From Jeff.Hodges@KingsMountain.com Thu Mar 8 09:12:56 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C61C21F8628 for ; Thu, 8 Mar 2012 09:12:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.101 X-Spam-Level: X-Spam-Status: No, score=-100.101 tagged_above=-999 required=5 tests=[AWL=0.394, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lfSrl+6WEOwJ for ; Thu, 8 Mar 2012 09:12:56 -0800 (PST) Received: from oproxy1-pub.bluehost.com (oproxy1.bluehost.com [IPv6:2605:dc00:100:2::a1]) by ietfa.amsl.com (Postfix) with SMTP id CBE6C21F85B1 for ; Thu, 8 Mar 2012 09:12:55 -0800 (PST) Received: (qmail 17999 invoked by uid 0); 8 Mar 2012 17:12:55 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy1.bluehost.com with SMTP; 8 Mar 2012 17:12:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=WT72TeZG6BaMCcpsqQD6r2kcmfDyNp79P9S6L3nqPeY=; b=zquHlBTooAolVFl7Flgo/ShGBe8emxRrpHuStTdTlleQULFMyoykoYf8ik6JgoUvnZcK6sGBmKUAOQTFdLkFpw4hei/4kKLHHKMnG15qUFKUfJwPRN7/LTr7bqFiVHgN; Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.137.56]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1S5gta-0000BS-Pv for saag@ietf.org; Thu, 08 Mar 2012 10:12:54 -0700 Message-ID: <4F58E897.7010802@KingsMountain.com> Date: Thu, 08 Mar 2012 09:12:55 -0800 From: =JeffH User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19 MIME-Version: 1.0 To: IETF Security Area Advisory Group Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Subject: [saag] fyi: initial draft of "Ciphers in Use in the Internet" is now available X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2012 17:12:56 -0000 Of possible interest.. Subject: [Cfrg] Fwd: New Version Notification for draft-irtf-cfrg-cipher-catalog-00.txt From: David McGrew Date: Tue, 6 Mar 2012 07:05:24 -0500 (04:05 PST) To: cfrg@irtf.org Hi, the initial version of "Ciphers in Use in the Internet" is now available at . Sean and I ask for your review, constructive criticism, and input. Some parts of the draft need more detail and organization, but it should be in sound enough shape for review. If you have text to contribute, that would be appreciated, especially if you can supply citations for the more consequential statements. regards, David Begin forwarded message: > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-irtf-cfrg-cipher-catalog-00.txt > Date: March 5, 2012 8:35:57 PM EST > To: mcgrew@cisco.com > Cc: shenshuo@cnnic.cn > > A new version of I-D, draft-irtf-cfrg-cipher-catalog-00.txt has been successfully submitted by David McGrew and posted to the IETF repository. > > Filename: draft-irtf-cfrg-cipher-catalog > Revision: 00 > Title: Ciphers in Use in the Internet > Creation date: 2012-03-05 > WG ID: Individual Submission > Number of pages: 63 > > Abstract: > This note catalogs the ciphers in use on the Internet, to guide users > and standards processes. It presents the security goals, security > analysis and results, specification, intellectual property > considerations, and publication dates of each cipher. Background > information and security guidance is provided as well. > > The IETF Secretariat From turners@ieca.com Mon Mar 12 06:19:13 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42D1D21F8655 for ; Mon, 12 Mar 2012 06:19:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.965 X-Spam-Level: X-Spam-Status: No, score=-100.965 tagged_above=-999 required=5 tests=[AWL=-1.300, BAYES_50=0.001, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOns0Xx34aqS for ; Mon, 12 Mar 2012 06:19:12 -0700 (PDT) Received: from gateway01.websitewelcome.com (gateway01.websitewelcome.com [67.18.65.19]) by ietfa.amsl.com (Postfix) with ESMTP id 9B64421F8636 for ; Mon, 12 Mar 2012 06:19:12 -0700 (PDT) Received: by gateway01.websitewelcome.com (Postfix, from userid 5007) id 11A3B8F9309A; Mon, 12 Mar 2012 08:18:12 -0500 (CDT) Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway01.websitewelcome.com (Postfix) with ESMTP id 073578F9306A for ; Mon, 12 Mar 2012 08:18:12 -0500 (CDT) Received: from [96.231.120.42] (port=41140 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1S758d-0000rN-N3 for saag@ietf.org; Mon, 12 Mar 2012 08:18:11 -0500 Message-ID: <4F5DF794.20609@ieca.com> Date: Mon, 12 Mar 2012 09:18:12 -0400 From: Sean Turner User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: saag@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator1743.hostgator.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ieca.com X-BWhitelist: no X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: pool-96-231-120-42.washdc.east.verizon.net (thunderfish.local) [96.231.120.42]:41140 X-Source-Auth: sean.turner@ieca.com X-Email-Count: 3 X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20= Subject: [saag] Call for SAAG presentation topics X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 13:19:13 -0000 Folks, Stephen and I are putting together the SAAG agendas for Paris. The agenda traditionally includes one or two invited presentations after the working group reports. We would appreciate submission of presentation topics that you believe would be of interest to the community. If you can identify an appropriate presenter (not necessarily yourself) that would be helpful. Thanks, spt From tlyu@mit.edu Tue Mar 13 19:09:23 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14CF21F8565 for ; Tue, 13 Mar 2012 19:09:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.985 X-Spam-Level: X-Spam-Status: No, score=-104.985 tagged_above=-999 required=5 tests=[AWL=-1.386, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5oG-0SMovzJA for ; Tue, 13 Mar 2012 19:09:23 -0700 (PDT) Received: from dmz-mailsec-scanner-1.mit.edu (DMZ-MAILSEC-SCANNER-1.MIT.EDU [18.9.25.12]) by ietfa.amsl.com (Postfix) with ESMTP id 1A77C21F8562 for ; Tue, 13 Mar 2012 19:09:21 -0700 (PDT) X-AuditID: 1209190c-b7fad6d000000920-7e-4f5ffdd1d8ae Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 88.6D.02336.1DDFF5F4; Tue, 13 Mar 2012 22:09:21 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id q2E29KAv016223 for ; Tue, 13 Mar 2012 22:09:21 -0400 Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id q2E29Jom019373 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 13 Mar 2012 22:09:20 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id q2E29JuE029476; Tue, 13 Mar 2012 22:09:19 -0400 (EDT) To: saag@ietf.org From: Tom Yu Date: Tue, 13 Mar 2012 22:09:19 -0400 Message-ID: Lines: 10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrPIsWRmVeSWpSXmKPExsUixCmqrXvxb7y/QftJLosp/Z1MDoweS5b8 ZApgjOKySUnNySxLLdK3S+DK+Nu3nr2gg7ni4p1TjA2MB5m6GDk5JARMJNasPM4OYYtJXLi3 nq2LkYtDSGAfo8SjUzeZIJwjjBLfLj6Gcl4wSWx43g5V1sUo8e5SExtIv4iAoMSDvkksILaw QLjEpLa1zF2MHBxsAtISRxeXgYRZBFQldvz4B1bOK2Ah0XXpCNgZPAKcEp+mXmGHiAtKnJz5 BGwMs4CWxI1/L5kmMPLNQpKahSS1gJFpFaNsSm6Vbm5iZk5xarJucXJiXl5qka6hXm5miV5q SukmRnA4SfLsYHxzUOkQowAHoxIPb3Z9vL8Qa2JZcWXuIUZJDiYlUd7It0AhvqT8lMqMxOKM +KLSnNTiQ4wSHMxKIrwvpgLleFMSK6tSi/JhUtIcLErivCpa7/yEBNITS1KzU1MLUotgsjIc HEoSvCogQwWLUtNTK9Iyc0oQ0kwcnCDDeYCGl38HGV5ckJhbnJkOkT/FqCglznvnDVBCACSR UZoH1wuL91eM4kCvCPOuBKniAaYKuO5XQIOZgAaXfIsDGVySiJCSamBUEY64k5TWHWd1QWM/ p65yyOKjL7f5Ltyrarbz7oYPjB3t34+UiBm84vbffOx/wNFsi23PiyUbfvbIHbEOtY569O+5 sfkNCVFm942T9lf7zF97+Nm+CuMHXXM8s9et8xFX/HvrzZOPkp62y90uKVh/ca0Pm3PJs4VV x91Qm0FbUWzZvscn3f8rsRRnJBpqMRcVJwIAUKofGNICAAA= Subject: [saag] are RFC 3526 primes "safe"? (Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 02:09:23 -0000 Anyone here able to answer the following? Or should I ask CFRG? Thanks. To: ietf-krb-wg@lists.anl.gov From: Tom Yu Date: Fri, 09 Mar 2012 14:53:23 -0500 Subject: Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities Also, could someone with better number theory and/or cryptography experience than me please confirm whether the RFC 3526 primes are indeed safe primes? From jon@callas.org Tue Mar 13 20:05:02 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 503A221E8026 for ; Tue, 13 Mar 2012 20:05:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.276 X-Spam-Level: X-Spam-Status: No, score=-2.276 tagged_above=-999 required=5 tests=[AWL=0.323, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lObfk4H-ZKFd for ; Tue, 13 Mar 2012 20:05:01 -0700 (PDT) Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id C130B21E800F for ; Tue, 13 Mar 2012 20:05:01 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id F31146C0281; Tue, 13 Mar 2012 20:05:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at merrymeet.com Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (merrymeet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zSVUG2TASnC3; Tue, 13 Mar 2012 20:04:55 -0700 (PDT) Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id A09F96C0271; Tue, 13 Mar 2012 20:04:53 -0700 (PDT) Received: from [10.0.23.15] ([173.164.244.98]) by keys.merrymeet.com (PGP Universal service); Tue, 13 Mar 2012 20:04:55 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 13 Mar 2012 20:04:55 -0700 Mime-Version: 1.0 (Apple Message framework v1257) From: Jon Callas In-Reply-To: Date: Tue, 13 Mar 2012 20:04:53 -0700 Message-Id: <3E61DC56-93CB-444C-B3C2-0619AB71F802@callas.org> References: To: Tom Yu X-Mailer: Apple Mail (2.1257) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Cc: saag@ietf.org Subject: Re: [saag] are RFC 3526 primes "safe"? (Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 03:05:02 -0000 On Mar 13, 2012, at 7:09 PM, Tom Yu wrote: > Anyone here able to answer the following? Or should I ask CFRG? = Thanks. >=20 > To: ietf-krb-wg@lists.anl.gov > From: Tom Yu > Date: Fri, 09 Mar 2012 14:53:23 -0500 > Subject: Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities >=20 > Also, could someone with better number theory and/or cryptography > experience than me please confirm whether the RFC 3526 primes are > indeed safe primes? What would make them non-safe primes? I'm not being dismissive, I want to know what the concern is. Is this related to the weak RSA key brou-ha-ha? Or is it just a matter = of making sure that they've been properly vetted not to have = number-theoretic issues? In other words, what's the *real* question? Jon From nico@cryptonector.com Tue Mar 13 20:16:29 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C1AF21E8017 for ; Tue, 13 Mar 2012 20:16:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.199 X-Spam-Level: X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[AWL=-0.222, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h6CUiPyBHZNo for ; Tue, 13 Mar 2012 20:16:28 -0700 (PDT) Received: from homiemail-a85.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by ietfa.amsl.com (Postfix) with ESMTP id C2CC921E800F for ; Tue, 13 Mar 2012 20:16:28 -0700 (PDT) Received: from homiemail-a85.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTP id 57F02BC042 for ; Tue, 13 Mar 2012 20:16:28 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=o+E+mLD+sNV3TMxF/xFUBsFYWWEf/imXaIkH2dnb77Th 85yY9Pkkhg3QJ+pIUzanoPNH9Z9QINjoqMuz6fdpNH5PlNauBuyF9tLgQ8k8fMaR gdlaus/Ieb/IJ6S++Z96uCyyMJUUfXxGei/ZVyppY/d2ge+7d1OJ+hBzNocAQU4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=Frt716E0qPtFaykTaOA08zlX9gI=; b=V4vN9HC7gqi sG0MfD2nKQ+aLX2SQFWaBInvj+cLt+c5mLS55ZbY12p+a/UAGgWhBaBfLPC4KJWY EvcNuDurixuI89C79hVddMzoXawcmrfBllZwMtGFcbHzeJXm4myY82Hni3sAkQGj rc+/OKZWLtzhdzuXHSbKJL92SrBUGP7w= Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a85.g.dreamhost.com (Postfix) with ESMTPSA id 3F08BBC041 for ; Tue, 13 Mar 2012 20:16:28 -0700 (PDT) Received: by dald2 with SMTP id d2so2736010dal.27 for ; Tue, 13 Mar 2012 20:16:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.68.227.74 with SMTP id ry10mr1330701pbc.160.1331694987923; Tue, 13 Mar 2012 20:16:27 -0700 (PDT) Received: by 10.68.28.6 with HTTP; Tue, 13 Mar 2012 20:16:27 -0700 (PDT) In-Reply-To: <3E61DC56-93CB-444C-B3C2-0619AB71F802@callas.org> References: <3E61DC56-93CB-444C-B3C2-0619AB71F802@callas.org> Date: Tue, 13 Mar 2012 22:16:27 -0500 Message-ID: From: Nico Williams To: Jon Callas Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: saag@ietf.org Subject: Re: [saag] are RFC 3526 primes "safe"? (Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 03:16:29 -0000 On Tue, Mar 13, 2012 at 10:04 PM, Jon Callas wrote: > On Mar 13, 2012, at 7:09 PM, Tom Yu wrote: >> Also, could someone with better number theory and/or cryptography >> experience than me please confirm whether the RFC 3526 primes are >> indeed safe primes? > > What would make them non-safe primes? > > I'm not being dismissive, I want to know what the concern is. > > Is this related to the weak RSA key brou-ha-ha? Or is it just a matter of= making sure that they've been properly vetted not to have number-theoretic= issues? These are DH groups though, so this is not about the RSA common primes prob= lem. DH MODP groups generally need to have safe primes, or so I understand. E.g= ., http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange which says "The order of G should be prime or have a large prime factor to prevent use of the Pohlig=E2=80=93Hellman algorithm to obtain a or b. For t= his reason, a Sophie Germain prime q is sometimes used to calculate p=3D2q+1, called a safe prime, since the order of G is then only divisible by 2 and q. g is then sometimes chosen to generate the order q subgroup of G, rather than G, so that the Legendre symbol of ga never reveals the low order bit of a." I believe Tom is asking whether the primes in RFC3526 are safe in this sens= e: http://en.wikipedia.org/wiki/Safe_prime I suppose the answer is: subtract 1, div 2, confirm that the result is Sophie Germain prime. I thought of checking the form of the primes myself, but I don't know what " { [2^1406 pi] + 741804 }" means in this (from RFC3526): " The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } " Nico --=20 Nico -- From nico@cryptonector.com Tue Mar 13 20:30:17 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AE8A21E8067 for ; Tue, 13 Mar 2012 20:30:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.197 X-Spam-Level: X-Spam-Status: No, score=-2.197 tagged_above=-999 required=5 tests=[AWL=-0.220, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKoZAKiIjfzF for ; Tue, 13 Mar 2012 20:30:16 -0700 (PDT) Received: from homiemail-a66.g.dreamhost.com (caiajhbdcaib.dreamhost.com [208.97.132.81]) by ietfa.amsl.com (Postfix) with ESMTP id 74AB321E8050 for ; Tue, 13 Mar 2012 20:30:16 -0700 (PDT) Received: from homiemail-a66.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a66.g.dreamhost.com (Postfix) with ESMTP id 317C935005B for ; Tue, 13 Mar 2012 20:30:16 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=kwL1D84LuJCrFBaM7jO0Tj2hntIkuSUYuYhmlNNc1olT A9W+PFvdttGLu8vCQEWm8B6Q8OWye5RANg+EDyR+5QC4VoG2+J+m139BwcYWNbTw tYJnRDu42+kGWlIK5tQeCAdhlgveMLyaurfIpH6Fa1Zlpo2Cc75YpK9nEJSHrZo= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=KTVSDw3RCEvzV1pjXvzhTrCH/go=; b=dmSRXGMJ/bb rBBb9v99qRVzkZ8dH5CWI4WTAH1mfpAFrCc1AXyvXVRRuNU+VJNf7CTyLxBzEt1H Xi1JRoZqxo2K5Uz9ujhjPbmFsCzvuqilnx2u8nPr9Ex689Uxan2eJBopZZfUW68K Ptk3R1mk+7BuK6RDOavQK+pjdw4Tn7y0= Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a66.g.dreamhost.com (Postfix) with ESMTPSA id 181FA350058 for ; Tue, 13 Mar 2012 20:30:16 -0700 (PDT) Received: by dald2 with SMTP id d2so2761891dal.27 for ; Tue, 13 Mar 2012 20:30:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.68.192.100 with SMTP id hf4mr1438297pbc.118.1331695815674; Tue, 13 Mar 2012 20:30:15 -0700 (PDT) Received: by 10.68.28.6 with HTTP; Tue, 13 Mar 2012 20:30:15 -0700 (PDT) In-Reply-To: References: <3E61DC56-93CB-444C-B3C2-0619AB71F802@callas.org> Date: Tue, 13 Mar 2012 22:30:15 -0500 Message-ID: From: Nico Williams To: Jon Callas Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: saag@ietf.org Subject: Re: [saag] are RFC 3526 primes "safe"? (Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 03:30:17 -0000 On Tue, Mar 13, 2012 at 10:16 PM, Nico Williams wro= te: > I suppose the answer is: subtract 1, div 2, confirm that the result is > Sophie Germain prime. > > I thought of checking the form of the primes myself, but I don't know > what " { [2^1406 pi] + 741804 }" means in this (from RFC3526): > > " > =C2=A0 The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 = } > " Converting the hex given in the RFC to decimal (with $EDITOR and dc(1)), and then doing mod 6 produces 5. Mod 4 it's 3. Mod 12 it's 11. And that number minus 1, then div 2, is prime. So I think it's fair to say that the 1536-bit MODP group given in section 2 of the RFC is prime. But there may be more features of the number than can be tested. Nico --=20 Nico -- From tlyu@mit.edu Tue Mar 13 21:11:24 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6316621E805E for ; Tue, 13 Mar 2012 21:11:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.947 X-Spam-Level: X-Spam-Status: No, score=-104.947 tagged_above=-999 required=5 tests=[AWL=-1.348, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YI3uMYVglkAy for ; Tue, 13 Mar 2012 21:11:23 -0700 (PDT) Received: from dmz-mailsec-scanner-4.mit.edu (DMZ-MAILSEC-SCANNER-4.MIT.EDU [18.9.25.15]) by ietfa.amsl.com (Postfix) with ESMTP id AE26B21E8050 for ; Tue, 13 Mar 2012 21:11:23 -0700 (PDT) X-AuditID: 1209190f-b7f8a6d000000914-cd-4f601a6ab200 Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 2E.EC.02324.A6A106F4; Wed, 14 Mar 2012 00:11:23 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id q2E4BLdK016680; Wed, 14 Mar 2012 00:11:22 -0400 Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id q2E4BJxE010969 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 14 Mar 2012 00:11:20 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id q2E4BJ4j029983; Wed, 14 Mar 2012 00:11:19 -0400 (EDT) To: Nico Williams References: <3E61DC56-93CB-444C-B3C2-0619AB71F802@callas.org> From: Tom Yu Date: Wed, 14 Mar 2012 00:11:19 -0400 In-Reply-To: (Nico Williams's message of "Tue, 13 Mar 2012 22:30:15 -0500") Message-ID: Lines: 35 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFKsWRmVeSWpSXmKPExsUixCmqrJstleBvsPICi0X/U26LU9eOsFlM 6e9kcmD2eHf3JIvHy1PnGD2WLPnJFMAcxWWTkpqTWZZapG+XwJVx/NwNtoJJ3BVb95Q1MF7k 6GLk5JAQMJFYcPYwG4QtJnHh3nogm4tDSGAfo8SPLfegnA2MEu/PHIRyrjBJfF23ghnC6WKU +D57IwtIv4iApsT1eUvBZjEL6En0XloMFhcWSJKYOWMiC0TDL0aJr/OWAXVzcLAJSEscXVwG UsMioCox+1U3I0gNp8AERonWW+1gNbwCFhLrN3mA1PAIcEr0regHm8krIChxcuYTFohd6hJ/ 5l1ihrC1JZYtfM08gVFoFpKyWUjKZiEpW8DIvIpRNiW3Sjc3MTOnODVZtzg5MS8vtUjXRC83 s0QvNaV0EyM42CX5dzB+O6h0iFGAg1GJh1e4Nt5fiDWxrLgy9xCjJAeTkiivjWiCvxBfUn5K ZUZicUZ8UWlOavEhRgkOZiUR3mesQDnelMTKqtSifJiUNAeLkjivmtY7PyGB9MSS1OzU1ILU IpisDAeHkgSvrDhQo2BRanpqRVpmTglCmomDE2Q4D9DwSWIgw4sLEnOLM9Mh8qcYdTku/ll7 iVGIJS8/L1VKnHcVSJEASFFGaR7cHFiSesUoDvSWMO8FkCoeYIKDm/QKaAkT0JKSb3EgS0oS EVJSDYxCXQp3uU1OvXaXDvM2UT/Ypcjef/T5cr4Ww8k1278pvQ09eURONPpHizHXC9b7/LVn K5rd30g7XvL7eXDHHucXW69l6p2Kj9jc13EyeTXPq8NN8zgK3+bqPxLiyty34QGPWljz0eS3 ddM/L9px5s+1Ixf+WTkc+36i6OmG5zefKTH9tQrsP+qixFKckWioxVxUnAgAyGOOki0DAAA= Cc: saag@ietf.org Subject: Re: [saag] are RFC 3526 primes "safe"? (Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 04:11:24 -0000 Nico Williams writes: > On Tue, Mar 13, 2012 at 10:16 PM, Nico Williams w= rote: >> I suppose the answer is: subtract 1, div 2, confirm that the result is >> Sophie Germain prime. Sophie Germain primes are paired with safe primes. I believe for any Q that is a Sophie Germain prime, P =3D 2Q + 1 is a safe prime by definition. >> I thought of checking the form of the primes myself, but I don't know >> what " { [2^1406 pi] + 741804 }" means in this (from RFC3526): >> >> " >> =C2=A0 The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804= } >> " It's a fairly simple arithmetic expression that produces the prime in question. I don't have enough digits of pi handy to compute it, though. > Converting the hex given in the RFC to decimal (with $EDITOR and > dc(1)), and then doing mod 6 produces 5. Mod 4 it's 3. Mod 12 it's > 11. And that number minus 1, then div 2, is prime. > > So I think it's fair to say that the 1536-bit MODP group given in > section 2 of the RFC is prime. But there may be more features of the > number than can be tested. The 1536-bit MODP group in RFC 3526 has a safe prime as the modulus, according to RFC 2412. I was hoping that someone whose number theory or crypto background is more substantial than my readings of Wikipedia articles could confirm my analyses of the RFC 3526 primes. From zhuhongru@chinamobile.com Wed Mar 14 18:40:13 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5CC21F8790 for ; Wed, 14 Mar 2012 18:40:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.933 X-Spam-Level: *** X-Spam-Status: No, score=3.933 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, MIME_CHARSET_FARAWAY=2.45, MISSING_MIMEOLE=0.001, RELAY_IS_221=2.222] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LSCZbwFpfj8K for ; Wed, 14 Mar 2012 18:40:12 -0700 (PDT) Received: from imss.chinamobile.com (imss.chinamobile.com [221.130.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 802D921F8783 for ; Wed, 14 Mar 2012 18:40:12 -0700 (PDT) Received: from imss.chinamobile.com (localhost [127.0.0.1]) by localhost.chinamobile.com (Postfix) with ESMTP id 0767EE5B8; Thu, 15 Mar 2012 09:40:06 +0800 (CST) Received: from mail.chinamobile.com (unknown [10.1.28.22]) by imss.chinamobile.com (Postfix) with ESMTP id C88BFE4EE; Thu, 15 Mar 2012 09:40:05 +0800 (CST) Received: from cmccjudy ([10.2.46.65]) by mail.chinamobile.com (Lotus Domino Release 6.5.6) with ESMTP id 2012031509400368-2556 ; Thu, 15 Mar 2012 09:40:03 +0800 From: "Zhu Judy" To: "'Sean Turner'" , References: <4F5DF794.20609@ieca.com> In-Reply-To: <4F5DF794.20609@ieca.com> Date: Thu, 15 Mar 2012 09:40:06 +0800 Message-ID: <02d401cd024c$8cd0b2f0$a67218d0$@com> MIME-Version: 1.0 X-Priority: 1 (High) X-MSMail-Priority: High X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac0AUrnpi7xcw9EuSQ6XfHus+7OhQAB+Tb/w Importance: High X-MIMETrack: Itemize by SMTP Server on jtgsml01/servers/cmcc(Release 6.5.6|March 06, 2007) at 2012-03-15 09:40:03, Serialize by Router on jtgsml01/servers/cmcc(Release 6.5.6|March 06, 2007) at 2012-03-15 09:40:05, Serialize complete at 2012-03-15 09:40:05 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="gb2312" Content-Language: zh-cn X-TM-AS-Product-Ver: IMSS-7.0.0.8231-6.8.0.1017-18774.003 X-TM-AS-Result: No--6.778-7.0-31-10 X-imss-scan-details: No--6.778-7.0-31-10;No--6.778-7.0-31-10 X-TM-AS-User-Approved-Sender: No;No X-TM-AS-User-Blocked-Sender: No;No Cc: 'Cao Zhen' , 'Hui Deng' Subject: [saag] Solicit for time slot for draft-cao-open-sec in the SAAG presentation topics X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2012 01:40:13 -0000 Stephen and Sean etc AD directors This is Judy from China Mobile. Could I ask a time slot for presenting = the draft-cao-open-sec? My colleague cao zhen had already delivered.=20 Appreciate this so much.=20 Judy -----Original Message----- From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf Of = Sean Turner Sent: 2012=C4=EA3=D4=C212=C8=D5 21:18 To: saag@ietf.org Subject: [saag] Call for SAAG presentation topics Folks, Stephen and I are putting together the SAAG agendas for Paris. The agenda traditionally includes one or two invited presentations after = the working group reports. We would appreciate submission of=20 presentation topics that you believe would be of interest to the=20 community. If you can identify an appropriate presenter (not=20 necessarily yourself) that would be helpful. Thanks, spt _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From zhuhongru@chinamobile.com Thu Mar 15 03:52:33 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD2EC21F85C5 for ; Thu, 15 Mar 2012 03:52:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.003 X-Spam-Level: *** X-Spam-Status: No, score=3.003 tagged_above=-999 required=5 tests=[AWL=0.930, BAYES_00=-2.599, MIME_CHARSET_FARAWAY=2.45, RELAY_IS_221=2.222] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVWKME9SWTSm for ; Thu, 15 Mar 2012 03:52:33 -0700 (PDT) Received: from imss.chinamobile.com (imss.chinamobile.com [221.130.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 25A6421F8534 for ; Thu, 15 Mar 2012 03:52:31 -0700 (PDT) Received: from imss.chinamobile.com (localhost [127.0.0.1]) by localhost.chinamobile.com (Postfix) with ESMTP id 7B1B3E6B9; Thu, 15 Mar 2012 18:52:21 +0800 (CST) Received: from mail.chinamobile.com (unknown [10.1.28.22]) by imss.chinamobile.com (Postfix) with ESMTP id 74320E5E7; Thu, 15 Mar 2012 18:52:21 +0800 (CST) Received: from cmccjudy ([10.1.5.3]) by mail.chinamobile.com (Lotus Domino Release 6.5.6) with ESMTP id 2012031518521909-18074 ; Thu, 15 Mar 2012 18:52:19 +0800 From: "Zhu Judy" To: "'Sean Turner'" , References: <4F5DF794.20609@ieca.com> In-Reply-To: Date: Thu, 15 Mar 2012 18:52:20 +0800 Message-ID: <007901cd0299$b2f42910$18dc7b30$@com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac0AUrnpi7xcw9EuSQ6XfHus+7OhQAB+Tb/wABNqc0A= X-MIMETrack: Itemize by SMTP Server on jtgsml01/servers/cmcc(Release 6.5.6|March 06, 2007) at 2012-03-15 18:52:19, Serialize by Router on jtgsml01/servers/cmcc(Release 6.5.6|March 06, 2007) at 2012-03-15 18:52:21, Serialize complete at 2012-03-15 18:52:21 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="gb2312" Content-Language: zh-cn X-TM-AS-Product-Ver: IMSS-7.0.0.8231-6.8.0.1017-18774.006 X-TM-AS-Result: No--9.251-7.0-31-10 X-imss-scan-details: No--9.251-7.0-31-10;No--9.251-7.0-31-10 X-TM-AS-User-Approved-Sender: No;No X-TM-AS-User-Blocked-Sender: No;No Cc: 'Cao Zhen' , 'Hui Deng' Subject: Re: [saag] Solicit for time slot for draft-cao-open-sec in the SAAG presentation topics X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2012 10:52:33 -0000 Since I am really just a new comer, so sincerely waiting for the time = slot for draft-cao-open-sec.=20 Thanks so much. Hehe Judy -----Original Message----- From: Zhu Judy [mailto:zhuhongru@chinamobile.com]=20 Sent: 2012=C4=EA3=D4=C215=C8=D5 9:40 To: 'Sean Turner'; 'saag@ietf.org' Cc: 'Hui Deng'; 'Cao Zhen'; 'liufei' Subject: [saag] Solicit for time slot for draft-cao-open-sec in the SAAG presentation topics Importance: High Stephen and Sean etc AD directors This is Judy from China Mobile. Could I ask a time slot for presenting = the draft-cao-open-sec? My colleague cao zhen had already delivered.=20 Appreciate this so much.=20 Judy -----Original Message----- From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On Behalf Of = Sean Turner Sent: 2012=C4=EA3=D4=C212=C8=D5 21:18 To: saag@ietf.org Subject: [saag] Call for SAAG presentation topics Folks, Stephen and I are putting together the SAAG agendas for Paris. The agenda traditionally includes one or two invited presentations after = the working group reports. We would appreciate submission of=20 presentation topics that you believe would be of interest to the=20 community. If you can identify an appropriate presenter (not=20 necessarily yourself) that would be helpful. Thanks, spt _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag From kivinen@iki.fi Tue Mar 13 21:11:36 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C74321E8073 for ; Tue, 13 Mar 2012 21:11:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.575 X-Spam-Level: X-Spam-Status: No, score=-102.575 tagged_above=-999 required=5 tests=[AWL=0.024, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EUSBky4dAnib for ; Tue, 13 Mar 2012 21:11:35 -0700 (PDT) Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8493521E803A for ; Tue, 13 Mar 2012 21:11:35 -0700 (PDT) Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.14.3) with ESMTP id q2E4BE2A021325 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Mar 2012 06:11:14 +0200 (EET) Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id q2E4BB8c003946; Wed, 14 Mar 2012 06:11:11 +0200 (EET) X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20320.6751.942994.525910@fireball.kivinen.iki.fi> Date: Wed, 14 Mar 2012 06:11:11 +0200 From: Tero Kivinen To: Nico Williams In-Reply-To: References: <3E61DC56-93CB-444C-B3C2-0619AB71F802@callas.org> X-Mailer: VM 7.19 under Emacs 21.4.1 X-Edit-Time: 7 min X-Total-Time: 8 min X-Mailman-Approved-At: Thu, 15 Mar 2012 04:08:33 -0700 Cc: saag@ietf.org Subject: Re: [saag] are RFC 3526 primes "safe"? (Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 04:11:36 -0000 Nico Williams writes: > On Tue, Mar 13, 2012 at 10:04 PM, Jon Callas wrote: > > On Mar 13, 2012, at 7:09 PM, Tom Yu wrote: > >> Also, could someone with better number theory and/or cryptography > >> experience than me please confirm whether the RFC 3526 primes are > >> indeed safe primes? The primes in the RFC3526 are generated using the same method than for RFC2409, i.e. using the method described in the RFC2412: ---------------------------------------------------------------------- 2.8 Additional Security for Privacy Keys: Private Groups ... The security of a modular exponentiation group depends on the largest prime factor of the group size. In order to maximize this, one can choose "strong" or Sophie Germaine primes, P = 2Q + 1, where P and Q are prime. However, if P = kQ + 1, where k is small, then the strength of the group is still considerable. These groups are known as Schnorr subgroups, and they can be found with much less computational effort than Sophie-Germaine primes. ... APPENDIX E The Well-Known Groups ... The primes for groups 1 and 2 were selected to have certain properties. The high order 64 bits are forced to 1. This helps the classical remainder algorithm, because the trial quotient digit can always be taken as the high order word of the dividend, possibly +1. The low order 64 bits are forced to 1. This helps the Montgomery- style remainder algorithms, because the multiplier digit can always be taken to be the low order word of the dividend. The middle bits are taken from the binary expansion of pi. This guarantees that they are effectively random, while avoiding any suspicion that the primes have secretly been selected to be weak. Because both primes are based on pi, there is a large section of overlap in the hexadecimal representations of the two primes. The primes are chosen to be Sophie Germain primes (i.e., (P-1)/2 is also prime), to have the maximum strength against the square-root attack on the discrete logarithm problem. The starting trial numbers were repeatedly incremented by 2^64 until suitable primes were located. Because these two primes are congruent to 7 (mod 8), 2 is a quadratic residue of each prime. All powers of 2 will also be quadratic residues. This prevents an opponent from learning the low order bit of the Diffie-Hellman exponent (AKA the subgroup confinement problem). Using 2 as a generator is efficient for some modular exponentiation algorithms. [Note that 2 is technically not a generator in the number theory sense, because it omits half of the possible residues mod P. From a cryptographic viewpoint, this is a virtue.] ---------------------------------------------------------------------- > I thought of checking the form of the primes myself, but I don't know > what " { [2^1406 pi] + 741804 }" means in this (from RFC3526): > > " > The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } > " That representation was taken from RFC2412 and it means we take 1406 bits of pi, add 741804 to it and add 64 bits of 1 in the beginning and to the end to get a Sophie-Germain prime. Those primes have also been proven to be primes (the original draft had reference to the proofs, but that was not considered stable enough and it was removed). -- kivinen@iki.fi From tlyu@mit.edu Thu Mar 15 06:01:54 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1F5821F86F7 for ; Thu, 15 Mar 2012 06:01:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.912 X-Spam-Level: X-Spam-Status: No, score=-104.912 tagged_above=-999 required=5 tests=[AWL=-1.313, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gg7mx7IvFGZW for ; Thu, 15 Mar 2012 06:01:54 -0700 (PDT) Received: from dmz-mailsec-scanner-4.mit.edu (DMZ-MAILSEC-SCANNER-4.MIT.EDU [18.9.25.15]) by ietfa.amsl.com (Postfix) with ESMTP id 1FFFB21F86AB for ; Thu, 15 Mar 2012 06:01:52 -0700 (PDT) X-AuditID: 1209190f-b7f8a6d000000914-27-4f61e840d4c3 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id FB.88.02324.048E16F4; Thu, 15 Mar 2012 09:01:52 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id q2FD1p6Q015408; Thu, 15 Mar 2012 09:01:51 -0400 Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id q2FD1mc5007358 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 15 Mar 2012 09:01:49 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id q2FD1lmD009026; Thu, 15 Mar 2012 09:01:47 -0400 (EDT) To: Tero Kivinen References: <3E61DC56-93CB-444C-B3C2-0619AB71F802@callas.org> <20320.6751.942994.525910@fireball.kivinen.iki.fi> From: Tom Yu Date: Thu, 15 Mar 2012 09:01:46 -0400 In-Reply-To: <20320.6751.942994.525910@fireball.kivinen.iki.fi> (Tero Kivinen's message of "Wed, 14 Mar 2012 06:11:11 +0200") Message-ID: Lines: 34 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBIsWRmVeSWpSXmKPExsUixCmqrevwItHfoLOBx+Lo+edsFqeuHWGz mNLfyeTA7PHy1DlGjyVLfjJ5HP66kCWAOYrLJiU1J7MstUjfLoErY9a9iywFa7krdq3czdrA +Jmji5GTQ0LAROLgncNMELaYxIV769m6GLk4hAT2MUr8nfyWEcLZwCjxfs83VgjnCpPEgq4z UJkuRomTN+8zg/SLCChK7H6yFWwWs4CFxJINTWC2sECSxMwZE1kgGl4ANbx7B9TNwcEmIC1x dHEZSA2LgKpE94kFjCA2p0CtxLd9k8F6eYHm9Kw/wApi8whwSvT2dTNDxAUlTs58wgKxS0vi xr+XTBMYBWchSc1CklrAyLSKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI10QvN7NELzWldBMjOIAl +XcwfjuodIhRgINRiYf3oHOivxBrYllxZe4hRkkOJiVR3snPgEJ8SfkplRmJxRnxRaU5qcWH GCU4mJVEeDMMgHK8KYmVValF+TApaQ4WJXFeNa13fkIC6YklqdmpqQWpRTBZGQ4OJQlez+dA jYJFqempFWmZOSUIaSYOTpDhPEDDc0FqeIsLEnOLM9Mh8qcYFaXEeeNBEgIgiYzSPLheWIJ5 xSgO9IowryFIFQ8wOcF1vwIazAQ0uORbHMjgkkSElFQDowX/jt6gkDgXnm3LrzbcepXY6vVl nb+4cd/3N4Ln891v9ntYfOc9++hxW+L2iS6uUpJdYsf4bbnYEp1Spjf7zeBt3XGl4OanK509 y3eEsESvCXvnmfwhbIfZeYkPAgFnn81kSPmQ3yctdSH3Xtj7CflKKycf7e5cu6rwibwiv4xf qMOUt7paSizFGYmGWsxFxYkAGzfHcQsDAAA= Cc: saag@ietf.org Subject: Re: [saag] are RFC 3526 primes "safe"? (Re: [Ietf-krb-wg] RFC 4556 DH parameter oddities) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2012 13:01:54 -0000 Tero Kivinen writes: > Nico Williams writes: >> On Tue, Mar 13, 2012 at 10:04 PM, Jon Callas wrote: >> > On Mar 13, 2012, at 7:09 PM, Tom Yu wrote: >> >> Also, could someone with better number theory and/or cryptography >> >> experience than me please confirm whether the RFC 3526 primes are >> >> indeed safe primes? > > The primes in the RFC3526 are generated using the same method than for > RFC2409, i.e. using the method described in the RFC2412: Thanks. The Abstract of RFC 3526 mentions criteria established by Schroeppel, but the RFC doesn't elaborate or provide a citation to these criteria. >> I thought of checking the form of the primes myself, but I don't know >> what " { [2^1406 pi] + 741804 }" means in this (from RFC3526): >> >> " >> The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } >> " > > That representation was taken from RFC2412 and it means we take 1406 > bits of pi, add 741804 to it and add 64 bits of 1 in the beginning and > to the end to get a Sophie-Germain prime. > > Those primes have also been proven to be primes (the original draft > had reference to the proofs, but that was not considered stable enough > and it was removed). That is also useful to know. I think that gives me enough information to write a reasonable erratum for RFC 4556. (though the errata database is closed for a website upgrade at the moment...) From zhuhongru@chinamobile.com Thu Mar 15 18:59:00 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8694E21E801E for ; Thu, 15 Mar 2012 18:59:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.613 X-Spam-Level: ** X-Spam-Status: No, score=2.613 tagged_above=-999 required=5 tests=[AWL=0.389, BAYES_50=0.001, MISSING_MIMEOLE=0.001, RELAY_IS_221=2.222] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ahgXwxADQvkG for ; Thu, 15 Mar 2012 18:59:00 -0700 (PDT) Received: from imss.chinamobile.com (imss.chinamobile.com [221.130.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 1D48E21E8011 for ; Thu, 15 Mar 2012 18:58:57 -0700 (PDT) Received: from imss.chinamobile.com (localhost [127.0.0.1]) by localhost.chinamobile.com (Postfix) with ESMTP id BF3AEE737 for ; Fri, 16 Mar 2012 09:58:43 +0800 (CST) Received: from mail.chinamobile.com (unknown [10.1.28.22]) by imss.chinamobile.com (Postfix) with ESMTP id B78C1E736 for ; Fri, 16 Mar 2012 09:58:43 +0800 (CST) Received: from cmccjudy ([10.2.46.65]) by mail.chinamobile.com (Lotus Domino Release 6.5.6) with ESMTP id 2012031609584122-3569 ; Fri, 16 Mar 2012 09:58:41 +0800 From: "Zhu Judy" To: References: <4F5DF794.20609@ieca.com> In-Reply-To: Date: Fri, 16 Mar 2012 09:58:43 +0800 Message-ID: <00f001cd0318$50f4c790$f2de56b0$@com> MIME-Version: 1.0 X-Priority: 1 (High) X-MSMail-Priority: High X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac0AUrnpi7xcw9EuSQ6XfHus+7OhQAB+Tb/wADL2KpA= Importance: High X-MIMETrack: Itemize by SMTP Server on jtgsml01/servers/cmcc(Release 6.5.6|March 06, 2007) at 2012-03-16 09:58:41, Serialize by Router on jtgsml01/servers/cmcc(Release 6.5.6|March 06, 2007) at 2012-03-16 09:58:43, Serialize complete at 2012-03-16 09:58:43 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii" Content-Language: zh-cn X-TM-AS-Product-Ver: IMSS-7.0.0.8231-6.8.0.1017-18776.003 X-TM-AS-Result: No--7.107-7.0-31-10 X-imss-scan-details: No--7.107-7.0-31-10;No--7.107-7.0-31-10 X-TM-AS-User-Approved-Sender: No;No X-TM-AS-User-Blocked-Sender: No;No Cc: 'Cao Zhen' , 'Hui Deng' Subject: [saag] Solicit forcomments on draft-cao-open-sec X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Mar 2012 01:59:00 -0000 Hi dear security experts As a new comer to IETF family, could you allow me to ask your favor to review the draft as shown in the link below? And I appreciate so much to your comments. http://www.ietf.org/internet-drafts/draft-cao-open-sec-00.txt it is a common security framework for M2M, which I think should be very useful for future network evolution. I would also like to talk to you on any thinking or suggestions from you, they will be so useful to me. Thanks a lot Judy From stephen.farrell@cs.tcd.ie Tue Mar 27 02:51:39 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 897C521F88E0 for ; Tue, 27 Mar 2012 02:51:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.069 X-Spam-Level: X-Spam-Status: No, score=-103.069 tagged_above=-999 required=5 tests=[AWL=-0.470, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GrSLkB3ZXUhc for ; Tue, 27 Mar 2012 02:51:37 -0700 (PDT) Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 8F92D21F88DA for ; Tue, 27 Mar 2012 02:51:37 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id CB933171C03 for ; Tue, 27 Mar 2012 10:51:36 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:subject:mime-version :user-agent:from:date:message-id:received:received: x-virus-scanned; s=cs; t=1332841896; bh=CQBMoFIvM3rejUq6k//YfqJR m8dSvEJJ/nFxuHFqqHo=; b=b3AcQlHgByABpFYpx8QoTz4m9JIN4v1h79mMg5wF q/OYETyG9Jl5qzWJlAV7rL2zRc4g3yDj9ORpNerqXrvvznZy+mDWIIcORN0HKDTS mL2via8llQeeCAk7R4aq86/VhDXh6WnexoJOqK2WyJWhUOXvCxnEV22qwS6sVzuk VlnbnYP0U6OdT+fFQfT+avjyNZ08u9eask/jNYxTM7aGlZu/mKHmW//MFjmcXfiF ZkgfATHWeRDOFIL8sbK1WZZYB8Rb83VXNPu1aVgf5HKj70apD4arFQhlBeiDbBLV x3yfbt6NKUAghn3EvYidk0oX/otZdKwQrOQi+w3bnq/BaA== X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id HHkdBqxkPhyz for ; Tue, 27 Mar 2012 10:51:36 +0100 (IST) Received: from [130.129.19.33] (dhcp-1321.meeting.ietf.org [130.129.19.33]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 72234171C02 for ; Tue, 27 Mar 2012 10:51:36 +0100 (IST) Message-ID: <4F718DA7.7010703@cs.tcd.ie> Date: Tue, 27 Mar 2012 10:51:35 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:11.0) Gecko/20120312 Thunderbird/11.0 MIME-Version: 1.0 To: "saag@ietf.org" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [saag] Security working group summaries X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2012 09:51:39 -0000 Hi, Please start sending your short WG summaries to the saag list for sessions that have happened in Paris. A status update for WGs that are not meeting would also be appreciated. Thanks, Stephen. From hartmans@mit.edu Tue Mar 27 06:37:55 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C49BE21F88B3 for ; Tue, 27 Mar 2012 06:37:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.349 X-Spam-Level: X-Spam-Status: No, score=-103.349 tagged_above=-999 required=5 tests=[AWL=-1.083, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NVurLIGV5DzY for ; Tue, 27 Mar 2012 06:37:54 -0700 (PDT) Received: from permutation-city.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id 1223021F8939 for ; Tue, 27 Mar 2012 06:37:52 -0700 (PDT) Received: from carter-zimmerman.suchdamage.org (dhcp-405d.meeting.ietf.org [130.129.64.93]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id B9C612021E; Tue, 27 Mar 2012 09:37:07 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id D2D3B4766; Tue, 27 Mar 2012 09:37:44 -0400 (EDT) From: Sam Hartman To: saag@ietf.org,ietf-krb-wg@lists.anl.gov Date: Tue, 27 Mar 2012 09:37:44 -0400 Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [saag] Kerberos Summary IETF 83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2012 13:37:55 -0000 Kerberos and kitten met in a combined session. Kerberos discussed three issues: 1) A proposed set of IANA registration rules. There was no objection although there was a question about why we want to be flexible. 2) We discussed options for using ABFAB and other federation technologies to address Kerberos cross-realm weaknesses. Two different use cases were presented. At this time there is insufficient support to work on either use case. 3) We discussed an outstanding issue on the KDC information model regarding the use of RFC 2119 language. Involved parties will discuss and attempt to bring something back to the WG. Kerberos has a number of documents in various stages of the post-working-group last call process. We should be pushing out a number of RFCs over the coming months. From kent@bbn.com Tue Mar 27 07:12:00 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3D6C21E8218 for ; Tue, 27 Mar 2012 07:12:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.398 X-Spam-Level: X-Spam-Status: No, score=-106.398 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wRMTBYxAikrf for ; Tue, 27 Mar 2012 07:12:00 -0700 (PDT) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 240DA21E8217 for ; Tue, 27 Mar 2012 07:12:00 -0700 (PDT) Received: from dommiel.bbn.com ([192.1.122.15]:56027 helo=[130.129.18.170]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SCX7h-000M0Q-6r for saag@ietf.org; Tue, 27 Mar 2012 10:11:45 -0400 Mime-Version: 1.0 Message-Id: Date: Tue, 27 Mar 2012 10:11:56 -0400 To: saag@ietf.org From: Stephen Kent Content-Type: multipart/alternative; boundary="============_-879264978==_ma============" Subject: [saag] PKIX report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2012 14:12:01 -0000 --============_-879264978==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" PKIX met once, for 2.5 hours on 3/27, with about 52 attendees. Three presentations addressed issues with OCSP. Stefan Santesson discussed his plans for making substantial changes to 2560bis (OCSP clarifications), to cause it to better match deployed OCSP client and responder behavior. Sean Turner urged Stefan to complete work on this document so that it can yield an RFC prior to the end of this year. Denis Pinkas described several concerns about both the original OCSP spec (2560) and the clarifications document. Stefan agreed with many of Denis's observations. A later presentation by Denis dealt with recent PKIX list discussions of extensions for OCSP, and how the clarification document may help with these issues. There was a brief discussion of issuing an updated version of the Diffie-Hellman PoP RFC (2875), in support of algorithm agility, e.g., to accommodate new hash algorithms and EC Diffie-Hellman. This work may be done inside of PKIX, or fast-tracked by Sean. A presentation on a proposed EKU was inconclusive. The motivation for assigning an OID for the requested EKU from the PKIX arc is based on behavior of commercial CAs (TAs in web browsers) when issuing server certificates. This behavior is outside of PKIX specs, and there is no indication that these CAs would agree to issue server certificates, which makes it unclear that assignment of this EKU would have the desired effect. The authors of the (non-PKIX) I-D were advised to participate in the JSON and ABFAB WGs. --============_-879264978==_ma============ Content-Type: text/html; charset="us-ascii" PKIX report
PKIX met once, for 2.5 hours on 3/27, with about 52 attendees.

Three presentations addressed issues with OCSP. Stefan Santesson discussed his plans for making substantial changes to 2560bis (OCSP clarifications), to cause it to better match deployed OCSP client and responder behavior. Sean Turner urged Stefan to complete work on this document so that it can yield an RFC prior to the end of this year. Denis Pinkas described several concerns about both the original OCSP spec (2560) and the clarifications document. Stefan agreed with many of Denis's observations. A later presentation by Denis  dealt with recent PKIX list discussions of extensions for OCSP, and how the clarification document may help with these issues.

There was a brief discussion of issuing an updated version of the Diffie-Hellman PoP RFC (2875), in support of algorithm agility, e.g., to accommodate new hash algorithms and EC Diffie-Hellman. This work may be done inside of PKIX, or fast-tracked by Sean.

A presentation on a proposed EKU was inconclusive. The motivation for assigning an OID for the requested EKU from the PKIX arc is based on behavior of commercial CAs (TAs in web browsers) when issuing server certificates. This behavior is outside of PKIX specs, and there is no indication that these CAs would agree to issue server certificates, which makes it unclear that assignment of this EKU would have the desired effect. The authors of the (non-PKIX) I-D were advised to participate in the JSON and ABFAB WGs.
--============_-879264978==_ma============-- From shawn.emery@oracle.com Tue Mar 27 12:59:24 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC89621E80EC for ; Tue, 27 Mar 2012 12:59:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.932 X-Spam-Level: X-Spam-Status: No, score=-9.932 tagged_above=-999 required=5 tests=[AWL=0.666, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCCT5+HAxhIC for ; Tue, 27 Mar 2012 12:59:23 -0700 (PDT) Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by ietfa.amsl.com (Postfix) with ESMTP id 646BE21E80CE for ; Tue, 27 Mar 2012 12:59:23 -0700 (PDT) Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by rcsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q2RJxMUM030197 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 27 Mar 2012 19:59:22 GMT Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q2RJxLSH005437 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 27 Mar 2012 19:59:21 GMT Received: from abhmt111.oracle.com (abhmt111.oracle.com [141.146.116.63]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q2RJxL4M027903 for ; Tue, 27 Mar 2012 14:59:21 -0500 Received: from dhcp-1599.meeting.ietf.org (/10.175.61.127) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 27 Mar 2012 12:59:20 -0700 Message-ID: <4F721C18.2010407@oracle.com> Date: Tue, 27 Mar 2012 13:59:20 -0600 From: Shawn M Emery User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20120313 Thunderbird/11.0 MIME-Version: 1.0 To: saag@ietf.org References: <4F71DF54.1060805@oracle.com> In-Reply-To: <4F71DF54.1060805@oracle.com> X-Forwarded-Message-Id: <4F71DF54.1060805@oracle.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: ucsinet22.oracle.com [156.151.31.94] X-CT-RefId: str=0001.0A090203.4F721C1B.0007,ss=1,re=0.000,fgs=0 Subject: [saag] kitten Summary - IETF 83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2012 19:59:25 -0000 Co-chairs: Tom Yu, Shawn Emery, and Alexey Melnikov The WG met in the 1st afternoon session on Tuesday (3.27.12). The two hour session was shared with the Kerberos WG, with Kerberos meeting for the first half. There were five presentations on WG and non-WG work items as follows: Naming Extensions Updates ------------------------- Draft has gone through the 4th WGLC since last IETF. Rev 13 was submitted with minor updates to the draft. Nico Williams had proposed a few changes: Prefix clarification Rewrite of section 6 Reserving names with '@' signs for local names Consensus on the list and in the room agreed to the changes proposed. Will IETF LC with updated draft. SASL-OAuth Issues ----------------- Issue had been brought up on whether the protocol messaging should use HTTP or a simplified format. During the session it was determined that there were not enough of implementers in the room to perform a consensus call to which format is preferred. We will make a consensus call to the list and possibly cross-posting to the applications area. SASL-SAML-EC Issues ------------------- There are a couple of unresolved issues with the current draft in regards to naming and crypto. The naming issue is that since that the SP exchange is defined then needs to be specified. In addition, there is currently no specification for per-message tokens and PRF. There wasn't any feed-back in the room. Will take the issues to the list. SASLPrep (non-WG) ----------------- Alexey had presented the current state of SASLPrep from the Precis WG. Open issues/questions include: Do we use two separate profiles for Usernames and Passwords? Should we switch from NFKC to NFC? Should usernames be lowercased? There were no consensus calls made in the room on the above items, but should be followed-up in the Precis WG. draft-ietf-abfab-gss-eap-naming URN ----------------------------------- Sam Hartman solicited feedback on URNs in the gss-eap-naming draft for abfab. The consensus in the room was to expand on abbreviations for "fed" and "attr" of the following: urn:ietf:params:gss:fed-saml-nameid urn:ietf:params:gss:fed-saml-assertion urn:ietf:params:gss:fed-saml-attr urn:ietf:params:gss:radius-attr Shawn. -- From alexey.melnikov@isode.com Wed Mar 28 00:30:36 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51F3821F8611 for ; Wed, 28 Mar 2012 00:30:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.574 X-Spam-Level: X-Spam-Status: No, score=-102.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WxdPiU0VpXEH for ; Wed, 28 Mar 2012 00:30:35 -0700 (PDT) Received: from rufus.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 0BF7D21F860D for ; Wed, 28 Mar 2012 00:30:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1332919833; d=isode.com; s=selector; i=@isode.com; bh=RCARKqoQ+e5wG/OUxrrut1FvpsRz2NmdZtbgRsqiasI=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=pCPWa21N43Hh5FP6VL9CsUx0dAUaC8bEpEV6tQk7LwFrwEk6wykwluT2fXrUFimqnwzJBT c050osNujDcRZarutnv1jb37zTAXpVvhuiu2JxvE/eTXcpatxr6trgrxz40VUxcatoN9jO hGwO5WdsWvAtcKHuXGjTwAPdkdwAH4A=; Received: from [130.129.23.230] (dhcp-17e6.meeting.ietf.org [130.129.23.230]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id ; Wed, 28 Mar 2012 08:30:33 +0100 X-SMTP-Protocol-Errors: PIPELINING Message-ID: <4F72BE1D.9020200@isode.com> Date: Wed, 28 Mar 2012 09:30:37 +0200 From: Alexey Melnikov User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 To: saag@ietf.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [saag] WebSec summary IETF 83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Mar 2012 07:30:36 -0000 Co-chairs: Tobias Gondrom and Alexey Melnikov The WG met in the 1st afternoon session on Monday (26-March-2012). WebSec had a two hour session. The following topics were discussed: HSTS (HTTP Strict Transport Security, draft-ietf-websec-strict-transport-sec-06.txt) is in WGLC. Major outstanding issues discussed at the meeting: 1). Some ABNF consistency issue 2). Discussed implications/handling of includeSubDomains directive. Some edge cases might not be covered in the document/not explicitly mentioned in the draft. For example handling of 0-lifetime HSTS pins in subdomains. 3). Discussed at length whether "no user recourse" should be allowed on any TLS error, or should exceptions be made for TLS certificate expiration. It looks like there doesn't seem to be consensus to change the current text (which doesn't make any exceptions for expired certificates). Some support for having a new "this site is testing HSTS" directive. Some agreement that informing users (and administrators) of why the site hard-failed is important, instead of just showing "you can't connect to this HSTS site, I will not tell whether CRL verification failed, or your cert is malformed, or the chain can't be verified". 4). Discussion on whether access to OCSP/CRL content should be exempted from HSTS policy covered by the includeSubDomains directive (they are frequently retrieved over HTTP). There are ways of addressing this in other ways (e.g. move the OCSP/CRL service to a different domain not covered by HSTS). No consensus to change the current text. Yoav Nir presented the "Extended Origin" idea , to allow a single website be partitioned in multiple pieces. The Extended Origin is then going to be protocol+host+port+partition_name. Several participants commented that browsers are not going to implement this. Future discussion should be taken to the mailing list, no consensus to work on this in the WG so far. Some quick refresher about FRAME/X-FRAME drafts ("don't put content of this site into a HTML Frame unless ..."). Chairs will ask on the mailing list to accept these drafts as WG drafts. Some questions of whether this should be done in IETF or W3C. Several people (including W3C liaison and the responsible AD) commented that doing this in WebSec is fine. Chairs also quickly talked about MIME sniffing (an editor and reviewers are needed) and CSP header field registration draft, which will be done in W3C with reviews requested from WebSec and HTTPBIS IETF WGs. From Jeff.Hodges@KingsMountain.com Wed Mar 28 01:02:41 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2633021F85E1 for ; Wed, 28 Mar 2012 01:02:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.005 X-Spam-Level: X-Spam-Status: No, score=-100.005 tagged_above=-999 required=5 tests=[AWL=0.490, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FqC3Mz3ooTbW for ; Wed, 28 Mar 2012 01:02:40 -0700 (PDT) Received: from oproxy8-pub.bluehost.com (oproxy8.bluehost.com [IPv6:2605:dc00:100:2::a8]) by ietfa.amsl.com (Postfix) with SMTP id 4D1BE21F85E0 for ; Wed, 28 Mar 2012 01:02:40 -0700 (PDT) Received: (qmail 20560 invoked by uid 0); 28 Mar 2012 08:02:37 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy8.bluehost.com with SMTP; 28 Mar 2012 08:02:37 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=bLUS15RaUmvzTVShSwhuKdyzp/hMDDUcROk+Dx0vvyA=; b=1xXcpIpPGr4CV5oeQ48ffte8GfKHZ5mpiR70NhPvkDFnmr8oxlC1y2TEx0SclhCMcrzrWCmX8ZiGwNhwCNcybZQy1f7nX0hp44+ZYFKF5ansnqPPUEaHXOOj/4G+KFTd; Received: from dhcp-5698.meeting.ietf.org ([130.129.86.152]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SCnq1-0002F3-Fh; Wed, 28 Mar 2012 02:02:37 -0600 Message-ID: <4F72C59A.90900@KingsMountain.com> Date: Wed, 28 Mar 2012 01:02:34 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20 MIME-Version: 1.0 To: IETF PKIX WG , IETF Security Area Advisory Group Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 130.129.86.152 authed with jeff.hodges+kingsmountain.com} Subject: [saag] fyi: CA/Browser Forum (CABF) reform deliberations + Revocation and TLS/SSL Replacements/Enhancements X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Mar 2012 08:02:41 -0000 The CA/Browser Forum (CABF) was mentioned a few times during this very interesting presentation in the PKIX session at IETF-83 Paris yesterday... Trust-Related Activities: Internet Certification Authorities Revocation and SSL Replacements/Enhancements https://www.ietf.org/proceedings/83/slides/slides-83-pkix-10.pdf FYI, as I mentioned in the session, the CA/Browser Forum (CABF) is entertaining governance reforms, as announced here. CA/Browser Forum Announces Organizational Reform Working Group http://cabforum.org/org_announcement.html The CABF is soliciting public input, the deadline for input is unfortunately fast approaching, it is this Friday, March 30, 2012. In terms of the sorts of reforms some parties are proposing, here's PayPal's input.. PayPal supports reform at the CA/Browser Forum http://www.thesecuritypractice.com/the_security_practice/2012/03/paypal-supports-reform-at-the-cabrowser-forum.html I'm here @ietf-83, feel free to reach out if you have any questions, =JeffH From benlaurie@gmail.com Wed Mar 28 01:10:35 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 918BD21F88B7; Wed, 28 Mar 2012 01:10:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.902 X-Spam-Level: X-Spam-Status: No, score=-2.902 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-mR91gS0fXF; Wed, 28 Mar 2012 01:10:29 -0700 (PDT) Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0378B21F86DB; Wed, 28 Mar 2012 01:10:27 -0700 (PDT) Received: by vbbez10 with SMTP id ez10so589211vbb.31 for ; Wed, 28 Mar 2012 01:10:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=WQDQcgROi6RCl8Wnyz55esHkeZfxoXnA32FbFkXchSI=; b=pLV6WlvFJssLzVYR+QrQlIcC3vUGeDxIT85IrnYvUxr0GIalCXIaNyKU6b5LHX4xg+ FdwnOIv0KCFC8ed3DI/4MEDX+yizWQo5tBKsHMobj6aEE87pGOBUlLQXax6UWw07oTsn WRT1SLxdlb8OlEkrNmFvPO6qlDEsf3zkKFcStI2yM68FUB8qvIV+4DbgmHEuoDTpxAF5 m0PbGbSoX5fjCiHG9tugaF4j5nI2xTzdlulLQl1YTzF12WGtU+hTgiVRNaoHirWRt6a7 gmwZqNhsBIP2eAYaKz+ndcgY+XhexC+c/ybGJFezn9EMQNfZZtj32ieJabl+W6wMontu ccAw== MIME-Version: 1.0 Received: by 10.52.176.198 with SMTP id ck6mr11276140vdc.0.1332922227425; Wed, 28 Mar 2012 01:10:27 -0700 (PDT) Sender: benlaurie@gmail.com Received: by 10.52.26.170 with HTTP; Wed, 28 Mar 2012 01:10:27 -0700 (PDT) In-Reply-To: <4F72C59A.90900@KingsMountain.com> References: <4F72C59A.90900@KingsMountain.com> Date: Wed, 28 Mar 2012 08:10:27 +0000 X-Google-Sender-Auth: L32pJKJdBzTYu9af5EqokxM1Q-0 Message-ID: From: Ben Laurie To: "=JeffH" Content-Type: multipart/alternative; boundary=bcaec50163fbe1009d04bc4923f6 Cc: IETF PKIX WG , IETF Security Area Advisory Group Subject: Re: [saag] fyi: CA/Browser Forum (CABF) reform deliberations + Revocation and TLS/SSL Replacements/Enhancements X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Mar 2012 08:10:35 -0000 --bcaec50163fbe1009d04bc4923f6 Content-Type: text/plain; charset=ISO-8859-1 On Wed, Mar 28, 2012 at 8:02 AM, =JeffH wrote: > The CA/Browser Forum (CABF) was mentioned a few times during this very > interesting presentation in the PKIX session at IETF-83 Paris yesterday... > > Trust-Related Activities: > Internet Certification Authorities > Revocation and SSL Replacements/Enhancements > https://www.ietf.org/**proceedings/83/slides/slides-**83-pkix-10.pdf Hmmm... a) Doesn't mention Certificate Transparency. b) Thinks Sovereign Keys (and presumably, had they mentioned it, CT) is a TTP, which is incorrect. --bcaec50163fbe1009d04bc4923f6 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Wed, Mar 28, 2012 at 8:02 AM, =3DJeff= H <Je= ff.Hodges@kingsmountain.com> wrote:
The CA/Browser Forum (CABF) was mentioned a few times during this very inte= resting presentation in the PKIX session at IETF-83 Paris yesterday...

Trust-Related Activities:
Internet Certification Authorities
Revocation and SSL Replacements/Enhancements
https://www.ietf.org/proceedings/83/slides/slide= s-83-pkix-10.pdf

Hmmm...

a) Doesn't mention Certificate Transparency.
<= br>
b) Thinks Sovereign Keys (and presumably, had they mentioned = it, CT) is a TTP, which is incorrect.

--bcaec50163fbe1009d04bc4923f6-- From paul.hoffman@vpnc.org Wed Mar 28 01:17:11 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A13A21F841B for ; Wed, 28 Mar 2012 01:17:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.578 X-Spam-Level: X-Spam-Status: No, score=-102.578 tagged_above=-999 required=5 tests=[AWL=0.021, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kcswzl5L0WQ2 for ; Wed, 28 Mar 2012 01:17:08 -0700 (PDT) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 3CDC321F8545 for ; Wed, 28 Mar 2012 01:17:08 -0700 (PDT) Received: from dhcp-2121.meeting.ietf.org (dhcp-2121.meeting.ietf.org [130.129.33.33]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.3) with ESMTP id q2S8H5kQ060748 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 28 Mar 2012 01:17:07 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) From: Paul Hoffman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Wed, 28 Mar 2012 10:17:04 +0200 Message-Id: To: IETF Security Area Advisory Group Mime-Version: 1.0 (Apple Message framework v1257) X-Mailer: Apple Mail (2.1257) Subject: [saag] IPsecME WG - IETF 83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Mar 2012 08:17:11 -0000 We had a very productive meeting discussing the open issues in the new = P2P VPN use cases and requirements document. There was little = controversy, although there will probably be some disagreement which = things are requirements for the eventual protocol. The next steps are to = revise the document, get the requirements into the document, and start = thinking about what protocol will match the requirements. --Paul Hoffman From kathleen.moriarty@emc.com Wed Mar 28 08:28:17 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D425C21E819A for ; Wed, 28 Mar 2012 08:28:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.085 X-Spam-Level: X-Spam-Status: No, score=-10.085 tagged_above=-999 required=5 tests=[AWL=0.514, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ImRFEtSUA1Bv for ; Wed, 28 Mar 2012 08:28:17 -0700 (PDT) Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 12C0F21E8158 for ; Wed, 28 Mar 2012 08:28:16 -0700 (PDT) Received: from hop04-l1d11-si04.isus.emc.com (HOP04-L1D11-SI04.isus.emc.com [10.254.111.24]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q2SFSFox026141 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 28 Mar 2012 11:28:16 -0400 Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.221.145]) by hop04-l1d11-si04.isus.emc.com (RSA Interceptor) for ; Wed, 28 Mar 2012 11:28:06 -0400 Received: from mxhub35.corp.emc.com (mxhub35.corp.emc.com [10.254.93.83]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q2SFS6VP022192 for ; Wed, 28 Mar 2012 11:28:06 -0400 Received: from mx06a.corp.emc.com ([169.254.1.106]) by mxhub35.corp.emc.com ([::1]) with mapi; Wed, 28 Mar 2012 11:28:06 -0400 From: To: Date: Wed, 28 Mar 2012 11:28:05 -0400 Thread-Topic: MILE Summary Thread-Index: AQHNDPdetAD9EZFQCkulDln/hfDJSg== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-EMM-MHVC: 1 Subject: [saag] MILE Summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Mar 2012 15:28:18 -0000 Hello, Here is a short summary from the MILE WG meeting that took place yesterday. MILE WG Meeting Summary: Tuesday, March 27, 2012 Co-chairs: Kathleen Moriarty & Brian Trammell Two drafts are almost published as RFCs:=20 RFC6045-bis (RFC6545) and RFC6046-bis (RFC6546) Two drafts are heading back into WGLC after being split from one document: http://tools.ietf.org/html/draft-trammell-mile-iodef-xmlreg-01 (adopte= d as a WG item, went to list to confirm) http://tools.ietf.org/html/draft-ietf-mile-template-03 (was original d= ocument) The Structured Cybersecurity Information draft needs to have the WG decide = what will be MTI for the proposed standard. We will split out a separate d= ocument to address including enumerated values consistently within the IODE= F document using the reference class (need to be able to parse them to enab= le automation). https://datatracker.ietf.org/doc/draft-ietf-mile-sci/ GRC Report exchange was presented by Dave Waltermire and accepted as a WG i= tem. This generalizes RID (RFC6545) to enable the secure exchange of any X= ML document. Went to the list for comments to include as a WG item. https://datatracker.ietf.org/doc/draft-moriarty-mile-grc-exchange/ The Forensic Extension to IODEF was presented by Chris Inacio. The draft w= as well received, but is in an early stage. More development will be done = and reviewed again for WG adoption. =20 Thanks, Kathleen= From kathleen.moriarty@emc.com Wed Mar 28 08:51:22 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2243C21E80BD for ; Wed, 28 Mar 2012 08:51:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.094 X-Spam-Level: X-Spam-Status: No, score=-10.094 tagged_above=-999 required=5 tests=[AWL=0.505, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jl9EFAlAkBWu for ; Wed, 28 Mar 2012 08:51:21 -0700 (PDT) Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 5E45621E80B8 for ; Wed, 28 Mar 2012 08:51:20 -0700 (PDT) Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q2SFpIEV019895 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 28 Mar 2012 11:51:19 -0400 Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.221.251]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor) for ; Wed, 28 Mar 2012 11:51:03 -0400 Received: from mxhub04.corp.emc.com (mxhub04.corp.emc.com [10.254.141.106]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q2SFp2BS001041 for ; Wed, 28 Mar 2012 11:51:02 -0400 Received: from mx06a.corp.emc.com ([169.254.1.106]) by mxhub04.corp.emc.com ([10.254.141.106]) with mapi; Wed, 28 Mar 2012 11:51:02 -0400 From: To: Date: Wed, 28 Mar 2012 11:51:01 -0400 Thread-Topic: Side Meeting on Security Automation and Continuous Monitoring (SACM) Thread-Index: AQHNDPqTTex6WoHyjUqQ9Az8XxVA/w== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-EMM-MHVC: 1 Subject: [saag] Side Meeting on Security Automation and Continuous Monitoring (SACM) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Mar 2012 15:51:22 -0000 Hello, Here is a brief summary from the SACM side meeting held on Sunday from 11AM= -1PM. SACM Side Meeting Summary: Security Automation and Continuous Monitoring (SACM pronounced sack-em) https://www.ietf.org/mailman/listinfo/sacm The meeting minutes have been posted to the mailing list:=20 http://www.ietf.org/mail-archive/web/sacm/current/msg00176.html. The group is interested in a use case to automate security assessment and c= ontrol validation to attain situational awareness. The idea is to pull tog= ether existing efforts (IETF, possibly moving some into the IETF, and new),= creating mappings where necessary to first enable continuous monitoring (u= nderstand the current environment =96 systems, devices, etc.) and then risk= posture analysis. =20 The group will start on a use case document, explaining connections to exis= ting IETF efforts (NEA, MILE, Netconf, IPFIX, SNMP, etc.) and identifying w= here new work is needed. Then work on a charter and begin the development = of documents to support the use case. An *initial* cut at the abstract for= the use case document from Dave Waltermire is included: "This draft identifies fundamental use cases, derived functional capabiliti= es and requirements, architectural components, and the supporting standards= needed to define the interoperable, automation infrastructure required to = support timely, accurate and actionable situational awareness over an organ= ization=92s IT infrastructure. Automation tools implementing a continuous = monitoring approach will utilize this infrastructure to provide visibility = into the state of assets, user activities and network behavior. Stakeholde= rs will be able to use these tools to understand the organizations security= posture, quantify business risk, and make informed decisions that support = organizational objectives while protecting critical information. Other aut= omation tools will be able to leverage information provided by this infrast= ructure to enforce policies based on human decisions." =20 The group could benefit from additional IETF help, especially from the secu= rity, application, and operation areas. =20 Thank you, Kathleen= From ekr@rtfm.com Wed Mar 28 10:00:08 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D496A21E8258 for ; Wed, 28 Mar 2012 10:00:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.977 X-Spam-Level: X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CoN3CmYktWZI for ; Wed, 28 Mar 2012 10:00:08 -0700 (PDT) Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 106A921E8254 for ; Wed, 28 Mar 2012 10:00:07 -0700 (PDT) Received: by vcbfk13 with SMTP id fk13so1016227vcb.31 for ; Wed, 28 Mar 2012 10:00:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:from:date:message-id:subject:to:cc :content-type:x-gm-message-state; bh=WzQdmmBJ8EFAPhjF5E9E6PlcXviYQROqCjEmQOKAzT8=; b=dsiObHAzXBj94Lcm1hZu9ojg9NIZA2w9HV14C/fbAUUdhYivVUDwFrc9UTcaIR/WoG BWFRI/08gGhCabIMsmTv5Jv2XOyZcfIWtnJuX6uqZCuGCX055/thJJSTyjyssUaYtucE WAkt/1KH8VPjQ6DeDhy7HU0DMBvfIfzro8T9nGm2LQtxOyBM5gkCWMcMQoxcHwNhIyxj Rt7p1rBG2T9VIsKyOPyXYVBblqEahzq18vZnA1NpzIScP/Lwk7aAbg7xmDI2d001esiv i5iaoPI5qHdIIy+Y/3bb0OmSZsw4neEo0W2kWcnizI5Hy8N6xjyWy90yV+Q/k1ZBIe1W 40JQ== Received: by 10.52.69.100 with SMTP id d4mr12583951vdu.9.1332954007411; Wed, 28 Mar 2012 10:00:07 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.22.195 with HTTP; Wed, 28 Mar 2012 09:59:26 -0700 (PDT) X-Originating-IP: [2001:df8:0:80:5a55:caff:fef1:5a11] From: Eric Rescorla Date: Wed, 28 Mar 2012 18:59:26 +0200 Message-ID: To: saag@ietf.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQmrdPP82eflm/W0chIxDwhEUogKj3qqvMDH/SR83Tyzrp2hBedtRQ5uCa6Qzvw9wvRUxE2f Subject: [saag] TLS Report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Mar 2012 17:00:09 -0000 TLS met today at 3:00 for an hour. 1. We agreed to take draft-ietf-tls-oob to last call. 2. We're going to solicit additional reviews for draft-ietf-tls-cached-info to see if it's ready. 3. We decided not to pursue encrypted client certificates. 4. There was general agreement to pursue a new PAKE algorithm. CFRG to review Dan Harkins's PWD proposal to help decide if we should take it. 5. The WG decided to likely adopt draft-petterson-tls-multiple-ocsp pending reviews for readiness. -Ekr From jimsch@nwlink.com Wed Mar 28 23:22:08 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 885AB21F849B for ; Wed, 28 Mar 2012 23:22:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qZ-0kSG1sStv for ; Wed, 28 Mar 2012 23:22:06 -0700 (PDT) Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) by ietfa.amsl.com (Postfix) with ESMTP id BF12721E8053 for ; Wed, 28 Mar 2012 23:22:05 -0700 (PDT) Received: from Tobias (dhcp-10a6.meeting.ietf.org [130.129.16.166]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTPSA id 60BD42CA14; Wed, 28 Mar 2012 23:22:04 -0700 (PDT) From: "Jim Schaad" To: Date: Thu, 29 Mar 2012 08:21:10 +0200 Message-ID: <028701cd0d74$248a8e40$6d9faac0$@nwlink.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Content-Language: en-us Thread-Index: Ac0Nc2OSz74fi197RM2cf3QtVm6D4A== Subject: [saag] JOSE Report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2012 06:22:08 -0000 The JOSE group met Tuesday afternoon @ 3:20 We started with a presentation on a use case document that will be published in the next two weeks at which point we will make a consses call if the document should be adopted as a working group document. The authors of the current WG documents then presented a brief summary of the changes since the last meeting and then the questions to be addressed in getting updates done. As there had not been much discussion either on the mailing list or in the room on many of the issues, the authors are going to slowly feed the questions in the mailing list to be addressed and decided on. Mike Jones also presented two non-WG documents dealing with methods of representing signature and encrypted JSON objects as JSON data structures rather than as dot separated base64 strings. No decision was taken dealing with either moving the encodings into the core structure or adopting these as separate documents. The pros and cons need to be outlined and then a decision taken. Jim From sethomso@cisco.com Thu Mar 29 02:25:37 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D79DF21F8A24 for ; Thu, 29 Mar 2012 02:25:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -109.599 X-Spam-Level: X-Spam-Status: No, score=-109.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jn32oocnS5F0 for ; Thu, 29 Mar 2012 02:25:36 -0700 (PDT) Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id CD9CA21F8A42 for ; Thu, 29 Mar 2012 02:25:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=sethomso@cisco.com; l=710; q=dns/txt; s=iport; t=1333013137; x=1334222737; h=date:subject:from:to:message-id:mime-version: content-transfer-encoding; bh=/cfZ1lPEYJLkldxXTS2rZ9R0BDfNhyljiePXzqExZVo=; b=Ig0Q/tFU3EOftgypIcqQrpMBlghBGKmvZzmoXsR1NnPK8bnUFi2vgMW+ aStvSv36C0AXF6QidDR+jwyttZciG5Z5iKNg4riFfU1EPeOWlmoaOPpvJ ABZlictzB87rtRp0aljrb9qBt0ZjjsBKRpQgwVgDQWI5bVN4Nzug9o15j E=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EAG0pdE+tJXG9/2dsb2JhbABFuQ6BB4ILAQQSAScCAU4BNXEBBDWHaJopgSefF41vDIMkBJVhjkWBaIMD X-IronPort-AV: E=Sophos;i="4.73,667,1325462400"; d="scan'208";a="70164964" Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-1.cisco.com with ESMTP; 29 Mar 2012 09:25:33 +0000 Received: from xbh-rcd-101.cisco.com (xbh-rcd-101.cisco.com [72.163.62.138]) by rcdn-core2-2.cisco.com (8.14.3/8.14.3) with ESMTP id q2T9PXvE014477 for ; Thu, 29 Mar 2012 09:25:33 GMT Received: from xmb-rcd-111.cisco.com ([72.163.62.153]) by xbh-rcd-101.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 29 Mar 2012 04:25:33 -0500 Received: from 10.86.242.148 ([10.86.242.148]) by XMB-RCD-111.cisco.com ([72.163.62.153]) with Microsoft Exchange Server HTTP-DAV ; Thu, 29 Mar 2012 09:25:32 +0000 User-Agent: Microsoft-Entourage/12.32.0.111121 Date: Thu, 29 Mar 2012 05:25:31 -0400 From: Susan Thomson To: Message-ID: Thread-Topic: NEA summary Thread-Index: Ac0NjeLJG5vUXiv3mE+UM8tTEn61CQ== Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-OriginalArrivalTime: 29 Mar 2012 09:25:33.0259 (UTC) FILETIME=[E421E9B0:01CD0D8D] Subject: [saag] NEA summary X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2012 09:25:38 -0000 The NEA WG has completed WGLC on the two posture transport specifications: 1. PT-TLS will be sent to the IESG after the I-D has been updated to take the WGLC comments into account 2. PT-EAP will be updated to address WGLC comments, and sent to EMU WG for review. The draft will be sent to the IESG after EMU WG comments have been resolved. A third specification which documents counter-measures to the NEA Asokan attack will be converted to a WG document and, after completion of WGLC, sent to the IESG for publication as an Informational RFC. The above I-Ds complete the charter. The NEA WG does not plan to meet at the next IETF unless it is necessary to resolve issues from IESG and IETF LC. From leifj@mnt.se Thu Mar 29 05:25:35 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FCEA21F8A98 for ; Thu, 29 Mar 2012 05:25:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.266 X-Spam-Level: X-Spam-Status: No, score=-3.266 tagged_above=-999 required=5 tests=[AWL=-0.667, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nuU6zcZgwBA7 for ; Thu, 29 Mar 2012 05:25:35 -0700 (PDT) Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id C535321F8A99 for ; Thu, 29 Mar 2012 05:25:34 -0700 (PDT) Received: from [130.129.23.57] (dhcp-1739.meeting.ietf.org [130.129.23.57]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id q2TCPU4S028123 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 29 Mar 2012 14:25:33 +0200 (CEST) Message-ID: <4F7454BA.3030701@mnt.se> Date: Thu, 29 Mar 2012 14:25:30 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120310 Thunderbird/11.0 MIME-Version: 1.0 To: "saag@ietf.org" X-Enigmail-Version: 1.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [saag] abfab@paris X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2012 12:25:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ABFAB met this morning. We were scheduled in conflict with the cool SCIM BoF which may have reduced attendance somewhat. The WG is making progress on our core documents and the goal is to have a significant number of them ready for LC by Vancouver. Best R Leif & Klaas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk90VLoACgkQ8Jx8FtbMZncR9gCggTm8QIn4+iF1CdkXfb5O3WAw azkAoJtIhh/m8yhwATPi7aBoY6TZG/mq =x2Uc -----END PGP SIGNATURE----- From ondrej.sury@nic.cz Thu Mar 29 07:46:33 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF5221F896A for ; Thu, 29 Mar 2012 07:46:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.277 X-Spam-Level: X-Spam-Status: No, score=-0.277 tagged_above=-999 required=5 tests=[AWL=-0.992, BAYES_40=-0.185, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4wxjJL47yCru for ; Thu, 29 Mar 2012 07:46:32 -0700 (PDT) Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id BAE9421F8968 for ; Thu, 29 Mar 2012 07:46:32 -0700 (PDT) Received: from [10.10.0.6] (howl.nic.cz [217.31.204.249]) by mail.nic.cz (Postfix) with ESMTPSA id 6ACF713F6B3; Thu, 29 Mar 2012 16:46:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1333032391; bh=lgk2/8KHOlAk3Tm0PbutzAqsmHbtn2JalrxgvGftzDk=; h=From:Content-Type:Content-Transfer-Encoding:Subject:Date: Message-Id:Cc:To:Mime-Version; b=RGEEewbkZWhUk3ru3xGwMFiw6YN536w/Gpmr/4lg/lzEUdySFdIf/bLPX9uopPdIw 8mmFxYEO315qC3m4mE2p4rXVItEIk6RF9fmue6aPDMkSAqjsQraGkuJZWJV8MNXsOM yJAkpzQudRXlKtZ8I7Eg6qPYgCeRU7Sl3riDuXDM= From: =?utf-8?Q?Ond=C5=99ej_Sur=C3=BD?= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Date: Thu, 29 Mar 2012 16:46:33 +0200 Message-Id: <1C4AAEFD-5FBD-4AC6-B1FE-679CABB9B904@nic.cz> To: saag@ietf.org Mime-Version: 1.0 (Apple Message framework v1257) X-Mailer: Apple Mail (2.1257) X-Virus-Scanned: clamav-milter 0.96.5 at mail X-Virus-Status: Clean Cc: dane-chairs@tools.ietf.org Subject: [saag] DANE Report X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2012 14:46:33 -0000 DANE did not meet in Paris. We finished DANE protocol (the main document) WGLC and the document is = in AD Evaluation state. We expect to resolve the AD comments soon after we get back from Paris and move it to IETF LC. O. -- Ond=C5=99ej Sur=C3=BD vedouc=C3=AD v=C3=BDzkumu/Head of R&D department ------------------------------------------- CZ.NIC, z.s.p.o. -- Laborato=C5=99e CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:ondrej.sury@nic.cz http://nic.cz/ tel:+420.222745110 fax:+420.222745112 ------------------------------------------- From derek@ihtfp.com Thu Mar 29 08:27:13 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9846A21E8209; Thu, 29 Mar 2012 08:27:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.988 X-Spam-Level: X-Spam-Status: No, score=-101.988 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nmo4hIrIT4Hc; Thu, 29 Mar 2012 08:27:13 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id D7EEA21E8204; Thu, 29 Mar 2012 08:27:12 -0700 (PDT) Received: from mocana.ihtfp.org (dhcp-5279.meeting.ietf.org [130.129.82.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id C1638260268; Thu, 29 Mar 2012 11:27:11 -0400 (EDT) Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.5/8.14.5/Submit) id q2TFR6tE012061; Thu, 29 Mar 2012 11:27:06 -0400 From: Derek Atkins To: saag@ietf.org, oauth@ietf.org Date: Thu, 29 Mar 2012 11:27:03 -0400 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [saag] OAUTH Report for IETF-83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2012 15:27:13 -0000 Hi, OAUTH met earlier this afternoon in Afternoon Session I at 13h00 for a two hour session. After introducing ourselves and welcoming me to the working group we thanked Barry and Blaine for their service. Torsten spoke about draft-ietf-oauth-v2-threatmodel. This document has completed WG Last Call. Torsten has applied changes based on the Last Call Comments and has published a new revision. Barry promised to finish his PROTO Shepard review next week so we can send this document to the IESG. He promises to take Mike Thomas' issues from the list into account and make sure that everyone is happy. [ I'd like to extend a personal thank you to Barry for continuing his role as document shephard for this draft. -- derek ] Next, Mike Jones spoke about the Assertions, SAML2 Bearer, and URN-Sub-NS drafts. Except for one outstanding issue Mike believes these documents are ready for WGLC. Consensus in the room was to take these three docs to WGLC, which the chairs will do by the end of next week. The MAC Token draft has languished while time was spent working on the core document. Eran was not here, nor was he online, to talk about the status of the MAC Token draft. There were only a few people in the room interested in reviewing the draft, which was not a clear consensus of interest, even though this document does solve a problem that the bearer tokens cannot. The chairs will take it to the list to evaluate if there is enough interest to continue with this document. In a related note, this document (as well as the v2-bearer document) is not available off the tools page even though it has not expired. I have taken the action item to get that sorted out. Finally, we spent the majority of our time talking about rechartering based on the proposed charter sent to the list by Hannes a week or two ago. Consensus of the room was that there was enough interest to recharter based roughly on the proposed charter. There was also consensus to include Simple Web Discovery (in addition to, and separate from, Dynamic Client Registration), although we will need to work with the ADs to make sure it gets handled in the appropriate WG and Area. Moreover, it's important to make sure the appropriate applications area participants get involved in the SWD work. Hannes and I will revise the proposed charter and send it out to the WG for additional comments and feedback. Our goal is to send it to the IESG for approval on their April 26th telechat. This would hopefully result in approval on the May 10th chat, after public comment. We finished the meeting at 14h30. -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From henry.story@bblfish.net Thu Mar 29 20:24:54 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E36E21E8032 for ; Thu, 29 Mar 2012 20:24:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.949 X-Spam-Level: X-Spam-Status: No, score=-6.949 tagged_above=-999 required=5 tests=[AWL=-3.350, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UxGE2WnBZbbB for ; Thu, 29 Mar 2012 20:24:53 -0700 (PDT) Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1FB5321F85D3 for ; Thu, 29 Mar 2012 20:24:52 -0700 (PDT) Received: by wgbdr13 with SMTP id dr13so112138wgb.13 for ; Thu, 29 Mar 2012 20:24:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:subject:date:message-id:to:mime-version:x-mailer :x-gm-message-state:content-type:content-transfer-encoding; bh=aCewfbxbphOSRgTFR6rfWHcNSVwXDdNY4bEG1tNFPss=; b=j06gTsiozOE2fnoPi+bDhEEV0tyTxDl4ipX0OgTx7+cpZq4A7/b/XR/qDNFaLzOfzM ye8zxhbNpdZEZa5V+CNpTskpXKXgh6AQf5m2MQ4ez26tIiCD5B7UKXMCvOdZiKoLskJF monPjNg2tXtnznyGsIcJPeIBCDcUyXk6IeiZI9WsgpWZgfeTH/a9qkCRHyQ/KhzuhBBH AIDzDQX6sUKl2NgfyzuwtttjOBgzvBjnzLNOHJTNOSBFNsrYN37wkaiv1hpeq7MDrZVf VRRejnJcgfJ12J9n+mnz3luvGCJ7MmCSgWjJta9wtXp65aamb7/Fc4LbG3Uxdw1UMVFu 3YOg== Received: by 10.180.91.165 with SMTP id cf5mr1875254wib.2.1333077892220; Thu, 29 Mar 2012 20:24:52 -0700 (PDT) Received: from [192.168.1.180] (ATuileries-153-1-47-148.w83-202.abo.wanadoo.fr. [83.202.30.148]) by mx.google.com with ESMTPS id n8sm4178139wix.10.2012.03.29.20.24.50 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 20:24:51 -0700 (PDT) From: Henry Story Date: Fri, 30 Mar 2012 05:24:49 +0200 Message-Id: <45274861-99FA-470F-94F7-8CF765F8C4DE@bblfish.net> To: saag@ietf.org Mime-Version: 1.0 (Apple Message framework v1257) X-Mailer: Apple Mail (2.1257) X-Gm-Message-State: ALoCoQlgwOrYNOoRheaWoW8NLxJU5T7w+8jbIw2vv+gb/eMQSrNmCmqHebshKQTUerL25XPz6crM Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: [saag] "Privacy in IETF Protocols" at IETF83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 03:24:54 -0000 I very much appreciated Ian Walden's talk today at IETF83 meeting in=20 Paris [1] He mentioned that the EU directives made it a legal = requirement=20 to make the use of cookies transparent to the users. In the questions=20 and answers session I mentioned work by Mozilla that gave a very good UI demonstration of how this could be done. You can find the blog post by=20= Azza Raskin where he developed this here: http://www.azarask.in/blog/post/identity-in-the-browser-firefox/ He was working on a more cookie oriented approach, but this would also = work very well for TLS, and there is an issue open for this on Google Chrome for = example http://code.google.com/p/chromium/issues/detail?id=3D29784 It is good to see that the legislation is now providing an extra = incentive to for browser vendors to provide good clean transparent user interfaces. Henry [1] picture of Ian Walden http://instagr.am/p/IwxJJQvhf6/ Social Web Architect http://bblfish.net/ From henry.story@bblfish.net Thu Mar 29 20:49:07 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4737F21E803D for ; Thu, 29 Mar 2012 20:49:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.832 X-Spam-Level: X-Spam-Status: No, score=-5.832 tagged_above=-999 required=5 tests=[AWL=-2.233, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFk2R8cwvBKM for ; Thu, 29 Mar 2012 20:49:06 -0700 (PDT) Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4DC2021E8018 for ; Thu, 29 Mar 2012 20:49:06 -0700 (PDT) Received: by wibhj6 with SMTP id hj6so145825wib.13 for ; Thu, 29 Mar 2012 20:49:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:subject:date:message-id:to:mime-version:x-mailer :x-gm-message-state:content-type:content-transfer-encoding; bh=6Y0jj0bfOkAXusYuuKvnXDFnfbm4X/HvjaCoxXrffHQ=; b=HFTbeHzKdN2tf44UEP1fKLSqOWvkTHJQ7Y5wQypvrUT++26LhGarjHCgx+FdgJFsFi sb+ji9viu/pk39oy98atrUjCQAhH+bGJnsvVeD+FCNiwFcAJEnG6dnLnuxJFjQ2jPzHK ZNorh7jg7PDlxqmCiqn/J3XQgjoeiJG5kJ1TKin4497JzxmdMhT7M02BddUWl1lYrJhK QS1HFzDCkO2tgIRHJL6RZmNUCiPtWqJpse7gkfK5tbvmYHwHN7hK0ySn+bxDlL4I7V56 6D+EgylgTAh/YIdnIy0DUuG9D3PlDZENAkVzrX9PyKIYc8v5SLP+aAs6VF4UJ9UG7rsY SvjQ== Received: by 10.180.101.136 with SMTP id fg8mr2044665wib.4.1333079345473; Thu, 29 Mar 2012 20:49:05 -0700 (PDT) Received: from [192.168.1.180] (ATuileries-153-1-47-148.w83-202.abo.wanadoo.fr. [83.202.30.148]) by mx.google.com with ESMTPS id ex2sm4461497wib.8.2012.03.29.20.49.04 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 20:49:04 -0700 (PDT) From: Henry Story Date: Fri, 30 Mar 2012 05:49:03 +0200 Message-Id: <583A12BA-8B16-425C-97CD-5D226FCD8BBE@bblfish.net> To: saag@ietf.org Mime-Version: 1.0 (Apple Message framework v1257) X-Mailer: Apple Mail (2.1257) X-Gm-Message-State: ALoCoQnulMtuq2DQ5DVgR/nRgMDeQJoCQB9mH85f4QPPu1kONOTDLCmtmEGDQ4fSjFSlSLZs1mut Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: [saag] WebID protocol X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 03:49:07 -0000 At the IETF meeting yesterday I mentioned the WebID protocol work done at the W3C. It is essentially just a HOWTO for using TLS client authentication to enable us to build distributed secure social networks (which is what I am really interested in). Distributed Social Networks=20= are of course privacy enhancing since it allows only those people who wish to communicate to do so.=20 As a short example, if I can put my content on my Freedom Box [1], and=20= you can put your information on yours, and it is easy for me to = authenticate=20 to your box even if we have never met before (because I am perhaps a = friend=20 of a friend of yours) then one can avoid the need for a social network = service=20 provider having the view into our communication too. These nodes in the = social=20 network don't have to be individuals, they can of course be businesses = too. Here are a few links: - short video on http://webid.info/ - spec http://www.w3.org/2005/Incubator/webid/spec/ - community group http://www.w3.org/community/webid/ The work is continuing in the Community Group, and feedback is welcome there.=20 WebID is working at the level of TLS and the semantic web, which is = why the work was done at the W3C. But I think it should also be of interest = to the people at the IETF working on security. Henry [1] http://freedomboxfoundation.org/ Social Web Architect http://bblfish.net/ From adam@stoicsecurity.com Thu Mar 29 22:14:45 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23FC821F86E3 for ; Thu, 29 Mar 2012 22:14:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.203 X-Spam-Level: X-Spam-Status: No, score=-1.203 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PEMKVWQ21pW6 for ; Thu, 29 Mar 2012 22:14:44 -0700 (PDT) Received: from m1plsmtpa01-05.prod.mesa1.secureserver.net (m1plsmtpa01-05.prod.mesa1.secureserver.net [64.202.165.10]) by ietfa.amsl.com (Postfix) with ESMTP id F2E5C21F86E2 for ; Thu, 29 Mar 2012 22:14:43 -0700 (PDT) Received: from [10.11.163.251] ([166.137.11.156]) by m1plsmtpa01-05.prod.mesa1.secureserver.net with id rhEJ1i00G3N0Njq01hEeZb; Thu, 29 Mar 2012 22:14:42 -0700 References: <45274861-99FA-470F-94F7-8CF765F8C4DE@bblfish.net> In-Reply-To: <45274861-99FA-470F-94F7-8CF765F8C4DE@bblfish.net> Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: X-Mailer: iPhone Mail (9B176) From: "Adam W. Montville" Date: Fri, 30 Mar 2012 07:13:26 +0200 To: Henry Story Cc: "saag@ietf.org" Subject: Re: [saag] "Privacy in IETF Protocols" at IETF83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 05:14:45 -0000 +1 Sent from my iPhone On Mar 30, 2012, at 5:24 AM, Henry Story wrote: > I very much appreciated Ian Walden's talk today at IETF83 meeting in=20 > Paris [1] He mentioned that the EU directives made it a legal requirement=20= > to make the use of cookies transparent to the users. In the questions=20 > and answers session I mentioned work by Mozilla that gave a very good UI > demonstration of how this could be done. You can find the blog post by=20 > Azza Raskin where he developed this here: >=20 > http://www.azarask.in/blog/post/identity-in-the-browser-firefox/ >=20 > He was working on a more cookie oriented approach, but this would also wor= k very > well for TLS, and there is an issue open for this on Google Chrome for exa= mple >=20 > http://code.google.com/p/chromium/issues/detail?id=3D29784 >=20 > It is good to see that the legislation is now providing an extra incentive= to > for browser vendors to provide good clean transparent user interfaces. >=20 > Henry >=20 > [1] picture of Ian Walden http://instagr.am/p/IwxJJQvhf6/ >=20 > Social Web Architect > http://bblfish.net/ >=20 > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag From derek@ihtfp.com Thu Mar 29 23:14:46 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B653A21F87C1; Thu, 29 Mar 2012 23:14:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.183 X-Spam-Level: X-Spam-Status: No, score=-101.183 tagged_above=-999 required=5 tests=[AWL=-0.804, BAYES_00=-2.599, FROM_EXCESS_BASE64=1.456, HELO_MISMATCH_ORG=0.611, HTML_MESSAGE=0.001, SARE_SUB_ENC_UTF8=0.152, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RaLaUsyG--RO; Thu, 29 Mar 2012 23:14:43 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id 1FDB121F866B; Thu, 29 Mar 2012 23:14:43 -0700 (PDT) Received: from [130.129.65.222] (dhcp-41de.meeting.ietf.org [130.129.65.222]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mail2.ihtfp.org (Postfix) with ESMTPSA id F41FA26023A; Fri, 30 Mar 2012 02:14:40 -0400 (EDT) To: "=?utf-8?B?RXJhbiBIYW1tZXI=?=" , "=?utf-8?B?V2lsbGlhbSBNaWxscw==?=" , "=?utf-8?B?c2FhZ0BpZXRmLm9yZw==?=" , "=?utf-8?B?b2F1dGhAaWV0Zi5vcmc=?=" From: "=?utf-8?B?RGVyZWsgQXRraW5z?=" Date: Fri, 30 Mar 2012 08:14:46 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2_1333088086778" Message-Id: <20120330061443.1FDB121F866B@ietfa.amsl.com> Subject: Re: [saag] =?utf-8?q?=5BOAUTH-WG=5D_OAUTH_Report_for_IETF-83?= X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 06:14:46 -0000 ------=_Part_2_1333088086778 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Content-Disposition: inline WWVzLCB5b3UgYXJlIG1pc3NpbmcgdGhlIG1lZXRpbmcgd2UgaGFkIHllc3RlcmRheSB3aGVyZSBp dCB3YXMgZGlzY3Vzc2VkIHRvIGJlIGFkZGVkIHRvIHRoZSBjaGFydGVyLgoKLWRlcmVrLCBXRyBD aGFpcgoKU2VudCBmcm9tIG15IEhUQyBvbiB0aGUgTm93IE5ldHdvcmsgZnJvbSBTcHJpbnQhCgot LS0tLSBSZXBseSBtZXNzYWdlIC0tLS0tCkZyb206ICJFcmFuIEhhbW1lciIgPGVyYW5AaHVlbml2 ZXJzZS5jb20+CkRhdGU6IEZyaSwgTWFyIDMwLCAyMDEyIDQ6MjUgYW0KU3ViamVjdDogW09BVVRI LVdHXSBPQVVUSCBSZXBvcnQgZm9yIElFVEYtODMKVG86ICJXaWxsaWFtIE1pbGxzIiA8d21pbGxz QHlhaG9vLWluYy5jb20+LCAiRGVyZWsgQXRraW5zIiA8ZGVyZWtAaWh0ZnAuY29tPiwgInNhYWdA aWV0Zi5vcmciIDxzYWFnQGlldGYub3JnPiwgIm9hdXRoQGlldGYub3JnIiA8b2F1dGhAaWV0Zi5v cmc+Cgo= ------=_Part_2_1333088086778 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 Content-Disposition: inline PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PXVzLWFzY2lpIj48bWV0YSBuYW1lPUdlbmVyYXRvciBjb250 ZW50PSJNaWNyb3NvZnQgV29yZCAxNCAoZmlsdGVyZWQgbWVkaXVtKSI+PCEtLVtpZiAhbXNvXT48 c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fW9cOioge2JlaGF2aW9yOnVy bCgjZGVmYXVsdCNWTUwpO313XDoqIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9LnNoYXBl IHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9PC9zdHlsZT48IVtlbmRpZl0tLT48c3R5bGU+ PCEtLS8qIEZvbnQgRGVmaW5pdGlvbnMgKi9AZm9udC1mYWNlCXtmb250LWZhbWlseToiQ2FtYnJp YSBNYXRoIjsJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9QGZvbnQtZmFjZQl7Zm9udC1m YW1pbHk6Q2FsaWJyaTsJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fUBmb250LWZhY2UJ e2ZvbnQtZmFtaWx5OlRhaG9tYTsJcGFub3NlLTE6MiAxMSA2IDQgMyA1IDQgNCAyIDQ7fS8qIFN0 eWxlIERlZmluaXRpb25zICovcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1h bAl7bWFyZ2luOjBpbjsJbWFyZ2luLWJvdHRvbTouMDAwMXB0Owlmb250LXNpemU6MTIuMHB0Owlm b250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO31hOmxpbmssIHNwYW4uTXNvSHlw ZXJsaW5rCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7CWNvbG9yOmJsdWU7CXRleHQtZGVjb3JhdGlv bjp1bmRlcmxpbmU7fWE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZAl7bXNvLXN0 eWxlLXByaW9yaXR5Ojk5Owljb2xvcjpwdXJwbGU7CXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7 fXAuTXNvQWNldGF0ZSwgbGkuTXNvQWNldGF0ZSwgZGl2Lk1zb0FjZXRhdGUJe21zby1zdHlsZS1w cmlvcml0eTo5OTsJbXNvLXN0eWxlLWxpbms6IkJhbGxvb24gVGV4dCBDaGFyIjsJbWFyZ2luOjBp bjsJbWFyZ2luLWJvdHRvbTouMDAwMXB0Owlmb250LXNpemU6OC4wcHQ7CWZvbnQtZmFtaWx5OiJU YWhvbWEiLCJzYW5zLXNlcmlmIjt9cC5Nc29MaXN0UGFyYWdyYXBoLCBsaS5Nc29MaXN0UGFyYWdy YXBoLCBkaXYuTXNvTGlzdFBhcmFncmFwaAl7bXNvLXN0eWxlLXByaW9yaXR5OjM0OwltYXJnaW4t dG9wOjBpbjsJbWFyZ2luLXJpZ2h0OjBpbjsJbWFyZ2luLWJvdHRvbTowaW47CW1hcmdpbi1sZWZ0 Oi41aW47CW1hcmdpbi1ib3R0b206LjAwMDFwdDsJZm9udC1zaXplOjEyLjBwdDsJZm9udC1mYW1p bHk6IlRpbWVzIE5ldyBSb21hbiIsInNlcmlmIjt9c3Bhbi5FbWFpbFN0eWxlMTcJe21zby1zdHls ZS10eXBlOnBlcnNvbmFsLXJlcGx5Owlmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYi Owljb2xvcjojMUY0OTdEO31zcGFuLkJhbGxvb25UZXh0Q2hhcgl7bXNvLXN0eWxlLW5hbWU6IkJh bGxvb24gVGV4dCBDaGFyIjsJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Owltc28tc3R5bGUtbGluazoi QmFsbG9vbiBUZXh0IjsJZm9udC1mYW1pbHk6IlRhaG9tYSIsInNhbnMtc2VyaWYiO30uTXNvQ2hw RGVmYXVsdAl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7CWZvbnQtc2l6ZToxMC4wcHQ7fUBw YWdlIFdvcmRTZWN0aW9uMQl7c2l6ZTo4LjVpbiAxMS4waW47CW1hcmdpbjoxLjBpbiAxLjBpbiAx LjBpbiAxLjBpbjt9ZGl2LldvcmRTZWN0aW9uMQl7cGFnZTpXb3JkU2VjdGlvbjE7fS8qIExpc3Qg RGVmaW5pdGlvbnMgKi9AbGlzdCBsMAl7bXNvLWxpc3QtaWQ6MTcyMzc0NTc2MzsJbXNvLWxpc3Qt dHlwZTpoeWJyaWQ7CW1zby1saXN0LXRlbXBsYXRlLWlkczoxNDQ2MTI3NzQ2IDY3Njk4NzAzIDY3 Njk4NzEzIDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4NzEzIDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4 NzEzIDY3Njk4NzE1O31AbGlzdCBsMDpsZXZlbDEJe21zby1sZXZlbC10YWItc3RvcDpub25lOwlt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7CXRleHQtaW5kZW50Oi0uMjVpbjt9QGxpc3Qg bDA6bGV2ZWwyCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsJbXNvLWxldmVs LXRhYi1zdG9wOm5vbmU7CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsJdGV4dC1pbmRl bnQ6LS4yNWluO31AbGlzdCBsMDpsZXZlbDMJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFu LWxvd2VyOwltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpyaWdodDsJdGV4dC1pbmRlbnQ6LTkuMHB0O31AbGlzdCBsMDpsZXZlbDQJe21zby1sZXZlbC10 YWItc3RvcDpub25lOwltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7CXRleHQtaW5kZW50 Oi0uMjVpbjt9QGxpc3QgbDA6bGV2ZWw1CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1s b3dlcjsJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsJdGV4dC1pbmRlbnQ6LS4yNWluO31AbGlzdCBsMDpsZXZlbDYJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OnJvbWFuLWxvd2VyOwltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpyaWdodDsJdGV4dC1pbmRlbnQ6LTkuMHB0O31AbGlzdCBsMDpsZXZl bDcJe21zby1sZXZlbC10YWItc3RvcDpub25lOwltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl ZnQ7CXRleHQtaW5kZW50Oi0uMjVpbjt9QGxpc3QgbDA6bGV2ZWw4CXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDphbHBoYS1sb3dlcjsJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7CW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsJdGV4dC1pbmRlbnQ6LS4yNWluO31AbGlzdCBsMDpsZXZlbDkJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxvd2VyOwltc28tbGV2ZWwtdGFiLXN0b3A6 bm9uZTsJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpyaWdodDsJdGV4dC1pbmRlbnQ6LTkuMHB0 O31vbAl7bWFyZ2luLWJvdHRvbTowaW47fXVsCXttYXJnaW4tYm90dG9tOjBpbjt9LS0+PC9zdHls ZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD48bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBz cGlkbWF4PSIxMDI2IiAvPjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1s PjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij48bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0i MSIgLz48L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+PC9oZWFkPjxib2R5IGxhbmc9 RU4tVVMgbGluaz1ibHVlIHZsaW5rPXB1cnBsZT5ZZXMsIHlvdSBhcmUgbWlzc2luZyB0aGUgbWVl dGluZyB3ZSBoYWQgeWVzdGVyZGF5IHdoZXJlIGl0IHdhcyBkaXNjdXNzZWQgdG8gYmUgYWRkZWQg dG8gdGhlIGNoYXJ0ZXIuPGJyPjxicj4tZGVyZWssIFdHIENoYWlyPGJyPjxicj5TZW50IGZyb20g bXkgSFRDIG9uIHRoZSBOb3cgTmV0d29yayBmcm9tIFNwcmludCE8YnI+PGJyPjxkaXYgaWQ9Imh0 Y19oZWFkZXIiIHN0eWxlPSIiPi0tLS0tIFJlcGx5IG1lc3NhZ2UgLS0tLS08YnI+RnJvbTogJnF1 b3Q7RXJhbiBIYW1tZXImcXVvdDsgJmx0O2VyYW5AaHVlbml2ZXJzZS5jb20mZ3Q7PGJyPkRhdGU6 IEZyaSwgTWFyIDMwLCAyMDEyIDQ6MjUgYW08YnI+U3ViamVjdDogW09BVVRILVdHXSBPQVVUSCBS ZXBvcnQgZm9yIElFVEYtODM8YnI+VG86ICZxdW90O1dpbGxpYW0gTWlsbHMmcXVvdDsgJmx0O3dt aWxsc0B5YWhvby1pbmMuY29tJmd0OywgJnF1b3Q7RGVyZWsgQXRraW5zJnF1b3Q7ICZsdDtkZXJl a0BpaHRmcC5jb20mZ3Q7LCAmcXVvdDtzYWFnQGlldGYub3JnJnF1b3Q7ICZsdDtzYWFnQGlldGYu b3JnJmd0OywgJnF1b3Q7b2F1dGhAaWV0Zi5vcmcmcXVvdDsgJmx0O29hdXRoQGlldGYub3JnJmd0 Ozxicj48YnI+PC9kaXY+PGRpdiBjbGFzcz1Xb3JkU2VjdGlvbjE+PHAgY2xhc3M9TXNvTm9ybWFs PjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fu cy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+VGhlIG5hcnJhdGl2ZSBzbyBmYXI6PG86cD48L286cD48 L3NwYW4+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2Zv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjoj MUY0OTdEJz5UaGUgSUVURiBoYXMgYWRvcHRlZCBob3N0LW1ldGEgYXMgYSBnZW5lcmFsLXB1cnBv c2UgZGlzY292ZXJ5IG1lY2hhbmlzbSBpbiBSRkMgNjQxNS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+VGhlIE9wZW5JRCBDb25u ZWN0IGdyb3VwLCB3aGljaCB1dGlsaXplcyBPQXV0aCBidXQgaXMgb3V0IG9mIHNjb3BlIGZvciB0 aGlzIFdHLCBhZG9wdGVkIFNXRCBhcyBpdHMgZGlzY292ZXJ5IG1lY2hhbmlzbS48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+VGhl IHByb3Bvc2VkIGNoYXJ0ZXIgcmVmZXJlbmNlcyAmIzgyMTY7T0F1dGggRHluYW1pYyBDbGllbnQg UmVnaXN0cmF0aW9uIFByb3RvY29sJiM4MjE3Oywgd2hpY2ggaW4gdHVybiByZWZlcmVuY2VzIFJG QyA2NDE1IGFzIGl0cyBkaXNjb3ZlcnkgbWVjaGFuaXNtLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD48 cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEu MHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+QW0g SSBtaXNzaW5nIGEgV0cgaXRlbSBvciBwcm9wb3NlZCBkcmFmdCB3aGljaCByZWxpZXMgb24gU1dE IGF0IHRoaXMgdGltZT8gSWYgSSBhbSwgYXJlIHRoZXNlIGRvY3VtZW50cyBpbmNsdWRlZCBpbiB0 aGUgcHJvcG9zZWQgY2hhcnRlciBvciBhcmUgcmVxdWVzdGVkIHRvIGJlIGluY2x1ZGVkIChlLmcu IG5vdCBTV1QgaXRzZWxmIGJ1dCBvdGhlciBkb2N1bWVudHMgd2l0aCBkZXBlbmRlbmNpZXMgb24g aXQpPyBJbiBzdWNoIGRvY3VtZW50cywgaXMgU1dEIGEgcmVxdWlyZWQgY29tcG9uZW50IHdoaWNo IGNhbm5vdCBiZSBzdWJzdGl0dXRlZCB3aXRoIHNvbWV0aGluZyBlbHNlIHN1Y2ggYXMgUkZDIDY0 MTU/PG86cD48L286cD48L3NwYW4+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0n Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9y OiMxRjQ5N0QnPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+ PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5z LXNlcmlmIjtjb2xvcjojMUY0OTdEJz5IZXJlIGlzIGhvdyB0aGlzIHByb2Nlc3Mgc2hvdWxkIHdv cms6PG86cD48L286cD48L3NwYW4+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0n Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9y OiMxRjQ5N0QnPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29MaXN0UGFy YWdyYXBoIHN0eWxlPSd0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEn PjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+PHNwYW4gc3R5bGU9 J21zby1saXN0Oklnbm9yZSc+MS48c3BhbiBzdHlsZT0nZm9udDo3LjBwdCAiVGltZXMgTmV3IFJv bWFuIic+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IDwvc3Bhbj48L3NwYW4+ PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBkaXI9TFRSPjwvc3Bhbj48c3BhbiBzdHlsZT0nZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5 N0QnPlRoZSBXRyBhZ3JlZXMgb24gaW5jbHVkaW5nIGEgZGlzY292ZXJ5IHJlbGF0ZWQgaXRlbSBp biBpdHMgY2hhcnRlci4gVGhlIGR5bmFtaWMgY2xpZW50IHJlZ2lzdHJhdGlvbiBpcyBhIHJlYXNv bmFibGUgc3VjaCBpdGVtLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29MaXN0UGFy YWdyYXBoIHN0eWxlPSd0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEn PjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+PHNwYW4gc3R5bGU9 J21zby1saXN0Oklnbm9yZSc+Mi48c3BhbiBzdHlsZT0nZm9udDo3LjBwdCAiVGltZXMgTmV3IFJv bWFuIic+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IDwvc3Bhbj48L3NwYW4+ PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBkaXI9TFRSPjwvc3Bhbj48c3BhbiBzdHlsZT0nZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5 N0QnPlRoZSBjaGFydGVyIHJlZmVyZW5jZXMgYW4gZXhpc3RpbmcgcHJvcG9zYWwgYXMgZm91bmRh dGlvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTGlzdFBhcmFncmFwaCBzdHls ZT0ndGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0OmwwIGxldmVsMSBsZm8xJz48IVtpZiAhc3Vw cG9ydExpc3RzXT48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2Fs aWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxzcGFuIHN0eWxlPSdtc28tbGlzdDpJ Z25vcmUnPjMuPHNwYW4gc3R5bGU9J2ZvbnQ6Ny4wcHQgIlRpbWVzIE5ldyBSb21hbiInPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyA8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtl bmRpZl0+PHNwYW4gZGlyPUxUUj48L3NwYW4+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz5UaGUgV0cg YmVnaW5zIGRpc2N1c3NpbmcgdGhlIHByb3Bvc2VkIGRyYWZ0ICh3aGljaCBjYW4gaGFwcGVuIGF0 IGFueSB0aW1lIG9uIHRoZSBsaXN0IGFzIGxvbmcgYXMgdGhlIGNoYWlycyBhbGxvdyBpdCkuPG86 cD48L286cD48L3NwYW4+PC9wPjxwIGNsYXNzPU1zb0xpc3RQYXJhZ3JhcGggc3R5bGU9J3RleHQt aW5kZW50Oi0uMjVpbjttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSc+PCFbaWYgIXN1cHBvcnRMaXN0 c10+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJz YW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48c3BhbiBzdHlsZT0nbXNvLWxpc3Q6SWdub3JlJz40 LjxzcGFuIHN0eWxlPSdmb250OjcuMHB0ICJUaW1lcyBOZXcgUm9tYW4iJz4mbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxz cGFuIGRpcj1MVFI+PC9zcGFuPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt aWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+VGhlIFdHIGRpc2N1c3Nl cyBhbnkgcmVxdWlyZWQgZW5hYmxpbmcgdGVjaG5vbG9naWVzLCB0aGVpciBzdWl0YWJpbGl0eSwg bWF0dXJpdHksIGluZHVzdHJ5IHN1cHBvcnQsIGV0Yy4gSW4gdGhlIGNhc2Ugb2YgZHluYW1pYyBy ZWdpc3RyYXRpb24sIEkgZXhwZWN0IHRoZSBXRyB0byBkaXNjdXNzIFNXRCAoYmVjYXVzZSBpdCBp cyB0aGUgdGVjaG5vbG9neSBzZWxlY3RlZCBieSB0aGUgT3BlbklEIHN1YnNldCBvZiB0aGlzIFdH KSwgaG9zdC1tZXRhIChiZWNhdXNlIGl0IGlzIGFuIElFVEYgcHJvcG9zZWQgc3RhbmRhcmQgUkZD KSwgYXMgd2VsbCBhcyBvdGhlciBzb2x1dGlvbnMgKExpbmsgaGVhZGVycywgb3RoZXIgd2VsbC1r bm93biBVUklzLCBldGMuKS4gVGhlIHB1YmxpY2F0aW9uIHN0YXR1cyBvZiB0aGUgcHJvcG9zZWQg dGVjaG5vbG9naWVzIGlzIGFub3RoZXIgZmFjdG9yLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD48cCBj bGFzcz1Nc29MaXN0UGFyYWdyYXBoIHN0eWxlPSd0ZXh0LWluZGVudDotLjI1aW47bXNvLWxpc3Q6 bDAgbGV2ZWwxIGxmbzEnPjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSdmb250LXNp emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3 RCc+PHNwYW4gc3R5bGU9J21zby1saXN0Oklnbm9yZSc+NS48c3BhbiBzdHlsZT0nZm9udDo3LjBw dCAiVGltZXMgTmV3IFJvbWFuIic+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 IDwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBkaXI9TFRSPjwvc3Bhbj48c3Bh biBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2Vy aWYiO2NvbG9yOiMxRjQ5N0QnPklmIGFuIGVuYWJsaW5nIHRlY2hub2xvZ3kgaXMgZGVjaWRlZCB0 byBiZSB0aGUgbW9zdCBzdWl0YWJsZSwgYW5kIGlzIG5vdCBhdmFpbGFibGUgaW4gbm9ybWF0aXZl IHJlZmVyZW5jZSBmb3JtLCB0aGUgV0cgd2lsbCBkaXNjdXNzIHRoZSBiZXN0IHdheSB0byBhY2Nv bXBsaXNoIHRoYXQuIFRoaXMgaW5jbHVkZXMgaWRlbnRpZnlpbmcgdGhlIHJpZ2h0IGNvbW11bml0 eSwgc3RhbmRhcmRzIGJvZHksIHdvcmtpbmcgZ3JvdXAsIGV0Yy4gdGhhdCBpcyBiZXN0IHRvIHRh a2Ugb24gdGhlIHdvcmsuIElmIG5vIHN1aXRhYmxlIHZlbnVlIGlzIGZvdW5kLCB0aGUgV0cgbWF5 IGRlY2lkZSB0byB0YWtlIG9uIHRoZSB3b3JrIHdpdGggdmVyeSBsaW1pdGVkIHNjb3BlIG9ubHkg dG8gZW5hYmxlIGl0cyBvd24gdXNlIGNhc2VzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFz cz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNh bGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+SSBhbSBub3Qg b3Bwb3NlZCB0byBoYXZpbmcgdGhpcyBkaXNjdXNzaW9uLCBidXQgd2h5IGFyZSAqPGI+d2U8L2I+ KiBoYXZpbmcgaXQgKjxiPm5vdzwvYj4qLCBvdGhlciB0aGFuIHRoZSBPcGVuSUQgQ29ubmVjdCBn cm91cCwgd2hpY2ggaGFzIG5vdGhpbmcgdG8gZG8gd2l0aCB0aGlzIFdHLCBpcyBzdHVjayB3aXRo IHRoZSBwcm9ibGVtIG9mIGZpbmRpbmcgYSB2ZW51ZSBmb3IgdGhpcyB3b3JrLCBhbmQgYXJlIGR1 bXBpbmcgaXQgb24gb3VyIGxhcHM/PG86cD48L286cD48L3NwYW4+PC9wPjxwIGNsYXNzPU1zb05v cm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJyaSIs InNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD48 cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p bHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz5JIGRvIG5vdCByZWNhbGwg dGhpcyBXRyBldmVyIGRlY2lkZWQgKG9yIGV2ZW4gKjxiPnByb3Bvc2VkPC9iPiopIHRvIHVzZSBT V0QgZm9yIGFueSBvZiBpdHMgY2hhcnRlcmVkIGl0ZW1zLiBXaGVuIHdlIGhhdmUgdGhpcyBkaXNj dXNzaW9uLCBJIGV4cGVjdCBpdCB0byBpbmNsdWRlIGEgZGV0YWlsZWQgZXhhbWluYXRpb24gb2Yg aG9zdC1tZXRhIGFuZCBvdGhlciBzb2x1dGlvbnMgKjxiPmFzIGVxdWFsPC9iPiogYWx0ZXJuYXRp dmVzLiBUaGUgT3BlbklEIENvbm5lY3QgZ3JvdXAgcHJlZmVyZW5jZSBpcyBhIHZhbGlkIGlucHV0 IGFzIGl0IGNvdmVycyBzb21lIHBvdGVudGlhbCBtYXJrZXQgc2hhcmUgd2l0aCBPQXV0aCBkZXBs b3ltZW50LCBidXQgaXQgaXMgKjxiPmZhcjwvYj4qIGZyb20gYW55IHNpZ25pZmljYW50IGRlcGxv eW1lbnQgd29ydGh5IG9mIGJ5cGFzc2luZyB0aGlzIGV2YWx1YXRpb24uPG86cD48L286cD48L3Nw YW4+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0 OTdEJz5BbSBJIG1pc3Npbmcgc29tZXRoaW5nIGhlcmU/PG86cD48L286cD48L3NwYW4+PC9wPjxw IGNsYXNzPU1zb05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz5FSDxv OnA+PC9vOnA+PC9zcGFuPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0 OTdEJz48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFu IHN0eWxlPSdmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJp ZiI7Y29sb3I6IzFGNDk3RCc+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPjxwIGNsYXNzPU1z b05vcm1hbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseToiQ2FsaWJy aSIsInNhbnMtc2VyaWYiO2NvbG9yOiMxRjQ5N0QnPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD48cCBjbGFzcz1Nc29Ob3JtYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjtjb2xvcjojMUY0OTdEJz48bzpwPiZuYnNwOzwv bzpwPjwvc3Bhbj48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6 MTEuMHB0O2ZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7Y29sb3I6IzFGNDk3RCc+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPjxkaXYgc3R5bGU9J2JvcmRlcjpub25lO2JvcmRl ci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGluZzowaW4gMGluIDBpbiA0LjBwdCc+PGRpdj48 ZGl2IHN0eWxlPSdib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFk ZGluZzozLjBwdCAwaW4gMGluIDBpbic+PHAgY2xhc3M9TXNvTm9ybWFsPjxiPjxzcGFuIHN0eWxl PSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiJUYWhvbWEiLCJzYW5zLXNlcmlmIic+RnJv bTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiJU YWhvbWEiLCJzYW5zLXNlcmlmIic+IFdpbGxpYW0gTWlsbHMgW21haWx0bzp3bWlsbHNAeWFob28t aW5jLmNvbV0gPGJyPjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgTWFyY2ggMjksIDIwMTIgNDoyNiBQ TTxicj48Yj5Ubzo8L2I+IEVyYW4gSGFtbWVyOyBEZXJlayBBdGtpbnM7IHNhYWdAaWV0Zi5vcmc7 IG9hdXRoQGlldGYub3JnPGJyPjxiPlN1YmplY3Q6PC9iPiBSZTogW09BVVRILVdHXSBPQVVUSCBS ZXBvcnQgZm9yIElFVEYtODM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+PC9kaXY+PC9kaXY+PHAgY2xh c3M9TXNvTm9ybWFsPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPjxkaXY+PGRpdj48cCBjbGFzcz1Nc29O b3JtYWwgc3R5bGU9J2JhY2tncm91bmQ6d2hpdGUnPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTQu MHB0O2ZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7Y29sb3I6YmxhY2snPk9uIHRoZSBTV0Qgc3R1 ZmYgdGhlcmUgd2FzIGdlbmVyYWwgZGlzY3Vzc2lvbiBhYm91dCAmcXVvdDtpcyB0aGlzIHRoZSBy aWdodCBwbGFjZT8mcXVvdDssIGFuZCB0aGVyZSAmcXVvdDt3ZXJlIGlzc3VlcyByYWlzZWQmcXVv dDsuJm5ic3A7IFRoZSBxdWVzdGlvbiB3YXMgYWxzbyBhc2tlZCAmcXVvdDt3ZWxsLCB3aGVyZSBp cyB0aGUgcmlnaHQgcGxhY2U/JnF1b3Q7IHdoaWNoIGdvdCBjcmlja2V0cy4mbmJzcDsgSXQgaXMg ZXhhY3RseSBjb21pbmcgYmFjayB0byB0aGUgbGlzdCBmb3IgZGlzY3Vzc2lvbiB0byBzb3J0IG91 dCB0aGUgcmlnaHQgcGxhY2UuPG86cD48L286cD48L3NwYW4+PC9wPjwvZGl2PjxkaXY+PGJsb2Nr cXVvdGUgc3R5bGU9J2JvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICMxMDEwRkYgMS41cHQ7 cGFkZGluZzowaW4gMGluIDBpbiA0LjBwdDttYXJnaW4tbGVmdDozLjc1cHQ7bWFyZ2luLXRvcDoz Ljc1cHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCc+PHAgY2xhc3M9TXNvTm9ybWFsIHN0eWxlPSdiYWNr Z3JvdW5kOndoaXRlJz48c3BhbiBzdHlsZT0nZm9udC1zaXplOjE0LjBwdDtmb250LWZhbWlseToi Q291cmllciBOZXciO2NvbG9yOmJsYWNrJz48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+PGRp dj48ZGl2PjxkaXY+PGRpdiBjbGFzcz1Nc29Ob3JtYWwgYWxpZ249Y2VudGVyIHN0eWxlPSd0ZXh0 LWFsaWduOmNlbnRlcjtiYWNrZ3JvdW5kOndoaXRlJz48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEw LjBwdDtmb250LWZhbWlseToiQXJpYWwiLCJzYW5zLXNlcmlmIjtjb2xvcjpibGFjayc+PGhyIHNp emU9MSB3aWR0aD0iMTAwJSIgYWxpZ249Y2VudGVyPjwvc3Bhbj48L2Rpdj48cCBjbGFzcz1Nc29O b3JtYWwgc3R5bGU9J2JhY2tncm91bmQ6d2hpdGUnPjxiPjxzcGFuIHN0eWxlPSdmb250LXNpemU6 MTAuMHB0O2ZvbnQtZmFtaWx5OiJBcmlhbCIsInNhbnMtc2VyaWYiO2NvbG9yOmJsYWNrJz5Gcm9t Ojwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6IkFy aWFsIiwic2Fucy1zZXJpZiI7Y29sb3I6YmxhY2snPiBFcmFuIEhhbW1lciAmbHQ7PGEgaHJlZj0i bWFpbHRvOmVyYW5AaHVlbml2ZXJzZS5jb20iPmVyYW5AaHVlbml2ZXJzZS5jb208L2E+Jmd0Ozxi cj48Yj5Ubzo8L2I+IERlcmVrIEF0a2lucyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRlcmVrQGlodGZw LmNvbSI+ZGVyZWtAaWh0ZnAuY29tPC9hPiZndDs7ICZxdW90OzxhIGhyZWY9Im1haWx0bzpzYWFn QGlldGYub3JnIj5zYWFnQGlldGYub3JnPC9hPiZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNh YWdAaWV0Zi5vcmciPnNhYWdAaWV0Zi5vcmc8L2E+Jmd0OzsgJnF1b3Q7PGEgaHJlZj0ibWFpbHRv Om9hdXRoQGlldGYub3JnIj5vYXV0aEBpZXRmLm9yZzwvYT4mcXVvdDsgJmx0OzxhIGhyZWY9Im1h aWx0bzpvYXV0aEBpZXRmLm9yZyI+b2F1dGhAaWV0Zi5vcmc8L2E+Jmd0OyA8YnI+PGI+U2VudDo8 L2I+IFRodXJzZGF5LCBNYXJjaCAyOSwgMjAxMiA4OjQ0IEFNPGJyPjxiPlN1YmplY3Q6PC9iPiBS ZTogW09BVVRILVdHXSBPQVVUSCBSZXBvcnQgZm9yIElFVEYtODM8L3NwYW4+PHNwYW4gc3R5bGU9 J2NvbG9yOmJsYWNrJz48bzpwPjwvbzpwPjwvc3Bhbj48L3A+PC9kaXY+PHAgY2xhc3M9TXNvTm9y bWFsIHN0eWxlPSdtYXJnaW4tYm90dG9tOjEyLjBwdDtiYWNrZ3JvdW5kOndoaXRlJz48c3BhbiBz dHlsZT0nY29sb3I6YmxhY2snPjxicj5IaSBEZXJlayw8YnI+PGJyPlRoYW5rcyBmb3IgdGhlIG5v dGVzLiBJcyBhbiBhdWRpbyByZWNvcmRpbmcgYXZhaWxhYmxlPzxicj48YnI+Jmd0OyAtLS0tLU9y aWdpbmFsIE1lc3NhZ2UtLS0tLTxicj4mZ3Q7IEZyb206IDxhIGhyZWY9Im1haWx0bzpvYXV0aC1i b3VuY2VzQGlldGYub3JnIj5vYXV0aC1ib3VuY2VzQGlldGYub3JnPC9hPiBbbWFpbHRvOjxhIGhy ZWY9Im1haWx0bzpvYXV0aC1ib3VuY2VzQGlldGYub3JnIj5vYXV0aC1ib3VuY2VzQGlldGYub3Jn PC9hPl0gT24gQmVoYWxmPGJyPiZndDsgT2YgRGVyZWsgQXRraW5zPGJyPiZndDsgU2VudDogVGh1 cnNkYXksIE1hcmNoIDI5LCAyMDEyIDg6MjcgQU08YnI+Jmd0OyBUbzogPGEgaHJlZj0ibWFpbHRv OnNhYWdAaWV0Zi5vcmciPnNhYWdAaWV0Zi5vcmc8L2E+OyA8YSBocmVmPSJtYWlsdG86b2F1dGhA aWV0Zi5vcmciPm9hdXRoQGlldGYub3JnPC9hPjxicj4mZ3Q7IFN1YmplY3Q6IFtPQVVUSC1XR10g T0FVVEggUmVwb3J0IGZvciBJRVRGLTgzPGJyPiZndDsgPGJyPiZndDsgSGksPGJyPiZndDsgPGJy PiZndDsgT0FVVEggbWV0IGVhcmxpZXIgdGhpcyBhZnRlcm5vb24gaW4gQWZ0ZXJub29uIFNlc3Np b24gSSBhdCAxM2gwMCBmb3IgYSB0d288YnI+Jmd0OyBob3VyIHNlc3Npb24uJm5ic3A7IEFmdGVy IGludHJvZHVjaW5nIG91cnNlbHZlcyBhbmQgd2VsY29taW5nIG1lIHRvIHRoZSB3b3JraW5nPGJy PiZndDsgZ3JvdXAgd2UgdGhhbmtlZCBCYXJyeSBhbmQgQmxhaW5lIGZvciB0aGVpciBzZXJ2aWNl Ljxicj4mZ3Q7IDxicj4mZ3Q7IFRvcnN0ZW4gc3Bva2UgYWJvdXQgZHJhZnQtaWV0Zi1vYXV0aC12 Mi10aHJlYXRtb2RlbC4mbmJzcDsgVGhpcyBkb2N1bWVudCBoYXM8YnI+Jmd0OyBjb21wbGV0ZWQg V0cgTGFzdCBDYWxsLiZuYnNwOyBUb3JzdGVuIGhhcyBhcHBsaWVkIGNoYW5nZXMgYmFzZWQgb24g dGhlIExhc3QgQ2FsbDxicj4mZ3Q7IENvbW1lbnRzIGFuZCBoYXMgcHVibGlzaGVkIGEgbmV3IHJl dmlzaW9uLiZuYnNwOyBCYXJyeSBwcm9taXNlZCB0byBmaW5pc2ggaGlzPGJyPiZndDsgUFJPVE8g U2hlcGFyZCByZXZpZXcgbmV4dCB3ZWVrIHNvIHdlIGNhbiBzZW5kIHRoaXMgZG9jdW1lbnQgdG8g dGhlPGJyPiZndDsgSUVTRy4mbmJzcDsgSGUgcHJvbWlzZXMgdG8gdGFrZSBNaWtlIFRob21hcycg aXNzdWVzIGZyb20gdGhlIGxpc3QgaW50byBhY2NvdW50IGFuZDxicj4mZ3Q7IG1ha2Ugc3VyZSB0 aGF0IGV2ZXJ5b25lIGlzIGhhcHB5Ljxicj4mZ3Q7IDxicj4mZ3Q7IFsgSSdkIGxpa2UgdG8gZXh0 ZW5kIGEgcGVyc29uYWwgdGhhbmsgeW91IHRvIEJhcnJ5IGZvciBjb250aW51aW5nIGhpcyByb2xl PGJyPiZndDsmbmJzcDsgYXMgZG9jdW1lbnQgc2hlcGhhcmQgZm9yIHRoaXMgZHJhZnQuJm5ic3A7 IC0tIGRlcmVrIF08YnI+Jmd0OyA8YnI+Jmd0OyBOZXh0LCBNaWtlIEpvbmVzIHNwb2tlIGFib3V0 IHRoZSBBc3NlcnRpb25zLCBTQU1MMiBCZWFyZXIsIGFuZCBVUk4tU3ViLTxicj4mZ3Q7IE5TIGRy YWZ0cy4mbmJzcDsgRXhjZXB0IGZvciBvbmUgb3V0c3RhbmRpbmcgaXNzdWUgTWlrZSBiZWxpZXZl cyB0aGVzZSBkb2N1bWVudHM8YnI+Jmd0OyBhcmUgcmVhZHkgZm9yIFdHTEMuJm5ic3A7IENvbnNl bnN1cyBpbiB0aGUgcm9vbSB3YXMgdG8gdGFrZSB0aGVzZSB0aHJlZSBkb2NzIHRvPGJyPiZndDsg V0dMQywgd2hpY2ggdGhlIGNoYWlycyB3aWxsIGRvIGJ5IHRoZSBlbmQgb2YgbmV4dCB3ZWVrLjxi cj4mZ3Q7IDxicj4mZ3Q7IFRoZSBNQUMgVG9rZW4gZHJhZnQgaGFzIGxhbmd1aXNoZWQgd2hpbGUg dGltZSB3YXMgc3BlbnQgd29ya2luZyBvbiB0aGU8YnI+Jmd0OyBjb3JlIGRvY3VtZW50LiZuYnNw OyBFcmFuIHdhcyBub3QgaGVyZSwgbm9yIHdhcyBoZSBvbmxpbmUsIHRvIHRhbGsgYWJvdXQgdGhl PGJyPiZndDsgc3RhdHVzIG9mIHRoZSBNQUMgVG9rZW4gZHJhZnQuJm5ic3A7IFRoZXJlIHdlcmUg b25seSBhIGZldyBwZW9wbGUgaW4gdGhlIHJvb208YnI+Jmd0OyBpbnRlcmVzdGVkIGluIHJldmll d2luZyB0aGUgZHJhZnQsIHdoaWNoIHdhcyBub3QgYSBjbGVhciBjb25zZW5zdXMgb2Y8YnI+Jmd0 OyBpbnRlcmVzdCwgZXZlbiB0aG91Z2ggdGhpcyBkb2N1bWVudCBkb2VzIHNvbHZlIGEgcHJvYmxl bSB0aGF0IHRoZSBiZWFyZXI8YnI+Jmd0OyB0b2tlbnMgY2Fubm90LiZuYnNwOyBUaGUgY2hhaXJz IHdpbGwgdGFrZSBpdCB0byB0aGUgbGlzdCB0byBldmFsdWF0ZSBpZiB0aGVyZSBpcyBlbm91Z2g8 YnI+Jmd0OyBpbnRlcmVzdCB0byBjb250aW51ZSB3aXRoIHRoaXMgZG9jdW1lbnQuPGJyPjxicj5B cyBJJ3ZlIHVwZGF0ZWQgdGhlIGxpc3QgYW5kIGNoYWlycyBvbiBtdWx0aXBsZSBvY2Nhc2lvbnMs IHRoZSBkcmFmdCBpcyBwcmFjdGljYWxseSByZWFkeS4gVGhlcmUgd2FzIHNvbWUgbGF0ZSBhcnJp dmluZyBmZWVkYmFjayB3aGljaCBJIGRpZCBub3QgZ2V0IGFyb3VuZCB0byBwcm9jZXNzLiBIb3dl dmVyLCB0aGUgbWFpbiBpc3N1ZSBpcyBsYWNrIG9mIFdHIGludGVyZXN0IGluIHRoaXMgd29yay4g SSBhbSBzdGlsbCBwbGFubmluZyB0byBmaW5pc2ggaXQgYnkgbWFraW5nIHZlcnkgbWlub3IgdHdl YWtzIHRvIHRoZSBjdXJyZW50IGRyYWZ0LCBidXQgd291bGQgYmUgdmVyeSBoYXBweSB0byBtYWtl IGl0IGFuIGluZGl2aWR1YWwgc3VibWlzc2lvbi48YnI+PGJyPlRoZSBNQUMgZHJhZnQgaGFzIGxh cmdlbHkgYmVlbiBteSBwZXJzb25hbCBwcm9qZWN0IHRvIGRhdGUuPGJyPjxicj4mZ3Q7IEluIGEg cmVsYXRlZCBub3RlLCB0aGlzIGRvY3VtZW50IChhcyB3ZWxsIGFzIHRoZSB2Mi1iZWFyZXIgZG9j dW1lbnQpIGlzIG5vdDxicj4mZ3Q7IGF2YWlsYWJsZSBvZmYgdGhlIHRvb2xzIHBhZ2UgZXZlbiB0 aG91Z2ggaXQgaGFzIG5vdCBleHBpcmVkLiZuYnNwOyBJIGhhdmUgdGFrZW4gdGhlPGJyPiZndDsg YWN0aW9uIGl0ZW0gdG8gZ2V0IHRoYXQgc29ydGVkIG91dC48YnI+Jmd0OyA8YnI+Jmd0OyBGaW5h bGx5LCB3ZSBzcGVudCB0aGUgbWFqb3JpdHkgb2Ygb3VyIHRpbWUgdGFsa2luZyBhYm91dCByZWNo YXJ0ZXJpbmcgYmFzZWQgb248YnI+Jmd0OyB0aGUgcHJvcG9zZWQgY2hhcnRlciBzZW50IHRvIHRo ZSBsaXN0IGJ5IEhhbm5lcyBhIHdlZWsgb3IgdHdvIGFnby48YnI+Jmd0OyBDb25zZW5zdXMgb2Yg dGhlIHJvb20gd2FzIHRoYXQgdGhlcmUgd2FzIGVub3VnaCBpbnRlcmVzdCB0byByZWNoYXJ0ZXI8 YnI+Jmd0OyBiYXNlZCByb3VnaGx5IG9uIHRoZSBwcm9wb3NlZCBjaGFydGVyLiZuYnNwOyBUaGVy ZSB3YXMgYWxzbyBjb25zZW5zdXMgdG8gaW5jbHVkZTxicj4mZ3Q7IFNpbXBsZSBXZWIgRGlzY292 ZXJ5IChpbiBhZGRpdGlvbiB0bywgYW5kIHNlcGFyYXRlIGZyb20sIER5bmFtaWMgQ2xpZW50PGJy PiZndDsgUmVnaXN0cmF0aW9uKSwgYWx0aG91Z2ggd2Ugd2lsbCBuZWVkIHRvIHdvcmsgd2l0aCB0 aGUgQURzIHRvIG1ha2Ugc3VyZSBpdDxicj4mZ3Q7IGdldHMgaGFuZGxlZCBpbiB0aGUgYXBwcm9w cmlhdGUgV0cgYW5kIEFyZWEuPGJyPiZndDsgTW9yZW92ZXIsIGl0J3MgaW1wb3J0YW50IHRvIG1h a2Ugc3VyZSB0aGUgYXBwcm9wcmlhdGUgYXBwbGljYXRpb25zIGFyZWE8YnI+Jmd0OyBwYXJ0aWNp cGFudHMgZ2V0IGludm9sdmVkIGluIHRoZSBTV0Qgd29yay48YnI+PGJyPlRoZXJlIGlzIHNvbWV0 aGluZyB2ZXJ5IGF3a3dhcmQgYWJvdXQgZGlzY3Vzc2luZyBTV0QgYm90aCBpbiB0aGUgY29udGV4 dCBvZiB0aGlzIHdvcmtpbmcgZ3JvdXAsIGFuZCBpbiB0aGUgY29udGV4dCBvZiBmdXR1cmUgT0F1 dGggZGlzY292ZXJ5IHdvcmsuIFRoZSBpZGVhIG9mIHBpY2tpbmcgYSBkaXNjb3ZlcnkgbWVjaGFu aXNtIGJlZm9yZSB0aGUgV0cgaGFkIGEgc2luZ2xlIGRpc2N1c3Npb24gYWJvdXQgd2hhdCBpcyBp bmNsdWRlZCBpbiBkaXNjb3ZlcnkgYW5kIHdoYXQgYXJlIHRoZSB1c2UgY2FzZXMgYW5kIHJlcXVp cmVtZW50IGlzIGFic3VyZC48YnI+PGJyPlRoZXJlIGhhcyBub3QgYmVlbiBjb25zZW5zdXMgb24g dGhlIGxpc3QgZm9yIGluY2x1ZGluZyBTV0QgaW4gdGhlIFdHIGNoYXJ0ZXIuPGJyPjxicj5UaGUg b25seSBqdXN0aWZpY2F0aW9uIEkgaGF2ZSBoZWFyZCBzbyBmYXIgZm9yIHRoaXMgV0cgdG8gYmUg dGhlIFNXRCB2ZW51ZSBpcyB0aGF0IGl0J3MgZWFzeSBiZWNhdXNlIHRoZSBhdXRob3IgYW5kIGEg ZmV3IG90aGVyIHBlb3BsZSBpbnRlcmVzdGVkIGFyZSBhbHJlYWR5IGhlcmUuIFRoYXQncyBub3Qg YSB2YWxpZCByZWFzb24uPGJyPjxicj5BbnkgZnVydGhlciB3b3JrIG9uIFNXRCBhbHNvIHJlcXVp cmVzIHRoZSBJRVRGIHRvIHZpZXcgaXQgaW4gbGlnaHQgb2YgUkZDIDY0MTUgKGhvc3QtbWV0YSkg d2hpY2ggaXMgYSBwcm9wb3NlZCBzdGFuZGFyZCBhcHByb3ZlZCBpbiBPY3RvYmVyIDIwMTEuIFRo ZSBJRVRGIGlzIG5vdCBpbiB0aGUgJ2ZsYXZvciBvZiB0aGUgbW9udGgnIGJ1c2luZXNzLiBQcm9w ZXIgcHJvY2VzcyByZXF1aXJlcyBkaXNjdXNzaW9uIGFib3V0IHRoZSBtZXJpdHMgb2YgcmVkb2lu ZyB0aGUgaG9zdC1tZXRhIHdvcmsgZnJvbSBzY3JhdGNoIGluIGEgbm9uLWNvbXBhdGlibGUgd2F5 IGp1c3QgYmVjYXVzZSBhIGhhbmRmdWwgb2YgcGVvcGxlICdsaWtlIGl0IGJldHRlcicgd2l0aCBs aXR0bGUgdGVjaG5pY2FsIGp1c3RpZmljYXRpb24uPGJyPjxicj5FaXRoZXIgd2F5LCB0aGlzIGRp c2N1c3Npb24gZG9lcyBub3QgYmVsb25nIGhlcmUuPGJyPjxicj5FSDxicj48YnI+X19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnI+T0F1dGggbWFpbGluZyBs aXN0PGJyPjxhIGhyZWY9Im1haWx0bzpPQXV0aEBpZXRmLm9yZyI+T0F1dGhAaWV0Zi5vcmc8L2E+ PGJyPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vb2F1dGgi IHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL29h dXRoPC9hPjxicj48YnI+PG86cD48L286cD48L3NwYW4+PC9wPjwvZGl2PjwvZGl2PjwvYmxvY2tx dW90ZT48L2Rpdj48L2Rpdj48L2Rpdj48L2Rpdj48L2JvZHk+PC9odG1sPg== ------=_Part_2_1333088086778-- From derek@ihtfp.com Thu Mar 29 23:22:42 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9F0E21E8037; Thu, 29 Mar 2012 23:22:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -100.915 X-Spam-Level: X-Spam-Status: No, score=-100.915 tagged_above=-999 required=5 tests=[AWL=-0.536, BAYES_00=-2.599, FROM_EXCESS_BASE64=1.456, HELO_MISMATCH_ORG=0.611, HTML_MESSAGE=0.001, SARE_SUB_ENC_UTF8=0.152, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9qso9q8luq1; Thu, 29 Mar 2012 23:22:42 -0700 (PDT) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id B99F521E802D; Thu, 29 Mar 2012 23:22:41 -0700 (PDT) Received: from [130.129.65.222] (dhcp-41de.meeting.ietf.org [130.129.65.222]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mail2.ihtfp.org (Postfix) with ESMTPSA id 270AD260268; Fri, 30 Mar 2012 02:22:40 -0400 (EDT) To: "=?utf-8?B?V2lsbGlhbSBNaWxscw==?=" , "=?utf-8?B?RXJhbiBIYW1tZXI=?=" , "=?utf-8?B?c2FhZ0BpZXRmLm9yZw==?=" , "=?utf-8?B?b2F1dGhAaWV0Zi5vcmc=?=" From: "=?utf-8?B?RGVyZWsgQXRraW5z?=" Date: Fri, 30 Mar 2012 08:22:45 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_3_1333088565926" Message-Id: <20120330062241.B99F521E802D@ietfa.amsl.com> Subject: Re: [saag] =?utf-8?q?=5BOAUTH-WG=5D_OAUTH_Report_for_IETF-83?= X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 06:22:43 -0000 ------=_Part_3_1333088565926 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Content-Disposition: inline Q29ycmVjdC4KClNXRCBtYXkgb3IgbWF5IG5vdCBoYXBwZW4gaW4gdGhpcyBncm91cC4gVGhlIGlt cG9ydGFudCBwYXJ0IGlzIGdldHRpbmcgdGhlIHJpZ2h0IHBlb3BsZSBpbiB0aGUgc2FtZSByb29t IHRvIHdvcmsgb24gaXQuICBJZiB0aGF0IGlzIGhlcmUsIGdyZWF0LiBJZiB0aGF0IGlzIGluIGl0 cyBvd24gZ3JvdXAsIHRoYXQncyBncmVhdCB0b28uICBJZiBpdCB3b24ndCBoYXBwZW4gaW4gYW5v dGhlciBncm91cCBhbmQgaWYgcGVvcGxlIGhlcmUgYXJlIHdhbnRpbmcgaXQsIHRoZW4gdGhhdCB3 b3VsZCBpbXBseSB0aGlzIGlzIHRoZSByaWdodCBwbGFjZS4KCldlIGNhbiBkaXNjdXNzIHdoZXRo ZXIgU1dEIGlzIG5lZWRlZCwgYnV0IHRoZXJlIHdhcyBjZXJ0YWlubHkgaW50ZXJlc3QgaW4gdGhl IFdHIG1lZXRpbmcgeWVzdGVyZGF5LgoKLWRlcmVrCgpTZW50IGZyb20gbXkgSFRDIG9uIHRoZSBO b3cgTmV0d29yayBmcm9tIFNwcmludCEKCi0tLS0tIFJlcGx5IG1lc3NhZ2UgLS0tLS0KRnJvbTog IldpbGxpYW0gTWlsbHMiIDx3bWlsbHNAeWFob28taW5jLmNvbT4KRGF0ZTogRnJpLCBNYXIgMzAs IDIwMTIgMToyNiBhbQpTdWJqZWN0OiBbT0FVVEgtV0ddIE9BVVRIIFJlcG9ydCBmb3IgSUVURi04 MwpUbzogIkVyYW4gSGFtbWVyIiA8ZXJhbkBodWVuaXZlcnNlLmNvbT4sICJEZXJlayBBdGtpbnMi IDxkZXJla0BpaHRmcC5jb20+LCAic2FhZ0BpZXRmLm9yZyIgPHNhYWdAaWV0Zi5vcmc+LCAib2F1 dGhAaWV0Zi5vcmciIDxvYXV0aEBpZXRmLm9yZz4KCg== ------=_Part_3_1333088565926 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 Content-Disposition: inline PGh0bWw+PGJvZHk+Q29ycmVjdC48YnI+PGJyPlNXRCBtYXkgb3IgbWF5IG5vdCBoYXBwZW4gaW4g dGhpcyBncm91cC4gVGhlIGltcG9ydGFudCBwYXJ0IGlzIGdldHRpbmcgdGhlIHJpZ2h0IHBlb3Bs ZSBpbiB0aGUgc2FtZSByb29tIHRvIHdvcmsgb24gaXQuICZuYnNwO0lmIHRoYXQgaXMgaGVyZSwg Z3JlYXQuIElmIHRoYXQgaXMgaW4gaXRzIG93biBncm91cCwgdGhhdCYjMzk7cyBncmVhdCB0b28u ICZuYnNwO0lmIGl0IHdvbiYjMzk7dCBoYXBwZW4gaW4gYW5vdGhlciBncm91cCBhbmQgaWYgcGVv cGxlIGhlcmUgYXJlIHdhbnRpbmcgaXQsIHRoZW4gdGhhdCB3b3VsZCBpbXBseSB0aGlzIGlzIHRo ZSByaWdodCBwbGFjZS48YnI+PGJyPldlIGNhbiBkaXNjdXNzIHdoZXRoZXIgU1dEIGlzIG5lZWRl ZCwgYnV0IHRoZXJlIHdhcyBjZXJ0YWlubHkgaW50ZXJlc3QgaW4gdGhlIFdHIG1lZXRpbmcgeWVz dGVyZGF5Ljxicj48YnI+LWRlcmVrPGJyPjxicj5TZW50IGZyb20gbXkgSFRDIG9uIHRoZSBOb3cg TmV0d29yayBmcm9tIFNwcmludCE8YnI+PGJyPjxkaXYgaWQ9Imh0Y19oZWFkZXIiIHN0eWxlPSIi Pi0tLS0tIFJlcGx5IG1lc3NhZ2UgLS0tLS08YnI+RnJvbTogJnF1b3Q7V2lsbGlhbSBNaWxscyZx dW90OyAmbHQ7d21pbGxzQHlhaG9vLWluYy5jb20mZ3Q7PGJyPkRhdGU6IEZyaSwgTWFyIDMwLCAy MDEyIDE6MjYgYW08YnI+U3ViamVjdDogW09BVVRILVdHXSBPQVVUSCBSZXBvcnQgZm9yIElFVEYt ODM8YnI+VG86ICZxdW90O0VyYW4gSGFtbWVyJnF1b3Q7ICZsdDtlcmFuQGh1ZW5pdmVyc2UuY29t Jmd0OywgJnF1b3Q7RGVyZWsgQXRraW5zJnF1b3Q7ICZsdDtkZXJla0BpaHRmcC5jb20mZ3Q7LCAm cXVvdDtzYWFnQGlldGYub3JnJnF1b3Q7ICZsdDtzYWFnQGlldGYub3JnJmd0OywgJnF1b3Q7b2F1 dGhAaWV0Zi5vcmcmcXVvdDsgJmx0O29hdXRoQGlldGYub3JnJmd0Ozxicj48YnI+PC9kaXY+PGRp diBzdHlsZT0iY29sb3I6IzAwMDsgYmFja2dyb3VuZC1jb2xvcjojZmZmOyBmb250LWZhbWlseTpD b3VyaWVyIE5ldywgY291cmllciwgbW9uYWNvLCBtb25vc3BhY2UsIHNhbnMtc2VyaWY7Zm9udC1z aXplOjE0cHQiPjxkaXY+PHNwYW4+T24gdGhlIFNXRCBzdHVmZiB0aGVyZSB3YXMgZ2VuZXJhbCBk aXNjdXNzaW9uIGFib3V0ICJpcyB0aGlzIHRoZSByaWdodCBwbGFjZT8iLCBhbmQgdGhlcmUgIndl cmUgaXNzdWVzIHJhaXNlZCIuJm5ic3A7IFRoZSBxdWVzdGlvbiB3YXMgYWxzbyBhc2tlZCAid2Vs bCwgd2hlcmUgaXMgdGhlIHJpZ2h0IHBsYWNlPyIgd2hpY2ggZ290IGNyaWNrZXRzLiZuYnNwOyBJ dCBpcyBleGFjdGx5IGNvbWluZyBiYWNrIHRvIHRoZSBsaXN0IGZvciBkaXNjdXNzaW9uIHRvIHNv cnQgb3V0IHRoZSByaWdodCBwbGFjZS48YnI+PC9zcGFuPjwvZGl2PjxkaXY+PGJyPjxibG9ja3F1 b3RlIHN0eWxlPSJib3JkZXItbGVmdDogMnB4IHNvbGlkIHJnYigxNiwgMTYsIDI1NSk7IG1hcmdp bi1sZWZ0OiA1cHg7IG1hcmdpbi10b3A6IDVweDsgcGFkZGluZy1sZWZ0OiA1cHg7Ij4gIDxkaXYg c3R5bGU9ImZvbnQtZmFtaWx5OiBDb3VyaWVyIE5ldywgY291cmllciwgbW9uYWNvLCBtb25vc3Bh Y2UsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTRwdDsiPiA8ZGl2IHN0eWxlPSJmb250LWZhbWls eTogdGltZXMgbmV3IHJvbWFuLCBuZXcgeW9yaywgdGltZXMsIHNlcmlmOyBmb250LXNpemU6IDEy cHQ7Ij4gPGRpdiBkaXI9Imx0ciI+IDxmb250IGZhY2U9IkFyaWFsIiBzaXplPSIyIj4gPGhyIHNp emU9IjEiPiAgPGI+PHNwYW4gc3R5bGU9ImZvbnQtd2VpZ2h0OmJvbGQ7Ij5Gcm9tOjwvc3Bhbj48 L2I+IEVyYW4gSGFtbWVyICZsdDtlcmFuQGh1ZW5pdmVyc2UuY29tJmd0Ozxicj4gPGI+PHNwYW4g c3R5bGU9ImZvbnQtd2VpZ2h0OiBib2xkOyI+VG86PC9zcGFuPjwvYj4KIERlcmVrIEF0a2lucyAm bHQ7ZGVyZWtAaWh0ZnAuY29tJmd0OzsgInNhYWdAaWV0Zi5vcmciICZsdDtzYWFnQGlldGYub3Jn Jmd0OzsgIm9hdXRoQGlldGYub3JnIiAmbHQ7b2F1dGhAaWV0Zi5vcmcmZ3Q7IDxicj4gPGI+PHNw YW4gc3R5bGU9ImZvbnQtd2VpZ2h0OiBib2xkOyI+U2VudDo8L3NwYW4+PC9iPiBUaHVyc2RheSwg TWFyY2ggMjksIDIwMTIgODo0NCBBTTxicj4gPGI+PHNwYW4gc3R5bGU9ImZvbnQtd2VpZ2h0OiBi b2xkOyI+U3ViamVjdDo8L3NwYW4+PC9iPiBSZTogW09BVVRILVdHXSBPQVVUSCBSZXBvcnQgZm9y IElFVEYtODM8YnI+IDwvZm9udD4gPC9kaXY+IDxicj4KSGkgRGVyZWssPGJyPjxicj5UaGFua3Mg Zm9yIHRoZSBub3Rlcy4gSXMgYW4gYXVkaW8gcmVjb3JkaW5nIGF2YWlsYWJsZT88YnI+PGJyPiZn dDsgLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnI+Jmd0OyBGcm9tOiA8YSB5bWFpbHRvPSJt YWlsdG86b2F1dGgtYm91bmNlc0BpZXRmLm9yZyIgaHJlZj0ibWFpbHRvOm9hdXRoLWJvdW5jZXNA aWV0Zi5vcmciPm9hdXRoLWJvdW5jZXNAaWV0Zi5vcmc8L2E+IFttYWlsdG86PGEgeW1haWx0bz0i bWFpbHRvOm9hdXRoLWJvdW5jZXNAaWV0Zi5vcmciIGhyZWY9Im1haWx0bzpvYXV0aC1ib3VuY2Vz QGlldGYub3JnIj5vYXV0aC1ib3VuY2VzQGlldGYub3JnPC9hPl0gT24gQmVoYWxmPGJyPiZndDsg T2YgRGVyZWsgQXRraW5zPGJyPiZndDsgU2VudDogVGh1cnNkYXksIE1hcmNoIDI5LCAyMDEyIDg6 MjcgQU08YnI+Jmd0OyBUbzogPGEgeW1haWx0bz0ibWFpbHRvOnNhYWdAaWV0Zi5vcmciIGhyZWY9 Im1haWx0bzpzYWFnQGlldGYub3JnIj5zYWFnQGlldGYub3JnPC9hPjsgPGEgeW1haWx0bz0ibWFp bHRvOm9hdXRoQGlldGYub3JnIiBocmVmPSJtYWlsdG86b2F1dGhAaWV0Zi5vcmciPm9hdXRoQGll dGYub3JnPC9hPjxicj4mZ3Q7IFN1YmplY3Q6IFtPQVVUSC1XR10gT0FVVEggUmVwb3J0IGZvciBJ RVRGLTgzPGJyPiZndDsgPGJyPiZndDsgSGksPGJyPiZndDsgPGJyPiZndDsgT0FVVEggbWV0IGVh cmxpZXIgdGhpcyBhZnRlcm5vb24gaW4gQWZ0ZXJub29uIFNlc3Npb24gSSBhdCAxM2gwMCBmb3Ig YSB0d288YnI+Jmd0OyBob3VyIHNlc3Npb24uJm5ic3A7IEFmdGVyIGludHJvZHVjaW5nIG91cnNl bHZlcyBhbmQgd2VsY29taW5nIG1lIHRvIHRoZSB3b3JraW5nPGJyPiZndDsgZ3JvdXAgd2UgdGhh bmtlZCBCYXJyeSBhbmQgQmxhaW5lIGZvciB0aGVpciBzZXJ2aWNlLjxicj4mZ3Q7IDxicj4mZ3Q7 IFRvcnN0ZW4gc3Bva2UgYWJvdXQKIGRyYWZ0LWlldGYtb2F1dGgtdjItdGhyZWF0bW9kZWwuJm5i c3A7IFRoaXMgZG9jdW1lbnQgaGFzPGJyPiZndDsgY29tcGxldGVkIFdHIExhc3QgQ2FsbC4mbmJz cDsgVG9yc3RlbiBoYXMgYXBwbGllZCBjaGFuZ2VzIGJhc2VkIG9uIHRoZSBMYXN0IENhbGw8YnI+ Jmd0OyBDb21tZW50cyBhbmQgaGFzIHB1Ymxpc2hlZCBhIG5ldyByZXZpc2lvbi4mbmJzcDsgQmFy cnkgcHJvbWlzZWQgdG8gZmluaXNoIGhpczxicj4mZ3Q7IFBST1RPIFNoZXBhcmQgcmV2aWV3IG5l eHQgd2VlayBzbyB3ZSBjYW4gc2VuZCB0aGlzIGRvY3VtZW50IHRvIHRoZTxicj4mZ3Q7IElFU0cu Jm5ic3A7IEhlIHByb21pc2VzIHRvIHRha2UgTWlrZSBUaG9tYXMnIGlzc3VlcyBmcm9tIHRoZSBs aXN0IGludG8gYWNjb3VudCBhbmQ8YnI+Jmd0OyBtYWtlIHN1cmUgdGhhdCBldmVyeW9uZSBpcyBo YXBweS48YnI+Jmd0OyA8YnI+Jmd0OyBbIEknZCBsaWtlIHRvIGV4dGVuZCBhIHBlcnNvbmFsIHRo YW5rIHlvdSB0byBCYXJyeSBmb3IgY29udGludWluZyBoaXMgcm9sZTxicj4mZ3Q7Jm5ic3A7ICBh cyBkb2N1bWVudCBzaGVwaGFyZCBmb3IgdGhpcyBkcmFmdC4mbmJzcDsgLS0gZGVyZWsgXTxicj4m Z3Q7IDxicj4mZ3Q7IE5leHQsIE1pa2UgSm9uZXMgc3Bva2UgYWJvdXQgdGhlIEFzc2VydGlvbnMs IFNBTUwyIEJlYXJlciwgYW5kIFVSTi1TdWItPGJyPiZndDsgTlMgZHJhZnRzLiZuYnNwOyBFeGNl cHQgZm9yIG9uZSBvdXRzdGFuZGluZyBpc3N1ZSBNaWtlIGJlbGlldmVzIHRoZXNlIGRvY3VtZW50 czxicj4mZ3Q7IGFyZSByZWFkeSBmb3IgV0dMQy4mbmJzcDsgQ29uc2Vuc3VzIGluIHRoZSByb29t IHdhcyB0byB0YWtlIHRoZXNlIHRocmVlIGRvY3MgdG88YnI+Jmd0OyBXR0xDLCB3aGljaCB0aGUg Y2hhaXJzIHdpbGwgZG8gYnkgdGhlIGVuZCBvZiBuZXh0IHdlZWsuPGJyPiZndDsgPGJyPiZndDsg VGhlIE1BQyBUb2tlbiBkcmFmdAogaGFzIGxhbmd1aXNoZWQgd2hpbGUgdGltZSB3YXMgc3BlbnQg d29ya2luZyBvbiB0aGU8YnI+Jmd0OyBjb3JlIGRvY3VtZW50LiZuYnNwOyBFcmFuIHdhcyBub3Qg aGVyZSwgbm9yIHdhcyBoZSBvbmxpbmUsIHRvIHRhbGsgYWJvdXQgdGhlPGJyPiZndDsgc3RhdHVz IG9mIHRoZSBNQUMgVG9rZW4gZHJhZnQuJm5ic3A7IFRoZXJlIHdlcmUgb25seSBhIGZldyBwZW9w bGUgaW4gdGhlIHJvb208YnI+Jmd0OyBpbnRlcmVzdGVkIGluIHJldmlld2luZyB0aGUgZHJhZnQs IHdoaWNoIHdhcyBub3QgYSBjbGVhciBjb25zZW5zdXMgb2Y8YnI+Jmd0OyBpbnRlcmVzdCwgZXZl biB0aG91Z2ggdGhpcyBkb2N1bWVudCBkb2VzIHNvbHZlIGEgcHJvYmxlbSB0aGF0IHRoZSBiZWFy ZXI8YnI+Jmd0OyB0b2tlbnMgY2Fubm90LiZuYnNwOyBUaGUgY2hhaXJzIHdpbGwgdGFrZSBpdCB0 byB0aGUgbGlzdCB0byBldmFsdWF0ZSBpZiB0aGVyZSBpcyBlbm91Z2g8YnI+Jmd0OyBpbnRlcmVz dCB0byBjb250aW51ZSB3aXRoIHRoaXMgZG9jdW1lbnQuPGJyPjxicj5BcyBJJ3ZlIHVwZGF0ZWQg dGhlIGxpc3QgYW5kIGNoYWlycyBvbiBtdWx0aXBsZSBvY2Nhc2lvbnMsIHRoZSBkcmFmdCBpcyBw cmFjdGljYWxseSByZWFkeS4gVGhlcmUgd2FzIHNvbWUgbGF0ZSBhcnJpdmluZyBmZWVkYmFjayB3 aGljaCBJIGRpZCBub3QgZ2V0IGFyb3VuZCB0byBwcm9jZXNzLiBIb3dldmVyLCB0aGUgbWFpbiBp c3N1ZSBpcyBsYWNrIG9mIFdHIGludGVyZXN0IGluIHRoaXMgd29yay4gSSBhbSBzdGlsbCBwbGFu bmluZyB0byBmaW5pc2ggaXQgYnkgbWFraW5nIHZlcnkgbWlub3IgdHdlYWtzIHRvIHRoZSBjdXJy ZW50IGRyYWZ0LCBidXQgd291bGQgYmUgdmVyeSBoYXBweSB0byBtYWtlIGl0IGFuIGluZGl2aWR1 YWwgc3VibWlzc2lvbi48YnI+PGJyPlRoZSBNQUMgZHJhZnQgaGFzIGxhcmdlbHkgYmVlbiBteSBw ZXJzb25hbCBwcm9qZWN0IHRvCiBkYXRlLjxicj48YnI+Jmd0OyBJbiBhIHJlbGF0ZWQgbm90ZSwg dGhpcyBkb2N1bWVudCAoYXMgd2VsbCBhcyB0aGUgdjItYmVhcmVyIGRvY3VtZW50KSBpcyBub3Q8 YnI+Jmd0OyBhdmFpbGFibGUgb2ZmIHRoZSB0b29scyBwYWdlIGV2ZW4gdGhvdWdoIGl0IGhhcyBu b3QgZXhwaXJlZC4mbmJzcDsgSSBoYXZlIHRha2VuIHRoZTxicj4mZ3Q7IGFjdGlvbiBpdGVtIHRv IGdldCB0aGF0IHNvcnRlZCBvdXQuPGJyPiZndDsgPGJyPiZndDsgRmluYWxseSwgd2Ugc3BlbnQg dGhlIG1ham9yaXR5IG9mIG91ciB0aW1lIHRhbGtpbmcgYWJvdXQgcmVjaGFydGVyaW5nIGJhc2Vk IG9uPGJyPiZndDsgdGhlIHByb3Bvc2VkIGNoYXJ0ZXIgc2VudCB0byB0aGUgbGlzdCBieSBIYW5u ZXMgYSB3ZWVrIG9yIHR3byBhZ28uPGJyPiZndDsgQ29uc2Vuc3VzIG9mIHRoZSByb29tIHdhcyB0 aGF0IHRoZXJlIHdhcyBlbm91Z2ggaW50ZXJlc3QgdG8gcmVjaGFydGVyPGJyPiZndDsgYmFzZWQg cm91Z2hseSBvbiB0aGUgcHJvcG9zZWQgY2hhcnRlci4mbmJzcDsgVGhlcmUgd2FzIGFsc28gY29u c2Vuc3VzIHRvIGluY2x1ZGU8YnI+Jmd0OyBTaW1wbGUgV2ViIERpc2NvdmVyeSAoaW4gYWRkaXRp b24gdG8sIGFuZCBzZXBhcmF0ZSBmcm9tLCBEeW5hbWljIENsaWVudDxicj4mZ3Q7IFJlZ2lzdHJh dGlvbiksIGFsdGhvdWdoIHdlIHdpbGwgbmVlZCB0byB3b3JrIHdpdGggdGhlIEFEcyB0byBtYWtl IHN1cmUgaXQ8YnI+Jmd0OyBnZXRzIGhhbmRsZWQgaW4gdGhlIGFwcHJvcHJpYXRlIFdHIGFuZCBB cmVhLjxicj4mZ3Q7IE1vcmVvdmVyLCBpdCdzIGltcG9ydGFudCB0byBtYWtlIHN1cmUgdGhlIGFw cHJvcHJpYXRlIGFwcGxpY2F0aW9ucyBhcmVhPGJyPiZndDsgcGFydGljaXBhbnRzIGdldCBpbnZv bHZlZCBpbiB0aGUgU1dEIHdvcmsuPGJyPjxicj5UaGVyZSBpcyBzb21ldGhpbmcgdmVyeSBhd2t3 YXJkIGFib3V0CiBkaXNjdXNzaW5nIFNXRCBib3RoIGluIHRoZSBjb250ZXh0IG9mIHRoaXMgd29y a2luZyBncm91cCwgYW5kIGluIHRoZSBjb250ZXh0IG9mIGZ1dHVyZSBPQXV0aCBkaXNjb3Zlcnkg d29yay4gVGhlIGlkZWEgb2YgcGlja2luZyBhIGRpc2NvdmVyeSBtZWNoYW5pc20gYmVmb3JlIHRo ZSBXRyBoYWQgYSBzaW5nbGUgZGlzY3Vzc2lvbiBhYm91dCB3aGF0IGlzIGluY2x1ZGVkIGluIGRp c2NvdmVyeSBhbmQgd2hhdCBhcmUgdGhlIHVzZSBjYXNlcyBhbmQgcmVxdWlyZW1lbnQgaXMgYWJz dXJkLjxicj48YnI+VGhlcmUgaGFzIG5vdCBiZWVuIGNvbnNlbnN1cyBvbiB0aGUgbGlzdCBmb3Ig aW5jbHVkaW5nIFNXRCBpbiB0aGUgV0cgY2hhcnRlci48YnI+PGJyPlRoZSBvbmx5IGp1c3RpZmlj YXRpb24gSSBoYXZlIGhlYXJkIHNvIGZhciBmb3IgdGhpcyBXRyB0byBiZSB0aGUgU1dEIHZlbnVl IGlzIHRoYXQgaXQncyBlYXN5IGJlY2F1c2UgdGhlIGF1dGhvciBhbmQgYSBmZXcgb3RoZXIgcGVv cGxlIGludGVyZXN0ZWQgYXJlIGFscmVhZHkgaGVyZS4gVGhhdCdzIG5vdCBhIHZhbGlkIHJlYXNv bi48YnI+PGJyPkFueSBmdXJ0aGVyIHdvcmsgb24gU1dEIGFsc28gcmVxdWlyZXMgdGhlIElFVEYg dG8gdmlldyBpdCBpbiBsaWdodCBvZiBSRkMgNjQxNSAoaG9zdC1tZXRhKSB3aGljaCBpcyBhIHBy b3Bvc2VkIHN0YW5kYXJkIGFwcHJvdmVkIGluIE9jdG9iZXIgMjAxMS4gVGhlIElFVEYgaXMgbm90 IGluIHRoZSAnZmxhdm9yIG9mIHRoZSBtb250aCcgYnVzaW5lc3MuIFByb3BlciBwcm9jZXNzIHJl cXVpcmVzIGRpc2N1c3Npb24gYWJvdXQgdGhlIG1lcml0cyBvZiByZWRvaW5nIHRoZSBob3N0LW1l dGEgd29yayBmcm9tIHNjcmF0Y2ggaW4gYSBub24tY29tcGF0aWJsZSB3YXkganVzdCBiZWNhdXNl IGEgaGFuZGZ1bCBvZiBwZW9wbGUgJ2xpa2UgaXQgYmV0dGVyJyB3aXRoIGxpdHRsZSB0ZWNobmlj YWwKIGp1c3RpZmljYXRpb24uPGJyPjxicj5FaXRoZXIgd2F5LCB0aGlzIGRpc2N1c3Npb24gZG9l cyBub3QgYmVsb25nIGhlcmUuPGJyPjxicj5FSDxicj48YnI+X19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX188YnI+T0F1dGggbWFpbGluZyBsaXN0PGJyPjxhIHlt YWlsdG89Im1haWx0bzpPQXV0aEBpZXRmLm9yZyIgaHJlZj0ibWFpbHRvOk9BdXRoQGlldGYub3Jn Ij5PQXV0aEBpZXRmLm9yZzwvYT48YnI+PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFp bG1hbi9saXN0aW5mby9vYXV0aCIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vb2F1dGg8L2E+PGJyPjxicj48YnI+IDwvZGl2PiA8L2Rpdj4gPC9i bG9ja3F1b3RlPjwvZGl2PiAgIDwvZGl2PjwvYm9keT48L2h0bWw+ ------=_Part_3_1333088565926-- From hannes.tschofenig@gmx.net Thu Mar 29 23:52:10 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B0E321F856C for ; Thu, 29 Mar 2012 23:52:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.548 X-Spam-Level: X-Spam-Status: No, score=-102.548 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e10t0xA86+ub for ; Thu, 29 Mar 2012 23:52:09 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id C442421E809F for ; Thu, 29 Mar 2012 23:52:01 -0700 (PDT) Received: (qmail invoked by alias); 30 Mar 2012 06:52:00 -0000 Received: from dhcp-431b.meeting.ietf.org (EHLO dhcp-431b.meeting.ietf.org) [130.129.67.27] by mail.gmx.net (mp012) with SMTP; 30 Mar 2012 08:52:00 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX193WbAiLyt3AVrAqPNDdoBViQCqpcMv5qY9ESPYF3 PbMCDiyxsjvBOw Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: <45274861-99FA-470F-94F7-8CF765F8C4DE@bblfish.net> Date: Fri, 30 Mar 2012 09:42:46 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <2EA894F4-EC84-4BC4-BF73-26A0BEF6DE4D@gmx.net> References: <45274861-99FA-470F-94F7-8CF765F8C4DE@bblfish.net> To: Henry Story X-Mailer: Apple Mail (2.1084) X-Y-GMX-Trusted: 0 Cc: saag@ietf.org Subject: Re: [saag] "Privacy in IETF Protocols" at IETF83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 06:52:10 -0000 Hi Henry,=20 great to hear that you like this topic.=20 The Internet Architecture Board (IAB) has spent some time thinking about = how to consider privacy in the design of Internet protocols. We tried to = take a structured approach to it.=20 Here is it:=20 http://tools.ietf.org/html/draft-iab-privacy-considerations-02 Looking forward to your comments. Ciao Hannes On Mar 30, 2012, at 6:24 AM, Henry Story wrote: > I very much appreciated Ian Walden's talk today at IETF83 meeting in=20= > Paris [1] He mentioned that the EU directives made it a legal = requirement=20 > to make the use of cookies transparent to the users. In the questions=20= > and answers session I mentioned work by Mozilla that gave a very good = UI > demonstration of how this could be done. You can find the blog post by=20= > Azza Raskin where he developed this here: >=20 > http://www.azarask.in/blog/post/identity-in-the-browser-firefox/ >=20 > He was working on a more cookie oriented approach, but this would also = work very > well for TLS, and there is an issue open for this on Google Chrome for = example >=20 > http://code.google.com/p/chromium/issues/detail?id=3D29784 >=20 > It is good to see that the legislation is now providing an extra = incentive to > for browser vendors to provide good clean transparent user interfaces. >=20 > Henry >=20 > [1] picture of Ian Walden http://instagr.am/p/IwxJJQvhf6/ >=20 > Social Web Architect > http://bblfish.net/ >=20 > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag From Jeff.Hodges@KingsMountain.com Fri Mar 30 01:13:22 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76CEE21F87C3 for ; Fri, 30 Mar 2012 01:13:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -98.922 X-Spam-Level: X-Spam-Status: No, score=-98.922 tagged_above=-999 required=5 tests=[AWL=-0.841, BAYES_40=-0.185, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NU3Ycv96HapS for ; Fri, 30 Mar 2012 01:13:21 -0700 (PDT) Received: from oproxy4-pub.bluehost.com (oproxy4.bluehost.com [IPv6:2605:dc00:100:2::a4]) by ietfa.amsl.com (Postfix) with SMTP id 612A121F87AF for ; Fri, 30 Mar 2012 01:13:20 -0700 (PDT) Received: (qmail 12665 invoked by uid 0); 30 Mar 2012 08:13:20 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy1.bluehost.com with SMTP; 30 Mar 2012 08:13:20 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=Qwi0dsFcmEGnQhCx9ZXa27Bd13PHE67g2C1pR2Tgl7s=; b=Iet+V11UxpRxOB1XTN3VNI/3Y/CI9bBT6Nu7MPOMcGzuW5gmR8qvhwt6PcjT2BBIIktXslDdm8e6C9dy4QZMp6fZpXD7NVrXwy/aMpFdT2KXGmlXl+tkcfm+AcPq5pY6; Received: from dhcp-5698.meeting.ietf.org ([130.129.86.152]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from ) id 1SDWxT-0006Xc-8v; Fri, 30 Mar 2012 02:13:19 -0600 Message-ID: <4F756B1D.1090101@KingsMountain.com> Date: Fri, 30 Mar 2012 01:13:17 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20 MIME-Version: 1.0 To: IETF PKIX WG , IETF Security Area Advisory Group Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 130.129.86.152 authed with jeff.hodges+kingsmountain.com} Subject: Re: [saag] fyi: CA/Browser Forum (CABF) reform deliberations X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 08:13:22 -0000 > FYI, as I mentioned in the session, the CA/Browser Forum (CABF) is entertaining > governance reforms, as announced here. > > CA/Browser Forum Announces Organizational Reform Working Group > http://cabforum.org/org_announcement.html > > The CABF is soliciting public input, the deadline for input is unfortunately > fast approaching, it is this Friday, March 30, 2012. FWIW, I hear tell (as I suspected) that "late" input will still be considered, although the longer submitters wait, the less time and opportunity there will be to incorporate their feedback into any proposal that will come to a vote (slated for mid-April). > In terms of the sorts of reforms some parties are proposing, here's PayPal's > input.. > > PayPal supports reform at the CA/Browser Forum > > http://www.thesecuritypractice.com/the_security_practice/2012/03/paypal-supports-reform-at-the-cabrowser-forum.html > > I'm here @ietf-83, feel free to reach out if you have any questions, =JeffH From Josh.Howlett@ja.net Fri Mar 30 01:26:50 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B546B21F885D for ; Fri, 30 Mar 2012 01:26:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.399 X-Spam-Level: X-Spam-Status: No, score=-101.399 tagged_above=-999 required=5 tests=[AWL=-1.214, BAYES_40=-0.185, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w5PTNMfK4-vR for ; Fri, 30 Mar 2012 01:26:50 -0700 (PDT) Received: from egw001.ukerna.ac.uk (egw001.ukerna.ac.uk [194.82.140.74]) by ietfa.amsl.com (Postfix) with ESMTP id CAFC721F84F4 for ; Fri, 30 Mar 2012 01:26:49 -0700 (PDT) Received: from egw001.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 12B851A9AFEE_F756E47B; Fri, 30 Mar 2012 08:26:47 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk (exc001.atlas.ukerna.ac.uk [193.62.83.37]) by egw001.ukerna.ac.uk (Sophos Email Appliance) with ESMTP id D7D081A9AFEB_F756E46F; Fri, 30 Mar 2012 08:26:46 +0000 (GMT) Received: from EXC001.atlas.ukerna.ac.uk ([193.62.83.37]) by EXC001 ([193.62.83.37]) with mapi id 14.01.0355.002; Fri, 30 Mar 2012 09:26:46 +0100 From: Josh Howlett To: Hannes Tschofenig , Henry Story Thread-Topic: [saag] "Privacy in IETF Protocols" at IETF83 Thread-Index: AQHNDiS34c2W0PLk40y0j8LPtiZnhZaCU5QAgAA+kwA= Date: Fri, 30 Mar 2012 08:26:46 +0000 Message-ID: In-Reply-To: <2EA894F4-EC84-4BC4-BF73-26A0BEF6DE4D@gmx.net> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.14.0.111121 x-originating-ip: [194.82.140.76] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "saag@ietf.org" Subject: Re: [saag] "Privacy in IETF Protocols" at IETF83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 08:26:50 -0000 Hi Hannes, I agree that this was a really great presentation. There were a couple of things that Ian didn't mention that might be of general interest: * The proposed Data Protection Regulation will apply to non-EU entities offering goods or services to EU-based customers. Such entities are also required to provide an equivalent level of protection to customers in other (non-EU) jurisdictions. * Entities found in breach of the proposed Regulation can be fined up to 2% of annual global turnover * The US government has recently proposed a Consumer Privacy Bill of Rights. One of my colleagues has compared this to the EU regulation; his analysis is at=20 http://webmedia.company.ja.net/edlabblogs/regulatory-developments/2012/03/1 4/us-consumer-privacy-bill-of-rights. >The Internet Architecture Board (IAB) has spent some time thinking about >how to consider privacy in the design of Internet protocols. We tried to >take a structured approach to it. "Privacy by design" is an excellent idea, but the existing directive and proposed regulation are both sufficiently broad that any non-trivial protocol will impose legal obligations on users; there are no technical silver bullets and so we also need to develop smarter solutions at layer 9. Josh. Janet is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024=20 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG From hannes.tschofenig@gmx.net Fri Mar 30 01:46:12 2012 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BC2D21F88CE for ; Fri, 30 Mar 2012 01:46:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.552 X-Spam-Level: X-Spam-Status: No, score=-102.552 tagged_above=-999 required=5 tests=[AWL=0.047, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kG5cawMtgTLT for ; Fri, 30 Mar 2012 01:46:11 -0700 (PDT) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 55D4021F88EE for ; Fri, 30 Mar 2012 01:46:11 -0700 (PDT) Received: (qmail invoked by alias); 30 Mar 2012 08:46:10 -0000 Received: from dhcp-172b.meeting.ietf.org (EHLO dhcp-172b.meeting.ietf.org) [130.129.23.43] by mail.gmx.net (mp010) with SMTP; 30 Mar 2012 10:46:10 +0200 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX1/q+atmWY7qJZbCY1x2QsYXJRj4vrwXiC5CO4XyBa EW5ZMiAr+jzetu Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: Date: Fri, 30 Mar 2012 11:46:08 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Josh Howlett X-Mailer: Apple Mail (2.1084) X-Y-GMX-Trusted: 0 Cc: "saag@ietf.org" Subject: Re: [saag] "Privacy in IETF Protocols" at IETF83 X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 08:46:12 -0000 Hi Josh,=20 it was a fun presentation. The link to the Internet protocol work was = not really there.=20 The challenge is that the privacy principles defined by OECD, EC, FTC, = etc. are not directly applicable to what we do in the IETF (or anyone = else in the technical community does).=20 What Ian did not mention is that on paper everything looks pretty clear.=20= When you look at the practice then things get rough. On Mar 30, 2012, at 11:26 AM, Josh Howlett wrote: > Hi Hannes, >=20 > I agree that this was a really great presentation. There were a couple = of > things that Ian didn't mention that might be of general interest: >=20 > * The proposed Data Protection Regulation will apply to non-EU = entities > offering goods or services > to EU-based customers. Such entities are also required to provide an > equivalent level of protection to customers in other (non-EU) > jurisdictions. Correct. However, there are "escape-paths". The Safe Harbor would be = one such path.=20 >=20 > * Entities found in breach of the proposed Regulation can be fined up = to > 2% of annual global turnover That's what the proposal says today but that's very likely to change. I = had already changed from Dec. 2011 to Jan. 2012.=20 >=20 > * The US government has recently proposed a Consumer Privacy Bill of > Rights. One of my colleagues has compared this to the EU regulation; = his > analysis is at=20 > = http://webmedia.company.ja.net/edlabblogs/regulatory-developments/2012/03/= 1 > 4/us-consumer-privacy-bill-of-rights. >=20 Thanks for the pointer.=20 >> The Internet Architecture Board (IAB) has spent some time thinking = about >> how to consider privacy in the design of Internet protocols. We tried = to >> take a structured approach to it. >=20 > "Privacy by design" is an excellent idea, but the existing directive = and > proposed regulation are both sufficiently broad that any non-trivial > protocol will impose legal obligations on users; there are no = technical > silver bullets and so we also need to develop smarter solutions at = layer 9. >=20 We had tried to figure out what this "let us consider privacy throughout = the process" actually means.=20 Similar to security the story is not trivial.=20 If folks would spend 30mins through our document then that should become = clear. (You need additional 30min to look at the terminology document = because speaking about "privacy" does not make sense -- you need to be = more specific to convey a meaningful message.) Ciao Hannes > Josh. >=20 >=20 >=20 > Janet is a trading name of The JNT Association, a company limited > by guarantee which is registered in England under No. 2881024=20 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG >=20