2D8EHCZgJbgNeT1ADuU0r6lFnndD0fS/fCLIvtg7OZjrsN4bFt7GAtvsPZ VKY8tpkMEmTQvEVkyGGMMiRAfo8eIWRRu4ex4dd9HDLK6USAexj0Iba65BCPjWxaKV3DqYzL3EZQ xtvwzf5d0KfEZn6Ajk2kXBWQ2EwiYrjxKpwJmFoZw5ToyD0oEhvJgzkLDYdzISMdI0LBMEKc23Ru srlB97qsMPaw75N5aiKZwEc25B6kVEcO6FGQwHRq5YyzRMd+xI9kikJwiworCWqukLwv4wCzreG+ i5ER7vPX9h1ZXO0Jkt+ZMduSQNRcj3MygUgZr66V9BRn59b3tcruv6/s9sreY9i6tNbr+TbcehUP KIvwu1/EB3CW3UJy3byv4e9r+P+xhm9bzxdfuVfFWh3oy2O7MpNuPcNPMCEHYk7QHldlnsvpRSMp VB2ltHxkmCayuRjOwMUMqjZgVHyCRXKQwKkcpqZGiPnCdMzBlHK5USix1bbaaGbpPo0Kaa1WPqVK BShWcrnRlHK5LYlC2mytHseW5lUvVo/NJYFc901IaIOZJBoWEq1SeA4JNbMLYdGxsGjn5reyUJdF VOT6AzD/g8P3CkYy3yBBUR6nQr+M7oVHepszzWnXLdPr5FwvJtIGCS3dTBJaGiYwQuviC451ZxVS g17uik0arfZ/Eeu8iKzVBpKZPXAi11zDl2ZCOO06E3lElM10Ku3xvG5CEmddJxQLR/+byjJlXAwg TwqYulXMP8UCMUBwKnNdDwPJVtxq9VY+x3eUXMd99zynLnqQ0WSCQrFFsurKe4UR6923BOcdOpOk D5LoBIzJjN2G0lF+q5Y7MMJcLL0ZYaYl98qLa+VqsRSNf89WSxSSaQIXO4pezAu4ai/paPNQTNdn ZfYXkxnHeZDeetc9X2mtaG7ZQPJd014//rtNXmO1qvsGq6J0r9e6Tlnrtu0Sb78haNRWgxnUcsYW atv2jgs8EGjDLVNz2x5x0bvBetbmG0R5rlS9jdcUdHxfZv5AHldnRPDir4BT+YwQlH8wF5VAScvq cirAjOGu88D1e15Q94OK2/aHFa/huZW232tUer7fqA39mjvo1x9Kp4gkrfnF2CP5PEPmi7cwSr7x JiYtj9mXQppWqToHV5WyehNTq29/EwOw9MyDZn3UaXT6zUqn0RtVvEG/XekEzX5l0Axag9Eg8Nud 0UMHHCuw12sEXnPYrjRrQVDxmm5Ov92ptLx6vee1eu2h13u48LWceXkt3at47f4DAAD//wMAUEsD BBQABgAIAAAAIQDg2BvwGQYAAJcaAAAUAAAAcHB0L3RoZW1lL3RoZW1lMS54bWzsWU+LGzcUvxf6 HcTcHY/tGf9Z4g322E7a7CYhu0nJUZ6RZ5TVjIwk764JgZIcC4XStPRS6K2H0jaQQC/pp9k2pU0h X6EajceWbJklzRYCjQ0e6c3vPf303tOTxnP5ymlKwDFiHNOs69QuuQ5AWUgjnMVd587hqNJ2ABcw iyChGeo6c8SdK7sffnAZ7ogEpQhI/YzvwK6TCDHdqVZ5KMWQX6JTlMl7E8pSKGSXxdWIwRNpNyXV uus2qynEmQMymEqzNycTHCJwmJt0dkvjQyJ/MsFzQUjYQW4aGRoKGx3V8guf84AwcAxJ15HjRPTk EJ0KBxDIhbzRdVz1caq7l6tLJSK26Gp6I/VZ6C0UoqO60mPxeKnoeb7X7C3tKwARm7hha9gcNpf2 FACGoZxpwUXH+v1Of+AvsBqoaFpsD1qDRs3Aa/YbG/ien38NvAIVTW8DPxoFKx9qoKLpW3zSqgee gVegotncwLfc3sBrGXgFSgjOjjbQrt9sBOVsl5AJJdes8I7vjVr1BXyFqmrZVehnYluupfA+ZSMJ UMGFAmdAzKdoAkOJCyDBY4bBHo4TmXhTmFEuxW7dHbkN+Zt/PdVSHoE7CGrahSjkG6KcD+Ahw1PR dT6WVh0N8vrFj69fPAOvXzw9e/T87NEvZ48fnz362aJ4DWaxrvjq+y/+/vZT8Nez7149+cqO5zr+ 958+++3XL+1AoQNffv30j+dPX37z+Z8/PLHAewyOdfghThEHN9AJuE1TOTfLAGjM3kzjMIFY1+hl MYcZzHUs6KFIDPSNOSTQgusj04N3mawUNuDV2X2D8EHCZgJbgNeT1ADuU0r6lFnndD0fS/fCLIvt g7OZjrsN4bFt7GAtvsPZVKY8tpkMEmTQvEVkyGGMMiRAfo8eIWRRu4ex4dd9HDLK6USAexj0Iba6 5BCPjWxaKV3DqYzL3EZQxtvwzf5d0KfEZn6Ajk2kXBWQ2EwiYrjxKpwJmFoZw5ToyD0oEhvJgzkL DYdzISMdI0LBMEKc23RusrlB97qsMPaw75N5aiKZwEc25B6kVEcO6FGQwHRq5YyzRMd+xI9kikJw iworCWqukLwv4wCzreG+i5ER7vPX9h1ZXO0Jkt+ZMduSQNRcj3MygUgZr66V9BRn59b3tcruv6/s 9sreY9i6tNbr+TbcehUPKIvwu1/EB3CW3UJy3byv4e9r+P+xhm9bzxdfuVfFWh3oy2O7MpNuPcNP MCEHYk7QHldlnsvpRSMpVB2ltHxkmCayuRjOwMUMqjZgVHyCRXKQwKkcpqZGiPnCdMzBlHK5USix 1bbaaGbpPo0Kaa1WPqVKBShWcrnRlHK5LYlC2mytHseW5lUvVo/NJYFc901IaIOZJBoWEq1SeA4J NbMLYdGxsGjn5reyUJdFVOT6AzD/g8P3CkYy3yBBUR6nQr+M7oVHepszzWnXLdPr5FwvJtIGCS3d TBJaGiYwQuviC451ZxVSg17uik0arfZ/Eeu8iKzVBpKZPXAi11zDl2ZCOO06E3lElM10Ku3xvG5C EmddJxQLR/+byjJlXAwgTwqYulXMP8UCMUBwKnNdDwPJVtxq9VY+x3eUXMd99zynLnqQ0WSCQrFF surKe4UR6923BOcdOpOkD5LoBIzJjN2G0lF+q5Y7MMJcLL0ZYaYl98qLa+VqsRSNf89WSxSSaQIX O4pezAu4ai/paPNQTNdnZfYXkxnHeZDeetc9X2mtaG7ZQPJd014//rtNXmO1qvsGq6J0r9e6Tlnr tu0Sb78haNRWgxnUcsYWatv2jgs8EGjDLVNz2x5x0bvBetbmG0R5rlS9jdcUdHxfZv5AHldnRPDi r4BT+YwQlH8wF5VAScvqcirAjOGu88D1e15Q94OK2/aHFa/huZW232tUer7fqA39mjvo1x9Kp4gk rfnF2CP5PEPmi7cwSr7xJiYtj9mXQppWqToHV5WyehNTq29/EwOw9MyDZn3UaXT6zUqn0RtVvEG/ XekEzX5l0Axag9Eg8Nud0UMHHCuw12sEXnPYrjRrQVDxmm5Ov92ptLx6vee1eu2h13u48LWceXkt 3at47f4DAAD//wMAUEsDBBQABgAIAAAAIQACLQx8vAUAAM4dAAAhAAAAcHB0L25vdGVzTWFzdGVy cy9ub3Rlc01hc3RlcjEueG1s7Fjbjts2EH0v0H8Q1MdC0f1iI95gba+TBTbJIt58AC3RtmCKVCna 2U0QIL/Vfk6+pEOK9G23qXfrFg3iF2s0HA7JwzOj8Tx/cVsRa4V5UzLas/1nnm1hmrOipLOe/f5m 5GS21QhEC0QYxT37Djf2i7Off3pedykTuHmNGoG5BV5o00U9ey5E3XXdJp/jCjXPWI0pjE0Zr5CA Vz5zC44+gPeKuIHnJW6FSmrr+fyQ+Ww6LXM8ZPmywlS0TjgmSMAJmnlZN8ZbfYi3muMG3KjZO1s6 gxPmY1LI52TW/r7DU6ssbgEnz/PBAnWVZzwg3Foh0rMnM992z5672lhLcnJT33CMpURXL3k9rq+5 WuHN6pqDT3BpWxRVgLB0oAa0mXqlKyW4e9NnRkTd2ymv5BPgsWCHcI938teVOnwrrLxV5httPn/7 gG0+v3jA2jULuFuLylO1m7t/nMAc5xVGBRDkmqAczxmRssJIGZvNN/UVyxeNRRkcTmLRnnVt0QIg n/XcEnc1+J0XHJj5sWf/tkQcKKintHZK2GzycISCTupnnj55FGdplu0cH3Vr3oiXmFWWFHo2x7lQ TECrq0a0psZE7aNdve6K2z4r7qTlBJ6AEgQdzJ8z/tG2yCVtenbHjyJYWqiXKE4DeOHbI5OdEUEG jKxPQBoxFncEK3lFfFjWQmQGQU3U/go8fQcqiZgPLNen0patvOWhVqDQ4hpxJKcRJPMBps7Lvp5Z q9OZU6mDfpsRoWHEEAm8w4fgGHwohK1j89FMCLMsSvzwR+EDfyofpqRQN/kpGAz74SD1nNHIS50o SmMn66SZE40SL/IGF8PzzPtsm4uB6xZlhUflbMnx22ULD98jldVUYkAwousDiDM/dH0PUrKfyO0I tampzMjHpmZkqDkmZYGtywrNdhka/j1DQXrHhJYGc9gUPm9qYMNh9G1IcVnNNIVVQDyKwkkWK5oC S30/Cr32Qjc8jqMsiQyPQy9L/PWVP4nICL7+o5KQlmrU+iBZlIJPhQ0DGOWocbv5PgKmC73ulpUk G/2vosNCNAc/PTsX6qOxIbp6+RcyX2zo9UZWTDvEio6R+iREu9/ClkaKtU+lEUDoxfE3aZR4XtRa fEf5cHPJMiNCvltbKEB28tL78YN5aUDKfGEJZuGiFJaugIXEqJErNJts1SbSdrWdJdW1PmLJMc4Z LSyCV5gc4F4lkEe4v5mX/HDvileP8D5iSy7mB7tXMfEY9+X0Qe/HDuPEhPGIMXnj23EcHyOOp2Kv pG3DWOHxhNI2g2gOfH1Zf13QpP//AF6n7Ml3UuumuwXFm2U12SNMcgzCQNEArh/ijOLjk4vgH5E5 /7wqDuP0IkuHsTPwOgFUxeex0/eGfSeO+mGWep3+RTBYV8WNJAaFyzu0GP765fdfvn754wiVsHqY bgTcLlyOlqwlL+Eg/X4nCQZZ3+n70ciJhp3UOR8lsTOKwyga9LPzQXjxWTZI/Kibc6x6J5eF6br4 0b2+S1XmnDVsKp7lrNINHLdmHzCvWal6OFDnt40gVSYGaZhkXtKJDY1hb+apdivjQvdmcsJfo9qa zHyIfgHVt7gFqViANJkFUhdIXSB1IKE8x1SAhRaMJjCatU1oNKHRREYTGU1sNLHRJEYDX4s5KekC wJAP25oy8qpVGKlNAaqNdo+UFeJXLYF1XrOAmjdoMv6oKd/SXJlgdEX7fKH+e8g+GNWvMCT/h5R0 dr2k7R+RhzhuLTCXvT8p3yvf9xpcAO798h12LVdVzJ5CiuvZv1bUIULnD7Q3gJHuNDV7A3mjfbc7 3A09JQYbaFSon/DRoGh8wg0+BoQTPhIUjU+0wccPUz85AWRQ0QDFWwBlQaa+9yeAJCoaoGQDUBBk iWy0nABSqGiA0i2A0ig85eg1KhqgbAOQROeUpNeoaIA6WwAlcXpK0mtU2n9yW/WieW17UGd/AgAA //8DAFBLAwQUAAYACAAAACEAKl1Jnl4BAAAGAwAAEQAAAHBwdC92aWV3UHJvcHMueG1sjJLLTsMw EEX3SPyD5X2bBxBK1KRCQqy6QGphb9mT1CixLdtpE76eadJCqnTRnWd8753jx3LV1hXZg3VSq4xG 85ASUFwLqcqMfm7fZwtKnGdKsEoryGgHjq7y+7ulSfcSDh+WYIByKcvoznuTBoHjO6iZm2sDCvcK bWvmsbRlICw7YHBdBXEYJkHNpKInv73Fr4tCcnjTvKlB+SHEQsU8wrudNO6cZm5JMxYcxvTuC6Qc D6eOwuqrP+KxRq3XFsQaCk/cD15VEsUJJazx+lV8N85nNKTBWLrVple+JI9RfEUZTKe4Sgr4L/mm EqNqpOOsgnzJUtcSfLYFvppApLDPxW437QZ/LpNqK0upSJvRWfSEqi6jSXJWjcaUDeKsnT9tjGiO aZesSntwW2j9LcDRQDamHbWuow6cE8r+FiejSyvFxjCOv41wND/H8cMzJbw7L4eU4QvnvwAAAP// AwBQSwMEFAAGAAgAAAAhANj9jY+sAAAAtgAAABMAAABwcHQvdGFibGVTdHlsZXMueG1sDMxJDoIw GEDhvYl3aP59LUNRJBTCICt36gEqlCHpQGijEuPdZfnyki/NP0qil1jsZDQD/+ABEro13aQHBo97 g2NA1nHdcWm0YLAKC3m236U8cU95c6sUV+vQpmibcAajc3NCiG1Hobg9mFno7fVmUdxtuQykW/h7 05UkgecdieKTBtSJnsE3qoIgorTAp8vliGlIA1x6NMZxVNbVuan9Kix+QLI/AAAA//8DAFBLAwQU AAYACAAAACEA7s3eLaoBAAB3AwAAEQAAAHBwdC9wcmVzUHJvcHMueG1srJPbatwwEIbvC30Ho3ut Dj7s2qw3yIeFQguhpA+gyPKuqG0JSZuklL57Fa+TbhoCoXRuRmKYX98/krZXD+MQ3UnrlJ5KQFYY RHISulPToQTfbvZwAyLn+dTxQU+yBD+kA1e7jx+2pjBWOjl57kPrtY2C0OQKXoKj96ZAyImjHLlb aSOnUOu1HbkPW3tAneX34YBxQBTjDI1cTWDpt+/p132vhGy0OI0B4Cxi5TCTuKMy7knNvEft0scL pF0wKQb7xZ52W144e7itBxvd8aEEeA6AXhX2Ier6sYD+NJtCPvjPzi+r6GRVCX6266xu84TBDMc1 TEhCYZW3FcwaEq8xJpjR9a9HCJIUnXKC2+7TyA+y7ZRvuOdPHknyyuWohNVO934l9LiMCxl9L63R ap4YwcvYz3YW4AD3krGJCcMZZXCdbxhMYppDVjUNrCq2SbOM4pTgZ0bZ89PgZ8bGqP+IR+mbgPsm bfeMNRC3dQuTNG5hvokJTLKKxlUbUpycAdNCHLn1N5aL7+HxfZV9xZ3snjHTf8Gkl5jkEvKc50tH f/+V3W8AAAD//wMAUEsDBBQABgAIAAAAIQDTe2fWLwIAAEgFAAAQAAgBZG9jUHJvcHMvYXBwLnht bCCiBAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKRUXW/aMBR9n7T/YOW9hKyMVci4 6qgQ08oajVCe3fgmsebYke2x0l+/m4QEGFWnbrxw7r2H48PxB71+KhXZgnXS6GkQDYYBAZ0aIXU+ DdbJ/OIqIM5zLbgyGqbBDlxwzd6/o7E1FVgvwRGU0G4aFN5XkzB0aQEldwMca5xkxpbcY2nz0GSZ TOHWpD9L0D78MByOQ3jyoAWIi6oXDFrFydb/q6gwae3PPSS7CvUYTYznKpElsOhy/ImGh5pujBWO RVcjGraQ3lSVkin3GAlbytQaZzJP7pt1SGx+gY2N1J6Gx0QMBBwaaKp5449tpACXWgBNwxfGNOaW 55ZXhWOXY6QcSrpS9W9ZRMM9ot+Mx68hDVtAF1II0Psptk9qulzOlKyaQQfpKuUKZpgLy7hygNJ9 gy6A13sec2mRufWTLaTeWOLkM+76OCCP3EGd5jTYciu59kFLa4sGq8p5y+ZGe0fWDgQN+2YDj7nH WI7YqCEgeJXYaiV4FOAN2tEbtJv4SCK9Avf/SzRFkyPi04TbJe4z3HP/t8AbD23crZ0b1FfH9no0 40o+WvnajNzJvPAvMjbor/Z48td7tL8AZ/EfwsPTDWTJ00JqmJDP31dfv5BYgcjPt6tL5Y8cZqas uN6xmXSpIaud81Cim65N76T+4dZVYm5xqe4YnzbpquAWBD4I/THvG3SBgVpV82cF1zmIjnM+qJ+B h/ZhZNHHwRA/zY3vevWV7l4s9hsAAP//AwBQSwMEFAAGAAgAAAAhAHlRe3F0AQAA0gIAABEACAFk b2NQcm9wcy9jb3JlLnhtbCCiBAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAISSQWvC MBTH74N9h5LTdqhp1FUJtYIbniYI69jYLUufNqxJSpJZ/fZLq1ZlgreG93u//vNekulWlsEGjBVa TRDpRSgAxXUu1HqC3rN5OEaBdUzlrNQKJmgHFk3T+7uEV5RrA0ujKzBOgA28SVnKqwkqnKsoxpYX IJnteUL54kobyZw/mjWuGP9ha8D9KIqxBMdy5hhuhGHVGdFBmfNOWf2ashXkHEMJEpSzmPQIPrEO jLRXG9rKGSmF21VwFT0WO3prRQfWdd2rBy3q8xP8uXh9a68aCtXMigNKk5xTJ1wJ6VLXYJZaKBcs DVifmDk/7AR3RMNyA8xpky4ELxiUwQwK43cAJniQ3/vvx7blCDYLKJl1C7+rlYB8trvR+59vFAY2 otl9OiQt0p2TwyT3P4Q88BOg+3kdKx+D55dsjtJ+ROIwGoVklJEnSmIajb+arBf9J6E8JLhlJFFI hhkZ0kFMh4Mz41GQtokvX2H6BwAA//8DAFBLAQItABQABgAIAAAAIQAuFw2NrAEAANIJAAATAAAA AAAAAAAAAAAAAAAAAABbQ29udGVudF9UeXBlc10ueG1sUEsBAi0AFAAGAAgAAAAhAGj4dKEDAQAA 4gIAAAsAAAAAAAAAAAAAAAAA5QMAAF9yZWxzLy5yZWxzUEsBAi0AFAAGAAgAAAAhAEv1Pey9AAAA NwEAACAAAAAAAAAAAAAAAAAAGQcAAHBwdC9zbGlkZXMvX3JlbHMvc2xpZGUxLnhtbC5yZWxzUEsB Ai0AFAAGAAgAAAAhAD8tGZ4aAQAAZwQAAB8AAAAAAAAAAAAAAAAAFAgAAHBwdC9fcmVscy9wcmVz ZW50YXRpb24ueG1sLnJlbHNQSwECLQAUAAYACAAAACEA9HcEcpoCAAB7DQAAFAAAAAAAAAAAAAAA AABzCgAAcHB0L3ByZXNlbnRhdGlvbi54bWxQSwECLQAUAAYACAAAACEAw8KrQOwMAAAveQAAFQAA AAAAAAAAAAAAAAA/DQAAcHB0L3NsaWRlcy9zbGlkZTEueG1sUEsBAi0AFAAGAAgAAAAhANXRkvG8 AAAANwEAACwAAAAAAAAAAAAAAAAAXhoAAHBwdC9zbGlkZUxheW91dHMvX3JlbHMvc2xpZGVMYXlv dXQxLnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhANXRkvG8AAAANwEAACwAAAAAAAAAAAAAAAAAZBsA AHBwdC9zbGlkZUxheW91dHMvX3JlbHMvc2xpZGVMYXlvdXQyLnhtbC5yZWxzUEsBAi0AFAAGAAgA AAAhANXRkvG8AAAANwEAACwAAAAAAAAAAAAAAAAAahwAAHBwdC9zbGlkZUxheW91dHMvX3JlbHMv c2xpZGVMYXlvdXQ1LnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhANXRkvG8AAAANwEAACwAAAAAAAAA AAAAAAAAcB0AAHBwdC9zbGlkZUxheW91dHMvX3JlbHMvc2xpZGVMYXlvdXQ0LnhtbC5yZWxzUEsB Ai0AFAAGAAgAAAAhANXRkvG8AAAANwEAACwAAAAAAAAAAAAAAAAAdh4AAHBwdC9zbGlkZUxheW91 dHMvX3JlbHMvc2xpZGVMYXlvdXQzLnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhAEC+GyqHAwAAdAsA ACEAAAAAAAAAAAAAAAAAfB8AAHBwdC9zbGlkZUxheW91dHMvc2xpZGVMYXlvdXQ1LnhtbFBLAQIt ABQABgAIAAAAIQCjWmwUzQMAAMYMAAAhAAAAAAAAAAAAAAAAAEIjAABwcHQvc2xpZGVMYXlvdXRz L3NsaWRlTGF5b3V0NC54bWxQSwECLQAUAAYACAAAACEAEexTcGQEAABIEwAAIQAAAAAAAAAAAAAA AABOJwAAcHB0L3NsaWRlTGF5b3V0cy9zbGlkZUxheW91dDMueG1sUEsBAi0AFAAGAAgAAAAhAIDQ U2p4BwAAtjAAACEAAAAAAAAAAAAAAAAA8SsAAHBwdC9zbGlkZU1hc3RlcnMvc2xpZGVNYXN0ZXIx LnhtbFBLAQItABQABgAIAAAAIQBw7wM4RQQAADINAAAhAAAAAAAAAAAAAAAAAKgzAABwcHQvc2xp ZGVMYXlvdXRzL3NsaWRlTGF5b3V0MS54bWxQSwECLQAUAAYACAAAACEAsd2Mfi4EAACkDwAAIQAA AAAAAAAAAAAAAAAsOAAAcHB0L3NsaWRlTGF5b3V0cy9zbGlkZUxheW91dDIueG1sUEsBAi0AFAAG AAgAAAAhAJZnxxjwAAAAJgQAACwAAAAAAAAAAAAAAAAAmTwAAHBwdC9zbGlkZU1hc3RlcnMvX3Jl bHMvc2xpZGVNYXN0ZXIxLnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhALTPWBm5AAAAJAEAACwAAAAA AAAAAAAAAAAA0z0AAHBwdC9ub3Rlc01hc3RlcnMvX3JlbHMvbm90ZXNNYXN0ZXIxLnhtbC5yZWxz UEsBAi0ACgAAAAAAAAAhADhI5puEHwAAhB8AABcAAAAAAAAAAAAAAAAA1j4AAGRvY1Byb3BzL3Ro dW1ibmFpbC5qcGVnUEsBAi0AFAAGAAgAAAAhAODYG/AZBgAAlxoAABQAAAAAAAAAAAAAAAAAj14A AHBwdC90aGVtZS90aGVtZTIueG1sUEsBAi0AFAAGAAgAAAAhAODYG/AZBgAAlxoAABQAAAAAAAAA AAAAAAAA2mQAAHBwdC90aGVtZS90aGVtZTEueG1sUEsBAi0AFAAGAAgAAAAhAAItDHy8BQAAzh0A ACEAAAAAAAAAAAAAAAAAJWsAAHBwdC9ub3Rlc01hc3RlcnMvbm90ZXNNYXN0ZXIxLnhtbFBLAQIt ABQABgAIAAAAIQAqXUmeXgEAAAYDAAARAAAAAAAAAAAAAAAAACBxAABwcHQvdmlld1Byb3BzLnht bFBLAQItABQABgAIAAAAIQDY/Y2PrAAAALYAAAATAAAAAAAAAAAAAAAAAK1yAABwcHQvdGFibGVT dHlsZXMueG1sUEsBAi0AFAAGAAgAAAAhAO7N3i2qAQAAdwMAABEAAAAAAAAAAAAAAAAAinMAAHBw dC9wcmVzUHJvcHMueG1sUEsBAi0AFAAGAAgAAAAhANN7Z9YvAgAASAUAABAAAAAAAAAAAAAAAAAA Y3UAAGRvY1Byb3BzL2FwcC54bWxQSwECLQAUAAYACAAAACEAeVF7cXQBAADSAgAAEQAAAAAAAAAA AAAAAADIeAAAZG9jUHJvcHMvY29yZS54bWxQSwUGAAAAABwAHAA+CAAAc3sAAAAA --_002_c41c231f3906477f97f1641617de025eXCHRCD006ciscocom_-- From nobody Mon Oct 17 06:47:09 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72CFB129677 for ; Mon, 17 Oct 2016 06:47:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mBfoPw2Vxmor for ; Mon, 17 Oct 2016 06:47:06 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0E831294FB for ; Mon, 17 Oct 2016 06:47:05 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4BC852009E for ; Mon, 17 Oct 2016 10:01:36 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 714E963AFE for ; Mon, 17 Oct 2016 09:47:04 -0400 (EDT) From: Michael Richardson To: anima-bootstrap X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [Anima-bootstrap] section 5.1 -- redirection X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 13:47:07 -0000 --=-=-= Content-Type: text/plain Max, I'm doing the minutes, and I'm trying to explain the confusion we had over the various objects by connecting to the real text, and I came across this. Section 5.1 includes the text: As indicated in EST [RFC7030] the bootstrapping server can redirect the client to an alternate server. If the New Entity authenticated the Registrar using the well known URI method then the New Entity MUST follow the redirect automatically and authenticate the new Registrar against the redirect URI provided. If the New Entity had not yet authenticated the Registrar because it was discovered and was not a known-to-be-valid URI then the new Registrar must be authenticated using one of the two autonomic methods described in this document. Similarly the Registar MAY respond with an HTTP 202 ("the request has been accepted for processing, but the processing has not been completed") as described in EST [RFC7030] section 4.2.3. I'm trying to understand how/when the New Entity would authenticate the registrar using the well known URI. Is this for some form of mitigation, where the new entity does not (can not) do all of the proxy steps and a human helps via craft console? Or is this part of the rekey state machine? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWATWVYCLcPvd0N1lAQJH+Af/R9xTol0I2fsa0Pg+LAwmxLr/xBG8MnPj ZQsxRoM6bZ1L8I5rB9uVVfWSHknYfVnZmDvUEkCviS1ZwFXxVYfp4FUAUosobE48 DofT6yTYBpIHBiMhcgewbVfYJGj6u7jTsZ09BmzmYm/PUGoe2DlbwMYotR9ju/lS MBl3gOl+MX+1GqWIczmRqEXZtgpJMleVMtt40pqMIjHbE1gecegewHQTkxbhvsn9 QAGZghbP9pFVIQZxHm8Q2BMGKi6BvWaDn9Iryu4nfBhF4AKrkxNglLLbQabNSMBJ 2dKLxYGmSA6BVGo1ty0tAWsrSi21JjNmPBvfMwgWOhGaHe1m04GQOA== =vZxE -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Oct 17 07:25:48 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF6E71296EE for ; Mon, 17 Oct 2016 07:25:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8-v56MUw49Z for ; Mon, 17 Oct 2016 07:25:45 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 848C51296ED for ; Mon, 17 Oct 2016 07:25:45 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1E7422009E for ; Mon, 17 Oct 2016 10:40:16 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 3048163AFE for ; Mon, 17 Oct 2016 10:25:44 -0400 (EDT) From: Michael Richardson To: anima-bootstrap X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [Anima-bootstrap] DRAFT minutes from past three meetings X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 14:25:48 -0000 --=-=-= Content-Type: text/plain This set of minutes covers meetings in September 2016 and October 2016, September 20, 2016: mcr, kent, max, michael behringer, October 04, 2016: mcr, max, MichaelB, kent, toerless October 11, 2016: mcr, michaelB, Toerless, Kent, Max (meeting went until 12:30) 0) the old webex expired, and a new one was created. WEEKLY INVITE, SEE ANIMA BOOTSTRAP WIKI: https://trac.tools.ietf.org/wg/anima/trac/wiki/Bootstrap Summary: over the three weeks we had many discussions about the exact format and nature of the ownership voucher, and the different modes in which enrollment can occur. Summary of actions: ACTION: mcr to find some text about why JSON seems to be preferred among "new kids" ACTION: max to run the ownership voucher model to build an example authorization token and ensure it all got covered kent to expand 2.2 (examples) mcr go add the GRASP text for registrar discovery by the proxy mcr to add text to "Privacy Considerations" section about implications of direction of TLS connections, and who reveals identity first. On 2016-09-27 we closed off some lingering discussion about possible FLIP. Summary: because the pledge identity is required to generate the ownership voucher we must expose the pledge to an active attacker mcr: if the pledge exposes a hash'd identity this might resolve the problem. This only works in the non-flipped case because in the non-flipped case the client authentication is optional in TLS. (the current draft indicates we must authenticate the client) In order to preserve the identity of the pledge in the case of the active attacker, we would have to modify the cryptographic mechanism in a way beyond what TLS1.3 can provide. This topic is moot given that the MASA server does not verify ownership itself -- instead it only logs the events for registrar's to do their own verification. [The exact paragraph for this is not clear in the -03 draft. TODO: make this clearer!]. This implies that any crypto/handshake optimization is ultimately only an optimization and an active attacker can in fact obtain the device identity. So the best we can do is ensure logging occurs at the MASA. But this would have been available to the Registrar anyway, and more directly, when the crypto handshake failed. Max's position: another pre-mature optimization. mcr: points out that authoritative MASA servers could shut this down. This should be explained further in the security considerations section. (There is already similar text there). On 2016-10-04 we attempted to make a TODO list for things missing indraft, noting that 2016-10-31 is the Internet Draft submission cut-off. 1. Section 3.2 (proxy behavior) updated to indicate use of GRASP to find Registrar. This might require GRASP objective for registrar discovery be added. Could be defined in the bootstrap document. Provide any guidance re GRASP options so that implementation is clear. Maintain clarity on how a proxy / registrar works when GRASP is not available (e.g. proxy config or other discovery is an option) 2. A finalized format for the ownership voucher/authorization token that is common. And has a single NEW name to avoid confusion with prior discussions ("MASA token"?) The "mode" of the MASA server (if it does "audit mode" or "ownership validation") could be indicated in this MASA token. Kent's draft is: https://github.com/netconf-wg/ownership-voucher/blob/master/draft-kwatsen-netconf-ownership-voucher.xml https://tools.ietf.org/html/rfc7515#section-4.1.6 *** would like a more prescriptive document *** 3. https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-03#section-3.1.1 does not specify a GRASP mechanism for proxy discovery, should it? max feels, "no" because defining an insecure mode of GRASP is difficult. mcr feels, "no" because discovery by multicast UDP but replys are by TCP which means the new node needs to open a TCP port to get a reply back. We just had a long conversation about TCP/UDP etc (re flipping the handshake) and this adds more confusion. group conclusion: close this. "No". (agreement on the call is noted; with toerless voting for grasp but accepting the group decision) On 2016-10-11: We discussed the ways in which draft-kwatsen-netconf-ownership-voucher.xml instantiates itself into JSON, and we discussed concrete choices for a way to sign this object: 1) JOSE 2) JWT 3) PKCS7 signed object We had much discussion which we based upon some mis-understandings of the terms for the for various steps, and also this raporteur suggests that we working with different mental models as to what is going on. That discussion is rather hard to capture into minutes. We further discussed the following abstracted time sequence diagram: pledge registrar masa vendor (A) <**************************************MIC******* [at manufacturing time] (B) -----MIC-------> [probably as part of (D)TLS ClientCertificate] (C) --audit nonce--> [5.1 /requestaudittoken] [nonce] (D) -req audit-token-> [5.2 /requestaudittoken] SigRegistrar([nonce + 802.1AR serial-number]) (E) <-- [authz token]-- [5.3 application/authorization-token] SigMasa([DevIDSerialNumber, domainCAcert]) (F) <--audit token--- (object from E) <-attributes----- ---cert req-----> <--LDevID-------- (A) IDevID installed my manufacturer, at build time. Includes anchor certificate(s) for manufacturer. (B) information about the New Entity's ID (C) using provisional EST connection, an audit nonce is requested. section 5.1 (D) the registrar contacts the MASA for an audit token (5.2) (E) an authorization token is returned (5.3) (F) the authorization token (which acts as an ownership voucher) is returned to the New Entity, ending the provisional part. In our discussions last week and the week before, we had a lot of debate as to whether the contents of (E) needs to have any meaning to the Registrar, and if so, what meaning does it have. We had a lot of confusion between the terms audit token, authorization token and ownership voucher. (Looking above, it seems reasonable as audit token and authorization token are mixed up in C,D,E, with an authorization token being the reply to the /requestaudittoken query!) Some JSON diagrams that came from draft-kwatsen-netconf-ownership-voucher.xml (which, fully formatted was distributed by email, and is also at: http://www.sandelman.ca/tmp/draft-kwatsen-netconf-ownership-voucher-00.txt ) { "ietf-ownership-voucher:voucher": { "assertion": "logged", "owner-id": "Registrar3245", "unique-id": "JADA123456789", or: "unique-id": ["JADA123456789", "AAA123456789 ", "CCC123456789"] ??? "created-on": "2016-10-07T19:31:42Z", "nonce": "987987623489567", } } { "ietf-ownership-voucher:voucher": { "assertion": [ "logged", "owned" ] "owner-id": { "type" : [ "DN", "owner-cert", "CA-fingerprint" ] "value" : "Registrar3245" } "unique-id": { "type" : ["single", "list", "other"] "value" : "JADA123456789", or: "value": ["JADA123456789", "AAA123456789 ", "CCC123456789"] or: "value": "created-on": "2016-10-07T19:31:42Z", "nonce": "987987623489567", } } verified owner-23452345 AAA123456789 BBB123456789 CCC123456789 2016-10-07T19:31:42Z The owner certificate: Owner Certificate: The term "owner certificate" is used in this document to represent an X.509 certificate, signed by the device's manufacturer or delegate, that binds an owner identity to the owner's private key, which the owner can subsequently use to sign artifacts. The owner certificate is used by devices when validating owner signatures on signed data. The owner certificate is formally defined by the "owner-certificate" container in the YANG module defined in Section 7.4. This implies that the manufacturer issues the owner certificate to the https://tools.ietf.org/html/draft-ietf-netconf-zerotouch-09#section-6.3 MCR dug up an email from 2014, which is at: ^^^^^ could there be a hierarchy of these? see: https://mailarchive.ietf.org/arch/msg/6tisch-security/2kObJLkLlhuI-HU9s5yqfRm0n00 and asked for feedback on this, which was received last week. ACTION: mcr to find some text about why JSON seems to be preferred. This diagram grew to explain the audit-only scenario, but is probably needs to be revised to show just the audit-only situation. MASA ------ MASA-token -----------------> Registrar \-- audit-log (MASA signed)...........| \ v proceed only if log is "OK" (no unexpected element) \-- XXX ............| --------------------> Pledge (Client) ownership-voucher (manufacturer signed) Validation: see section https://tools.ietf.org/html/draft-ietf-netconf-zerotouch-09#section-6.3 1) manufacturer signature on voucher 2) pledge serial in voucher matches 3) owner-id in voucher is validated or authorization-token/audit-token (MASA signed) need to eliminate one term. MAX: correct term is audit-token authorizes to join to domain identified with SHA256 hash of public key of CA of domain Contentions: format/content of "owner-id" in ownership voucher: just SHA256 (MAX) or DN of a certificate (Kent original proposal) - DN requires MASA/manufacturer to run PKI service - Kent: Trust-model of public-CA is dangerous Since the audit log goes to the registrar, and the tokens/voucher goes to the pledge, they should be independently signed, so that they can be pass on separately. The pledge has to verify the MIC, needs the manufacturer signing key. The registrar has to verify that the audit-log has properly signed by the MASA. audit-token is a subset of the audit-log, is a statement by the MASA that the MASA has logged the claim. An authorization token/audit-token is an object signed by the MASA server, which is sent to the pledge, and authorizes the pledge to join a network, noting that this activity has been audited (logged). An ownership voucher contains the PKCS-name (DN) of the particular domain to join. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWATfZYCLcPvd0N1lAQIYxAgApjGWEax4B5IUjKOzHQICVV1cOP0F4MS2 Y6m/TIRDtJkYNTjHpyA+mYu+B+LRs4ltb0OQaZoplOb8DcfluRmouZhfIRXmAg6O sOk8JuHkTK2OlsZcm0EGDPyZPcL3B85F13FhPSyFLlu6ERK5Kjosy3/OQDQvQLwo CSZ30RwuUW3d5rgYcK61Nq2UdlZBpv8C9w0ctfn9REJuKAv1Zo9GoIrxCKmf27x7 Q/OEc+PAElKCo/a3hFL6FsArWWSGxFMT5Ztkz3P/C84nzsnpeRENNTFJvkOOw7my 2KDyrpr8NRbZAapltRHw4wXtOvTqdtKsMJECVfXt4oMTZ2HxXHKQlw== =s52q -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Oct 17 08:38:55 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2142712948B for ; Mon, 17 Oct 2016 08:38:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1HgU5qoEp6NQ for ; Mon, 17 Oct 2016 08:38:51 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A152B129455 for ; Mon, 17 Oct 2016 08:38:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=17607; q=dns/txt; s=iport; t=1476718730; x=1477928330; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=eFflqs/1dighFeFCKwe2j4KQ8SxglHJpZ2rdtcelkO0=; b=EGuOBvjkNBSJLtJW/Fu4/5qBlur2TyRJcPENRp/faKCrcOgV9G93BwZd IqNYs1TcSGa/sC0YuIN/yvYhTEK/eUudKpjmuN9I7hT4jZ7DtbS7flG4/ vTfHPbkD76Hw/rA4vAsXJCsRebTEmkQPcQKUZ3TiaLIHhyXuq5YRUzFqf 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ASAgCx7wRY/4QNJK1SAQkbAQEBAwEBA?= =?us-ascii?q?QkBAQGDPAEBAQEBHVd8B40tqS2CD4IIJIV+gWk4FAECAQEBAQEBAV4cC4RoJxM?= =?us-ascii?q?4GQEbI0ImAQQRCgEQiDkOpWycZwEBAQEGAgElhj2HDYFgAQYBCQIBBSKFUwWIR?= =?us-ascii?q?AeFdIE8igsBhieDBoZPgXVOh1CEOoEvkHoBHjZSgn4cgVNBMYZUK4ECgQABAQE?= X-IronPort-AV: E=Sophos;i="5.31,357,1473120000"; d="scan'208";a="336061363" Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Oct 2016 15:38:47 +0000 Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u9HFclfc001468 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Mon, 17 Oct 2016 15:38:47 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 17 Oct 2016 10:38:46 -0500 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Mon, 17 Oct 2016 10:38:46 -0500 From: "Michael Behringer (mbehring)" To: "anima-bootstrap@ietf.org" Thread-Topic: Detailed BRSKI review, part 1 Thread-Index: AdIojIowvRHV0Q7aS5uVfJWO/hywbQ== Date: Mon, 17 Oct 2016 15:38:46 +0000 Message-ID: <9ffa17925cdd4a43a0aeca04e06c906d@XCH-RCD-006.cisco.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.134] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [Anima-bootstrap] Detailed BRSKI review, part 1 X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 15:38:54 -0000 Looking at version -03. There is a lot of detail in this document, and over= all I think it's very good! Tons of work went into this doc, and it's prett= y apparent!=20 The biggest question to me is the one from my email from Friday: In the ori= ginal document we assumed the audit method, and wrote the entire document a= round it. And while I was originally in favour of writing the doc for a sin= gle method, and afterwards explaining exceptions, but I now think reality i= s that we'll see the three methods I mentioned in my mail in parallel:=20 1) join any domain (first come first join) =20 --> No MASA required 2) require audit token=20 --> MASA required, audit mode 3) require authentication token=20 --> MASA required, ownership tracking mode My main comment, thus, for discussion is: Given that we're likely to see t= he three variants in parallel in real life, we should probably explain in e= ach step how the different variants affect this particular step. This would= require quite some work, but my feeling is it's needed for clarity.=20 The other think I would like to discuss: We now kept ANIMA pretty much outs= ide scope. This seems wrong to me. Yes, we should not REQUIRE ANIMA, but we= should still explain how BRSKI works in an ANIMA context. This would add s= ome small notes in various places (see detailed comments). For example, we = don't explain that proxy to Registrar connection is through the ACP, and th= at Registrar is found through GRASP. That feels wrong.=20 Detailed review comments, mostly editorial, but sometimes important (I thin= k :-) are below.=20 Michael -- - section 1: " A complexity that this protocol deals with are dealing with devices from a variety of vendors, and a network infrastructure (the domain) that is operated by parties that do not have any priviledged relationship with the device vendors." I don't understand "priviledged relationship". I guess we want to say that = any domain can claim a device, and that domain doesn't have to be authentic= ated by the vendor, right? It might be clearer to say "prior relationship".= The work "priviledged" is not entirely clear, I find.=20 - if we use "pledge", we should use it throughout. I suggest to do a global= search/replace. Like, the intro uses "new entity" many times.=20 - definition of "pledge": I don't think we should link to "definition 6" on= a web page, since that could well change.=20 That definition sounds very weird to me. "Neither the device nor the networ= k knows if the device yet knows if this device belongs with this network." (he?) Su= rely, the device knows if it knows the domain?!?!=20 Do we need this sentence !?!? Here we say the identity is coming from a "factory". Above it was "third pa= rty". We should use the same term, consistently. What about:=20 Pledge: the new device seeking to join a domain, with an identity provided = by a third party (e.g., vendor, integrator).=20 - I don't understand capitalization of the definitions. When uppercase, whe= n lowercase? Should probably be uppercase for all? - "Optimal security is achieved with IEEE 802.1AR certificates on each new entity, accompanied by a third-party Internet based service for verification." I suggest to add after "third party" something like "(e.g., manufacturer, i= ntegrator) (that's what we mean, right?) - should we not define MASA? I think we need to. (I see it's defined later = on page 7, but it should be defined up front.) - Page 5: "imprint: the process where a device obtains the cryptographic k= ey material to identity and trust future interactions with a network." s/identity/identify/ - Page 5: definition of "DomainID": I suggest to add "see section 4.2.1.2 o= f RFC5280" (I found it, but would have found it faster with this ref ;-)=20 - reference I-D.irtf-nmrg-autonomic-network-definitions should be replaced = with RFC7575. (globally) - Page 5: audit token / authorization token / ownership voucher: I think we= really have TWO things only, the audit token and the ownership voucher.=20 Are we still using "authorization token" at all? If not, let's take it ou= t. In any case, I don't think we ever used "authorization token" equal to "= audit toke", which this section implies.=20 If we use "third party" elsewhere, we should also use it here.=20 Both get issued by the same entity, but are used for different things. Th= is should be reflected here.=20 Right now, one is from a "manufacturer" the other from a "vendor", etc. A= ll inconsistent. I suggest let's define "third party" above (see comments a= bove) and then only use that term.=20 What about:=20 - Audit Token: A signed token from the MASA of a third party (e.g., manufac= turer, integrator) indicating that the bootstrapping has been successfully = logged, including historic logging information from this device.=20 - Ownership Voucher: A signed token from the MASA of a third party (e.g., m= anufacturer, integrator) indicating that a specific domain "owns" the pledg= e as defined in [netconf draft] Page 6 Section 1.2: IOT suitability: "In general the answer is no" - I would prefe= r to rephrase to: "This depends on the capabilities of the devices in quest= ion. The terminology of ..." (because capabilities may well change in the next years, potentially maki= ng the general answer a "yes") - "delays for privacy reasons" - can you expand? Section 1.3: " between the domain Registrar and the new device". Replace "t= he" with "a" - there can be more than one Registrar. Alternatively, "betwee= n domain trust anchor and new device". (do a global search and replace "the= Registrar" with "a Registrar") We have comments about constrained devices a bit all over the intro. I sugg= est we collect them under a separate heading.=20 Section 2 Under Figure 1 we define terms, and in the intro we did as well. There are = overlapping ones (pledge and new entity), similar ones (domain and domainID= ), it's confusing. I suggest we take all the definitions into the intro se= ction. Figure 1 doesn't actually introduce new terms.=20 MASA versus Ownership tracker: The document makes it sound like two differe= nt entities ("MASA or Ownership Tracker") In my mind, there is a single ent= ity which I thought we called MASA. It has two functions, one is auditing, = the other is issuing ownership vouchers. In the discussion from last week t= his seemed to be the consensus as well. In that case, we need to adapt the = drawing and the explanations. "MASA service" provides two services "ownersh= ip attestation" and "audit logging". =20 (This is a bit of a repeat of my last email: I think we should define the = three general models up front (ownership validation, audit log, and no MASA= ), explain the terms of the tokens up front, and what goes where.)=20 3.1: " A New Entity MUST NOT automatically initiate bootstrapping if it has= already been configured." Add: "or is in the process of being configured.= =20 Figure 3:=20 Bullet 1: I would remove "closest" Registrar. I think there will be many cr= iteria. Say here "to a Registrar". (And, we should capitalise "Registrar" c= onsistently) Bullet 2: replace " (Although the Registrar is also authenticated these cre= dentials are only provisionally accepted at this time)" (confusing) with " = (The Registrar credentials are only provisionally accepted at this time)" I think bullet 2 and 3 are actually the same operation. By presenting itsel= f, it implicitly requests to join. We should not make it sound like these a= re two distinct operations. Make it one box and call it "Request join (pres= enting ID)". If we do this, then we should also merge 3.1.2 and 3.1.3. Bullet 4 / Imprint operation:=20 A specific device may require a MASA token to bootstrap, another one may NO= T. This is really a feature of the pledge. And this behaviour MUST NOT be c= hangeable (ie it's hard coded). (somewhere we should state that, I think we= don't so far).=20 In the "Imprint" step three errors can happen: 1) The device receives a bad= MASA token, or doesn't receive one; and 2) the domain Registrar receives a= bad or no MASA token or 3) the audit log makes the Registrar reject the de= vice. For trouble shooting, I think it is imperative that in 1) the pledge = informs the Registrar of the error, and in 2) and 3) the Registrar informs = the pledge (e.g., to turn on a red LED, such that the installer knows that = an error condition has arisen. I think we don't cover those cases yet?=20 3.1.1 " The result of discovery is logically (should be "logical") communication = with a Proxy instead ... " I would have said it the other way round, and re= duced that paragraph to: " The result of discovery is a logical communicati= on with a Registrar, through a Proxy."=20 " To discover the Domain Bootstrap Server" you mean " To discover a Registr= ar" - right? I suggest to remove the term "bootstrap server" completely (gl= obally) to avoid confusion.=20 a): We exclude a case with normal DHCP for IPv4. Do we really want to do th= is? Also, if option d) is the only one working, we require DNS to work. So = a) should probably be expanded to include these options? b): Do we need an IANA registration for the "_bootstrapks._tcp.local" servi= ce? We have no IANA considerations section!!=20 c) We're using both "example.com" and "example.net". Only use .com (http://= www.iana.org/domains/reserved) d) "Vendors that leverage this method SHOULD provision appropriately." Expl= ain? I don't understand what that means?=20 Not sure, just verifying: Our proxy methods would work if the pledge is IPv= 4 and the Registrar IPv6?=20 "to avoid overloading that discovery methods network infrastructure." Does = that make sense? I think "to avoid overloading the network infrastructure w= ith discovery".=20 In the reference model we state that if a pledge has been rejected by a dom= ain, it should preferably use other domains that are seen. We may want to a= dd something at the end of 3.1.1. This is also the reason why the pledge ne= eds to know if the Registrar has rejected it based on MASA input.=20 s/Therefore or clarity/Therefore for clarity/ 3.1.2 suggest to merge with 3.1.3. The "request join" includes the "identit= y", really. These are NOT two separate steps.=20 s/ bootstrapping protocol server/Registrar/g s/bootstrapping server/Registrar/g s/Bootstrapping server/Registrar/g 3.1.4 The non-autonomic methods are confusing here. I wonder whether we should ex= clude them? Are they really in scope?=20 The pledge must support three modes:=20 1 - (no MASA): doesn't require an ownership voucher or audit token 2 - (MASA with audit only): requires an audit token 3 - (MASA with ownership tracking): requires an ownership voucher.=20 3.1.5 " o In accordance with IEEE 802.1AR and RFC5280 all manufacturing installed certificates and trust anchors are assumed to have infinite lifetimes. All such certificates "SHOULD be assigned the GeneralizedTime value of 99991231235959Z" [RFC5280]. The New Entity, Registrar and MASA server MUST ignore any other validity period information in these credentials and treat the effective lifetime as 99991231235959Z. This ensures that client authentication (see Section 3.3.1) and the audit token signature (see Section 5.3) can always be verified during RFC5280 path validation." The MUST statement implies that a MASA etc actually knows whether a certifi= cate is 8201.AR or another type of cert, right? Is that true? When I look a= t a device certificate, how do I know it's an IDevID?=20 Assuming you *can* distinguish IDevID from a "normal" cert, we may run into= cases where "normal" certs are used in the function of an IDevID, right? I= .e. a device type doesn't really support IDevID, but a manufacturer has pre= -loaded certs at manufacturing time.=20 This "All such certificates "SHOULD be assigned the GeneralizedTime value o= f 99991231235959Z" [RFC5280]. " in combination with "MUST ignore" makes me = nervous... We're referring to an audit token in this section, but not to the other 2 m= ethods (Onwership voucher and no MASA). This isn't complete...=20 Specifically, in a case without MASA, I think we need to simply state that = we cannot validate time during enrolment. I think this is what the statemen= t "When accepting an enrollment certificate the validity period within the new end entity certificate is assumed to be valid by the New Entity." wants to say?=20 Actually, we only look at the domain validating time from the pledge, shoul= dn't we also describe the other direction? -->=20 Wouldn't it be correct to say "A pledge without real-time clock cannot secu= rely bootstrap time. During the bootstrap process it accepts all certificat= es without validating time. Once bootstrapped such devices MUST be provided= with the current correct time for other PKI operations to succeed." This whole section 3.1.5 makes me a bit nervous...=20 3.1.6=20 "The New Entity contacts the Registrar" add "via a proxy". We always assume= a proxy.=20 In this section we don't foresee a case without MASA sever. (Bullet list) " o The EST server is authenticated by using the Ownership Voucher indicated fully qualified domain name to build the EST URI such that EST section 4.1.1 bootstrapping using the New Entity implicit Trust Anchor database can be used." Read this several times, still don't parse it. Can we make this sentence si= mpler? Not even sure this is grammatically correct?!?=20 Also this section, I think we should distinguish the three cases of MASA. L= ast paragraph starts with "once the audit token is received". What if there= is none or an ownership voucher?=20 3.1.7 As mentioned in my other mail, I would prefer to call the final state here = "enrolled". We could explain here that in the case of ANIMA, the next step = is the establishment of the ACP, see draft ... and in the non-ANIMA case w= e expect normal management to take place, ex via NETCONF, ... But I suggest= to have a reference to the ACP draft.=20 3.2 We should re-state here that architecturally, a Pledge ALWAYS interfaces a = Proxy; if the directly adjacent device happens to be a Registrar, it has to= present itself to the pledge in the same way a normal Proxy would.=20 "the chosen mechanism SHOULD... " - This is the mechanism we specify later = in the doc, right? (Sounds like this is a requirement outside this doc). Th= en I would re-phrase "the chosen mechanism was designed to ..."=20 I disagree with the *general* goal "SHOULD use the minimum amount of state = on the proxy device." This is a good goal for constrained devices, but in a= normal network we always try to handle DoS for example as far "out" as pos= sible. (We had that discussion a while back). What are we planning to do with draft-richardson-anima-state-for-joinrouter= ? It contains valuable background. Wouldn't it be nice to have that as an a= ppendix in brski? (However, then the naming would need to be adapted to the= brski terminology).=20 Add: "If this bootstrap mechanism is used in an ANIMA context, the proxy de= vice will discover Registrar(s) through GRASP based discovery, inside the A= CP. The connection from the Pledge will also be forwarded inside the ACP." = A proxy will only be enabled when a device sees a Registrar; if it loses co= nnections to all Registrars, it withdraws the proxy service announcements.= =20 Or did we decide to leave ANIMA completely out of the draft? (I thought we = wanted it independent, but ANIMA is still the main use case for now).=20 3.3 I think we need to take a step back here. First, explain that the registrar= is typically configured. Then, we need to give a bit more context: On one = side, it expects connections from pledges, on the other we have a CA connec= tion and (optionally) a MASA.=20 Then, in an ANIMA context, the Registrar(s) announce their service inside t= he ACP, and they expect to be contacted by proxies through the ACP.=20 3.3.2 The whole document is focused on the audit method; If this is the main meth= od, then we MUST explain the white list here, because neither of the 3 bull= ets in this section is sufficient for authorizing exactly "my" devices. (I = realise white lists appear later on).=20 Paragraph "In order to validate the IEEE 802.1AR device identity..." belong= s into 3.3.1.=20 s/it is expected request/it is expected to request/ "these certificates can subsequently be used to determine the boundaries of= the homenet..." - remove the homenet references here. I suggest to re-phas= e: "These certificates can be used for other methods, for example boundary = detection, auto-securing protocols, etc.".=20 "The authorization performed during this phase MAY be cached for the TLS session and applied to subsequent EST enrollment requests so long as the session lasts." - not clear?!? Each request is f= or a single device. Why cache?=20 I stop the detailed review here for a moment, since my comments would depen= d too much on how we resolve the question asked above about the 3 methods. = Will resume here once we settled on this...=20 From nobody Mon Oct 17 12:16:46 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DC5D1294DA for ; Mon, 17 Oct 2016 12:16:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18D3I4aluu03 for ; Mon, 17 Oct 2016 12:16:42 -0700 (PDT) Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADA951294D6 for ; Mon, 17 Oct 2016 12:16:42 -0700 (PDT) Received: by mail-pf0-x234.google.com with SMTP id e6so82229781pfk.3 for ; Mon, 17 Oct 2016 12:16:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=n2JRcPvN/C7AtZl+jwZ/JEjLHDmREFKPuYDvoqjIK3Y=; b=b8olfHWgwkaVmhLAxqMtTQyvyA8CliaXdPrc9hxiHunrDhaBQMA9fuPMrQeaDBKnnR 1WXLU1zlJ6/yu2eS106id+PfSOq2UK9DHMUyw3NAlsYqfBLP/2P6PCwq6TgwXwpbEJvD mlijsKCVmKf7fac80JhgggmdubP0H2qW2DQ4BKhYL8BQBkB7A92E2kgcJECWE6mpb9jR eIUbaN1TF8y5q06n4haUMWgo94QrC5WW0++mjlfY6LAfdY+l0pAJKtctGb+jefmk3ZPi uVeCr1Q2KAnXbrDueYsX+7OreQ1iivNSi5dAIjkzu5dBZk7eZtydFHPV8Em9LxuLlHTj 5OpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=n2JRcPvN/C7AtZl+jwZ/JEjLHDmREFKPuYDvoqjIK3Y=; b=NXjXleb10CjZ4rpmOzQnvMrBYecmVtB9Zy+QJd0DOL7UxgEKj8scQNNVEdSC7O/j56 IOw/iBU5WoHPVqXoUQa62ilFXByFAj9swQQfqzonG6+SDEviQ8vZtnsERNsajj9c7kQX gsA+81uFD0fRpz9DWgpCJy9GfhW36ikR9scOnu4frqZhb8oaFtzRRkmcWMwDqj2Ly55i ILh5/uHQs5IP+txaEs4x5wTjdpp/LaHTHv5x/45LUDeD/4kXfrb/F1XQH6GJtnpmg/eH fM6o4PwRzM6AhMGaftDG6qyp2uqhwhupwqhPtX2L4OQF03euS+H/OFejfOkcehMMeeqP MCJg== X-Gm-Message-State: AA6/9RnWJaeWxpJ34ROr07xXybg7Ah6IUgRjv3E0+nHUVyj5mkxxqkC7flhIsybbPyKDYw== X-Received: by 10.98.87.79 with SMTP id l76mr39428643pfb.174.1476731802276; Mon, 17 Oct 2016 12:16:42 -0700 (PDT) Received: from [192.168.178.23] (147.217.69.111.dynamic.snap.net.nz. [111.69.217.147]) by smtp.gmail.com with ESMTPSA id f1sm49919409pff.34.2016.10.17.12.16.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2016 12:16:41 -0700 (PDT) To: "Michael Behringer (mbehring)" , "anima-bootstrap@ietf.org" References: <9ffa17925cdd4a43a0aeca04e06c906d@XCH-RCD-006.cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: Date: Tue, 18 Oct 2016 08:16:40 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <9ffa17925cdd4a43a0aeca04e06c906d@XCH-RCD-006.cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Anima-bootstrap] Detailed BRSKI review, part 1 X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 19:16:44 -0000 > This would add some small notes in various places (see detailed comments). For example, we don't explain that proxy to Registrar connection is through the ACP, and that Registrar is found through GRASP. Or that the pledge MAY find the proxy through an insecure instance of GRASP, which we sketched out in Berlin, and which is demonstrated in running code at https://www.cs.auckland.ac.nz/~brian/graspy/brski/ Regards Brian Carpenter From nobody Mon Oct 17 12:40:58 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BDD41295A5 for ; Mon, 17 Oct 2016 12:40:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lcgboTdvnHvi for ; Mon, 17 Oct 2016 12:40:55 -0700 (PDT) Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0DDE1297C9 for ; Mon, 17 Oct 2016 12:40:55 -0700 (PDT) Received: by mail-pf0-x22d.google.com with SMTP id r16so59137594pfg.1 for ; Mon, 17 Oct 2016 12:40:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=DXrxV056YFNXAEMuX9HlPLCX93To3Y6X5bWXpAWRwqU=; b=UTEQonfrIegDjrBzisee3OTNcv31JbS++3XJe2uGwsmJsxjg8kEl3fT56N3XTQGEyQ oOFJAMJMuNkzLhNs4eOIVXhN86xlCZ6zHGFm3hArcIAzmvurqctVbiWqiJLUz/13GM+q uK+k6mm433ceoPdNoRFbocrp86F3Ti+DHbNB2C5wDG7oRw3b9ShMv/YkOjsY3S1vKx2m 7cQCiSlwDSAadTGa9k8XMMfU68oUREydnk8DzPtKkuUZVH5omQIbWqBnjA6a+KDlZOjG DQdY24O08Isv1fs8GfkJjKWlTB9WnIPzSyXUofq+lYl5li++YyGg5WcuiPtfnOVjVGPO +WVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=DXrxV056YFNXAEMuX9HlPLCX93To3Y6X5bWXpAWRwqU=; b=DkGhB5EgMDddqxN6hinP0JcyzLnB9coPp8Z+mpXZzZuHvxOWimVAgiP6BaamFSIK7/ PhPBM4hdPHkhz01SH9k9Tb1LDdoZC4ZTeihYhXIub6uvQZ6b6aDqSduTqjk6dW4HQdaw i7w6sy5C3sqGdS2Jo1V2k/pV2Km+QZJJDmjWn4wjxfSdMVpt8jU2O+qnVX8emu29g6kO 6otgYgcDh5WuY4TynfBXpC0xwJpm5vE+en+cLdkGyfNCRVBJTWwC0OeHDEfkOSHdmORV B/1E3TfBQhbnuPYpV4jic6w5FQP78i4Ey8szatrK5Jq+75Xlbk+fBUPEepehd/4hUvP4 kIog== X-Gm-Message-State: AA6/9Rlf1E+QUTVfFN5aKbOq4j0qU1WK19MrIxXfmR3GNsB5P5hdoRpnSrmiMAXUKSQkHQ== X-Received: by 10.99.123.15 with SMTP id w15mr33008081pgc.155.1476733255300; Mon, 17 Oct 2016 12:40:55 -0700 (PDT) Received: from [192.168.178.23] (147.217.69.111.dynamic.snap.net.nz. [111.69.217.147]) by smtp.gmail.com with ESMTPSA id m20sm49986812pfk.96.2016.10.17.12.40.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2016 12:40:54 -0700 (PDT) To: "Michael Behringer (mbehring)" , "anima-bootstrap@ietf.org" References: From: Brian E Carpenter Organization: University of Auckland Message-ID: <746b88a1-717a-8b2d-1ed1-84e4d2268926@gmail.com> Date: Tue, 18 Oct 2016 08:40:53 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Anima-bootstrap] BRSKI State Machine X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 19:40:57 -0000 Hi Michael, On 15/10/2016 03:42, Michael Behringer (mbehring) wrote: ... > * First of all, one thing isn't coming out clearly (it's there, but somehow not obvious at all): We have three "paths" through the algorithm, and it is the *pledge* that has "hard coded" which paths we're taking: > > 1) join any domain (first come first join) > --> No MASA required > 2) require audit token > --> MASA required, audit mode > 3) require authentication token > --> MASA required, ownership tracking mode > > [I really hope we agree on that!!!] What about the air gap case (no external interaction allowed, by site policy)? Would there be a simulated MASA in that case? In any case, that is not a choice that the pledge can make. ... > - we need to specify precisely the discovery method, with mDNS field names, and other details. In my head we're using mDNS here, and I *think* we agreed on that? No, I think we agreed on supporting both mDNS or GRASP discovery; it is of course the latter hat I've modelled. We have no need of mDNS for GRASP-capable nodes, but we must support mDNS between the proxy and a non-GRASP-capable pledge. I've got no objection to also specifying mDNS between the proxy and the registrar, but I think it's redundant. Indeed the details have to be specified; I haven't formally written them up for the GRASP methods but they are embedded in my Python code. (Again, https://www.cs.auckland.ac.nz/~brian/graspy/brski/) Rgds Brian From nobody Mon Oct 17 14:32:40 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75BB61294EF for ; Mon, 17 Oct 2016 14:32:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mgQqlecv3z42 for ; Mon, 17 Oct 2016 14:32:37 -0700 (PDT) Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 838A1129471 for ; Mon, 17 Oct 2016 14:32:37 -0700 (PDT) Received: by mail-pf0-x235.google.com with SMTP id 128so84032564pfz.0 for ; Mon, 17 Oct 2016 14:32:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=B+M5PlDEdnf43x0AREyzflN/5iQix/Bro9HzeXDf09I=; b=BYDlB8H4vRgQPGSC2m6NWOp2rBTtu6VCgMVsSZWlzbzbC9JdtkMIic1KobQp2Fz4jn pk7cnwSNZcAecdDnrzGJnkOXnMltz11Hy7zTkN/PqtEqPxKrzjBNgDyXjUwenlRHQSXV YqNm/sNs20PGugq8W3dNgTWrE0TpeKeuUt2j3xXiPhSW87Ghx+Fjrb/NFSEGeNAyJPNy esJb5C1/WCz57pPvMimWdppVbqQiAYD1XZVHKQwcZwmiAXZnXFzk5GZZGAy8aQJpFc0Q TR6CDy4Sep+e8EPI13kQcQyjnwoWy3mBLBgjFzWSyOr1GX4wNTWGCIJzdFdLHmEmiANL J3+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=B+M5PlDEdnf43x0AREyzflN/5iQix/Bro9HzeXDf09I=; b=dD+3Js9/9K2CU4RHxUrdl/4fs7c/I64Eh1QcX1N3jaGRKheb4TeS8HLeAxRYZDjUI+ +hQd4L1tDj2fT7OdBsVPbQuOyqw/ZbZ/fjP5P1AIafajUSsAbzZcQdoZ5Sbr9mlfGuMb jTOiRgW67V1QL+GW8jUOTPmFbJOv8lYhNfJVPoF2W+LlMfHe3ZGuF97NhZ9QvLKsweCb S/U6YyGIXpp2HM77PosvmeDs3Mh5LMNIY36T2Ad0Eg673gJXXLK/ZzSnQbpejiBQShmQ mwgLQyN+0G1RZcehe3YoiX31RUgklxKn9ZgvGi6qDUi4LsBO8bOegjiEEaAJeDouBTdy 65Eg== X-Gm-Message-State: AA6/9RkgSx4ryEDH/AUVxs3//W7CJaU/tFM0u+KJ9oQK7uN2j/N22lHqWWN7E81NXmSyAQ== X-Received: by 10.98.204.67 with SMTP id a64mr40132423pfg.120.1476739956979; Mon, 17 Oct 2016 14:32:36 -0700 (PDT) Received: from ?IPv6:2001:df0:0:2006:c0da:ac17:5f6d:8e76? ([2001:df0:0:2006:c0da:ac17:5f6d:8e76]) by smtp.gmail.com with ESMTPSA id j17sm50253577pfe.79.2016.10.17.14.32.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2016 14:32:36 -0700 (PDT) To: Michael Richardson , anima-bootstrap References: <16867.1476714344@obiwan.sandelman.ca> From: Brian E Carpenter Organization: University of Auckland Message-ID: <428b3303-fd3c-4882-fd33-50d4368eef86@gmail.com> Date: Tue, 18 Oct 2016 10:32:34 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <16867.1476714344@obiwan.sandelman.ca> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Anima-bootstrap] DRAFT minutes from past three meetings X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 21:32:39 -0000 On 18/10/2016 03:25, Michael Richardson wrote: ... > 1. Section 3.2 (proxy behavior) updated to indicate use of GRASP to find > Registrar. This might require GRASP objective for registrar discovery be > added. Could be defined in the bootstrap document. > Provide any guidance re GRASP options so that implementation is clear. Yep. We definitely have to specify the objective. objective = ["AN_registrar", objective-flags, loop-count, [radius, priority, weight, method]] This is explained in https://www.cs.auckland.ac.nz/~brian/graspy/brski/README.txt But you guys need to decide if that's what you want; I defined it following input from Toerless about making it mDNS-equivalent. ... > 3. https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-03#section-3.1.1 > does not specify a GRASP mechanism for proxy discovery, should it? > max feels, "no" because defining an insecure mode of GRASP is difficult. > mcr feels, "no" because discovery by multicast UDP but replys are by TCP > which means the new node needs to open a TCP port to get a reply back. We > just had a long conversation about TCP/UDP etc (re flipping the handshake) > and this adds more confusion. > group conclusion: close this. "No". (agreement on the call is noted; with > toerless voting for grasp but accepting the group decision) No consensus from me :-). This conclusion applies for non-GRASP-capable devices. For GRASP-capable devices, specifically pledges that will shortly join the ACP, there is no difficulty with the flip to TCP. The grasp -07 text is broken on this, but I have corrected text and running code. We already figured out the insecure mode of GRASP too (already in the -07 text). In fact the proxy ASA itself can enforce the necessary regime (loop count of 1 and use of link-local addresses). Up and running at https://www.cs.auckland.ac.nz/~brian/graspy/brski/. If you are joining the ACP you can be strictly GRASP-only, with *our* security fences. I see that as more secure than mDNS. Rgds Brian From nobody Mon Oct 17 15:00:35 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43CD112943F for ; Mon, 17 Oct 2016 15:00:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4G_oxKDwzt97 for ; Mon, 17 Oct 2016 15:00:32 -0700 (PDT) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B14512947C for ; Mon, 17 Oct 2016 15:00:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2430; q=dns/txt; s=iport; t=1476741632; x=1477951232; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ujZ91BFHElbahesEpTgKobp5vaRMa+4Pc65K5VlAOuQ=; b=EWP6w7nPfR54C7Z2wKIb5q7oRkCD/Fo0g1U7YQpRCoU3HwRVJNiT+8dr 9vS1qx41DAVeGHdzH3LilaPccuD+WZ5tIFvnevjps+BMLYBrir8x3EZ7F pwgBRPCGv5rU1Lq4NkzOW732sYpyEJdxvOmkN5s1jwMB3aF3+LDuuOlq9 Y=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A6AQCBSQVY/51dJa1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgzwBAQEBAR1XfAeNLZcGlDiCCB0LgkSDNgKBbzgUAQIBAQEBAQE?= =?us-ascii?q?BXieEYQEBAQMBAQEBNzQLBQsCAQgYHhAnCyUCBA4FiEoIDsJKAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBGAWIOoJYhDEWgzCCLwWaBgGQA491jHuDfwEeNlKEbXKIAYE?= =?us-ascii?q?AAQEB?= X-IronPort-AV: E=Sophos;i="5.31,358,1473120000"; d="scan'208";a="336742186" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2016 22:00:24 +0000 Received: from xch-rcd-011.cisco.com (xch-rcd-011.cisco.com [173.37.102.21]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id u9HM0OgK030049 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 17 Oct 2016 22:00:24 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-011.cisco.com (173.37.102.21) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 17 Oct 2016 17:00:19 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Mon, 17 Oct 2016 17:00:19 -0500 From: "Max Pritikin (pritikin)" To: Michael Richardson Thread-Topic: [Anima-bootstrap] section 5.1 -- redirection Thread-Index: AQHSKHz22l7b3DIF90W6zIPNiD6lZ6CthoqA Date: Mon, 17 Oct 2016 22:00:19 +0000 Message-ID: <3F4BBD96-9E80-46DF-9E65-2A2DD9404138@cisco.com> References: <7868.1476712024@obiwan.sandelman.ca> In-Reply-To: <7868.1476712024@obiwan.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.9] Content-Type: text/plain; charset="us-ascii" Content-ID: <3E8FA33715939C4F9BD6A38F9DE833DB@emea.cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] section 5.1 -- redirection X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 22:00:34 -0000 > On Oct 17, 2016, at 7:47 AM, Michael Richardson w= rote: >=20 >=20 > Max, I'm doing the minutes, and I'm trying to explain the confusion we ha= d > over the various objects by connecting to the real text, and I came acros= s this. >=20 > Section 5.1 includes the text: >=20 > As indicated in EST [RFC7030] the bootstrapping server can redirect > the client to an alternate server. If the New Entity authenticated > the Registrar using the well known URI method then the New Entity > MUST follow the redirect automatically and authenticate the new > Registrar against the redirect URI provided. If the New Entity had > not yet authenticated the Registrar because it was discovered and > was not a known-to-be-valid URI then the new Registrar must be > authenticated using one of the two autonomic methods described in > this document. Similarly the Registar MAY respond with an HTTP 202 > ("the request has been accepted for processing, but the processing > has not been completed") as described in EST [RFC7030] section 4.2.3. >=20 > I'm trying to understand how/when the New Entity would authenticate the > registrar using the well known URI. Is this for some form of mitigation, > where the new entity does not (can not) do all of the proxy steps and a h= uman > helps via craft console? Or is this part of the rekey state machine? Including a well known URI as the final discovery attempt allows the client= state machine and code base to support a model where it is booted on an un= secured (unknown) network where nothing local responds to discovery attempt= s. This use case support any home or small-business style device that might= use a cloud management model.=20 The redirect is an implied case by using HTTP and, for EST, we were asked t= o indicate what the appropriate behavior would be. Here the same idea appli= es *plus* note that this allows an inversion of the proxy model for the abo= ve use case. The device reaches out to a cloud service first and gets redir= ected to a local service.=20 - max >=20 >=20 > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- >=20 >=20 >=20 > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Mon Oct 17 16:05:23 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28D1D1294D8 for ; Mon, 17 Oct 2016 16:05:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3a0IZZzuUJDW for ; Mon, 17 Oct 2016 16:05:19 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4455129480 for ; Mon, 17 Oct 2016 16:05:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10162; q=dns/txt; s=iport; t=1476745518; x=1477955118; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=MVGPFxbUIX6ufqM2T1kYRFJhszY5zu+XZZ0ioFmBk7k=; b=U2hPZo461+8dTzMcb1eBKeuN5eZK7dcBGW1QjmUWmAHtcz24Up64Hkj8 BczrsTrgZVlAlf+en4Tpv4Fu3G+5qcLwb96+3EErk1H+eL54Dbcev9RYp pLMyQV8+ySCpez/aZ/5FVLW1284zGZPe5ozZuQuPsZB9qZ5zbwMcXDH5c Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A6AQAIWAVY/5BdJa1SCRkBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYM8AQEBAQEdV20PB40tlwaUOIIIHQuFegIagVY4FAECAQEBAQE?= =?us-ascii?q?BAV4nhGEBAQEDAQEBASAEDToLBQsCAQgYAgImAgICJQsVEAEBBA4FGYgxCA61W?= =?us-ascii?q?IxqAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBB4czCIJQhBgIERaDBCyCLwEEiE2?= =?us-ascii?q?ROQGQA491jHuDfwEeNlKEbXKGVCuBAoEAAQEB?= X-IronPort-AV: E=Sophos;i="5.31,359,1473120000"; d="scan'208";a="336086873" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Oct 2016 23:05:17 +0000 Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id u9HN5HQs004689 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Mon, 17 Oct 2016 23:05:17 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 17 Oct 2016 18:05:16 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Mon, 17 Oct 2016 18:05:17 -0500 From: "Max Pritikin (pritikin)" To: "Michael Behringer (mbehring)" Thread-Topic: [Anima-bootstrap] BRSKI State Machine Thread-Index: AdImIxW8sCw9I7ieQW++wlMDDTidqAC0b9kA Date: Mon, 17 Oct 2016 23:05:16 +0000 Message-ID: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.9] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] BRSKI State Machine X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 23:05:21 -0000 VGhhbmtzIGZvciB0aGUgZGV0YWlsZWQgcmV2aWV3IG5vdGVzISBUaGV5IGFyZSBtdWNoIGFwcHJl Y2lhdGVkIGFuZCB2ZXJ5IHRpbWVseS4gSeKAmWxsIGJlIHNwZW5kaW5nIHRpbWUgdGhpcyB3ZWVr IGFkZHJlc3NpbmcgdGhlbS4gDQoNClJlc3BvbmRpbmcgdG8gdGhlIGhpZ2hlciBsZXZlbCBkaXNj dXNzaW9uIGlubGluZSwgDQoNCj4gT24gT2N0IDE0LCAyMDE2LCBhdCA4OjQyIEFNLCBNaWNoYWVs IEJlaHJpbmdlciAobWJlaHJpbmcpIDxtYmVocmluZ0BjaXNjby5jb20+IHdyb3RlOg0KPiANCj4g SGkgRm9sa3MsIA0KPiANCj4gWW91IGtub3cgdGhhdCBJJ20gZG9pbmcgYSBjb21wbGV0ZSB0aG9y b3VnaCB0b3AtdG8tYm90dG9tIHJldmlldyBvbiB0aGUgYnJza2kgZHJhZnQsIGJ1dCBJJ20gb25s eSBoYWxmLXdheSB0aHJvdWdoIHJpZ2h0IG5vdy4gKFllcywgSSdtIHRha2luZyBpdCBzZXJpb3Vz bHkgOy0pIA0KPiANCj4gSSdtIGJyaW5naW5nIGZvcndhcmQgaGVyZSBhIHNpbmdsZSB0b3BpYyB0 aGF0IEkgdGhpbmsgaXMgZmFpcmx5IGltcG9ydGFudCwgc28gdGhhdCB3ZSBjYW4gc3RhcnQgZGlz Y3Vzc2lvbiBhYm91dCB0aGF0LiBBbmQgdGhhdCBpcyB0aGUgc3RhdGUgbWFjaGluZS4gTXkgaGln aC1sZXZlbCBvYnNlcnZhdGlvbiBpcyB0aGF0IEkgdGhpbmsgdGhlIGRyYWZ0IGlzbid0IHByZWNp c2UgZW5vdWdoIHlldCB0byBhbGxvdyBmb3IgaW5kZXBlbmRlbnQsIGludGVyb3BlcmFibGUgaW1w bGVtZW50YXRpb25zLiBUaGVyZSBhcmUgdG9vIG1hbnkgImxvc2UgZW5kcyIuIA0KPiANCj4gU28s IEkgc3RhcnRlZCBsb29raW5nIHRocm91Z2ggdGhlIHN0YXRlIG1hY2hpbmUgKGZpZ3VyZSAzKSwg YW5kIHRob3VnaHQgdGhpcyB0aHJvdWdoIGluIG1vcmUgZGV0YWlsLiANCj4gDQo+ICogRmlyc3Qg b2YgYWxsLCBvbmUgdGhpbmcgaXNuJ3QgY29taW5nIG91dCBjbGVhcmx5IChpdCdzIHRoZXJlLCBi dXQgc29tZWhvdyBub3Qgb2J2aW91cyBhdCBhbGwpOiBXZSBoYXZlIHRocmVlICJwYXRocyIgdGhy b3VnaCB0aGUgYWxnb3JpdGhtLCBhbmQgaXQgaXMgdGhlICpwbGVkZ2UqIHRoYXQgaGFzICJoYXJk IGNvZGVkIiB3aGljaCBwYXRocyB3ZSdyZSB0YWtpbmc6IA0KPiANCj4gMSkgam9pbiBhbnkgZG9t YWluIChmaXJzdCBjb21lIGZpcnN0IGpvaW4pICANCj4gICAtLT4gTm8gTUFTQSByZXF1aXJlZA0K DQpGb3IgdGhlIHJlY29yZDogSSBjb25zaWRlciB0aGlzIGEgc2VjdXJpdHkgdnVsbmVyYWJpbGl0 eSBidXQgYWNjZXB0IHRoYXQgaXQgd2lsbCB0YWtlIGEgbnVtYmVyIG9mIGhpZ2ggcHJvZmlsZSBh dHRhY2tzIGJlZm9yZSBmb2xrcyBjb21lIGFyb3VuZCB0byBhZ3JlZWluZyB3aXRoIG1lLiA7KSBJ IHJlY29tbWVuZCBhZ2FpbnN0IHRoaXMuIA0KDQo+IDIpIHJlcXVpcmUgYXVkaXQgdG9rZW4gDQo+ ICAgLS0+IE1BU0EgcmVxdWlyZWQsIGF1ZGl0IG1vZGUNCj4gMykgcmVxdWlyZSBhdXRoZW50aWNh dGlvbiB0b2tlbiANCj4gICAtLT4gTUFTQSByZXF1aXJlZCwgb3duZXJzaGlwIHRyYWNraW5nIG1v ZGUNCj4gDQo+IFtJIHJlYWxseSBob3BlIHdlIGFncmVlIG9uIHRoYXQhISFdDQoNCkFncmVlZC4g DQoNCldoZXJlICMyIGFuZCAjMyBjb3VsZCBiZSBzZWVuIGFzIGEgc2luZ2xlIHBhdGggd2l0aCBz bGlnaHRseSBkaWZmZXJlbnQgaW5mb3JtYXRpb24gaW4gdGhlIG1lc3NhZ2UgZnJvbSB0aGUgTUFT QSBzZXJ2ZXI7IGJ1dCB3ZeKAmWQgYmUgcXVpY2tseSBiZSBpbnRvIHRoZSB3ZWVkcyBvZiB0aGUg bXNnIGZvcm1hdCBpZiB3ZSBnZXQgaW50byB0aGF0IGhlcmUuIA0KDQo+IFRoaXMgbmVlZHMgdG8g Y29tZSBvdXQgbXVjaCBtb3JlIGNsZWFybHkuIFNob3VsZCB0aGlzICJoYXJkIGNvZGVkIiBiZWhh dmlvdXIgYmUgY2hhbmdlYWJsZSB1bmRlciBjZXJ0YWluIGNvbmRpdGlvbnM/IChEb24ndCB0aGlu ayBzbywgYnV0Li4uKSANCj4gVGhlIGtuZWUtamVyayByZWFjdGlvbiB3b3VsZCBiZSB0byBwdXQg dGhpcyB1bmRlciAzLjEsIGJ1dCBJIHRoaW5rIGl0J3MgbW9yZSBpbXBvcnRhbnQgdGhhbiB0aGF0 ISBJdCBzaG91bGQgYmUgZXhwbGFpbmVkIHZlcnkgZWFybHksIHNvbWV3aGVyZSBpbiAxKSwgbWF5 YmUgaW4gIDEuMi4gSGFwcHkgdG8gd3JpdGUgdXAgc29tZSB0ZXh0IGlmIHRoZSB0ZWFtIHdhbnRz IG1lIHRvIChhbmQgaWYgd2UgYWdyZWUgOy0pIA0KPiANCj4gKiBXaGVuIHlvdSB0cnkgdG8gZG8g YSBzdGF0ZSBtYWNoaW5lIHdpdGggZmlndXJlIDMsIHRoZXJlIGFyZSBhIGZldyB0aGluZ3MgdGhh dCBkb24ndCBxdWl0ZSBnZWwuIE1haW4gcG9pbnRzIGFyZTogDQo+IA0KPiAtICJJZGVudGl0eSIg aXNuJ3QgcmVhbGx5IGEgc3RhdGUgaW4gaXRzZWxmLiBJIHdvdWxkIGFyZ3VlIGEgcGxlZGdlIFVT RVMgaXRzIGlkZW50aXR5IGluIHRoZSBuZXh0IHN0ZXAuIA0KDQpGcm9tIGEgcHJvdG9jb2wgcGVy c3BlY3RpdmUgdGhlIHBsZWRnZSBjb21wbGV0ZXMgYXV0aGVudGljYXRpb24gYXMgcGFydCBvZiB0 aGUgVExTIGhhbmRzaGFrZSBhbmQgb25seSBhZnRlciB0aGF0IGlzIGNvbXBsZXRlIGRvZXMgaXQg 4oCYcmVxdWVzdCBqb2lu4oCZLiBTbyBJIGNhbGxlZCB0aGVzZSBkaXN0aW5jdCBzdGF0ZXMuIEkg ZG9u4oCZdCBmZWVsIHN0cm9uZ2x5IGFib3V0IGl0IHRob3VnaCBhbmQgYW0gb3BlbiB0byBjb21i aW5pbmcgdGhlc2Ugc3RhdGVzLiANCg0KPiAtIEkgdGhpbmsgd2UgbmVlZCB0byBicmluZyBvdXQg bW9yZSBzdHJvbmdseSB0aGF0IHRoZSBzdGF0ZSBtYWNoaW5lIG5lZWRzIHRvIHRyYWNrIHBlZXIg YW5kIGRvbWFpbi4gQmVjYXVzZSwgaWYgdGhlcmUgaXMgYSBmYWlsdXJlLCB0aGUgcGxlZGdlIHNo b3VsZCwgZGVwZW5kaW5nIG9uIHRoZSBmYWlsdXJlIG9mIGNvdXJzZSwgbm90IHRyeSB0aGUgc2Ft ZSBkb21haW4gYWdhaW4sIGFuZCBwcm9iYWJseSBub3QgdGhlIHNhbWUgcGVlciBlaXRoZXIuIFRo aXMgaXNuJ3QgY29taW5nIG91dCB0b2RheS4gDQo+IEluIGZhY3QsIHRoaXMgaXMgd2h5IEkgbGlr ZWQgdGhlICJhZGphY2VuY3kgdGFibGUiIHNvIG11Y2ggdGhhdCBJIHByZXNlbnRlZCBpbiBCZXJs aW4gKGFuZCBiZWZvcmUpOiBCZWNhdXNlIHRoZXJlIHlvdSBzZWUgbXVjaCBjbGVhcmVyIHRoYXQs IGlmIGVucm9sbWVudCBmYWlscyB3aXRoIHBlZXIgeCwgeW91IG1heSBqdXN0IG1vdmUgdG8gdGhl IG5leHQgb25lLiBBcyBtZW50aW9uZWQgaXQncyBhbGwgdGhlcmUsIGJ1dCB0byBhIG5ldyByZWFk ZXIgdGhpcyB3b24ndCBjb21lIG91dCBjbGVhcmx5LCBJJ20gYWZyYWlkLg0KDQpZZWFoLCBJIGNh biBzZWUgeW91ciBwb2ludCB0aGF0IHRoaXMgaXMgYnVyaWVkIGluIHRoZSB0ZXh0IG9mIDMuMS4x IHdoZXJlIGl0IGlzIGltcGxpZWQgdGhhdCB0aGVyZSBpcyBhIGxpc3Qgb2YgInNlcnZpY2VzIHJl dHVybmVkIGR1cmluZyBlYWNoIHF1ZXJ54oCdIGFuZCBpbiBmYWlsdXJlIHRoZSBsaXN0IHByb2Nl c3NpbmcgInBpY2tzIHVwIHdoZXJlIGl0IGxlZnQgb2Zm4oCdIGJ1dCB0aGF0cyBwcmV0dHkgc3Vi dGxlLiANCg0KPiAtIFdlIG1heSB3YW50IGEgInJlYXNvbiBmb3IgcmVqZWN0aW9uIiBpZiB0aGUg ZG9tYWluIHJlamVjdHMgYSBkZXZpY2UgKGZvciBhbGwgbmVnYXRpdmUgY2FzZXMpLiBJbiBzb21l IGNhc2UsIGl0IGNvdWxkIGJlIGEgIndhaXQgYSBtaW51dGUsIEknbSBjdXJyZW50bHkgb3Zlcmxv YWRlZCIsIGluIG90aGVycyAid2UgZG9uJ3QgbGlrZSB5b3UgaW4gdGhpcyBkb21haW4iLCBvciAi eW91ciBlbnJvbG1lbnQgbW9kZSAoc2VlIGZpcnN0IHBvaW50KSBpcyBub3QgYWNjZXB0YWJsZSIu IA0KPiBJbiAicmVhbCBsaWZlIiB0aGlzIHdvdWxkIGFsbG93IHNvbWUgdmlzdWFsIGZlZWRiYWNr IGF0IHRoZSBpbnN0YWxsIHNpdGUsIHNvIHRoYXQgdGhlIGVuZ2luZWVyIGtub3dzIHdoZXRoZXIg aGUgc2hvdWxkIHdhaXQgb3IgY2FuIGdvLiANCj4gW25vdGU6IHRoZXJlIG1heSBiZSBzZWN1cml0 eSByZWFzb25zIHRvIE5PVCBnaXZlIGEgcmVhc29uIGZvciByZWplY3Rpb24sIG5lZWQgdG8gdGhp bmsgbW9yZSBhYm91dCB0aGlzXQ0KDQpJIHRoaW5rIGhlcmUgd2UgbmVlZCB0byBwcm92aWRlIGlu Zm9ybWF0aW9uIGFib3V0IHdoYXQgaGFwcGVuZWQuIFRoaXMgaXMgd2h5IHM1LjQgZXhpc3RzIHRv IGhhdmUgdGhlIHBsZWRnZSBzZW5kIHRlbGVtZXRyeSBiYWNrIHRvIHRoZSBuZXR3b3JrIHRoYXQg YXR0ZW1wdGVkIGJvb3RzdHJhcHBpbmcuIA0KDQpCdXQgbm90ZSB0aGlzIGlzIGZyb20gdGhlIHBs ZWRnZSB0byB0aGUgZG9tYWluLiBUaGUgZGV2aWNlIGlzIGFzc3VtZWQgdG8gYmUgaGVhZGxlc3Mv emVyby10b3VjaCBldGMgc28gSSB3YXNu4oCZdCB0aGlua2luZyBpbiB0ZXJtcyBvZiBzZW5kaW5n IGVycm9yIG1lc3NhZ2VzIHRvIGl0LiBJ4oCZbSBvcGVuIHRvIGRvaW5nIHNvIHRob3VnaC4NCg0K PiAtIEkgZGlkbid0IHF1aXRlIGxpa2UgImltcHJpbnQiIGFzIGEgc3RhdGUgZWl0aGVyLiBUbyBt ZSwgdGhlIG5leHQgbG9naWNhbCBzdGF0ZSB3YXMgInZhbGlkYXRpb24iLiBzZWUgYXR0YWNoZWQg cHB0IGZvciBtb3JlIGRldGFpbHMuIEJ1dCBib3R0b20gbGluZSwgd2UgbmVlZCB0byByZWZsZWN0 IHRoZSAzICJwYXRocyIgdGhyb3VnaCB0aGUgYWxnb3JpdGhtIGhlcmUgYWdhaW4uIA0KDQoNCuKA nHZhbGlkYXRpb27igJ0gaXMgYSBmaW5lIHRoaW5nIHRvIGNhbGwgdGhhdCBzdGF0ZS4gDQoNCj4g DQo+IC0gQW5kIGZpbmFsbHksIEkgc3VnZ2VzdCB3ZSByZW5hbWUgImJlaW5nIG1hbmFnZWQiIHRv ICJlbnJvbGxlZCIuIFJlYXNvbiBpczogSSdtIGFsc28gZHJhd2luZyB1cCBhIGNvbXBsZXRlIHN0 YXRlIG1hY2hpbmUgZm9yIGFuIEFOSU1BIG5vZGUsIGFuZCB0aGVyZSBJIHRoaW5rIHRoZSBtYWlu ICJ0cmFuc2l0aW9uIHBvaW50cyIgYmV0d2VlbiBCUlNLSSBhbmQgQUNQIGlzIHdoZW4gdGhlIGRl dmljZSBpcyAiZW5yb2xsZWQiLiBUaHVzIEkgc3VnZ2VzdCB0byBjYWxsIHRoZSBmaW5hbCBzdGF0 ZSBpbiBCUlNLSSAiRW5yb2xsZWQiLCBhbmQgdGhlIGZpcnN0IG9uZSBpbiBBQ1AgdGhlIHNhbWUu IChCZXNpZGVzLCAiYmVpbmcgbWFuYWdlZCIgZG9lc24ndCBzb3VuZCByaWdodCB3aGVuIHdlJ3Jl IHRhbGtpbmcgYSBmdWxseSBhdXRvbm9taWMgZGV2aWNlLikNCg0KSSB0aGluayB0aGVyZSBpcyBh IGRpc3RpbmN0aW9uIGJldHdlZW4g4oCcb2J0YWluaW5nIGFuIGlkZW50aXR5IG9uIHRoZSBkb21h aW7igJ0gYW5kIOKAnHdoYXQgaSBkbyBhZnRlciBJIGhhdmUgYW4gaWRlbnRpdHkgdG8gYmUgZW5n YWdlZCB3aXRoIHRoZSBkb21haW7igJ0uIFNvIHRoZXJlIGFyZSB0d28gc3RhdGVzIGhlcmUuIEJ1 dCB5ZXMsIOKAnGJlaW5nIG1hbmFnZWTigJ0gY291bGQgYmUg4oCcb24gdGhlIGRvbWFpbuKAnSBv ciBzb21ldGhpbmcuIA0KDQo+IA0KPiBJbiB0aGUgYXR0YWNoZWQgcHB0IEkgbWFkZSB0aG9zZSBm ZXcgY2hhbmdlcywgYW5kIEkgbWFya2VkIHdpdGggYSByZWQgc3Rhciwgd2hlcmUgSSB0aGluayB3 ZSBuZWVkIG1vcmUgd29yayBiZWZvcmUgYW55IGxhc3QgY2FsbCwgYXBhcnQgZnJvbSB3aGF0ICBJ IGFscmVhZHkgbWVudGlvbmVkOiANCj4gDQo+IC0gd2UgbmVlZCB0byBzcGVjaWZ5IHByZWNpc2Vs eSB0aGUgZGlzY292ZXJ5IG1ldGhvZCwgd2l0aCBtRE5TIGZpZWxkIG5hbWVzLCBhbmQgb3RoZXIg ZGV0YWlscy4gSW4gbXkgaGVhZCB3ZSdyZSB1c2luZyBtRE5TIGhlcmUsIGFuZCBJICp0aGluayog d2UgYWdyZWVkIG9uIHRoYXQ/IA0KDQp5ZXMuIHdpdGggdW5kZXJzdGFuZGluZyB0aGF0IHRoZSBw cm94eSB0byByZWdpc3RyYXIgU0hPVUxEIGJlIGRpc2NvdmVyZWQgdXNpbmcgR1JBU1AgZm9yIEFD UCBkZXZpY2VzLiANCg0KPiBCdXQsIHdlJ2xsIG5lZWQgdGhlIHNhbWUgbWV0aG9kIGFsc28gZm9y IHRoZSBBQ1AgZHJhZnQ6IFdoZW4gYm90aCBub2RlcyBoYXZlIGEgY2VydGlmaWNhdGUsIHRoZXkg bmVlZCB0byBkaXNjb3ZlciBlYWNoIG90aGVyIGFzIHdlbGwuIA0KPiBJJ3ZlIGJlZW4gaGFnZ2xp bmcgd2l0aCBUb2VybGVzcyBhYm91dCB0aGlzIDotKSAgIEkgdGhpbmsgd2Ugc2hvdWxkIHRha2Ug dGhlIG1ETlMgaW5zZWN1cmUgZGlzY292ZXJ5IGludG8gYSBzZXBhcmF0ZSwgbmV3IGRyYWZ0Lg0K DQpJIGRvbuKAmXQgZm9sbG93LiBtRE5TIHNpbXBseSAqaXMqIGluc2VjdXJlLiBUaGlzIGlzIGlt cG9ydGFudCBzaW5jZSB3ZSBjYW7igJl0IGVzdGFibGlzaCBhIHNlY3VyZSBkaXNjb3ZlcnkgeWV0 LiANCg0KPiBUaGlzIGlzIGxpa2VseSB2ZXJ5IHNob3J0LCBCVVQ6IEkgdGhpbmsgaXQgZG9lc24n dCByZWFsbHkgYmVsb25nIGluIHRoZSBCUlNLSSBkcmFmdCAoc3BlY2lmaWNhbGx5IGlmIHdlIHVz ZSBCUlNLSSBhbHNvIGZvciBub24tQU5JTUEgZW52aXJvbm1lbnRzKSwgbmVpdGhlciBpbiB0aGUg QUNQIGRyYWZ0IChiZWNhdXNlIHdlIGFsc28gbmVlZCBpdCBpbiBCUlNLSSkuIEhhdmluZyBhIHNl cGFyYXRlIGRyYWZ0IHdvdWxkIGJlIHZlcnkgY2xlYW4uIEhvd2V2ZXIgSSB1bmRlcnN0YW5kICh3 aGVuIHB1c2hlZCBoYXJkKSB3ZSBtYXkgbm90IHdhbnQgdG8gZG8gdGhpcyBmb3IgYWRtaW4gcmVh c29ucy4gDQo+IEFsdGVybmF0aXZlbHksIHdlIHNwZWNpZnkgdGhlIGRpc2NvdmVyeSBpbiB0aGUg QUNQIGRyYWZ0LCBhbmQgQlJTS0kgcmVmZXJzIHRvIGl0LiBJIGxpa2UgdGhpcyBsZXNzLCBidXQg d2lsbCBub3Qgc2NyZWFtIG11cmRlciBpZiBvdGhlcnMgaW5zaXN0LiANCg0KSSB0aGluayBkaXNj b3Zlcnkgb2YgdGhlIHByb3h5IG11c3QgYmUgaW4gdGhpcyBkcmFmdC4gSeKAmW0gaGFwcHkgdG8g bW92ZSB0aGUgcHJveHnigJlzIGRpc2NvdmVyeSBvZiB0aGUgcmVnaXN0cmFyIHRvIGFub3RoZXIg ZHJhZnQgYnV0IEkgdGhpbmsgaXRzIG9rIHRvIHJlY29tbWVuZCBHUkFTUCBmb3IgdGhhdCBjb25u ZWN0aW9uIHNvIEkgZG9u4oCZdCBzZWUgYSBwcm9ibGVtIHdpdGggdGhhdC4gDQoNCi0gbWF4DQoN Cj4gDQo+IFNvIG11Y2ggZm9yIG5vdy4gU3RpbGwgb24gdGhlIGZ1bGwgcmV2aWV3LCBidXQgdGhp cyBpcyBwcmV0dHkgaGlnaCBsZXZlbCwgYW5kIHByZXR0eSBmdW5kYW1lbnRhbC4gSGFwcHkgdG8g aGVscCB3aXRoIHRleHQgYW5kL29yIEFTQ0lJIGFydCBpZiB3ZSBkZWNpZGUgdG8gdGFrZSBvbiBz b21lIG9mIHRoZXNlIHBvaW50cy4gDQo+IA0KPiBNaWNoYWVsDQo+IA0KPiANCj4gPGJyc2tpIHN0 YXRlIG1hY2hpbmUucHB0eD5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXw0KPiBBbmltYS1ib290c3RyYXAgbWFpbGluZyBsaXN0DQo+IEFuaW1hLWJvb3RzdHJh cEBpZXRmLm9yZw0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2FuaW1h LWJvb3RzdHJhcA0KDQo= From nobody Mon Oct 17 16:18:28 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D1D31299A6 for ; Mon, 17 Oct 2016 16:18:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WM3xtMxyiCz7 for ; Mon, 17 Oct 2016 16:18:24 -0700 (PDT) Received: from mail-pf0-x232.google.com (mail-pf0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAD1912957B for ; Mon, 17 Oct 2016 16:18:24 -0700 (PDT) Received: by mail-pf0-x232.google.com with SMTP id r16so60913834pfg.1 for ; Mon, 17 Oct 2016 16:18:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=WkPNnmuGI0bKUbFLQacSRKCCEwikO7h3wvq9FCm/7I8=; b=ddIZVRu4wMOGXNIrwihHDVfcr1Q+Wch1LIMbswuluH1Jz2/9JJGP96Q2pn8YIMFhVs 40/VtmHqbyQQZIb/y9f8AB77wrAx/J4F8GVVb9S/z1tG+10KEyQeZGwP1iPdr74c0bDL 3axLwfVnwxP74Yeq/nQur1cDwJp5H/U/9WSy2OcT1fM+nAcBIZKcfZeFRKUJwthBZ/CZ t/AZ/96Tbt1lMPFP+Ico/28QoSuRl7lavLZYYMWkxKxQo6ZvqLO34NzlVdlZLd8Vi5Wm 7p7djMt7uvutIwPcw33MlYrW2V/IIiobhdR894bRH31XS/mCSjofDbEfWkPegEDsUfNI 69vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=WkPNnmuGI0bKUbFLQacSRKCCEwikO7h3wvq9FCm/7I8=; b=IDNVihuXuVMwoWS25eXmPeyMyg6tQtjYbqKWq5TO9hIEZRMCNcLT8ucGItJxnQevJz +Jt95txvUjCBvfKFIFKNiwxANIDD4iY3T8mF692Lwa/lpW8VN/kv91jeUG3ydZIV+Yqg BGqBPO95b8RPQLp8wM5GUEiwwh02AqV7MEgapiZFQTgo527wwJL2gtlqYsdgtoye5e5/ cjrz8J5nodh03uWmlwnu67rXsVlIL6zl6IczHJg0yZdMcRihSm6E0DZQunU92CanSZmE bI20+6ZOaAK/ZRSI0WGJgFy4PWkh0YU1fyQ71o04lEkjYqCT1uPNhfuroEI0klpGzThZ 01IQ== X-Gm-Message-State: AA6/9Rl3CyDDnNUaVIHaYQ9xKDdFUuGdrKF6k89FQJ/AwNejPEzLDrddhNsZhSz+UvedpQ== X-Received: by 10.99.3.77 with SMTP id 74mr34278395pgd.174.1476746304326; Mon, 17 Oct 2016 16:18:24 -0700 (PDT) Received: from ?IPv6:2001:df0:0:2006:c0da:ac17:5f6d:8e76? ([2001:df0:0:2006:c0da:ac17:5f6d:8e76]) by smtp.gmail.com with ESMTPSA id qd12sm50657196pab.22.2016.10.17.16.18.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2016 16:18:23 -0700 (PDT) To: "Max Pritikin (pritikin)" , "Michael Behringer (mbehring)" References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> Date: Tue, 18 Oct 2016 12:18:21 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 23:18:27 -0000 On 18/10/2016 12:05, Max Pritikin (pritikin) wrote: =2E.. >> - I think we need to bring out more strongly that the state machine ne= eds to track peer and domain. Because, if there is a failure, the pledge = should, depending on the failure of course, not try the same domain again= , and probably not the same peer either. This isn't coming out today.=20 >> In fact, this is why I liked the "adjacency table" so much that I pres= ented in Berlin (and before): Because there you see much clearer that, if= enrolment fails with peer x, you may just move to the next one. As menti= oned it's all there, but to a new reader this won't come out clearly, I'm= afraid. >=20 > Yeah, I can see your point that this is buried in the text of 3.1.1 whe= re it is implied that there is a list of "services returned during each q= uery=E2=80=9D and in failure the list processing "picks up where it left = off=E2=80=9D but thats pretty subtle.=20 What exactly is the "peer" in the above text? I tend to assume it's the p= roxy. In that case it seems to me that the discovery process (whether it's mDNS= or GRASP) will discover all available proxies regardless of domain. And t= hen try them in some order of preference TBD. Also, all of this needs to work in the absence of an ACP and therefore of the ACP's adjacency table. That applies to GRASP too, because in order= to perform its various link-local actions, it needs to know which interfa= ces it has and which link-local addresses it has. And it learns of its link-l= ocal neighbors as a result of discovery. So while I fully appreciate the value= of the adjacency table, we need to be functional without it. Rgds Brian From nobody Tue Oct 18 00:33:46 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC875129585 for ; Tue, 18 Oct 2016 00:33:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bDnwK-6oUzU8 for ; Tue, 18 Oct 2016 00:33:43 -0700 (PDT) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2414D129583 for ; Tue, 18 Oct 2016 00:33:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3732; q=dns/txt; s=iport; t=1476776023; x=1477985623; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=Sgt0Ds64PBXPRYSfV9iuN+4gOAzkSG541fuYzbOA8Ag=; b=kuKJaPpA5C6ZFKWybhElvzxM9uP3RXmwmbJn6TDaVRl7sg97+YCzAg3G LIgTuJrZQ+ie+U/s/NAHHVwDPNg34cTd6Xo9X/WvuNZNSzPzbz9ZDluuv +UpL/CEhzFWG2jg30JYK/t4Fwe1lcHNkfi0pEG1trlDZNqe2jssYvY5qP k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BJAQBOzwVY/5xdJa1bFgMBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYM8AQEBAQEdV3wHjS2XBYdeikuCD4IIKIV6AhqBWDgUAQIBAQE?= =?us-ascii?q?BAQEBXieEYQEBAQMBIwQNSgcEAgEIEQQBAQECAiMDAgICHxEUAQgIAQEEARIIi?= =?us-ascii?q?DADDwgOtUyJCA2DVQEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQeFNoRVgkeCF4J?= =?us-ascii?q?tglsFmVE1AYx1gwePfIhlhBaDfwEeNlKCfhyBU3IBh1WBAAEBAQ?= X-IronPort-AV: E=Sophos;i="5.31,361,1473120000"; d="scan'208";a="336884907" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Oct 2016 07:33:42 +0000 Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id u9I7XgPJ028854 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 18 Oct 2016 07:33:42 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Oct 2016 02:33:41 -0500 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Tue, 18 Oct 2016 02:33:41 -0500 From: "Michael Behringer (mbehring)" To: Brian E Carpenter , "anima-bootstrap@ietf.org" Thread-Topic: [Anima-bootstrap] BRSKI State Machine Thread-Index: AdImIxW8sCw9I7ieQW++wlMDDTidqACtTISAAA1Wa6A= Date: Tue, 18 Oct 2016 07:33:41 +0000 Message-ID: <3a3639b521464ca8a7c3441b950973bc@XCH-RCD-006.cisco.com> References: <746b88a1-717a-8b2d-1ed1-84e4d2268926@gmail.com> In-Reply-To: <746b88a1-717a-8b2d-1ed1-84e4d2268926@gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.134] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Anima-bootstrap] BRSKI State Machine X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2016 07:33:45 -0000 PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBCcmlhbiBFIENhcnBlbnRlciBb bWFpbHRvOmJyaWFuLmUuY2FycGVudGVyQGdtYWlsLmNvbV0NCj4gU2VudDogMTcgT2N0b2JlciAy MDE2IDIxOjQxDQo+IFRvOiBNaWNoYWVsIEJlaHJpbmdlciAobWJlaHJpbmcpIDxtYmVocmluZ0Bj aXNjby5jb20+OyBhbmltYS0NCj4gYm9vdHN0cmFwQGlldGYub3JnDQo+IFN1YmplY3Q6IFJlOiBb QW5pbWEtYm9vdHN0cmFwXSBCUlNLSSBTdGF0ZSBNYWNoaW5lDQo+IA0KPiBIaSBNaWNoYWVsLA0K PiBPbiAxNS8xMC8yMDE2IDAzOjQyLCBNaWNoYWVsIEJlaHJpbmdlciAobWJlaHJpbmcpIHdyb3Rl Og0KPiAuLi4NCj4gPiAqIEZpcnN0IG9mIGFsbCwgb25lIHRoaW5nIGlzbid0IGNvbWluZyBvdXQg Y2xlYXJseSAoaXQncyB0aGVyZSwgYnV0IHNvbWVob3cgbm90DQo+IG9idmlvdXMgYXQgYWxsKTog V2UgaGF2ZSB0aHJlZSAicGF0aHMiIHRocm91Z2ggdGhlIGFsZ29yaXRobSwgYW5kIGl0IGlzIHRo ZQ0KPiAqcGxlZGdlKiB0aGF0IGhhcyAiaGFyZCBjb2RlZCIgd2hpY2ggcGF0aHMgd2UncmUgdGFr aW5nOg0KPiA+DQo+ID4gMSkgam9pbiBhbnkgZG9tYWluIChmaXJzdCBjb21lIGZpcnN0IGpvaW4p DQo+ID4gICAgLS0+IE5vIE1BU0EgcmVxdWlyZWQNCj4gPiAyKSByZXF1aXJlIGF1ZGl0IHRva2Vu DQo+ID4gICAgLS0+IE1BU0EgcmVxdWlyZWQsIGF1ZGl0IG1vZGUNCj4gPiAzKSByZXF1aXJlIGF1 dGhlbnRpY2F0aW9uIHRva2VuDQo+ID4gICAgLS0+IE1BU0EgcmVxdWlyZWQsIG93bmVyc2hpcCB0 cmFja2luZyBtb2RlDQo+ID4NCj4gPiBbSSByZWFsbHkgaG9wZSB3ZSBhZ3JlZSBvbiB0aGF0ISEh XQ0KPiANCj4gV2hhdCBhYm91dCB0aGUgYWlyIGdhcCBjYXNlIChubyBleHRlcm5hbCBpbnRlcmFj dGlvbiBhbGxvd2VkLCBieSBzaXRlIHBvbGljeSk/DQo+IFdvdWxkIHRoZXJlIGJlIGEgc2ltdWxh dGVkIE1BU0EgaW4gdGhhdCBjYXNlPyBJbiBhbnkgY2FzZSwgdGhhdCBpcyBub3QgYQ0KPiBjaG9p Y2UgdGhhdCB0aGUgcGxlZGdlIGNhbiBtYWtlLg0KDQpXZWxsLCBpZiB5b3UgY2FuJ3QgaGF2ZSBl eHRlcm5hbCBjb21tdW5pY2F0aW9ucywgeW91IGhhdmUgdHdvIG9wdGlvbnM6IA0KMSkgY2FzZSAx IGFib3ZlLiBSZWdpc3RyYXIgYW5kIENBIGFyZSBsb2NhbCB3aXRoaW4gdGhlIGFpcmdhcCB6b25l LCBhbGwgd29ya3MuIFdpdGggdGhlIHNlY3VyaXR5IGNhdmVhdHMgdGhhdCBNYXggbWFrZXMuIA0K MikgY2FzZSAzIHdoZXJlIHRoZSBNQVNBIG93bmVyc2hpcCB2b3VjaGVycyBhcmUgY3JlYXRlZCB1 cCBmcm9udCwgcHV0IG9uIGEgQ0QgUk9NLCBhbmQgc2VuZCBpbnRvIHRoZSBhaXJnYXAgem9uZS4g DQogDQpZb3VyIHBvaW50IGlzIHByb2JhYmx5OiBXZSBzaG91bGQgZXhwbGFpbiB0aGF0LiBBbmQs IEkgdGhpbmsgeW91J3JlIHJpZ2h0ISBTb3VuZHMgbGlrZSB1c2VzIGNhc2VzIG9mIEJSU0tJLiBN YXliZSBhcHBlbmRpY2VzPyANCg0KPiAuLi4NCj4gPiAtIHdlIG5lZWQgdG8gc3BlY2lmeSBwcmVj aXNlbHkgdGhlIGRpc2NvdmVyeSBtZXRob2QsIHdpdGggbUROUyBmaWVsZA0KPiBuYW1lcywgYW5k IG90aGVyIGRldGFpbHMuIEluIG15IGhlYWQgd2UncmUgdXNpbmcgbUROUyBoZXJlLCBhbmQgSSAq dGhpbmsqDQo+IHdlIGFncmVlZCBvbiB0aGF0Pw0KPiANCj4gTm8sIEkgdGhpbmsgd2UgYWdyZWVk IG9uIHN1cHBvcnRpbmcgYm90aCBtRE5TIG9yIEdSQVNQIGRpc2NvdmVyeTsgaXQgaXMgb2YNCj4g Y291cnNlIHRoZSBsYXR0ZXIgaGF0IEkndmUgbW9kZWxsZWQuIFdlIGhhdmUgbm8gbmVlZCBvZiBt RE5TIGZvciBHUkFTUC0NCj4gY2FwYWJsZSBub2RlcywgYnV0IHdlIG11c3Qgc3VwcG9ydCBtRE5T IGJldHdlZW4gdGhlIHByb3h5IGFuZCBhIG5vbi0NCj4gR1JBU1AtY2FwYWJsZSBwbGVkZ2UuIEkn dmUgZ290IG5vIG9iamVjdGlvbiB0byBhbHNvIHNwZWNpZnlpbmcgbUROUw0KPiBiZXR3ZWVuIHRo ZSBwcm94eSBhbmQgdGhlIHJlZ2lzdHJhciwgYnV0IEkgdGhpbmsgaXQncyByZWR1bmRhbnQuDQoN ClNpZ2guIEknbSBhIGJpdCBsb3N0IG9uIHdoYXQgd2UgZGVjaWRlZCwgdG8gYmUgaG9uZXN0Li4u IElzIHRoYXQgd3JpdHRlbiBkb3duIHNvbWV3aGVyZT8gV2UgbmVlZCB0byBuYWlsIGRvd24gZGlz Y292ZXJ5IGluIHR3byBwbGFjZXM6IA0KDQpCUlNLSTogUGxlZGdlIG5lZWRzIHRvIGZpbmQgcHJv eHkuIA0KMy4xLjEgaXMgdGhlIHBsYWNlIGluIHRoZSBCUlNLSSBkb2Mgd2hlcmUgZGlzY292ZXJ5 IGlzIHNwZWNpZmllZCwgYW5kIGl0IGNsZWFybHkgZG9lcyBOT1Qgc2F5IHdoYXQgeW91IHNhaWQg YWJvdmUgOi0pIA0KQUNQOiBvbmUgQU5JTUEgbm9kZSBuZWVkcyB0byBmaW5kIG90aGVyIEFOSU1B IG5vZGVzLiANCjUuMiBzcGVjaWZpZXMgbUROUyB0b2RheS4gDQoNCldlIHJlYWxseSBuZWVkIHRv IHN0YXJ0IG5haWxpbmcgdGhpcyBkb3duISANCg0KTWljaGFlbA0KDQo+IEluZGVlZCB0aGUgZGV0 YWlscyBoYXZlIHRvIGJlIHNwZWNpZmllZDsgSSBoYXZlbid0IGZvcm1hbGx5IHdyaXR0ZW4gdGhl bSB1cA0KPiBmb3IgdGhlIEdSQVNQIG1ldGhvZHMgYnV0IHRoZXkgYXJlIGVtYmVkZGVkIGluIG15 IFB5dGhvbiBjb2RlLg0KPiAoQWdhaW4sIGh0dHBzOi8vd3d3LmNzLmF1Y2tsYW5kLmFjLm56L35i cmlhbi9ncmFzcHkvYnJza2kvKQ0KPiANCj4gUmdkcw0KPiAgICAgQnJpYW4NCg== From nobody Tue Oct 18 00:51:49 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7149B129597 for ; Tue, 18 Oct 2016 00:51:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HH2sbKlUyHQT for ; Tue, 18 Oct 2016 00:51:46 -0700 (PDT) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5690312959D for ; Tue, 18 Oct 2016 00:51:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15298; q=dns/txt; s=iport; t=1476777106; x=1477986706; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=MoQUY2qxfcohc65++P0V45eLN3MaT4EolqWahCrJ29o=; b=dwYfS5QARQdqnNkiPWgdqNjeFisrAQEuD5LMDR31Gx7VfuanMOB5ai4W hPKru0DybySRK+6511W3FAjSHO8xOgnVlhfaqsOTwWA3sy+OPmFjj4jq8 Mi9g9cwVOe6BlNJLfrVxtW7YWM5pGhrBXqBaAalB7tJhTYH7aJzWObAqr Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A3AQDI0wVY/5JdJa1SCRkBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYM8AQEBAQEdV20PB40tlwWUOIIIHQuFegIagVk4FAECAQEBAQE?= =?us-ascii?q?BAV4nhGEBAQEDAQEBASAEDToLDAQCAQgRBAEBAQICJgICAiULFQgIAQEEDgUIE?= =?us-ascii?q?YgxCA61TIxqAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBB4U2g1CBBYQYCBGDGoJ?= =?us-ascii?q?bBYhLAocuhDCFWwGPfI98jHuDfwEeNlKEbXKGJwIkBAOBAoEAAQEB?= X-IronPort-AV: E=Sophos;i="5.31,361,1473120000"; d="scan'208";a="335182425" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Oct 2016 07:51:45 +0000 Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u9I7pjpR004552 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Tue, 18 Oct 2016 07:51:45 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Oct 2016 02:51:44 -0500 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Tue, 18 Oct 2016 02:51:44 -0500 From: "Michael Behringer (mbehring)" To: "Max Pritikin (pritikin)" Thread-Topic: [Anima-bootstrap] BRSKI State Machine Thread-Index: AdImIxW8sCw9I7ieQW++wlMDDTidqAC0b9kAAAZTtiA= Date: Tue, 18 Oct 2016 07:51:44 +0000 Message-ID: <60b5e9e82e224cbba4e6363076d2dbc5@XCH-RCD-006.cisco.com> References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> In-Reply-To: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.134] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] BRSKI State Machine X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2016 07:51:48 -0000 DQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogTWF4IFByaXRpa2luIChw cml0aWtpbikNCj4gU2VudDogMTggT2N0b2JlciAyMDE2IDAxOjA1DQo+IFRvOiBNaWNoYWVsIEJl aHJpbmdlciAobWJlaHJpbmcpIDxtYmVocmluZ0BjaXNjby5jb20+DQo+IENjOiBhbmltYS1ib290 c3RyYXBAaWV0Zi5vcmcNCj4gU3ViamVjdDogUmU6IFtBbmltYS1ib290c3RyYXBdIEJSU0tJIFN0 YXRlIE1hY2hpbmUNCj4gDQo+IFRoYW5rcyBmb3IgdGhlIGRldGFpbGVkIHJldmlldyBub3RlcyEg VGhleSBhcmUgbXVjaCBhcHByZWNpYXRlZCBhbmQgdmVyeQ0KPiB0aW1lbHkuIEnigJlsbCBiZSBz cGVuZGluZyB0aW1lIHRoaXMgd2VlayBhZGRyZXNzaW5nIHRoZW0uDQo+IA0KPiBSZXNwb25kaW5n IHRvIHRoZSBoaWdoZXIgbGV2ZWwgZGlzY3Vzc2lvbiBpbmxpbmUsDQo+IA0KPiA+IE9uIE9jdCAx NCwgMjAxNiwgYXQgODo0MiBBTSwgTWljaGFlbCBCZWhyaW5nZXIgKG1iZWhyaW5nKQ0KPiA8bWJl aHJpbmdAY2lzY28uY29tPiB3cm90ZToNCj4gPg0KPiA+IEhpIEZvbGtzLA0KPiA+DQo+ID4gWW91 IGtub3cgdGhhdCBJJ20gZG9pbmcgYSBjb21wbGV0ZSB0aG9yb3VnaCB0b3AtdG8tYm90dG9tIHJl dmlldyBvbg0KPiA+IHRoZSBicnNraSBkcmFmdCwgYnV0IEknbSBvbmx5IGhhbGYtd2F5IHRocm91 Z2ggcmlnaHQgbm93LiAoWWVzLCBJJ20NCj4gPiB0YWtpbmcgaXQgc2VyaW91c2x5IDstKQ0KPiA+ DQo+ID4gSSdtIGJyaW5naW5nIGZvcndhcmQgaGVyZSBhIHNpbmdsZSB0b3BpYyB0aGF0IEkgdGhp bmsgaXMgZmFpcmx5IGltcG9ydGFudCwgc28NCj4gdGhhdCB3ZSBjYW4gc3RhcnQgZGlzY3Vzc2lv biBhYm91dCB0aGF0LiBBbmQgdGhhdCBpcyB0aGUgc3RhdGUgbWFjaGluZS4gTXkNCj4gaGlnaC1s ZXZlbCBvYnNlcnZhdGlvbiBpcyB0aGF0IEkgdGhpbmsgdGhlIGRyYWZ0IGlzbid0IHByZWNpc2Ug ZW5vdWdoIHlldCB0bw0KPiBhbGxvdyBmb3IgaW5kZXBlbmRlbnQsIGludGVyb3BlcmFibGUgaW1w bGVtZW50YXRpb25zLiBUaGVyZSBhcmUgdG9vIG1hbnkNCj4gImxvc2UgZW5kcyIuDQo+ID4NCj4g PiBTbywgSSBzdGFydGVkIGxvb2tpbmcgdGhyb3VnaCB0aGUgc3RhdGUgbWFjaGluZSAoZmlndXJl IDMpLCBhbmQgdGhvdWdodCB0aGlzDQo+IHRocm91Z2ggaW4gbW9yZSBkZXRhaWwuDQo+ID4NCj4g PiAqIEZpcnN0IG9mIGFsbCwgb25lIHRoaW5nIGlzbid0IGNvbWluZyBvdXQgY2xlYXJseSAoaXQn cyB0aGVyZSwgYnV0IHNvbWVob3cgbm90DQo+IG9idmlvdXMgYXQgYWxsKTogV2UgaGF2ZSB0aHJl ZSAicGF0aHMiIHRocm91Z2ggdGhlIGFsZ29yaXRobSwgYW5kIGl0IGlzIHRoZQ0KPiAqcGxlZGdl KiB0aGF0IGhhcyAiaGFyZCBjb2RlZCIgd2hpY2ggcGF0aHMgd2UncmUgdGFraW5nOg0KPiA+DQo+ ID4gMSkgam9pbiBhbnkgZG9tYWluIChmaXJzdCBjb21lIGZpcnN0IGpvaW4pDQo+ID4gICAtLT4g Tm8gTUFTQSByZXF1aXJlZA0KPiANCj4gRm9yIHRoZSByZWNvcmQ6IEkgY29uc2lkZXIgdGhpcyBh IHNlY3VyaXR5IHZ1bG5lcmFiaWxpdHkgYnV0IGFjY2VwdCB0aGF0IGl0IHdpbGwNCj4gdGFrZSBh IG51bWJlciBvZiBoaWdoIHByb2ZpbGUgYXR0YWNrcyBiZWZvcmUgZm9sa3MgY29tZSBhcm91bmQg dG8gYWdyZWVpbmcNCj4gd2l0aCBtZS4gOykgSSByZWNvbW1lbmQgYWdhaW5zdCB0aGlzLg0KPiAN Cj4gPiAyKSByZXF1aXJlIGF1ZGl0IHRva2VuDQo+ID4gICAtLT4gTUFTQSByZXF1aXJlZCwgYXVk aXQgbW9kZQ0KPiA+IDMpIHJlcXVpcmUgYXV0aGVudGljYXRpb24gdG9rZW4NCj4gPiAgIC0tPiBN QVNBIHJlcXVpcmVkLCBvd25lcnNoaXAgdHJhY2tpbmcgbW9kZQ0KPiA+DQo+ID4gW0kgcmVhbGx5 IGhvcGUgd2UgYWdyZWUgb24gdGhhdCEhIV0NCj4gDQo+IEFncmVlZC4NCj4gDQo+IFdoZXJlICMy IGFuZCAjMyBjb3VsZCBiZSBzZWVuIGFzIGEgc2luZ2xlIHBhdGggd2l0aCBzbGlnaHRseSBkaWZm ZXJlbnQNCj4gaW5mb3JtYXRpb24gaW4gdGhlIG1lc3NhZ2UgZnJvbSB0aGUgTUFTQSBzZXJ2ZXI7 IGJ1dCB3ZeKAmWQgYmUgcXVpY2tseSBiZQ0KPiBpbnRvIHRoZSB3ZWVkcyBvZiB0aGUgbXNnIGZv cm1hdCBpZiB3ZSBnZXQgaW50byB0aGF0IGhlcmUuDQoNClNvIHRoaXMgZGlzY3Vzc2lvbiBpcyBp bXBvcnRhbnQgdG8gZ2V0IHJpZ2h0IGJlZm9yZSB3ZSBnbyB0byBsYXN0IGNhbGwgb24gdGhpcyBk b2N1bWVudHMsIHNpbmNlIGEgbG90IG9mIHRoZSBkZXRhaWxzIGRlcGVuZCBvbiB0aG9zZSBoaWdo IGxldmVsIGNob2ljZXMuIEkgc3VnZ2VzdCB3ZSB0cnkgdG8gZ2V0IGNvbnNlbnN1cyBvbiBob3cg dG8gZGVhbCB3aXRoIHRob3NlIDMgY2FzZXMgYXNhcC4gDQoNCkkgYWdyZWUgd2l0aCB5b3VyIG9i c2VydmF0aW9uIG9uIDEuIFdlIGhhdmUgdG8gbWFrZSBhIGNvbnNjaW91cyBjaG9pY2UgYmV0d2Vl biBhKSBiZWluZyBsZXNzIHNlY3VyZSBidXQgcXVpY2tseSBkZXBsb3lhYmxlLCBvciBiKSBiZWlu ZyBtb3JlIHNlY3VyZSBidXQgcmVxdWlyaW5nIG1vcmUgdmVuZG9yIHN1cHBvcnQgYmVmb3JlIGJl aW5nIGFibGUgdG8gImZseSIuIE15IHBvaW50IGlzLCB3ZSdyZSBub3QgcmVhbGx5IG1ha2luZyB0 aGlzIGNob2ljZSB0b2RheTsgd2hpbGUgd2Ugc29ydCBvZiB0cnkgdG8gZGl2ZXJ0IGZyb20gMSkg d2UgcmVhbGx5IGFsbG93IGV2ZXJ5dGhpbmcuIElmIHdlIHJlYWxseSB3YW50IHRvIGRpc2FsbG93 IG9wdGlvbiAxLCB3ZSBzaG91bGQgc2F5IHNvLiBJZiBub3QsIG15IGZlZWxpbmcgaXMgYWZ0ZXIg cmVhZGluZyB0aGUgd2hvbGUgdGhpbmc6IHdlIE1VU1QgZXhwbGFpbiBhbGwgb3B0aW9ucyB2ZXJ5 IGNsZWFybHkgaW4gcGFyYWxsZWwsIGVsc2UgdGhlcmUgYXJlIHRvbyBtYW55IHZhcmlhbnRzIGFu ZCBsb29zZSBlbmRzLiANCg0KSSdtIG5vdCBzdXJlIHdlIGNhbiBjb21iaW5lIDIgYW5kIDMgaW50 byBhIHNpbmdsZSBjYXNlLCBhbHRob3VnaCBpdCB3b3VsZCBiZSBkZXNpcmFibGUgb2YgY291cnNl LiANCg0KSW4gMikgdGhlIHBsZWRnZSBNVVNUIGNyZWF0ZSBhbmQgc2VuZCBhIG5vbmNlICh0aGlz IGlzIGV4cGxhaW5lZCBpbiA1LjEpLiBZb3UgY2Fubm90IGF1ZGl0IHdpdGhvdXQgYSBub25jZS4g RnJlc2huZXNzIGlzIGEgTVVTVCBmb3IgYXVkaXQgZXZlbnRzLiANCkluIDMpIHRoZSBub25jZSBp cyBvcHRpb25hbC4gQW5kIHdlIGhhdmUgYSBkZXBsb3ltZW50IG1vZGVsIHdoZXJlIHdlIHJlcXVl c3QgYWxsIGF1dGhvcml6YXRpb24gdG9rZW5zIHVwIGZyb250IChwb3RlbnRpYWxseSBhdCB0aW1l IG9mIHB1cmNoYXNlKSwgc28gdGhpcyB3aWxsIGJlIHVzZWQuIEFuZCBpdCBpcyB0aGUgcGxlZGdl IHdobyBkZWNpZGVzIHdoZXRoZXIgdG8gc2VuZCBhIG5vbmNlIG9yIG5vdCwgYW5kIGlmIGl0IGRv ZXMsIHRoZSByZXNwb25zZSBNVVNUIGJlIGZyZXNoLiAoY29ycmVjdCBtZSBpZiBJJ20gd3Jvbmcp LiBTbywgcmVhbGx5LCB3ZSBhY3R1YWxseSBldmVuIGhhdmUgY2FzZSAzYSkgYW5kIDNiKSwgYW5k IHdlIE1VU1QgZXhwbGFpbiB0aGF0IGluIHRoZSAiYmVoYXZpb3VyIG9mIGEgbmV3IGRldmljZSIu IFdlIG5lZWQgdG8gYmUgdmVyeSBjbGVhciBhbmQgZXhwbGljaXQuLi4gDQoNClRoZXJlZm9yZSwg SSB0aGluaywgd2UgcHJvYmFibHkgbXVzdCBzZXBhcmF0ZSBib3RoIGNhc2VzIGluIHRoZSBkcmFm dC4uLi4gTmVlZCB0byB0aGluayBtb3JlLiBJdCB3b3VsZCBiZSBHUkVBVCBpZiB3ZSBjb3VsZCBj b21iaW5lIHRoZW0sIGFzIHlvdSBzdWdnZXN0ZWQuLi4gDQoNCj4gPiBUaGlzIG5lZWRzIHRvIGNv bWUgb3V0IG11Y2ggbW9yZSBjbGVhcmx5LiBTaG91bGQgdGhpcyAiaGFyZCBjb2RlZCINCj4gPiBi ZWhhdmlvdXIgYmUgY2hhbmdlYWJsZSB1bmRlciBjZXJ0YWluIGNvbmRpdGlvbnM/IChEb24ndCB0 aGluayBzbywNCj4gPiBidXQuLi4pIFRoZSBrbmVlLWplcmsgcmVhY3Rpb24gd291bGQgYmUgdG8g cHV0IHRoaXMgdW5kZXIgMy4xLCBidXQgSQ0KPiA+IHRoaW5rIGl0J3MgbW9yZSBpbXBvcnRhbnQg dGhhbiB0aGF0ISBJdCBzaG91bGQgYmUgZXhwbGFpbmVkIHZlcnkNCj4gPiBlYXJseSwgc29tZXdo ZXJlIGluIDEpLCBtYXliZSBpbiAgMS4yLiBIYXBweSB0byB3cml0ZSB1cCBzb21lIHRleHQgaWYN Cj4gPiB0aGUgdGVhbSB3YW50cyBtZSB0byAoYW5kIGlmIHdlIGFncmVlIDstKQ0KPiA+DQo+ID4g KiBXaGVuIHlvdSB0cnkgdG8gZG8gYSBzdGF0ZSBtYWNoaW5lIHdpdGggZmlndXJlIDMsIHRoZXJl IGFyZSBhIGZldyB0aGluZ3MNCj4gdGhhdCBkb24ndCBxdWl0ZSBnZWwuIE1haW4gcG9pbnRzIGFy ZToNCj4gPg0KPiA+IC0gIklkZW50aXR5IiBpc24ndCByZWFsbHkgYSBzdGF0ZSBpbiBpdHNlbGYu IEkgd291bGQgYXJndWUgYSBwbGVkZ2UgVVNFUyBpdHMNCj4gaWRlbnRpdHkgaW4gdGhlIG5leHQg c3RlcC4NCj4gDQo+IEZyb20gYSBwcm90b2NvbCBwZXJzcGVjdGl2ZSB0aGUgcGxlZGdlIGNvbXBs ZXRlcyBhdXRoZW50aWNhdGlvbiBhcyBwYXJ0IG9mDQo+IHRoZSBUTFMgaGFuZHNoYWtlIGFuZCBv bmx5IGFmdGVyIHRoYXQgaXMgY29tcGxldGUgZG9lcyBpdCDigJhyZXF1ZXN0IGpvaW7igJkuIFNv IEkNCj4gY2FsbGVkIHRoZXNlIGRpc3RpbmN0IHN0YXRlcy4gSSBkb27igJl0IGZlZWwgc3Ryb25n bHkgYWJvdXQgaXQgdGhvdWdoIGFuZCBhbSBvcGVuDQo+IHRvIGNvbWJpbmluZyB0aGVzZSBzdGF0 ZXMuDQoNCkJ1dCBpdCBpcyBhIHNpbmdsZSBUTFMgY29ubmVjdGlvbj8gKEknbSBub3QgeWV0IGVu dGlyZWx5IGNsZWFyIG9uIHRoZSBsYXRlc3QgcHJvdG9jb2wgZGlzY3Vzc2lvbnMpDQoNCkkgdGhp bms6IElmIHdlIHJlYWxseSBoYXZlIHR3byBzZXBhcmF0ZSBUTFMgY29ubmVjdGlvbnMsIHRoZW4g d2UgY2FuIHNwbGl0OyBidXQgaWYgaXQncyBqdXN0IGRpZmZlcmVudCB0cmFuc2FjdGlvbnMgd2l0 aGluIGEgc2luZ2xlIFRMUyBjb25uZWN0aW9uLCBJIHdvdWxkIGNhbGwgaXQgb25lIHN0YXRlLiAN Cg0KPiA+IC0gSSB0aGluayB3ZSBuZWVkIHRvIGJyaW5nIG91dCBtb3JlIHN0cm9uZ2x5IHRoYXQg dGhlIHN0YXRlIG1hY2hpbmUgbmVlZHMNCj4gdG8gdHJhY2sgcGVlciBhbmQgZG9tYWluLiBCZWNh dXNlLCBpZiB0aGVyZSBpcyBhIGZhaWx1cmUsIHRoZSBwbGVkZ2Ugc2hvdWxkLA0KPiBkZXBlbmRp bmcgb24gdGhlIGZhaWx1cmUgb2YgY291cnNlLCBub3QgdHJ5IHRoZSBzYW1lIGRvbWFpbiBhZ2Fp biwgYW5kDQo+IHByb2JhYmx5IG5vdCB0aGUgc2FtZSBwZWVyIGVpdGhlci4gVGhpcyBpc24ndCBj b21pbmcgb3V0IHRvZGF5Lg0KPiA+IEluIGZhY3QsIHRoaXMgaXMgd2h5IEkgbGlrZWQgdGhlICJh ZGphY2VuY3kgdGFibGUiIHNvIG11Y2ggdGhhdCBJIHByZXNlbnRlZCBpbg0KPiBCZXJsaW4gKGFu ZCBiZWZvcmUpOiBCZWNhdXNlIHRoZXJlIHlvdSBzZWUgbXVjaCBjbGVhcmVyIHRoYXQsIGlmIGVu cm9sbWVudA0KPiBmYWlscyB3aXRoIHBlZXIgeCwgeW91IG1heSBqdXN0IG1vdmUgdG8gdGhlIG5l eHQgb25lLiBBcyBtZW50aW9uZWQgaXQncyBhbGwNCj4gdGhlcmUsIGJ1dCB0byBhIG5ldyByZWFk ZXIgdGhpcyB3b24ndCBjb21lIG91dCBjbGVhcmx5LCBJJ20gYWZyYWlkLg0KPiANCj4gWWVhaCwg SSBjYW4gc2VlIHlvdXIgcG9pbnQgdGhhdCB0aGlzIGlzIGJ1cmllZCBpbiB0aGUgdGV4dCBvZiAz LjEuMSB3aGVyZSBpdCBpcw0KPiBpbXBsaWVkIHRoYXQgdGhlcmUgaXMgYSBsaXN0IG9mICJzZXJ2 aWNlcyByZXR1cm5lZCBkdXJpbmcgZWFjaCBxdWVyeeKAnSBhbmQgaW4NCj4gZmFpbHVyZSB0aGUg bGlzdCBwcm9jZXNzaW5nICJwaWNrcyB1cCB3aGVyZSBpdCBsZWZ0IG9mZuKAnSBidXQgdGhhdHMg cHJldHR5IHN1YnRsZS4NCg0KWWVzLCBJIHRoaW5rIHdlIGNvdWxkIGJlIG1vcmUgZXhwbGljaXQ7 IGRpc2NvdmVyeSBmaW5kcyBhIHNldCBvZiBub2RlcyB3aXRoIGRpZmZlcmVudCBjaGFyYWN0ZXJp c3RpY3MsIGFuZCB3ZSBuZWVkIHRvIGV4cGxhaW4gaG93IHRvIG5hdmlnYXRlIHRocm91Z2ggdGhp cyBzZXQuIA0KDQo+ID4gLSBXZSBtYXkgd2FudCBhICJyZWFzb24gZm9yIHJlamVjdGlvbiIgaWYg dGhlIGRvbWFpbiByZWplY3RzIGEgZGV2aWNlIChmb3INCj4gYWxsIG5lZ2F0aXZlIGNhc2VzKS4g SW4gc29tZSBjYXNlLCBpdCBjb3VsZCBiZSBhICJ3YWl0IGEgbWludXRlLCBJJ20gY3VycmVudGx5 DQo+IG92ZXJsb2FkZWQiLCBpbiBvdGhlcnMgIndlIGRvbid0IGxpa2UgeW91IGluIHRoaXMgZG9t YWluIiwgb3IgInlvdXIgZW5yb2xtZW50DQo+IG1vZGUgKHNlZSBmaXJzdCBwb2ludCkgaXMgbm90 IGFjY2VwdGFibGUiLg0KPiA+IEluICJyZWFsIGxpZmUiIHRoaXMgd291bGQgYWxsb3cgc29tZSB2 aXN1YWwgZmVlZGJhY2sgYXQgdGhlIGluc3RhbGwgc2l0ZSwgc28gdGhhdA0KPiB0aGUgZW5naW5l ZXIga25vd3Mgd2hldGhlciBoZSBzaG91bGQgd2FpdCBvciBjYW4gZ28uDQo+ID4gW25vdGU6IHRo ZXJlIG1heSBiZSBzZWN1cml0eSByZWFzb25zIHRvIE5PVCBnaXZlIGEgcmVhc29uIGZvcg0KPiA+ IHJlamVjdGlvbiwgbmVlZCB0byB0aGluayBtb3JlIGFib3V0IHRoaXNdDQo+IA0KPiBJIHRoaW5r IGhlcmUgd2UgbmVlZCB0byBwcm92aWRlIGluZm9ybWF0aW9uIGFib3V0IHdoYXQgaGFwcGVuZWQu IFRoaXMgaXMNCj4gd2h5IHM1LjQgZXhpc3RzIHRvIGhhdmUgdGhlIHBsZWRnZSBzZW5kIHRlbGVt ZXRyeSBiYWNrIHRvIHRoZSBuZXR3b3JrIHRoYXQNCj4gYXR0ZW1wdGVkIGJvb3RzdHJhcHBpbmcu DQo+IA0KPiBCdXQgbm90ZSB0aGlzIGlzIGZyb20gdGhlIHBsZWRnZSB0byB0aGUgZG9tYWluLiBU aGUgZGV2aWNlIGlzIGFzc3VtZWQgdG8gYmUNCj4gaGVhZGxlc3MvemVyby10b3VjaCBldGMgc28g SSB3YXNu4oCZdCB0aGlua2luZyBpbiB0ZXJtcyBvZiBzZW5kaW5nIGVycm9yDQo+IG1lc3NhZ2Vz IHRvIGl0LiBJ4oCZbSBvcGVuIHRvIGRvaW5nIHNvIHRob3VnaC4NCg0KSW5kZWVkLiBJIHRoaW5r IHdlIGNhbiBwcm9iYWJseSBmaW5kIHNlY3VyaXR5IHJlYXNvbnMgd2h5IHdlIGRvbid0IHdhbnQg dG9vIG11Y2ggaW5mb3JtYXRpb24gYmFjayB0byB0aGUgcGxlZGdlLCBpZGVhbGx5IGp1c3QgeWVz L25vLiANCg0KSG93ZXZlciwgSSB0aGluayB0aGVyZSBhcmUgdGhyZWUgY2FzZXMgYW4gaW5zdGFs bGluZyBwZXJzb24gbmVlZHMgdG8gZGlzdGluZ3Vpc2g6IA0KZ3JlZW46IGRldmljZSBpcyBlbnJv bGxlZDsgeW91IGNhbiBnbyENCnJlZDogZGV2aWNlIHdhcyByZWplY3RlZDsgc3RpY2sgYSBiaWcg bGFiZWwgb24gdGhlIGRldmljZSAicmVqZWN0ZWQiIGFuZCBzZW5kIHRvIE5PQy4gVHJ5IGFub3Ro ZXIgZGV2aWNlLCBvciBnbyBob21lLiAgDQp5ZWxsb3c6IHRoZXJlIGlzIGEgdGVtcG9yYXJ5IGlz c3VlOyB3YWl0LiANCg0KQW5kIHdlIHNob3VsZCBhdCBsZWFzdCBwcm92aWRlIHRoYXQgbGV2ZWwg b2YgaW5mb3JtYXRpb24gYmFjayB0byB0aGUgcGxlZGdlLiANCg0KPiA+IC0gSSBkaWRuJ3QgcXVp dGUgbGlrZSAiaW1wcmludCIgYXMgYSBzdGF0ZSBlaXRoZXIuIFRvIG1lLCB0aGUgbmV4dCBsb2dp Y2FsIHN0YXRlDQo+IHdhcyAidmFsaWRhdGlvbiIuIHNlZSBhdHRhY2hlZCBwcHQgZm9yIG1vcmUg ZGV0YWlscy4gQnV0IGJvdHRvbSBsaW5lLCB3ZQ0KPiBuZWVkIHRvIHJlZmxlY3QgdGhlIDMgInBh dGhzIiB0aHJvdWdoIHRoZSBhbGdvcml0aG0gaGVyZSBhZ2Fpbi4NCj4gDQo+IA0KPiDigJx2YWxp ZGF0aW9u4oCdIGlzIGEgZmluZSB0aGluZyB0byBjYWxsIHRoYXQgc3RhdGUuDQo+IA0KPiA+DQo+ ID4gLSBBbmQgZmluYWxseSwgSSBzdWdnZXN0IHdlIHJlbmFtZSAiYmVpbmcgbWFuYWdlZCIgdG8g ImVucm9sbGVkIi4NCj4gPiBSZWFzb24gaXM6IEknbSBhbHNvIGRyYXdpbmcgdXAgYSBjb21wbGV0 ZSBzdGF0ZSBtYWNoaW5lIGZvciBhbiBBTklNQQ0KPiA+IG5vZGUsIGFuZCB0aGVyZSBJIHRoaW5r IHRoZSBtYWluICJ0cmFuc2l0aW9uIHBvaW50cyIgYmV0d2VlbiBCUlNLSSBhbmQNCj4gPiBBQ1Ag aXMgd2hlbiB0aGUgZGV2aWNlIGlzICJlbnJvbGxlZCIuIFRodXMgSSBzdWdnZXN0IHRvIGNhbGwg dGhlIGZpbmFsDQo+ID4gc3RhdGUgaW4gQlJTS0kgIkVucm9sbGVkIiwgYW5kIHRoZSBmaXJzdCBv bmUgaW4gQUNQIHRoZSBzYW1lLg0KPiA+IChCZXNpZGVzLCAiYmVpbmcgbWFuYWdlZCIgZG9lc24n dCBzb3VuZCByaWdodCB3aGVuIHdlJ3JlIHRhbGtpbmcgYQ0KPiA+IGZ1bGx5IGF1dG9ub21pYyBk ZXZpY2UuKQ0KPiANCj4gSSB0aGluayB0aGVyZSBpcyBhIGRpc3RpbmN0aW9uIGJldHdlZW4g4oCc b2J0YWluaW5nIGFuIGlkZW50aXR5IG9uIHRoZSBkb21haW7igJ0NCj4gYW5kIOKAnHdoYXQgaSBk byBhZnRlciBJIGhhdmUgYW4gaWRlbnRpdHkgdG8gYmUgZW5nYWdlZCB3aXRoIHRoZSBkb21haW7i gJ0uIFNvDQo+IHRoZXJlIGFyZSB0d28gc3RhdGVzIGhlcmUuIEJ1dCB5ZXMsIOKAnGJlaW5nIG1h bmFnZWTigJ0gY291bGQgYmUg4oCcb24gdGhlDQo+IGRvbWFpbuKAnSBvciBzb21ldGhpbmcuDQoN CkFncmVlLCBidXQgSSB0aGluayAid2hhdCBJIGRvIGFmdGVyIEkgaGF2ZSBhbiBpZGVudGl0eSIg aXMgb3V0IG9mIHNjb3BlIGZvciB0aGlzIGRvYy4gKHdlIGhhdmUgc29tZSBpbmZvcm1hbCBzZWN0 aW9uIG9uIHRoaXMsIDQuNSwgd2hpY2ggaXMgcHJvYmFibHkgdXNlZnVsKS4gDQoNCj4gPiBJbiB0 aGUgYXR0YWNoZWQgcHB0IEkgbWFkZSB0aG9zZSBmZXcgY2hhbmdlcywgYW5kIEkgbWFya2VkIHdp dGggYSByZWQNCj4gc3Rhciwgd2hlcmUgSSB0aGluayB3ZSBuZWVkIG1vcmUgd29yayBiZWZvcmUg YW55IGxhc3QgY2FsbCwgYXBhcnQgZnJvbSB3aGF0ICBJDQo+IGFscmVhZHkgbWVudGlvbmVkOg0K PiA+DQo+ID4gLSB3ZSBuZWVkIHRvIHNwZWNpZnkgcHJlY2lzZWx5IHRoZSBkaXNjb3ZlcnkgbWV0 aG9kLCB3aXRoIG1ETlMgZmllbGQNCj4gbmFtZXMsIGFuZCBvdGhlciBkZXRhaWxzLiBJbiBteSBo ZWFkIHdlJ3JlIHVzaW5nIG1ETlMgaGVyZSwgYW5kIEkgKnRoaW5rKg0KPiB3ZSBhZ3JlZWQgb24g dGhhdD8NCj4gDQo+IHllcy4gd2l0aCB1bmRlcnN0YW5kaW5nIHRoYXQgdGhlIHByb3h5IHRvIHJl Z2lzdHJhciBTSE9VTEQgYmUgZGlzY292ZXJlZA0KPiB1c2luZyBHUkFTUCBmb3IgQUNQIGRldmlj ZXMuDQoNCkFuZCB0aGF0IG5lZWRzIHRvIGJlIHdyaXR0ZW4gc29tZXdoZXJlIGluIEJSU0tJLCBh Z3JlZWQ/IFdlIG5lZWQgYSBzZWN0aW9uIG9uIGhvdyB0aGUgcHJveHkgZGlzY292ZXJzIGEgUmVn aXN0cmFyOyBSZWdpc3RyYXIgc2VsZWN0aW9uLCBldGMuIFNpZ2guLi4gTW9yZSB3b3JrIQ0KDQo+ ID4gQnV0LCB3ZSdsbCBuZWVkIHRoZSBzYW1lIG1ldGhvZCBhbHNvIGZvciB0aGUgQUNQIGRyYWZ0 OiBXaGVuIGJvdGggbm9kZXMNCj4gaGF2ZSBhIGNlcnRpZmljYXRlLCB0aGV5IG5lZWQgdG8gZGlz Y292ZXIgZWFjaCBvdGhlciBhcyB3ZWxsLg0KPiA+IEkndmUgYmVlbiBoYWdnbGluZyB3aXRoIFRv ZXJsZXNzIGFib3V0IHRoaXMgOi0pICAgSSB0aGluayB3ZSBzaG91bGQgdGFrZSB0aGUNCj4gbURO UyBpbnNlY3VyZSBkaXNjb3ZlcnkgaW50byBhIHNlcGFyYXRlLCBuZXcgZHJhZnQuDQo+IA0KPiBJ IGRvbuKAmXQgZm9sbG93LiBtRE5TIHNpbXBseSAqaXMqIGluc2VjdXJlLiBUaGlzIGlzIGltcG9y dGFudCBzaW5jZSB3ZSBjYW7igJl0DQo+IGVzdGFibGlzaCBhIHNlY3VyZSBkaXNjb3ZlcnkgeWV0 Lg0KDQpUaGF0IHdhc24ndCBteSBwb2ludDsgSSB3YW50ZWQgdG8gc2F5IHRoYXQgd2UgbmVlZCB0 byBzcGVjaWZ5IGV4YWN0bHkgd2hpY2ggZGlzY292ZXJ5IG1ldGhvZHMgYXJlIHVzZWQgaW4gQlJT S0kgYW5kIEFDUC4gIA0KDQo+ID4gVGhpcyBpcyBsaWtlbHkgdmVyeSBzaG9ydCwgQlVUOiBJIHRo aW5rIGl0IGRvZXNuJ3QgcmVhbGx5IGJlbG9uZyBpbiB0aGUgQlJTS0kNCj4gZHJhZnQgKHNwZWNp ZmljYWxseSBpZiB3ZSB1c2UgQlJTS0kgYWxzbyBmb3Igbm9uLUFOSU1BIGVudmlyb25tZW50cyks IG5laXRoZXINCj4gaW4gdGhlIEFDUCBkcmFmdCAoYmVjYXVzZSB3ZSBhbHNvIG5lZWQgaXQgaW4g QlJTS0kpLiBIYXZpbmcgYSBzZXBhcmF0ZSBkcmFmdA0KPiB3b3VsZCBiZSB2ZXJ5IGNsZWFuLiBI b3dldmVyIEkgdW5kZXJzdGFuZCAod2hlbiBwdXNoZWQgaGFyZCkgd2UgbWF5IG5vdA0KPiB3YW50 IHRvIGRvIHRoaXMgZm9yIGFkbWluIHJlYXNvbnMuDQo+ID4gQWx0ZXJuYXRpdmVseSwgd2Ugc3Bl Y2lmeSB0aGUgZGlzY292ZXJ5IGluIHRoZSBBQ1AgZHJhZnQsIGFuZCBCUlNLSSByZWZlcnMgdG8N Cj4gaXQuIEkgbGlrZSB0aGlzIGxlc3MsIGJ1dCB3aWxsIG5vdCBzY3JlYW0gbXVyZGVyIGlmIG90 aGVycyBpbnNpc3QuDQo+IA0KPiBJIHRoaW5rIGRpc2NvdmVyeSBvZiB0aGUgcHJveHkgbXVzdCBi ZSBpbiB0aGlzIGRyYWZ0LiBJ4oCZbSBoYXBweSB0byBtb3ZlIHRoZQ0KPiBwcm94eeKAmXMgZGlz Y292ZXJ5IG9mIHRoZSByZWdpc3RyYXIgdG8gYW5vdGhlciBkcmFmdCBidXQgSSB0aGluayBpdHMg b2sgdG8NCj4gcmVjb21tZW5kIEdSQVNQIGZvciB0aGF0IGNvbm5lY3Rpb24gc28gSSBkb27igJl0 IHNlZSBhIHByb2JsZW0gd2l0aCB0aGF0Lg0KDQpJIHN1Z2dlc3Qgd2UgbGVhdmUgdGhhdCBpbiB0 aGUgQlJTS0kgZHJhZnQuIA0KDQpUaGFua3MgZm9yIHlvdXIgcXVpY2sgcmVzcG9uc2UhIA0KTWlj aGFlbA0KDQo+IC0gbWF4DQo+IA0KPiA+DQo+ID4gU28gbXVjaCBmb3Igbm93LiBTdGlsbCBvbiB0 aGUgZnVsbCByZXZpZXcsIGJ1dCB0aGlzIGlzIHByZXR0eSBoaWdoIGxldmVsLCBhbmQNCj4gcHJl dHR5IGZ1bmRhbWVudGFsLiBIYXBweSB0byBoZWxwIHdpdGggdGV4dCBhbmQvb3IgQVNDSUkgYXJ0 IGlmIHdlIGRlY2lkZSB0bw0KPiB0YWtlIG9uIHNvbWUgb2YgdGhlc2UgcG9pbnRzLg0KPiA+DQo+ ID4gTWljaGFlbA0KPiA+DQo+ID4NCj4gPiA8YnJza2kgc3RhdGUNCj4gPg0KPiBtYWNoaW5lLnBw dHg+X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gPiBB bmltYS1ib290c3RyYXAgbWFpbGluZyBsaXN0DQo+ID4gQW5pbWEtYm9vdHN0cmFwQGlldGYub3Jn DQo+ID4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9hbmltYS1ib290c3Ry YXANCg0K From nobody Tue Oct 18 01:03:53 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E573D12945F for ; Tue, 18 Oct 2016 01:03:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08Z4PeFD_4fC for ; Tue, 18 Oct 2016 01:03:47 -0700 (PDT) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82C771293DA for ; Tue, 18 Oct 2016 01:03:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4446; q=dns/txt; s=iport; t=1476777827; x=1477987427; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=bTUwOSTGdxc6Crw5rfzHSYNA0VKlpSFq/sxmrrR51tY=; b=e+freVH8kLotJjf9zNXRdzMQL1Uk3LfF9X+UzjRxGuf9ONnO0GUjXm2H /FAqJN11ZqCUFYkFC1HoU0IU0/jK3fm5NQZk2VZ1VeDG521MLNfXxTPCs +ybL3bxBpqyL5tq81gYu/UxoD6jMhzJLRgGBxxUnChXz5jg9ctO1zELxD g=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BIAQCY1gVY/5xdJa1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgzwBAQEBAR2BUweNLZcFh16KS4IPggiGIgIagVk4FAECAQEBAQE?= =?us-ascii?q?BAV4nhGEBAQEDASMRRQUHBAIBCBEEAQEBAgIjAwICAh8RFAEICAIEAQ0FCIgwA?= =?us-ascii?q?w8ItVuJCA2DVQEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BB4U2hFWCR4IXgm2CWwW?= =?us-ascii?q?ZUTUBiS2DSIMHj3yIZYQWg38BHjZShG1yAYdVgQABAQE?= X-IronPort-AV: E=Sophos;i="5.31,361,1473120000"; d="scan'208";a="336893965" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Oct 2016 08:03:46 +0000 Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id u9I83kNM019187 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 18 Oct 2016 08:03:46 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Oct 2016 03:03:46 -0500 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Tue, 18 Oct 2016 03:03:46 -0500 From: "Michael Behringer (mbehring)" To: Brian E Carpenter , "Max Pritikin (pritikin)" Thread-Topic: peer and domain [was BRSKI State Machine] Thread-Index: AQHSKMzDH2EjrLtAb0y19VpfIxZoY6Ct13tA Date: Tue, 18 Oct 2016 08:03:46 +0000 Message-ID: <3d4d3f341c2f4975afe3879e92e78a50@XCH-RCD-006.cisco.com> References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> In-Reply-To: <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.134] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2016 08:03:52 -0000 PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBCcmlhbiBFIENhcnBlbnRlciBb bWFpbHRvOmJyaWFuLmUuY2FycGVudGVyQGdtYWlsLmNvbV0NCj4gU2VudDogMTggT2N0b2JlciAy MDE2IDAxOjE4DQo+IFRvOiBNYXggUHJpdGlraW4gKHByaXRpa2luKSA8cHJpdGlraW5AY2lzY28u Y29tPjsgTWljaGFlbCBCZWhyaW5nZXINCj4gKG1iZWhyaW5nKSA8bWJlaHJpbmdAY2lzY28uY29t Pg0KPiBDYzogYW5pbWEtYm9vdHN0cmFwQGlldGYub3JnDQo+IFN1YmplY3Q6IHBlZXIgYW5kIGRv bWFpbiBbd2FzIEJSU0tJIFN0YXRlIE1hY2hpbmVdDQo+IA0KPiANCj4gDQo+IE9uIDE4LzEwLzIw MTYgMTI6MDUsIE1heCBQcml0aWtpbiAocHJpdGlraW4pIHdyb3RlOg0KPiAuLi4NCj4gPj4gLSBJ IHRoaW5rIHdlIG5lZWQgdG8gYnJpbmcgb3V0IG1vcmUgc3Ryb25nbHkgdGhhdCB0aGUgc3RhdGUg bWFjaGluZSBuZWVkcw0KPiB0byB0cmFjayBwZWVyIGFuZCBkb21haW4uIEJlY2F1c2UsIGlmIHRo ZXJlIGlzIGEgZmFpbHVyZSwgdGhlIHBsZWRnZSBzaG91bGQsDQo+IGRlcGVuZGluZyBvbiB0aGUg ZmFpbHVyZSBvZiBjb3Vyc2UsIG5vdCB0cnkgdGhlIHNhbWUgZG9tYWluIGFnYWluLCBhbmQNCj4g cHJvYmFibHkgbm90IHRoZSBzYW1lIHBlZXIgZWl0aGVyLiBUaGlzIGlzbid0IGNvbWluZyBvdXQg dG9kYXkuDQo+ID4+IEluIGZhY3QsIHRoaXMgaXMgd2h5IEkgbGlrZWQgdGhlICJhZGphY2VuY3kg dGFibGUiIHNvIG11Y2ggdGhhdCBJIHByZXNlbnRlZCBpbg0KPiBCZXJsaW4gKGFuZCBiZWZvcmUp OiBCZWNhdXNlIHRoZXJlIHlvdSBzZWUgbXVjaCBjbGVhcmVyIHRoYXQsIGlmIGVucm9sbWVudA0K PiBmYWlscyB3aXRoIHBlZXIgeCwgeW91IG1heSBqdXN0IG1vdmUgdG8gdGhlIG5leHQgb25lLiBB cyBtZW50aW9uZWQgaXQncyBhbGwNCj4gdGhlcmUsIGJ1dCB0byBhIG5ldyByZWFkZXIgdGhpcyB3 b24ndCBjb21lIG91dCBjbGVhcmx5LCBJJ20gYWZyYWlkLg0KPiA+DQo+ID4gWWVhaCwgSSBjYW4g c2VlIHlvdXIgcG9pbnQgdGhhdCB0aGlzIGlzIGJ1cmllZCBpbiB0aGUgdGV4dCBvZiAzLjEuMSB3 aGVyZSBpdCBpcw0KPiBpbXBsaWVkIHRoYXQgdGhlcmUgaXMgYSBsaXN0IG9mICJzZXJ2aWNlcyBy ZXR1cm5lZCBkdXJpbmcgZWFjaCBxdWVyeeKAnSBhbmQgaW4NCj4gZmFpbHVyZSB0aGUgbGlzdCBw cm9jZXNzaW5nICJwaWNrcyB1cCB3aGVyZSBpdCBsZWZ0IG9mZuKAnSBidXQgdGhhdHMgcHJldHR5 IHN1YnRsZS4NCj4gDQo+IFdoYXQgZXhhY3RseSBpcyB0aGUgInBlZXIiIGluIHRoZSBhYm92ZSB0 ZXh0PyBJIHRlbmQgdG8gYXNzdW1lIGl0J3MgdGhlIHByb3h5Lg0KPiBJbiB0aGF0IGNhc2UgaXQg c2VlbXMgdG8gbWUgdGhhdCB0aGUgZGlzY292ZXJ5IHByb2Nlc3MgKHdoZXRoZXIgaXQncyBtRE5T IG9yDQo+IEdSQVNQKSB3aWxsIGRpc2NvdmVyIGFsbCBhdmFpbGFibGUgcHJveGllcyByZWdhcmRs ZXNzIG9mIGRvbWFpbi4gQW5kIHRoZW4gdHJ5DQo+IHRoZW0gaW4gc29tZSBvcmRlciBvZiBwcmVm ZXJlbmNlIFRCRC4NCg0KInBlZXIiIGlzIGFuIGVudHJ5IGluIHRoZSBhZGphY2VuY3kgdGFibGUu IFllcywgdGhlcmUgbWF5IGJlIHNldmVyYWwgb24gYW4gaW50ZXJmYWNlLCBvZiBzZXZlcmFsIGRp ZmZlcmVudCBkb21haW5zLiBUaGUgYWRqYWNlbmN5IHRhYmxlIGRpc2N1c3Npb24gdHJpZXMgdG8g Y2FwdHVyZSB0aGF0LiANCiANCj4gQWxzbywgYWxsIG9mIHRoaXMgbmVlZHMgdG8gd29yayBpbiB0 aGUgYWJzZW5jZSBvZiBhbiBBQ1AgYW5kIHRoZXJlZm9yZSBvZiB0aGUNCj4gQUNQJ3MgYWRqYWNl bmN5IHRhYmxlLiBUaGF0IGFwcGxpZXMgdG8gR1JBU1AgdG9vLCBiZWNhdXNlIGluIG9yZGVyIHRv DQo+IHBlcmZvcm0gaXRzIHZhcmlvdXMgbGluay1sb2NhbCBhY3Rpb25zLCBpdCBuZWVkcyB0byBr bm93IHdoaWNoIGludGVyZmFjZXMgaXQgaGFzDQo+IGFuZCB3aGljaCBsaW5rLWxvY2FsIGFkZHJl c3NlcyBpdCBoYXMuIEFuZCBpdCBsZWFybnMgb2YgaXRzIGxpbmstbG9jYWwgbmVpZ2hib3JzIGFz DQo+IGEgcmVzdWx0IG9mIGRpc2NvdmVyeS4gU28gd2hpbGUgSSBmdWxseSBhcHByZWNpYXRlIHRo ZSB2YWx1ZSBvZiB0aGUgYWRqYWNlbmN5DQo+IHRhYmxlLCB3ZSBuZWVkIHRvIGJlIGZ1bmN0aW9u YWwgd2l0aG91dCBpdC4NCg0KTm93IHdlJ3JlIGdldHRpbmcgaW50byBhIG11ZGRsZSB3aXRoIEFO SU1BIHZzIG5vbi1BTklNQSBtb2Rlcy4gKEFuZCB5b3UncmUgcmlnaHQgLSB0aGlzIGlzIGltcG9y dGFudCB0byBzb3J0IG91dCkuIExldCdzIHNlZSB3aGV0aGVyIHdlIGNhbiBzb3J0IHRoYXQuIA0K DQpVcCBmcm9udDogVGhpcyBpcyB0aGUgQU5JTUEgV0csIGFuZCB3ZSdyZSBwcmltYXJpbHkgZGVm aW5pbmcgdGhlIGJlaGF2aW91ciBvZiBhbiBBTklNQSBub2RlLiBUaGlzIGlzLCBJTU86DQoNCi0g VGhlcmUgaXMgYW4gYWRqYWNlbmN5IHRhYmxlLCB0aGF0IG9ic2VydmVzIHdoYXQgbm9kZXMgYXJl IHNlZW4gb24gZWFjaCBBTklNQS1jYXBhYmxlIGludGVyZmFjZS4gDQotIFRoaXMgdGFibGUgaXMg ZmVkIGJ5IGRpc2NvdmVyeSAocHJpbWFyaWx5KS4gDQotIERlcGVuZGluZyBvbiB0aGUgc3RhdGUg b2YgdGhlIG5vZGUsIGFuZCB0aGUgc3RhdGUgb2YgYW4gYWRqYWNlbnQgbm9kZSwgZGlmZmVyZW50 IHRoaW5ncyB3aWxsIGhhcHBlbi4gDQogIChzZWUgbXkgcHJlc2VudGF0aW9uIG9uIHRoZSByZWZl cmVuY2UgbW9kZWwsIGxhc3QgSUVURiAtIGFsbCBkZXNjcmliZWQgdGhlcmUpDQoNCkZvciBBTklN QSwgd2UgbmVlZCB0byBzZXR0bGUgb24gTVVTVCBkaXNjb3ZlcnkgbWV0aG9kcy4gDQpJbiBBTklN QSwgd2Ugd2lsbCBBTFdBWVMgYnVpbGQgYW4gQUNQIHRvIG90aGVyIG5vZGVzIG9mIHRoZSBzYW1l IGRvbWFpbi4gDQoNClRoZSBhZGphY2VuY3kgdGFibGUgbGlua3MgQlJTS0kgYW5kIEFDUCBhdXRv bWF0aWNhbGx5OiBPbmNlIEkgZGlzY292ZXIgYSBub2RlIHdoaWNoIGlzIGluIHRoZSBzYW1lIGRv bWFpbiwgSSBhdHRlbXB0IHRvIHNldCB1cCBhbiBBQ1AgY29ubmVjdGlvbiB3aXRoIHRoYXQgbm9k ZS4gDQoNCk91dHNpZGUgQU5JTUEsIEdSQVNQIGNhbiBiZSB1c2VkIGluIG1hbnkgb3RoZXIgd2F5 czsgQlJTS0kgY2FuIGJlIHVzZWQgdG8gZGVyaXZlIExEZXZJRHMgYW5kIG5vdGhpbmcgZWxzZS4g DQoNCkRvIHdlIGFncmVlPyANCk1pY2hhZWwNCg0KPiBSZ2RzDQo+ICAgICBCcmlhbg0KPiANCg0K From nobody Tue Oct 18 07:37:22 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9F28129663 for ; Tue, 18 Oct 2016 07:37:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnX_y1zhzmg4 for ; Tue, 18 Oct 2016 07:37:19 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 824E112966C for ; Tue, 18 Oct 2016 07:37:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2978; q=dns/txt; s=iport; t=1476801436; x=1478011036; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=0/mxw80MtutVJD995sUDVrz2yzQULHojnmAz/t2lmbs=; b=We6R79CB/rKdz5FGsdSXbs4QolqfrxO/2tbpxh+OFg1IbY7aOYF05n7K +i9LOD/mv4jE7mRsg4l2F6Q2/PXpTOgC8GBps1DYBsebswOLmib0CsWtf Ste7L5gS6ye6hZLwEEePD0iOJVuvRi1FwgOW5KeZ0M6x+1kh9t7UCyDa2 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CyAQC3MgZY/4ENJK1cGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgzwBAQEBAR2BUweNLZcFh16KS4IPggiGIgIagWY4FAECAQEBAQEBAV4?= =?us-ascii?q?nhGEBAQEDASMRRQULAgEIGAICJgICAh8RFRACBA4FiDgDDwi1eIkFDYNVAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBHYEHhzMIglCCR4IXgm0sgi8FmVE1AYktg0iDDo9?= =?us-ascii?q?1iGWEFoN/AR42UoRtcgGHVYEAAQEB?= X-IronPort-AV: E=Sophos;i="5.31,362,1473120000"; d="scan'208";a="163299237" Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Oct 2016 14:37:15 +0000 Received: from XCH-ALN-009.cisco.com (xch-aln-009.cisco.com [173.36.7.19]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id u9IEbFLX010258 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 18 Oct 2016 14:37:15 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-009.cisco.com (173.36.7.19) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Oct 2016 09:37:14 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Tue, 18 Oct 2016 09:37:14 -0500 From: "Max Pritikin (pritikin)" To: Brian E Carpenter Thread-Topic: peer and domain [was BRSKI State Machine] Thread-Index: AQHSKMzDVhUNHbdjR0OSbE5FP+t8tKCunHYA Date: Tue, 18 Oct 2016 14:37:14 +0000 Message-ID: <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> In-Reply-To: <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.9] Content-Type: text/plain; charset="utf-8" Content-ID: <87FDFDB4EB3DF6428841438899AB499D@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" , "Michael Behringer \(mbehring\)" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2016 14:37:21 -0000 DQo+IE9uIE9jdCAxNywgMjAxNiwgYXQgNToxOCBQTSwgQnJpYW4gRSBDYXJwZW50ZXIgPGJyaWFu LmUuY2FycGVudGVyQGdtYWlsLmNvbT4gd3JvdGU6DQo+IA0KPiANCj4gDQo+IE9uIDE4LzEwLzIw MTYgMTI6MDUsIE1heCBQcml0aWtpbiAocHJpdGlraW4pIHdyb3RlOg0KPiAuLi4NCj4+PiAtIEkg dGhpbmsgd2UgbmVlZCB0byBicmluZyBvdXQgbW9yZSBzdHJvbmdseSB0aGF0IHRoZSBzdGF0ZSBt YWNoaW5lIG5lZWRzIHRvIHRyYWNrIHBlZXIgYW5kIGRvbWFpbi4gQmVjYXVzZSwgaWYgdGhlcmUg aXMgYSBmYWlsdXJlLCB0aGUgcGxlZGdlIHNob3VsZCwgZGVwZW5kaW5nIG9uIHRoZSBmYWlsdXJl IG9mIGNvdXJzZSwgbm90IHRyeSB0aGUgc2FtZSBkb21haW4gYWdhaW4sIGFuZCBwcm9iYWJseSBu b3QgdGhlIHNhbWUgcGVlciBlaXRoZXIuIFRoaXMgaXNuJ3QgY29taW5nIG91dCB0b2RheS4gDQo+ Pj4gSW4gZmFjdCwgdGhpcyBpcyB3aHkgSSBsaWtlZCB0aGUgImFkamFjZW5jeSB0YWJsZSIgc28g bXVjaCB0aGF0IEkgcHJlc2VudGVkIGluIEJlcmxpbiAoYW5kIGJlZm9yZSk6IEJlY2F1c2UgdGhl cmUgeW91IHNlZSBtdWNoIGNsZWFyZXIgdGhhdCwgaWYgZW5yb2xtZW50IGZhaWxzIHdpdGggcGVl ciB4LCB5b3UgbWF5IGp1c3QgbW92ZSB0byB0aGUgbmV4dCBvbmUuIEFzIG1lbnRpb25lZCBpdCdz IGFsbCB0aGVyZSwgYnV0IHRvIGEgbmV3IHJlYWRlciB0aGlzIHdvbid0IGNvbWUgb3V0IGNsZWFy bHksIEknbSBhZnJhaWQuDQo+PiANCj4+IFllYWgsIEkgY2FuIHNlZSB5b3VyIHBvaW50IHRoYXQg dGhpcyBpcyBidXJpZWQgaW4gdGhlIHRleHQgb2YgMy4xLjEgd2hlcmUgaXQgaXMgaW1wbGllZCB0 aGF0IHRoZXJlIGlzIGEgbGlzdCBvZiAic2VydmljZXMgcmV0dXJuZWQgZHVyaW5nIGVhY2ggcXVl cnnigJ0gYW5kIGluIGZhaWx1cmUgdGhlIGxpc3QgcHJvY2Vzc2luZyAicGlja3MgdXAgd2hlcmUg aXQgbGVmdCBvZmbigJ0gYnV0IHRoYXRzIHByZXR0eSBzdWJ0bGUuIA0KPiANCj4gV2hhdCBleGFj dGx5IGlzIHRoZSAicGVlciIgaW4gdGhlIGFib3ZlIHRleHQ/IEkgdGVuZCB0byBhc3N1bWUgaXQn cyB0aGUgcHJveHkuDQo+IEluIHRoYXQgY2FzZSBpdCBzZWVtcyB0byBtZSB0aGF0IHRoZSBkaXNj b3ZlcnkgcHJvY2VzcyAod2hldGhlciBpdCdzIG1ETlMNCj4gb3IgR1JBU1ApIHdpbGwgZGlzY292 ZXIgYWxsIGF2YWlsYWJsZSBwcm94aWVzIHJlZ2FyZGxlc3Mgb2YgZG9tYWluLiBBbmQgdGhlbg0K PiB0cnkgdGhlbSBpbiBzb21lIG9yZGVyIG9mIHByZWZlcmVuY2UgVEJELg0KDQpBZ3JlZWQuIEZy b20gdGhlIHBlcnNwZWN0aXZlIG9mIGEgUGxlZGdlIG5ldyBkZXZpY2UgYW55dGhpbmcgZGlzY292 ZXJlZCBpcyBhIOKAnHByb3h54oCdIG9yIHBlcmhhcHMgYSByZWdpc3RyYXIgYnV0IGl0IGRvZXNu 4oCZdCB5ZXQga25vdyB0aGUgZG9tYWluKHMpLiANCj4gDQo+IEFsc28sIGFsbCBvZiB0aGlzIG5l ZWRzIHRvIHdvcmsgaW4gdGhlIGFic2VuY2Ugb2YgYW4gQUNQIGFuZCB0aGVyZWZvcmUNCj4gb2Yg dGhlIEFDUCdzIGFkamFjZW5jeSB0YWJsZS4gVGhhdCBhcHBsaWVzIHRvIEdSQVNQIHRvbywgYmVj YXVzZSBpbiBvcmRlcg0KPiB0byBwZXJmb3JtIGl0cyB2YXJpb3VzIGxpbmstbG9jYWwgYWN0aW9u cywgaXQgbmVlZHMgdG8ga25vdyB3aGljaCBpbnRlcmZhY2VzDQo+IGl0IGhhcyBhbmQgd2hpY2gg bGluay1sb2NhbCBhZGRyZXNzZXMgaXQgaGFzLiBBbmQgaXQgbGVhcm5zIG9mIGl0cyBsaW5rLWxv Y2FsDQo+IG5laWdoYm9ycyBhcyBhIHJlc3VsdCBvZiBkaXNjb3ZlcnkuIFNvIHdoaWxlIEkgZnVs bHkgYXBwcmVjaWF0ZSB0aGUgdmFsdWUNCj4gb2YgdGhlIGFkamFjZW5jeSB0YWJsZSwgd2UgbmVl ZCB0byBiZSBmdW5jdGlvbmFsIHdpdGhvdXQgaXQuDQoNCk1pY2hhZWwgdGhpbmdzIG9mIGRpc2Nv dmVyZWQgcHJveGllcyBhcyBhZGphY2VuY2llcyBmb3IgdGhlIHRhYmxlLiBJIHRoaW5rIG9mIHRo ZW0gYXMgYSDigJxsaXN0IG9mIGRpc2NvdmVyZWQgcHJveGllc+KAnS4gVGhlIGNvbmNlcHRzIGFy ZSBzaW1pbGFyIGFuZCBNaWNoYWVsIGlzIGNvcnJlY3QgdGhhdCB0aGUgY3VycmVudCBzZW50ZW5j ZSBjb3VsZCBiZSBjbGVhcmVyLg0KDQotIG1heA0KDQo+IA0KPiBSZ2RzDQo+ICAgIEJyaWFuDQo+ IA0KPiANCg0K From nobody Tue Oct 18 07:52:17 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7696412967F for ; Tue, 18 Oct 2016 07:52:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTUwMP6jSRf3 for ; Tue, 18 Oct 2016 07:52:13 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87C8F12967C for ; Tue, 18 Oct 2016 07:52:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16644; q=dns/txt; s=iport; t=1476802333; x=1478011933; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=/lPoIpqVvKEA10rWtCBllnxNUCL8BR/901QzZS9N1GU=; b=JXfr429nkW0Wgx0X94R9grZ2dpZTQXXERkLK4HuFscjLIc7JRulA8WLV iq++5K+grSLKZ/jHkJ0gWo67sa8+u8fXGYWpq3aOtPXCS6k4BP0Wk/OFd /P/Po2iRSzQkjV4CUBvf9Y//YaHDaU+f31w3HbVzKuTr/hI7nOH+sEDid k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A3AQD9NQZY/4UNJK1TCRkBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYM8AQEBAQEdV20PB40tlwWUOIIIHQuFegIagWg4FAECAQEBAQE?= =?us-ascii?q?BAV4nhGEBAQEDAQEBASAEDToLBQcEAgEIEQQBAQECAiYCAgIlCxUICAEBBA4FG?= =?us-ascii?q?YgxCA61dIxnAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBB4czCIFLgQWEGAgRFoM?= =?us-ascii?q?ELIIvAQSISwKHLooLAZADj3WMe4N/AR42UoRtcoYnAiQEA4ECgQABAQE?= X-IronPort-AV: E=Sophos;i="5.31,362,1473120000"; d="scan'208";a="336517134" Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Oct 2016 14:52:12 +0000 Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u9IEqBlO007409 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Tue, 18 Oct 2016 14:52:12 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Oct 2016 09:52:11 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Tue, 18 Oct 2016 09:52:11 -0500 From: "Max Pritikin (pritikin)" To: "Michael Behringer (mbehring)" Thread-Topic: [Anima-bootstrap] BRSKI State Machine Thread-Index: AdImIxW8sCw9I7ieQW++wlMDDTidqAC0b9kAAAZTtiAAGr5igA== Date: Tue, 18 Oct 2016 14:52:11 +0000 Message-ID: References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <60b5e9e82e224cbba4e6363076d2dbc5@XCH-RCD-006.cisco.com> In-Reply-To: <60b5e9e82e224cbba4e6363076d2dbc5@XCH-RCD-006.cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.9] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] BRSKI State Machine X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2016 14:52:15 -0000 DQpSRSAjMSAo4oCcdHJ1c3Qgb24gZmlyc3QgdXNl4oCdIG9yIOKAnHpvbWJpZSBkdWNrbGluZ+KA nSkNCg0KVGhpcyBpcyBub3Qgc3VwcG9ydGVkIGJ5IHRoZSBjdXJyZW50IHRleHQgYnV0IGlzIG5v dCBzcGVjaWZpY2FsbHkgZXhjbHVkZWQuIEkgcHJvcG9zZSBuZXh0IHRleHQgd2l0aGluIHNlY3Rp b24xIHRoYXQgaW5kaWNhdGVzIHRoaXMuIA0KCVN1cHBvcnQgZm9yIGEg4oCYdHJ1c3Qgb24gZmly c3QgdXNl4oCZIG1vZGVsIGlzIG5vdCBwcm92aWRlZCBieSB0aGlzIHByb3RvY29sIHNwZWNpZmlj YXRpb24uIERldmljZXMgdGhhdCBjbGFpbSBjb21wbGlhbmNlIA0KICAgICAgICB0byB0aGlzIHNw ZWNpZmljYXRpb24gTUFZIHN1cHBvcnQgVHJ1c3Qgb24gZmlyc3QgdXNlIGNhbiBleGlzdCBvbiBw aHlzaWNhbCBpbnRlcmZhY2VzIGJ1dCBNVVNUIE5PVCBzdXBwb3J0IHRydXN0LW9uLWZpcnN0LXVz ZSANCiAgICAgICAgb24gbmV0d29yayBpbnRlcmZhY2VzLg0KDQpJIGhhdmUgbm90aGluZyBpbmhl cmVudGx5IGFnYWluc3QgcGVvcGxlIGJ1aWxkaW5nIHpvbWJpZSBkdWNrbGluZyBkZXZpY2VzLiBa b21iaWVzIGFyZSBjb29sISBJIHNpbXBseSBkb27igJl0IHdhbnQgdGhlbSB0byBhbHNvIGNsYWlt IHN1cHBvcnQgZm9yIGEgc2VjdXJlIHByb3RvY29sIGFzIHdlbGwuIA0KDQotIG1heA0KDQoNCj4g T24gT2N0IDE4LCAyMDE2LCBhdCAxOjUxIEFNLCBNaWNoYWVsIEJlaHJpbmdlciAobWJlaHJpbmcp IDxtYmVocmluZ0BjaXNjby5jb20+IHdyb3RlOg0KPiANCj4gDQo+IA0KPj4gLS0tLS1PcmlnaW5h bCBNZXNzYWdlLS0tLS0NCj4+IEZyb206IE1heCBQcml0aWtpbiAocHJpdGlraW4pDQo+PiBTZW50 OiAxOCBPY3RvYmVyIDIwMTYgMDE6MDUNCj4+IFRvOiBNaWNoYWVsIEJlaHJpbmdlciAobWJlaHJp bmcpIDxtYmVocmluZ0BjaXNjby5jb20+DQo+PiBDYzogYW5pbWEtYm9vdHN0cmFwQGlldGYub3Jn DQo+PiBTdWJqZWN0OiBSZTogW0FuaW1hLWJvb3RzdHJhcF0gQlJTS0kgU3RhdGUgTWFjaGluZQ0K Pj4gDQo+PiBUaGFua3MgZm9yIHRoZSBkZXRhaWxlZCByZXZpZXcgbm90ZXMhIFRoZXkgYXJlIG11 Y2ggYXBwcmVjaWF0ZWQgYW5kIHZlcnkNCj4+IHRpbWVseS4gSeKAmWxsIGJlIHNwZW5kaW5nIHRp bWUgdGhpcyB3ZWVrIGFkZHJlc3NpbmcgdGhlbS4NCj4+IA0KPj4gUmVzcG9uZGluZyB0byB0aGUg aGlnaGVyIGxldmVsIGRpc2N1c3Npb24gaW5saW5lLA0KPj4gDQo+Pj4gT24gT2N0IDE0LCAyMDE2 LCBhdCA4OjQyIEFNLCBNaWNoYWVsIEJlaHJpbmdlciAobWJlaHJpbmcpDQo+PiA8bWJlaHJpbmdA Y2lzY28uY29tPiB3cm90ZToNCj4+PiANCj4+PiBIaSBGb2xrcywNCj4+PiANCj4+PiBZb3Uga25v dyB0aGF0IEknbSBkb2luZyBhIGNvbXBsZXRlIHRob3JvdWdoIHRvcC10by1ib3R0b20gcmV2aWV3 IG9uDQo+Pj4gdGhlIGJyc2tpIGRyYWZ0LCBidXQgSSdtIG9ubHkgaGFsZi13YXkgdGhyb3VnaCBy aWdodCBub3cuIChZZXMsIEknbQ0KPj4+IHRha2luZyBpdCBzZXJpb3VzbHkgOy0pDQo+Pj4gDQo+ Pj4gSSdtIGJyaW5naW5nIGZvcndhcmQgaGVyZSBhIHNpbmdsZSB0b3BpYyB0aGF0IEkgdGhpbmsg aXMgZmFpcmx5IGltcG9ydGFudCwgc28NCj4+IHRoYXQgd2UgY2FuIHN0YXJ0IGRpc2N1c3Npb24g YWJvdXQgdGhhdC4gQW5kIHRoYXQgaXMgdGhlIHN0YXRlIG1hY2hpbmUuIE15DQo+PiBoaWdoLWxl dmVsIG9ic2VydmF0aW9uIGlzIHRoYXQgSSB0aGluayB0aGUgZHJhZnQgaXNuJ3QgcHJlY2lzZSBl bm91Z2ggeWV0IHRvDQo+PiBhbGxvdyBmb3IgaW5kZXBlbmRlbnQsIGludGVyb3BlcmFibGUgaW1w bGVtZW50YXRpb25zLiBUaGVyZSBhcmUgdG9vIG1hbnkNCj4+ICJsb3NlIGVuZHMiLg0KPj4+IA0K Pj4+IFNvLCBJIHN0YXJ0ZWQgbG9va2luZyB0aHJvdWdoIHRoZSBzdGF0ZSBtYWNoaW5lIChmaWd1 cmUgMyksIGFuZCB0aG91Z2h0IHRoaXMNCj4+IHRocm91Z2ggaW4gbW9yZSBkZXRhaWwuDQo+Pj4g DQo+Pj4gKiBGaXJzdCBvZiBhbGwsIG9uZSB0aGluZyBpc24ndCBjb21pbmcgb3V0IGNsZWFybHkg KGl0J3MgdGhlcmUsIGJ1dCBzb21laG93IG5vdA0KPj4gb2J2aW91cyBhdCBhbGwpOiBXZSBoYXZl IHRocmVlICJwYXRocyIgdGhyb3VnaCB0aGUgYWxnb3JpdGhtLCBhbmQgaXQgaXMgdGhlDQo+PiAq cGxlZGdlKiB0aGF0IGhhcyAiaGFyZCBjb2RlZCIgd2hpY2ggcGF0aHMgd2UncmUgdGFraW5nOg0K Pj4+IA0KPj4+IDEpIGpvaW4gYW55IGRvbWFpbiAoZmlyc3QgY29tZSBmaXJzdCBqb2luKQ0KPj4+ ICAtLT4gTm8gTUFTQSByZXF1aXJlZA0KPj4gDQo+PiBGb3IgdGhlIHJlY29yZDogSSBjb25zaWRl ciB0aGlzIGEgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eSBidXQgYWNjZXB0IHRoYXQgaXQgd2lsbA0K Pj4gdGFrZSBhIG51bWJlciBvZiBoaWdoIHByb2ZpbGUgYXR0YWNrcyBiZWZvcmUgZm9sa3MgY29t ZSBhcm91bmQgdG8gYWdyZWVpbmcNCj4+IHdpdGggbWUuIDspIEkgcmVjb21tZW5kIGFnYWluc3Qg dGhpcy4NCj4+IA0KPj4+IDIpIHJlcXVpcmUgYXVkaXQgdG9rZW4NCj4+PiAgLS0+IE1BU0EgcmVx dWlyZWQsIGF1ZGl0IG1vZGUNCj4+PiAzKSByZXF1aXJlIGF1dGhlbnRpY2F0aW9uIHRva2VuDQo+ Pj4gIC0tPiBNQVNBIHJlcXVpcmVkLCBvd25lcnNoaXAgdHJhY2tpbmcgbW9kZQ0KPj4+IA0KPj4+ IFtJIHJlYWxseSBob3BlIHdlIGFncmVlIG9uIHRoYXQhISFdDQo+PiANCj4+IEFncmVlZC4NCj4+ IA0KPj4gV2hlcmUgIzIgYW5kICMzIGNvdWxkIGJlIHNlZW4gYXMgYSBzaW5nbGUgcGF0aCB3aXRo IHNsaWdodGx5IGRpZmZlcmVudA0KPj4gaW5mb3JtYXRpb24gaW4gdGhlIG1lc3NhZ2UgZnJvbSB0 aGUgTUFTQSBzZXJ2ZXI7IGJ1dCB3ZeKAmWQgYmUgcXVpY2tseSBiZQ0KPj4gaW50byB0aGUgd2Vl ZHMgb2YgdGhlIG1zZyBmb3JtYXQgaWYgd2UgZ2V0IGludG8gdGhhdCBoZXJlLg0KPiANCj4gU28g dGhpcyBkaXNjdXNzaW9uIGlzIGltcG9ydGFudCB0byBnZXQgcmlnaHQgYmVmb3JlIHdlIGdvIHRv IGxhc3QgY2FsbCBvbiB0aGlzIGRvY3VtZW50cywgc2luY2UgYSBsb3Qgb2YgdGhlIGRldGFpbHMg ZGVwZW5kIG9uIHRob3NlIGhpZ2ggbGV2ZWwgY2hvaWNlcy4gSSBzdWdnZXN0IHdlIHRyeSB0byBn ZXQgY29uc2Vuc3VzIG9uIGhvdyB0byBkZWFsIHdpdGggdGhvc2UgMyBjYXNlcyBhc2FwLiANCj4g DQo+IEkgYWdyZWUgd2l0aCB5b3VyIG9ic2VydmF0aW9uIG9uIDEuIFdlIGhhdmUgdG8gbWFrZSBh IGNvbnNjaW91cyBjaG9pY2UgYmV0d2VlbiBhKSBiZWluZyBsZXNzIHNlY3VyZSBidXQgcXVpY2ts eSBkZXBsb3lhYmxlLCBvciBiKSBiZWluZyBtb3JlIHNlY3VyZSBidXQgcmVxdWlyaW5nIG1vcmUg dmVuZG9yIHN1cHBvcnQgYmVmb3JlIGJlaW5nIGFibGUgdG8gImZseSIuIE15IHBvaW50IGlzLCB3 ZSdyZSBub3QgcmVhbGx5IG1ha2luZyB0aGlzIGNob2ljZSB0b2RheTsgd2hpbGUgd2Ugc29ydCBv ZiB0cnkgdG8gZGl2ZXJ0IGZyb20gMSkgd2UgcmVhbGx5IGFsbG93IGV2ZXJ5dGhpbmcuIElmIHdl IHJlYWxseSB3YW50IHRvIGRpc2FsbG93IG9wdGlvbiAxLCB3ZSBzaG91bGQgc2F5IHNvLiBJZiBu b3QsIG15IGZlZWxpbmcgaXMgYWZ0ZXIgcmVhZGluZyB0aGUgd2hvbGUgdGhpbmc6IHdlIE1VU1Qg ZXhwbGFpbiBhbGwgb3B0aW9ucyB2ZXJ5IGNsZWFybHkgaW4gcGFyYWxsZWwsIGVsc2UgdGhlcmUg YXJlIHRvbyBtYW55IHZhcmlhbnRzIGFuZCBsb29zZSBlbmRzLiANCj4gDQo+IEknbSBub3Qgc3Vy ZSB3ZSBjYW4gY29tYmluZSAyIGFuZCAzIGludG8gYSBzaW5nbGUgY2FzZSwgYWx0aG91Z2ggaXQg d291bGQgYmUgZGVzaXJhYmxlIG9mIGNvdXJzZS4gDQo+IA0KPiBJbiAyKSB0aGUgcGxlZGdlIE1V U1QgY3JlYXRlIGFuZCBzZW5kIGEgbm9uY2UgKHRoaXMgaXMgZXhwbGFpbmVkIGluIDUuMSkuIFlv dSBjYW5ub3QgYXVkaXQgd2l0aG91dCBhIG5vbmNlLiBGcmVzaG5lc3MgaXMgYSBNVVNUIGZvciBh dWRpdCBldmVudHMuIA0KPiBJbiAzKSB0aGUgbm9uY2UgaXMgb3B0aW9uYWwuIEFuZCB3ZSBoYXZl IGEgZGVwbG95bWVudCBtb2RlbCB3aGVyZSB3ZSByZXF1ZXN0IGFsbCBhdXRob3JpemF0aW9uIHRv a2VucyB1cCBmcm9udCAocG90ZW50aWFsbHkgYXQgdGltZSBvZiBwdXJjaGFzZSksIHNvIHRoaXMg d2lsbCBiZSB1c2VkLiBBbmQgaXQgaXMgdGhlIHBsZWRnZSB3aG8gZGVjaWRlcyB3aGV0aGVyIHRv IHNlbmQgYSBub25jZSBvciBub3QsIGFuZCBpZiBpdCBkb2VzLCB0aGUgcmVzcG9uc2UgTVVTVCBi ZSBmcmVzaC4gKGNvcnJlY3QgbWUgaWYgSSdtIHdyb25nKS4gU28sIHJlYWxseSwgd2UgYWN0dWFs bHkgZXZlbiBoYXZlIGNhc2UgM2EpIGFuZCAzYiksIGFuZCB3ZSBNVVNUIGV4cGxhaW4gdGhhdCBp biB0aGUgImJlaGF2aW91ciBvZiBhIG5ldyBkZXZpY2UiLiBXZSBuZWVkIHRvIGJlIHZlcnkgY2xl YXIgYW5kIGV4cGxpY2l0Li4uIA0KPiANCj4gVGhlcmVmb3JlLCBJIHRoaW5rLCB3ZSBwcm9iYWJs eSBtdXN0IHNlcGFyYXRlIGJvdGggY2FzZXMgaW4gdGhlIGRyYWZ0Li4uLiBOZWVkIHRvIHRoaW5r IG1vcmUuIEl0IHdvdWxkIGJlIEdSRUFUIGlmIHdlIGNvdWxkIGNvbWJpbmUgdGhlbSwgYXMgeW91 IHN1Z2dlc3RlZC4uLiANCj4gDQo+Pj4gVGhpcyBuZWVkcyB0byBjb21lIG91dCBtdWNoIG1vcmUg Y2xlYXJseS4gU2hvdWxkIHRoaXMgImhhcmQgY29kZWQiDQo+Pj4gYmVoYXZpb3VyIGJlIGNoYW5n ZWFibGUgdW5kZXIgY2VydGFpbiBjb25kaXRpb25zPyAoRG9uJ3QgdGhpbmsgc28sDQo+Pj4gYnV0 Li4uKSBUaGUga25lZS1qZXJrIHJlYWN0aW9uIHdvdWxkIGJlIHRvIHB1dCB0aGlzIHVuZGVyIDMu MSwgYnV0IEkNCj4+PiB0aGluayBpdCdzIG1vcmUgaW1wb3J0YW50IHRoYW4gdGhhdCEgSXQgc2hv dWxkIGJlIGV4cGxhaW5lZCB2ZXJ5DQo+Pj4gZWFybHksIHNvbWV3aGVyZSBpbiAxKSwgbWF5YmUg aW4gIDEuMi4gSGFwcHkgdG8gd3JpdGUgdXAgc29tZSB0ZXh0IGlmDQo+Pj4gdGhlIHRlYW0gd2Fu dHMgbWUgdG8gKGFuZCBpZiB3ZSBhZ3JlZSA7LSkNCj4+PiANCj4+PiAqIFdoZW4geW91IHRyeSB0 byBkbyBhIHN0YXRlIG1hY2hpbmUgd2l0aCBmaWd1cmUgMywgdGhlcmUgYXJlIGEgZmV3IHRoaW5n cw0KPj4gdGhhdCBkb24ndCBxdWl0ZSBnZWwuIE1haW4gcG9pbnRzIGFyZToNCj4+PiANCj4+PiAt ICJJZGVudGl0eSIgaXNuJ3QgcmVhbGx5IGEgc3RhdGUgaW4gaXRzZWxmLiBJIHdvdWxkIGFyZ3Vl IGEgcGxlZGdlIFVTRVMgaXRzDQo+PiBpZGVudGl0eSBpbiB0aGUgbmV4dCBzdGVwLg0KPj4gDQo+ PiBGcm9tIGEgcHJvdG9jb2wgcGVyc3BlY3RpdmUgdGhlIHBsZWRnZSBjb21wbGV0ZXMgYXV0aGVu dGljYXRpb24gYXMgcGFydCBvZg0KPj4gdGhlIFRMUyBoYW5kc2hha2UgYW5kIG9ubHkgYWZ0ZXIg dGhhdCBpcyBjb21wbGV0ZSBkb2VzIGl0IOKAmHJlcXVlc3Qgam9pbuKAmS4gU28gSQ0KPj4gY2Fs bGVkIHRoZXNlIGRpc3RpbmN0IHN0YXRlcy4gSSBkb27igJl0IGZlZWwgc3Ryb25nbHkgYWJvdXQg aXQgdGhvdWdoIGFuZCBhbSBvcGVuDQo+PiB0byBjb21iaW5pbmcgdGhlc2Ugc3RhdGVzLg0KPiAN Cj4gQnV0IGl0IGlzIGEgc2luZ2xlIFRMUyBjb25uZWN0aW9uPyAoSSdtIG5vdCB5ZXQgZW50aXJl bHkgY2xlYXIgb24gdGhlIGxhdGVzdCBwcm90b2NvbCBkaXNjdXNzaW9ucykNCj4gDQo+IEkgdGhp bms6IElmIHdlIHJlYWxseSBoYXZlIHR3byBzZXBhcmF0ZSBUTFMgY29ubmVjdGlvbnMsIHRoZW4g d2UgY2FuIHNwbGl0OyBidXQgaWYgaXQncyBqdXN0IGRpZmZlcmVudCB0cmFuc2FjdGlvbnMgd2l0 aGluIGEgc2luZ2xlIFRMUyBjb25uZWN0aW9uLCBJIHdvdWxkIGNhbGwgaXQgb25lIHN0YXRlLiAN Cj4gDQo+Pj4gLSBJIHRoaW5rIHdlIG5lZWQgdG8gYnJpbmcgb3V0IG1vcmUgc3Ryb25nbHkgdGhh dCB0aGUgc3RhdGUgbWFjaGluZSBuZWVkcw0KPj4gdG8gdHJhY2sgcGVlciBhbmQgZG9tYWluLiBC ZWNhdXNlLCBpZiB0aGVyZSBpcyBhIGZhaWx1cmUsIHRoZSBwbGVkZ2Ugc2hvdWxkLA0KPj4gZGVw ZW5kaW5nIG9uIHRoZSBmYWlsdXJlIG9mIGNvdXJzZSwgbm90IHRyeSB0aGUgc2FtZSBkb21haW4g YWdhaW4sIGFuZA0KPj4gcHJvYmFibHkgbm90IHRoZSBzYW1lIHBlZXIgZWl0aGVyLiBUaGlzIGlz bid0IGNvbWluZyBvdXQgdG9kYXkuDQo+Pj4gSW4gZmFjdCwgdGhpcyBpcyB3aHkgSSBsaWtlZCB0 aGUgImFkamFjZW5jeSB0YWJsZSIgc28gbXVjaCB0aGF0IEkgcHJlc2VudGVkIGluDQo+PiBCZXJs aW4gKGFuZCBiZWZvcmUpOiBCZWNhdXNlIHRoZXJlIHlvdSBzZWUgbXVjaCBjbGVhcmVyIHRoYXQs IGlmIGVucm9sbWVudA0KPj4gZmFpbHMgd2l0aCBwZWVyIHgsIHlvdSBtYXkganVzdCBtb3ZlIHRv IHRoZSBuZXh0IG9uZS4gQXMgbWVudGlvbmVkIGl0J3MgYWxsDQo+PiB0aGVyZSwgYnV0IHRvIGEg bmV3IHJlYWRlciB0aGlzIHdvbid0IGNvbWUgb3V0IGNsZWFybHksIEknbSBhZnJhaWQuDQo+PiAN Cj4+IFllYWgsIEkgY2FuIHNlZSB5b3VyIHBvaW50IHRoYXQgdGhpcyBpcyBidXJpZWQgaW4gdGhl IHRleHQgb2YgMy4xLjEgd2hlcmUgaXQgaXMNCj4+IGltcGxpZWQgdGhhdCB0aGVyZSBpcyBhIGxp c3Qgb2YgInNlcnZpY2VzIHJldHVybmVkIGR1cmluZyBlYWNoIHF1ZXJ54oCdIGFuZCBpbg0KPj4g ZmFpbHVyZSB0aGUgbGlzdCBwcm9jZXNzaW5nICJwaWNrcyB1cCB3aGVyZSBpdCBsZWZ0IG9mZuKA nSBidXQgdGhhdHMgcHJldHR5IHN1YnRsZS4NCj4gDQo+IFllcywgSSB0aGluayB3ZSBjb3VsZCBi ZSBtb3JlIGV4cGxpY2l0OyBkaXNjb3ZlcnkgZmluZHMgYSBzZXQgb2Ygbm9kZXMgd2l0aCBkaWZm ZXJlbnQgY2hhcmFjdGVyaXN0aWNzLCBhbmQgd2UgbmVlZCB0byBleHBsYWluIGhvdyB0byBuYXZp Z2F0ZSB0aHJvdWdoIHRoaXMgc2V0LiANCj4gDQo+Pj4gLSBXZSBtYXkgd2FudCBhICJyZWFzb24g Zm9yIHJlamVjdGlvbiIgaWYgdGhlIGRvbWFpbiByZWplY3RzIGEgZGV2aWNlIChmb3INCj4+IGFs bCBuZWdhdGl2ZSBjYXNlcykuIEluIHNvbWUgY2FzZSwgaXQgY291bGQgYmUgYSAid2FpdCBhIG1p bnV0ZSwgSSdtIGN1cnJlbnRseQ0KPj4gb3ZlcmxvYWRlZCIsIGluIG90aGVycyAid2UgZG9uJ3Qg bGlrZSB5b3UgaW4gdGhpcyBkb21haW4iLCBvciAieW91ciBlbnJvbG1lbnQNCj4+IG1vZGUgKHNl ZSBmaXJzdCBwb2ludCkgaXMgbm90IGFjY2VwdGFibGUiLg0KPj4+IEluICJyZWFsIGxpZmUiIHRo aXMgd291bGQgYWxsb3cgc29tZSB2aXN1YWwgZmVlZGJhY2sgYXQgdGhlIGluc3RhbGwgc2l0ZSwg c28gdGhhdA0KPj4gdGhlIGVuZ2luZWVyIGtub3dzIHdoZXRoZXIgaGUgc2hvdWxkIHdhaXQgb3Ig Y2FuIGdvLg0KPj4+IFtub3RlOiB0aGVyZSBtYXkgYmUgc2VjdXJpdHkgcmVhc29ucyB0byBOT1Qg Z2l2ZSBhIHJlYXNvbiBmb3INCj4+PiByZWplY3Rpb24sIG5lZWQgdG8gdGhpbmsgbW9yZSBhYm91 dCB0aGlzXQ0KPj4gDQo+PiBJIHRoaW5rIGhlcmUgd2UgbmVlZCB0byBwcm92aWRlIGluZm9ybWF0 aW9uIGFib3V0IHdoYXQgaGFwcGVuZWQuIFRoaXMgaXMNCj4+IHdoeSBzNS40IGV4aXN0cyB0byBo YXZlIHRoZSBwbGVkZ2Ugc2VuZCB0ZWxlbWV0cnkgYmFjayB0byB0aGUgbmV0d29yayB0aGF0DQo+ PiBhdHRlbXB0ZWQgYm9vdHN0cmFwcGluZy4NCj4+IA0KPj4gQnV0IG5vdGUgdGhpcyBpcyBmcm9t IHRoZSBwbGVkZ2UgdG8gdGhlIGRvbWFpbi4gVGhlIGRldmljZSBpcyBhc3N1bWVkIHRvIGJlDQo+ PiBoZWFkbGVzcy96ZXJvLXRvdWNoIGV0YyBzbyBJIHdhc27igJl0IHRoaW5raW5nIGluIHRlcm1z IG9mIHNlbmRpbmcgZXJyb3INCj4+IG1lc3NhZ2VzIHRvIGl0LiBJ4oCZbSBvcGVuIHRvIGRvaW5n IHNvIHRob3VnaC4NCj4gDQo+IEluZGVlZC4gSSB0aGluayB3ZSBjYW4gcHJvYmFibHkgZmluZCBz ZWN1cml0eSByZWFzb25zIHdoeSB3ZSBkb24ndCB3YW50IHRvbyBtdWNoIGluZm9ybWF0aW9uIGJh Y2sgdG8gdGhlIHBsZWRnZSwgaWRlYWxseSBqdXN0IHllcy9uby4gDQo+IA0KPiBIb3dldmVyLCBJ IHRoaW5rIHRoZXJlIGFyZSB0aHJlZSBjYXNlcyBhbiBpbnN0YWxsaW5nIHBlcnNvbiBuZWVkcyB0 byBkaXN0aW5ndWlzaDogDQo+IGdyZWVuOiBkZXZpY2UgaXMgZW5yb2xsZWQ7IHlvdSBjYW4gZ28h DQo+IHJlZDogZGV2aWNlIHdhcyByZWplY3RlZDsgc3RpY2sgYSBiaWcgbGFiZWwgb24gdGhlIGRl dmljZSAicmVqZWN0ZWQiIGFuZCBzZW5kIHRvIE5PQy4gVHJ5IGFub3RoZXIgZGV2aWNlLCBvciBn byBob21lLiAgDQo+IHllbGxvdzogdGhlcmUgaXMgYSB0ZW1wb3JhcnkgaXNzdWU7IHdhaXQuIA0K PiANCj4gQW5kIHdlIHNob3VsZCBhdCBsZWFzdCBwcm92aWRlIHRoYXQgbGV2ZWwgb2YgaW5mb3Jt YXRpb24gYmFjayB0byB0aGUgcGxlZGdlLiANCj4gDQo+Pj4gLSBJIGRpZG4ndCBxdWl0ZSBsaWtl ICJpbXByaW50IiBhcyBhIHN0YXRlIGVpdGhlci4gVG8gbWUsIHRoZSBuZXh0IGxvZ2ljYWwgc3Rh dGUNCj4+IHdhcyAidmFsaWRhdGlvbiIuIHNlZSBhdHRhY2hlZCBwcHQgZm9yIG1vcmUgZGV0YWls cy4gQnV0IGJvdHRvbSBsaW5lLCB3ZQ0KPj4gbmVlZCB0byByZWZsZWN0IHRoZSAzICJwYXRocyIg dGhyb3VnaCB0aGUgYWxnb3JpdGhtIGhlcmUgYWdhaW4uDQo+PiANCj4+IA0KPj4g4oCcdmFsaWRh dGlvbuKAnSBpcyBhIGZpbmUgdGhpbmcgdG8gY2FsbCB0aGF0IHN0YXRlLg0KPj4gDQo+Pj4gDQo+ Pj4gLSBBbmQgZmluYWxseSwgSSBzdWdnZXN0IHdlIHJlbmFtZSAiYmVpbmcgbWFuYWdlZCIgdG8g ImVucm9sbGVkIi4NCj4+PiBSZWFzb24gaXM6IEknbSBhbHNvIGRyYXdpbmcgdXAgYSBjb21wbGV0 ZSBzdGF0ZSBtYWNoaW5lIGZvciBhbiBBTklNQQ0KPj4+IG5vZGUsIGFuZCB0aGVyZSBJIHRoaW5r IHRoZSBtYWluICJ0cmFuc2l0aW9uIHBvaW50cyIgYmV0d2VlbiBCUlNLSSBhbmQNCj4+PiBBQ1Ag aXMgd2hlbiB0aGUgZGV2aWNlIGlzICJlbnJvbGxlZCIuIFRodXMgSSBzdWdnZXN0IHRvIGNhbGwg dGhlIGZpbmFsDQo+Pj4gc3RhdGUgaW4gQlJTS0kgIkVucm9sbGVkIiwgYW5kIHRoZSBmaXJzdCBv bmUgaW4gQUNQIHRoZSBzYW1lLg0KPj4+IChCZXNpZGVzLCAiYmVpbmcgbWFuYWdlZCIgZG9lc24n dCBzb3VuZCByaWdodCB3aGVuIHdlJ3JlIHRhbGtpbmcgYQ0KPj4+IGZ1bGx5IGF1dG9ub21pYyBk ZXZpY2UuKQ0KPj4gDQo+PiBJIHRoaW5rIHRoZXJlIGlzIGEgZGlzdGluY3Rpb24gYmV0d2VlbiDi gJxvYnRhaW5pbmcgYW4gaWRlbnRpdHkgb24gdGhlIGRvbWFpbuKAnQ0KPj4gYW5kIOKAnHdoYXQg aSBkbyBhZnRlciBJIGhhdmUgYW4gaWRlbnRpdHkgdG8gYmUgZW5nYWdlZCB3aXRoIHRoZSBkb21h aW7igJ0uIFNvDQo+PiB0aGVyZSBhcmUgdHdvIHN0YXRlcyBoZXJlLiBCdXQgeWVzLCDigJxiZWlu ZyBtYW5hZ2Vk4oCdIGNvdWxkIGJlIOKAnG9uIHRoZQ0KPj4gZG9tYWlu4oCdIG9yIHNvbWV0aGlu Zy4NCj4gDQo+IEFncmVlLCBidXQgSSB0aGluayAid2hhdCBJIGRvIGFmdGVyIEkgaGF2ZSBhbiBp ZGVudGl0eSIgaXMgb3V0IG9mIHNjb3BlIGZvciB0aGlzIGRvYy4gKHdlIGhhdmUgc29tZSBpbmZv cm1hbCBzZWN0aW9uIG9uIHRoaXMsIDQuNSwgd2hpY2ggaXMgcHJvYmFibHkgdXNlZnVsKS4gDQo+ IA0KPj4+IEluIHRoZSBhdHRhY2hlZCBwcHQgSSBtYWRlIHRob3NlIGZldyBjaGFuZ2VzLCBhbmQg SSBtYXJrZWQgd2l0aCBhIHJlZA0KPj4gc3Rhciwgd2hlcmUgSSB0aGluayB3ZSBuZWVkIG1vcmUg d29yayBiZWZvcmUgYW55IGxhc3QgY2FsbCwgYXBhcnQgZnJvbSB3aGF0ICBJDQo+PiBhbHJlYWR5 IG1lbnRpb25lZDoNCj4+PiANCj4+PiAtIHdlIG5lZWQgdG8gc3BlY2lmeSBwcmVjaXNlbHkgdGhl IGRpc2NvdmVyeSBtZXRob2QsIHdpdGggbUROUyBmaWVsZA0KPj4gbmFtZXMsIGFuZCBvdGhlciBk ZXRhaWxzLiBJbiBteSBoZWFkIHdlJ3JlIHVzaW5nIG1ETlMgaGVyZSwgYW5kIEkgKnRoaW5rKg0K Pj4gd2UgYWdyZWVkIG9uIHRoYXQ/DQo+PiANCj4+IHllcy4gd2l0aCB1bmRlcnN0YW5kaW5nIHRo YXQgdGhlIHByb3h5IHRvIHJlZ2lzdHJhciBTSE9VTEQgYmUgZGlzY292ZXJlZA0KPj4gdXNpbmcg R1JBU1AgZm9yIEFDUCBkZXZpY2VzLg0KPiANCj4gQW5kIHRoYXQgbmVlZHMgdG8gYmUgd3JpdHRl biBzb21ld2hlcmUgaW4gQlJTS0ksIGFncmVlZD8gV2UgbmVlZCBhIHNlY3Rpb24gb24gaG93IHRo ZSBwcm94eSBkaXNjb3ZlcnMgYSBSZWdpc3RyYXI7IFJlZ2lzdHJhciBzZWxlY3Rpb24sIGV0Yy4g U2lnaC4uLiBNb3JlIHdvcmshDQo+IA0KPj4+IEJ1dCwgd2UnbGwgbmVlZCB0aGUgc2FtZSBtZXRo b2QgYWxzbyBmb3IgdGhlIEFDUCBkcmFmdDogV2hlbiBib3RoIG5vZGVzDQo+PiBoYXZlIGEgY2Vy dGlmaWNhdGUsIHRoZXkgbmVlZCB0byBkaXNjb3ZlciBlYWNoIG90aGVyIGFzIHdlbGwuDQo+Pj4g SSd2ZSBiZWVuIGhhZ2dsaW5nIHdpdGggVG9lcmxlc3MgYWJvdXQgdGhpcyA6LSkgICBJIHRoaW5r IHdlIHNob3VsZCB0YWtlIHRoZQ0KPj4gbUROUyBpbnNlY3VyZSBkaXNjb3ZlcnkgaW50byBhIHNl cGFyYXRlLCBuZXcgZHJhZnQuDQo+PiANCj4+IEkgZG9u4oCZdCBmb2xsb3cuIG1ETlMgc2ltcGx5 ICppcyogaW5zZWN1cmUuIFRoaXMgaXMgaW1wb3J0YW50IHNpbmNlIHdlIGNhbuKAmXQNCj4+IGVz dGFibGlzaCBhIHNlY3VyZSBkaXNjb3ZlcnkgeWV0Lg0KPiANCj4gVGhhdCB3YXNuJ3QgbXkgcG9p bnQ7IEkgd2FudGVkIHRvIHNheSB0aGF0IHdlIG5lZWQgdG8gc3BlY2lmeSBleGFjdGx5IHdoaWNo IGRpc2NvdmVyeSBtZXRob2RzIGFyZSB1c2VkIGluIEJSU0tJIGFuZCBBQ1AuICANCj4gDQo+Pj4g VGhpcyBpcyBsaWtlbHkgdmVyeSBzaG9ydCwgQlVUOiBJIHRoaW5rIGl0IGRvZXNuJ3QgcmVhbGx5 IGJlbG9uZyBpbiB0aGUgQlJTS0kNCj4+IGRyYWZ0IChzcGVjaWZpY2FsbHkgaWYgd2UgdXNlIEJS U0tJIGFsc28gZm9yIG5vbi1BTklNQSBlbnZpcm9ubWVudHMpLCBuZWl0aGVyDQo+PiBpbiB0aGUg QUNQIGRyYWZ0IChiZWNhdXNlIHdlIGFsc28gbmVlZCBpdCBpbiBCUlNLSSkuIEhhdmluZyBhIHNl cGFyYXRlIGRyYWZ0DQo+PiB3b3VsZCBiZSB2ZXJ5IGNsZWFuLiBIb3dldmVyIEkgdW5kZXJzdGFu ZCAod2hlbiBwdXNoZWQgaGFyZCkgd2UgbWF5IG5vdA0KPj4gd2FudCB0byBkbyB0aGlzIGZvciBh ZG1pbiByZWFzb25zLg0KPj4+IEFsdGVybmF0aXZlbHksIHdlIHNwZWNpZnkgdGhlIGRpc2NvdmVy eSBpbiB0aGUgQUNQIGRyYWZ0LCBhbmQgQlJTS0kgcmVmZXJzIHRvDQo+PiBpdC4gSSBsaWtlIHRo aXMgbGVzcywgYnV0IHdpbGwgbm90IHNjcmVhbSBtdXJkZXIgaWYgb3RoZXJzIGluc2lzdC4NCj4+ IA0KPj4gSSB0aGluayBkaXNjb3Zlcnkgb2YgdGhlIHByb3h5IG11c3QgYmUgaW4gdGhpcyBkcmFm dC4gSeKAmW0gaGFwcHkgdG8gbW92ZSB0aGUNCj4+IHByb3h54oCZcyBkaXNjb3Zlcnkgb2YgdGhl IHJlZ2lzdHJhciB0byBhbm90aGVyIGRyYWZ0IGJ1dCBJIHRoaW5rIGl0cyBvayB0bw0KPj4gcmVj b21tZW5kIEdSQVNQIGZvciB0aGF0IGNvbm5lY3Rpb24gc28gSSBkb27igJl0IHNlZSBhIHByb2Js ZW0gd2l0aCB0aGF0Lg0KPiANCj4gSSBzdWdnZXN0IHdlIGxlYXZlIHRoYXQgaW4gdGhlIEJSU0tJ IGRyYWZ0LiANCj4gDQo+IFRoYW5rcyBmb3IgeW91ciBxdWljayByZXNwb25zZSEgDQo+IE1pY2hh ZWwNCj4gDQo+PiAtIG1heA0KPj4gDQo+Pj4gDQo+Pj4gU28gbXVjaCBmb3Igbm93LiBTdGlsbCBv biB0aGUgZnVsbCByZXZpZXcsIGJ1dCB0aGlzIGlzIHByZXR0eSBoaWdoIGxldmVsLCBhbmQNCj4+ IHByZXR0eSBmdW5kYW1lbnRhbC4gSGFwcHkgdG8gaGVscCB3aXRoIHRleHQgYW5kL29yIEFTQ0lJ IGFydCBpZiB3ZSBkZWNpZGUgdG8NCj4+IHRha2Ugb24gc29tZSBvZiB0aGVzZSBwb2ludHMuDQo+ Pj4gDQo+Pj4gTWljaGFlbA0KPj4+IA0KPj4+IA0KPj4+IDxicnNraSBzdGF0ZQ0KPj4+IA0KPj4g bWFjaGluZS5wcHR4Pl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fDQo+Pj4gQW5pbWEtYm9vdHN0cmFwIG1haWxpbmcgbGlzdA0KPj4+IEFuaW1hLWJvb3RzdHJh cEBpZXRmLm9yZw0KPj4+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vYW5p bWEtYm9vdHN0cmFwDQo+IA0KDQo= From nobody Tue Oct 18 10:20:00 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215531296B8 for ; Tue, 18 Oct 2016 10:19:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLPttNRISPjA for ; Tue, 18 Oct 2016 10:19:56 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F139D129417 for ; Tue, 18 Oct 2016 10:19:55 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 104722009E; Tue, 18 Oct 2016 13:34:30 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4C95063AFE; Tue, 18 Oct 2016 13:19:54 -0400 (EDT) From: Michael Richardson To: "Max Pritikin \(pritikin\)" In-Reply-To: <3F4BBD96-9E80-46DF-9E65-2A2DD9404138@cisco.com> References: <7868.1476712024@obiwan.sandelman.ca> <3F4BBD96-9E80-46DF-9E65-2A2DD9404138@cisco.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] section 5.1 -- redirection X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2016 17:19:58 -0000 --=-=-= Content-Type: text/plain Max Pritikin (pritikin) wrote: >> Max, I'm doing the minutes, and I'm trying to explain the confusion we >> had over the various objects by connecting to the real text, and I >> came across this. >> >> Section 5.1 includes the text: >> >> As indicated in EST [RFC7030] the bootstrapping server can redirect >> the client to an alternate server. If the New Entity authenticated >> the Registrar using the well known URI method then the New Entity MUST >> follow the redirect automatically and authenticate the new Registrar >> against the redirect URI provided. If the New Entity had not yet >> authenticated the Registrar because it was discovered and was not a >> known-to-be-valid URI then the new Registrar must be authenticated >> using one of the two autonomic methods described in this document. >> Similarly the Registar MAY respond with an HTTP 202 ("the request has >> been accepted for processing, but the processing has not been >> completed") as described in EST [RFC7030] section 4.2.3. >> I'm trying to understand how/when the New Entity would authenticate >> the registrar using the well known URI. Is this for some form of >> mitigation, where the new entity does not (can not) do all of the >> proxy steps and a human helps via craft console? Or is this part of >> the rekey state machine? > Including a well known URI as the final discovery attempt allows the > client state machine and code base to support a model where it is > booted on an unsecured (unknown) network where nothing local responds > to discovery attempts. This use case support any home or small-business > style device that might use a cloud management model. Right, I recall this part now. Can I suggest the 5.1 text say: When the New Entity has used a URI of last resort (described in section 3.1.1, method (d)), then the New Entity MUST be ready to accept a redirected from the bootstrap server to an alternate server. This is as per EST [RFC7030]. Redirects are otherwise illegal, and MUST cause the New Entity to start over, and select a different proxy. This is most likely to occur when the vendor's registrar knows the a more relevant local registrar for the client. The client will have authenticated the vendor's registrar using built-in trust anchors, and therefore the redirect URI SHOULD be trusted. Since client authentication occurs during the TLS handshake the bootstrapping server has sufficient information to apply appropriate policy concerning which server to redirect to. After the redirect, the client MUST proceed through the same provisional state as before. I also would like to give the four steps in section 3.1.1 Discovery names. Perhaps it's enough to say "Discovery method (a)"? Except that these are not methods, but steps, two of which are MAY, so maybe the various connection methods need names. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWAZZt4CLcPvd0N1lAQKy1AgAkW+/3bByE3A+AcH2G+BHR988q8pgHKxk V/aHjOh25lekyOV3K3TfntGV1OFqkRdprr1w3RCJ1hQwX7jt15Hghu2g9nGTAkYQ TVGdhGRz5YBUXWQbxj6m3gmBtK+NvkCqws9BVVD8cm2QNn6GohnI2g2tkKJzqKQs Ojc5Kd//tlQQgmfbVyDBUs22Azo7BaOR/duDMUcflQ/ses9FWu3g+mFV3BZlrlwd Y4d6c0R594sbEsaNQfXTZxGuC1ToDfU3hMiOWZPY6T2qrY+qvPFXV4FPonyOLzQ/ IiPcVHoj445dMAnQIyoAtQNxTk0kAFQi/H8jN5IJndek+N7tlHsDfg== =dAjI -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Oct 18 10:45:14 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17AC0129706 for ; Tue, 18 Oct 2016 10:45:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7a43F2Hxf6JD for ; Tue, 18 Oct 2016 10:45:11 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CF6412949A for ; Tue, 18 Oct 2016 10:45:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5166; q=dns/txt; s=iport; t=1476812710; x=1478022310; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=pfGUWrea0Zfc6eqdmI9QNFCUMpd02enolIWve8POEUQ=; b=d9B6IW6ynRpAeb8lmUJlnaKcNkIuHoiPlwG3BHHwBlLiEx1/uU8+9cob CmioehmO+5gi5ZaecmJQUpYSQ90Vsy28Kfm3d6OvuXGDfmps9QniihjLZ hK9kXsBVmeORLzHCmnTwiWBXd1+U7GwMF6XBfZHdhPkljN4YgC8aM4w/F 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CBAQBPXgZY/4sNJK1cGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgzwBAQEBAR1XfAeNLZcFlDiCCIJrgzYCGoFpOBQBAgEBAQEBAQFiJ4R?= =?us-ascii?q?hAQEBAwEjEUUFCwIBCBgCAiYCAgIwFRACBA4FiEoItjmMdQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAR2BB4czgliEMRaDBCyCLwWaCAGQBY93jHuDfwEeNlSEdXKHGYE?= =?us-ascii?q?AAQEB?= X-IronPort-AV: E=Sophos;i="5.31,362,1473120000"; d="scan'208";a="158968035" Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Oct 2016 17:45:10 +0000 Received: from XCH-RCD-014.cisco.com (xch-rcd-014.cisco.com [173.37.102.24]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id u9IHjAAn018322 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 18 Oct 2016 17:45:10 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-014.cisco.com (173.37.102.24) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 18 Oct 2016 12:45:08 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Tue, 18 Oct 2016 12:45:08 -0500 From: "Max Pritikin (pritikin)" To: Michael Richardson Thread-Topic: [Anima-bootstrap] section 5.1 -- redirection Thread-Index: AQHSKHz22l7b3DIF90W6zIPNiD6lZ6CthoqAgAFD/ACAAAcNAA== Date: Tue, 18 Oct 2016 17:45:08 +0000 Message-ID: <15AFB6C8-A09B-4FFB-BE8A-165B701551CF@cisco.com> References: <7868.1476712024@obiwan.sandelman.ca> <3F4BBD96-9E80-46DF-9E65-2A2DD9404138@cisco.com> <26843.1476811194@obiwan.sandelman.ca> In-Reply-To: <26843.1476811194@obiwan.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.9] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] section 5.1 -- redirection X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2016 17:45:13 -0000 DQo+IE9uIE9jdCAxOCwgMjAxNiwgYXQgMTE6MTkgQU0sIE1pY2hhZWwgUmljaGFyZHNvbiA8bWNy K2lldGZAc2FuZGVsbWFuLmNhPiB3cm90ZToNCj4gDQo+IA0KPiBNYXggUHJpdGlraW4gKHByaXRp a2luKSA8cHJpdGlraW5AY2lzY28uY29tPiB3cm90ZToNCj4+PiBNYXgsIEknbSBkb2luZyB0aGUg bWludXRlcywgYW5kIEknbSB0cnlpbmcgdG8gZXhwbGFpbiB0aGUgY29uZnVzaW9uIHdlDQo+Pj4g aGFkIG92ZXIgdGhlIHZhcmlvdXMgb2JqZWN0cyBieSBjb25uZWN0aW5nIHRvIHRoZSByZWFsIHRl eHQsIGFuZCBJDQo+Pj4gY2FtZSBhY3Jvc3MgdGhpcy4NCj4+PiANCj4+PiBTZWN0aW9uIDUuMSBp bmNsdWRlcyB0aGUgdGV4dDoNCj4+PiANCj4+PiBBcyBpbmRpY2F0ZWQgaW4gRVNUIFtSRkM3MDMw XSB0aGUgYm9vdHN0cmFwcGluZyBzZXJ2ZXIgY2FuIHJlZGlyZWN0DQo+Pj4gdGhlIGNsaWVudCB0 byBhbiBhbHRlcm5hdGUgc2VydmVyLiAgSWYgdGhlIE5ldyBFbnRpdHkgYXV0aGVudGljYXRlZA0K Pj4+IHRoZSBSZWdpc3RyYXIgdXNpbmcgdGhlIHdlbGwga25vd24gVVJJIG1ldGhvZCB0aGVuIHRo ZSBOZXcgRW50aXR5IE1VU1QNCj4+PiBmb2xsb3cgdGhlIHJlZGlyZWN0IGF1dG9tYXRpY2FsbHkg YW5kIGF1dGhlbnRpY2F0ZSB0aGUgbmV3IFJlZ2lzdHJhcg0KPj4+IGFnYWluc3QgdGhlIHJlZGly ZWN0IFVSSSBwcm92aWRlZC4gIElmIHRoZSBOZXcgRW50aXR5IGhhZCBub3QgeWV0DQo+Pj4gYXV0 aGVudGljYXRlZCB0aGUgUmVnaXN0cmFyIGJlY2F1c2UgaXQgd2FzIGRpc2NvdmVyZWQgYW5kIHdh cyBub3QgYQ0KPj4+IGtub3duLXRvLWJlLXZhbGlkIFVSSSB0aGVuIHRoZSBuZXcgUmVnaXN0cmFy IG11c3QgYmUgYXV0aGVudGljYXRlZA0KPj4+IHVzaW5nIG9uZSBvZiB0aGUgdHdvIGF1dG9ub21p YyBtZXRob2RzIGRlc2NyaWJlZCBpbiB0aGlzIGRvY3VtZW50Lg0KPj4+IFNpbWlsYXJseSB0aGUg UmVnaXN0YXIgTUFZIHJlc3BvbmQgd2l0aCBhbiBIVFRQIDIwMiAoInRoZSByZXF1ZXN0IGhhcw0K Pj4+IGJlZW4gYWNjZXB0ZWQgZm9yIHByb2Nlc3NpbmcsIGJ1dCB0aGUgcHJvY2Vzc2luZyBoYXMg bm90IGJlZW4NCj4+PiBjb21wbGV0ZWQiKSBhcyBkZXNjcmliZWQgaW4gRVNUIFtSRkM3MDMwXSBz ZWN0aW9uIDQuMi4zLg0KPiANCj4+PiBJJ20gdHJ5aW5nIHRvIHVuZGVyc3RhbmQgaG93L3doZW4g dGhlIE5ldyBFbnRpdHkgd291bGQgYXV0aGVudGljYXRlDQo+Pj4gdGhlIHJlZ2lzdHJhciB1c2lu ZyB0aGUgd2VsbCBrbm93biBVUkkuICBJcyB0aGlzIGZvciBzb21lIGZvcm0gb2YNCj4+PiBtaXRp Z2F0aW9uLCB3aGVyZSB0aGUgbmV3IGVudGl0eSBkb2VzIG5vdCAoY2FuIG5vdCkgZG8gYWxsIG9m IHRoZQ0KPj4+IHByb3h5IHN0ZXBzIGFuZCBhIGh1bWFuIGhlbHBzIHZpYSBjcmFmdCBjb25zb2xl PyAgT3IgaXMgdGhpcyBwYXJ0IG9mDQo+Pj4gdGhlIHJla2V5IHN0YXRlIG1hY2hpbmU/DQo+IA0K Pj4gSW5jbHVkaW5nIGEgd2VsbCBrbm93biBVUkkgYXMgdGhlIGZpbmFsIGRpc2NvdmVyeSBhdHRl bXB0IGFsbG93cyB0aGUNCj4+IGNsaWVudCBzdGF0ZSBtYWNoaW5lIGFuZCBjb2RlIGJhc2UgdG8g c3VwcG9ydCBhIG1vZGVsIHdoZXJlIGl0IGlzDQo+PiBib290ZWQgb24gYW4gdW5zZWN1cmVkICh1 bmtub3duKSBuZXR3b3JrIHdoZXJlIG5vdGhpbmcgbG9jYWwgcmVzcG9uZHMNCj4+IHRvIGRpc2Nv dmVyeSBhdHRlbXB0cy4gVGhpcyB1c2UgY2FzZSBzdXBwb3J0IGFueSBob21lIG9yIHNtYWxsLWJ1 c2luZXNzDQo+PiBzdHlsZSBkZXZpY2UgdGhhdCBtaWdodCB1c2UgYSBjbG91ZCBtYW5hZ2VtZW50 IG1vZGVsLg0KPiANCj4gUmlnaHQsIEkgcmVjYWxsIHRoaXMgcGFydCBub3cuDQo+IENhbiBJIHN1 Z2dlc3QgdGhlIDUuMSB0ZXh0IHNheToNCj4gDQo+ICAgICAgICAgIDx0PldoZW4gdGhlIE5ldyBF bnRpdHkgaGFzIHVzZWQgYSBVUkkgb2YgbGFzdCByZXNvcnQgKGRlc2NyaWJlZCBpbg0KPiAgICAg ICAgICBzZWN0aW9uIDMuMS4xLCBtZXRob2QgKGQpKSwgdGhlbiB0aGUgTmV3IEVudGl0eSBNVVNU IGJlIHJlYWR5IHRvDQo+ICAgICAgICAgIGFjY2VwdCBhIHJlZGlyZWN0ZWQgZnJvbSB0aGUgYm9v dHN0cmFwIHNlcnZlciB0byBhbiBhbHRlcm5hdGUNCj4gICAgICAgICAgc2VydmVyLiAgVGhpcyBp cyBhcyBwZXIgRVNUIFtSRkM3MDMwXS4NCj4gDQo+ICAgICAgICAgIFJlZGlyZWN0cyBhcmUgb3Ro ZXJ3aXNlIGlsbGVnYWwsIGFuZCBNVVNUIGNhdXNlIHRoZSBOZXcgRW50aXR5IHRvDQo+ICAgICAg ICAgIHN0YXJ0IG92ZXIsIGFuZCBzZWxlY3QgYSBkaWZmZXJlbnQgcHJveHkuDQoNCknigJlkIGVp dGhlciBtb3ZlIHRoaXMgdG8gdGhlIGVuZCBvciBtb3ZlIHRoaXMgdG8gdGhlIGJlZ2lubmluZy4g V2hlcmUgaXQgaXMgaXQgYmVha3MgdGhlIGZsb3cgYmV0d2VlbiB0aGUgcHJpb3IgcGFyYWdyYXBo IGFuZCB0aGUgbmV4dCBwYXJhZ3JhcGguIA0KDQo+IA0KPiAgICAgICAgICBUaGlzIGlzIG1vc3Qg bGlrZWx5IHRvIG9jY3VyIHdoZW4gdGhlIHZlbmRvcidzIHJlZ2lzdHJhciBrbm93cw0KPiAgICAg ICAgICB0aGUgYSBtb3JlIHJlbGV2YW50IGxvY2FsIHJlZ2lzdHJhciBmb3IgdGhlIGNsaWVudC4g IFRoZSBjbGllbnQNCj4gICAgICAgICAgd2lsbCBoYXZlIGF1dGhlbnRpY2F0ZWQgdGhlIHZlbmRv cidzIHJlZ2lzdHJhciB1c2luZyBidWlsdC1pbiB0cnVzdA0KPiAgICAgICAgICBhbmNob3JzLCBh bmQgdGhlcmVmb3JlIHRoZSByZWRpcmVjdCBVUkkgU0hPVUxEIGJlIHRydXN0ZWQuDQo+IA0KPiAg ICAgICAgICBTaW5jZSBjbGllbnQgYXV0aGVudGljYXRpb24gb2NjdXJzDQo+ICAgICAgICAgIGR1 cmluZyB0aGUgVExTIGhhbmRzaGFrZSB0aGUgYm9vdHN0cmFwcGluZyBzZXJ2ZXIgaGFzIHN1ZmZp Y2llbnQNCj4gICAgICAgICAgaW5mb3JtYXRpb24gdG8gYXBwbHkgYXBwcm9wcmlhdGUgcG9saWN5 IGNvbmNlcm5pbmcgd2hpY2ggc2VydmVyIHRvDQo+ICAgICAgICAgIHJlZGlyZWN0IHRvLg0KPiAN Cj4gICAgICAgICAgQWZ0ZXIgdGhlIHJlZGlyZWN0LCB0aGUgY2xpZW50IE1VU1QgcHJvY2VlZCB0 aHJvdWdoIHRoZSBzYW1lDQo+ICAgICAgICAgIHByb3Zpc2lvbmFsIHN0YXRlIGFzIGJlZm9yZS48 L3Q+DQo+IA0KPiANCj4gSSBhbHNvIHdvdWxkIGxpa2UgdG8gZ2l2ZSB0aGUgZm91ciBzdGVwcyBp biBzZWN0aW9uIDMuMS4xIERpc2NvdmVyeQ0KPiBuYW1lcy4gIFBlcmhhcHMgaXQncyBlbm91Z2gg dG8gc2F5ICJEaXNjb3ZlcnkgbWV0aG9kIChhKSI/DQo+IEV4Y2VwdCB0aGF0IHRoZXNlIGFyZSBu b3QgbWV0aG9kcywgYnV0IHN0ZXBzLCB0d28gb2Ygd2hpY2ggYXJlIE1BWSwNCj4gc28gbWF5YmUg dGhlIHZhcmlvdXMgY29ubmVjdGlvbiBtZXRob2RzIG5lZWQgbmFtZXMuDQoNCkkgdGhpbmsg4oCc c3RlcCAoYSnigJ0gd291bGQgYmUgY2xlYXIgZW5vdWdoLiBJ4oCZbSBub3Qgc3VyZSB0aGV5IG5l ZWQgdG8gYmUgbmFtZWQgKG1vc3RseSBiZWNhdXNlIGNvbWluZyB1cCB3aXRoIHRoZSBuYW1lcyBz ZWVtcyBsaWtlIGEgcmF0aG9sZSB3L28gc3VmZmljaWVudCB2YWx1ZSkuIA0KDQpJ4oCZbSBoYXBw eSB3aXRoIGFkZGluZyB0aGlzIHR5cGUgb2YgY2xhcmlmeWluZyB0ZXh0LiANCg0KLSBtYXgNCg0K PiANCj4gLS0NCj4gTWljaGFlbCBSaWNoYXJkc29uIDxtY3IrSUVURkBzYW5kZWxtYW4uY2E+LCBT YW5kZWxtYW4gU29mdHdhcmUgV29ya3MNCj4gLT0gSVB2NiBJb1QgY29uc3VsdGluZyA9LQ0KPiAN Cj4gDQo+IA0KDQo= From nobody Tue Oct 18 12:46:24 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 833E8129739 for ; Tue, 18 Oct 2016 12:46:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SxJwgorztdv3 for ; Tue, 18 Oct 2016 12:46:21 -0700 (PDT) Received: from mail-pf0-x232.google.com (mail-pf0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89654128E18 for ; Tue, 18 Oct 2016 12:46:21 -0700 (PDT) Received: by mail-pf0-x232.google.com with SMTP id s8so1774990pfj.2 for ; Tue, 18 Oct 2016 12:46:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=sQCYXLHErruorb5k6Spm9GBoo/GtEKOqKHM0bfaLnvg=; b=Zg+5gl1mhlT8VuZVMujC8Md4dHPX3V7W5NAle6YtERG6Txa1m5+P42s95/TshOApT5 GFyIZeXVnHCDIIVe313/KzajNEdmYwMhrL5cw692EfFdJqs/G5EzJVF1evMBvh+6duII lFdCA8DQ+4DAZhr2VJSnvobfYua30v7UJ1SGKbPkDsBaFObrGZHBKaxscUUxLirEbzNk WE6EVYwBU6zoMWPA2XG7ijxfcNVwaAxPJl+J1hAg4Tpchw+XNbWXYelnGhG9Y1F1bpPp FX3JV0KOTiZI26sWfI10xc0+aAxIyFrfEDoZJj48eXjEYa4ZO4yzSJWym3bvTyHE0zEX xrwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=sQCYXLHErruorb5k6Spm9GBoo/GtEKOqKHM0bfaLnvg=; b=hzqaQjaaVRjeY1p+dwnasDG21XKJclCmjfm48BnBbL3BKAUto7LcFneY8QEM4qKoK8 ZbgdX97S6699qXbm9YD8fYptFBbMkyscNT6ZLCUXl5paRIS7ai11ZMx8trPasJ7lOA3K g1eMaJSO9jrW8YkCdFpSYy9av1kgEaq1ZsU8dZdDHaT2FHeFqYuXlbl+sK369c23wC6D R/pE5KVsbwY+6e7pmuqs2sQq+m5xqm1icCOU7FH/qfwoDKnF37E5SwQZcGTzvKsbUxtu OOtwb9WwxYn5KAksioiCakflI5LMPiHTQ4ZZ3qTTHsPBV4V9f2XnbInbenxAcrUCmlVH axFw== X-Gm-Message-State: AA6/9Rl/5sBhhSdgNU/RiRiRbEyxB0Srv6y307CwzHGNk8UsaUUwjgM0NuvSEGffLmFJ6Q== X-Received: by 10.98.134.78 with SMTP id x75mr3714523pfd.6.1476819981113; Tue, 18 Oct 2016 12:46:21 -0700 (PDT) Received: from [192.168.178.23] ([118.148.117.247]) by smtp.gmail.com with ESMTPSA id o82sm57879930pfk.24.2016.10.18.12.46.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Oct 2016 12:46:20 -0700 (PDT) To: "Michael Behringer (mbehring)" , "Max Pritikin (pritikin)" References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <3d4d3f341c2f4975afe3879e92e78a50@XCH-RCD-006.cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: Date: Wed, 19 Oct 2016 08:46:20 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <3d4d3f341c2f4975afe3879e92e78a50@XCH-RCD-006.cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2016 19:46:22 -0000 On 18/10/2016 21:03, Michael Behringer (mbehring) wrote: >> -----Original Message----- >> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] >> Sent: 18 October 2016 01:18 >> To: Max Pritikin (pritikin) ; Michael Behringer >> (mbehring) >> Cc: anima-bootstrap@ietf.org >> Subject: peer and domain [was BRSKI State Machine] >> >> >> >> On 18/10/2016 12:05, Max Pritikin (pritikin) wrote: >> ... >>>> - I think we need to bring out more strongly that the state machine = needs >> to track peer and domain. Because, if there is a failure, the pledge s= hould, >> depending on the failure of course, not try the same domain again, and= >> probably not the same peer either. This isn't coming out today. >>>> In fact, this is why I liked the "adjacency table" so much that I pr= esented in >> Berlin (and before): Because there you see much clearer that, if enrol= ment >> fails with peer x, you may just move to the next one. As mentioned it'= s all >> there, but to a new reader this won't come out clearly, I'm afraid. >>> >>> Yeah, I can see your point that this is buried in the text of 3.1.1 w= here it is >> implied that there is a list of "services returned during each query=E2= =80=9D and in >> failure the list processing "picks up where it left off=E2=80=9D but t= hats pretty subtle. >> >> What exactly is the "peer" in the above text? I tend to assume it's th= e proxy. >> In that case it seems to me that the discovery process (whether it's m= DNS or >> GRASP) will discover all available proxies regardless of domain. And t= hen try >> them in some order of preference TBD. >=20 > "peer" is an entry in the adjacency table. Yes, there may be several on= an interface, of several different domains. The adjacency table discussi= on tries to capture that.=20 Fair enough. But anyway my comment still applies: a node that is joining = the ACP, or simply updating its ACP adjacencies, will discover all available neigh= bors... > =20 >> Also, all of this needs to work in the absence of an ACP and therefore= of the >> ACP's adjacency table. That applies to GRASP too, because in order to >> perform its various link-local actions, it needs to know which interfa= ces it has >> and which link-local addresses it has. And it learns of its link-local= neighbors as >> a result of discovery. So while I fully appreciate the value of the ad= jacency >> table, we need to be functional without it. >=20 > Now we're getting into a muddle with ANIMA vs non-ANIMA modes. (And you= 're right - this is important to sort out). Let's see whether we can sort= that.=20 >=20 > Up front: This is the ANIMA WG, and we're primarily defining the behavi= our of an ANIMA node. This is, IMO: >=20 > - There is an adjacency table, that observes what nodes are seen on eac= h ANIMA-capable interface.=20 > - This table is fed by discovery (primarily).=20 > - Depending on the state of the node, and the state of an adjacent node= , different things will happen.=20 > (see my presentation on the reference model, last IETF - all describe= d there) >=20 > For ANIMA, we need to settle on MUST discovery methods.=20 > In ANIMA, we will ALWAYS build an ACP to other nodes of the same domain= =2E=20 >=20 > The adjacency table links BRSKI and ACP automatically: Once I discover = a node which is in the same domain, I attempt to set up an ACP connection= with that node.=20 Sure. And I think I can model that with GRASP - it simply needs an object= ive that includes the domain and node credentials, right? >=20 > Outside ANIMA, GRASP can be used in many other ways; BRSKI can be used = to derive LDevIDs and nothing else.=20 >=20 > Do we agree?=20 I think so. But I won't know so until I see what the ACP's API looks like= =2E Remember that GRASP needs to create unicast and multicast sockets, so in = an ACP regime those sockets need to be provided by the ACP. Brian > Michael >=20 >> Rgds >> Brian >> >=20 From nobody Wed Oct 19 00:21:44 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC0521294A0 for ; Wed, 19 Oct 2016 00:21:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LhQ1n4VPb-7X for ; Wed, 19 Oct 2016 00:21:42 -0700 (PDT) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3511A1293D9 for ; Wed, 19 Oct 2016 00:21:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5206; q=dns/txt; s=iport; t=1476861701; x=1478071301; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=riOV2tq+1KBHvjY1//2Flt1iTxP3E90m6DHKr3fs7hI=; b=mFECgxgzeSJ9JtQ4+q/0mMlNW3X7nFptIgU1HwO+tXng+I0ZZfm16A35 Tpxr7/leuedrIAuU0rA28zOhg7PmOL7+Fihs2agcuK+dpL098fvBZ3bz5 nNB6n7h/2dlj3KO4UhrIhgpTQ6wAIJ0eLCBhLtGeoyLkNR8/YPbHbHcW2 w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B5AQCuHgdY/4UNJK1cGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgzwBAQEBAR1XfAeNLZcFkiqCD4IIH4YCAhqBcTgUAQIBAQEBAQEBYie?= =?us-ascii?q?EYQEBAQMBIxFFEAIBCBoCJgICAjAVEAIEAQ0NiEIItlCNAwEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAR2BB4U2hFWHS4JbBZoJAYYogwaGUY9+kHwBHjZVgwUcgVNyhxm?= =?us-ascii?q?BAAEBAQ?= X-IronPort-AV: E=Sophos;i="5.31,513,1473120000"; d="scan'208";a="161350237" Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Oct 2016 07:21:41 +0000 Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u9J7Lf4c030047 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 19 Oct 2016 07:21:41 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 19 Oct 2016 02:21:40 -0500 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Wed, 19 Oct 2016 02:21:40 -0500 From: "Michael Behringer (mbehring)" To: "Max Pritikin (pritikin)" , Brian E Carpenter Thread-Topic: peer and domain [was BRSKI State Machine] Thread-Index: AQHSKMzDH2EjrLtAb0y19VpfIxZoY6CunHQAgAC9NzA= Date: Wed, 19 Oct 2016 07:21:40 +0000 Message-ID: <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> In-Reply-To: <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.134] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2016 07:21:44 -0000 PiA+IFdoYXQgZXhhY3RseSBpcyB0aGUgInBlZXIiIGluIHRoZSBhYm92ZSB0ZXh0PyBJIHRlbmQg dG8gYXNzdW1lIGl0J3MgdGhlDQo+IHByb3h5Lg0KPiA+IEluIHRoYXQgY2FzZSBpdCBzZWVtcyB0 byBtZSB0aGF0IHRoZSBkaXNjb3ZlcnkgcHJvY2VzcyAod2hldGhlciBpdCdzDQo+ID4gbUROUyBv ciBHUkFTUCkgd2lsbCBkaXNjb3ZlciBhbGwgYXZhaWxhYmxlIHByb3hpZXMgcmVnYXJkbGVzcyBv Zg0KPiA+IGRvbWFpbi4gQW5kIHRoZW4gdHJ5IHRoZW0gaW4gc29tZSBvcmRlciBvZiBwcmVmZXJl bmNlIFRCRC4NCj4gDQo+IEFncmVlZC4gRnJvbSB0aGUgcGVyc3BlY3RpdmUgb2YgYSBQbGVkZ2Ug bmV3IGRldmljZSBhbnl0aGluZyBkaXNjb3ZlcmVkIGlzDQo+IGEg4oCccHJveHnigJ0gb3IgcGVy aGFwcyBhIHJlZ2lzdHJhciBidXQgaXQgZG9lc27igJl0IHlldCBrbm93IHRoZSBkb21haW4ocyku DQoNCk1vc3RseSBhZ3JlZTsgdHdvIHNtYWxsIGVkaXRzOiBJIHdvdWxkIHNheSAiIEZyb20gdGhl IHBlcnNwZWN0aXZlIG9mIGEgUGxlZGdlIGFueXRoaW5nIGRpc2NvdmVyZWQgaXMgYSAqcG90ZW50 aWFsKiDigJxwcm94eeKAnS4iDQoNCkkgd291bGQgbm90IG1lbnRpb24gdGhlIHJlZ2lzdHJhciwg c2luY2Ugd2UgZGVjaWRlZCB0aGF0IGlmIGEgZGV2aWNlIGhhcHBlbnMgdG8gYmUgYSByZWdpc3Ry YXIsIGl0IHNob3VsZCBzdGlsbCBiZWhhdmUgbGlrZSBhIHByb3h5LCB0byBrZWVwIHRoZSBiZWhh dmlvdXIgb2YgdGhlIHBsZWRnZSBhcyBzaW1wbGUgYXMgcG9zc2libGUuIA0KDQooSSdtIHN1cmUg d2UgYWdyZWUgLSB0aGVzZSBhcmUganVzdCBlZGl0b3JpYWwgY29tbWVudHMpDQoNCj4gPiBBbHNv LCBhbGwgb2YgdGhpcyBuZWVkcyB0byB3b3JrIGluIHRoZSBhYnNlbmNlIG9mIGFuIEFDUCBhbmQg dGhlcmVmb3JlDQo+ID4gb2YgdGhlIEFDUCdzIGFkamFjZW5jeSB0YWJsZS4gVGhhdCBhcHBsaWVz IHRvIEdSQVNQIHRvbywgYmVjYXVzZSBpbg0KPiA+IG9yZGVyIHRvIHBlcmZvcm0gaXRzIHZhcmlv dXMgbGluay1sb2NhbCBhY3Rpb25zLCBpdCBuZWVkcyB0byBrbm93DQo+ID4gd2hpY2ggaW50ZXJm YWNlcyBpdCBoYXMgYW5kIHdoaWNoIGxpbmstbG9jYWwgYWRkcmVzc2VzIGl0IGhhcy4gQW5kIGl0 DQo+ID4gbGVhcm5zIG9mIGl0cyBsaW5rLWxvY2FsIG5laWdoYm9ycyBhcyBhIHJlc3VsdCBvZiBk aXNjb3ZlcnkuIFNvIHdoaWxlDQo+ID4gSSBmdWxseSBhcHByZWNpYXRlIHRoZSB2YWx1ZSBvZiB0 aGUgYWRqYWNlbmN5IHRhYmxlLCB3ZSBuZWVkIHRvIGJlIGZ1bmN0aW9uYWwNCj4gd2l0aG91dCBp dC4NCj4gDQo+IE1pY2hhZWwgdGhpbmdzIG9mIGRpc2NvdmVyZWQgcHJveGllcyBhcyBhZGphY2Vu Y2llcyBmb3IgdGhlIHRhYmxlLiBJIHRoaW5rIG9mDQo+IHRoZW0gYXMgYSDigJxsaXN0IG9mIGRp c2NvdmVyZWQgcHJveGllc+KAnS4gVGhlIGNvbmNlcHRzIGFyZSBzaW1pbGFyIGFuZCBNaWNoYWVs IGlzDQo+IGNvcnJlY3QgdGhhdCB0aGUgY3VycmVudCBzZW50ZW5jZSBjb3VsZCBiZSBjbGVhcmVy Lg0KDQpTZWVuIGZyb20gQlJTS0ksIHlvdSBhcmUgcmlnaHQuIA0KDQpNeSBtYWluIGNvbW1lbnQg cmVhbGx5IGlzOiBBZGphY2VuY3kgZGlzY292ZXJ5LCBhcyB3ZWxsIGFzIHRoZSBhZGphY2VuY3kg dGFibGUsIGlzIHJlYWxseSBpbmRlcGVuZGVudCBvZiBib3RoIEJSU0tJIGFuZCBBQ1AuIEl0IGlz IGEgZmVhdHVyZSBvZiBhbiAqYXV0b25vbWljIG5vZGUqLiBXaGVuIGFuIGF1dG9ub21pYyBub2Rl IGlzIGluIGZhY3RvcnkgZGVmYXVsdCwgaXQgd2lsbCB1c2UgdGhlIGFkamFjZW5jeSB0YWJsZSB0 byBpbnZva2UgYm9vdHN0cmFwOyB3aGVuIGl0IGlzIGluIGEgZG9tYWluLCBpdCB3aWxsIHVzZSB0 aGUgc2FtZSB0YWJsZSB0byBjcmVhdGUgYW4gQUNQIGNvbm5lY3Rpb24uIFNvIHRoZSBhZGphY2Vu Y3kgZGlzY292ZXJ5IGFuZCB0aGUgdGFibGUgYXJlIHJlYWxseSBzZXBhcmF0ZSBmcm9tIEJSU0tJ IGFuZCBBQ1AuIA0KDQpCZWNhdXNlIG9mIHRoaXMsIEkndmUgc2FpZCBmb3IgYSB3aGlsZSB0aGUg cmVhbGx5ICJjb3JyZWN0IiB0aGluZyB0byBkbyB3b3VsZCBiZSB0byBtYWtlIGEgc2VwYXJhdGUg KHNob3J0KSBkcmFmdCBmb3IgYXV0b25vbWljIGFkamFjZW5jeSBkaXNjb3ZlcnksIGFuZCB0aGUg YWRqYWNlbmN5IHRhYmxlLiBUaGlzIHdvdWxkIGJlIGEgcmVhbGx5IG5pY2UgcGxhY2UgdG8gZGVz Y3JpYmUgdGhlIGdlbmVyYWwgYmVoYXZpb3VyIG9mIGFuIGF1dG9ub21pYyBub2RlLiANCiANClJp Z2h0IG5vdyB3ZSByZWFsbHkgc3BlY2lmeSB0aGUgc2FtZSB0aGluZyBpbiBib3RoIEJSU0tJIGFu ZCBBQ1AgZHJhZnRzLiBGaXJzdCBvZiBhbGwsIEkgdGhpbmsgd2Ugc2hvdWxkIGJlIFZFUlkgY2xl YXIgdGhhdCB3ZSBkb24ndCB3YW50ICp0d28qIG1lY2hhbmlzbXMgdG8gZGlzY292ZXIgYSBwcm94 eSBvciBhbiBBQ1AgbmVpZ2hib3VyLiBXZSB3YW50IGEgc2luZ2xlIHByb3RvY29sIHRvIGRvIHRo aXMuIChJIHRoaW5rIHdlIGFncmVlIHVwIHRvIGhlcmUpLiANCg0KVGhlIGNoYWlycyBoYXZlIGJl ZW4gcHVzaGluZyBoYXJkIGFnYWluc3QgYW5vdGhlciBkcmFmdCwgZm9yIHB1cmVseSBwcmFjdGlj YWwgcmVhc29ucywgYW5kIEkgdW5kZXJzdGFuZCB0aGF0LCBhbmQgY2FuIGxpdmUgd2l0aCBpdC4g DQoNCkJ1dCBsZXQncyBiZSBjbGVhciB0aGF0IHRoaXMgc2hvdWxkIHJlYWxseSBiZSB0aGUgc2Ft ZSBwcm90b2NvbCwgaXQgc2hvdWxkIGJlIHNwZWNpZmllZCBpbiBvbmUgcGxhY2Ugb25seSwgYW5k IHRoZSBvdGhlciByZWZlcnMgdG8gdGhhdC4gKEFnYWluLCBJIHRoaW5rIHdlIGFncmVlIG9uIHRo YXQpLiANCg0KSGVyZSdzIHdoYXQncyBnb2luZyB0byBoYXBwZW4gaW4gcGhhc2UgMiBvZiBBTklN QTogDQotIFdlJ2xsIHdhbnQgSW50ZW50IHRvIHNheSB0aGluZ3MgbGlrZSAidHJ1c3QgYXV0b25v bWljIGRldmljZXMgaW4gZG9tYWluIHggZm9yIHRoZSBzb2xlIHB1cnBvc2Ugb2YgYXV0by1uZWdv dGlhdGluZyBCR1Agc2VjdXJpdHkiLiANCi0gb3IgImlmIGEgbm9kZSBpbiBzcC5uZXQgc2VlcyBv bmUgaW4gY3VzdG9tZXIuc3AubmV0LCBpdCBzaG91bGQgY3JlYXRlIGEgJ3VuaWRpcmVjdGlvbmFs JyBBQ1AiDQotIFRoZXJlZm9yZSwgYSBub2RlIG5vdyBuZWVkcyB0byBzY2FuIGl0cyBhZGphY2Vu Y3kgdGFibGUsIHNlZSB3aGVyZSB0aGVyZSBhcmUgbm9kZXMgb2YgZG9tYWluIHguIA0KLSBmb3Ig c3VjaCBub2Rlcywgd2UnbGwgZXN0YWJsaXNoIGFub3RoZXIgZm9ybSBvZiBzZWN1cml0eSBhc3Nv Y2lhdGlvbiwgd2Ugd2lsbCBOT1QgaW5jbHVkZSB0aGVtIGluIHRoZSBnZW5lcmFsIEFDUC4gDQot IHNvIHRoZXJlIHdpbGwgYmUgYW5vdGhlciB3YXkgdG8gaGFuZGxlIG5vZGVzIGluIHRoZSB0YWJs ZSB0aGF0IHdlJ3ZlIGlnbm9yZWQgc28gZmFyLiANCi0gVGhpcyB3aWxsIHJlc3VsdCBpbiBhbm90 aGVyIGRyYWZ0LiANCi0gTm93LCB3aXRob3V0IHRoZSBhZGphY2VuY3kgZGlzY292ZXJ5IGRyYWZ0 LCB3ZSBuZWVkIG5vdyB0byBwb2ludCB0byBhbm90aGVyICJ1c2UgY2FzZSIgZHJhZnQsIGUuZy4s IEJSU0tJIGZvciB0aGUgZGV0YWlscyBvZiBhZGphY2VuY3kgZGlzY292ZXJ5LCBhbmQgd2hhdCB0 byBkbyBpbiB3aGljaCBjYXNlLiANCg0KVG8gbWUsIHdlIGFyZSB0dXJuaW5nIGNhdXNlIGFuZCBh Y3Rpb24gdGhlIHdyb25nIHdheSByb3VuZC4gDQoNCk1pY2hhZWwNCg0KDQo+IC0gbWF4DQo+IA0K PiA+DQo+ID4gUmdkcw0KPiA+ICAgIEJyaWFuDQo+ID4NCj4gPg0KDQo= From nobody Wed Oct 19 00:35:26 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3D5129430 for ; Wed, 19 Oct 2016 00:35:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K4t8QaalLDRG for ; Wed, 19 Oct 2016 00:35:22 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B5F91294A0 for ; Wed, 19 Oct 2016 00:35:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8178; q=dns/txt; s=iport; t=1476862522; x=1478072122; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=vWy8g5cbS0c87FKG+59ODClorHgMnPXtKdl5xcx8IAU=; b=F736wAUSA08nPIX59pvHC48E7ZdCjkw6P1DfuWoJptt7nv8McSXVuEmT S7Y6xsBuLPmDNbSKBy2bd9v4k/W1/uCGcL6qBe1Q2GyBt3LZDasESxzBb gp7DvoVJOR1a1DFxUU/S0GycODp4J0DV6Lsv/EON6AwthMdSAj6jXCxlW 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AiAQDjIAdY/5RdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgzwBAQEBAR1XfAeNLZcFh16KTIIPgggphRlfAhqBcTgUAQIBAQE?= =?us-ascii?q?BAQEBYieEYQEBAQQjEUUMBgEZBAEBAQICIwMCBB8RFAEICQEEAQ0FCIgwAxcOt?= =?us-ascii?q?kKJEg2DZgEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BB4U2hxyCF4JtglsFmVQ1AYY?= =?us-ascii?q?ogwaDSYMIgkONO4hmhBeDfwEeNlWEdHIBAYcXgQABAQE?= X-IronPort-AV: E=Sophos;i="5.31,513,1473120000"; d="scan'208";a="337580090" Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Oct 2016 07:35:21 +0000 Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id u9J7ZLeg032303 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 19 Oct 2016 07:35:21 GMT Received: from xch-rcd-006.cisco.com (173.37.102.16) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 19 Oct 2016 02:35:20 -0500 Received: from xch-rcd-006.cisco.com ([173.37.102.16]) by XCH-RCD-006.cisco.com ([173.37.102.16]) with mapi id 15.00.1210.000; Wed, 19 Oct 2016 02:35:20 -0500 From: "Michael Behringer (mbehring)" To: Brian E Carpenter , "Max Pritikin (pritikin)" Thread-Topic: mDNS or GRASP? [was: peer and domain [was BRSKI State Machine]] Thread-Index: AdIp2zQGWTyykefBRMWndeUMtwD/tQ== Date: Wed, 19 Oct 2016 07:35:20 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.55.238.134] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: [Anima-bootstrap] mDNS or GRASP? [was: peer and domain [was BRSKI State Machine]] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2016 07:35:24 -0000 PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBCcmlhbiBFIENhcnBlbnRlciBb bWFpbHRvOmJyaWFuLmUuY2FycGVudGVyQGdtYWlsLmNvbV0NCj4gU2VudDogMTggT2N0b2JlciAy MDE2IDIxOjQ2DQo+IFRvOiBNaWNoYWVsIEJlaHJpbmdlciAobWJlaHJpbmcpIDxtYmVocmluZ0Bj aXNjby5jb20+OyBNYXggUHJpdGlraW4NCj4gKHByaXRpa2luKSA8cHJpdGlraW5AY2lzY28uY29t Pg0KPiBDYzogYW5pbWEtYm9vdHN0cmFwQGlldGYub3JnDQo+IFN1YmplY3Q6IFJlOiBwZWVyIGFu ZCBkb21haW4gW3dhcyBCUlNLSSBTdGF0ZSBNYWNoaW5lXQ0KPiANCj4gT24gMTgvMTAvMjAxNiAy MTowMywgTWljaGFlbCBCZWhyaW5nZXIgKG1iZWhyaW5nKSB3cm90ZToNCj4gPj4gLS0tLS1Pcmln aW5hbCBNZXNzYWdlLS0tLS0NCj4gPj4gRnJvbTogQnJpYW4gRSBDYXJwZW50ZXIgW21haWx0bzpi cmlhbi5lLmNhcnBlbnRlckBnbWFpbC5jb21dDQo+ID4+IFNlbnQ6IDE4IE9jdG9iZXIgMjAxNiAw MToxOA0KPiA+PiBUbzogTWF4IFByaXRpa2luIChwcml0aWtpbikgPHByaXRpa2luQGNpc2NvLmNv bT47IE1pY2hhZWwgQmVocmluZ2VyDQo+ID4+IChtYmVocmluZykgPG1iZWhyaW5nQGNpc2NvLmNv bT4NCj4gPj4gQ2M6IGFuaW1hLWJvb3RzdHJhcEBpZXRmLm9yZw0KPiA+PiBTdWJqZWN0OiBwZWVy IGFuZCBkb21haW4gW3dhcyBCUlNLSSBTdGF0ZSBNYWNoaW5lXQ0KPiA+Pg0KPiA+Pg0KPiA+Pg0K PiA+PiBPbiAxOC8xMC8yMDE2IDEyOjA1LCBNYXggUHJpdGlraW4gKHByaXRpa2luKSB3cm90ZToN Cj4gPj4gLi4uDQo+ID4+Pj4gLSBJIHRoaW5rIHdlIG5lZWQgdG8gYnJpbmcgb3V0IG1vcmUgc3Ry b25nbHkgdGhhdCB0aGUgc3RhdGUgbWFjaGluZQ0KPiA+Pj4+IG5lZWRzDQo+ID4+IHRvIHRyYWNr IHBlZXIgYW5kIGRvbWFpbi4gQmVjYXVzZSwgaWYgdGhlcmUgaXMgYSBmYWlsdXJlLCB0aGUgcGxl ZGdlDQo+ID4+IHNob3VsZCwgZGVwZW5kaW5nIG9uIHRoZSBmYWlsdXJlIG9mIGNvdXJzZSwgbm90 IHRyeSB0aGUgc2FtZSBkb21haW4NCj4gPj4gYWdhaW4sIGFuZCBwcm9iYWJseSBub3QgdGhlIHNh bWUgcGVlciBlaXRoZXIuIFRoaXMgaXNuJ3QgY29taW5nIG91dCB0b2RheS4NCj4gPj4+PiBJbiBm YWN0LCB0aGlzIGlzIHdoeSBJIGxpa2VkIHRoZSAiYWRqYWNlbmN5IHRhYmxlIiBzbyBtdWNoIHRo YXQgSQ0KPiA+Pj4+IHByZXNlbnRlZCBpbg0KPiA+PiBCZXJsaW4gKGFuZCBiZWZvcmUpOiBCZWNh dXNlIHRoZXJlIHlvdSBzZWUgbXVjaCBjbGVhcmVyIHRoYXQsIGlmDQo+ID4+IGVucm9sbWVudCBm YWlscyB3aXRoIHBlZXIgeCwgeW91IG1heSBqdXN0IG1vdmUgdG8gdGhlIG5leHQgb25lLiBBcw0K PiA+PiBtZW50aW9uZWQgaXQncyBhbGwgdGhlcmUsIGJ1dCB0byBhIG5ldyByZWFkZXIgdGhpcyB3 b24ndCBjb21lIG91dCBjbGVhcmx5LA0KPiBJJ20gYWZyYWlkLg0KPiA+Pj4NCj4gPj4+IFllYWgs IEkgY2FuIHNlZSB5b3VyIHBvaW50IHRoYXQgdGhpcyBpcyBidXJpZWQgaW4gdGhlIHRleHQgb2Yg My4xLjENCj4gPj4+IHdoZXJlIGl0IGlzDQo+ID4+IGltcGxpZWQgdGhhdCB0aGVyZSBpcyBhIGxp c3Qgb2YgInNlcnZpY2VzIHJldHVybmVkIGR1cmluZyBlYWNoIHF1ZXJ54oCdDQo+ID4+IGFuZCBp biBmYWlsdXJlIHRoZSBsaXN0IHByb2Nlc3NpbmcgInBpY2tzIHVwIHdoZXJlIGl0IGxlZnQgb2Zm 4oCdIGJ1dCB0aGF0cw0KPiBwcmV0dHkgc3VidGxlLg0KPiA+Pg0KPiA+PiBXaGF0IGV4YWN0bHkg aXMgdGhlICJwZWVyIiBpbiB0aGUgYWJvdmUgdGV4dD8gSSB0ZW5kIHRvIGFzc3VtZSBpdCdzIHRo ZQ0KPiBwcm94eS4NCj4gPj4gSW4gdGhhdCBjYXNlIGl0IHNlZW1zIHRvIG1lIHRoYXQgdGhlIGRp c2NvdmVyeSBwcm9jZXNzICh3aGV0aGVyIGl0J3MNCj4gPj4gbUROUyBvcg0KPiA+PiBHUkFTUCkg d2lsbCBkaXNjb3ZlciBhbGwgYXZhaWxhYmxlIHByb3hpZXMgcmVnYXJkbGVzcyBvZiBkb21haW4u IEFuZA0KPiA+PiB0aGVuIHRyeSB0aGVtIGluIHNvbWUgb3JkZXIgb2YgcHJlZmVyZW5jZSBUQkQu DQo+ID4NCj4gPiAicGVlciIgaXMgYW4gZW50cnkgaW4gdGhlIGFkamFjZW5jeSB0YWJsZS4gWWVz LCB0aGVyZSBtYXkgYmUgc2V2ZXJhbCBvbiBhbg0KPiBpbnRlcmZhY2UsIG9mIHNldmVyYWwgZGlm ZmVyZW50IGRvbWFpbnMuIFRoZSBhZGphY2VuY3kgdGFibGUgZGlzY3Vzc2lvbiB0cmllcw0KPiB0 byBjYXB0dXJlIHRoYXQuDQo+IA0KPiBGYWlyIGVub3VnaC4gQnV0IGFueXdheSBteSBjb21tZW50 IHN0aWxsIGFwcGxpZXM6IGEgbm9kZSB0aGF0IGlzIGpvaW5pbmcgdGhlDQo+IEFDUCwgb3Igc2lt cGx5IHVwZGF0aW5nIGl0cyBBQ1AgYWRqYWNlbmNpZXMsIHdpbGwgZGlzY292ZXIgYWxsIGF2YWls YWJsZQ0KPiBuZWlnaGJvcnMuLi4NCg0KVHJ1ZS4gQnV0IHdoeSBpcyB0aGF0IGEgcHJvYmxlbSwg b3Igd2hhdCBhcmUgeW91IHN1Z2dlc3RpbmcgYmVjYXVzZSBvZiB0aGlzPyANCihJIHRoaW5rIEkg Z290IGxvc3QgaW4gdGhlIGFyZ3VtZW50cyBoZXJlKQ0KIA0KPiA+DQo+ID4+IEFsc28sIGFsbCBv ZiB0aGlzIG5lZWRzIHRvIHdvcmsgaW4gdGhlIGFic2VuY2Ugb2YgYW4gQUNQIGFuZA0KPiA+PiB0 aGVyZWZvcmUgb2YgdGhlIEFDUCdzIGFkamFjZW5jeSB0YWJsZS4gVGhhdCBhcHBsaWVzIHRvIEdS QVNQIHRvbywNCj4gPj4gYmVjYXVzZSBpbiBvcmRlciB0byBwZXJmb3JtIGl0cyB2YXJpb3VzIGxp bmstbG9jYWwgYWN0aW9ucywgaXQgbmVlZHMNCj4gPj4gdG8ga25vdyB3aGljaCBpbnRlcmZhY2Vz IGl0IGhhcyBhbmQgd2hpY2ggbGluay1sb2NhbCBhZGRyZXNzZXMgaXQNCj4gPj4gaGFzLiBBbmQg aXQgbGVhcm5zIG9mIGl0cyBsaW5rLWxvY2FsIG5laWdoYm9ycyBhcyBhIHJlc3VsdCBvZg0KPiA+ PiBkaXNjb3ZlcnkuIFNvIHdoaWxlIEkgZnVsbHkgYXBwcmVjaWF0ZSB0aGUgdmFsdWUgb2YgdGhl IGFkamFjZW5jeSB0YWJsZSwgd2UNCj4gbmVlZCB0byBiZSBmdW5jdGlvbmFsIHdpdGhvdXQgaXQu DQo+ID4NCj4gPiBOb3cgd2UncmUgZ2V0dGluZyBpbnRvIGEgbXVkZGxlIHdpdGggQU5JTUEgdnMg bm9uLUFOSU1BIG1vZGVzLiAoQW5kDQo+IHlvdSdyZSByaWdodCAtIHRoaXMgaXMgaW1wb3J0YW50 IHRvIHNvcnQgb3V0KS4gTGV0J3Mgc2VlIHdoZXRoZXIgd2UgY2FuIHNvcnQNCj4gdGhhdC4NCj4g Pg0KPiA+IFVwIGZyb250OiBUaGlzIGlzIHRoZSBBTklNQSBXRywgYW5kIHdlJ3JlIHByaW1hcmls eSBkZWZpbmluZyB0aGUgYmVoYXZpb3VyDQo+IG9mIGFuIEFOSU1BIG5vZGUuIFRoaXMgaXMsIElN TzoNCj4gPg0KPiA+IC0gVGhlcmUgaXMgYW4gYWRqYWNlbmN5IHRhYmxlLCB0aGF0IG9ic2VydmVz IHdoYXQgbm9kZXMgYXJlIHNlZW4gb24gZWFjaA0KPiBBTklNQS1jYXBhYmxlIGludGVyZmFjZS4N Cj4gPiAtIFRoaXMgdGFibGUgaXMgZmVkIGJ5IGRpc2NvdmVyeSAocHJpbWFyaWx5KS4NCj4gPiAt IERlcGVuZGluZyBvbiB0aGUgc3RhdGUgb2YgdGhlIG5vZGUsIGFuZCB0aGUgc3RhdGUgb2YgYW4g YWRqYWNlbnQgbm9kZSwNCj4gZGlmZmVyZW50IHRoaW5ncyB3aWxsIGhhcHBlbi4NCj4gPiAgIChz ZWUgbXkgcHJlc2VudGF0aW9uIG9uIHRoZSByZWZlcmVuY2UgbW9kZWwsIGxhc3QgSUVURiAtIGFs bA0KPiA+IGRlc2NyaWJlZCB0aGVyZSkNCj4gPg0KPiA+IEZvciBBTklNQSwgd2UgbmVlZCB0byBz ZXR0bGUgb24gTVVTVCBkaXNjb3ZlcnkgbWV0aG9kcy4NCj4gPiBJbiBBTklNQSwgd2Ugd2lsbCBB TFdBWVMgYnVpbGQgYW4gQUNQIHRvIG90aGVyIG5vZGVzIG9mIHRoZSBzYW1lDQo+IGRvbWFpbi4N Cj4gPg0KPiA+IFRoZSBhZGphY2VuY3kgdGFibGUgbGlua3MgQlJTS0kgYW5kIEFDUCBhdXRvbWF0 aWNhbGx5OiBPbmNlIEkgZGlzY292ZXIgYQ0KPiBub2RlIHdoaWNoIGlzIGluIHRoZSBzYW1lIGRv bWFpbiwgSSBhdHRlbXB0IHRvIHNldCB1cCBhbiBBQ1AgY29ubmVjdGlvbg0KPiB3aXRoIHRoYXQg bm9kZS4NCj4gDQo+IFN1cmUuIEFuZCBJIHRoaW5rIEkgY2FuIG1vZGVsIHRoYXQgd2l0aCBHUkFT UCAtIGl0IHNpbXBseSBuZWVkcyBhbiBvYmplY3RpdmUNCj4gdGhhdCBpbmNsdWRlcyB0aGUgZG9t YWluIGFuZCBub2RlIGNyZWRlbnRpYWxzLCByaWdodD8NCg0KV2UgbmVlZCBhIGRpc2NvdmVyeSBw cm90b2NvbC4gDQpXZSBzaG91bGQgdXNlIHRoZSBzYW1lIGRpc2NvdmVyeSBwcm90b2NvbCBmb3Ig QlJTS0kgYW5kIEFDUCAoYW5kIG90aGVyIGFjdGlvbnMgbGF0ZXIgb24sIHNlZSBteSBtZXNzYWdl IGEgZmV3IG1pbnMgYWdvKQ0KR1JBU1AgKmNvdWxkKiBiZSB0aGF0IHByb3RvY29sLCBpbiB0aGUg d2F5IHlvdSBkZXNjcmliZS4gDQpCdXQgbXkgdW5kZXJzdGFuZGluZyB3YXMgdGhhdCB3ZSBoYWQg c2V0dGxlZCBvbiB1c2luZyBtRE5TIGZvciB0aGlzIGRpc2NvdmVyeS4gDQoNCkluIHRoZSBib290 c3RyYXAgY2FsbHMsIHRoaXMgd2FzICJkZWNpZGVkIiwgc2VlDQpodHRwOi8vZXRoZXJwYWQudG9v bHMuaWV0Zi5vcmc6OTAwMC9wL2FuaW1hLWJvb3N0cmFwcGluZz91c2VNb25vc3BhY2VGb250PXRy dWUNCk5vdGVzIGZyb20gMjAxNi0xMC0wNCwgYnVsbGV0IDMgKGN1cnJlbnRseSwgbGluZXMgMTc1 LTE3OCk6ICANCiANCjxpbmNsdWRlIGZyb20gZXRoZXJwYWQ+DQozLiBodHRwczovL3Rvb2xzLmll dGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1hbmltYS1ib290c3RyYXBwaW5nLWtleWluZnJhLTAzI3Nl Y3Rpb24tMy4xLjEgZG9lcyBub3Qgc3BlY2lmeSBhIEdSQVNQIG1lY2hhbmlzbSBmb3IgcHJveHkg ZGlzY292ZXJ5LCBzaG91bGQgaXQ/DQoNCm1heCBmZWVscywgIm5vIiBiZWNhdXNlIGRlZmluaW5n IGFuIGluc2VjdXJlIG1vZGUgb2YgR1JBU1AgaXMgZGlmZmljdWx0Lg0KDQptY3IgZmVlbHMsICJu byIgYmVjYXVzZSBkaXNjb3ZlcnkgYnkgbXVsdGljYXN0IFVEUCBidXQgcmVwbHlzIGFyZSBieSBU Q1Agd2hpY2ggbWVhbnMgdGhlIG5ldyBub2RlIG5lZWRzIHRvIG9wZW4gYSBUQ1AgcG9ydCB0byBn ZXQgYSByZXBseSBiYWNrLiBXZSBqdXN0IGhhZCBhIGxvbmcgY29udmVyc2F0aW9uIGFib3V0IFRD UC9VRFAgZXRjIChyZSBmbGlwcGluZyB0aGUgaGFuZHNoYWtlKSBhbmQgdGhpcyBhZGRzIG1vcmUg Y29uZnVzaW9uLg0KDQpncm91cCBjb25jbHVzaW9uOiBjbG9zZSB0aGlzLiAiTm8iLiAoYWdyZWVt ZW50IG9uIHRoZSBjYWxsIGlzIG5vdGVkOyB3aXRoIHRvZXJsZXNzIHZvdGluZyBmb3IgZ3Jhc3Ag YnV0IGFjY2VwdGluZyB0aGUgZ3JvdXAgZGVjaXNpb24pDQo8L2luY2x1ZGU+IA0KDQpPYnZpb3Vz bHksIHdlIGRvbid0IGhhdmUgY29uc2Vuc3VzIG9uIHRoaXMgaW4gdGhlIHdpZGVyIFdHIHlldC4g V2UgcmVhbGx5IG5lZWQgdG8gZ2V0IHRoaXMgY29uc2Vuc3VzIHRvIG1vdmUgb24uIA0KDQooTm90 ZSB0aGF0IEdSQVNQIGZvciBkaXNjb3ZlcnkgaW4gdGhlIEFDUCwgYW5kIGZvciBuZWdvdGlhdGlu ZyBiZXR3ZWVuIEFTQXMgaXMgZ2VuZXJhbGx5IGFjY2VwdGVkLCBJIHRoaW5rKQ0KDQpNaWNoYWVs DQoNCj4gPg0KPiA+IE91dHNpZGUgQU5JTUEsIEdSQVNQIGNhbiBiZSB1c2VkIGluIG1hbnkgb3Ro ZXIgd2F5czsgQlJTS0kgY2FuIGJlDQo+IHVzZWQgdG8gZGVyaXZlIExEZXZJRHMgYW5kIG5vdGhp bmcgZWxzZS4NCj4gPg0KPiA+IERvIHdlIGFncmVlPw0KPiANCj4gSSB0aGluayBzby4gQnV0IEkg d29uJ3Qga25vdyBzbyB1bnRpbCBJIHNlZSB3aGF0IHRoZSBBQ1AncyBBUEkgbG9va3MgbGlrZS4N Cj4gUmVtZW1iZXIgdGhhdCBHUkFTUCBuZWVkcyB0byBjcmVhdGUgdW5pY2FzdCBhbmQgbXVsdGlj YXN0IHNvY2tldHMsIHNvIGluDQo+IGFuIEFDUCByZWdpbWUgdGhvc2Ugc29ja2V0cyBuZWVkIHRv IGJlIHByb3ZpZGVkIGJ5IHRoZSBBQ1AuDQo+IA0KPiAgICBCcmlhbg0KPiANCj4gPiBNaWNoYWVs DQo+ID4NCj4gPj4gUmdkcw0KPiA+PiAgICAgQnJpYW4NCj4gPj4NCj4gPg0KDQo= From nobody Wed Oct 19 12:42:50 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 088901296F8 for ; Wed, 19 Oct 2016 12:42:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wubWDpy9MKfp for ; Wed, 19 Oct 2016 12:42:47 -0700 (PDT) Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA900129453 for ; Wed, 19 Oct 2016 12:42:46 -0700 (PDT) Received: by mail-pf0-x22a.google.com with SMTP id 128so21178610pfz.0 for ; Wed, 19 Oct 2016 12:42:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=JwCUGNJlDc5N4UmdPL0y2O8T9IhVm9laKtYXoJDIKvg=; b=N3O9v+uyRyWtZJUlF8LUom8SPHGhGohX5M8O+nmie5Z3nQL1qw9k/kgTiS6gU0fx4O W2bY0XsaFwTLGUnEAMYsN7Rym6nqfUblnLnrToVLMWIvc8pBuF+9p5CUSFLKYmEhh+oZ MS8QV/3DQmMiz+b+nxzpnRNdqY0pGUOsolvN5IdGlg5xQgjscdbwlzBoN/T5uQvmLYk6 R99dfKakhGkw8hreahn9kc6BWE6kj8EiNrK6EfkWhYJFDY4pn5MbqEPotn+2DgtRqJvd GV3jNNfYZdbBBLGhbAPRf4GTu758IsE3yWjiZSZtebGa0Az9AI+l3u7ZfH8aivLa0YZG 7O+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=JwCUGNJlDc5N4UmdPL0y2O8T9IhVm9laKtYXoJDIKvg=; b=ceO47LVe1DnA3sHJcLtelqdJWIPlByycmH3UMHt6e1VJzHLakjTd/ALp9pgybWUeXu mQpeJn1zTmk4L4peKw9+TpqibiQW8SVYQf46IQYgMshfCY47CCD4l/bdmr0Lt4rSWtRB 9OZs0yDJzVOoC2uG8HZjUMNlKeAvqd8BWrGKSFzi0lw2gxzIVsujHRBWe7drz929G6Wg TbX1yDCVlgMSXR/jXYqxCiydYcJ/C6sUMhYE14ycsUFEIeRDMGARGVnwv9TMfPOjjbuF 4hC/SVqj8IjsL76xefEbvkWsPpABkbeyzm66I0MoBxZkB+tHjqhELrcktRCkHUkNqeIu pwDw== X-Gm-Message-State: AA6/9RlxUTTVdL/QkQwarwYOOUmcu9bMZMB3zHpex+mdZ/4dDEZVzaWKVBbakiXLatgRgw== X-Received: by 10.98.31.4 with SMTP id f4mr14098681pff.67.1476906166410; Wed, 19 Oct 2016 12:42:46 -0700 (PDT) Received: from [192.168.178.23] ([118.148.125.82]) by smtp.gmail.com with ESMTPSA id u10sm65949549pau.32.2016.10.19.12.42.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Oct 2016 12:42:45 -0700 (PDT) To: "Michael Behringer (mbehring)" , "Max Pritikin (pritikin)" References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: Date: Thu, 20 Oct 2016 08:42:48 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2016 19:42:49 -0000 Picking out a couple points: > Right now we really specify the same thing in both BRSKI and ACP drafts= =2E It's a bit worse, because in practice GRASP has to do a lot of the same stuff. I won't trouble you with details, but the first sections of GRASP initialisation carry these comments: # Initialise global variables # Is there an ACP? # What's my address? # What interfaces do I have? # Create sockets to send LL multicasts # Initialise TCP sockets to receive unicast Discovery responses # Start relay if needed So, although it doesn't deal with adjacencies as such, if it could simply grap the adjacency table from the ACP, all of the above would be much more straightforward. However, that may have things backwards. If the first thing a GRASP node did after initialisation was something like flood(objective("AN_ACP")) and then listen for incoming floods from neighbors, it could quickly learn its potential ACP adjacencies. So, perhaps ACP formation is a special case ASA that runs always, in inse= cure link-local mode, to maintain adjacencies and support the creation of secure ACP tunnels. I could write demo code for the adjacency learning, but I'd need some hel= p on the domain ID. > make a separate (short) draft for autonomic adjacency discovery, and th= e adjacency table. If it's needed we can write it up. Then either embed it arbitrarily in on= e of the other documents, or discuss it with the WG. Regards Brian On 19/10/2016 20:21, Michael Behringer (mbehring) wrote: >>> What exactly is the "peer" in the above text? I tend to assume it's t= he >> proxy. >>> In that case it seems to me that the discovery process (whether it's >>> mDNS or GRASP) will discover all available proxies regardless of >>> domain. And then try them in some order of preference TBD. >> >> Agreed. From the perspective of a Pledge new device anything discovere= d is >> a =E2=80=9Cproxy=E2=80=9D or perhaps a registrar but it doesn=E2=80=99= t yet know the domain(s). >=20 > Mostly agree; two small edits: I would say " From the perspective of a = Pledge anything discovered is a *potential* =E2=80=9Cproxy=E2=80=9D." >=20 > I would not mention the registrar, since we decided that if a device ha= ppens to be a registrar, it should still behave like a proxy, to keep the= behaviour of the pledge as simple as possible.=20 >=20 > (I'm sure we agree - these are just editorial comments) >=20 >>> Also, all of this needs to work in the absence of an ACP and therefor= e >>> of the ACP's adjacency table. That applies to GRASP too, because in >>> order to perform its various link-local actions, it needs to know >>> which interfaces it has and which link-local addresses it has. And it= >>> learns of its link-local neighbors as a result of discovery. So while= >>> I fully appreciate the value of the adjacency table, we need to be fu= nctional >> without it. >> >> Michael things of discovered proxies as adjacencies for the table. I t= hink of >> them as a =E2=80=9Clist of discovered proxies=E2=80=9D. The concepts a= re similar and Michael is >> correct that the current sentence could be clearer. >=20 > Seen from BRSKI, you are right.=20 >=20 > My main comment really is: Adjacency discovery, as well as the adjacenc= y table, is really independent of both BRSKI and ACP. It is a feature of = an *autonomic node*. When an autonomic node is in factory default, it wil= l use the adjacency table to invoke bootstrap; when it is in a domain, it= will use the same table to create an ACP connection. So the adjacency di= scovery and the table are really separate from BRSKI and ACP.=20 >=20 > Because of this, I've said for a while the really "correct" thing to do= would be to make a separate (short) draft for autonomic adjacency discov= ery, and the adjacency table. This would be a really nice place to descri= be the general behaviour of an autonomic node.=20 > =20 > Right now we really specify the same thing in both BRSKI and ACP drafts= =2E First of all, I think we should be VERY clear that we don't want *two= * mechanisms to discover a proxy or an ACP neighbour. We want a single pr= otocol to do this. (I think we agree up to here).=20 >=20 > The chairs have been pushing hard against another draft, for purely pra= ctical reasons, and I understand that, and can live with it.=20 >=20 > But let's be clear that this should really be the same protocol, it sho= uld be specified in one place only, and the other refers to that. (Again,= I think we agree on that).=20 >=20 > Here's what's going to happen in phase 2 of ANIMA:=20 > - We'll want Intent to say things like "trust autonomic devices in doma= in x for the sole purpose of auto-negotiating BGP security".=20 > - or "if a node in sp.net sees one in customer.sp.net, it should create= a 'unidirectional' ACP" > - Therefore, a node now needs to scan its adjacency table, see where th= ere are nodes of domain x.=20 > - for such nodes, we'll establish another form of security association,= we will NOT include them in the general ACP.=20 > - so there will be another way to handle nodes in the table that we've = ignored so far.=20 > - This will result in another draft.=20 > - Now, without the adjacency discovery draft, we need now to point to a= nother "use case" draft, e.g., BRSKI for the details of adjacency discove= ry, and what to do in which case.=20 >=20 > To me, we are turning cause and action the wrong way round.=20 >=20 > Michael >=20 >=20 >> - max >> >>> >>> Rgds >>> Brian >>> >>> >=20 From nobody Wed Oct 19 13:00:21 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2B09129579 for ; Wed, 19 Oct 2016 13:00:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NMPYAaYzXbco for ; Wed, 19 Oct 2016 13:00:17 -0700 (PDT) Received: from mail-pf0-x232.google.com (mail-pf0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9748B12955F for ; Wed, 19 Oct 2016 13:00:17 -0700 (PDT) Received: by mail-pf0-x232.google.com with SMTP id s8so21316690pfj.2 for ; Wed, 19 Oct 2016 13:00:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=YHG2/dhxuY7hzEgOYBuDV4oj3c3NkH4d/two+gWWhkQ=; b=rmuXb9criy/wRK8K/UFKPOMcrm70pqWfkgzsjVqvZ+gcn3pQfdIiu/kX+DBg0PcLaf y96hzFvnYqdvqK81LISGY+zt3Rp2/JVcE8VhpzFK1Vvk4mntxFgyp5BlirGsB1p7h8Cu XTEz50ncu+mF/qR82VKmDzifSdIKXlQflY08PwUyV9Uenuiodm/YTq+feEJ9bJdzPijN kpYAPT4sQHz00VAYFiAEDoaq5Z3LUeL4d7z4DaJeq7FtkXShiyWcgZtKa2Ktt8Tzjlm+ nMQ+g4Cx26qmsqm/9SFEmK8UYgrypwV9wenxhcdTKrubSa206mL/DtMVSq4IEYoVzLOq MxfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=YHG2/dhxuY7hzEgOYBuDV4oj3c3NkH4d/two+gWWhkQ=; b=GpGM42dPKo4G7TssV99zHNSdE+ySKqbaKqoWca/tfHNuDdIoYxgPyD+Y5RhmJiiN1r ikz71+N180I4hhLySVCHXGWAh61VzQzk05K6mkW1wBsgK+Nk4WUQjuV6hpKl1XgECJtM 8Gqn3TNpyto/ieNqB0eTTUlZVecH4XcxmBCQzO8KyftNNMiW1BdN63eCHWh7aTvP1Lbn 4OTalw+iCwpgusN2eLYbwsAgFV/Kdzp/Mew+XwgD0AJp582Gu5+r4kDkOQqeQX6rCI5A h0vgMCIa/zg9fNFvRtRXpQH/urfx6KxUBSbmEgrOFi91FtmS/98JoVLIM6O3iaSog88I h+qA== X-Gm-Message-State: AA6/9RnnjtaEYFdF0Nq9kaBURXNleWKTQBVLKDMhfwKx/S0v1gkNJoltrFlv8SlfIZEoiw== X-Received: by 10.99.51.15 with SMTP id z15mr11849992pgz.41.1476907216711; Wed, 19 Oct 2016 13:00:16 -0700 (PDT) Received: from [192.168.178.23] ([118.148.125.82]) by smtp.gmail.com with ESMTPSA id v73sm65801161pfd.63.2016.10.19.13.00.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Oct 2016 13:00:16 -0700 (PDT) To: "Michael Behringer (mbehring)" , "Max Pritikin (pritikin)" References: From: Brian E Carpenter Organization: University of Auckland Message-ID: Date: Thu, 20 Oct 2016 09:00:19 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] mDNS or GRASP? [was: peer and domain [was BRSKI State Machine]] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2016 20:00:20 -0000 Snipping... On 19/10/2016 20:35, Michael Behringer (mbehring) wrote: >> -----Original Message----- >> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] >> Sent: 18 October 2016 21:46 ... >>> "peer" is an entry in the adjacency table. Yes, there may be several on an >> interface, of several different domains. The adjacency table discussion tries >> to capture that. >> >> Fair enough. But anyway my comment still applies: a node that is joining the >> ACP, or simply updating its ACP adjacencies, will discover all available >> neighbors... > > True. But why is that a problem, or what are you suggesting because of this? > (I think I got lost in the arguments here) No, no problem, I was just trying to be clear about what you meant. ... > We need a discovery protocol. > We should use the same discovery protocol for BRSKI and ACP (and other actions later on, see my message a few mins ago) > GRASP *could* be that protocol, in the way you describe. > But my understanding was that we had settled on using mDNS for this discovery. > > In the bootstrap calls, this was "decided", see > http://etherpad.tools.ietf.org:9000/p/anima-boostrapping?useMonospaceFont=true > Notes from 2016-10-04, bullet 3 (currently, lines 175-178): > > > 3. https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-03#section-3.1.1 does not specify a GRASP mechanism for proxy discovery, should it? > > max feels, "no" because defining an insecure mode of GRASP is difficult. Which was tru in Berlin but is now wrong; the insecure instances are defined in GRASP -07. > mcr feels, "no" because discovery by multicast UDP but replys are by TCP which means the new node needs to open a TCP port to get a reply back. We just had a long conversation about TCP/UDP etc (re flipping the handshake) and this adds more confusion. Which is resolved in the GRASP -08 candidate text after that conversation, and in running code. (And also, in the "flood" model for proxy discovery, TCP doesn't even arise, so this argument is doubly wrong.) > group conclusion: close this. "No". (agreement on the call is noted; with toerless voting for grasp but accepting the group decision) > I don't get up in the middle of the night for those calls, and I don't accept that decision. We should not *require* mDNS in Anima. I can see that it will be needed in some non-Anima deployments of BRSKI. I thought we had actually resolved that in Berlin. Proxies can be discovered with mDNS or GRASP. I've posted demo code for link-local discovery of proxies by pledges using two different GRASP models - flooding or discovery/synchronization. I'd like comments on those models. As noted above, the flooding model is UDP only. https://www.cs.auckland.ac.nz/~brian/graspy/brski/README.txt Brian From nobody Wed Oct 19 13:14:51 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7511E1293E3 for ; Wed, 19 Oct 2016 13:14:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Fg3CMLtcWal for ; Wed, 19 Oct 2016 13:14:49 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB94212967E for ; Wed, 19 Oct 2016 13:05:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8820; q=dns/txt; s=iport; t=1476907533; x=1478117133; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=YUIkyeX9AYTIeDBAHTB8XBpt/kwUEMKnp8A0NkVrI18=; b=RJhpW5qlnAL3oJGBmxPnq2BjSc54wA28S6uHj3IHaqlpMRe5xrIR6Alz iH1zGv9lEjxDjc+nCObzKnjiyVwFhLAoZIuKmHVFhFf8/zXy7jgVFz28V 2o7HVWD/78sCoN0QE1UVrMMFlUnXtWVZwqqJDnt6aMkeoR+s753dwJ01n w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CVAQBN0QdY/5xdJa1cGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgz4BAQEBAR1XfQeNLZZ8h16KToIPgggphXgCGoFnPxQBAgEBAQEBAQF?= =?us-ascii?q?iKIRiAQEBAwEjETkMBQsCAQgYAgImAgICHxEVEAIEDgWIOAMPCA62Z4kQDYNwA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEBHIEHhzOCWIJHggAXgm0sgi8FlAmFTzUBhii?= =?us-ascii?q?DBoNJgxKBbo4LhxKBVYQXg38BHjZVgwUcgVNyAQGHO4EAAQEB?= X-IronPort-AV: E=Sophos;i="5.31,367,1473120000"; d="scan'208";a="159438852" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Oct 2016 20:05:32 +0000 Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com [173.37.102.18]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id u9JK5WjA015081 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 19 Oct 2016 20:05:32 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-008.cisco.com (173.37.102.18) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 19 Oct 2016 15:05:31 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Wed, 19 Oct 2016 15:05:31 -0500 From: "Max Pritikin (pritikin)" To: Brian E Carpenter Thread-Topic: peer and domain [was BRSKI State Machine] Thread-Index: AQHSKMzDVhUNHbdjR0OSbE5FP+t8tKCunHYAgAEYoACAAM8SAIAABlgA Date: Wed, 19 Oct 2016 20:05:31 +0000 Message-ID: <1E52CF54-52F5-40A8-98A2-1DD3BE030CC7@cisco.com> References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.9] Content-Type: text/plain; charset="utf-8" Content-ID: <3388D269071D6F478F29564B4A59DCB3@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" , "Michael Behringer \(mbehring\)" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2016 20:14:50 -0000 DQo+IE9uIE9jdCAxOSwgMjAxNiwgYXQgMTo0MiBQTSwgQnJpYW4gRSBDYXJwZW50ZXIgPGJyaWFu LmUuY2FycGVudGVyQGdtYWlsLmNvbT4gd3JvdGU6DQo+IA0KPiBQaWNraW5nIG91dCBhIGNvdXBs ZSBwb2ludHM6DQo+IA0KPj4gUmlnaHQgbm93IHdlIHJlYWxseSBzcGVjaWZ5IHRoZSBzYW1lIHRo aW5nIGluIGJvdGggQlJTS0kgYW5kIEFDUCBkcmFmdHMuDQo+IA0KPiBJdCdzIGEgYml0IHdvcnNl LCBiZWNhdXNlIGluIHByYWN0aWNlIEdSQVNQIGhhcyB0byBkbyBhIGxvdCBvZiB0aGUgc2FtZQ0K PiBzdHVmZi4NCg0KSXNu4oCZdCB0aGlzIGEgcmVzdWx0IG9mIG5vdCBjbGVhcmx5IGRlZmluaW5n IHRoZSBkZXBlbmRlbmNpZXM/IElmIEdSQVNQIGNsZWFybHkgZGVwZW5kZWQgb24gdGhlIEFDUCB0 aGVuIHNvbWUgb2YgdGhpcyByZWR1bmRhbmN5IHdvdWxkIGdvIGF3YXk/IA0KDQpGb3IgZXhhbXBs ZSwgaWYgR1JBU1AgczMuMy4xIHJlcXVpcmVkIHRoZSBBQ1AgaW5zdGVhZCBvZiBvbmx5IGluZGlj YXRpbmcgdGhhdCB0aGUgQUNQIOKAnFNIT1VMROKAnSBleGlzdCB0aGVuIGEgZGVwZW5kZW5jZSBv biB0aGUgYWRqYWNlbmN5IHRhYmxlIGZyb20gQUNQLTAzIHM1LjEuMiB3b3VsZCBiZSBjbGVhci4g UmVmOg0KCWh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWFuaW1hLWdyYXNw LTA3I3NlY3Rpb24tMy4zLjENCglodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0 Zi1hbmltYS1hdXRvbm9taWMtY29udHJvbC1wbGFuZS0wMyNzZWN0aW9uLTUuMS4yDQoJYW5kIHRo ZSBjb3JlIGFkamFjZW5jeSB0YWJsZSBkaXNjdXNzaW9uIGluOg0KCWh0dHBzOi8vdG9vbHMuaWV0 Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWFuaW1hLXJlZmVyZW5jZS1tb2RlbC0wMiNzZWN0aW9uLTUN Cg0KVGhlIEJSU0tJIGRvYyBjYW7igJl0IHJlZmVyZW5jZSBBQ1Agc28gaW5zdGVhZCBJ4oCZbGwg dXBkYXRlIHRoZSBsaXN0IG9mIGFkamFjZW5jaWVzIGRpc2N1c3Npb24gdG8gcmVmZXJlbmNlIG9u bHkgdGhlIGFuaW1hLXJlZmVyZW5jZS1tb2RlbCAoaW5mb3JtYXRpb25hbCkuIA0KDQotIG1heA0K DQo+IEkgd29uJ3QgdHJvdWJsZSB5b3Ugd2l0aCBkZXRhaWxzLCBidXQgdGhlIGZpcnN0IHNlY3Rp b25zIG9mIEdSQVNQDQo+IGluaXRpYWxpc2F0aW9uIGNhcnJ5IHRoZXNlIGNvbW1lbnRzOg0KPiAN Cj4gIyBJbml0aWFsaXNlIGdsb2JhbCB2YXJpYWJsZXMNCj4gIyBJcyB0aGVyZSBhbiBBQ1A/DQo+ ICMgV2hhdCdzIG15IGFkZHJlc3M/DQo+ICMgV2hhdCBpbnRlcmZhY2VzIGRvIEkgaGF2ZT8NCj4g IyBDcmVhdGUgc29ja2V0cyB0byBzZW5kIExMIG11bHRpY2FzdHMNCj4gIyBJbml0aWFsaXNlIFRD UCBzb2NrZXRzIHRvIHJlY2VpdmUgdW5pY2FzdCBEaXNjb3ZlcnkgcmVzcG9uc2VzDQo+ICMgU3Rh cnQgcmVsYXkgaWYgbmVlZGVkDQo+IA0KPiBTbywgYWx0aG91Z2ggaXQgZG9lc24ndCBkZWFsIHdp dGggYWRqYWNlbmNpZXMgYXMgc3VjaCwgaWYgaXQgY291bGQNCj4gc2ltcGx5IGdyYXAgdGhlIGFk amFjZW5jeSB0YWJsZSBmcm9tIHRoZSBBQ1AsIGFsbCBvZiB0aGUgYWJvdmUgd291bGQNCj4gYmUg bXVjaCBtb3JlIHN0cmFpZ2h0Zm9yd2FyZC4gSG93ZXZlciwgdGhhdCBtYXkgaGF2ZSB0aGluZ3Mg YmFja3dhcmRzLg0KPiBJZiB0aGUgZmlyc3QgdGhpbmcgYSBHUkFTUCBub2RlIGRpZCBhZnRlciBp bml0aWFsaXNhdGlvbiB3YXMgc29tZXRoaW5nDQo+IGxpa2UgZmxvb2Qob2JqZWN0aXZlKCJBTl9B Q1AiKSkgYW5kIHRoZW4gbGlzdGVuIGZvciBpbmNvbWluZyBmbG9vZHMgZnJvbQ0KPiBuZWlnaGJv cnMsIGl0IGNvdWxkIHF1aWNrbHkgbGVhcm4gaXRzIHBvdGVudGlhbCBBQ1AgYWRqYWNlbmNpZXMu DQo+IA0KPiBTbywgcGVyaGFwcyBBQ1AgZm9ybWF0aW9uIGlzIGEgc3BlY2lhbCBjYXNlIEFTQSB0 aGF0IHJ1bnMgYWx3YXlzLCBpbiBpbnNlY3VyZQ0KPiBsaW5rLWxvY2FsIG1vZGUsIHRvIG1haW50 YWluIGFkamFjZW5jaWVzIGFuZCBzdXBwb3J0IHRoZSBjcmVhdGlvbiBvZg0KPiBzZWN1cmUgQUNQ IHR1bm5lbHMuDQo+IA0KPiBJIGNvdWxkIHdyaXRlIGRlbW8gY29kZSBmb3IgdGhlIGFkamFjZW5j eSBsZWFybmluZywgYnV0IEknZCBuZWVkIHNvbWUgaGVscA0KPiBvbiB0aGUgZG9tYWluIElELg0K PiANCj4+IG1ha2UgYSBzZXBhcmF0ZSAoc2hvcnQpIGRyYWZ0IGZvciBhdXRvbm9taWMgYWRqYWNl bmN5IGRpc2NvdmVyeSwgYW5kIHRoZSBhZGphY2VuY3kgdGFibGUuDQo+IA0KPiBJZiBpdCdzIG5l ZWRlZCB3ZSBjYW4gd3JpdGUgaXQgdXAuIFRoZW4gZWl0aGVyIGVtYmVkIGl0IGFyYml0cmFyaWx5 IGluIG9uZQ0KPiBvZiB0aGUgb3RoZXIgZG9jdW1lbnRzLCBvciBkaXNjdXNzIGl0IHdpdGggdGhl IFdHLg0KPiANCj4gUmVnYXJkcw0KPiAgIEJyaWFuDQo+IA0KPiBPbiAxOS8xMC8yMDE2IDIwOjIx LCBNaWNoYWVsIEJlaHJpbmdlciAobWJlaHJpbmcpIHdyb3RlOg0KPj4+PiBXaGF0IGV4YWN0bHkg aXMgdGhlICJwZWVyIiBpbiB0aGUgYWJvdmUgdGV4dD8gSSB0ZW5kIHRvIGFzc3VtZSBpdCdzIHRo ZQ0KPj4+IHByb3h5Lg0KPj4+PiBJbiB0aGF0IGNhc2UgaXQgc2VlbXMgdG8gbWUgdGhhdCB0aGUg ZGlzY292ZXJ5IHByb2Nlc3MgKHdoZXRoZXIgaXQncw0KPj4+PiBtRE5TIG9yIEdSQVNQKSB3aWxs IGRpc2NvdmVyIGFsbCBhdmFpbGFibGUgcHJveGllcyByZWdhcmRsZXNzIG9mDQo+Pj4+IGRvbWFp bi4gQW5kIHRoZW4gdHJ5IHRoZW0gaW4gc29tZSBvcmRlciBvZiBwcmVmZXJlbmNlIFRCRC4NCj4+ PiANCj4+PiBBZ3JlZWQuIEZyb20gdGhlIHBlcnNwZWN0aXZlIG9mIGEgUGxlZGdlIG5ldyBkZXZp Y2UgYW55dGhpbmcgZGlzY292ZXJlZCBpcw0KPj4+IGEg4oCccHJveHnigJ0gb3IgcGVyaGFwcyBh IHJlZ2lzdHJhciBidXQgaXQgZG9lc27igJl0IHlldCBrbm93IHRoZSBkb21haW4ocykuDQo+PiAN Cj4+IE1vc3RseSBhZ3JlZTsgdHdvIHNtYWxsIGVkaXRzOiBJIHdvdWxkIHNheSAiIEZyb20gdGhl IHBlcnNwZWN0aXZlIG9mIGEgUGxlZGdlIGFueXRoaW5nIGRpc2NvdmVyZWQgaXMgYSAqcG90ZW50 aWFsKiDigJxwcm94eeKAnS4iDQo+PiANCj4+IEkgd291bGQgbm90IG1lbnRpb24gdGhlIHJlZ2lz dHJhciwgc2luY2Ugd2UgZGVjaWRlZCB0aGF0IGlmIGEgZGV2aWNlIGhhcHBlbnMgdG8gYmUgYSBy ZWdpc3RyYXIsIGl0IHNob3VsZCBzdGlsbCBiZWhhdmUgbGlrZSBhIHByb3h5LCB0byBrZWVwIHRo ZSBiZWhhdmlvdXIgb2YgdGhlIHBsZWRnZSBhcyBzaW1wbGUgYXMgcG9zc2libGUuIA0KPj4gDQo+ PiAoSSdtIHN1cmUgd2UgYWdyZWUgLSB0aGVzZSBhcmUganVzdCBlZGl0b3JpYWwgY29tbWVudHMp DQo+PiANCj4+Pj4gQWxzbywgYWxsIG9mIHRoaXMgbmVlZHMgdG8gd29yayBpbiB0aGUgYWJzZW5j ZSBvZiBhbiBBQ1AgYW5kIHRoZXJlZm9yZQ0KPj4+PiBvZiB0aGUgQUNQJ3MgYWRqYWNlbmN5IHRh YmxlLiBUaGF0IGFwcGxpZXMgdG8gR1JBU1AgdG9vLCBiZWNhdXNlIGluDQo+Pj4+IG9yZGVyIHRv IHBlcmZvcm0gaXRzIHZhcmlvdXMgbGluay1sb2NhbCBhY3Rpb25zLCBpdCBuZWVkcyB0byBrbm93 DQo+Pj4+IHdoaWNoIGludGVyZmFjZXMgaXQgaGFzIGFuZCB3aGljaCBsaW5rLWxvY2FsIGFkZHJl c3NlcyBpdCBoYXMuIEFuZCBpdA0KPj4+PiBsZWFybnMgb2YgaXRzIGxpbmstbG9jYWwgbmVpZ2hi b3JzIGFzIGEgcmVzdWx0IG9mIGRpc2NvdmVyeS4gU28gd2hpbGUNCj4+Pj4gSSBmdWxseSBhcHBy ZWNpYXRlIHRoZSB2YWx1ZSBvZiB0aGUgYWRqYWNlbmN5IHRhYmxlLCB3ZSBuZWVkIHRvIGJlIGZ1 bmN0aW9uYWwNCj4+PiB3aXRob3V0IGl0Lg0KPj4+IA0KPj4+IE1pY2hhZWwgdGhpbmdzIG9mIGRp c2NvdmVyZWQgcHJveGllcyBhcyBhZGphY2VuY2llcyBmb3IgdGhlIHRhYmxlLiBJIHRoaW5rIG9m DQo+Pj4gdGhlbSBhcyBhIOKAnGxpc3Qgb2YgZGlzY292ZXJlZCBwcm94aWVz4oCdLiBUaGUgY29u Y2VwdHMgYXJlIHNpbWlsYXIgYW5kIE1pY2hhZWwgaXMNCj4+PiBjb3JyZWN0IHRoYXQgdGhlIGN1 cnJlbnQgc2VudGVuY2UgY291bGQgYmUgY2xlYXJlci4NCj4+IA0KPj4gU2VlbiBmcm9tIEJSU0tJ LCB5b3UgYXJlIHJpZ2h0LiANCj4+IA0KPj4gTXkgbWFpbiBjb21tZW50IHJlYWxseSBpczogQWRq YWNlbmN5IGRpc2NvdmVyeSwgYXMgd2VsbCBhcyB0aGUgYWRqYWNlbmN5IHRhYmxlLCBpcyByZWFs bHkgaW5kZXBlbmRlbnQgb2YgYm90aCBCUlNLSSBhbmQgQUNQLiBJdCBpcyBhIGZlYXR1cmUgb2Yg YW4gKmF1dG9ub21pYyBub2RlKi4gV2hlbiBhbiBhdXRvbm9taWMgbm9kZSBpcyBpbiBmYWN0b3J5 IGRlZmF1bHQsIGl0IHdpbGwgdXNlIHRoZSBhZGphY2VuY3kgdGFibGUgdG8gaW52b2tlIGJvb3Rz dHJhcDsgd2hlbiBpdCBpcyBpbiBhIGRvbWFpbiwgaXQgd2lsbCB1c2UgdGhlIHNhbWUgdGFibGUg dG8gY3JlYXRlIGFuIEFDUCBjb25uZWN0aW9uLiBTbyB0aGUgYWRqYWNlbmN5IGRpc2NvdmVyeSBh bmQgdGhlIHRhYmxlIGFyZSByZWFsbHkgc2VwYXJhdGUgZnJvbSBCUlNLSSBhbmQgQUNQLiANCj4+ IA0KPj4gQmVjYXVzZSBvZiB0aGlzLCBJJ3ZlIHNhaWQgZm9yIGEgd2hpbGUgdGhlIHJlYWxseSAi Y29ycmVjdCIgdGhpbmcgdG8gZG8gd291bGQgYmUgdG8gbWFrZSBhIHNlcGFyYXRlIChzaG9ydCkg ZHJhZnQgZm9yIGF1dG9ub21pYyBhZGphY2VuY3kgZGlzY292ZXJ5LCBhbmQgdGhlIGFkamFjZW5j eSB0YWJsZS4gVGhpcyB3b3VsZCBiZSBhIHJlYWxseSBuaWNlIHBsYWNlIHRvIGRlc2NyaWJlIHRo ZSBnZW5lcmFsIGJlaGF2aW91ciBvZiBhbiBhdXRvbm9taWMgbm9kZS4gDQo+PiANCj4+IFJpZ2h0 IG5vdyB3ZSByZWFsbHkgc3BlY2lmeSB0aGUgc2FtZSB0aGluZyBpbiBib3RoIEJSU0tJIGFuZCBB Q1AgZHJhZnRzLiBGaXJzdCBvZiBhbGwsIEkgdGhpbmsgd2Ugc2hvdWxkIGJlIFZFUlkgY2xlYXIg dGhhdCB3ZSBkb24ndCB3YW50ICp0d28qIG1lY2hhbmlzbXMgdG8gZGlzY292ZXIgYSBwcm94eSBv ciBhbiBBQ1AgbmVpZ2hib3VyLiBXZSB3YW50IGEgc2luZ2xlIHByb3RvY29sIHRvIGRvIHRoaXMu IChJIHRoaW5rIHdlIGFncmVlIHVwIHRvIGhlcmUpLiANCj4+IA0KPj4gVGhlIGNoYWlycyBoYXZl IGJlZW4gcHVzaGluZyBoYXJkIGFnYWluc3QgYW5vdGhlciBkcmFmdCwgZm9yIHB1cmVseSBwcmFj dGljYWwgcmVhc29ucywgYW5kIEkgdW5kZXJzdGFuZCB0aGF0LCBhbmQgY2FuIGxpdmUgd2l0aCBp dC4gDQo+PiANCj4+IEJ1dCBsZXQncyBiZSBjbGVhciB0aGF0IHRoaXMgc2hvdWxkIHJlYWxseSBi ZSB0aGUgc2FtZSBwcm90b2NvbCwgaXQgc2hvdWxkIGJlIHNwZWNpZmllZCBpbiBvbmUgcGxhY2Ug b25seSwgYW5kIHRoZSBvdGhlciByZWZlcnMgdG8gdGhhdC4gKEFnYWluLCBJIHRoaW5rIHdlIGFn cmVlIG9uIHRoYXQpLiANCj4+IA0KPj4gSGVyZSdzIHdoYXQncyBnb2luZyB0byBoYXBwZW4gaW4g cGhhc2UgMiBvZiBBTklNQTogDQo+PiAtIFdlJ2xsIHdhbnQgSW50ZW50IHRvIHNheSB0aGluZ3Mg bGlrZSAidHJ1c3QgYXV0b25vbWljIGRldmljZXMgaW4gZG9tYWluIHggZm9yIHRoZSBzb2xlIHB1 cnBvc2Ugb2YgYXV0by1uZWdvdGlhdGluZyBCR1Agc2VjdXJpdHkiLiANCj4+IC0gb3IgImlmIGEg bm9kZSBpbiBzcC5uZXQgc2VlcyBvbmUgaW4gY3VzdG9tZXIuc3AubmV0LCBpdCBzaG91bGQgY3Jl YXRlIGEgJ3VuaWRpcmVjdGlvbmFsJyBBQ1AiDQo+PiAtIFRoZXJlZm9yZSwgYSBub2RlIG5vdyBu ZWVkcyB0byBzY2FuIGl0cyBhZGphY2VuY3kgdGFibGUsIHNlZSB3aGVyZSB0aGVyZSBhcmUgbm9k ZXMgb2YgZG9tYWluIHguIA0KPj4gLSBmb3Igc3VjaCBub2Rlcywgd2UnbGwgZXN0YWJsaXNoIGFu b3RoZXIgZm9ybSBvZiBzZWN1cml0eSBhc3NvY2lhdGlvbiwgd2Ugd2lsbCBOT1QgaW5jbHVkZSB0 aGVtIGluIHRoZSBnZW5lcmFsIEFDUC4gDQo+PiAtIHNvIHRoZXJlIHdpbGwgYmUgYW5vdGhlciB3 YXkgdG8gaGFuZGxlIG5vZGVzIGluIHRoZSB0YWJsZSB0aGF0IHdlJ3ZlIGlnbm9yZWQgc28gZmFy LiANCj4+IC0gVGhpcyB3aWxsIHJlc3VsdCBpbiBhbm90aGVyIGRyYWZ0LiANCj4+IC0gTm93LCB3 aXRob3V0IHRoZSBhZGphY2VuY3kgZGlzY292ZXJ5IGRyYWZ0LCB3ZSBuZWVkIG5vdyB0byBwb2lu dCB0byBhbm90aGVyICJ1c2UgY2FzZSIgZHJhZnQsIGUuZy4sIEJSU0tJIGZvciB0aGUgZGV0YWls cyBvZiBhZGphY2VuY3kgZGlzY292ZXJ5LCBhbmQgd2hhdCB0byBkbyBpbiB3aGljaCBjYXNlLiAN Cj4+IA0KPj4gVG8gbWUsIHdlIGFyZSB0dXJuaW5nIGNhdXNlIGFuZCBhY3Rpb24gdGhlIHdyb25n IHdheSByb3VuZC4gDQo+PiANCj4+IE1pY2hhZWwNCj4+IA0KPj4gDQo+Pj4gLSBtYXgNCj4+PiAN Cj4+Pj4gDQo+Pj4+IFJnZHMNCj4+Pj4gICBCcmlhbg0KPj4+PiANCj4+Pj4gDQo+PiANCj4gDQoN Cg== From nobody Wed Oct 19 17:03:44 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E57F129496 for ; Wed, 19 Oct 2016 17:03:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JJtkqbhv-PxK for ; Wed, 19 Oct 2016 17:03:40 -0700 (PDT) Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5601A129490 for ; Wed, 19 Oct 2016 17:03:39 -0700 (PDT) Received: by mail-pf0-x22e.google.com with SMTP id s8so24313732pfj.2 for ; Wed, 19 Oct 2016 17:03:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=KLFI+aTvnN+dTdMqzfFAILf+kYgrxeinMA7yYfySvhg=; b=E3LOv1VoJpddBNNAUCddBBfRCrvpXl3JWfKhGIH1eByBft4hiCXEdlqRBpvp8GsuNa /uEpre82ER31D60nXTAGErsjm5cw0tsNn6Yq3b07Q9vv2ZlvXMzt1e/pxhZeWsOWgqKD 7BmlNRoMA+uk9WNfMv7vZWlHg537YvPwTfx+KJMREurRBGyX07LAIN/f/QywbT1p+jn0 6ACd8+P5PeCbCDSsSQkf8K/TrdqLF0xQHFtdePoASSRDKVXJsE3fA24afoOQAYd8MhlP bmmEsQg0jKDQtNbL3p3rRWVUWp1C1jlvzbZLD2JOXK7IYgTWRxpYTJN2W1ugv1DtekVD KBcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=KLFI+aTvnN+dTdMqzfFAILf+kYgrxeinMA7yYfySvhg=; b=GmOQUWM6CkTXkmpdyzK17xE4UmHnezEwOwlEN1t+lThcpLfKBBOtTuI3xk3CRVi7rc GdfbPIiWTeIWFxpAiLYWb5nmBnKj0P3hJcmUG/bxKtSTi2NORCSkrAc8Us4p/p4BMB1o srcMS4gJNFPt8kdzlGnNS/SFQk4jAQ2GaIKMBOjygaZTxjTu8X4/9estoQUZZ00ffSqN jOhnZbwgr1vY/Eo6+QcLY34ocmzVyEJDmmhj1ZWE4te9cMx1arepi2fqh+F9IkWmd5FV n6zBKh/tx6mIwy9WYjWeYbIE81nDary+eZxQN7LeUMxaTLgUh+FLQV0a6+SDkS3MYogF Xbzw== X-Gm-Message-State: AA6/9RlfdygH7NARYG+MxyCEtJjsMWEHzOapkRd2EuQv81gwuwP0JTOuInaCbCjARCGfSg== X-Received: by 10.98.131.71 with SMTP id h68mr15918527pfe.166.1476921818557; Wed, 19 Oct 2016 17:03:38 -0700 (PDT) Received: from [192.168.178.23] ([118.148.125.82]) by smtp.gmail.com with ESMTPSA id q7sm66307594pfq.80.2016.10.19.17.03.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Oct 2016 17:03:37 -0700 (PDT) To: "Max Pritikin (pritikin)" References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> <1E52CF54-52F5-40A8-98A2-1DD3BE030CC7@cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: Date: Thu, 20 Oct 2016 13:03:40 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <1E52CF54-52F5-40A8-98A2-1DD3BE030CC7@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: "anima-bootstrap@ietf.org" , "Michael Behringer \(mbehring\)" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 00:03:42 -0000 On 20/10/2016 09:05, Max Pritikin (pritikin) wrote: >=20 >> On Oct 19, 2016, at 1:42 PM, Brian E Carpenter wrote: >> >> Picking out a couple points: >> >>> Right now we really specify the same thing in both BRSKI and ACP draf= ts. >> >> It's a bit worse, because in practice GRASP has to do a lot of the sam= e >> stuff. >=20 > Isn=E2=80=99t this a result of not clearly defining the dependencies? I= f GRASP clearly depended on the ACP then some of this redundancy would go= away?=20 That's true, but the requirements that we're working off include being ab= le to operate with no ACP. If we change that, we lock GRASP in. I don't think t= hat's desirable. >=20 > For example, if GRASP s3.3.1 required the ACP instead of only indicatin= g that the ACP =E2=80=9CSHOULD=E2=80=9D exist then a dependence on the ad= jacency table from ACP-03 s5.1.2 would be clear. Ref: > https://tools.ietf.org/html/draft-ietf-anima-grasp-07#section-3.3.1 > https://tools.ietf.org/html/draft-ietf-anima-autonomic-control-plane-0= 3#section-5.1.2 > and the core adjacency table discussion in: > https://tools.ietf.org/html/draft-ietf-anima-reference-model-02#sectio= n-5 >=20 > The BRSKI doc can=E2=80=99t reference ACP so instead I=E2=80=99ll updat= e the list of adjacencies discussion to reference only the anima-referenc= e-model (informational). I think that's wise. We should probably add a similar reference to the ad= jacency table in the GRASP spec. I've just put some text in my working copy. Basi= cally: if ACP is up: get interface & address info from the adjacency table else: dig it out from the operating system yourself Brian >=20 > - max >=20 >> I won't trouble you with details, but the first sections of GRASP >> initialisation carry these comments: >> >> # Initialise global variables >> # Is there an ACP? >> # What's my address? >> # What interfaces do I have? >> # Create sockets to send LL multicasts >> # Initialise TCP sockets to receive unicast Discovery responses >> # Start relay if needed >> >> So, although it doesn't deal with adjacencies as such, if it could >> simply grap the adjacency table from the ACP, all of the above would >> be much more straightforward. However, that may have things backwards.= >> If the first thing a GRASP node did after initialisation was something= >> like flood(objective("AN_ACP")) and then listen for incoming floods fr= om >> neighbors, it could quickly learn its potential ACP adjacencies. >> >> So, perhaps ACP formation is a special case ASA that runs always, in i= nsecure >> link-local mode, to maintain adjacencies and support the creation of >> secure ACP tunnels. >> >> I could write demo code for the adjacency learning, but I'd need some = help >> on the domain ID. >> >>> make a separate (short) draft for autonomic adjacency discovery, and = the adjacency table. >> >> If it's needed we can write it up. Then either embed it arbitrarily in= one >> of the other documents, or discuss it with the WG. >> >> Regards >> Brian >> >> On 19/10/2016 20:21, Michael Behringer (mbehring) wrote: >>>>> What exactly is the "peer" in the above text? I tend to assume it's= the >>>> proxy. >>>>> In that case it seems to me that the discovery process (whether it'= s >>>>> mDNS or GRASP) will discover all available proxies regardless of >>>>> domain. And then try them in some order of preference TBD. >>>> >>>> Agreed. From the perspective of a Pledge new device anything discove= red is >>>> a =E2=80=9Cproxy=E2=80=9D or perhaps a registrar but it doesn=E2=80=99= t yet know the domain(s). >>> >>> Mostly agree; two small edits: I would say " From the perspective of = a Pledge anything discovered is a *potential* =E2=80=9Cproxy=E2=80=9D." >>> >>> I would not mention the registrar, since we decided that if a device = happens to be a registrar, it should still behave like a proxy, to keep t= he behaviour of the pledge as simple as possible.=20 >>> >>> (I'm sure we agree - these are just editorial comments) >>> >>>>> Also, all of this needs to work in the absence of an ACP and theref= ore >>>>> of the ACP's adjacency table. That applies to GRASP too, because in= >>>>> order to perform its various link-local actions, it needs to know >>>>> which interfaces it has and which link-local addresses it has. And = it >>>>> learns of its link-local neighbors as a result of discovery. So whi= le >>>>> I fully appreciate the value of the adjacency table, we need to be = functional >>>> without it. >>>> >>>> Michael things of discovered proxies as adjacencies for the table. I= think of >>>> them as a =E2=80=9Clist of discovered proxies=E2=80=9D. The concepts= are similar and Michael is >>>> correct that the current sentence could be clearer. >>> >>> Seen from BRSKI, you are right.=20 >>> >>> My main comment really is: Adjacency discovery, as well as the adjace= ncy table, is really independent of both BRSKI and ACP. It is a feature o= f an *autonomic node*. When an autonomic node is in factory default, it w= ill use the adjacency table to invoke bootstrap; when it is in a domain, = it will use the same table to create an ACP connection. So the adjacency = discovery and the table are really separate from BRSKI and ACP.=20 >>> >>> Because of this, I've said for a while the really "correct" thing to = do would be to make a separate (short) draft for autonomic adjacency disc= overy, and the adjacency table. This would be a really nice place to desc= ribe the general behaviour of an autonomic node.=20 >>> >>> Right now we really specify the same thing in both BRSKI and ACP draf= ts. First of all, I think we should be VERY clear that we don't want *two= * mechanisms to discover a proxy or an ACP neighbour. We want a single pr= otocol to do this. (I think we agree up to here).=20 >>> >>> The chairs have been pushing hard against another draft, for purely p= ractical reasons, and I understand that, and can live with it.=20 >>> >>> But let's be clear that this should really be the same protocol, it s= hould be specified in one place only, and the other refers to that. (Agai= n, I think we agree on that).=20 >>> >>> Here's what's going to happen in phase 2 of ANIMA:=20 >>> - We'll want Intent to say things like "trust autonomic devices in do= main x for the sole purpose of auto-negotiating BGP security".=20 >>> - or "if a node in sp.net sees one in customer.sp.net, it should crea= te a 'unidirectional' ACP" >>> - Therefore, a node now needs to scan its adjacency table, see where = there are nodes of domain x.=20 >>> - for such nodes, we'll establish another form of security associatio= n, we will NOT include them in the general ACP.=20 >>> - so there will be another way to handle nodes in the table that we'v= e ignored so far.=20 >>> - This will result in another draft.=20 >>> - Now, without the adjacency discovery draft, we need now to point to= another "use case" draft, e.g., BRSKI for the details of adjacency disco= very, and what to do in which case.=20 >>> >>> To me, we are turning cause and action the wrong way round.=20 >>> >>> Michael >>> >>> >>>> - max >>>> >>>>> >>>>> Rgds >>>>> Brian >>>>> >>>>> >>> >> >=20 From nobody Thu Oct 20 06:51:16 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A5C12996A; Thu, 20 Oct 2016 06:51:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7k7Xp5S_geW; Thu, 20 Oct 2016 06:51:12 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A91912996C; Thu, 20 Oct 2016 06:51:12 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 5D93C20553; Thu, 20 Oct 2016 10:05:53 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4A8A5639BA; Thu, 20 Oct 2016 09:51:11 -0400 (EDT) From: Michael Richardson To: 6tisch-security <6tisch-security@ietf.org> X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: anima-bootstrap Subject: [Anima-bootstrap] 6tisch join -01 documented posted X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 13:51:16 -0000 --=-=-= Content-Type: text/plain https://tools.ietf.org/html/draft-richardson-6tisch-dtsecurity-secure-join-01 This has a far more extensive section 2 -- Protocol Description. Aside from many many details that need to be made more precise, there are quite a number of major things missing: 1) reference to draft-ietf-netconf-system-keychain-00, mapped to CBOR, along with some additions. 2) EDHOC/DTLS considerations 3) reference to ANIMA onwership voucher 4) references to ANIMA Bootstrap certificate stuff. In the process of creating this document, I created two other documents. a) https://datatracker.ietf.org/doc/draft-richardson-6lo-ra-in-ie/ This describes putting Router Advertisements in 802.15.4 Information Elements. Your comments in 6lo and 6tisch ML would be appreciated, and some discussion as to if and where this document goes. b) https://datatracker.ietf.org/doc/draft-richardson-anima-6join-discovery/ I wrote this document to reference from secure-join to explain the GRASP query that the Join Assistant will do to inform the Registrar about a new pledge. I think that this document goes into draft-ietf-anima-bootstrapping-keyinfra. Based upon some feedback on the anima list about how M_NEGOTIATE works, there are some major things wrong in this document when it comes to how an ANIMA Join Assistant would discover the *EST* port of the Registrar. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWAjLzICLcPvd0N1lAQLMFQgAgW1QuD56ZLkFgNdtTIQzDfoFFkgwCepZ IATEMVAvQg+l/UaRmkNYLpsr88bRZKyHZ9X/0ktRbQ7U2h/73GkhF47SSbaiXqju HjqgdxXSae2o9xhrKtJQhDimhWJ6iRuAusC6Gnt6L67YQ40YwUOPYRJDPzesbu/x eEuAIfKwvgb3wC1BP09+DMUjqKOoTC3JWv2Qy3iHTOhy7Uo+dxcjJdKeLTWnE2t6 eQw92c7d7PrFJ2ZvhoDRPMqDcDQ+L0IVF2mOMfUQNCCR1IHETPJH7r9LU83dcotR 19TCrBxi4GiuOOVpTdc4FHIDC2UU7L/XMoW+GJ6WssTchwktwLQRrQ== =3GpK -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Oct 20 08:23:17 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19ED01297B8 for ; Thu, 20 Oct 2016 08:23:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sN8A0NBZr_NK for ; Thu, 20 Oct 2016 08:23:14 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ADE5129657 for ; Thu, 20 Oct 2016 08:23:14 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id A84FF2054E; Thu, 20 Oct 2016 11:37:55 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 2BB19639BA; Thu, 20 Oct 2016 11:23:13 -0400 (EDT) From: Michael Richardson To: "Max Pritikin \(pritikin\)" In-Reply-To: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: "anima-bootstrap@ietf.org" , "Michael Behringer \(mbehring\)" Subject: Re: [Anima-bootstrap] BRSKI State Machine X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 15:23:16 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Max Pritikin (pritikin) wrote: >> In "real life" this would allow some visual feedback at the install >> site, so that the engineer knows whether he should wait or can go. >> [note: there may be security reasons to NOT give a reason for >> rejection, need to think more about this] > I think here we need to provide information about what happened. This > is why s5.4 exists to have the pledge send telemetry back to the > network that attempted bootstrapping. This is a hard problem I think, ; there is potential for a lot of chaff in the log if we do it wrong. > But note this is from the pledge to the domain. The device is assumed > to be headless/zero-touch etc so I wasn=E2=80=99t thinking in terms o= f sending > error messages to it. I=E2=80=99m open to doing so though. I agree that this is important... >> - we need to specify precisely the discovery method, with mDNS field >> names, and other details. In my head we're using mDNS here, and I >> *think* we agreed on that? > yes. with understanding that the proxy to registrar SHOULD be > discovered using GRASP for ACP devices. https://datatracker.ietf.org/doc/draft-richardson-anima-6join-discovery Posted yesterday, needs work. Needs to be merged into bootstrap document, I= think. MB> But, we'll need the same method also for the ACP draft: When both MB> nodes have a certificate, they need to discover each other as well. MB> I've been haggling with Toerless about this :-) I think we should MB> take the mDNS insecure discovery into a separate, new draft. > I don=E2=80=99t follow. mDNS simply *is* insecure. This is important = since we > can=E2=80=99t establish a secure discovery yet. mDNS is just fine to find *a* proxy for a pledge that doesn't know anything= else. (And couldn't verify the proxy anyway). I'm still unclear how the GRASP multicast discovery process is going to work (the details) such that it leads to an IKEv2 connection. *All* we need to form the ACP links is a multicast that says, "I speak ACP", and as I suggested before, this could be an multicast IKEv2 PARENT_I1 as much as anything else. Or we use the GRASP discovery multicast port, and the response is not a TCP connection that says, "I'm here", as much as just an IKEv2 packet instead. so I disagree with MB above: it's not the same protocol requirements at all. > I think discovery of the proxy must be in this draft. I=E2=80=99m hap= py to move > the proxy=E2=80=99s discovery of the registrar to another draft but I= think its > ok to recommend GRASP for that connection so I don=E2=80=99t see a pr= oblem with > that. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWAjhXoCLcPvd0N1lAQID/gf7BUCpeIU4NO41uelpREypmtMe9RGf9Pgm Mci61lV5bvkui4GEe1RvupEYnrw37FZvULSeIzCZJT+LcCHIaoARS2x/+mRw7qpf VQhxeporCUaLPbdm8AL5PF/SLX8vBMJeMfQ4KVsSR5gVt8yA9x/uTUUoCxyqXOQ7 SooKQgx6ffPW4EWVS8X7R78ljrUfXjfyYcZ+AAvNYWmyls45XWGvW5eV3FJ7PKyt 3LKlKrod2/ErfLjUHBBbRCzk/iJsXocBMS7Xuj2bztwlqpexm/9bJlPDf1hcLRpO y9Fmix0M++jyVH8gMB4lO6ZresbGkLsNsMT8G6QHObAP7IhZ96GMow== =paMV -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Oct 20 08:26:36 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D749B129657 for ; Thu, 20 Oct 2016 08:26:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVluTePeNGJD for ; Thu, 20 Oct 2016 08:26:34 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB0281294A6 for ; Thu, 20 Oct 2016 08:26:34 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1661D2054E; Thu, 20 Oct 2016 11:41:16 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id BA0C8639BA; Thu, 20 Oct 2016 11:26:33 -0400 (EDT) From: Michael Richardson To: "Michael Behringer \(mbehring\)" In-Reply-To: <3d4d3f341c2f4975afe3879e92e78a50@XCH-RCD-006.cisco.com> References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <3d4d3f341c2f4975afe3879e92e78a50@XCH-RCD-006.cisco.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 15:26:36 -0000 --=-=-= Content-Type: text/plain Michael Behringer (mbehring) wrote: > - There is an adjacency table, that observes what nodes are seen on > each ANIMA-capable interface. > - This table is fed by discovery (primarily). So, should an ACP capable node simply periodically multicast a cleartext M_NOOP on the underlying link? That would work and provide all the information the adjacency table needs. All other GRASP messages (including discovery) would be occuring inside the ACP, so there wouldn't be anything visible on the underlying link to drive the adjacency table. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWAjiJ4CLcPvd0N1lAQKEDwf/W3v4AAoQ72cfAzkZDd77C92G/Rm6xVaE tsiHuYoBPJn3TMrXfen6LuFhqmrygs049Wh05kaxfYrKzn2xtgQJ0gGfsH8/IZ88 vSdik3ADGHsOqDoq5Gh2of0rml+DDNTAeZUWqr4Wd7IDAS4+jY7g82RdqUNjKGOt k6k7UoSdb8PO3dYZI+nEEYx5hUBpAWXny2rqcPSJtc5JSsNjOnbM9zpGHF8cZB+v waw9HwH2L7bemUBUKbprZpJC5RkUeZNy71Q6tNbEaqdeYl69crWF3++cXewkXq++ sO2JeMbnhwyhSjinLySQ5CYEz7kL0IrS1i1P9EXaYHgDtr/kn9hwSw== =QXsX -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Oct 20 08:35:38 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FE2A12996D for ; Thu, 20 Oct 2016 08:35:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Pxt1DE4qV1B for ; Thu, 20 Oct 2016 08:35:36 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42DDB1297B8 for ; Thu, 20 Oct 2016 08:35:36 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id CF3802054E; Thu, 20 Oct 2016 11:50:17 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 7DE97639BA; Thu, 20 Oct 2016 11:35:35 -0400 (EDT) From: Michael Richardson To: Brian E Carpenter In-Reply-To: References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" , "Michael Behringer \(mbehring\)" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 15:35:37 -0000 --=-=-= Content-Type: text/plain Brian E Carpenter wrote: > So, perhaps ACP formation is a special case ASA that runs always, in insecure > link-local mode, to maintain adjacencies and support the creation of > secure ACP tunnels. > I could write demo code for the adjacency learning, but I'd need some help > on the domain ID. I can live with this solution, but I'm not sure that MB is thinking about it in these terms. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWAjkRICLcPvd0N1lAQIGOAf+I8t+t1sxv3/QuT16CqhfShFCtk9nkeRx 3Stu21RK0fdVu4UmIkcqgb0xvUxt8ZbEo8WN2C/9s4nVytZnv9Y4J/LZ5D7ezMc1 Ip+NoESd04v5u5p6uRVjAUVLx5KVBHpFxRSUIVM6momSbRnwq8712Cm7U7tzEbJG dlgqbyw1sQYcxP84aqbyoreELhvQ84gVcguioPSzoRtghKY7mPlRa0ulGmVCZiRP pe4h2iVLduYdYS8IyJjEXwkqfOsO1hLsi88l3fIZHv4hpCU5VAdFFGTCkyvKxXVO EdvGLdWfqBdO0F8t+Hus9KKdlZH2NG27Vbm/eM260mpiwM0/sKA5zA== =8woy -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Oct 20 08:39:56 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E21C1294B0 for ; Thu, 20 Oct 2016 08:39:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VkKoSKuKxQ6o for ; Thu, 20 Oct 2016 08:39:54 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4860129592 for ; Thu, 20 Oct 2016 08:34:10 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 63C162054E; Thu, 20 Oct 2016 11:48:52 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 16F2C639BA; Thu, 20 Oct 2016 11:34:10 -0400 (EDT) From: Michael Richardson To: "Michael Behringer \(mbehring\)" In-Reply-To: <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 15:39:55 -0000 --=-=-= Content-Type: text/plain Michael Behringer (mbehring) wrote: > Right now we really specify the same thing in both BRSKI and ACP > drafts. First of all, I think we should be VERY clear that we don't > want *two* mechanisms to discover a proxy or an ACP neighbour. We want > a single protocol to do this. (I think we agree up to here). I don't think I agree. I'm also pretty unclear how to feed the ACP adjacency table easily from the entire GRASP discovery process, including the TCP based reply mechanism, and doing this on the insecured underlying network... Perhaps if we had a new M_ANNOUNCE or something that was suitable for multicasting, and which elicited no reply, that would be fine. It duplicates the part of mDNS that we found useful. Essentially it's just [M_NOOP, ["announce", stuff]] -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWAjj74CLcPvd0N1lAQL9MQf9HE9rRAvVGJXE1Qb43wkSRtBlPBYAQ5iA 3/DkOqunVjNDnxTOB5g5+QB/AOQFqhomimnuH7ikOt/TIZtyO4kMQDVbvXCBK5Ld 0kqrq43VJnyyM/+OLgQkZufceHP1DpgBblQsZh8B5c9fTHKfRhu0PUZ26ML11SRc ha8bHALHkxLX9pAZtH6wXy6Wcvu9KZILQGc7nDtpEXNC1p44sDAc4E84PVUouWfP /ClGbn1UvRH+Y17mV/SIcPusYyiHBm7AnNVjBha9r9VvU/ecGg+J0513znDT6g/K qbm2FB5H7GKNJ1BGKivD2+DcmNcMDmJRYbJT13a9cjPpKobTvOXhGw== =BD2E -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Oct 20 12:38:54 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFF79129491; Thu, 20 Oct 2016 12:38:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q5TFwSU29nHt; Thu, 20 Oct 2016 12:38:50 -0700 (PDT) Received: from mail-pf0-x232.google.com (mail-pf0-x232.google.com [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C36E21296B1; Thu, 20 Oct 2016 12:38:50 -0700 (PDT) Received: by mail-pf0-x232.google.com with SMTP id s8so42269687pfj.2; Thu, 20 Oct 2016 12:38:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=WtyrhgYboZefnhMzi7Yc3APy5wxDV5e1TnSQKD09aeU=; b=gInxpAOe+9Fh1T/bod4TFuaJtdotMiw1WqGVze7QaI27wwwwlW9ELyMBmbw419igJ4 6JGG4vQjI9aeHrl+1yqys7M+VKjgS8rHuRPLw80/QPmMUrwqINlHe10Ltef2V5zxlUMK ejzmEbpNUrYPejIZa+3VXK2B+OFjVblf8ezcKuMI+LLmFYZYHVdlC/8T0OlAvh0EF88Z Zusue8bg+Z7ItXMkT9WlsyyCxYLuEwMUU2tuzlIH7uFZCLkH77ME4sYxkmxRUMYCGp1l YvLt4optVuEnjUjXUtA5d9u69bIumdZnkbwlVQA3zp3VSis4TgUIHNFvmGwLpEcL1WEf gY8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=WtyrhgYboZefnhMzi7Yc3APy5wxDV5e1TnSQKD09aeU=; b=Lf255utWd/+X0xHBmzvA2XIOshVUKwVPSvGlRbFcmKzUFfEjvhtIwAx1IqAdVJH9Ov kwHWvYiX06gA+O8az8YJye+RKvqBVtDBhf4FNOUzaDZ7B3jAGzn5vkeo+dwEq5u8riR3 dKd5/sKNlNbLTRYjEoYI8+Z8i4vQwK8Hs3NQR2FCTka1ljabKSisGy/O5JN1eX25FZ9z asGp5jjJi/NUDeLoMMSDKGTtsFoYXysZdyS7APbQMzl78Qe25DGGgjaWd2p1yKoOsM3C BjeCOjnIfRm5Ln2bZcVskpYKSwnOwNlWhCMIhz3LR+8Au4AWJKtMX0RllEZFkDwA5Md6 XL1g== X-Gm-Message-State: AA6/9Rm4bSjDezG5eOzSZ4i823ZnrNafx8+AEAUpDidhgvXCCjQjwLtWbGF2oQPcd86j5A== X-Received: by 10.98.216.194 with SMTP id e185mr4227291pfg.148.1476992330154; Thu, 20 Oct 2016 12:38:50 -0700 (PDT) Received: from [192.168.178.23] (214.218.69.111.dynamic.snap.net.nz. [111.69.218.214]) by smtp.gmail.com with ESMTPSA id y125sm73594570pfg.61.2016.10.20.12.38.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Oct 2016 12:38:49 -0700 (PDT) To: Michael Richardson , 6tisch-security <6tisch-security@ietf.org> References: <20351.1476971471@obiwan.sandelman.ca> From: Brian E Carpenter Organization: University of Auckland Message-ID: <0343d14c-5b18-b821-c9ad-d77fb7dae490@gmail.com> Date: Fri, 21 Oct 2016 08:38:54 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20351.1476971471@obiwan.sandelman.ca> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] 6tisch join -01 documented posted X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 19:38:53 -0000 On 21/10/2016 02:51, Michael Richardson wrote: ... > b) https://datatracker.ietf.org/doc/draft-richardson-anima-6join-discovery/ > I wrote this document to reference from secure-join to explain the GRASP > query that the Join Assistant will do to inform the Registrar about a new > pledge. > > I think that this document goes into draft-ietf-anima-bootstrapping-keyinfra. > > Based upon some feedback on the anima list about how M_NEGOTIATE works, > there are some major things wrong in this document when it comes to how an > ANIMA Join Assistant would discover the *EST* port of the Registrar. TL;DR;WRL (will read later) I think you could look at my BRSKI toys (in Python) without needing to look at my actual GRASP code. They express my understanding of the options. https://www.cs.auckland.ac.nz/~brian/graspy/brski/ start with the README Regards Brian From nobody Thu Oct 20 12:49:20 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90AC11294A9 for ; Thu, 20 Oct 2016 12:49:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EoFmmLEKQRE for ; Thu, 20 Oct 2016 12:49:17 -0700 (PDT) Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA8BE12966C for ; Thu, 20 Oct 2016 12:49:17 -0700 (PDT) Received: by mail-pf0-x22d.google.com with SMTP id e6so42407581pfk.3 for ; Thu, 20 Oct 2016 12:49:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=2mV69LaqPflnCqn9yv1Y9E8nHhzB7SyoZAQIDUcAkt4=; b=CkKLeMFLOtEaAqplm0pkemIpdiXMNiLBy70LVEvzyWbCAx1anoE/p3j5y4xhfxiF6u 2y1HWTzjTlSSUo/GyLXRjXekenCtfJTixzg0IFP1k99e2znrlJNYl7Ot3O1UKEVfYqba n639wu2IBhWViUQMo21BkUsBpmhsEFJFh3+P0pm0OzuSsePezM5Ik9kAUnNJlIIMb+Yc VUACxZYbMN257Bj5vurYKgvT3E1zrtTwPYyh6dIev0ndO7WSxZ4YH2x2YCxYvUjsxBhA hCQ8C5u7iM1KctGpYhX4i9rHZuMiwPh4VOr6ivzjH+KYhiMQ2UE307hSMp2tfSlejj/e On+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=2mV69LaqPflnCqn9yv1Y9E8nHhzB7SyoZAQIDUcAkt4=; b=UxK50Hyb2vK9gt3GGcnMTW3F/V3kdljq7ZzkndRJGNazNdKu5hosANfSeYYkqlhnkV vtNUeFNSc1KuIXXBg5vV89L7Q8eCVs0DJBZfW9bIdki5AnRhC5hK+lTcnYHs5cDv6+3Y g6nQzdWBgatnC+NhgwI6RbXvkTkGnGuNRomSGqBis1Jje4mOk1x9b2awkmx1WvftMi5p rbm8FtInjC2P9b5s59Oit+FfYuWvmiYwyKJ7G+/yGRXrJsaK+86jdwJXaQ6YuMBkoiv9 56EEEaY6MUnzEfvXRZyYRTDvFxdNUU33TnLrYQGecuZtEoG7OcystnDOUs3TfExMC573 3sYw== X-Gm-Message-State: AA6/9RnQSJQ9nNwL+sdieoqgT2EkObZY7P95xZQa9yFR10zc/EM6qPuAOppKvTAfaG79iw== X-Received: by 10.98.147.218 with SMTP id r87mr4341121pfk.108.1476992957295; Thu, 20 Oct 2016 12:49:17 -0700 (PDT) Received: from [192.168.178.23] (214.218.69.111.dynamic.snap.net.nz. [111.69.218.214]) by smtp.gmail.com with ESMTPSA id p3sm13123781pfg.48.2016.10.20.12.49.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Oct 2016 12:49:16 -0700 (PDT) To: Michael Richardson , "Max Pritikin (pritikin)" References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <8648.1476976993@obiwan.sandelman.ca> From: Brian E Carpenter Organization: University of Auckland Message-ID: Date: Fri, 21 Oct 2016 08:49:21 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <8648.1476976993@obiwan.sandelman.ca> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Cc: "anima-bootstrap@ietf.org" , "Michael Behringer \(mbehring\)" Subject: Re: [Anima-bootstrap] BRSKI State Machine X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 19:49:19 -0000 in line... On 21/10/2016 04:23, Michael Richardson wrote: >=20 > Max Pritikin (pritikin) wrote: > >> In "real life" this would allow some visual feedback at the inst= all > >> site, so that the engineer knows whether he should wait or can g= o. > >> [note: there may be security reasons to NOT give a reason for > >> rejection, need to think more about this] >=20 > > I think here we need to provide information about what happened. = This > > is why s5.4 exists to have the pledge send telemetry back to the > > network that attempted bootstrapping. >=20 > This is a hard problem I think, ; there is potential for a lot of chaff= in > the log if we do it wrong. >=20 > > But note this is from the pledge to the domain. The device is ass= umed > > to be headless/zero-touch etc so I wasn=E2=80=99t thinking in ter= ms of sending > > error messages to it. I=E2=80=99m open to doing so though. >=20 > I agree that this is important... >=20 > >> - we need to specify precisely the discovery method, with mDNS f= ield > >> names, and other details. In my head we're using mDNS here, and = I > >> *think* we agreed on that? >=20 > > yes. with understanding that the proxy to registrar SHOULD be > > discovered using GRASP for ACP devices. >=20 > https://datatracker.ietf.org/doc/draft-richardson-anima-6join-discovery= >=20 > Posted yesterday, needs work. Needs to be merged into bootstrap documen= t, I think. >=20 > MB> But, we'll need the same method also for the ACP draft: When bo= th > MB> nodes have a certificate, they need to discover each other as w= ell. > MB> I've been haggling with Toerless about this :-) I think we sh= ould > MB> take the mDNS insecure discovery into a separate, new draft. >=20 > > I don=E2=80=99t follow. mDNS simply *is* insecure. This is import= ant since we > > can=E2=80=99t establish a secure discovery yet. >=20 > mDNS is just fine to find *a* proxy for a pledge that doesn't know anyt= hing else. > (And couldn't verify the proxy anyway). s/mDNS/GRASP/ and both of those sentences remain true: pre-ACP, the secur= ity properties of GRASP are pretty much the same as mDNS. >=20 > I'm still unclear how the GRASP multicast discovery process is going to= work > (the details) such that it leads to an IKEv2 connection. *All* we need= to > form the ACP links is a multicast that says, "I speak ACP", and as I > suggested before, this could be an multicast IKEv2 PARENT_I1 as much as= > anything else. Or we use the GRASP discovery multicast port, and the > response is not a TCP connection that says, "I'm here", as much as just= an > IKEv2 packet instead. I think I would recommend using GRASP flooding; if you want to call the objective "I speak ACP" that would be fine ;-). But afaics it's functiona= lly equivalent to just using IKE, *except* that we'd have the flexibility to announce the method, as in ["I speak ACP",2,1,["IKEv2"]]. >=20 > so I disagree with MB above: it's not the same protocol requirements at= all. >=20 > > I think discovery of the proxy must be in this draft. I=E2=80=99m= happy to move > > the proxy=E2=80=99s discovery of the registrar to another draft b= ut I think its > > ok to recommend GRASP for that connection so I don=E2=80=99t see = a problem with > > that. And what's wrong with stating that a proxy MUST support being discovered by mDNS and GRASP, and that a pledge MUST support mDNS or GRASP? I actually though we agreed on that in Berlin. Brian From nobody Thu Oct 20 12:56:04 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB8E9129562 for ; Thu, 20 Oct 2016 12:56:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6aWevDBAdKSX for ; Thu, 20 Oct 2016 12:56:01 -0700 (PDT) Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A44C129530 for ; Thu, 20 Oct 2016 12:56:01 -0700 (PDT) Received: by mail-pf0-x235.google.com with SMTP id 128so42688898pfz.0 for ; Thu, 20 Oct 2016 12:56:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=4rHCy+b4wZA5yeCANSnY0ll27KGkKmg6ORWR7q2VoQQ=; b=gvFiXgs7sqMtsZ1lvhIDruTaVU9yios98qihuVbVRszD9f4vwJFcPhc6Qc4jU3H9qH QSYnNDFTwPkFUt55c0jymb0y4fXwawlURIbL/89ofXTo1mZPa52L99Bw/wBC7xinSFNx 4ZQAUsG2+L8pwWSlbUbqDZeraHQ+8sEcW3uZ+ed7bWHYEEFi4cBOLuVvI25Qi6ubxkIi Uq8rtsGMdYXtP68JBX0J/pwXaBemr3q8KdSH9zQIHhQB+/Cut+cZR7cL+JozLlbmu0nm lRAwwQMQg0cedhuxJFjLwMnZFZA3mIlE+/cAVRHF5RcZj6dfqZ//nCwwrx9yAA07FuxE Z9pQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=4rHCy+b4wZA5yeCANSnY0ll27KGkKmg6ORWR7q2VoQQ=; b=ZJgc2IZSl+z8cK7OuizGEBpzEGUD4BcC4O120B1fTG0lxWPyNfiuy8+0nygel3/ObM bpvFs05OKAihKZlEikLNJ4y+0gFhg5JLlksnBBRpAAD7l2MSXNI6W/s1nhv5qklVmPt/ 9Fg5RI+iRBr/GMQbAx4imYXVw9VG3CebTkLz3N2qbaMkK0Lk3Ypi951wltys8CX9n4TZ dv8dUTFK3qPLmW3XGZewNHpsRsoCNPlZcjBYgPR8mLXNtB7QU7hxLhn7cRe6n00eGSN7 yRiJaRm1iAyfFvgG6lruKmgHsVSqn7LHY3VasIiDCWUftmfcVKRrFiUE4ybuauqQMwGC 97kg== X-Gm-Message-State: AA6/9RmimeMWRvziEtFea01WXAHLY3jnEeSiQiH5MzIJO3ElmW0HxV45lqBXSmTygkMs9Q== X-Received: by 10.98.66.149 with SMTP id h21mr4391343pfd.32.1476993360588; Thu, 20 Oct 2016 12:56:00 -0700 (PDT) Received: from [192.168.178.23] (214.218.69.111.dynamic.snap.net.nz. [111.69.218.214]) by smtp.gmail.com with ESMTPSA id u17sm73609587pfa.83.2016.10.20.12.55.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Oct 2016 12:56:00 -0700 (PDT) To: Michael Richardson , "Michael Behringer (mbehring)" References: <6E2BF711-B34F-40E3-9543-CEB3A9BD89DC@cisco.com> <71f23615-511f-e087-dc32-a041c295de9c@gmail.com> <0EEC961F-D08D-4E35-8736-5CA7515090A2@cisco.com> <56fba332c2744d0aa5ab48189722e175@XCH-RCD-006.cisco.com> <11334.1476977650@obiwan.sandelman.ca> From: Brian E Carpenter Organization: University of Auckland Message-ID: <74a1cfef-281b-eec9-09bd-39c28a25d808@gmail.com> Date: Fri, 21 Oct 2016 08:56:05 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <11334.1476977650@obiwan.sandelman.ca> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: "Max Pritikin \(pritikin\)" , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] peer and domain [was BRSKI State Machine] X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 19:56:03 -0000 On 21/10/2016 04:34, Michael Richardson wrote: > > Michael Behringer (mbehring) wrote: > > Right now we really specify the same thing in both BRSKI and ACP > > drafts. First of all, I think we should be VERY clear that we don't > > want *two* mechanisms to discover a proxy or an ACP neighbour. We want > > a single protocol to do this. (I think we agree up to here). > > I don't think I agree. > > I'm also pretty unclear how to feed the ACP adjacency table easily from the > entire GRASP discovery process, including the TCP based reply mechanism, and > doing this on the insecured underlying network... > > Perhaps if we had a new M_ANNOUNCE or something that was suitable for > multicasting, and which elicited no reply, that would be fine. It duplicates > the part of mDNS that we found useful. > > Essentially it's just [M_NOOP, ["announce", stuff]] It can be [M_FLOOD,,,,["I talk ACP",,,,,stuff]] GRASP seems to be pretty versatile, even without new message formats. Brian From nobody Thu Oct 20 13:11:50 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A7581294BD for ; Thu, 20 Oct 2016 13:11:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2dF86Grq3-1k for ; Thu, 20 Oct 2016 13:11:47 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 790611294A9 for ; Thu, 20 Oct 2016 13:11:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=36592; q=dns/txt; s=iport; t=1476994307; x=1478203907; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=MgeEGfxjvFFFtq+3SqTPmBIUyf8ayabpxMEeEV4N5TA=; b=IaAX+uqkJ7XLNAdo0GBdODoOUeJ4Wxnd3r4/PBeVxuyyh8c82zzSMD6J RvpXpwTsuh86ZuxT8BslcSbnrXmduOpsRvzpsKgFplkn1EwEF6FSqwsfj l6TTJWGuZwOaCvkcrtY5aqVJu7Tl5BzVS37MdULTAx2nfCJQaiQBLZSZw o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CFAQDXIwlY/49dJa1SAQkaAQEBAQIBA?= =?us-ascii?q?QEBCAEBAQGDPgEBAQEBHVdtEAeNLZZ8lD2CBQMcC4V6AhqBYz8UAQIBAQEBAQE?= =?us-ascii?q?BYiiEYgEBAQMBAQEBCwwJBA0xCQQHBQsCAQgTBQICJgICAiULFRABAQQOBQkQi?= =?us-ascii?q?DEIDrZfjHkBAQEBAQEBAQEBAQEBAQEBAQEBAQEcgQeHMwiBS4EFgjiBYAEGAQk?= =?us-ascii?q?CAQUiC4JtLIIvBYg5DweFdoE8hDGFXAGGKYMGhl2Bbk6HUoQ+gS+Mf4N/AR42W?= =?us-ascii?q?IMJHIFTcoZsK4ECgQABAQE?= X-IronPort-AV: E=Sophos;i="5.31,372,1473120000"; d="scan'208";a="160204575" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Oct 2016 20:11:45 +0000 Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id u9KKBjQI019176 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 20 Oct 2016 20:11:45 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 20 Oct 2016 15:11:45 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Thu, 20 Oct 2016 15:11:45 -0500 From: "Max Pritikin (pritikin)" To: "Michael Behringer (mbehring)" Thread-Topic: [Anima-bootstrap] Detailed BRSKI review, part 1 Thread-Index: AdIojIowvRHV0Q7aS5uVfJWO/hywbQCq4uOA Date: Thu, 20 Oct 2016 20:11:44 +0000 Message-ID: <2772637D-8352-4DF1-B11B-895DEFBFB129@cisco.com> References: <9ffa17925cdd4a43a0aeca04e06c906d@XCH-RCD-006.cisco.com> In-Reply-To: <9ffa17925cdd4a43a0aeca04e06c906d@XCH-RCD-006.cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.9] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: Michael Richardson , "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] Detailed BRSKI review, part 1 X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Oct 2016 20:11:50 -0000 SeKAmXZlIGJlZW4gd29ya2luZyB0aHJvdWdoIHRoZXNlIGNvbW1lbnRzLiBCZWxvdyBhcmUgbXkg d29ya2luZyBub3RlcyBhbmQgcmVzcG9uc2VzIGJ1dCBhbnkgb2YgeW91IGFsbCBjYW4gYWxzbyBs b29rIHRvIHRoZSBnaXRodWIgcmVwb3NpdG9yeSB0byBzZWUgaG93IHRoZSB0ZXh0IGxvb2tzIOKA mGluIHBsYWNl4oCZIHdpdGhpbiB0aGUgY3VycmVudCBkb2N1bWVudC4gDQoNClNlYXJjaCB0aGUg Zm9sbG93aW5nIG5vdGVzIGZvciDigJxDT05DRVJO4oCdIHRvIHF1aWNrbHkgZmluZCBjb21tZW50 cyBJIGhhZCB0cm91YmxlIGludGVncmF0aW5nIG9yIHdhcyB3b3JyaWVkIGFib3V0LiAoTS4gUmlj aGFyZHNvbiwgc29tZSBvZiB0aGUgY29tbWVudHMgcmVmZXJlbmNlcyB5b3UgZm9yIG1vcmUgaW5w dXQpLiANCg0KPiBPbiBPY3QgMTcsIDIwMTYsIGF0IDk6MzggQU0sIE1pY2hhZWwgQmVocmluZ2Vy IChtYmVocmluZykgPG1iZWhyaW5nQGNpc2NvLmNvbT4gd3JvdGU6DQo+IA0KPiBMb29raW5nIGF0 IHZlcnNpb24gLTAzLiBUaGVyZSBpcyBhIGxvdCBvZiBkZXRhaWwgaW4gdGhpcyBkb2N1bWVudCwg YW5kIG92ZXJhbGwgSSB0aGluayBpdCdzIHZlcnkgZ29vZCEgVG9ucyBvZiB3b3JrIHdlbnQgaW50 byB0aGlzIGRvYywgYW5kIGl0J3MgcHJldHR5IGFwcGFyZW50ISANCj4gDQo+IFRoZSBiaWdnZXN0 IHF1ZXN0aW9uIHRvIG1lIGlzIHRoZSBvbmUgZnJvbSBteSBlbWFpbCBmcm9tIEZyaWRheTogSW4g dGhlIG9yaWdpbmFsIGRvY3VtZW50IHdlIGFzc3VtZWQgdGhlIGF1ZGl0IG1ldGhvZCwgYW5kIHdy b3RlIHRoZSBlbnRpcmUgZG9jdW1lbnQgYXJvdW5kIGl0LiBBbmQgd2hpbGUgSSB3YXMgb3JpZ2lu YWxseSBpbiBmYXZvdXIgb2Ygd3JpdGluZyB0aGUgZG9jIGZvciBhIHNpbmdsZSBtZXRob2QsIGFu ZCBhZnRlcndhcmRzIGV4cGxhaW5pbmcgZXhjZXB0aW9ucywgYnV0IEkgbm93IHRoaW5rIHJlYWxp dHkgaXMgdGhhdCB3ZSdsbCBzZWUgdGhlIHRocmVlIG1ldGhvZHMgSSBtZW50aW9uZWQgaW4gbXkg bWFpbCBpbiBwYXJhbGxlbDogDQo+IA0KPiAxKSBqb2luIGFueSBkb21haW4gKGZpcnN0IGNvbWUg Zmlyc3Qgam9pbikgIA0KPiAgIC0tPiBObyBNQVNBIHJlcXVpcmVkDQo+IDIpIHJlcXVpcmUgYXVk aXQgdG9rZW4gDQo+ICAgLS0+IE1BU0EgcmVxdWlyZWQsIGF1ZGl0IG1vZGUNCj4gMykgcmVxdWly ZSBhdXRoZW50aWNhdGlvbiB0b2tlbiANCj4gICAtLT4gTUFTQSByZXF1aXJlZCwgb3duZXJzaGlw IHRyYWNraW5nIG1vZGUNCj4gDQo+IE15IG1haW4gY29tbWVudCwgdGh1cywgZm9yIGRpc2N1c3Np b24gaXM6IEdpdmVuIHRoYXQgd2UncmUgbGlrZWx5IHRvIHNlZSB0aGUgdGhyZWUgdmFyaWFudHMg aW4gcGFyYWxsZWwgaW4gcmVhbCBsaWZlLCB3ZSBzaG91bGQgcHJvYmFibHkgZXhwbGFpbiBpbiBl YWNoIHN0ZXAgaG93IHRoZSBkaWZmZXJlbnQgdmFyaWFudHMgYWZmZWN0IHRoaXMgcGFydGljdWxh ciBzdGVwLiBUaGlzIHdvdWxkIHJlcXVpcmUgcXVpdGUgc29tZSB3b3JrLCBidXQgbXkgZmVlbGlu ZyBpcyBpdCdzIG5lZWRlZCBmb3IgY2xhcml0eS4gDQo+IA0KPiBUaGUgb3RoZXIgdGhpbmsgSSB3 b3VsZCBsaWtlIHRvIGRpc2N1c3M6IFdlIG5vdyBrZXB0IEFOSU1BIHByZXR0eSBtdWNoIG91dHNp ZGUgc2NvcGUuIFRoaXMgc2VlbXMgd3JvbmcgdG8gbWUuIFllcywgd2Ugc2hvdWxkIG5vdCBSRVFV SVJFIEFOSU1BLCBidXQgd2Ugc2hvdWxkIHN0aWxsIGV4cGxhaW4gaG93IEJSU0tJIHdvcmtzIGlu IGFuIEFOSU1BIGNvbnRleHQuIFRoaXMgd291bGQgYWRkIHNvbWUgc21hbGwgbm90ZXMgaW4gdmFy aW91cyBwbGFjZXMgKHNlZSBkZXRhaWxlZCBjb21tZW50cykuIEZvciBleGFtcGxlLCB3ZSBkb24n dCBleHBsYWluIHRoYXQgcHJveHkgdG8gUmVnaXN0cmFyIGNvbm5lY3Rpb24gaXMgdGhyb3VnaCB0 aGUgQUNQLCBhbmQgdGhhdCBSZWdpc3RyYXIgaXMgZm91bmQgdGhyb3VnaCBHUkFTUC4gVGhhdCBm ZWVscyB3cm9uZy4gDQoNCkNPTkNFUk46IE5vdCBhZGRyZXNzaW5nIHRoaXMgeWV0LiANCg0KPiAN Cj4gRGV0YWlsZWQgcmV2aWV3IGNvbW1lbnRzLCBtb3N0bHkgZWRpdG9yaWFsLCBidXQgc29tZXRp bWVzIGltcG9ydGFudCAoSSB0aGluayA6LSkgYXJlIGJlbG93LiANCj4gDQo+IE1pY2hhZWwNCj4g DQo+IC0tDQo+IA0KPiAtIHNlY3Rpb24gMTogIiBBIGNvbXBsZXhpdHkgdGhhdA0KPiAgIHRoaXMg cHJvdG9jb2wgZGVhbHMgd2l0aCBhcmUgZGVhbGluZyB3aXRoIGRldmljZXMgZnJvbSBhIHZhcmll dHkgb2YNCj4gICB2ZW5kb3JzLCBhbmQgYSBuZXR3b3JrIGluZnJhc3RydWN0dXJlICh0aGUgZG9t YWluKSB0aGF0IGlzIG9wZXJhdGVkDQo+ICAgYnkgcGFydGllcyB0aGF0IGRvIG5vdCBoYXZlIGFu eSBwcml2aWxlZGdlZCByZWxhdGlvbnNoaXAgd2l0aCB0aGUNCj4gICBkZXZpY2UgdmVuZG9ycy4i DQo+IA0KPiBJIGRvbid0IHVuZGVyc3RhbmQgInByaXZpbGVkZ2VkIHJlbGF0aW9uc2hpcCIuIEkg Z3Vlc3Mgd2Ugd2FudCB0byBzYXkgdGhhdCBhbnkgZG9tYWluIGNhbiBjbGFpbSBhIGRldmljZSwg YW5kIHRoYXQgZG9tYWluIGRvZXNuJ3QgaGF2ZSB0byBiZSBhdXRoZW50aWNhdGVkIGJ5IHRoZSB2 ZW5kb3IsIHJpZ2h0PyBJdCBtaWdodCBiZSBjbGVhcmVyIHRvIHNheSAicHJpb3IgcmVsYXRpb25z aGlwIi4gVGhlIHdvcmsgInByaXZpbGVkZ2VkIiBpcyBub3QgZW50aXJlbHkgY2xlYXIsIEkgZmlu ZC4gDQoNClRoaXMgcGFyYWdyYXBoIHdhcyBuZWVkbGVzc2x5IGNvbXBsZXguIEl0IGhhcyBiZWVu IHNpbXBsaWZpZWQgdG8gbWFwIHRvIHRoZSBxdWVzdGlvbnMgdGhhdCBkaXJlY3RseSBwcm9jZWVk IGl0Og0KDQoiQSBwcmVjaXNlIGFuc3dlciB0byBbdGhlIHByaW9yXSBxdWVzdGlvbnMgY2FuIG5v dCBiZSBvYnRhaW5lZCB3aXRob3V0IGxldmVyYWdpbmcgYW4gZXN0YWJsaXNoZWQga2V5IGluZnJh c3RydWN0dXJlKHMpLiBUaGUgTmV3IGVudGl0eSdzIGRlY2lzaW9ucyBhcmUgbWFkZSBhY2NvcmRp bmcgdG8gdmVyaWZpZWQgY29tbXVuaWNhdGlvbiB3aXRoIGEgdHJ1c3RlZCB0aGlyZC1wYXJ0eS4g VGhlIGRvbWFpbidzIGRlY2lzaW9ucyBhcmUgbWFkZSBieSBjb21wYXJpbmcgdGhlIE5ldyBlbnRp dHkncyBhdXRoZW50aWNhdGVkIGlkZW50aXR5IGFnYWluc3QgZG9tYWluIGluZm9ybWF0aW9uIHN1 Y2ggYXMgYSBjb25maWd1cmVkIGxpc3Qgb2YgcHVyY2hhc2VkIGRldmljZXMgc3VwcGxpbWVudGVk IGJ5IGluZm9ybWF0aW9uIHByb3ZpZGVkIGJ5IGEgdHJ1c3RlZCB0aGlyZC1wYXJ0eS4gVGhlIHRo aXJkLXBhcnR5IGlzIG5vdCByZXF1aXJlZCB0byBwcm92aWRlIHNhbGVzIGNoYW5uZWwgb3duZXJz aGlwIHRyYWNraW5nIG5vciBpcyBpdCByZXF1aXJlZCB0byBhdXRoZW50aWNhdGUgdGhlIGRvbWFp bi4iDQoNCj4gLSBpZiB3ZSB1c2UgInBsZWRnZSIsIHdlIHNob3VsZCB1c2UgaXQgdGhyb3VnaG91 dC4gSSBzdWdnZXN0IHRvIGRvIGEgZ2xvYmFsIHNlYXJjaC9yZXBsYWNlLiBMaWtlLCB0aGUgaW50 cm8gdXNlcyAibmV3IGVudGl0eSIgbWFueSB0aW1lcy4gDQoNCkRvbmUuIA0KDQo+IA0KPiAtIGRl ZmluaXRpb24gb2YgInBsZWRnZSI6IEkgZG9uJ3QgdGhpbmsgd2Ugc2hvdWxkIGxpbmsgdG8gImRl ZmluaXRpb24gNiIgb24gYSB3ZWIgcGFnZSwgc2luY2UgdGhhdCBjb3VsZCB3ZWxsIGNoYW5nZS4g DQoNCkFncmVlZC4gSSByZW1vdmVkIHRoZSByZWZlcmVuY2Ugd2hlbiBJIGRpZCB0aGUgc3Vic3Rp dHV0aW9uIGFib3ZlLg0KDQo+IFRoYXQgZGVmaW5pdGlvbiBzb3VuZHMgdmVyeSB3ZWlyZCB0byBt ZS4gIk5laXRoZXIgdGhlIGRldmljZSBub3IgdGhlIG5ldHdvcmsga25vd3MgaWYgdGhlDQo+ICAg ICAgZGV2aWNlIHlldCBrbm93cyBpZiB0aGlzIGRldmljZSBiZWxvbmdzIHdpdGggdGhpcyBuZXR3 b3JrLiIgKGhlPykgIFN1cmVseSwgdGhlIGRldmljZSBrbm93cyBpZiBpdCBrbm93cyB0aGUgZG9t YWluPyE/ISANCj4gICBEbyB3ZSBuZWVkIHRoaXMgc2VudGVuY2UgIT8hPw0KPiBIZXJlIHdlIHNh eSB0aGUgaWRlbnRpdHkgaXMgY29taW5nIGZyb20gYSAiZmFjdG9yeSIuIEFib3ZlIGl0IHdhcyAi dGhpcmQgcGFydHkiLiBXZSBzaG91bGQgdXNlIHRoZSBzYW1lIHRlcm0sIGNvbnNpc3RlbnRseS4N Cj4gDQo+IFdoYXQgYWJvdXQ6IA0KPiBQbGVkZ2U6IHRoZSBuZXcgZGV2aWNlIHNlZWtpbmcgdG8g am9pbiBhIGRvbWFpbiwgd2l0aCBhbiBpZGVudGl0eSBwcm92aWRlZCBieSBhIHRoaXJkIHBhcnR5 IChlLmcuLCB2ZW5kb3IsIGludGVncmF0b3IpLiANCg0KSeKAmXZlIGluY2x1ZGVkIOKAmG1hbnVm YWN0dXJlcuKAmSBpbiB0aGlzIGxpc3QgYXMgdGhpcyBpcyBhIHRlcm0gd2UgdXNlZCBhYm92ZS4g DQoNCj4gDQo+IC0gSSBkb24ndCB1bmRlcnN0YW5kIGNhcGl0YWxpemF0aW9uIG9mIHRoZSBkZWZp bml0aW9ucy4gV2hlbiB1cHBlcmNhc2UsIHdoZW4gbG93ZXJjYXNlPyBTaG91bGQgcHJvYmFibHkg YmUgdXBwZXJjYXNlIGZvciBhbGw/DQoNCkNPTkNFUk46IEN1cnJlbnRseSB0aGUgY2FwaXRhbGl6 YXRpb24gaXMgd2hlbiB3ZeKAmXZlIGRlZmluZWQgYSDigJx0aGluZ+KAnSAoRG9tYWluSUQsIFBs ZWRnZSwgQXVkaXQgVG9rZW4sIE93bmVyc2hpcCkgdnMgYSBwcm9jZXNzIChkcm9wIHNoaXAsIGVu cm9sbG1lbnQpLiBJ4oCZbSBsZWF2aW5nIHRoaXMgZm9yIG5vdyBpZiBvbmx5IHRvIGZvY3VzIG9u IG90aGVyIHBvaW50cy4gSeKAmW0gc3VyZSB3ZeKAmWxsIGhhdmUgdG8gY2xlYW4gdGhpcyB1cCB0 aG91Z2guICANCg0KPiANCj4gLSAiT3B0aW1hbCBzZWN1cml0eSBpcyBhY2hpZXZlZCB3aXRoIElF RUUgODAyLjFBUiBjZXJ0aWZpY2F0ZXMgb24gZWFjaA0KPiAgIG5ldyBlbnRpdHksIGFjY29tcGFu aWVkIGJ5IGEgdGhpcmQtcGFydHkgSW50ZXJuZXQgYmFzZWQgc2VydmljZSBmb3INCj4gICB2ZXJp ZmljYXRpb24uIg0KPiANCj4gSSBzdWdnZXN0IHRvIGFkZCBhZnRlciAidGhpcmQgcGFydHkiIHNv bWV0aGluZyBsaWtlICIoZS5nLiwgbWFudWZhY3R1cmVyLCBpbnRlZ3JhdG9yKSAodGhhdCdzIHdo YXQgd2UgbWVhbiwgcmlnaHQ/KQ0KDQpZZXMsIGtpbmRhLiBUaGVyZSBpcyBhIHN1YnRsZSBkaXN0 aW5jdGlvbiBwb3NzaWJsZSBiZWluZyB0aGUgdGhpcmQtcGFydHkgdGhhdCBpbnN0YWxsZWQgdGhl IGNyZWRlbnRpYWwgYW5kIHRoZSB0aGlyZC1wYXJ0eSB0aGF0IHByb3ZpZGVzIHRoZSBNQVNBIHNl cnZpY2UgYnV0IEkgZG9u4oCZdCB0aGluayB0aGF0cyB3b3J0aCBleHBsb3JpbmcgYXQgdGhpcyB0 aW1lLiBJ4oCZdmUgYWRkZWQgYXMgeW91IHN1Z2dlc3QuIA0KDQo+IA0KPiAtIHNob3VsZCB3ZSBu b3QgZGVmaW5lIE1BU0E/IEkgdGhpbmsgd2UgbmVlZCB0by4gKEkgc2VlIGl0J3MgZGVmaW5lZCBs YXRlciBvbiBwYWdlIDcsIGJ1dCBpdCBzaG91bGQgYmUgZGVmaW5lZCB1cCBmcm9udC4pDQoNCkni gJl2ZSBtb3ZlZCBhbGwgdGhlIGRlZmluaXRpb25zIHVwIGludG8gdGhlIHRlcm1pbm9sb2d5IHNl Y3Rpb24uIFRoaXMgaGFzIHRoZSBhZHZhbnRhZ2Ugb2YgcmVkdWNpbmcgZHVwbGljYXRpb24gKHBs ZWRnZSB3YXMgYmVpbmcgZGVmaW5lZCBtdWx0aXBsZSB0aW1lcykuIA0KDQo+IA0KPiAtIFBhZ2Ug NTogImltcHJpbnQ6ICB0aGUgcHJvY2VzcyB3aGVyZSBhIGRldmljZSBvYnRhaW5zIHRoZSBjcnlw dG9ncmFwaGljIGtleQ0KPiAgICAgIG1hdGVyaWFsIHRvIGlkZW50aXR5IGFuZCB0cnVzdCBmdXR1 cmUgaW50ZXJhY3Rpb25zIHdpdGggYSBuZXR3b3JrLiINCj4gcy9pZGVudGl0eS9pZGVudGlmeS8N Cg0KRml4ZWQuDQoNCj4gDQo+IC0gUGFnZSA1OiBkZWZpbml0aW9uIG9mICJEb21haW5JRCI6IEkg c3VnZ2VzdCB0byBhZGQgInNlZSBzZWN0aW9uIDQuMi4xLjIgb2YgUkZDNTI4MCIgKEkgZm91bmQg aXQsIGJ1dCB3b3VsZCBoYXZlIGZvdW5kIGl0IGZhc3RlciB3aXRoIHRoaXMgcmVmIDstKSANCg0K Rml4ZWQuDQoNCj4gLSByZWZlcmVuY2UgSS1ELmlydGYtbm1yZy1hdXRvbm9taWMtbmV0d29yay1k ZWZpbml0aW9ucyBzaG91bGQgYmUgcmVwbGFjZWQgd2l0aCBSRkM3NTc1LiAoZ2xvYmFsbHkpDQoN CkZpeGVkLg0KDQo+IA0KPiAtIFBhZ2UgNTogYXVkaXQgdG9rZW4gLyBhdXRob3JpemF0aW9uIHRv a2VuIC8gb3duZXJzaGlwIHZvdWNoZXI6IEkgdGhpbmsgd2UgcmVhbGx5IGhhdmUgVFdPIHRoaW5n cyBvbmx5LCB0aGUgYXVkaXQgdG9rZW4gYW5kIHRoZSBvd25lcnNoaXAgdm91Y2hlci4gDQo+ICBB cmUgd2Ugc3RpbGwgdXNpbmcgImF1dGhvcml6YXRpb24gdG9rZW4iIGF0IGFsbD8gSWYgbm90LCBs ZXQncyB0YWtlIGl0IG91dC4gSW4gYW55IGNhc2UsIEkgZG9uJ3QgdGhpbmsgd2UgZXZlciB1c2Vk ICJhdXRob3JpemF0aW9uIHRva2VuIiBlcXVhbCB0byAiYXVkaXQgdG9rZSIsIHdoaWNoIHRoaXMg c2VjdGlvbiBpbXBsaWVzLiANCj4gIElmIHdlIHVzZSAidGhpcmQgcGFydHkiIGVsc2V3aGVyZSwg d2Ugc2hvdWxkIGFsc28gdXNlIGl0IGhlcmUuIA0KPiAgQm90aCBnZXQgaXNzdWVkIGJ5IHRoZSBz YW1lIGVudGl0eSwgYnV0IGFyZSB1c2VkIGZvciBkaWZmZXJlbnQgdGhpbmdzLiBUaGlzIHNob3Vs ZCBiZSByZWZsZWN0ZWQgaGVyZS4gDQo+ICBSaWdodCBub3csIG9uZSBpcyBmcm9tIGEgIm1hbnVm YWN0dXJlciIgdGhlIG90aGVyIGZyb20gYSAidmVuZG9yIiwgZXRjLiBBbGwgaW5jb25zaXN0ZW50 LiBJIHN1Z2dlc3QgbGV0J3MgZGVmaW5lICJ0aGlyZCBwYXJ0eSIgYWJvdmUgKHNlZSBjb21tZW50 cyBhYm92ZSkgYW5kIHRoZW4gb25seSB1c2UgdGhhdCB0ZXJtLiANCj4gDQo+IFdoYXQgYWJvdXQ6 IA0KPiAtIEF1ZGl0IFRva2VuOiBBIHNpZ25lZCB0b2tlbiBmcm9tIHRoZSBNQVNBIG9mIGEgdGhp cmQgcGFydHkgKGUuZy4sIG1hbnVmYWN0dXJlciwgaW50ZWdyYXRvcikgaW5kaWNhdGluZyB0aGF0 IHRoZSBib290c3RyYXBwaW5nIGhhcyBiZWVuIHN1Y2Nlc3NmdWxseSBsb2dnZWQsIGluY2x1ZGlu ZyBoaXN0b3JpYyBsb2dnaW5nIGluZm9ybWF0aW9uIGZyb20gdGhpcyBkZXZpY2UuIA0KPiANCj4g LSBPd25lcnNoaXAgVm91Y2hlcjogQSBzaWduZWQgdG9rZW4gZnJvbSB0aGUgTUFTQSBvZiBhIHRo aXJkIHBhcnR5IChlLmcuLCBtYW51ZmFjdHVyZXIsIGludGVncmF0b3IpIGluZGljYXRpbmcgdGhh dCBhIHNwZWNpZmljIGRvbWFpbiAib3ducyIgdGhlIHBsZWRnZSBhcyBkZWZpbmVkIGluIFtuZXRj b25mIGRyYWZ0XQ0KDQpJIHRoaW5rIEnigJl2ZSBnb3QgdGhpcyBjbGVhbmVkIHVwLiANCg0KPiAN Cj4gUGFnZSA2DQo+IA0KPiBTZWN0aW9uIDEuMjogSU9UIHN1aXRhYmlsaXR5OiAiSW4gZ2VuZXJh bCB0aGUgYW5zd2VyIGlzIG5vIiAtIEkgd291bGQgcHJlZmVyIHRvIHJlcGhyYXNlIHRvOiAiVGhp cyBkZXBlbmRzIG9uIHRoZSBjYXBhYmlsaXRpZXMgb2YgdGhlIGRldmljZXMgaW4gcXVlc3Rpb24u IFRoZSB0ZXJtaW5vbG9neSBvZiAuLi4iDQo+ICAoYmVjYXVzZSBjYXBhYmlsaXRpZXMgbWF5IHdl bGwgY2hhbmdlIGluIHRoZSBuZXh0IHllYXJzLCBwb3RlbnRpYWxseSBtYWtpbmcgdGhlIGdlbmVy YWwgYW5zd2VyIGEgInllc+KAnSkNCg0KVGhpcyBpcyBhIGdvb2QgcG9pbnQuIEnigJl2ZSBtYWRl IHRoZSBjaGFuZ2UuIA0KDQo+IC0gImRlbGF5cyBmb3IgcHJpdmFjeSByZWFzb25zIiAtIGNhbiB5 b3UgZXhwYW5kPw0KDQpJIGJlbGlldmUgdGhpcyBzdWJzdGl0dXRpb24gaXMgYWNjdXJhdGUgYW5k IGNsYXJpZmllczoNCiJUaGUgbmV0d29yayBjb21tdW5pY2F0aW9uIGl0c2VsZiBpcyBub3Qgb3B0 aW1pemVkIGZvciBzcGVlZDsgdGhlIGRpc2NvdmVyeSBwcm9jZXNzIGFsbG93cyBmb3IgdGhlIFBs ZWRnZSB0byBhdm9pZCBicm9hZGNhc3RpbmcgZm9yIHByaXZhY3kgcmVhc29ucy4iDQoNCj4gU2Vj dGlvbiAxLjM6ICIgYmV0d2VlbiB0aGUgZG9tYWluIFJlZ2lzdHJhciBhbmQgdGhlIG5ldyBkZXZp Y2UiLiBSZXBsYWNlICJ0aGUiIHdpdGggImEiIC0gdGhlcmUgY2FuIGJlIG1vcmUgdGhhbiBvbmUg UmVnaXN0cmFyLiBBbHRlcm5hdGl2ZWx5LCAiYmV0d2VlbiBkb21haW4gdHJ1c3QgYW5jaG9yIGFu ZCBuZXcgZGV2aWNlIi4gKGRvIGEgZ2xvYmFsIHNlYXJjaCBhbmQgcmVwbGFjZSAidGhlIFJlZ2lz dHJhciIgd2l0aCAiYSBSZWdpc3RyYXLigJ0pDQoNCknigJl2ZSBhdHRlbXB0ZWQgdGhpcyBjaGFu Z2UuIEdyYW1tYXRpY2FsbHkgdGhlcmUgYXJlIHN0aWxsIGEgbnVtYmVyIG9mIOKAnHRoZSBSZWdp c3RyYXLigJ0gaXMgc3RpbGwgbW9yZSBhcHByb3ByaWF0ZSB0aG91Z2g7IHN1Y2ggYXMgd2hlbiBh IFJlZ2lzdHJhciBoYXMgYmVlbiBjb250YWN0ZWQgYW5kIGl0IHBlcmZvcm1zIGFuIGFjdGlvbi4g VGhlcmUgaXMgYSBjaGFuY2UgSSBtZXNzZWQgdGhhdCB1cCBpbiB0aGUgdGV4dCBhdCBzb21lIHBv aW50LiBJIHJlZ3JldCBhY2NlcHRpbmcgdGhpcyBjaGFuZ2UuIA0KDQo+IA0KPiBXZSBoYXZlIGNv bW1lbnRzIGFib3V0IGNvbnN0cmFpbmVkIGRldmljZXMgYSBiaXQgYWxsIG92ZXIgdGhlIGludHJv LiBJIHN1Z2dlc3Qgd2UgY29sbGVjdCB0aGVtIHVuZGVyIGEgc2VwYXJhdGUgaGVhZGluZy4gDQoN CkNPTkNFUk46IG5vdCBhZGRyZXNzZWQgeWV0Lg0KDQo+IFNlY3Rpb24gMg0KPiANCj4gVW5kZXIg RmlndXJlIDEgd2UgZGVmaW5lIHRlcm1zLCBhbmQgaW4gdGhlIGludHJvIHdlIGRpZCBhcyB3ZWxs LiBUaGVyZSBhcmUgb3ZlcmxhcHBpbmcgb25lcyAocGxlZGdlIGFuZCBuZXcgZW50aXR5KSwgc2lt aWxhciBvbmVzIChkb21haW4gYW5kIGRvbWFpbklEKSwgaXQncyBjb25mdXNpbmcuICBJIHN1Z2dl c3Qgd2UgdGFrZSBhbGwgdGhlIGRlZmluaXRpb25zIGludG8gdGhlIGludHJvIHNlY3Rpb24uIEZp Z3VyZSAxIGRvZXNuJ3QgYWN0dWFsbHkgaW50cm9kdWNlIG5ldyB0ZXJtcy4gDQoNCkZpeGVkLg0K DQo+IA0KPiBNQVNBIHZlcnN1cyBPd25lcnNoaXAgdHJhY2tlcjogVGhlIGRvY3VtZW50IG1ha2Vz IGl0IHNvdW5kIGxpa2UgdHdvIGRpZmZlcmVudCBlbnRpdGllcyAoIk1BU0Egb3IgT3duZXJzaGlw IFRyYWNrZXIiKSBJbiBteSBtaW5kLCB0aGVyZSBpcyBhIHNpbmdsZSBlbnRpdHkgd2hpY2ggSSB0 aG91Z2h0IHdlIGNhbGxlZCBNQVNBLiBJdCBoYXMgdHdvIGZ1bmN0aW9ucywgb25lIGlzIGF1ZGl0 aW5nLCB0aGUgb3RoZXIgaXMgaXNzdWluZyBvd25lcnNoaXAgdm91Y2hlcnMuIEluIHRoZSBkaXNj dXNzaW9uIGZyb20gbGFzdCB3ZWVrIHRoaXMgc2VlbWVkIHRvIGJlIHRoZSBjb25zZW5zdXMgYXMg d2VsbC4gSW4gdGhhdCBjYXNlLCB3ZSBuZWVkIHRvIGFkYXB0IHRoZSBkcmF3aW5nIGFuZCB0aGUg ZXhwbGFuYXRpb25zLiAiTUFTQSBzZXJ2aWNlIiBwcm92aWRlcyB0d28gc2VydmljZXMgIm93bmVy c2hpcCBhdHRlc3RhdGlvbiIgYW5kICJhdWRpdCBsb2dnaW5nIi4gIA0KPiANCj4gKFRoaXMgaXMg YSBiaXQgb2YgYSByZXBlYXQgb2YgbXkgbGFzdCBlbWFpbDogIEkgdGhpbmsgd2Ugc2hvdWxkIGRl ZmluZSB0aGUgdGhyZWUgZ2VuZXJhbCBtb2RlbHMgdXAgZnJvbnQgKG93bmVyc2hpcCB2YWxpZGF0 aW9uLCBhdWRpdCBsb2csIGFuZCBubyBNQVNBKSwgZXhwbGFpbiB0aGUgdGVybXMgb2YgdGhlIHRv a2VucyB1cCBmcm9udCwgYW5kIHdoYXQgZ29lcyB3aGVyZS4pDQoNClRoaXMgd2FzIHN0YXJ0ZWQg YnkgdGhlIG5ldyBkZWZpbml0aW9ucyBhbmQgSeKAmXZlIG1hZGUgbWlub3IgY2xlYW51cHMuIFRo ZSBkaWFncmFtcyBkbyBpbmRpY2F0ZSB0aGUgb3duZXJzaGlwIHZvdWNoZXIgaXMgZnJvbSB0aGUg c2FtZSB2ZW5kb3Igc2VydmljZS4NCg0KSeKAmW0gc3RhcnRpbmcgdG8gd29uZGVyIGlmIOKAnEF1 ZGl0IFRva2Vu4oCdIGFuZCDigJxPd25lcnNoaXAgVm91Y2hlcuKAnSBpcyB0b28gbXVjaC4gV2hh dCBhYm91dDoNCglBdWRpdCBWb3VjaGVyIGFuZCBPd25lcnNoaXAgVm91Y2hlcj8gDQpzbyB3ZSBj YW4gc2F5Og0KCUF1ZGl0IG9yIE93bmVyc2hpcCB2b3VjaGVyPyANCg0KPiANCj4gMy4xOiAiIEEg TmV3IEVudGl0eSBNVVNUIE5PVCBhdXRvbWF0aWNhbGx5IGluaXRpYXRlIGJvb3RzdHJhcHBpbmcg aWYgaXQgaGFzIGFscmVhZHkgYmVlbiBjb25maWd1cmVkLiIgQWRkOiAib3IgaXMgaW4gdGhlIHBy b2Nlc3Mgb2YgYmVpbmcgY29uZmlndXJlZC4gDQoNCkRvbmUuIA0KDQo+IEZpZ3VyZSAzOiANCj4g QnVsbGV0IDE6IEkgd291bGQgcmVtb3ZlICJjbG9zZXN0IiBSZWdpc3RyYXIuIEkgdGhpbmsgdGhl cmUgd2lsbCBiZSBtYW55IGNyaXRlcmlhLiBTYXkgaGVyZSAidG8gYSBSZWdpc3RyYXIiLiAoQW5k LCB3ZSBzaG91bGQgY2FwaXRhbGlzZSAiUmVnaXN0cmFyIiBjb25zaXN0ZW50bHkpDQoNCkRvbmUu DQoNCj4gQnVsbGV0IDI6IHJlcGxhY2UgIiAoQWx0aG91Z2ggdGhlIFJlZ2lzdHJhciBpcyBhbHNv IGF1dGhlbnRpY2F0ZWQgdGhlc2UgY3JlZGVudGlhbHMgYXJlIG9ubHkgcHJvdmlzaW9uYWxseSBh Y2NlcHRlZCBhdCB0aGlzIHRpbWUpIiAoY29uZnVzaW5nKSB3aXRoICIgKFRoZSBSZWdpc3RyYXIg Y3JlZGVudGlhbHMgYXJlIG9ubHkgcHJvdmlzaW9uYWxseSBhY2NlcHRlZCBhdCB0aGlzIHRpbWUp 4oCdDQoNCkRvbmUuDQoNCj4gSSB0aGluayBidWxsZXQgMiBhbmQgMyBhcmUgYWN0dWFsbHkgdGhl IHNhbWUgb3BlcmF0aW9uLiBCeSBwcmVzZW50aW5nIGl0c2VsZiwgaXQgaW1wbGljaXRseSByZXF1 ZXN0cyB0byBqb2luLiBXZSBzaG91bGQgbm90IG1ha2UgaXQgc291bmQgbGlrZSB0aGVzZSBhcmUg dHdvIGRpc3RpbmN0IG9wZXJhdGlvbnMuIE1ha2UgaXQgb25lIGJveCBhbmQgY2FsbCBpdCAiUmVx dWVzdCBqb2luIChwcmVzZW50aW5nIElEKSIuIElmIHdlIGRvIHRoaXMsIHRoZW4gd2Ugc2hvdWxk IGFsc28gbWVyZ2UgMy4xLjIgYW5kIDMuMS4zLg0KDQpDT05DRVJOOiBUaGVyZSBhcmUgYWN0dWFs bHkgdHdvIHN0ZXBzIGhlcmUuIFRoZSBkZXZpY2UgZXN0YWJsaXNoZXMgdGhlIGNvbm5lY3Rpb24g KHRoZSBJZGVudGl0eSBpcyBwcmVzZW50ZWQgaW4gdGhlIFRMUyBjb25uZWN0aW9uKSBhbmQgdGhl biByZXF1ZXN0cyBqb2luICh2aWEgYSBSRVNUIGludGVyZmFjZSBjYWxsKS4gU28gdGhpcyBtb3Jl IGFjY3VyYXRlbHkgcmVwcmVzZW50cyB0aGUgcHJvdG9jb2wgZXhjaGFuZ2UuIEkgaGF2ZSBub3Qg bWFkZSBhIGNoYW5nZSB0byB0aGUgdGV4dC4gDQoNCj4gDQo+IEJ1bGxldCA0IC8gSW1wcmludCBv cGVyYXRpb246IA0KPiANCj4gQSBzcGVjaWZpYyBkZXZpY2UgbWF5IHJlcXVpcmUgYSBNQVNBIHRv a2VuIHRvIGJvb3RzdHJhcCwgYW5vdGhlciBvbmUgbWF5IE5PVC4gVGhpcyBpcyByZWFsbHkgYSBm ZWF0dXJlIG9mIHRoZSBwbGVkZ2UuIEFuZCB0aGlzIGJlaGF2aW91ciBNVVNUIE5PVCBiZSBjaGFu Z2VhYmxlIChpZSBpdCdzIGhhcmQgY29kZWQpLiAoc29tZXdoZXJlIHdlIHNob3VsZCBzdGF0ZSB0 aGF0LCBJIHRoaW5rIHdlIGRvbid0IHNvIGZhcikuIA0KDQpDT05DRVJOOiBJIHRoaW5rIHNlY3Rp b24gNiBhYm91dCByZWR1Y2VkIHNlY3VyaXR5IG1vZGVzIGRpcmVjdGx5IGFkZHJlc3NlcyB0aGlz OyBieSBzcGVjaWZpY2FsbHkgYWxsb3dpbmcgdGhpcyB0byBiZSBjaGFuZ2VkIChlLmcuIGFsbG93 IGEgcmVkdWNlZCBzZWN1cml0eSBtb2RlKS4NCldoYXQgd2UgZG9u4oCZdCB0YWxrIGFib3V0IGlz IGhvdyBhIGRldmljZSBtaWdodCBpbmRpY2F0ZSBpdCB3YW50cyBvbmUgdHlwZSBvZiB0b2tlbiBm cm9tIHRoZSBNQVNBIG9yIHRoZSBvdGhlci4gSeKAmW0gY29tZm9ydGFibGUgbWFuZGF0aW5nIHRo YXQgYSBQbGVkZ2UgaXMgcmVxdWlyZWQgdG8gc3VwcG9ydCBlaXRoZXIgZm9ybWF0OyBzaW5jZSBt eSBjb25jZXJucyBhYm91dCB0aGUgb3duZXJzaGlwIHZvdWNoZXIgYXJlIGFyb3VuZCBob3cgdGhl IHNhbGVzIGNoYW5uZWwgaW50ZWdyYXRpb24gd29yay4gVGhlIGNsaWVudCBzaWRlIGltcGxlbWVu dGF0aW9uIGlzIHByZXR0eSB0cml2aWFsLiANCg0KPiBJbiB0aGUgIkltcHJpbnQiIHN0ZXAgdGhy ZWUgZXJyb3JzIGNhbiBoYXBwZW46IDEpIFRoZSBkZXZpY2UgcmVjZWl2ZXMgYSBiYWQgTUFTQSB0 b2tlbiwgb3IgZG9lc24ndCByZWNlaXZlIG9uZTsgYW5kIDIpIHRoZSBkb21haW4gUmVnaXN0cmFy IHJlY2VpdmVzIGEgYmFkIG9yIG5vIE1BU0EgdG9rZW4gb3IgMykgdGhlIGF1ZGl0IGxvZyBtYWtl cyB0aGUgUmVnaXN0cmFyIHJlamVjdCB0aGUgZGV2aWNlLiBGb3IgdHJvdWJsZSBzaG9vdGluZywg SSB0aGluayBpdCBpcyBpbXBlcmF0aXZlIHRoYXQgaW4gMSkgdGhlIHBsZWRnZSBpbmZvcm1zIHRo ZSBSZWdpc3RyYXIgb2YgdGhlIGVycm9yLA0KDQpDT05DRVJOOiBTbyBJIHRoaW5rIHlvdSByZWNv bW1lbmQgZWl0aGVyIGV4cGFuZGluZyBzNS43LjQg4oCcc3RhdHVzIHRlbGVtZXRyeeKAnSB0byBl eHBsaWNpdGx5IGNvdmVyIHRoaXMgY2FzZSBvciBhZGQgYW5vdGhlciB0ZWxlbWV0cnkgb3B0aW9u PyANCg0KPiBhbmQgaW4gMikgYW5kIDMpIHRoZSBSZWdpc3RyYXIgaW5mb3JtcyB0aGUgcGxlZGdl IChlLmcuLCB0byB0dXJuIG9uIGEgcmVkIExFRCwgc3VjaCB0aGF0IHRoZSBpbnN0YWxsZXIga25v d3MgdGhhdCBhbiBlcnJvciBjb25kaXRpb24gaGFzIGFyaXNlbi4gSSB0aGluayB3ZSBkb24ndCBj b3ZlciB0aG9zZSBjYXNlcyB5ZXQ/IA0KDQpDT05DRVJOOiBUaGlzIGlzIGFuIGludGVyZXN0aW5n IGlkZWEgYnV0IHcvbyBhIHZhbGlkIE1BU0EgcmVzcG9uc2UgdGhlIGRvbWFpbiBoYXMgbm8gc2Vj dXJlIHdheSB0byBkcml2ZSBiZWhhdmlvciBvbiB0aGUgUGxlZGdlLiBXaGF0IGRvIHlvdSB0aGlu ayBhYm91dCB0aGUgUGxlZGdlIGJlaW5nIHJlcXVpcmVkIHRvIGluZGljYXRlIHNvbWV0aGluZyBh Ym91dCBmYWlsZWQgYXR0ZW1wdHMgd2hlbiBpdCBtb3ZlcyBvbiB0byBmdXR1cmUgZGlzY292ZXJ5 PyAodmlhIHRpbWVvdXQgZXRjKS4gDQoNCj4gMy4xLjENCj4gIiBUaGUgcmVzdWx0IG9mIGRpc2Nv dmVyeSBpcyBsb2dpY2FsbHkgKHNob3VsZCBiZSAibG9naWNhbCIpIGNvbW11bmljYXRpb24gd2l0 aCBhIFByb3h5IGluc3RlYWQgLi4uICIgSSB3b3VsZCBoYXZlIHNhaWQgaXQgdGhlIG90aGVyIHdh eSByb3VuZCwgYW5kIHJlZHVjZWQgdGhhdCBwYXJhZ3JhcGggdG86ICIgVGhlIHJlc3VsdCBvZiBk aXNjb3ZlcnkgaXMgYSBsb2dpY2FsIGNvbW11bmljYXRpb24gd2l0aCBhIFJlZ2lzdHJhciwgdGhy b3VnaCBhIFByb3h5LuKAnSANCg0KRml4ZWQuICJUaGUgcmVzdWx0IG9mIGRpc2NvdmVyeSBpcyBh IGxvZ2ljYWwgY29tbXVuaWNhdGlvbiB3aXRoIGEgUmVnaXN0cmFyLCB0aHJvdWdoIGEgUHJveHku IFRoZSBQcm94eSBpcyB0cmFuc3BhcmVudCB0byB0aGUgUGxlZGdlIGJ1dCAgaXMgYWx3YXlzIGFz c3VtZWQgdG8gZXhpc3QuIg0KDQo+ICIgVG8gZGlzY292ZXIgdGhlIERvbWFpbiBCb290c3RyYXAg U2VydmVyIiB5b3UgbWVhbiAiIFRvIGRpc2NvdmVyIGEgUmVnaXN0cmFyIiAtIHJpZ2h0PyBJIHN1 Z2dlc3QgdG8gcmVtb3ZlIHRoZSB0ZXJtICJib290c3RyYXAgc2VydmVyIiBjb21wbGV0ZWx5IChn bG9iYWxseSkgdG8gYXZvaWQgY29uZnVzaW9uLiANCg0KRml4ZWQuIA0KDQo+IGEpOiBXZSBleGNs dWRlIGEgY2FzZSB3aXRoIG5vcm1hbCBESENQIGZvciBJUHY0LiBEbyB3ZSByZWFsbHkgd2FudCB0 byBkbyB0aGlzPyBBbHNvLCBpZiBvcHRpb24gZCkgaXMgdGhlIG9ubHkgb25lIHdvcmtpbmcsIHdl IHJlcXVpcmUgRE5TIHRvIHdvcmsuIFNvIGEpIHNob3VsZCBwcm9iYWJseSBiZSBleHBhbmRlZCB0 byBpbmNsdWRlIHRoZXNlIG9wdGlvbnM/DQoNCkdvb2QgcG9pbnQuIEnigJl2ZSBhZGRlZCBhIHJl ZmVyZW5jZSB0byBESENQIFtSRkMyMTMxXSBhcyBmb2xsb3dzOg0KDQpUaGUgUGxlZ2UgTUFZIG9i dGFpbiBhbiBJUCBhZGRyZXNzIHZpYSBESENQIFtSRkMyMTMxXS4gVGhlIERIQ1AgcHJvdmlkZWQg cGFyYW1ldGVycyBmb3IgdGhlIERvbWFpbiBOYW1lIFN5c3RlbSBjYW4gYmUgdXNlZCB0byBwZXJm b3JtIHN0ZXAgKGQpIEROUyBvcGVyYXRpb25zIGlmIGFsbCBsb2NhbCBkaXNjb3ZlcnkgYXR0ZW1w dHMgZmFpbCAoc2VlIGJlbG93KS4gDQoNCkNPTkNFUk46IGhvdyB0byBiYWxhbmNlIHRoaXMgTUFZ IHdpdGggdGhlIE1VU1QgY29uY2VybmluZyBSRkMzOTI3IGFuZCBSRkM0ODYyIChkeW5hbWljIElQ IGFkZHJlc3MgZm9yIHY0IG9yIHY2KT8gDQoNCj4gYik6IERvIHdlIG5lZWQgYW4gSUFOQSByZWdp c3RyYXRpb24gZm9yIHRoZSAiX2Jvb3RzdHJhcGtzLl90Y3AubG9jYWwiIHNlcnZpY2U/IFdlIGhh dmUgbm8gSUFOQSBjb25zaWRlcmF0aW9ucyBzZWN0aW9uISEgDQoNCkNPTkNFUk46IGdyZWF0IHBv aW50LiBJ4oCZdmUgYWRkZWQgdGhlIHNlY3Rpb24gYnV0IGxlZnQgdGhlIGNvbnRlbnQgYXMgYSBb W0VETk9URTpdXQ0KDQo+IGMpIFdlJ3JlIHVzaW5nIGJvdGggImV4YW1wbGUuY29tIiBhbmQgImV4 YW1wbGUubmV0Ii4gT25seSB1c2UgLmNvbSAoaHR0cDovL3d3dy5pYW5hLm9yZy9kb21haW5zL3Jl c2VydmVkKQ0KDQpGaXhlZC4NCkNPTkNFUk46IHRoZSBuZXh0IGV4YW1wbGUgaXMg4oCcdmVuZG9y LWV4YW1wbGUuY29t4oCdIHRvIGRpc3Rpbmd1aXNoIGl0LiBQZXJoYXBzIHRoaXMgc2hvdWxkIGJl IGV4YW1wbGUuY29tIGFzIHdlbGw/IA0KDQo+IGQpICJWZW5kb3JzIHRoYXQgbGV2ZXJhZ2UgdGhp cyBtZXRob2QgU0hPVUxEIHByb3Zpc2lvbiBhcHByb3ByaWF0ZWx5LiIgRXhwbGFpbj8gSSBkb24n dCB1bmRlcnN0YW5kIHdoYXQgdGhhdCBtZWFucz8gDQoNCklmIHRoZXkgc2VsbCBkZXZpY2VzIHRo YXQgc2VhcmNoIGZvciB0aGlzIGFkZHJlc3MgdGhleSBzaG91bGQgYnVpbGQgb3V0IHRoZWlyIGlu ZnJhc3RydWN0dXJlIHN1ZmZpY2llbnRseSB0byBoYW5kbGUgdGhlIGxvYWQgb2Ygd2hhdGV2ZXIg ZGV2aWNlcyB0aGV5IHNoaXAuIEnigJl2ZSBjaGFuZ2VkIHRoZSB0ZXh0IHRvIHJlYWQ6ICJWZW5k b3JzIHRoYXQgbGV2ZXJhZ2UgdGhpcyBtZXRob2Qgb24gdGhlIFBsZWRnZSBhcmUgcmVzcG9uc2li bGUgZm9yIHByb3ZpZGluZyB0aGUgYm9vdHN0cmFwa3Mgc2VydmljZeKAnS4NCg0KPiBOb3Qgc3Vy ZSwganVzdCB2ZXJpZnlpbmc6IE91ciBwcm94eSBtZXRob2RzIHdvdWxkIHdvcmsgaWYgdGhlIHBs ZWRnZSBpcyBJUHY0IGFuZCB0aGUgUmVnaXN0cmFyIElQdjY/IA0KDQpDT05DRVJOOiBJIGJlbGll dmUgc28gYnV0IE1DUuKAmXMgaW5wdXQgd291bGQgYmUgaGVscGZ1bC4gDQoNCj4gInRvIGF2b2lk IG92ZXJsb2FkaW5nIHRoYXQgZGlzY292ZXJ5IG1ldGhvZHMgbmV0d29yayBpbmZyYXN0cnVjdHVy ZS4iIERvZXMgdGhhdCBtYWtlIHNlbnNlPyBJIHRoaW5rICJ0byBhdm9pZCBvdmVybG9hZGluZyB0 aGUgbmV0d29yayBpbmZyYXN0cnVjdHVyZSB3aXRoIGRpc2NvdmVyeeKAnS4gDQoNCkZpeGVkLiAN Cg0KPiBJbiB0aGUgcmVmZXJlbmNlIG1vZGVsIHdlIHN0YXRlIHRoYXQgaWYgYSBwbGVkZ2UgaGFz IGJlZW4gcmVqZWN0ZWQgYnkgYSBkb21haW4sIGl0IHNob3VsZCBwcmVmZXJhYmx5IHVzZSBvdGhl ciBkb21haW5zIHRoYXQgYXJlIHNlZW4uIFdlIG1heSB3YW50IHRvIGFkZCBzb21ldGhpbmcgYXQg dGhlIGVuZCBvZiAzLjEuMS4gVGhpcyBpcyBhbHNvIHRoZSByZWFzb24gd2h5IHRoZSBwbGVkZ2Ug bmVlZHMgdG8ga25vdyBpZiB0aGUgUmVnaXN0cmFyIGhhcyByZWplY3RlZCBpdCBiYXNlZCBvbiBN QVNBIGlucHV0LiANCg0KQ09OQ0VSTjogRGlzY292ZXJ5IGRvZXNu4oCZdCBpbmNsdWRlIGEgc2Vj dXJlIHN0YXRlbWVudCBvZiB0aGUgZG9tYWluIGlkZW50aXR5LiBTbyB0aGlzIGJlaGF2aW9yIHdv dWxkIGltcGx5IHNvbWV0aGluZyBsaWtlIOKAnGlmIHRoZSBUTFMgYXV0aGVudGljYXRpb24gcmVz dWx0cyBpbiBhIGRvbWFpbiB0aGF0IGhhcyBleHBsaWNpdGVseSByZWplY3RlZCB0aGUgUGxlZGdl IHByZXZpb3VzbHkgdGhlbiB0aGUgYXR0ZW1wdCBpbW1lZGlhdGVseSBmYWlscyBhbmQgbm8gcmVx dWVzdCBpcyBpbml0aWF0ZWTigJ0gaW4gc2VjdGlvbiA1PyANCg0KPiBzL1RoZXJlZm9yZSBvciBj bGFyaXR5L1RoZXJlZm9yZSBmb3IgY2xhcml0eS8NCg0KRml4ZWQgd2l0aCBhbiBhYm92ZSBjb21t ZW50LiANCg0KPiAzLjEuMiBzdWdnZXN0IHRvIG1lcmdlIHdpdGggMy4xLjMuIFRoZSAicmVxdWVz dCBqb2luIiBpbmNsdWRlcyB0aGUgImlkZW50aXR5IiwgcmVhbGx5LiBUaGVzZSBhcmUgTk9UIHR3 byBzZXBhcmF0ZSBzdGVwcy4gDQo+IHMvIGJvb3RzdHJhcHBpbmcgcHJvdG9jb2wgc2VydmVyL1Jl Z2lzdHJhci9nDQo+IHMvYm9vdHN0cmFwcGluZyBzZXJ2ZXIvUmVnaXN0cmFyL2cNCj4gcy9Cb290 c3RyYXBwaW5nIHNlcnZlci9SZWdpc3RyYXIvZw0KDQpDT05DRVJOOiBhcyBub3RlZCBhYm92ZSB0 aGVzZSBhcmUgdHdvIGRpc3RpbmN0IHByb3RvY29sIHN0ZXBzLiBMZWF2aW5nIHRoaXMgZm9yIG5v dy4gDQoNCj4gMy4xLjQNCj4gVGhlIG5vbi1hdXRvbm9taWMgbWV0aG9kcyBhcmUgY29uZnVzaW5n IGhlcmUuIEkgd29uZGVyIHdoZXRoZXIgd2Ugc2hvdWxkIGV4Y2x1ZGUgdGhlbT8gQXJlIHRoZXkg cmVhbGx5IGluIHNjb3BlPyANCg0KQ09OQ0VSTjogSeKAmWQgbGlrZSB0byBsZWF2ZSB0aGVzZSBm b3Igbm93LiBJIHJlY2VpdmUgYSBsb3Qgb2YgcXVlc3Rpb25zIGFib3V0IGhvdyB0aGlzIGlzIGRp ZmZlcmVudCB0aGFuIHRoZSBub24tYXV0b25vbWljIG1ldGhvZHMgaW4gRVNUIGFuZCBhcm91bmQg aG93IFRPRlUgZXRjIHJlbGF0ZXMuIEkgdGhpbmsgaXQgc2VlbXMgZXh0cmFuZW91cyB0byB1cyB0 byBkaXNjdXNzIHRoZXNlIChhZ2FpbikgZm9yIGJ1dCBuZXdlciByZWFkZXJzIGl0IGhlbHBzLiAN Cg0KPiBUaGUgcGxlZGdlIG11c3Qgc3VwcG9ydCB0aHJlZSBtb2RlczogDQo+IDEgLSAobm8gTUFT QSk6IGRvZXNuJ3QgcmVxdWlyZSBhbiBvd25lcnNoaXAgdm91Y2hlciBvciBhdWRpdCB0b2tlbg0K DQpDT05DRVJOOiBJIGVtcGhhdGljYWxseSBkb27igJl0IHNlZSB0aGlzIGFzIGEgcmVxdWlyZW1l bnQgb24gdGhlIFBsZWRnZS4gU2VjdGlvbiA2IGFsbG93cyB0aGlzIGNhc2Ugb25seSBiZWNhdXNl IHdl4oCZcmUgbm90IHlldCBzZXJpb3VzIGFib3V0IHNlY3VyaXR5LiANCg0KPiAyIC0gKE1BU0Eg d2l0aCBhdWRpdCBvbmx5KTogcmVxdWlyZXMgYW4gYXVkaXQgdG9rZW4NCj4gMyAtIChNQVNBIHdp dGggb3duZXJzaGlwIHRyYWNraW5nKTogcmVxdWlyZXMgYW4gb3duZXJzaGlwIHZvdWNoZXIuIA0K DQpJ4oCZdmUgdXBkYXRlZCB0aGUgc3RhdGVtZW50IGJlZm9yZSB0aGUgbGlzdCB0byByZWFkOg0K IlRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGF1dG9ub21pYyBtZXRob2RzIHRoYXQgTVVTVCBiZSBz dXBwb3J0ZWQgYnkgdGhlIFBsZWRnZToiDQoNCj4gDQo+IDMuMS41DQo+ICIgICBvICBJbiBhY2Nv cmRhbmNlIHdpdGggSUVFRSA4MDIuMUFSIGFuZCBSRkM1MjgwIGFsbCBtYW51ZmFjdHVyaW5nDQo+ ICAgICAgaW5zdGFsbGVkIGNlcnRpZmljYXRlcyBhbmQgdHJ1c3QgYW5jaG9ycyBhcmUgYXNzdW1l ZCB0byBoYXZlDQo+ICAgICAgaW5maW5pdGUgbGlmZXRpbWVzLiAgQWxsIHN1Y2ggY2VydGlmaWNh dGVzICJTSE9VTEQgYmUgYXNzaWduZWQgdGhlDQo+ICAgICAgR2VuZXJhbGl6ZWRUaW1lIHZhbHVl IG9mIDk5OTkxMjMxMjM1OTU5WiIgW1JGQzUyODBdLiAgVGhlIE5ldw0KPiAgICAgIEVudGl0eSwg UmVnaXN0cmFyIGFuZCBNQVNBIHNlcnZlciBNVVNUIGlnbm9yZSBhbnkgb3RoZXIgdmFsaWRpdHkN Cj4gICAgICBwZXJpb2QgaW5mb3JtYXRpb24gaW4gdGhlc2UgY3JlZGVudGlhbHMgYW5kIHRyZWF0 IHRoZSBlZmZlY3RpdmUNCj4gICAgICBsaWZldGltZSBhcyA5OTk5MTIzMTIzNTk1OVouICBUaGlz IGVuc3VyZXMgdGhhdCBjbGllbnQNCj4gICAgICBhdXRoZW50aWNhdGlvbiAoc2VlIFNlY3Rpb24g My4zLjEpIGFuZCB0aGUgYXVkaXQgdG9rZW4gc2lnbmF0dXJlDQo+ICAgICAgKHNlZSBTZWN0aW9u IDUuMykgY2FuIGFsd2F5cyBiZSB2ZXJpZmllZCBkdXJpbmcgUkZDNTI4MCBwYXRoDQo+ICAgICAg dmFsaWRhdGlvbi4iDQo+IA0KPiBUaGUgTVVTVCBzdGF0ZW1lbnQgaW1wbGllcyB0aGF0IGEgTUFT QSBldGMgYWN0dWFsbHkga25vd3Mgd2hldGhlciBhIGNlcnRpZmljYXRlIGlzIDgyMDEuQVIgb3Ig YW5vdGhlciB0eXBlIG9mIGNlcnQsIHJpZ2h0PyBJcyB0aGF0IHRydWU/IFdoZW4gSSBsb29rIGF0 IGEgZGV2aWNlIGNlcnRpZmljYXRlLCBob3cgZG8gSSBrbm93IGl0J3MgYW4gSURldklEPyANCj4g DQo+IEFzc3VtaW5nIHlvdSAqY2FuKiBkaXN0aW5ndWlzaCBJRGV2SUQgZnJvbSBhICJub3JtYWwi IGNlcnQsIHdlIG1heSBydW4gaW50byBjYXNlcyB3aGVyZSAibm9ybWFsIiBjZXJ0cyBhcmUgdXNl ZCBpbiB0aGUgZnVuY3Rpb24gb2YgYW4gSURldklELCByaWdodD8gSS5lLiBhIGRldmljZSB0eXBl IGRvZXNuJ3QgcmVhbGx5IHN1cHBvcnQgSURldklELCBidXQgYSBtYW51ZmFjdHVyZXIgaGFzIHBy ZS1sb2FkZWQgY2VydHMgYXQgbWFudWZhY3R1cmluZyB0aW1lLiANCj4gDQo+IFRoaXMgIkFsbCBz dWNoIGNlcnRpZmljYXRlcyAiU0hPVUxEIGJlIGFzc2lnbmVkIHRoZSBHZW5lcmFsaXplZFRpbWUg dmFsdWUgb2YgOTk5OTEyMzEyMzU5NTlaIiBbUkZDNTI4MF0uICIgaW4gY29tYmluYXRpb24gd2l0 aCAiTVVTVCBpZ25vcmUiIG1ha2VzIG1lIG5lcnZvdXPigKYNCg0KSeKAmXZlIHVwZGF0ZWQgdGhp cyBidWxsZXQgYXM6DQoNCkR1cmluZyBQbGVkZ2UgYXV0aGVudGlhdGlvbiBieSB0aGUgUmVnaXN0 cmFyIGEgcmVhbHRpbWUgY2xvY2sgY2FuIGJlIHVzZWQgYnkgdGhlIFJlZ2lzdHJhci4gVGhpcyBi dWxsZXQgZXhwYW5kcyBvbiBhIGNsb3NlbHkgcmVsYXRlZCBpc3N1ZSByZWdhcmRpbmcgUGxlZGdl IGxpZmV0aW1lcy4gUkZDNTI4MCBpbmRpY2F0ZXMgdGhhdCBsb25nIGxpdmVkIFBsZWRnZSBjZXJ0 aWZpYXRlcyAiU0hPVUxEIGJlIGFzc2lnbmVkIHRoZSBHZW5lcmFsaXplZFRpbWUgdmFsdWUgb2Yg OTk5OTEyMzEyMzU5NTlaIiBbUkZDNTI4MF0gc28gdGhlIFJlZ2lzdHJhciBNVVNUIHN1cHBvcnQg c3VjaCBsaWZldGltZXMgYW5kIFNIT1VMRCBzdXBwb3J0IGlnbm9yaW5nIFBsZWRnZSBsaWZldGlt ZXMgaWYgdGhleSBkaWQgbm90IGZvbGxvdyB0aGUgUkZDNTI4MCByZWNvbW1lbmRhdGlvbnMuIA0K DQpBcmd1YWJseSB0aGlzIGJ1bGxldCBjb3VsZCBiZSBtb3ZlZCB0byBhIGRpZmZlcmVudCBzZWN0 aW9uLiANCg0KPiANCj4gV2UncmUgcmVmZXJyaW5nIHRvIGFuIGF1ZGl0IHRva2VuIGluIHRoaXMg c2VjdGlvbiwgYnV0IG5vdCB0byB0aGUgb3RoZXIgMiBtZXRob2RzICAoT253ZXJzaGlwIHZvdWNo ZXIgYW5kIG5vIE1BU0EpLiBUaGlzIGlzbid0IGNvbXBsZXRl4oCmIA0KDQpJ4oCZdmUgbW92ZWQg dGhlIG5vbmNlIGRpc2N1c3Npb24gdG8gdGhlIGVuZCBvZiB0aGlzIHNlY3Rpb24gYW5kIGFkZGVk IGEgY29tbWVudCBhYm91dCBPd25lcnNoaXAgdm91Y2hlcnM6DQoNClRoZSBub25jZSBpbmNsdWRl ZCBpbiBqb2luIGF0dGVtcHRzIHByb3ZpZGVzIGFuIGFsdGVybmF0ZSBtZWNoYW5pc20gZm9yIHRo ZSBQbGVkZ2UgdG8gZW5zdXJlIEF1ZGl0IFRva2VuIHJlc3BvbnNlcyBhcmUgYXNzb2NpYXRlZCB3 aXRoIGEgcGFydGljdWxhciBib290c3RyYXBwaW5nIGF0dGVtcHQuIE5vbmNlbGVzcyBBdWRpdCBU b2tlbnMgZnJvbSB0aGUgTUFTQSBzZXJ2ZXIgYXJlIGFsd2F5cyB2YWxpZCBhbmQgdGh1cyB0aW1l IGlzIG5vdCBuZWVkZWQuDQoNCk93bmVyc2hpcCBWb3VjaGVycyBpbmNsdWRlIHRpbWUgaW5mb3Jt YXRpb24gYW5kIE1VU1QgYmUgdmFsaWRhdGVkIGEgcmVhbHRpbWUgY2xvY2suDQoNCj4gDQo+IFNw ZWNpZmljYWxseSwgaW4gYSBjYXNlIHdpdGhvdXQgTUFTQSwgSSB0aGluayB3ZSBuZWVkIHRvIHNp bXBseSBzdGF0ZSB0aGF0IHdlIGNhbm5vdCB2YWxpZGF0ZSB0aW1lIGR1cmluZyBlbnJvbG1lbnQu IEkgdGhpbmsgdGhpcyBpcyB3aGF0IHRoZSBzdGF0ZW1lbnQgIldoZW4gYWNjZXB0aW5nIGFuIGVu cm9sbG1lbnQgY2VydGlmaWNhdGUgdGhlIHZhbGlkaXR5IHBlcmlvZA0KPiAgICAgIHdpdGhpbiB0 aGUgbmV3IGVuZCBlbnRpdHkgY2VydGlmaWNhdGUgaXMgYXNzdW1lZCB0byBiZSB2YWxpZCBieQ0K PiAgICAgIHRoZSBOZXcgRW50aXR5LiIgd2FudHMgdG8gc2F5PyANCg0KQ09OQ0VSTjogSSBkb27i gJl0IHNlZSBob3cg4oCcd2l0aG91dCBNQVNB4oCdIGVudGVycyBpbnRvIHRoaXMgc28gSeKAmXZl IHByb2JhYmx5IG5vdCBhZGRyZXNzZWQgc29tZXRoaW5nIGhlcmUuIA0KDQo+IEFjdHVhbGx5LCB3 ZSBvbmx5IGxvb2sgYXQgdGhlIGRvbWFpbiB2YWxpZGF0aW5nIHRpbWUgZnJvbSB0aGUgcGxlZGdl LCBzaG91bGRuJ3Qgd2UgYWxzbyBkZXNjcmliZSB0aGUgb3RoZXIgZGlyZWN0aW9uPyAtLT4gDQo+ IFdvdWxkbid0IGl0IGJlIGNvcnJlY3QgdG8gc2F5ICJBIHBsZWRnZSB3aXRob3V0IHJlYWwtdGlt ZSBjbG9jayBjYW5ub3Qgc2VjdXJlbHkgYm9vdHN0cmFwIHRpbWUuIER1cmluZyB0aGUgYm9vdHN0 cmFwIHByb2Nlc3MgaXQgYWNjZXB0cyBhbGwgY2VydGlmaWNhdGVzIHdpdGhvdXQgdmFsaWRhdGlu ZyB0aW1lLiBPbmNlIGJvb3RzdHJhcHBlZCBzdWNoIGRldmljZXMgTVVTVCBiZSBwcm92aWRlZCB3 aXRoIHRoZSBjdXJyZW50IGNvcnJlY3QgdGltZSBmb3Igb3RoZXIgUEtJIG9wZXJhdGlvbnMgdG8g c3VjY2VlZC4iDQo+IA0KPiBUaGlzIHdob2xlIHNlY3Rpb24gMy4xLjUgbWFrZXMgbWUgYSBiaXQg bmVydm91c+KApiANCg0KR29vZC4gOi8gSXRzIGEgc2NhcnkgY29uY2VwdCBhbmQgSeKAmW0gaGFw cHkgdG8gaGF2ZSBmb2xrcyBjb21tZW50LiBEbyB0aGUgYWJvdmUgY2xlYW51cHMgaGVscD8NCg0K PiANCj4gMy4xLjYgDQo+ICJUaGUgTmV3IEVudGl0eSBjb250YWN0cyB0aGUgUmVnaXN0cmFyIiBh ZGQgInZpYSBhIHByb3h5Ii4gV2UgYWx3YXlzIGFzc3VtZSBhIHByb3h5LiANCg0KRml4ZWQuDQoN Cj4gDQo+IEluIHRoaXMgc2VjdGlvbiB3ZSBkb24ndCBmb3Jlc2VlIGEgY2FzZSB3aXRob3V0IE1B U0Egc2V2ZXIuIChCdWxsZXQgbGlzdCkNCj4gDQo+ICIgICBvICBUaGUgRVNUIHNlcnZlciBpcyBh dXRoZW50aWNhdGVkIGJ5IHVzaW5nIHRoZSBPd25lcnNoaXAgVm91Y2hlcg0KPiAgICAgIGluZGlj YXRlZCBmdWxseSBxdWFsaWZpZWQgZG9tYWluIG5hbWUgdG8gYnVpbGQgdGhlIEVTVCBVUkkgc3Vj aA0KPiAgICAgIHRoYXQgRVNUIHNlY3Rpb24gNC4xLjEgYm9vdHN0cmFwcGluZyB1c2luZyB0aGUg TmV3IEVudGl0eSBpbXBsaWNpdA0KPiAgICAgIFRydXN0IEFuY2hvciBkYXRhYmFzZSBjYW4gYmUg dXNlZC4iDQo+IA0KPiBSZWFkIHRoaXMgc2V2ZXJhbCB0aW1lcywgc3RpbGwgZG9uJ3QgcGFyc2Ug aXQuIENhbiB3ZSBtYWtlIHRoaXMgc2VudGVuY2Ugc2ltcGxlcj8gTm90IGV2ZW4gc3VyZSB0aGlz IGlzIGdyYW1tYXRpY2FsbHkgY29ycmVjdD8hPyANCj4gDQo+IEFsc28gdGhpcyBzZWN0aW9uLCBJ IHRoaW5rIHdlIHNob3VsZCBkaXN0aW5ndWlzaCB0aGUgdGhyZWUgY2FzZXMgb2YgTUFTQS4gTGFz dCBwYXJhZ3JhcGggc3RhcnRzIHdpdGggIm9uY2UgdGhlIGF1ZGl0IHRva2VuIGlzIHJlY2VpdmVk Ii4gV2hhdCBpZiB0aGVyZSBpcyBub25lIG9yIGFuIG93bmVyc2hpcCB2b3VjaGVyPyANCg0KRml4 ZWQuIA0KDQoiT3duZXJzaGlwIFZvdWNoZXJzIGFyZSBvYnRhaW5lZCBieSBhIFJlZ2lzdHJhciBm cm9tIHRoZSBNQVNBIHNlcnZpY2UgYW5kIGV4cGxpY2l0bHkgaW5kaWNhdGUgdGhlIG93bmVyIG9m IHRoZSBQbGVkZ2Uu4oCdDQoNCiJUaGUgT3duZXJzaGlwIFZvdWNoZXIgY29udGFpbnMgdGhlIE93 bmVyIENlcnRpZmljYXRlIHdoaWNoIHRoZSBQbGVkZ2UgdXNlcyB0byBhdXRoZW50aWNhdGUgdGhl IFRMUyBjb25uZWN0aW9uLiINCg0KPiANCj4gMy4xLjcNCj4gQXMgbWVudGlvbmVkIGluIG15IG90 aGVyIG1haWwsIEkgd291bGQgcHJlZmVyIHRvIGNhbGwgdGhlIGZpbmFsIHN0YXRlIGhlcmUgImVu cm9sbGVkIi4gV2UgY291bGQgZXhwbGFpbiBoZXJlIHRoYXQgaW4gdGhlIGNhc2Ugb2YgQU5JTUEs IHRoZSBuZXh0IHN0ZXAgaXMgdGhlIGVzdGFibGlzaG1lbnQgb2YgdGhlIEFDUCwgc2VlIGRyYWZ0 IC4uLiAgYW5kIGluIHRoZSBub24tQU5JTUEgY2FzZSB3ZSBleHBlY3Qgbm9ybWFsIG1hbmFnZW1l bnQgdG8gdGFrZSBwbGFjZSwgZXggdmlhIE5FVENPTkYsIC4uLiBCdXQgSSBzdWdnZXN0IHRvIGhh dmUgYSByZWZlcmVuY2UgdG8gdGhlIEFDUCBkcmFmdC4gDQoNCkNPTkNFUk46IEkgbGlrZSBzd2l0 Y2hpbmcgdGhpcyB0byDigJhlbnJvbGxlZOKAmS4gTm90IHN1cmUgd2hhdCB0aGUgcmVzdCBvZiB0 aGUgc3VnZ2VzdGlvbiBpcy4gDQoNCj4gDQo+IDMuMg0KPiBXZSBzaG91bGQgcmUtc3RhdGUgaGVy ZSB0aGF0IGFyY2hpdGVjdHVyYWxseSwgYSBQbGVkZ2UgQUxXQVlTIGludGVyZmFjZXMgYSBQcm94 eTsgaWYgdGhlIGRpcmVjdGx5IGFkamFjZW50IGRldmljZSBoYXBwZW5zIHRvIGJlIGEgUmVnaXN0 cmFyLCBpdCBoYXMgdG8gcHJlc2VudCBpdHNlbGYgdG8gdGhlIHBsZWRnZSBpbiB0aGUgc2FtZSB3 YXkgYSBub3JtYWwgUHJveHkgd291bGQuIA0KDQpGaXhlZC4gDQoiQSBQcm94eSBpcyBhbHdheXMg YXNzdW1lZCBldmVuIGlmIGRpcmVjdGx5IGludGVncmF0ZWQgaW50byBhIFJlZ2lzdHJhcuKAnS4g DQoNCj4gDQo+ICJ0aGUgY2hvc2VuIG1lY2hhbmlzbSBTSE9VTEQuLi4gIiAtIFRoaXMgaXMgdGhl IG1lY2hhbmlzbSB3ZSBzcGVjaWZ5IGxhdGVyIGluIHRoZSBkb2MsIHJpZ2h0PyAoU291bmRzIGxp a2UgdGhpcyBpcyBhIHJlcXVpcmVtZW50IG91dHNpZGUgdGhpcyBkb2MpLiBUaGVuIEkgd291bGQg cmUtcGhyYXNlICJ0aGUgY2hvc2VuIG1lY2hhbmlzbSB3YXMgZGVzaWduZWQgdG8g4oCmIiANCj4g DQo+IEkgZGlzYWdyZWUgd2l0aCB0aGUgKmdlbmVyYWwqIGdvYWwgIlNIT1VMRCB1c2UgdGhlIG1p bmltdW0gYW1vdW50IG9mIHN0YXRlIG9uIHRoZSBwcm94eSBkZXZpY2UuIiBUaGlzIGlzIGEgZ29v ZCBnb2FsIGZvciBjb25zdHJhaW5lZCBkZXZpY2VzLCBidXQgaW4gYSBub3JtYWwgbmV0d29yayB3 ZSBhbHdheXMgdHJ5IHRvIGhhbmRsZSBEb1MgZm9yIGV4YW1wbGUgYXMgZmFyICJvdXQiIGFzIHBv c3NpYmxlLiAoV2UgaGFkIHRoYXQgZGlzY3Vzc2lvbiBhIHdoaWxlIGJhY2spLg0KPiANCj4gV2hh dCBhcmUgd2UgcGxhbm5pbmcgdG8gZG8gd2l0aCBkcmFmdC1yaWNoYXJkc29uLWFuaW1hLXN0YXRl LWZvci1qb2lucm91dGVyPyBJdCBjb250YWlucyB2YWx1YWJsZSBiYWNrZ3JvdW5kLiBXb3VsZG4n dCBpdCBiZSBuaWNlIHRvIGhhdmUgdGhhdCBhcyBhbiBhcHBlbmRpeCBpbiBicnNraT8gKEhvd2V2 ZXIsIHRoZW4gdGhlIG5hbWluZyB3b3VsZCBuZWVkIHRvIGJlIGFkYXB0ZWQgdG8gdGhlIGJyc2tp IHRlcm1pbm9sb2d5KS4gDQo+IA0KPiBBZGQ6ICJJZiB0aGlzIGJvb3RzdHJhcCBtZWNoYW5pc20g aXMgdXNlZCBpbiBhbiBBTklNQSBjb250ZXh0LCB0aGUgcHJveHkgZGV2aWNlIHdpbGwgZGlzY292 ZXIgUmVnaXN0cmFyKHMpIHRocm91Z2ggR1JBU1AgYmFzZWQgZGlzY292ZXJ5LCBpbnNpZGUgdGhl IEFDUC4gVGhlIGNvbm5lY3Rpb24gZnJvbSB0aGUgUGxlZGdlIHdpbGwgYWxzbyBiZSBmb3J3YXJk ZWQgaW5zaWRlIHRoZSBBQ1AuIiBBIHByb3h5IHdpbGwgb25seSBiZSBlbmFibGVkIHdoZW4gYSBk ZXZpY2Ugc2VlcyBhIFJlZ2lzdHJhcjsgaWYgaXQgbG9zZXMgY29ubmVjdGlvbnMgdG8gYWxsIFJl Z2lzdHJhcnMsIGl0IHdpdGhkcmF3cyB0aGUgcHJveHkgc2VydmljZSBhbm5vdW5jZW1lbnRzLiAN Cj4gT3IgZGlkIHdlIGRlY2lkZSB0byBsZWF2ZSBBTklNQSBjb21wbGV0ZWx5IG91dCBvZiB0aGUg ZHJhZnQ/IChJIHRob3VnaHQgd2Ugd2FudGVkIGl0IGluZGVwZW5kZW50LCBidXQgQU5JTUEgaXMg c3RpbGwgdGhlIG1haW4gdXNlIGNhc2UgZm9yIG5vdykuIA0KDQpDT05DRVJOOiBJ4oCZZCBsaWtl IHRvIGhlYXIgTUNS4oCZcyB0aG91Z2h0cyBhYm91dCB0aGlzIHByb3h5IGRpc2N1c3Npb24uIA0K DQo+IA0KPiAzLjMNCj4gSSB0aGluayB3ZSBuZWVkIHRvIHRha2UgYSBzdGVwIGJhY2sgaGVyZS4g Rmlyc3QsIGV4cGxhaW4gdGhhdCB0aGUgcmVnaXN0cmFyIGlzIHR5cGljYWxseSBjb25maWd1cmVk LiBUaGVuLCB3ZSBuZWVkIHRvIGdpdmUgYSBiaXQgbW9yZSBjb250ZXh0OiBPbiBvbmUgc2lkZSwg aXQgZXhwZWN0cyBjb25uZWN0aW9ucyBmcm9tIHBsZWRnZXMsIG9uIHRoZSBvdGhlciB3ZSBoYXZl IGEgQ0EgY29ubmVjdGlvbiBhbmQgKG9wdGlvbmFsbHkpIGEgTUFTQS4gDQoNCkZpeGVkLiANCg0K IkEgUmVnaXN0cmFyIGxpc3RlbnMgZm9yIFBsZWRnZXMgYW5kIGRldGVybWluZXMgaWYgdGhleSBj YW4gam9pbiB0aGUgZG9tYWluLiBBIFJlZ2lzdHJhciBvYnRhaW5zIGVpdGhlciBBdWRpdCBUb2tl bnMgb3IgT3duZXJzaGlwIFZvdWNoZXJzIGZyb20gdGhlIE1BU0Egc2VydmljZSBhbmQgZGVsaXZl cnMgdGhlbSB0byB0aGUgUGxlZGdlIGFzIHdlbGwgYXMgZmFjaWxpdGF0aW5nIGVucm9sbG1lbnQg d2l0aCB0aGUgZG9tYWluIFBLSS4gQSBSZWdpc3RyYXIgaXMgdHlwaWNhbGx5IGNvbmZpZ3VyZWQg bWFudWFsbHkuIg0KDQo+IFRoZW4sIGluIGFuIEFOSU1BIGNvbnRleHQsIHRoZSBSZWdpc3RyYXIo cykgYW5ub3VuY2UgdGhlaXIgc2VydmljZSBpbnNpZGUgdGhlIEFDUCwgYW5kIHRoZXkgZXhwZWN0 IHRvIGJlIGNvbnRhY3RlZCBieSBwcm94aWVzIHRocm91Z2ggdGhlIEFDUC4gDQoNCkNPTkNFUk46 IEkgYWdyZWUgd2l0aCB0aGUgYW5ub3VuY2UgcG9pbnQgYXMgcGVyIHRoZSBjb250aW51ZWQgR1JB U1AgZGlzY3Vzc2lvbnMgKG92ZXIgdGhlIEFDUCkuIEkgZG9u4oCZdCBrbm93IHRoYXQgdGhlIHBy b3h5IGNvbW11bmljYXRpb25zIGlzIG5lY2Vzc2FyaWx5IHRocm91Z2ggdGhlIEFDUC4gSG9sZGlu ZyBvZmYgb24gY2hhbmdlcyB0byB0aGlzIHNlY3Rpb24gdW50aWwgd2UgaGVhciBmcm9tIE1DUiBv biB0aGF0LiANCg0KPiANCj4gMy4zLjINCj4gVGhlIHdob2xlIGRvY3VtZW50IGlzIGZvY3VzZWQg b24gdGhlIGF1ZGl0IG1ldGhvZDsgSWYgdGhpcyBpcyB0aGUgbWFpbiBtZXRob2QsIHRoZW4gd2Ug TVVTVCBleHBsYWluIHRoZSB3aGl0ZSBsaXN0IGhlcmUsIGJlY2F1c2UgbmVpdGhlciBvZiB0aGUg MyBidWxsZXRzIGluIHRoaXMgc2VjdGlvbiBpcyBzdWZmaWNpZW50IGZvciBhdXRob3JpemluZyBl eGFjdGx5ICJteSIgZGV2aWNlcy4gKEkgcmVhbGlzZSB3aGl0ZSBsaXN0cyBhcHBlYXIgbGF0ZXIg b24pLiANCg0KRml4ZWQuIA0KDQo+IA0KPiBQYXJhZ3JhcGggIkluIG9yZGVyIHRvIHZhbGlkYXRl IHRoZSBJRUVFIDgwMi4xQVIgZGV2aWNlIGlkZW50aXR5Li4uIiBiZWxvbmdzIGludG8gMy4zLjEu IA0KDQpGaXhlZC4NCg0KPiANCj4gcy9pdCBpcyBleHBlY3RlZCByZXF1ZXN0L2l0IGlzIGV4cGVj dGVkIHRvIHJlcXVlc3QvDQoNCkZpeGVkLiANCg0KPiANCj4gInRoZXNlIGNlcnRpZmljYXRlcyBj YW4gc3Vic2VxdWVudGx5IGJlIHVzZWQgdG8gZGV0ZXJtaW5lIHRoZSBib3VuZGFyaWVzIG9mIHRo ZSBob21lbmV0Li4uIiAtIHJlbW92ZSB0aGUgaG9tZW5ldCByZWZlcmVuY2VzIGhlcmUuIEkgc3Vn Z2VzdCB0byByZS1waGFzZTogIlRoZXNlIGNlcnRpZmljYXRlcyBjYW4gYmUgdXNlZCBmb3Igb3Ro ZXIgbWV0aG9kcywgZm9yIGV4YW1wbGUgYm91bmRhcnkgZGV0ZWN0aW9uLCBhdXRvLXNlY3VyaW5n IHByb3RvY29scywgZXRjLuKAnS4gDQoNCkZpeGVkLg0KDQo+IA0KPiAiVGhlIGF1dGhvcml6YXRp b24gcGVyZm9ybWVkIGR1cmluZyB0aGlzIHBoYXNlIE1BWSBiZQ0KPiAgIGNhY2hlZCBmb3IgdGhl IFRMUyBzZXNzaW9uIGFuZCBhcHBsaWVkIHRvIHN1YnNlcXVlbnQgRVNUIGVucm9sbG1lbnQNCj4g ICByZXF1ZXN0cyBzbyBsb25nIGFzIHRoZSBzZXNzaW9uIGxhc3RzLiIgLSBub3QgY2xlYXI/IT8g RWFjaCByZXF1ZXN0IGlzIGZvciBhIHNpbmdsZSBkZXZpY2UuIFdoeSBjYWNoZT8gDQoNCkZpeGVk LiANCknigJl2ZSBjaGFuZ2VkIGl0IHRvIOKAnGlzIHVzZWQgZm9y4oCdLiBUaGUgcG9pbnQgaXMs IGFuZCBtYXliZSB0aGlzIGlzbuKAmXQgY2xlYXIsIHRoYXQgdGhlIHNhbWUgVExTIHNlc3Npb24g aXMgbWFpbnRhaW5lZCB1c2luZyBzZXNzaW9uIHJlc3VtcHRpb24gc28gZG9u4oCZdCB0aGluayB5 b3XigJlyZSBnb25uYSBkbyBzb21lIG90aGVyIGF1dGhvcml6YXRpb24gYWJvdXQgdGhlIGNlcnRp ZmljYXRlIGlzc3VhbmNlLiANCg0KPiANCj4gSSBzdG9wIHRoZSBkZXRhaWxlZCByZXZpZXcgaGVy ZSBmb3IgYSBtb21lbnQsIHNpbmNlIG15IGNvbW1lbnRzIHdvdWxkIGRlcGVuZCB0b28gbXVjaCBv biBob3cgd2UgcmVzb2x2ZSB0aGUgcXVlc3Rpb24gYXNrZWQgYWJvdmUgYWJvdXQgdGhlIDMgbWV0 aG9kcy4gV2lsbCByZXN1bWUgaGVyZSBvbmNlIHdlIHNldHRsZWQgb24gdGhpcy4uLiANCj4gDQo+ IA0KPiANCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18N Cj4gQW5pbWEtYm9vdHN0cmFwIG1haWxpbmcgbGlzdA0KPiBBbmltYS1ib290c3RyYXBAaWV0Zi5v cmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9hbmltYS1ib290c3Ry YXANCg0K From nobody Sat Oct 22 17:21:12 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A15C12952B for ; Sat, 22 Oct 2016 17:21:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0HoGttd2S3w for ; Sat, 22 Oct 2016 17:21:10 -0700 (PDT) Received: from mail-pf0-x231.google.com (mail-pf0-x231.google.com [IPv6:2607:f8b0:400e:c00::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34E631294B1 for ; Sat, 22 Oct 2016 17:21:09 -0700 (PDT) Received: by mail-pf0-x231.google.com with SMTP id 128so77381530pfz.0 for ; Sat, 22 Oct 2016 17:21:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:organization:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=de+qFFqCyUt/vFM1BzyN8FDY5fykbxmEVfM1x/afsuE=; b=Vd+k6unXs5fj2GYanR98wk1JO/ns1jUC3sJaYHjiVGf1+WbH1tIOp6rnvGJBglgo8h cuZCIqLZGpFj1X4RAa7yfAM2Z+ULOuNqFHos0zBKP1O26pcsS/1m1wCm1G1EKryqAfD8 NRBRsrt2s9oC2vRcLrPqr2llqLyfzyzdocbMyxAYg23flYudptKZfUXhq862ZX+4pSAZ UrKKIJ8by8UIXYBKv3fprb415GxiiyFrS9W1L4el6IMFBDkAwP+WbGPaL+BwHAm07irZ Rn/mSW8/Vgsv78tMNoKt8+TG3q//9ecfIloVoMJZoZVxrRX+WLT6AAPKwuwnxoatAtAx H/vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:to:from:subject:organization:message-id:date :user-agent:mime-version:content-transfer-encoding; bh=de+qFFqCyUt/vFM1BzyN8FDY5fykbxmEVfM1x/afsuE=; b=JWvcxPWtVzAdgWrf9rRsDTzXDLQnjMgm67dXRxpCbEtUY/+uLx9e/FLEirorE5vZtS wlkjuEbkT0eVMwcU7OQCVGrzNlPrzpE61aDxbRLdI/7WRBAfx6U9mSO5Gq4v2S0JafVv 6B1TYfpqw7ctoi7cNFfYSz+kOoYp1BDqZKoJQl+VvaGfGox1YfSXS//RYhIbslEKCsJb ewqKdsjal0A/MDeBrJDywtSg2ZFh637eahMMag0Vhu+PGmdpDjIz+Y/lA2hnXmyXfSgb i4WLJtBjc/UzAOFGzS0LmspaNJxZFTL+QgVwdb0OUq5dEd9ytreMdYLItt5HljrDi7Ve tKFg== X-Gm-Message-State: ABUngvdPfvz1eXw0eYAyz10HNIiLbABUgmBhVGSlpckrjaFfJgkujpAAC86MbI3EPJAKUw== X-Received: by 10.98.68.218 with SMTP id m87mr15176612pfi.20.1477182069349; Sat, 22 Oct 2016 17:21:09 -0700 (PDT) Received: from [192.168.178.23] ([118.148.125.128]) by smtp.gmail.com with ESMTPSA id a4sm14715148pax.8.2016.10.22.17.21.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 22 Oct 2016 17:21:08 -0700 (PDT) To: anima-bootstrap From: Brian E Carpenter Organization: University of Auckland Message-ID: Date: Sun, 23 Oct 2016 13:21:06 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Subject: [Anima-bootstrap] AN Group Key X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2016 00:21:11 -0000 This is perhaps a bit of a side track, but is there a way to leverage the BRSKI registrar to securely distribute a Group Key? If every node in an AN domain had the same Group Key, we could make GRASP multicast secure. (I never followed the MSEC work, but it looks mighty complex.) Regards Brian Carpenter From nobody Mon Oct 24 10:33:05 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 014701295C2 for ; Mon, 24 Oct 2016 10:33:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Eb69mOieGYi for ; Mon, 24 Oct 2016 10:33:03 -0700 (PDT) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79DC4129464 for ; Mon, 24 Oct 2016 10:33:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1613; q=dns/txt; s=iport; t=1477330383; x=1478539983; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Er11Z8w5sc/gCK4ostY2DTghV3D3kG+DhDIhl9EZb78=; b=Egx9Hm/Mqyn1hoih13cTl49akMaPbKD7a2ty0DyvJIaYaOguzYkifpMZ FIWZril+PzF7n2WZEmHkVgw4pEEEzhXOR7KXFqD/jFJ9C0C6PSwygCxVx v45bgpDH5QQbgI/tQ41sOdRwQQgdcfEbl8N3YJtxAIK3m6/PG5PBgTgIG 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BuAQBwRQ5Y/4YNJK1TCRoBAQEBAgEBA?= =?us-ascii?q?QEIAQEBAYMqAQEBAQEdWH0HjS2WfIdejGGCBxwLhXoCgWc/FAECAQEBAQEBAWI?= =?us-ascii?q?ohGIBAQEDAQEBATc0CwULAgEIGB4QIQYLJQIEDgWIOAMPCA69Rw2DZQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBARcFiDoIglCCR4FZJ4Mwgi8FmV81AYx5gxmQAohshBq?= =?us-ascii?q?EAAEeNl6FAnIBh0CBAAEBAQ?= X-IronPort-AV: E=Sophos;i="5.31,542,1473120000"; d="scan'208";a="337774393" Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 24 Oct 2016 17:32:44 +0000 Received: from XCH-RCD-013.cisco.com (xch-rcd-013.cisco.com [173.37.102.23]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id u9OHWicg000664 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 24 Oct 2016 17:32:44 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-RCD-013.cisco.com (173.37.102.23) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 24 Oct 2016 12:32:43 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Mon, 24 Oct 2016 12:32:43 -0500 From: "Max Pritikin (pritikin)" To: Brian E Carpenter Thread-Topic: [Anima-bootstrap] AN Group Key Thread-Index: AQHSLMNe9vv4wQdrcUeeGpc3Ass/AKC4M4uA Date: Mon, 24 Oct 2016 17:32:43 +0000 Message-ID: <7DBD3957-4BAC-4902-B3FE-A0D1B011EBF6@cisco.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.155.84.65] Content-Type: text/plain; charset="us-ascii" Content-ID: <8BCC6FBF8D54C345984455F6403468D3@emea.cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] AN Group Key X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2016 17:33:05 -0000 BRSKI bootstraps a public key identity for the domain. It then rolls into a= local certificate distribution but as currently noted in s5.7: The prior sections provide functionality for the New Entity to obtain a trust anchor representative of the Domain. The following section describe using EST to obtain a locally issued PKI certificate. The New Entity MAY perform alternative enrollment methods or proceed to use its IDevID credential indefinately, but those that leverage the discovered Registrar to proceed with certificate enrollment MUST implement the following EST choices. The exact wording here could be adjusted. The point is that once the domain= trust anchor is bootstrapped a mandatory to implement, or highly recommend= ed interoperable approach, to identifying the device be implemented.=20 One could branch off here into a group key method or could distribute the c= erts and use them to engage with a group key model.=20 - max > On Oct 22, 2016, at 5:21 PM, Brian E Carpenter wrote: >=20 > This is perhaps a bit of a side track, but is there a way to leverage the > BRSKI registrar to securely distribute a Group Key? If every node in an A= N > domain had the same Group Key, we could make GRASP multicast secure. >=20 > (I never followed the MSEC work, but it looks mighty complex.) >=20 > Regards > Brian Carpenter >=20 >=20 > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Mon Oct 24 11:57:38 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 804FA1299B9 for ; Mon, 24 Oct 2016 11:57:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G3DC5aPLEvNu for ; Mon, 24 Oct 2016 11:57:36 -0700 (PDT) Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com [IPv6:2607:f8b0:400e:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 041661299B7 for ; Mon, 24 Oct 2016 11:57:36 -0700 (PDT) Received: by mail-pf0-x236.google.com with SMTP id e6so103501704pfk.3 for ; Mon, 24 Oct 2016 11:57:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=Y62GQKdlGyVdZUhIbHo/QcpUt5JSlGFuAt+nqYPLtUc=; b=CcYzYwxL+k974BbLiUUPOuL05Qs/hsFWUdOPbuDMNoa8KdNu3/K7zAL0FAqfFgf7Wl ENkp504gLNJ9H1MdDRNODdfkiGwyCWR6/lvJ0g4Oyn1sSY8LH+fPTmbBBbqZXCdX5JSD UD2v3M2a70Lz6ymoUGVnibs/DmppCsfXrtsPbUaYg9AvSu2fBMVxfDG9i4N3hP0MkmBZ /hkIgfitYgfn5Mjv2uRpJ2KEXGpLowmtLUz/wnn6KUJy1bKeA+CK0Wt2yf0Mozgz1CKl gHPl63ALCrOAKgGvQ7qCKLhCRmSTB8dR8mWGG8DRBi/6We/u4gVdamWHX+90t5L1OJOC KK3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=Y62GQKdlGyVdZUhIbHo/QcpUt5JSlGFuAt+nqYPLtUc=; b=fsBo29xSyNd5M3S0aisiRp2DSsq0OTzB2TacLQScyDl1YapPulkABBIqquxUivu7+a odEs3llJERFycQvmELi7l7oMuUuEWllMtFzRqC/vhP7JPDXqLi/lmwC+Ns/34NKScaLN CRxKWYfFXFHpYvy+bOZv4FLwbSWpqFDU/tbd9Gb0WTAjVBK5xC/zsrC60X9LxYgfH1oj TquocwrwqiwtyLEIFIzepMrH6ufKFJphR5RvC4RwBigECB/T34UHwUfJDmv5nEcw2zvr GmN+eI+BkVfdIcgp6T9CM4ke5JMJ8iegUirJAnp6GDSx1WbOFj9axL5rl8MYcHcY5Doc 0s9A== X-Gm-Message-State: ABUngvdBTzNkVBDm+c3dxdNCNlqjeYeeF/e8KCwygrOy/QJ1EYD4HjtIAI4U54k+MgCG6g== X-Received: by 10.98.80.2 with SMTP id e2mr31814063pfb.183.1477335455483; Mon, 24 Oct 2016 11:57:35 -0700 (PDT) Received: from ?IPv6:2406:e007:6593:1:28cc:dc4c:9703:6781? ([2406:e007:6593:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id cp2sm27256885pad.3.2016.10.24.11.57.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Oct 2016 11:57:35 -0700 (PDT) To: "Max Pritikin (pritikin)" References: <7DBD3957-4BAC-4902-B3FE-A0D1B011EBF6@cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: Date: Tue, 25 Oct 2016 07:57:33 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <7DBD3957-4BAC-4902-B3FE-A0D1B011EBF6@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] AN Group Key X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2016 18:57:37 -0000 Hi Max, Thanks. I don't propose anything for now, but maybe this could be an idea for future work. Since GRASP does rely on link-local multicast, it would be good to have some idea of how to secure it (if the ACP doesn't take care of it for us). Regards Brian On 25/10/2016 06:32, Max Pritikin (pritikin) wrote: > BRSKI bootstraps a public key identity for the domain. It then rolls into a local certificate distribution but as currently noted in s5.7: > > The prior sections provide functionality for the New Entity to obtain > a trust anchor representative of the Domain. The following section > describe using EST to obtain a locally issued PKI certificate. The > New Entity MAY perform alternative enrollment methods or proceed to > use its IDevID credential indefinately, but those that leverage the > discovered Registrar to proceed with certificate enrollment MUST > implement the following EST choices. > > The exact wording here could be adjusted. The point is that once the domain trust anchor is bootstrapped a mandatory to implement, or highly recommended interoperable approach, to identifying the device be implemented. > > One could branch off here into a group key method or could distribute the certs and use them to engage with a group key model. > > - max > > >> On Oct 22, 2016, at 5:21 PM, Brian E Carpenter wrote: >> >> This is perhaps a bit of a side track, but is there a way to leverage the >> BRSKI registrar to securely distribute a Group Key? If every node in an AN >> domain had the same Group Key, we could make GRASP multicast secure. >> >> (I never followed the MSEC work, but it looks mighty complex.) >> >> Regards >> Brian Carpenter >> >> >> _______________________________________________ >> Anima-bootstrap mailing list >> Anima-bootstrap@ietf.org >> https://www.ietf.org/mailman/listinfo/anima-bootstrap > > From nobody Tue Oct 25 14:09:39 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ADB512951C for ; Tue, 25 Oct 2016 14:09:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fTKqEEN6Zr2C for ; Tue, 25 Oct 2016 14:09:34 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D74E31294D0 for ; Tue, 25 Oct 2016 14:09:33 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id DF1BD200A3 for ; Tue, 25 Oct 2016 17:24:32 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id AD673639BA for ; Tue, 25 Oct 2016 17:09:32 -0400 (EDT) From: Michael Richardson To: anima-bootstrap In-Reply-To: <14023252.63665.1477411546694.JavaMail.nobody@jva2tc202.webex.com> References: <14023252.63665.1477411546694.JavaMail.nobody@jva2tc202.webex.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Anima-bootstrap] WebEx meeting scheduled: anima-bootstrap X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2016 21:09:38 -0000 --=-=-= Content-Type: text/plain We will meet a second time this week before the draft deadline. On Thurdsay "late afternoon" in EDT. Not sure why it says 8:0**5**. It's for 20:00 UTC, which is the 16:00 EDT time requested. anima-bootstrap Thursday, October 27, 2016 8:05 pm | Greenwich Time (Reykjavik, GMT) | 1 hr 15 mins Meeting number (access code): 644 193 226 Meeting password: boostrapping https://ietf.webex.com/ietf/j.php?MTID=m03f12543aa4aa8174225d92c9e08aeb7 -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWA/KCICLcPvd0N1lAQL3AwgAv3QJ+8W2jfKs/JJJg0dU6VVqkazk/ebL UM9iKqMYo5mevMPzfGmiB7siloYUWlP4xWuaz3wA5bd9OORxksNaD7pAEJ6yKVnt TWzMs4ZVTrOq7a0MAuY0uNE4m4WOdm1+5SyRF4e9uvoQQ9+pcoYR7LKeepKA9MkH TxDHv2JX6KV+OTRvWL8XhjFicPiY0PwZsq1EXHE1iN4ACz+sUe8ffIfEWoWblnv7 uTwK1ma868yVhVZqvEAA8dPbLPYoAW53QaHzlQdpTFP8DZiHiTxZYMBXgROEoVaW DHEVWMGOCGJ1NZ9Mc0M4NMU0SCTJV3j0uu9+9f4Ms3b7nzo09CVQMg== =2FAk -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Oct 26 18:00:46 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 894731294FE; Wed, 26 Oct 2016 18:00:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jv_19cUvHK-W; Wed, 26 Oct 2016 18:00:42 -0700 (PDT) Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83C7F1294C0; Wed, 26 Oct 2016 18:00:42 -0700 (PDT) Received: by mail-pf0-x22f.google.com with SMTP id 197so6144619pfu.0; Wed, 26 Oct 2016 18:00:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=jCdbdd+87KlKiabV7KaJYtUCDrJdpsa8O1zpbHByetU=; b=z2MT5ND65YpOCLBJ1g5VWZdE2nf7n9znf7rJBeOLOLT7w8HcWrrciBAIOFbt/3be92 7zautEphB+9houXGSDRSje4ipmBw9qo9tY+Fg/NZ8tdAE/lPzNvOp2o27WB2OkLc+sEC T0Rh35IhYPvZ9oQHdp/3/jaLsMDFODXJnKK3a21zodv8Cu8sogYoRyH+BkPhE88FpLbY H3hfVEnPppzIhhQSRrZL83sJJyro4G3V/I3dc6RuwDIi+hMndBHopZbYEqgrJj6IffyV o2PsQX82KVcB4gSopmkiURtG0FaSOWarf/jjXquG7liNF5seQfXQJMJCAWxIwyxk4aX+ R9YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=jCdbdd+87KlKiabV7KaJYtUCDrJdpsa8O1zpbHByetU=; b=mfUynDselkymJTNwr5pNYgCosEHBaOyjcprLIBg1vh3KVNiV225iVHw6JyAVPeiVBs aoPN1YcNinGuk+/Anyv97WwSQIjJpcRFe8WjMKkNY9xKIVr8P6NmGYZCf99w8JqhiJTI oYgcvAGW1JVkiqAYCDcqltF9gJfq+n1Q30mBphuRfHqI9w+RjheSZhn3ptj6fMryw+Hq GGQ47As5xQMLCbCHJAfNBUfKsEdSLw98mJGBBuiUjjmMSj3BCCw0xyHGmIBSt/lN3wAT RmyGZo7uBAy5LoVgYs0I/+Sl6c9gUwmjiza0FfIgahGckRafpTlHRBBSCvrl+uWJIffb sefA== X-Gm-Message-State: ABUngvcTM0vWklwoSf/pzOGKxz7BlS5EXTAQPbkpAqCeM5PnmJcjSfn/tsWxkoYTt34d8Q== X-Received: by 10.99.188.1 with SMTP id q1mr7587672pge.145.1477530041873; Wed, 26 Oct 2016 18:00:41 -0700 (PDT) Received: from ?IPv6:2406:e007:44d7:1:28cc:dc4c:9703:6781? ([2406:e007:44d7:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id yz6sm6732590pab.35.2016.10.26.18.00.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 26 Oct 2016 18:00:40 -0700 (PDT) To: Michael Richardson , 6tisch-security <6tisch-security@ietf.org> References: <20351.1476971471@obiwan.sandelman.ca> <0343d14c-5b18-b821-c9ad-d77fb7dae490@gmail.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: <12808a8a-5de1-c6cb-3f96-945573041ee4@gmail.com> Date: Thu, 27 Oct 2016 14:00:44 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <0343d14c-5b18-b821-c9ad-d77fb7dae490@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: Cc: anima-bootstrap Subject: Re: [Anima-bootstrap] 6tisch join -01 documented posted X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 01:00:44 -0000 Hi Michael, I said: TL;DR;WRL (will read later) Well, now is "later". Two comments: 1. I seemed to recall from various corridor discussions in Berlin that the anima-bootstrap preference was for a GRASP flooding model. However, I have no strong preference; and in fact your approach could make more use of GRASP than the flooding approach. But for discussion, here's the way a flooded objective would look (i.e. the registrar floods it out to all potential proxies (= Join Assistants). objective = ["AN_Registrar", objective-flags, loop-count, [radius, priority, weight, method]] method /= "BRSKI_TLS" method /= "BRSKI_COAP" radius = 0..255 ; the initial loop-count, so that the recipient can calculate ; the distance by subtraction priority = ; same semantics as mDNS priority weight = ; same semantics as mDNS weight The IP address, protocol and port are supplied as part of the M_FLOOD message (sorry, people who aren't familiar with draft-ietf-anima-grasp-07 won't get that). My model was that the proxy would get all the floods available and choose the one it liked best, based on the available method and distance, using the weight and priority as for mDNS. (Personally I think the mDNS stuff is overkill, but Toerless suggested we should be feature-equivalent.) That's what is coded in Python at https://www.cs.auckland.ac.nz/~brian/graspy/brski/ Of course, since it's flooded there is no response, so I was assuming that the pledge's IID would be part of the first actual BRSKI message. 2. Your CDDL looks OK to me. The format and semantics of the value field of a GRASP objective are completely flexible, so I don't see a problem with the first "request" to the Registrar being [IID, join-method]. The reply from the registrar could be [IID, another-join-method] if it didn't like the first one proposed. Once either side receives a join-method it likes, it would send [M_END,,[O_ACCEPT]] and we're done. 3. Mini-question, is this really IPv6-specific? If not I'd prefer a name that flags it as an AN infrastructure objective, e.g. "AN_Join" Regards Brian On 21/10/2016 08:38, Brian E Carpenter wrote: > On 21/10/2016 02:51, Michael Richardson wrote: > ... >> b) https://datatracker.ietf.org/doc/draft-richardson-anima-6join-discovery/ >> I wrote this document to reference from secure-join to explain the GRASP >> query that the Join Assistant will do to inform the Registrar about a new >> pledge. >> >> I think that this document goes into draft-ietf-anima-bootstrapping-keyinfra. >> >> Based upon some feedback on the anima list about how M_NEGOTIATE works, >> there are some major things wrong in this document when it comes to how an >> ANIMA Join Assistant would discover the *EST* port of the Registrar. > > TL;DR;WRL (will read later) > > I think you could look at my BRSKI toys (in Python) without needing to look at > my actual GRASP code. They express my understanding of the options. > > https://www.cs.auckland.ac.nz/~brian/graspy/brski/ > start with the README > > Regards > Brian > From nobody Thu Oct 27 12:17:23 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCC88129735 for ; Thu, 27 Oct 2016 12:17:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.951 X-Spam-Level: X-Spam-Status: No, score=-14.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afH7975XgqMc for ; Thu, 27 Oct 2016 12:17:20 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EFEB129721 for ; Thu, 27 Oct 2016 12:17:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=21764; q=dns/txt; s=iport; t=1477595840; x=1478805440; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=jMFvClRt2L14QZuvn47zVtfn0+LAqNMtSJhp4l5/t/s=; b=DHc1vmkdKK8Y1wguOG4HikXIUtxz8tzshqcnc/5aEdrjuiYSF3J/Y02i /j1uPEJvd2jn+cj5lVBiVNgxukg6haLdM9Nf2+SXC37q9fWNwhRwdduH3 GXUFZTTxts4VgMNh4sT+d3HvVYUdSVJ+zqJ806Uv9hVQSdl6QbbQ+SDWO 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CyAQDLURJY/4YNJK1cGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgnM3AQEBAQEdWH0HjTCrPYIHHQEKhXsCGoFrPxQBAgEBAQEBAQFiHQu?= =?us-ascii?q?EYwEBBAEBARoGSxsCAQg/AwICAiULFBEBAQQTCRaINQ6zNIx1AQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBHIg6gliEIwcBAYMfLIIvBY5Ki0wBhiyJdoFuToQfiSmHHIV?= =?us-ascii?q?vhAABHjZfhQlyAYVhDxeBCYEJAQEB?= X-IronPort-AV: E=Sophos;i="5.31,553,1473120000"; d="scan'208,217";a="162381955" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Oct 2016 19:17:19 +0000 Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id u9RJHJUm021728 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Thu, 27 Oct 2016 19:17:19 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 27 Oct 2016 14:17:18 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Thu, 27 Oct 2016 14:17:18 -0500 From: "Max Pritikin (pritikin)" To: "anima-bootstrap@ietf.org" Thread-Topic: [Anima] Call for agenda ANIMA @ IETF 97, Seoul, Korea Thread-Index: AdIutH58Odwhi0GhRUu6/2nVO6atAwB/Cc8A Date: Thu, 27 Oct 2016 19:17:18 +0000 Message-ID: <5D480740-DE73-4C8C-95EB-554CEE931C16@cisco.com> References: <5D36713D8A4E7348A7E10DF7437A4B927CC293B7@NKGEML515-MBX.china.huawei.com> In-Reply-To: <5D36713D8A4E7348A7E10DF7437A4B927CC293B7@NKGEML515-MBX.china.huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.11] Content-Type: multipart/alternative; boundary="_000_5D480740DE734C8C95EB554CEE931C16ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [Anima-bootstrap] [Anima] Call for agenda ANIMA @ IETF 97, Seoul, Korea X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 19:17:23 -0000 --_000_5D480740DE734C8C95EB554CEE931C16ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 DQpTaW5jZSBJIHdvbuKAmXQgYmUgYWJsZSB0byBiZSBpbiBTZW91bCBJIHdvbuKAmXQgYmUgYWJs ZSB0byBwcmVzZW50LiBCdXQgSSBzdXNwZWN0IHdlIHNob3VsZCBoYXZlIGEgc2xvdCBmb3IgcHJl c2VudGluZyBhbiB1cGRhdGUuIE1pY2hhZWwgUmljaGFyZHNvbiwgd2lsbCB5b3UgYmUgcHJlc2Vu dGluZz8gU2hvdWxkIHlvdSBjaGlwIGluIGZvciB0aGUgYWdlbmRhIHNsb3Q/DQoNCi0gbWF4DQoN Ck9uIE9jdCAyNSwgMjAxNiwgYXQgNTozOSBBTSwgU2hlbmcgSmlhbmcgPGppYW5nc2hlbmdAaHVh d2VpLmNvbTxtYWlsdG86amlhbmdzaGVuZ0BodWF3ZWkuY29tPj4gd3JvdGU6DQoNCkhpLCBhbGwg YW5pbWEsDQoNCldlIGhhdmUgcmVxdWVzdGVkIHR3byBzZXNzaW9ucyBvZiAyIGhvdXIgKyAyIGhv dXIgZm9yIHRoZSBBTklNQSBXRyBtZWV0aW5nIGZvciBJRVRGLTk3IChTZW91bCwgS29yZWEpIGFu ZCBhcmUgc3RhcnRpbmcgdG8gY29sbGVjdCBhZ2VuZGEgaXRlbXMgZm9yIHRoZXNlIHNlc3Npb25z LiBTYW1lIHdpdGggcHJldmlvdXMgSUVURiBtZWV0aW5ncywgd2UgZG8gbm90IHJlc2VydmUgdGhl IHNlY29uZCBzZXNzaW9uIGZvciBub24tY2hhcnRlciB3b3JrIGl0ZW1zLiBJdCBzYXlzIHRoZSBj aGFydGVyIHdvcmsgaXRlbSB3b3VsZCBoYXZlIHByaW9yaXR5LiBXZSB3aWxsIG9ubHkgZGlzY3Vz cyBub24tY2hhcnRlciB3b3JrIGl0ZW1zIHRpbGwgd2UgZmluaXNoIGNoYXJ0ZXIgd29yayBpdGVt cy4gSG93ZXZlciwgc2luY2Ugd2UgYXJlIGFwcHJvYWNoaW5nIG91ciBtaWxlc3RvbmVzLCBzb21l IG9mIG91ciBjaGFydGVyZWQgd29yayBpdGVtIG1heSBiZSBtYXR1cmUgYW5kIHJlcXVlc3QgbGVz cyBkaXNjdXNzaW9uIHRpbWUuIFNvLCBob3BlZnVsbHksIHdlIGNvdWxkIGhhdmUgbW9yZSB0aW1l IGZvciBkaXNjdXNzaW9uIG9mIG5vbi1jaGFydGVyIHdvcmsgaXRlbXMuIEFzIG5vcm1hbCwgdGhl IHByaW9yaXR5IGFtb25nIHRoZXNlIG5vbi1jaGFydGVyIHdvcmsgaXRlbXMgd291bGQgYmU6IHRo ZXNlIHRoYXQgaGF2ZSBhY3RpdmUgZGlzY3Vzc2lvbiBpbiBtYWlsIGxpc3QsIHRoZW4gdGhlc2Ug aGF2ZSBzdWJtaXR0ZWQgZHJhZnRzLCBhbmQgdG9waWNzIHdpdGhvdXQgZHJhZnRzLg0KDQpQbGVh c2Ugc2VuZCB1cyAoYW5pbWEtY2hhaXJzIGF0IGlldGYub3JnPGh0dHA6Ly9pZXRmLm9yZy8+KSBy ZXF1ZXN0cyBmb3IgdGltZSBzbG90IGJ5IE5vdmVtYmVyIDNyZCwgVGh1cnNkYXkgYW5kIGluY2x1 ZGU6DQpOYW1lIG9mIHRpbWUgc2xvdDoNCk5hbWUgb2YgZHJhZnQocyk6DQpUaW1lIHJlcXVlc3Rl ZDoNClByZXNlbnRlciBuYW1lKHMpOg0KQnJpZWYgZGVzY3JpcHRpb24gb2Ygd2hhdCBpc3N1ZXMg bmVlZCBkaXNjdXNzaW5nIGFuZCB3aGF0IHlvdSBob3BlIHRvDQphY2NvbXBsaXNoIGJ5IHByZXNl bnRpbmcgKHBsZWFzZSBmb2N1cyBvbiBvcGVuIGlzc3VlcywgcmF0aGVyIHRoYW4gYQ0Kc3RhdHVz IHVwZGF0ZSk6DQoNCk1vcmUgZGV0YWlscyBhYm91dCB0aGUgSUVURiA5NywgU2VvdWwsIEtvcmVh IGNhbiBiZSBmb3VuZCBhdDoNCmh0dHA6Ly93d3cuaWV0Zi5vcmcvbWVldGluZy85Ny9pbmRleC5o dG1sDQoNCkFnYWluLCBwcmVzZW50ZXJzIGFuZCBkcmFmdCBhdXRob3JzIHBsZWFzZSBpbnZva2Ug YWN0aXZlIGRpc2N1c3Npb25zIGluIHRoZSBBTklNQSBsaXN0LiBXZSBoYXZlIHZlcnkgbGltaXRl ZCB0aW1lIGZvciBlYWNoIHRvcGljIGluIHRoZSBmYWNlLXRvLWZhY2UgbWVldGluZy4gTWFpbCBs aXN0IGlzIGEgdmVyeSBnb29kIHBsYWNlIHRvIGRpc2N1c3MgYW5kIHJlYWNoIGNvbnNlbnN1cyBv biB0ZWNobmljYWwgaXNzdWVzLg0KDQpCZXN0IHJlZ2FyZHMsDQoNClRvZXJsZXNzICYgU2hlbmcN Cg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkFuaW1h IG1haWxpbmcgbGlzdA0KQW5pbWFAaWV0Zi5vcmc8bWFpbHRvOkFuaW1hQGlldGYub3JnPg0KaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9hbmltYQ0KDQo= --_000_5D480740DE734C8C95EB554CEE931C16ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <6AEF95C469384B47A2CCEEB2F786EC1F@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj48YnIgY2xh c3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+U2luY2UgSSB3b27igJl0IGJlIGFibGUgdG8g YmUgaW4gU2VvdWwgSSB3b27igJl0IGJlIGFibGUgdG8gcHJlc2VudC4gQnV0IEkgc3VzcGVjdCB3 ZSBzaG91bGQgaGF2ZSBhIHNsb3QgZm9yIHByZXNlbnRpbmcgYW4gdXBkYXRlLiBNaWNoYWVsIFJp Y2hhcmRzb24sIHdpbGwgeW91IGJlIHByZXNlbnRpbmc/IFNob3VsZCB5b3UgY2hpcCBpbiBmb3Ig dGhlIGFnZW5kYSBzbG90PyZuYnNwOzwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+ DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+LSBtYXg8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjxkaXY+ DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+T24gT2N0 IDI1LCAyMDE2LCBhdCA1OjM5IEFNLCBTaGVuZyBKaWFuZyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmpp YW5nc2hlbmdAaHVhd2VpLmNvbSIgY2xhc3M9IiI+amlhbmdzaGVuZ0BodWF3ZWkuY29tPC9hPiZn dDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0K PGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSIgc3R5bGU9InBhZ2U6IFdv cmRTZWN0aW9uMTsgZm9udC1mYW1pbHk6IENvbnNvbGFzOyBmb250LXNpemU6IDEzcHg7IGZvbnQt c3R5bGU6IG5vcm1hbDsgZm9udC12YXJpYW50LWNhcHM6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5v cm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgb3JwaGFuczogYXV0bzsgdGV4dC1hbGlnbjog c3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFj ZTogbm9ybWFsOyB3aWRvd3M6IGF1dG87IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQt c3Ryb2tlLXdpZHRoOiAwcHg7Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJsZWZ0IiBz dHlsZT0ibWFyZ2luOiAwY20gMGNtIDcuNXB0OyB0ZXh0LWFsaWduOiBsZWZ0OyBmb250LXNpemU6 IDEwLjVwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGJhY2tncm91bmQtY29s b3I6IHdoaXRlOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiBpbml0aWFsIGluaXRpYWw7IGJhY2tncm91 bmQtcmVwZWF0OiBpbml0aWFsIGluaXRpYWw7Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0i Zm9udC1zaXplOiAxMHB0OyBmb250LWZhbWlseTogQ29uc29sYXM7IGNvbG9yOiByZ2IoNTEsIDUx LCA1MSk7IiBjbGFzcz0iIj5IaSwgYWxsIGFuaW1hLDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJsZWZ0IiBzdHlsZT0ibWFyZ2luOiAw Y20gMGNtIDcuNXB0OyB0ZXh0LWFsaWduOiBsZWZ0OyBmb250LXNpemU6IDEwLjVwdDsgZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGJhY2tncm91bmQtY29sb3I6IHdoaXRlOyBiYWNr Z3JvdW5kLXBvc2l0aW9uOiBpbml0aWFsIGluaXRpYWw7IGJhY2tncm91bmQtcmVwZWF0OiBpbml0 aWFsIGluaXRpYWw7Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOiAxMHB0 OyBmb250LWZhbWlseTogQ29uc29sYXM7IGNvbG9yOiByZ2IoNTEsIDUxLCA1MSk7IiBjbGFzcz0i Ij48bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBhbGlnbj0ibGVmdCIgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSA3LjVwdDsgdGV4dC1hbGln bjogbGVmdDsgZm9udC1zaXplOiAxMC41cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNl cmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTsgYmFja2dyb3VuZC1wb3NpdGlvbjogaW5pdGlh bCBpbml0aWFsOyBiYWNrZ3JvdW5kLXJlcGVhdDogaW5pdGlhbCBpbml0aWFsOyI+DQo8c3BhbiBs YW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTogMTBwdDsgZm9udC1mYW1pbHk6IENvbnNvbGFz OyBjb2xvcjogcmdiKDUxLCA1MSwgNTEpOyIgY2xhc3M9IiI+V2UgaGF2ZSByZXF1ZXN0ZWQgdHdv IHNlc3Npb25zIG9mIDIgaG91ciAmIzQzOyAyIGhvdXIgZm9yIHRoZSBBTklNQSBXRyBtZWV0aW5n IGZvciBJRVRGLTk3IChTZW91bCwgS29yZWEpIGFuZCBhcmUgc3RhcnRpbmcgdG8gY29sbGVjdCBh Z2VuZGEgaXRlbXMgZm9yIHRoZXNlIHNlc3Npb25zLg0KIFNhbWUgd2l0aCBwcmV2aW91cyBJRVRG IG1lZXRpbmdzLCB3ZSBkbyBub3QgcmVzZXJ2ZSB0aGUgc2Vjb25kIHNlc3Npb24gZm9yIG5vbi1j aGFydGVyIHdvcmsgaXRlbXMuIEl0IHNheXMgdGhlIGNoYXJ0ZXIgd29yayBpdGVtIHdvdWxkIGhh dmUgcHJpb3JpdHkuIFdlIHdpbGwgb25seSBkaXNjdXNzIG5vbi1jaGFydGVyIHdvcmsgaXRlbXMg dGlsbCB3ZSBmaW5pc2ggY2hhcnRlciB3b3JrIGl0ZW1zLiBIb3dldmVyLCBzaW5jZSB3ZSBhcmUg YXBwcm9hY2hpbmcNCiBvdXIgbWlsZXN0b25lcywgc29tZSBvZiBvdXIgY2hhcnRlcmVkIHdvcmsg aXRlbSBtYXkgYmUgbWF0dXJlIGFuZCByZXF1ZXN0IGxlc3MgZGlzY3Vzc2lvbiB0aW1lLiBTbywg aG9wZWZ1bGx5LCB3ZSBjb3VsZCBoYXZlIG1vcmUgdGltZSBmb3IgZGlzY3Vzc2lvbiBvZiBub24t Y2hhcnRlciB3b3JrIGl0ZW1zLiBBcyBub3JtYWwsIHRoZSBwcmlvcml0eSBhbW9uZyB0aGVzZSBu b24tY2hhcnRlciB3b3JrIGl0ZW1zIHdvdWxkIGJlOiB0aGVzZSB0aGF0DQogaGF2ZSBhY3RpdmUg ZGlzY3Vzc2lvbiBpbiBtYWlsIGxpc3QsIHRoZW4gdGhlc2UgaGF2ZSBzdWJtaXR0ZWQgZHJhZnRz LCBhbmQgdG9waWNzIHdpdGhvdXQgZHJhZnRzLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJsZWZ0IiBzdHlsZT0ibWFyZ2luOiAwY20g MGNtIDcuNXB0OyB0ZXh0LWFsaWduOiBsZWZ0OyBmb250LXNpemU6IDEwLjVwdDsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGJhY2tncm91bmQtY29sb3I6IHdoaXRlOyBiYWNrZ3Jv dW5kLXBvc2l0aW9uOiBpbml0aWFsIGluaXRpYWw7IGJhY2tncm91bmQtcmVwZWF0OiBpbml0aWFs IGluaXRpYWw7Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOiAxMHB0OyBm b250LWZhbWlseTogQ29uc29sYXM7IGNvbG9yOiByZ2IoNTEsIDUxLCA1MSk7IiBjbGFzcz0iIj48 bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBhbGlnbj0ibGVmdCIgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSA3LjVwdDsgdGV4dC1hbGlnbjog bGVmdDsgZm9udC1zaXplOiAxMC41cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm OyBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTsgYmFja2dyb3VuZC1wb3NpdGlvbjogaW5pdGlhbCBp bml0aWFsOyBiYWNrZ3JvdW5kLXJlcGVhdDogaW5pdGlhbCBpbml0aWFsOyI+DQo8c3BhbiBsYW5n PSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTogMTBwdDsgZm9udC1mYW1pbHk6IENvbnNvbGFzOyBj b2xvcjogcmdiKDUxLCA1MSwgNTEpOyIgY2xhc3M9IiI+UGxlYXNlIHNlbmQgdXMgKGFuaW1hLWNo YWlycyBhdDxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48 YSBocmVmPSJodHRwOi8vaWV0Zi5vcmcvIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4dC1kZWNv cmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj5pZXRmLm9yZzwvYT4pDQogcmVxdWVzdHMgZm9y IHRpbWUgc2xvdCBieSBOb3ZlbWJlciAzcmQsIFRodXJzZGF5IGFuZCBpbmNsdWRlOjxvOnAgY2xh c3M9IiI+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJsZWZ0 IiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDcuNXB0OyB0ZXh0LWFsaWduOiBsZWZ0OyBmb250LXNp emU6IDEwLjVwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGJhY2tncm91bmQt Y29sb3I6IHdoaXRlOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiBpbml0aWFsIGluaXRpYWw7IGJhY2tn cm91bmQtcmVwZWF0OiBpbml0aWFsIGluaXRpYWw7Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIiBzdHls ZT0iZm9udC1zaXplOiAxMHB0OyBmb250LWZhbWlseTogQ29uc29sYXM7IGNvbG9yOiByZ2IoNTEs IDUxLCA1MSk7IiBjbGFzcz0iIj5OYW1lIG9mIHRpbWUgc2xvdDo8bzpwIGNsYXNzPSIiPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBhbGlnbj0ibGVmdCIgc3R5bGU9Im1h cmdpbjogMGNtIDBjbSA3LjVwdDsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1zaXplOiAxMC41cHQ7 IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0 ZTsgYmFja2dyb3VuZC1wb3NpdGlvbjogaW5pdGlhbCBpbml0aWFsOyBiYWNrZ3JvdW5kLXJlcGVh dDogaW5pdGlhbCBpbml0aWFsOyI+DQo8c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6 ZTogMTBwdDsgZm9udC1mYW1pbHk6IENvbnNvbGFzOyBjb2xvcjogcmdiKDUxLCA1MSwgNTEpOyIg Y2xhc3M9IiI+TmFtZSBvZiBkcmFmdChzKTo8bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBhbGlnbj0ibGVmdCIgc3R5bGU9Im1hcmdpbjogMGNtIDBj bSA3LjVwdDsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1zaXplOiAxMC41cHQ7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTsgYmFja2dyb3Vu ZC1wb3NpdGlvbjogaW5pdGlhbCBpbml0aWFsOyBiYWNrZ3JvdW5kLXJlcGVhdDogaW5pdGlhbCBp bml0aWFsOyI+DQo8c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTogMTBwdDsgZm9u dC1mYW1pbHk6IENvbnNvbGFzOyBjb2xvcjogcmdiKDUxLCA1MSwgNTEpOyIgY2xhc3M9IiI+VGlt ZSByZXF1ZXN0ZWQ6PG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgYWxpZ249ImxlZnQiIHN0eWxlPSJtYXJnaW46IDBjbSAwY20gNy41cHQ7IHRleHQt YWxpZ246IGxlZnQ7IGZvbnQtc2l6ZTogMTAuNXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu cy1zZXJpZjsgYmFja2dyb3VuZC1jb2xvcjogd2hpdGU7IGJhY2tncm91bmQtcG9zaXRpb246IGlu aXRpYWwgaW5pdGlhbDsgYmFja2dyb3VuZC1yZXBlYXQ6IGluaXRpYWwgaW5pdGlhbDsiPg0KPHNw YW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6IDEwcHQ7IGZvbnQtZmFtaWx5OiBDb25z b2xhczsgY29sb3I6IHJnYig1MSwgNTEsIDUxKTsiIGNsYXNzPSIiPlByZXNlbnRlciBuYW1lKHMp OjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFs aWduPSJsZWZ0IiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDcuNXB0OyB0ZXh0LWFsaWduOiBsZWZ0 OyBmb250LXNpemU6IDEwLjVwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGJh Y2tncm91bmQtY29sb3I6IHdoaXRlOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiBpbml0aWFsIGluaXRp YWw7IGJhY2tncm91bmQtcmVwZWF0OiBpbml0aWFsIGluaXRpYWw7Ij4NCjxzcGFuIGxhbmc9IkVO LVVTIiBzdHlsZT0iZm9udC1zaXplOiAxMHB0OyBmb250LWZhbWlseTogQ29uc29sYXM7IGNvbG9y OiByZ2IoNTEsIDUxLCA1MSk7IiBjbGFzcz0iIj5CcmllZiBkZXNjcmlwdGlvbiBvZiB3aGF0IGlz c3VlcyBuZWVkIGRpc2N1c3NpbmcgYW5kIHdoYXQgeW91IGhvcGUgdG88bzpwIGNsYXNzPSIiPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBhbGlnbj0ibGVmdCIgc3R5bGU9 Im1hcmdpbjogMGNtIDBjbSA3LjVwdDsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1zaXplOiAxMC41 cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiB3 aGl0ZTsgYmFja2dyb3VuZC1wb3NpdGlvbjogaW5pdGlhbCBpbml0aWFsOyBiYWNrZ3JvdW5kLXJl cGVhdDogaW5pdGlhbCBpbml0aWFsOyI+DQo8c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQt c2l6ZTogMTBwdDsgZm9udC1mYW1pbHk6IENvbnNvbGFzOyBjb2xvcjogcmdiKDUxLCA1MSwgNTEp OyIgY2xhc3M9IiI+YWNjb21wbGlzaCBieSBwcmVzZW50aW5nIChwbGVhc2UgZm9jdXMgb24gb3Bl biBpc3N1ZXMsIHJhdGhlciB0aGFuIGE8bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBhbGlnbj0ibGVmdCIgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSA3 LjVwdDsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1zaXplOiAxMC41cHQ7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTsgYmFja2dyb3VuZC1w b3NpdGlvbjogaW5pdGlhbCBpbml0aWFsOyBiYWNrZ3JvdW5kLXJlcGVhdDogaW5pdGlhbCBpbml0 aWFsOyI+DQo8c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTogMTBwdDsgZm9udC1m YW1pbHk6IENvbnNvbGFzOyBjb2xvcjogcmdiKDUxLCA1MSwgNTEpOyIgY2xhc3M9IiI+c3RhdHVz IHVwZGF0ZSk6PG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgYWxpZ249ImxlZnQiIHN0eWxlPSJtYXJnaW46IDBjbSAwY20gNy41cHQ7IHRleHQtYWxp Z246IGxlZnQ7IGZvbnQtc2l6ZTogMTAuNXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z ZXJpZjsgYmFja2dyb3VuZC1jb2xvcjogd2hpdGU7IGJhY2tncm91bmQtcG9zaXRpb246IGluaXRp YWwgaW5pdGlhbDsgYmFja2dyb3VuZC1yZXBlYXQ6IGluaXRpYWwgaW5pdGlhbDsiPg0KPHNwYW4g bGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6IDEwcHQ7IGZvbnQtZmFtaWx5OiBDb25zb2xh czsgY29sb3I6IHJnYig1MSwgNTEsIDUxKTsiIGNsYXNzPSIiPjxvOnAgY2xhc3M9IiI+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJsZWZ0IiBzdHls ZT0ibWFyZ2luOiAwY20gMGNtIDcuNXB0OyB0ZXh0LWFsaWduOiBsZWZ0OyBmb250LXNpemU6IDEw LjVwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGJhY2tncm91bmQtY29sb3I6 IHdoaXRlOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiBpbml0aWFsIGluaXRpYWw7IGJhY2tncm91bmQt cmVwZWF0OiBpbml0aWFsIGluaXRpYWw7Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9u dC1zaXplOiAxMHB0OyBmb250LWZhbWlseTogQ29uc29sYXM7IGNvbG9yOiByZ2IoNTEsIDUxLCA1 MSk7IiBjbGFzcz0iIj5Nb3JlIGRldGFpbHMgYWJvdXQgdGhlIElFVEYgOTcsIFNlb3VsLCBLb3Jl YSBjYW4gYmUgZm91bmQgYXQ6PG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgYWxpZ249ImxlZnQiIHN0eWxlPSJtYXJnaW46IDBjbSAwY20gNy41cHQ7 IHRleHQtYWxpZ246IGxlZnQ7IGZvbnQtc2l6ZTogMTAuNXB0OyBmb250LWZhbWlseTogQ2FsaWJy aSwgc2Fucy1zZXJpZjsgYmFja2dyb3VuZC1jb2xvcjogd2hpdGU7IGJhY2tncm91bmQtcG9zaXRp b246IGluaXRpYWwgaW5pdGlhbDsgYmFja2dyb3VuZC1yZXBlYXQ6IGluaXRpYWwgaW5pdGlhbDsi Pg0KPHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6IDEwcHQ7IGZvbnQtZmFtaWx5 OiBDb25zb2xhczsgY29sb3I6IHJnYig1MSwgNTEsIDUxKTsiIGNsYXNzPSIiPjxhIGhyZWY9Imh0 dHA6Ly93d3cuaWV0Zi5vcmcvbWVldGluZy85Ny9pbmRleC5odG1sIiBzdHlsZT0iY29sb3I6IHB1 cnBsZTsgdGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj5odHRwOi8vd3d3Lmll dGYub3JnL21lZXRpbmcvOTcvaW5kZXguaHRtbDwvYT48bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBhbGlnbj0ibGVmdCIgc3R5bGU9Im1hcmdpbjog MGNtIDBjbSA3LjVwdDsgdGV4dC1hbGlnbjogbGVmdDsgZm9udC1zaXplOiAxMC41cHQ7IGZvbnQt ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTsgYmFj a2dyb3VuZC1wb3NpdGlvbjogaW5pdGlhbCBpbml0aWFsOyBiYWNrZ3JvdW5kLXJlcGVhdDogaW5p dGlhbCBpbml0aWFsOyI+DQo8c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZTogMTBw dDsgZm9udC1mYW1pbHk6IENvbnNvbGFzOyBjb2xvcjogcmdiKDUxLCA1MSwgNTEpOyIgY2xhc3M9 IiI+PG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgYWxpZ249ImxlZnQiIHN0eWxlPSJtYXJnaW46IDBjbSAwY20gNy41cHQ7IHRleHQtYWxp Z246IGxlZnQ7IGZvbnQtc2l6ZTogMTAuNXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z ZXJpZjsgYmFja2dyb3VuZC1jb2xvcjogd2hpdGU7IGJhY2tncm91bmQtcG9zaXRpb246IGluaXRp YWwgaW5pdGlhbDsgYmFja2dyb3VuZC1yZXBlYXQ6IGluaXRpYWwgaW5pdGlhbDsiPg0KPHNwYW4g bGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6IDEwcHQ7IGZvbnQtZmFtaWx5OiBDb25zb2xh czsgY29sb3I6IHJnYig1MSwgNTEsIDUxKTsiIGNsYXNzPSIiPkFnYWluLCBwcmVzZW50ZXJzIGFu ZCBkcmFmdCBhdXRob3JzIHBsZWFzZSBpbnZva2UgYWN0aXZlIGRpc2N1c3Npb25zIGluIHRoZSBB TklNQSBsaXN0LiBXZSBoYXZlIHZlcnkgbGltaXRlZCB0aW1lIGZvciBlYWNoIHRvcGljIGluIHRo ZSBmYWNlLXRvLWZhY2UgbWVldGluZy4NCiBNYWlsIGxpc3QgaXMgYSB2ZXJ5IGdvb2QgcGxhY2Ug dG8gZGlzY3VzcyBhbmQgcmVhY2ggY29uc2Vuc3VzIG9uIHRlY2huaWNhbCBpc3N1ZXMuPG86cCBj bGFzcz0iIj48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgYWxpZ249Imxl ZnQiIHN0eWxlPSJtYXJnaW46IDBjbSAwY20gNy41cHQ7IHRleHQtYWxpZ246IGxlZnQ7IGZvbnQt c2l6ZTogMTAuNXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgYmFja2dyb3Vu ZC1jb2xvcjogd2hpdGU7IGJhY2tncm91bmQtcG9zaXRpb246IGluaXRpYWwgaW5pdGlhbDsgYmFj a2dyb3VuZC1yZXBlYXQ6IGluaXRpYWwgaW5pdGlhbDsiPg0KPHNwYW4gbGFuZz0iRU4tVVMiIHN0 eWxlPSJmb250LXNpemU6IDEwcHQ7IGZvbnQtZmFtaWx5OiBDb25zb2xhczsgY29sb3I6IHJnYig1 MSwgNTEsIDUxKTsiIGNsYXNzPSIiPjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJsZWZ0IiBzdHlsZT0ibWFyZ2luOiAwY20g MGNtIDcuNXB0OyB0ZXh0LWFsaWduOiBsZWZ0OyBmb250LXNpemU6IDEwLjVwdDsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGJhY2tncm91bmQtY29sb3I6IHdoaXRlOyBiYWNrZ3Jv dW5kLXBvc2l0aW9uOiBpbml0aWFsIGluaXRpYWw7IGJhY2tncm91bmQtcmVwZWF0OiBpbml0aWFs IGluaXRpYWw7Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOiAxMHB0OyBm b250LWZhbWlseTogQ29uc29sYXM7IGNvbG9yOiByZ2IoNTEsIDUxLCA1MSk7IiBjbGFzcz0iIj5C ZXN0IHJlZ2FyZHMsPG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgYWxpZ249ImxlZnQiIHN0eWxlPSJtYXJnaW46IDBjbSAwY20gNy41cHQ7IHRleHQt YWxpZ246IGxlZnQ7IGZvbnQtc2l6ZTogMTAuNXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu cy1zZXJpZjsgYmFja2dyb3VuZC1jb2xvcjogd2hpdGU7IGJhY2tncm91bmQtcG9zaXRpb246IGlu aXRpYWwgaW5pdGlhbDsgYmFja2dyb3VuZC1yZXBlYXQ6IGluaXRpYWwgaW5pdGlhbDsiPg0KPHNw YW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6IDEwcHQ7IGZvbnQtZmFtaWx5OiBDb25z b2xhczsgY29sb3I6IHJnYig1MSwgNTEsIDUxKTsiIGNsYXNzPSIiPjxvOnAgY2xhc3M9IiI+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIGFsaWduPSJsZWZ0IiBz dHlsZT0ibWFyZ2luOiAwY20gMGNtIDcuNXB0OyB0ZXh0LWFsaWduOiBsZWZ0OyBmb250LXNpemU6 IDEwLjVwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGJhY2tncm91bmQtY29s b3I6IHdoaXRlOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiBpbml0aWFsIGluaXRpYWw7IGJhY2tncm91 bmQtcmVwZWF0OiBpbml0aWFsIGluaXRpYWw7Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0i Zm9udC1zaXplOiAxMHB0OyBmb250LWZhbWlseTogQ29uc29sYXM7IGNvbG9yOiByZ2IoNTEsIDUx LCA1MSk7IiBjbGFzcz0iIj5Ub2VybGVzcyAmYW1wOyBTaGVuZzxvOnAgY2xhc3M9IiI+PC9vOnA+ PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgdGV4dC1h bGlnbjoganVzdGlmeTsgZm9udC1zaXplOiAxMC41cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz YW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBsYW5nPSJFTi1VUyIgY2xhc3M9IiI+PG86cCBj bGFzcz0iIj4mbmJzcDs8L286cD48L3NwYW4+PC9kaXY+DQo8L2Rpdj4NCjxzcGFuIHN0eWxlPSJm b250LWZhbWlseTogQ29uc29sYXM7IGZvbnQtc2l6ZTogMTNweDsgZm9udC1zdHlsZTogbm9ybWFs OyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXIt c3BhY2luZzogbm9ybWFsOyBvcnBoYW5zOiBhdXRvOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1p bmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdp ZG93czogYXV0bzsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6 IDBweDsgZmxvYXQ6IG5vbmU7IGRpc3BsYXk6IGlubGluZSAhaW1wb3J0YW50OyIgY2xhc3M9IiI+ X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188L3NwYW4+PGJy IHN0eWxlPSJmb250LWZhbWlseTogQ29uc29sYXM7IGZvbnQtc2l6ZTogMTNweDsgZm9udC1zdHls ZTogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFs OyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyBvcnBoYW5zOiBhdXRvOyB0ZXh0LWFsaWduOiBzdGFy dDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBu b3JtYWw7IHdpZG93czogYXV0bzsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJv a2Utd2lkdGg6IDBweDsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBDb25z b2xhczsgZm9udC1zaXplOiAxM3B4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFudC1j YXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7 IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0 LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lkb3dzOiBhdXRvOyB3b3Jk LXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyBmbG9hdDogbm9u ZTsgZGlzcGxheTogaW5saW5lICFpbXBvcnRhbnQ7IiBjbGFzcz0iIj5BbmltYQ0KIG1haWxpbmcg bGlzdDwvc3Bhbj48YnIgc3R5bGU9ImZvbnQtZmFtaWx5OiBDb25zb2xhczsgZm9udC1zaXplOiAx M3B4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFudC1jYXBzOiBub3JtYWw7IGZvbnQt d2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IG9ycGhhbnM6IGF1dG87IHRl eHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsg d2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lkb3dzOiBhdXRvOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdl YmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyIgY2xhc3M9IiI+DQo8YSBocmVmPSJtYWlsdG86 QW5pbWFAaWV0Zi5vcmciIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVu ZGVybGluZTsgZm9udC1mYW1pbHk6IENvbnNvbGFzOyBmb250LXNpemU6IDEzcHg7IGZvbnQtc3R5 bGU6IG5vcm1hbDsgZm9udC12YXJpYW50LWNhcHM6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1h bDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgb3JwaGFuczogYXV0bzsgdGV4dC1hbGlnbjogc3Rh cnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTog bm9ybWFsOyB3aWRvd3M6IGF1dG87IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ry b2tlLXdpZHRoOiAwcHg7IiBjbGFzcz0iIj5BbmltYUBpZXRmLm9yZzwvYT48YnIgc3R5bGU9ImZv bnQtZmFtaWx5OiBDb25zb2xhczsgZm9udC1zaXplOiAxM3B4OyBmb250LXN0eWxlOiBub3JtYWw7 IGZvbnQtdmFyaWFudC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1z cGFjaW5nOiBub3JtYWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWlu ZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lk b3dzOiBhdXRvOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDog MHB4OyIgY2xhc3M9IiI+DQo8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xp c3RpbmZvL2FuaW1hIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4dC1kZWNvcmF0aW9uOiB1bmRl cmxpbmU7IGZvbnQtZmFtaWx5OiBDb25zb2xhczsgZm9udC1zaXplOiAxM3B4OyBmb250LXN0eWxl OiBub3JtYWw7IGZvbnQtdmFyaWFudC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7 IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0 OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5v cm1hbDsgd2lkb3dzOiBhdXRvOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9r ZS13aWR0aDogMHB4OyIgY2xhc3M9IiI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0 aW5mby9hbmltYTwvYT48L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIi Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_5D480740DE734C8C95EB554CEE931C16ciscocom_-- From nobody Thu Oct 27 19:05:09 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89D671294FE for ; Thu, 27 Oct 2016 19:05:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pzNGDi3WnTNS for ; Thu, 27 Oct 2016 19:05:07 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1070612943E for ; Thu, 27 Oct 2016 19:05:06 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7782F200A3; Thu, 27 Oct 2016 22:20:13 -0400 (EDT) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B727C63AFE; Thu, 27 Oct 2016 22:05:05 -0400 (EDT) From: Michael Richardson To: "Max Pritikin \(pritikin\)" In-Reply-To: <5D480740-DE73-4C8C-95EB-554CEE931C16@cisco.com> References: <5D36713D8A4E7348A7E10DF7437A4B927CC293B7@NKGEML515-MBX.china.huawei.com> <5D480740-DE73-4C8C-95EB-554CEE931C16@cisco.com> X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] [Anima] Call for agenda ANIMA @ IETF 97, Seoul, Korea X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 02:05:08 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Max Pritikin (pritikin) wrote: > Since I won=E2=80=99t be able to be in Seoul I won=E2=80=99t be able = to present. But I > suspect we should have a slot for presenting an update. Michael > Richardson, will you be presenting? Should you chip in for the agenda > slot? I didn't do that yet... I guess I am putting my hand up now. > Please send us (anima-chairs at ietf.org) requests for time > slot by November 3rd, Thursday and include: > Name of time slot: > Name of draft(s): > Time requested: > Presenter name(s): > Brief description of what issues need discussing and what you > hope to > accomplish by presenting (please focus on open issues, rather > than a > status update): I think we can get this together next Tuesday then. =2D-=20 Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWBKyT4CLcPvd0N1lAQLeIwgAgCYIfT8ojmMReGAR6vj73IIusCmUPlFt R2I1oiVzHuFlM157KRKfs4F8tlUfpIYbp3eW6DHBR+2S7sMGn1RxTNj7TnZLA7K4 UPgQdY10sztQamomjNbmdevKAToXRhVTem1qDVI6rGq8OkDRD7c37Mu+CRufyCXR hg1cRIQ3cesi1Ub+9TaKBDwWbJaazcEsVcdqte6nTYeVZeRxwm9QYmBCXmhpbhjq RprZsIl1XRhYssn3ZuJvcHRTvZFDjhtRujZer6XHgBhSbwUMpMZg8zQQMyqxmwOJ 7rR9Y5qVWL8OKn9pi/daXWaFtg9OlK8KdM8HXkIBMOzdoeG9wS4/1A== =jxoy -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Oct 28 15:50:30 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D99FA129468 for ; Fri, 28 Oct 2016 15:50:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.952 X-Spam-Level: X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSmGRVk2vWW9 for ; Fri, 28 Oct 2016 15:50:27 -0700 (PDT) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BBA0127A90 for ; Fri, 28 Oct 2016 15:50:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=702; q=dns/txt; s=iport; t=1477695027; x=1478904627; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=oKEwh1DsbIvEUVmK78aaETvDeiLbq2pc/AE9bwtTL4Y=; b=On+9Kmgo5tvRkU0iJGQq5fEIpdwn68Irzj4W0xUlI6OmrXZlOGL9ZYrg +wJesPLtIF3YDTMywKquarLXwuoCPN4LankNqY5fy+vWapEFhiK8/tEK0 G5ZSTHvTci/L4aDZpehi6FHhNh+Y3+uU9R+h9HDbKSZy7oUQ/Pf3UJnL/ k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D8AQBu1RNY/5xdJa1dHAEBBAEBCgEBg?= =?us-ascii?q?yoBAQEBAR9YfQeNL6kvgg+CByqGFYFrPxQBAgEBAQEBAQFiHQuEaSMRVwEiAiY?= =?us-ascii?q?CBDAVEgSIZw6hdY9xjGcBAQEBAQEBAwEBAQEBAQEBAQEYBYEHhzOKIyyCEh0Fm?= =?us-ascii?q?hgBhiyJeoFYFoRtiSmHHolxAR42X4UKcoZqgQkBAQE?= X-IronPort-AV: E=Sophos;i="5.31,560,1473120000"; d="scan'208";a="163203535" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Oct 2016 22:50:26 +0000 Received: from XCH-ALN-011.cisco.com (xch-aln-011.cisco.com [173.36.7.21]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id u9SMoQgO029498 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Fri, 28 Oct 2016 22:50:26 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-011.cisco.com (173.36.7.21) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 28 Oct 2016 17:50:26 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Fri, 28 Oct 2016 17:50:26 -0500 From: "Max Pritikin (pritikin)" To: "anima-bootstrap@ietf.org" Thread-Topic: BRSKI doc updates for -04 Thread-Index: AQHSMW2sWHhBGeG7Cku6jat5gwjAnA== Date: Fri, 28 Oct 2016 22:50:26 +0000 Message-ID: <2A325ACB-B2D6-402F-B045-C2BB5CC5A35D@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.11] Content-Type: text/plain; charset="utf-8" Content-ID: <4D9F5CC3DDD80A469ADB559596C4C672@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: [Anima-bootstrap] BRSKI doc updates for -04 X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 22:50:29 -0000 DQpGb2xrcywgSeKAmXZlIGJlZW4gbWFraW5nIGNoYW5nZXMgdG93YXJkIHB1c2hpbmcgb3V0IGFu IHVwZGF0ZSB0aGlzIHdlZWtlbmQuIElmIHlvdSBoYXZlIGxhc3QgbWludXRlIGNvbW1lbnRzIG9y IHdpc2ggdG8gdmVyaWZ5IHRoYXQgZGVzaWduIHRlYW0gZGlzY3Vzc2lvbiBoYXZlIGJlZW4gY2Fw dHVyZWQgcGxlYXNlIHRha2UgYSBsb29rIGF0IHRoZSBnaXRodWIgdmVyc2lvbi4gDQoNCkEgY3Vy cmVudCBidWlsZCAtMDQgcHJlbGltaW5hcnkgdmVyc2lvbiBpcywgYXMgYWx3YXlzLCBsb2NhdGVk IGhlcmU6DQoJaHR0cHM6Ly9naXRodWIuY29tL2lldGYtcm9sbC9hbmltYS1ib290c3RyYXAvYmxv Yi9tYXN0ZXIvZHRib290c3RyYXAtYW5pbWEta2V5aW5mcmEtMDQudHh0DQoNCklmIHlvdSBoYXZl IGNvbW1lbnRzIHBsZWFzZSB0cnkgdG8gaW5jbHVkZSBzcGVjaWZpYyBjaGFuZ2VzLiANCg0KSSB3 aWxsIGJlIHB1c2hpbmcgdGhpcyBieSB0aGUgT2N0IDMxc3QgZGVhZGxpbmUuIA0KDQotIG1heA== From nobody Fri Oct 28 17:24:02 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2C01294B4 for ; Fri, 28 Oct 2016 17:24:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtdaTHeYm975 for ; Fri, 28 Oct 2016 17:23:59 -0700 (PDT) Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F5E81293F2 for ; Fri, 28 Oct 2016 17:23:59 -0700 (PDT) Received: by mail-pf0-x235.google.com with SMTP id s8so45005633pfj.2 for ; Fri, 28 Oct 2016 17:23:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=d+yIfr0JE5lxLY8HIZsVynvC9Qj2PX6TMl/6xW2dUkY=; b=KblJn//ZdLdp/0c5gzmlSwCdDXaRI2Rnr4uwN6Mjtd0Qy3XatqE1s7mO+CPw8uoXlw ls6ZGndHqGzdM+khkD/C6lhqvRP6tkzCNxHoiFK0NRD5dtKCKyRu5VNyAyF9L5hcslP3 u+W4sUOlgAuNpf5Lgfv5H4KwJmLNJt4U1gCcsbOraDjBKgrW1Z/ewiZueWw/JP4Onsut 4/IyWdHX8nuvqbHaDuaLZI6vwntGXcTxdHcXxD5b5m7k2L0VeHm+PhjR8Cyw46anM6cs zXb3NDOUqeTUc3V2I1q2Buob9SFgeJD6yr7W+qgZx9mz0MSht/qIeYA9VTfKFjqrDyNU c9rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=d+yIfr0JE5lxLY8HIZsVynvC9Qj2PX6TMl/6xW2dUkY=; b=D/thffjRjf6MMbJ7VFcjdSkFY6hVjoWv94OtQ+4uP3F00bZtoCkWYPu7e9XejnY1N7 P+VJ7SbQ6n/6biGY8DQ68bOINHZPsB9QwfkWZRNVr+Nrb172AGWHm8BlJNXCvOR2qmom 8UglSKePSkiYk7bD3CPgVh87POQ80SMSMQHSHiJb/rbkdiYXebA8pZcTYwO2bcI0KcHw K2IUvVrnXZG1jIt4LuebZetxjLU0R4B+0uIx9NNkwLlWBFDd2jRAjV07mGH7+18al9UV 4x+0O6EgNb+BrtRtNlByjsJcTFnS0+h9IURYsFABamC8G8KYcIoz5wyaoc+JFWWaCJgD GkWA== X-Gm-Message-State: ABUngvdUoFB6iSY7KLCT8qYaU1erITyKiQ0KlsuulMpwwW/DeaO55hMbthXxuavSs+NDkA== X-Received: by 10.98.51.134 with SMTP id z128mr29421174pfz.163.1477700638732; Fri, 28 Oct 2016 17:23:58 -0700 (PDT) Received: from ?IPv6:2406:e007:659e:1:28cc:dc4c:9703:6781? ([2406:e007:659e:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id v84sm21291660pfd.91.2016.10.28.17.23.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 28 Oct 2016 17:23:57 -0700 (PDT) To: "Max Pritikin (pritikin)" , "anima-bootstrap@ietf.org" References: <2A325ACB-B2D6-402F-B045-C2BB5CC5A35D@cisco.com> From: Brian E Carpenter Organization: University of Auckland Message-ID: <8388f68f-849b-1afd-469d-0ba3bbf50373@gmail.com> Date: Sat, 29 Oct 2016 13:24:07 +1300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <2A325ACB-B2D6-402F-B045-C2BB5CC5A35D@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Anima-bootstrap] BRSKI doc updates for -04 X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Oct 2016 00:24:01 -0000 Hi, I object strongly to the unchanged formulation of section 3.1.1 (Discover= y). It mandates DNS-SD when IMHO it should mandate either DNS-SD or a GRASP based method, as we discussed in Berlin. As I've said a few times, I don't really care whether the GRASP method is based on the Flood mechanism or the Discovery/Synchronize mechanism, or a Discovery/Negotiat= e mechanism as Michael R proposed. But we look collectively foolish if we do not use a GRASP mechanism within the AN environment. At least, I want to see a place holder for this in the -04 draft. Basically it would look like [the pledge] b. MUST: either b1. Performs DNS-based Service Discovery [RFC6763]... or b2. Performs GRASP-based Discovery [details TBD since we are out of t= ime] and appropriate text somwhere about what the proxy does (i.e. MUST suppor= t both discovery methods). In 3.2.1 (CoAP connection to Registrar) there is a passing reference to GRASP, without a citation, and the same for the ACP, without a citatio= n. At the minimum those need to cite the relevant drafts. There's the same choice for how the proxy discovers the registrar (Flood, Discovery/Synchr= onize or Discovery/Negotiate). Also, the ACP isn't mandatory for GRASP - we could use Synchronize or Negotiate securely via TLS, if we had to. Regards Brian On 29/10/2016 11:50, Max Pritikin (pritikin) wrote: >=20 > Folks, I=E2=80=99ve been making changes toward pushing out an update th= is weekend. If you have last minute comments or wish to verify that desig= n team discussion have been captured please take a look at the github ver= sion.=20 >=20 > A current build -04 preliminary version is, as always, located here: > https://github.com/ietf-roll/anima-bootstrap/blob/master/dtbootstrap-a= nima-keyinfra-04.txt >=20 > If you have comments please try to include specific changes.=20 >=20 > I will be pushing this by the Oct 31st deadline.=20 >=20 > - max > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap >=20 From nobody Sat Oct 29 08:12:04 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6BFE126B6D for ; Sat, 29 Oct 2016 08:11:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.621 X-Spam-Level: X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4UHyY3uhZ2p for ; Sat, 29 Oct 2016 08:11:56 -0700 (PDT) Received: from lb2-smtp-cloud2.xs4all.net (lb2-smtp-cloud2.xs4all.net [194.109.24.25]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 796441295BC for ; Sat, 29 Oct 2016 08:11:56 -0700 (PDT) Received: from webmail.xs4all.nl ([194.109.20.204]) by smtp-cloud2.xs4all.net with ESMTP id 1TBt1u0074QBLo201TBt1M; Sat, 29 Oct 2016 17:11:54 +0200 Received: from AMontpellier-654-1-191-199.w92-145.abo.wanadoo.fr ([92.145.170.199]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Sat, 29 Oct 2016 17:11:53 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sat, 29 Oct 2016 17:11:53 +0200 From: peter van der Stok To: Anima-bootstrap , Core Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: <147775346922.30618.14590857285848221161.idtracker@ietfa.amsl.com> References: <147775346922.30618.14590857285848221161.idtracker@ietfa.amsl.com> Message-ID: X-Sender: stokcons@xs4all.nl (hqQl/I9Ss2nPFCO/Z0L7ZrqgpB5aThV2) User-Agent: XS4ALL Webmail Archived-At: Subject: [Anima-bootstrap] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Oct 2016 15:12:00 -0000 Dear all, we have submitted a new draft Enrollment over Secure Transport (EST) over coaps to make BRSKI over coap possible. We expect (parts of) this draft to be integrated with coap-bootstrap draft of pritikin and Kampanakis. This draft removes EST functionality not absolutely needed within the context we expect the BRSKI deployment for low-resource devices. Greetings, Peter -------- Oorspronkelijke bericht -------- Onderwerp: New Version Notification for draft-vanderstok-core-coap-est-00.txt Datum: 2016-10-29 17:04 Afzender: internet-drafts@ietf.org Ontvanger: "Peter van der Stok" , "Peter Van der Stok" , "Sandeep Kumar" , "Sandeep S. Kumar" A new version of I-D, draft-vanderstok-core-coap-est-00.txt has been successfully submitted by Peter van der Stok and posted to the IETF repository. Name: draft-vanderstok-core-coap-est Revision: 00 Title: EST based on DTLS secured CoAP (EST-coaps) Document date: 2016-10-29 Group: Individual Submission Pages: 15 URL: https://www.ietf.org/internet-drafts/draft-vanderstok-core-coap-est-00.txt Status: https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-est/ Htmlized: https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00 Abstract: Low-resource devices in a Low-power and Lossy Network (LLN) can operate in a mesh network using the IPv6 over Low-power Personal Area Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards. Provisioning these devices in a secure manner with keys (often called security bootstrapping) used to encrypt and authenticate messages is the subject of Bootstrapping of Remote Secure Key Infrastructures (BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra]. Enrollment over Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used for BRSKI. This document defines how low-resource devices are expected to use EST over DTLS and CoAP. 6LoWPAN fragmentation management and minor extensions to CoAP are needed to enable EST over DTLS-secured CoAP (EST-coaps). Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat From nobody Mon Oct 31 00:54:40 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A5AD12940C; Mon, 31 Oct 2016 00:54:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NlYS3TmFj4J2; Mon, 31 Oct 2016 00:54:33 -0700 (PDT) Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D0EB1293E4; Mon, 31 Oct 2016 00:54:33 -0700 (PDT) Received: by mail-qt0-x231.google.com with SMTP id c47so22331062qtc.2; Mon, 31 Oct 2016 00:54:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=g1jSy+XAl5pw/jXMhQfJLLh4owMEVVORDPWDotLJzfE=; b=UtU+WThhUdY22eTNn3T6JZJJI/ao6T5QhtQFWcYL2CRRA1faWq2ZlxaS27AO2Ni64Z QqazzXmf1HPwNM3sDctJ9neCtAX2LISuwDK6+uts8XSeJxotYhFHUE5B/goOcCAAOolf bTQMMPLylzfvB6mQ0hI3NyPBmtEC6usE4b/4zAlO9lp9U9+ZmcWo6+1AyuyQ88Qi7Szz T8bKg/rI3pXS7HIJC+SnM6MeQZN/RTsZrx/RD436Zaz0HSxyOR4uufTPspkYosKyXey3 3YImczZEjFKgAfwurk/kJEz4VT2YPhVFU/Qt6pvt5GertspxZM+aHbQJn8G31RjpHXQu Xo4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=g1jSy+XAl5pw/jXMhQfJLLh4owMEVVORDPWDotLJzfE=; b=dV3Go9htE3HwfWYBPVzSpWWs57e9maaDUegVuFGu3wt/5ID7a7XdKIbIcBMiF//5hD u9Ey5Ona6h4bg9wEqSWCu1HAxOynek1apgUOZqulILDatkIzgaUDVhU23HBI6w26OzB2 1LmEcPBAZg3eo/gPlala34fV43qKRZoarGefpy5mEnaGJ8qwvm3tNP0O+L5xw78+z5rR x1Koil9m+dvqB9iWx0hujc7u++2meHWCMvkeEMqqb4YVosAc1HnA8xY9aaUaETu059Nb rz07H1yh1k7R6PyGeUi89Y9Dl6nWFsA+5VB+ZcXsntI1YvCPVOlSV2vPqfqcCYCKhRyV nopQ== X-Gm-Message-State: ABUngvdgAURWaQDyedD2CnKU9d/PqejrJZDzDQdgksB0CNNvZe65T7uJlaGH9KOrYgm5UWGegCIpc9csF4j0mw== X-Received: by 10.200.56.228 with SMTP id g33mr19705472qtc.140.1477900472537; Mon, 31 Oct 2016 00:54:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.39.175 with HTTP; Mon, 31 Oct 2016 00:54:12 -0700 (PDT) In-Reply-To: References: <147775346922.30618.14590857285848221161.idtracker@ietfa.amsl.com> From: Julien Vermillard Date: Mon, 31 Oct 2016 08:54:12 +0100 Message-ID: To: consultancy@vanderstok.org Content-Type: multipart/alternative; boundary=001a1141d0b4adda1505402484e2 Archived-At: Cc: Anima-bootstrap , Core Subject: Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 07:54:35 -0000 --001a1141d0b4adda1505402484e2 Content-Type: text/plain; charset=UTF-8 Hi, It's something I would like to implement, but I have a question: why the draft doesn't support PSK based authentication (only certificates), because I have a fleet of device using PSK and I would like to move them to X.509 based auth. My plan is to use EST over CoAP, do the initial auth using DTLS-PSK and then move to regular DTLS X.509 mutual auth. -- Julien Vermillard On Sat, Oct 29, 2016 at 5:11 PM, peter van der Stok wrote: > Dear all, > > we have submitted a new draft Enrollment over Secure Transport (EST) over > coaps to make BRSKI over coap possible. > We expect (parts of) this draft to be integrated with coap-bootstrap draft > of pritikin and Kampanakis. > This draft removes EST functionality not absolutely needed within the > context we expect the BRSKI deployment for low-resource devices. > > Greetings, > > Peter > > -------- Oorspronkelijke bericht -------- > Onderwerp: New Version Notification for draft-vanderstok-core-coap-est > -00.txt > Datum: 2016-10-29 17:04 > Afzender: internet-drafts@ietf.org > Ontvanger: "Peter van der Stok" , "Peter Van > der Stok" , "Sandeep Kumar" , > "Sandeep S. Kumar" > > A new version of I-D, draft-vanderstok-core-coap-est-00.txt > has been successfully submitted by Peter van der Stok and posted to the > IETF repository. > > Name: draft-vanderstok-core-coap-est > Revision: 00 > Title: EST based on DTLS secured CoAP (EST-coaps) > Document date: 2016-10-29 > Group: Individual Submission > Pages: 15 > URL: https://www.ietf.org/internet- > drafts/draft-vanderstok-core-coap-est-00.txt > Status: https://datatracker.ietf.org/ > doc/draft-vanderstok-core-coap-est/ > Htmlized: https://tools.ietf.org/html/d > raft-vanderstok-core-coap-est-00 > > > Abstract: > Low-resource devices in a Low-power and Lossy Network (LLN) can > operate in a mesh network using the IPv6 over Low-power Personal Area > Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards. > Provisioning these devices in a secure manner with keys (often called > security bootstrapping) used to encrypt and authenticate messages is > the subject of Bootstrapping of Remote Secure Key Infrastructures > (BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra]. Enrollment over > Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used for > BRSKI. This document defines how low-resource devices are expected > to use EST over DTLS and CoAP. 6LoWPAN fragmentation management and > minor extensions to CoAP are needed to enable EST over DTLS-secured > CoAP (EST-coaps). > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core > --001a1141d0b4adda1505402484e2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,
It's something I would lik= e to implement, but I have a question:
why the draft doesn't s= upport PSK based authentication (only certificates), because I have a fleet= of device using PSK and I would like to move them to X.509 based auth.
=
My plan is to use EST over CoAP, do the initial auth using DTLS-PSK a= nd then move to regular DTLS X.509 mutual auth.

--
Julien Vermillard
<= /div>

On Sat, Oct 29, 2016 at 5:11 PM, peter van d= er Stok <stokcons@xs4all.nl> wrote:
Dear all,

we have submitted a new draft=C2=A0 Enrollment over Secure Transport (EST) = over coaps to make BRSKI over coap possible.
We expect (parts of) this draft to be integrated with coap-bootstrap draft = of pritikin and Kampanakis.
This draft removes EST functionality not absolutely needed within the conte= xt we expect the BRSKI deployment for low-resource devices.

Greetings,

Peter

-------- Oorspronkelijke bericht --------
Onderwerp: New Version Notification for draft-vanderstok-core-coap-est= -00.txt
Datum: 2016-10-29 17:04
Afzender: int= ernet-drafts@ietf.org
Ontvanger: "Peter van der Stok" <consultancy@vanderstok.org>, &quo= t;Peter Van der Stok" <consultancy@vanderstok.org>, "Sandeep Kumar= " <ietf@sandee= p.de>, "Sandeep S. Kumar" <ietf@sandeep.de>

A new version of I-D, draft-vanderstok-core-coap-est-00.txt
has been successfully submitted by Peter van der Stok and posted to the
IETF repository.

Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0draft-vanderstok-core-coap-est
Revision:=C2=A0 =C2=A0 =C2=A0 =C2=A000
Title:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 EST based on DTLS secured CoAP (ES= T-coaps)
Document date:=C2=A0 2016-10-29
Group:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Individual Submission
Pages:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 15
URL:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 https://www.ietf.org/internet-drafts/draft-vanders= tok-core-coap-est-00.txt
Status:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-= est/
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0htt= ps://tools.ietf.org/html/draft-vanderstok-core-coap-est-00

Abstract:
=C2=A0 =C2=A0Low-resource devices in a Low-power and Lossy Network (LLN) ca= n
=C2=A0 =C2=A0operate in a mesh network using the IPv6 over Low-power Person= al Area
=C2=A0 =C2=A0Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards.
=C2=A0 =C2=A0Provisioning these devices in a secure manner with keys (often= called
=C2=A0 =C2=A0security bootstrapping) used to encrypt and authenticate messa= ges is
=C2=A0 =C2=A0the subject of Bootstrapping of Remote Secure Key Infrastructu= res
=C2=A0 =C2=A0(BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra].=C2=A0 En= rollment over
=C2=A0 =C2=A0Secure Transport (EST) [RFC7030], based on TLS and HTTP, is us= ed for
=C2=A0 =C2=A0BRSKI.=C2=A0 This document defines how low-resource devices ar= e expected
=C2=A0 =C2=A0to use EST over DTLS and CoAP. 6LoWPAN fragmentation managemen= t and
=C2=A0 =C2=A0minor extensions to CoAP are needed to enable EST over DTLS-se= cured
=C2=A0 =C2=A0CoAP (EST-coaps).




Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
core mailing list
core@ietf.org
https://www.ietf.org/mailman/listinfo/core

--001a1141d0b4adda1505402484e2-- From nobody Mon Oct 31 01:24:55 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E4BC129454 for ; Mon, 31 Oct 2016 01:24:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.602 X-Spam-Level: X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6X3fqtsZZL-4 for ; Mon, 31 Oct 2016 01:24:51 -0700 (PDT) Received: from lb1-smtp-cloud6.xs4all.net (lb1-smtp-cloud6.xs4all.net [194.109.24.24]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAC58127A90 for ; Mon, 31 Oct 2016 01:24:50 -0700 (PDT) Received: from webmail.xs4all.nl ([194.109.20.203]) by smtp-cloud6.xs4all.net with ESMTP id 28Qn1u00M4NtgTm018QnAX; Mon, 31 Oct 2016 09:24:48 +0100 Received: from AMontpellier-654-1-191-199.w92-145.abo.wanadoo.fr ([92.145.170.199]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Mon, 31 Oct 2016 09:24:47 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 31 Oct 2016 09:24:47 +0100 From: peter van der Stok To: Julien Vermillard Organization: vanderstok consultancy Mail-Reply-To: consultancy@vanderstok.org In-Reply-To: References: <147775346922.30618.14590857285848221161.idtracker@ietfa.amsl.com> Message-ID: <18a2aac4439c589297fe2739c4500dd3@xs4all.nl> X-Sender: stokcons@xs4all.nl (PxR4zFVlexXFG7UlgVIPrkrbjR8m/cem) User-Agent: XS4ALL Webmail Archived-At: Cc: Anima-bootstrap , Core , consultancy@vanderstok.org Subject: Re: [Anima-bootstrap] [core] Fwd: New Version Notification for draft-vanderstok-core-coap-est-00.txt X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: consultancy@vanderstok.org List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 08:24:53 -0000 Hi Julien, thanks for your interest. Many thanks for this comment. We urgently needed a write-up for "EST over coaps" within the context of commissioning IoT devices. The use of other means than certificates seemed very unlikely to us, given the quantity of devices and other installation constraints. However, when the need exists for PSK based authentication, we probably need to put that in as well. As stated below, we want to integrate the draft with the work done in coap-bootstrap, and there PSK based authentication was originally foreseen. I hope this answers your question, Peter Julien Vermillard schreef op 2016-10-31 08:54: > Hi, > It's something I would like to implement, but I have a question: > why the draft doesn't support PSK based authentication (only > certificates), because I have a fleet of device using PSK and I would > like to move them to X.509 based auth. > My plan is to use EST over CoAP, do the initial auth using DTLS-PSK > and then move to regular DTLS X.509 mutual auth. > > -- > Julien Vermillard > On Sat, Oct 29, 2016 at 5:11 PM, peter van der Stok > wrote: > >> Dear all, >> >> we have submitted a new draft Enrollment over Secure Transport >> (EST) over coaps to make BRSKI over coap possible. >> We expect (parts of) this draft to be integrated with coap-bootstrap >> draft of pritikin and Kampanakis. >> This draft removes EST functionality not absolutely needed within >> the context we expect the BRSKI deployment for low-resource devices. >> >> Greetings, >> >> Peter >> >> -------- Oorspronkelijke bericht -------- >> Onderwerp: New Version Notification for >> draft-vanderstok-core-coap-est-00.txt >> Datum: 2016-10-29 17:04 >> Afzender: internet-drafts@ietf.org >> Ontvanger: "Peter van der Stok" , "Peter >> Van der Stok" , "Sandeep Kumar" >> , "Sandeep S. Kumar" >> >> A new version of I-D, draft-vanderstok-core-coap-est-00.txt >> has been successfully submitted by Peter van der Stok and posted to >> the >> IETF repository. >> >> Name: draft-vanderstok-core-coap-est >> Revision: 00 >> Title: EST based on DTLS secured CoAP (EST-coaps) >> Document date: 2016-10-29 >> Group: Individual Submission >> Pages: 15 >> URL: >> > https://www.ietf.org/internet-drafts/draft-vanderstok-core-coap-est-00.txt >> [1] >> Status: >> https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-est/ [2] >> Htmlized: >> https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00 [3] >> >> Abstract: >> Low-resource devices in a Low-power and Lossy Network (LLN) can >> operate in a mesh network using the IPv6 over Low-power Personal >> Area >> Networks (6LoWPAN) and IEEE 802.15.4 link-layer standards. >> Provisioning these devices in a secure manner with keys (often >> called >> security bootstrapping) used to encrypt and authenticate messages >> is >> the subject of Bootstrapping of Remote Secure Key Infrastructures >> (BRSKI) [I-D.ietf-anima-bootstrapping-keyinfra]. Enrollment over >> Secure Transport (EST) [RFC7030], based on TLS and HTTP, is used >> for >> BRSKI. This document defines how low-resource devices are >> expected >> to use EST over DTLS and CoAP. 6LoWPAN fragmentation management >> and >> minor extensions to CoAP are needed to enable EST over >> DTLS-secured >> CoAP (EST-coaps). >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org >> [4]. >> >> The IETF Secretariat >> >> _______________________________________________ >> core mailing list >> core@ietf.org >> https://www.ietf.org/mailman/listinfo/core [5] > > > > Links: > ------ > [1] > https://www.ietf.org/internet-drafts/draft-vanderstok-core-coap-est-00.txt > [2] https://datatracker.ietf.org/doc/draft-vanderstok-core-coap-est/ > [3] https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00 > [4] http://tools.ietf.org > [5] https://www.ietf.org/mailman/listinfo/core > _______________________________________________ > Anima-bootstrap mailing list > Anima-bootstrap@ietf.org > https://www.ietf.org/mailman/listinfo/anima-bootstrap From nobody Mon Oct 31 10:34:30 2016 Return-Path: X-Original-To: anima-bootstrap@ietfa.amsl.com Delivered-To: anima-bootstrap@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57391129979 for ; Mon, 31 Oct 2016 10:34:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.018 X-Spam-Level: X-Spam-Status: No, score=-16.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFOpv9PR8BCy for ; Mon, 31 Oct 2016 10:34:27 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 936C712996F for ; Mon, 31 Oct 2016 10:34:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3840; q=dns/txt; s=iport; t=1477935262; x=1479144862; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=P6JOuP896e0HCaMGIxq5wBdQj2QYHh1mVCJWvjRmyWo=; b=C8m6XYFhg4O2NXl1BT7PvqfimimquDDkQ5JKKyKCpJ5s9RuRy9k/jW+8 LCeD9Azs2jXbsATz8Pk6egVhe8LcncdsatdU1B/5lAlKR00ak45paj3P7 9gJW2SL6X1yeBxIIe8UTdl0eluHRur/64HbbBciVd8NPwLKy11+Cry+Sc w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AdAQBCdRdY/5NdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgyoBAQEBAR9YfQeNL5Z+h16MYIIHHQ2FeQIagXY/FAECAQEBAQE?= =?us-ascii?q?BAWIohGIBAQEDAQEBASAROgsFCwIBCBgCAiYCAgIfBgsVEAIEDgWIOgMPCA6wQ?= =?us-ascii?q?YhtDYNjAQEBAQEBAQEBAQEBAQEBAQEBAQEBFwWBB4czCIJQgkeCABeCbS2CEh0?= =?us-ascii?q?BBJQRhVI1AYYvhlKDLoFuhG2JKYcggVWEHIQBAR42YIMjHIFTcgGGf4EJAQEB?= X-IronPort-AV: E=Sophos;i="5.31,428,1473120000"; d="scan'208";a="165790664" Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2016 17:34:21 +0000 Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u9VHYLc5006846 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 31 Oct 2016 17:34:21 GMT Received: from xch-aln-013.cisco.com (173.36.7.23) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 31 Oct 2016 12:34:20 -0500 Received: from xch-aln-013.cisco.com ([173.36.7.23]) by XCH-ALN-013.cisco.com ([173.36.7.23]) with mapi id 15.00.1210.000; Mon, 31 Oct 2016 12:34:20 -0500 From: "Max Pritikin (pritikin)" To: Brian E Carpenter Thread-Topic: [Anima-bootstrap] BRSKI doc updates for -04 Thread-Index: AQHSMW2sTIr1+KdXAUOZHo0C0l3v+6C+5nuAgAREgQA= Date: Mon, 31 Oct 2016 17:34:20 +0000 Message-ID: <51623E0C-6836-4F5A-9A02-7AB8D3728D07@cisco.com> References: <2A325ACB-B2D6-402F-B045-C2BB5CC5A35D@cisco.com> <8388f68f-849b-1afd-469d-0ba3bbf50373@gmail.com> In-Reply-To: <8388f68f-849b-1afd-469d-0ba3bbf50373@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.99.106.11] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "anima-bootstrap@ietf.org" Subject: Re: [Anima-bootstrap] BRSKI doc updates for -04 X-BeenThere: anima-bootstrap@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Mailing list for the bootstrap design team of the ANIMA WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 17:34:29 -0000 QnJpYW4sIA0KDQpBcyBwZXIgdGhlIGRlc2lnbiB0ZWFtIG1lZXRpbmcgY29uc2Vuc3VzIHdlIGhh dmUgYWRkZWQgYSBub3JtYXRpdmUgcmVmZXJlbmNlIHRvIHNlY3VyZWQgR1JBU1AgZm9yIHRoZSBj b21tdW5pY2F0aW9uIGNoYW5uZWwgYmV0d2VlbiB0aGUgUHJveHkgYW5kIHRoZSBSZWdpc3RyYXIg d2hlbiBBQ1AgaXMgYmVpbmcgdXNlZC4gDQoNCldlIGRvIG5vdCBoYXZlIG5vcm1hdGl2ZSBsYW5n dWFnZSBjb25jZXJuaW5nIHRoZSBQbGVkZ2UgdG8gdGhlIFByb3h5IHVzaW5nIHVuc2VjdXJlZCBH UkFTUC4gSSB0aGluayB0aGlzIGlzIGEgcmVhc29uYWJsZSBjb21wcm9taXNlIHBvc2l0aW9uLA0K DQotIG1heCANCg0KPiBPbiBPY3QgMjgsIDIwMTYsIGF0IDY6MjQgUE0sIEJyaWFuIEUgQ2FycGVu dGVyIDxicmlhbi5lLmNhcnBlbnRlckBnbWFpbC5jb20+IHdyb3RlOg0KPiANCj4gSGksDQo+IA0K PiBJIG9iamVjdCBzdHJvbmdseSB0byB0aGUgdW5jaGFuZ2VkIGZvcm11bGF0aW9uIG9mIHNlY3Rp b24gMy4xLjEgKERpc2NvdmVyeSkuDQo+IEl0IG1hbmRhdGVzIEROUy1TRCB3aGVuIElNSE8gaXQg c2hvdWxkIG1hbmRhdGUgZWl0aGVyIEROUy1TRCBvciBhIEdSQVNQDQo+IGJhc2VkIG1ldGhvZCwg YXMgd2UgZGlzY3Vzc2VkIGluIEJlcmxpbi4gQXMgSSd2ZSBzYWlkIGEgZmV3IHRpbWVzLA0KPiBJ IGRvbid0IHJlYWxseSBjYXJlIHdoZXRoZXIgdGhlIEdSQVNQIG1ldGhvZCBpcyBiYXNlZCBvbiB0 aGUgRmxvb2QNCj4gbWVjaGFuaXNtIG9yIHRoZSBEaXNjb3ZlcnkvU3luY2hyb25pemUgbWVjaGFu aXNtLCBvciBhIERpc2NvdmVyeS9OZWdvdGlhdGUNCj4gbWVjaGFuaXNtIGFzIE1pY2hhZWwgUiBw cm9wb3NlZC4gQnV0IHdlIGxvb2sgY29sbGVjdGl2ZWx5IGZvb2xpc2gNCj4gaWYgd2UgZG8gbm90 IHVzZSBhIEdSQVNQIG1lY2hhbmlzbSB3aXRoaW4gdGhlIEFOIGVudmlyb25tZW50Lg0KPiANCj4g QXQgbGVhc3QsIEkgd2FudCB0byBzZWUgYSBwbGFjZSBob2xkZXIgZm9yIHRoaXMgaW4gdGhlIC0w NCBkcmFmdC4NCj4gQmFzaWNhbGx5IGl0IHdvdWxkIGxvb2sgbGlrZQ0KPiANCj4gW3RoZSBwbGVk Z2VdDQo+IA0KPiBiLiAgTVVTVDoNCj4gDQo+IGVpdGhlciBiMS4gUGVyZm9ybXMgRE5TLWJhc2Vk IFNlcnZpY2UgRGlzY292ZXJ5IFtSRkM2NzYzXS4uLg0KPiANCj4gb3IgYjIuIFBlcmZvcm1zIEdS QVNQLWJhc2VkIERpc2NvdmVyeSBbZGV0YWlscyBUQkQgc2luY2Ugd2UgYXJlIG91dCBvZiB0aW1l XQ0KPiANCj4gYW5kIGFwcHJvcHJpYXRlIHRleHQgc29td2hlcmUgYWJvdXQgd2hhdCB0aGUgcHJv eHkgZG9lcyAoaS5lLiBNVVNUIHN1cHBvcnQNCj4gYm90aCBkaXNjb3ZlcnkgbWV0aG9kcykuDQo+ IA0KPiBJbiAzLjIuMSAoQ29BUCBjb25uZWN0aW9uIHRvIFJlZ2lzdHJhcikgdGhlcmUgaXMgYSBw YXNzaW5nIHJlZmVyZW5jZQ0KPiB0byBHUkFTUCwgd2l0aG91dCBhIGNpdGF0aW9uLCBhbmQgdGhl IHNhbWUgZm9yIHRoZSBBQ1AsIHdpdGhvdXQgYSBjaXRhdGlvbi4NCj4gQXQgdGhlIG1pbmltdW0g dGhvc2UgbmVlZCB0byBjaXRlIHRoZSByZWxldmFudCBkcmFmdHMuIFRoZXJlJ3MgdGhlIHNhbWUN Cj4gY2hvaWNlIGZvciBob3cgdGhlIHByb3h5IGRpc2NvdmVycyB0aGUgcmVnaXN0cmFyIChGbG9v ZCwgRGlzY292ZXJ5L1N5bmNocm9uaXplDQo+IG9yIERpc2NvdmVyeS9OZWdvdGlhdGUpLiBBbHNv LCB0aGUgQUNQIGlzbid0IG1hbmRhdG9yeSBmb3IgR1JBU1AgLSB3ZQ0KPiBjb3VsZCB1c2UgU3lu Y2hyb25pemUgb3IgTmVnb3RpYXRlIHNlY3VyZWx5IHZpYSBUTFMsIGlmIHdlIGhhZCB0by4NCj4g DQo+IFJlZ2FyZHMNCj4gICBCcmlhbg0KPiANCj4gT24gMjkvMTAvMjAxNiAxMTo1MCwgTWF4IFBy aXRpa2luIChwcml0aWtpbikgd3JvdGU6DQo+PiANCj4+IEZvbGtzLCBJ4oCZdmUgYmVlbiBtYWtp bmcgY2hhbmdlcyB0b3dhcmQgcHVzaGluZyBvdXQgYW4gdXBkYXRlIHRoaXMgd2Vla2VuZC4gSWYg eW91IGhhdmUgbGFzdCBtaW51dGUgY29tbWVudHMgb3Igd2lzaCB0byB2ZXJpZnkgdGhhdCBkZXNp Z24gdGVhbSBkaXNjdXNzaW9uIGhhdmUgYmVlbiBjYXB0dXJlZCBwbGVhc2UgdGFrZSBhIGxvb2sg YXQgdGhlIGdpdGh1YiB2ZXJzaW9uLiANCj4+IA0KPj4gQSBjdXJyZW50IGJ1aWxkIC0wNCBwcmVs aW1pbmFyeSB2ZXJzaW9uIGlzLCBhcyBhbHdheXMsIGxvY2F0ZWQgaGVyZToNCj4+IAlodHRwczov L2dpdGh1Yi5jb20vaWV0Zi1yb2xsL2FuaW1hLWJvb3RzdHJhcC9ibG9iL21hc3Rlci9kdGJvb3Rz dHJhcC1hbmltYS1rZXlpbmZyYS0wNC50eHQNCj4+IA0KPj4gSWYgeW91IGhhdmUgY29tbWVudHMg cGxlYXNlIHRyeSB0byBpbmNsdWRlIHNwZWNpZmljIGNoYW5nZXMuIA0KPj4gDQo+PiBJIHdpbGwg YmUgcHVzaGluZyB0aGlzIGJ5IHRoZSBPY3QgMzFzdCBkZWFkbGluZS4gDQo+PiANCj4+IC0gbWF4 DQo+PiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPj4g QW5pbWEtYm9vdHN0cmFwIG1haWxpbmcgbGlzdA0KPj4gQW5pbWEtYm9vdHN0cmFwQGlldGYub3Jn DQo+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2FuaW1hLWJvb3RzdHJh cA0KPj4gDQo+IA0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXw0KPiBBbmltYS1ib290c3RyYXAgbWFpbGluZyBsaXN0DQo+IEFuaW1hLWJvb3RzdHJhcEBp ZXRmLm9yZw0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2FuaW1hLWJv b3RzdHJhcA0KDQo=