From Archer@linuxmail.org Fri Apr 1 00:09:09 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA21110; Fri, 1 Apr 2005 00:09:08 -0500 (EST) Message-Id: <200504010509.AAA21110@ietf.org> Received: from [221.161.164.252] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DHEWM-00014E-MG; Fri, 01 Apr 2005 00:16:41 -0500 Received: from [99.93.128.102] by sagebrush%DIGITS.greenbriar.222.119.32.196 via HTTP; Thu, 31 Mar 2005 21:11:21 -0800 Reply-To: "kittymail.com" From: "kittymail.com" To: Subject: Offering refinancing for Americans Date: Thu, 31 Mar 2005 21:11:21 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--3911063091qhjw7586" X-Spam-Score: 5.6 (+++++) X-Spam-Flag: YES X-Scan-Signature: de4f315c9369b71d7dd5909b42224370 ----3911063091qhjw7586 Content-Type: text/plain; charset="iso-%DIGITS%LCVALUES%DIGITS%DIGITS%LCVALUES" Content-Transfer-Encoding: quoted-printable Attention Home owners! Learn how to save big by re-financ-ing Current Rate is at all times low of 3.6% ACT TODAY: http://www.today-mrg-now.net/st.asp No other way to so quickly and easily lower your monthly bill payments while putting cash now in your pocket! ----3911063091qhjw7586-- From BergmanEDRXYG@mpik-tueb.mpg.de Fri Apr 1 00:37:18 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA22976 for ; Fri, 1 Apr 2005 00:37:18 -0500 (EST) Received: from [218.38.240.240] (helo=OPKWORLD) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DHExZ-0001wC-3Q for eap-archive@ietf.org; Fri, 01 Apr 2005 00:44:51 -0500 Received: (from brag@218.38.240.240) by detriment8.160.30.104.28 (B.4D.0/E.3C.E) id dk960OsT84ACDC; Sat, 11 Jan 2003 13:14:09 -0400 Message-ID: <6282EDB2A0.BF90B@BergmanEDRXYG@mpik-tueb.mpg.de> Reply-To: "Crawford D Troy" From: "Crawford D Troy" To: "Eap-archive" Subject: wonderful side effects Date: Sat, 11 Jan 2003 13:21:09 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--961C18C53D9D9190C" X-Spam-Score: 18.4 (++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d ----961C18C53D9D9190C Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable As Seen on NBC, CBS, CNN and even Oprah! The Health Discovery that Actually Reverses Aging while Burning Fat, without Dieting or Exercise! This Proven Discovery has even been reported on by the New England Journal of Medicine. Forget Aging and Dieting Forever! And it's Guaranteed! Receive up to 2 Full Month's Supplies Absolutely FREE! http://dogbane.aFFil9384.BIZ/h to be ramoved from our list : http://petersburg.AFfil9384.biz/re Nationalism is a silly cock crowing on his own dunghill.=20 ----961C18C53D9D9190C-- From axocuecwz@upvnet.upv.es Fri Apr 1 02:34:02 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA22016; Fri, 1 Apr 2005 02:34:01 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DHGma-0005vk-EI; Fri, 01 Apr 2005 02:41:34 -0500 Received: from [218.190.47.70] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DHGrS-0001Oc-AT; Fri, 01 Apr 2005 02:46:35 -0500 X-Message-Info: IYGWpkAD677CVFep948DWnem+25C2 Received: from gqcxspd85.xo.axocuecwz@upvnet.upv.es ([45.144.176.29]) by mcaF9E0FF-egm.218.190.47.70 with Microsoft SMTPSVC(5.0.2195.6824); Fri, 01 Apr 2005 04:25:43 -0300 Received: from axocuecwz@upvnet.upv.es (224.154.253.252) by ojh7AF.ahq.paxocuecwz@upvnet.upv.es with QMQP; Fri, 01 Apr 2005 03:24:43 -0400 Message-Id: Date: Fri, 01 Apr 2005 09:25:43 +0200 Message-ID: From: "Dianne Dolan" <-axocuecwz@upvnet.upv.es> Subject: medical directory & physicians 7,000 Senior Hospitals,, 172,000 Senior Hospital Administrators and doctors. To: gsmp@ietf.org Cc: edu-team-web-archive@ietf.org, edu-discuss@ietf.org, gsmp-admin@ietf.org, edu-team@ietf.org, gsmp-web-archive@ietf.org, eap-archive@ietf.org MIME-Version: 1.0 .DD Content-Type: multipart/alternative; boundary="--9570DDB24FAF1FE" X-Mailer: (D.3BC.C) X-Spam-Score: 21.0 (+++++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d ----9570DDB24FAF1FE Content-Type: text/plain; charset="iso-0F64-C" Content-Transfer-Encoding: quoted-printable 7,000 hospitals, 172,000 Senior Hospital Administrators. PRE_PUBLICATION OFFER OF $247.00 (Reg. $1,299). "The New American Hospital Marketing Guide is an extremely cost-effective way of increasing your marketing efforts". David Stanford, Chicago, IL. In response to numerous inquiries from healthcare marketers, HealthLine Publications Corp. is introducing The New American Hospital Marketing Guide. The new guide is an attempt to assist healthcare professionals to target hospital decision-makers throughout the country. The Guide includes administrators in hospitals in the United States such as CEOs, CFOs, Directors (surgery, nursing, purchasing, etc.) In addition to mailing addresses, fax and phone numbers, the publication includes important hospital stats such as number of beds, hospital type, hospital number and staff size. In a rapidly-changing industry, current healthcare information is an invaluable resource to businesses and organizations. The New American Hospital Marketing Guide includes comprehensive information on more than 7,000 hospitals and 172,000 administrators. It is the most extensive and database of key decision-makers in the health care market. Each record is indexed by such features as name, address, phone and fax. The database is available in Excel format on CD Rom. It is designed for mailing lists and merges. The data can be selected by state or other criteria such as type of practice. It can be used on an unlimited basis. If you are interested in identifying and contacting hospital decision-makers most likely to benefit from your product or service, The New American Hospital Guide will save you time and money. To order The New American Hospital Guide, simply fill out the information below and fax it to 416 760-3763 (tel: 416 760-3762). Bonus Offer: New Customer Offer. Order now and receive free of charge our marketing publication: Build a Successful Healthcare Marketing Campaign.This popular publication offers a number of strategies relating to effective marketing of healthcare products. NAME: TITLE: COMPANY: ADDRESS: CITY: ZIP: TEL: FAX: EMAIL: ----9570DDB24FAF1FE-- From oulefbhv@forum.dk Fri Apr 1 02:45:39 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA22763; Fri, 1 Apr 2005 02:45:38 -0500 (EST) Resent-From: oulefbhv@forum.dk Message-Id: <200504010745.CAA22763@ietf.org> Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DHGxr-0006Ih-9N; Fri, 01 Apr 2005 02:53:11 -0500 Received: from acc745c4.ipt.aol.com ([172.199.69.196]) by mx2.foretec.com with smtp (Exim 4.24) id 1DHH2T-0001dA-7i; Fri, 01 Apr 2005 02:58:09 -0500 Language: English Discarded-X400-MTS-Extensions: Yes Alternate-Recipient: Allowed Resent-Reply-To: "Jamal Mooney" Reply-To: "Jamal Mooney" From: "Jamal Mooney" To: ext-admin@ietf.org Cc: eap-archive@ietf.org, mailman-admin@ietf.org, pana-archive@ietf.org, mailman@ietf.org, pana@ietf.org, pana-web-archive@ietf.org, pana-admin@ietf.org, p2prg-archive@ietf.org, p2prg@ietf.org, p2prg-web-archive@ietf.org, p2prg-admin@ietf.org, 3dsip@ietf.org, g-admin@ietf.org, iporpr@ietf.org, sip-admin@ietf.org Subject: Hi Date: Fri, 01 Apr 2005 06:44:30 -0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--09-74927-3457-126-08621" Resent-Message-Id: Resent-Date: Fri, 01 Apr 2005 02:58:09 -0500 X-Spam-Score: 2.1 (++) X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a ----09-74927-3457-126-08621 Content-Type: text/plain; charset="iso-9713-2" Content-Transfer-Encoding: 7Bit Hi, I sent you an email recently and I'd like to confirm everything now. Please read the info below and let me know if you have any questions. We are accepting your m ortgage qualifications. If you have bad cr edit, it's ok. You qualify for a 200,000 dol~lar house at 450 dol~lars a month. Fill out this short form now: http://www.now-and-forever.org/usa.asp Best Wishes, Jamal Mooney American Equity 1946 University Blvd Hollywood, CA another preference here now-and-forever.org/gone.asp ----09-74927-3457-126-08621-- From diameter-admin@frascone.com Fri Apr 1 05:02:35 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA07671 for ; Fri, 1 Apr 2005 05:02:35 -0500 (EST) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 05A0F2055F for ; Fri, 1 Apr 2005 05:02:34 -0500 (EST) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5C17E205C6 for ; Fri, 1 Apr 2005 05:02:28 -0500 (EST) Date: Fri, 01 Apr 2005 05:02:27 -0500 Message-ID: <20050401100227.9469.93479.Mailman@xavier> Subject: frascone.com mailing list memberships reminder From: mailman-owner@wolverine.cnri.reston.va.us To: eap-archive@ietf.org X-No-Archive: yes X-Ack: no Sender: diameter-admin@frascone.com Errors-To: diameter-admin@frascone.com X-BeenThere: diameter@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a reminder, sent out once a month, about your frascone.com mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, eap-request@frascone.com) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. If you have questions, problems, comments, etc, send them to mailman-owner@wolverine. Thanks! Passwords for eap-archive@lists.ietf.org: List Password // URL ---- -------- eap@frascone.com ohweow http://mail.frascone.com/mailman/options/eap/eap-archive%40lists.ietf.org From Sherisse@jctronix.com Fri Apr 1 07:16:23 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA17462 for ; Fri, 1 Apr 2005 07:16:22 -0500 (EST) Message-Id: <200504011216.HAA17462@ietf.org> Received: from lns-vlq-41-str-82-252-57-185.adsl.proxad.net ([82.252.57.185] helo=jctronix.com) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DHLBr-0007Uw-Jh for eap-archive@ietf.org; Fri, 01 Apr 2005 07:23:59 -0500 From: "Arttu Castro" To: "Zbigniew Stoner" Subject: Re: VlAGRA C1ALlS VALlUM Date: Fri, 1 Apr 2005 07:16:11 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0008_01C53549.424D3B8B" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 6.1 (++++++) X-Spam-Flag: YES X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac This is a multi-part message in MIME format. ------=_NextPart_000_0008_01C53549.424D3B8B Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, provided for mademoiselle's ransom; and shrewd, hard bargain-driv cried the Baron impatiently, that very security will lull them. enemies, and despair at the wild ravages which, temporarily at le reveal to shallow-minded folk who sneer at the use of coincidence of her companion, whereupon with an ill-tempered grunt the man sw defence, she discouraged him. had invited it, he had sworn to teach the English a sharp lesson Some slight damage was sustained by Blood's fleet. But by the ti I am Lord Willoughby, Governor General of His Majesty's colonies Even as he watched her she altered her course, and going about ca Have a nice day. ------=_NextPart_000_0008_01C53549.424D3B8B Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello, = Do you want to spend less on your MEDlCAATIONS?
 
Visit PharamcyByMAlL SHOP and SAVE OVER 80%
 
V GR UM C lS NA
lA A VALl lAL  XA X and many other
 
Have a nice = day.
P.S. = Just Try us and you wiill like our shop!
------=_NextPart_000_0008_01C53549.424D3B8B-- From AllisonStarr@emareon.org Fri Apr 1 10:35:25 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA05381; Fri, 1 Apr 2005 10:35:25 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DHOIV-0006h3-SY; Fri, 01 Apr 2005 10:43:03 -0500 Received: from [220.125.52.154] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DHONM-00068Z-6A; Fri, 01 Apr 2005 10:48:00 -0500 Received: from e69x@localhost by Op9q.int (8.11.6/8.11.6); Fri, 01 Apr 2005 08:28:39 -0700 Message-ID: <5ErHFdHPR4C0gq5JAKpTvAE@promocdsingles.com> From: "Patty Mcallister" Reply-To: "Patty Mcallister" To: internet-drafts@ietf.org, iab-wireless-workshop@ietf.org, eap-archive@ietf.org, edu-team-bounces@ietf.org Subject: Windows Products available for Download Date: Fri, 01 Apr 2005 08:25:39 -0700 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: AllisonStarr@emareon.org Content-Type: multipart/mixed; boundary="--JnU3Ec60gJYbrnez" X-Spam-Score: 8.0 (++++++++) X-Spam-Flag: YES X-Scan-Signature: 09f2eafe5f7c426554d5f494540a89cd zva ----JnU3Ec60gJYbrnez Content-Type: text/html; Content-Transfer-Encoding: quoted-printable 4256124
Browse Search Shop My eSoft Community
Back to Soft= ware Overview

Home > All Categories > Computers > Software > Operating Systems > Windows
All Items
Auctions
Bu= y It Now
    Refine Search
 Top Sellers
1   Windows XP Pro
2   Office XP 2002 Pro
3   Adobe Acrobat
     7.0 Professional
4   Adobe Photoshop
     CS 8.0
5   Office 2003 Pro     
6   Macromedia
     Dream Weaver
     MX 2004
7   Macromedia Flash
     MX 2004 Pro
8   MS 2003 Server
     (Enterprise Edition)
9   Norton Antivirus 2005
10 CorelDraw
     Graphics Suite 12.0
11 Adobe Creative Suite
     Premium
12 Alias Wavefront 6.0
13 Adobe Primer
14 AutoDesk 3d Studio
     MAX v6.0
15 Adobe Encore DVD

 

 

Featured It= em

 PRlCE Bids Time Left

3D"New"  Micr= osoft Windows XP PRO
-Current Edition-

 3D"Gift from Our eStore

$49.95 USD

7
3D"Gift

= 0h 14m

Nevv It= ems

 PRlCE Bids Time Left

3D"New"  = Microsoft Office 2003 PRO or
Microsoft Office XP PRO

 3D"Gift from Our eStore

$49.95 USD

9
3D"Gift

 0h 13m

3D"New"  = Adobe Photoshop CS 8.0 or Adobe Acrobat PRO 7.0

 3D"Gift from Our eStore

$59.95 USD

 7
3D"Gift		 0h 16m

3D"New"  = Macromedia FlashMX Pro 2004 or Macromedia Dreamweaver MX Pro 2004

 3D"Gift from Our eStore

 $39.95 USD 5
3D"Gift		 0h 15m
----JnU3Ec60gJYbrnez-- From catwvgil@ana.ufz.de Fri Apr 1 14:46:09 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA29842 for ; Fri, 1 Apr 2005 14:46:09 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DHSDE-0000Bm-Eh for eap-archive@ietf.org; Fri, 01 Apr 2005 14:53:51 -0500 Received: from usen-219x123x103x186.ap-us.usen.ad.jp ([219.123.103.186]) by mx2.foretec.com with smtp (Exim 4.24) id 1DHSHy-0004oP-IF for eap-archive@ietf.org; Fri, 01 Apr 2005 14:58:43 -0500 Received: from agarr898DB.hdox.catwvgil@ana.ufz.de ([224.95.98.201]) by lkep85C8-h.219.123.103.186 with Microsoft SMTPSVC(5.0.2195.6824); Sat, 02 Apr 2005 13:45:38 +0200 Received: from catwvgil@ana.ufz.de (59.64.75.192) by mzC1B.cukcp.pcatwvgil@ana.ufz.de with QMQP; Sat, 02 Apr 2005 09:43:38 -0200 Message-Id: Date: Sat, 02 Apr 2005 05:41:38 -0600 Message-ID: <99CE4DF0FE93.3F5B.qmail@bandage.deceitful.catwvgil@ana.ufz.de> From: "Friend pent" Subject: post secondary certificates for sale here To: eap-archive@ietf.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--276D1FA3FA8FA1E6E" X-Spam-Score: 12.7 (++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c ----276D1FA3FA8FA1E6E Content-Type: text/plain; charset="ISO-8859-2" Content-Transfer-Encoding: quoted-printable get certified now with an online "education" http://olympia.aFFil9384.BIZ to take off your email : HTTP://Dianne.AFFIL9384.BIZ/re The Eskimo has fifty-two names for snow because it is important to them; t= here ought to be as many for love.=20 ----276D1FA3FA8FA1E6E-- From MelanieStratton@nceca.org Fri Apr 1 15:17:30 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03503; Fri, 1 Apr 2005 15:17:27 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DHShY-0001Gr-N3; Fri, 01 Apr 2005 15:25:09 -0500 Received: from [203.251.124.23] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DHSmN-0005g1-2I; Fri, 01 Apr 2005 15:30:07 -0500 Received: from KMKE@localhost by P9V.int (8.11.6/8.11.6); Fri, 01 Apr 2005 21:10:55 +0100 Message-ID: From: "Paula Hutchins" Reply-To: "Paula Hutchins" To: secdir-web-archive@ietf.org Cc: avt-admin@ietf.org, eap-archive@ietf.org, dccp-admin@ietf.org, ippm-archive@ietf.org Subject: Over 80% Savings on ALL best-selling Macromedia titles Date: Fri, 01 Apr 2005 19:11:55 -0100 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: MelanieStratton@nceca.org Content-Type: multipart/mixed; boundary="--TOuYP1cc764utkVni9j" X-Spam-Score: 18.9 (++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 09f2eafe5f7c426554d5f494540a89cd 47Og ----TOuYP1cc764utkVni9j Content-Type: text/html; Content-Transfer-Encoding: quoted-printable 9483447
Browse Search Shop My eSoft Community
Back to Softwa= re Overview

Home > All Categories > Computers > Software > Operating Systems > Windows
All Items
Auctions
Bu= y It Now
    Refine Search
 Top Sellers
1   Windows XP Pro
2   Office XP 2002 Pro
3   Adobe Acrobat
     7.0 Professional
4   Adobe Photoshop
     CS 8.0
5   Office 2003 Pro     
6   Macromedia
     Dream Weaver
     MX 2004
7   Macromedia Flash
     MX 2004 Pro
8   MS 2003 Server
     (Enterprise Edition)
9   Norton Antivirus 2005
10 CorelDraw
     Graphics Suite 12.0
11 Adobe Creative Suite
     Premium
12 Alias Wavefront 6.0
13 Adobe Primer
14 AutoDesk 3d Studio
     MAX v6.0
15 Adobe Encore DVD

 

 

Featured It= em

 PRlCE Bids Time Left

3D"New"  Micros= oft Windows XP PRO
-Current Edition-

 3D"Gift from Our eStore

$49.95 USD

2
3D"Gift

= 0h 15m

Nevv It= ems

 PRlCE Bids Time Left

3D"New"  Mi= crosoft Office 2003 PRO or
Microsoft Office XP PRO

 3D"Gift from Our eStore

$49.95 USD

2
3D"Gift

 0h 14m

3D"New"  Ad= obe Photoshop CS 8.0 or Adobe Acrobat PRO 7.0

 3D"Gift from Our eStore

$59.95 USD

 8=
3D"Gift		 0h 13m

3D"New"  Ma= cromedia FlashMX Pro 2004 or Macromedia Dreamweaver MX Pro 2004

 3D"Gift from Our eStore

 $39.95 USD 7=
3D"Gift		 0h 11m
----TOuYP1cc764utkVni9j-- From SVWGH@mminternet.com Sat Apr 2 02:13:13 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA18134; Sat, 2 Apr 2005 02:13:13 -0500 (EST) Received: from [201.254.70.81] (helo=201-254-70-81.speedy.com.ar) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DHcw6-0006rT-7i; Sat, 02 Apr 2005 02:20:55 -0500 Message-ID: <070059511149826095856.029l135wd@virgin.net> Received: from 130.151.240.29 by z6-og491.dhjik912.virgin.net with DAV; Sat, 02 Apr 2005 01:05:50 -0600 Reply-To: "Vonda Knutson" From: "Vonda Knutson" To: Subject: Posses whatever drag you want glidden Date: Sat, 02 Apr 2005 06:11:50 -0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--NNHHAODH8485880IZCZTBV" X-Spam-Score: 8.1 (++++++++) X-Spam-Flag: YES X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 ----NNHHAODH8485880IZCZTBV Content-Type: text/plain; Content-Transfer-Encoding: 7Bit neew, improoved drags on our online website! just try us, you wont be dissappointed... for sure :) you wont stop scrrewing with viaggra, enjoy!: http://philosophy.rgry.com/rx/erika/20/acton.htm wanna get rid of smoking? Zybban is the simple and elegant answer: http://philosophy.rgry.com/rx/erika/28/alberich.htm lose wieght fast and easy? Maridia is the ultimate solution: http://philosophy.rgry.com/rx/erika/6/mackinac.htm loosing hair? stop it now! look good again with Propesia, recomended! : http://philosophy.rgry.com/rx/erika/12/hierarchic.htm main page: http://philosophy.rgry.com/rx/erika/crossover.htm also: men's haelth mucsle relexers pajn reliev you should she s one of the kindest and sweetest souls in the world! she s so creative and has a beautiful blog hugs annie! pictures will be added later on today but until then please sign up for a free magazine and or and free butterfly pendant! thanks! i want to thank all the users who have ensured their support and further developement of the software by their registration. it s simple really if you aren t moved by all those people defiantly holding up purple fingers there is something deeply wrong with you. the next day the saw blade was gone but you can still see the scar in the tree trunk all in all pretty strange. então descobriremos que foi em cada uma desses momentos que nosso coração bateu mais forte e que agimos pura e simplesmente como seres humanos!! the makeup of the supreme court could well be one of the next president s most lasting and far-reaching legacies said ralph neas of the liberal advocacy group people for the american way foundation. perhaps what is truly a phenomenal statistic is that while the number of ten million is correct the actual number of eligible voters is less than ten million as. i currently am a member of santa fe hunt out of temecula ca in july i am moving to newport ri how close far are you from newport? i love your website thank you sheila. however many other problems can result in similar symptoms - video head diagnosis is one of the most difficult to make except for physical damage. hey nice site passing by kimmay s page then i saw your s lovely dogs hope your doing ok take care. well i guess i better get going so i don t take up too much of your time i will talk to you later on when you get back from wherever you are?! talk to you sooner than later hopefully. if you have no prior experience with precision electromechanical repair don t just jump in as the following actual experience demonstrates. the books combined with the high praise and all-around good things i ve been hearing from my professors about the intellectual community there are making me increasingly excited about their. ----NNHHAODH8485880IZCZTBV-- From IngridAlvarez@theamericanvenus.org Sat Apr 2 09:06:42 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA23792; Sat, 2 Apr 2005 09:06:42 -0500 (EST) Received: from [211.196.50.239] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DHjOQ-00024Z-8D; Sat, 02 Apr 2005 09:14:32 -0500 Received: from GGT@localhost by WUDb.int (8.11.6/8.11.6); Sat, 02 Apr 2005 08:01:17 -0600 Message-ID: From: "Ellen Chin" Reply-To: "Ellen Chin" To: l2tpext-archive@ietf.org Cc: dinaras@ietf.org, dhcwg@ietf.org, eap-archive@ietf.org, urn-nid-web-archive@ietf.org Subject: Microsoft Special Deals Date: Sat, 02 Apr 2005 11:05:17 -0300 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: IngridAlvarez@theamericanvenus.org Content-Type: multipart/mixed; boundary="--dWrkxKFu8wN4TQaKsH9n" X-Spam-Score: 8.0 (++++++++) X-Spam-Flag: YES X-Scan-Signature: 09f2eafe5f7c426554d5f494540a89cd TstL ----dWrkxKFu8wN4TQaKsH9n Content-Type: text/html; Content-Transfer-Encoding: quoted-printable 6897377
Browse Search Shop My eSoft Community
Back to Soft= ware Overview

Home > All Categories > Computers > Software > Operating Systems > Windows
All Items
Auctions
Bu= y It Now
    Refine Search
 Top Sellers
1   Windows XP Pro
2   Office XP 2002 Pro
3   Adobe Acrobat
     7.0 Professional
4   Adobe Photoshop
     CS 8.0
5   Office 2003 Pro     
6   Macromedia
     Dream Weaver
     MX 2004
7   Macromedia Flash
     MX 2004 Pro
8   MS 2003 Server
     (Enterprise Edition)
9   Norton Antivirus 2005
10 CorelDraw
     Graphics Suite 12.0
11 Adobe Creative Suite
     Premium
12 Alias Wavefront 6.0
13 Adobe Primer
14 AutoDesk 3d Studio
     MAX v6.0
15 Adobe Encore DVD

 

 

Featured It= em

 PRlCE Bids Time Left

3D"New"  Micr= osoft Windows XP PRO
-Current Edition-

 3D"Gift from Our eStore

$49.95 USD

3
3D"Gift

= 0h 15m

Nevv It= ems

 PRlCE Bids Time Left

3D"New"  = Microsoft Office 2003 PRO or
Microsoft Office XP PRO

 3D"Gift from Our eStore

$49.95 USD

9
3D"Gift

 0h 14m

3D"New"  = Adobe Photoshop CS 8.0 or Adobe Acrobat PRO 7.0

 3D"Gift from Our eStore

$59.95 USD

 1
3D"Gift		 0h 15m

3D"New"  = Macromedia FlashMX Pro 2004 or Macromedia Dreamweaver MX Pro 2004

 3D"Gift from Our eStore

 $39.95 USD 2
3D"Gift		 0h 19m
----dWrkxKFu8wN4TQaKsH9n-- From XXZECPWE@delphi.com Sat Apr 2 15:16:04 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA21618; Sat, 2 Apr 2005 15:16:03 -0500 (EST) Received: from dsl-200-78-84-95.prod-infinitum.com.mx ([200.78.84.95]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DHp97-0000ib-84; Sat, 02 Apr 2005 15:23:10 -0500 X-Message-Info: RGHxvsPHBH82yxHODfDIrmjLGZyqPCVxg765 Received: from compete-dns.idt.net (42.122.238.42) by xfp86-db1.idt.net with Microsoft SMTPSVC(5.0.2195.6824); Sat, 02 Apr 2005 21:09:54 +0100 Date: Sat, 02 Apr 2005 22:07:54 +0200 (CST) Message-Id: <7324239189607.qp8YYsnRPS068@at227.eighth53idt.net> To: ldap-dir@ietf.org Subject: In case you need origeenal software, this is for you landscape From: Harriett Moran MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--hpqmayl9907018398oyzmz" X-Spam-Score: 20.6 (++++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 ----hpqmayl9907018398oyzmz Content-Type: text/plain; Content-Transfer-Encoding: 7Bit At the end of every winter we have this for our favorite people. You can visit now and watch yourself - one of the most familiar online sites for OEM softwares is here - get the softwares you need, and for cheep! All are original software! http://kodiakryv5ugbnw398sc9.ijtorquekd.com/ comments fantastic web site i also reside in london i listened to the music on your web site all the time if you are ever in san diego contact me. yo aj amazing set at the fez last week you guys really sounded great we have to get some more philly people up to nyc to see you rock out! effondrée dans un coin encré écoutant le temps s’écouler l’âme rongée par un mal inconnu le cœur arraché par les mots les plus pointus -. aerodynamically the bumblebee should not be able to fly but the bumblebee doesn t know that so it goes on flying anyway. both of you looked great btw mar in your college girl look and grace in your oh damn im fifty with grandchildren thing. it brings lots of nice memories it has such timing too now that i m playing disc with my high school friends and a few other southern characters sigh i love this album and kudos to. nossa naum to nem acreditando que tah postando eh um milagre eheheheheh bem deixa eu aproveitar e tentar postar mais!! “it was a good match it gives us a lot to look forward to in the future has roma won again? i thought they would lazio won too ”. great day in pine valley! jonathan s left to heal himself with professional help--or did he?? the down side is that an angry maggie s left behind. a joined together in purpose in egypt when those activities brought about those necessities - as indicated - for the counsel of the priest. comments excellent!!!!!!!congratulations!!!it s a pleasure to listen the best greek music thanks from uruguay. i dont know when the last time nbsp i cried was but i think it was bcuz i was watchin a sad movie. tad tried to talk babe and jamie into doing the right thing j r was skeptical of bianca s actions greenlee had another episode jamie told tad. giants or giedorim lived and flourished one million rather than between three and four thousand years ago. by myself which was fun because i got to wander around and see things at random and climb to the top of the sagrada familia and not have to worry about stupid hungover boys then we went home. i tink i really lyk this gal subconsciously smiled when i thought of her hehez shld i tell her ? or shld i not ? wat wld be her reaction ? sigh. ok the flag we made abt amundsen some viking guy yea we drew an axe with a viking helmet quite nice actually hahaz though other flags got the mini prize lol. nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp when you fail. ----hpqmayl9907018398oyzmz-- From jkpwuzhe@szjkp.com Sat Apr 2 15:17:36 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA22696 for ; Sat, 2 Apr 2005 15:17:36 -0500 (EST) From: jkpwuzhe@szjkp.com Message-Id: <200504022017.PAA22696@ietf.org> Received: from [211.162.117.219] (helo=eap-archive) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DHpBQ-0001FU-Aw for eap-archive@ietf.org; Sat, 02 Apr 2005 15:25:29 -0500 Subject: =?GB2312?B?uaTStb/VtffXqsjDtcK5+s3+zbwsuaTStb/VtfcsU0szMjkwNTAw?= To: eap-archive@ietf.org Content-Type: text/plain;charset="GB2312" Reply-To: jkpwuzhe@szjkp.com Date: Sun, 3 Apr 2005 04:17:29 +0800 X-Priority: 4 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-Spam-Score: 5.9 (+++++) X-Spam-Flag: YES X-NONENGLISH: Subject contains non-English characters X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad ¹¤Òµ¿Õµ÷תÈà µÂ¹úÍþͼ ¹¤Òµ¿Õµ÷ SK3290500 ¶þÆ¥¹¤Òµ¿Õµ÷ ȫеļ۸ñÊÇ17000Ôª ÏÖÔÚ 9800Ôª תÈᣳÉÉ«½Ó½üȫС£ Èç¹ûÓÐÐèÒªÇëÓëÎÒÁªÏµ¡£0755-83658890 ÎâÕÜÏÈÉú ÊÖ»ú:13632664595 ÉîÛÚÊнð¿­Åôµç×ÓÓÐÏÞ¹«Ë¾ ÎâÕÜ 86-0755-83658890-8890 jkpwuzhe@szjkp.com ÉîÄÏÖз From eap-admin@frascone.com Sat Apr 2 20:09:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA08393 for ; Sat, 2 Apr 2005 20:09:07 -0500 (EST) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C2C592028D; Sat, 2 Apr 2005 20:09:05 -0500 (EST) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 7407220261; Sat, 2 Apr 2005 20:09:03 -0500 (EST) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5CEAC20261 for ; Sat, 2 Apr 2005 20:08:04 -0500 (EST) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id 8B98B20252 for ; Sat, 2 Apr 2005 20:08:02 -0500 (EST) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DHtag-000IK6-3U; Sat, 02 Apr 2005 20:07:50 -0500 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j3317lR28119; Sat, 2 Apr 2005 17:07:47 -0800 From: Bernard Aboba To: "Adrangi, Farid" Cc: eap@frascone.com, iesg@ietf.org, Jari Arkko , gwz@cisco.com, jsalowey@cisco.com, Pasi.Eronen@nokia.com, Eugene Chang Subject: RE: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sat, 2 Apr 2005 17:07:46 -0800 (PST) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) I think we were talking about an IESG note in addition to material in the applicability statement, no? For example, EAP SIM contains the following note: IESG Note The EAP-SIM protocol was developed by 3GPP. The documentation of EAP-SIM is provided as information to the Internet community. While the EAP WG has verified that EAP-SIM is compatible with EAP as defined in RFC 3748, no other review has been done, including validation of the security claims. Here is a potential strawman note for the EAP Network Discovery document: EAP Network Discovery was developed by 3GPP. Documentation is provided as information to the Internet community. While the EAP WG has verified that EAP Network Discovery is compatible with EAP as defined in RFC 3748, no other review has been done, including investigation of potential security issues. There is work underway in IEEE 802.11 which may provide similar functionality, enabling an EAP peer to determine network availability prior to handoff. As a result, the approach described in this document may be superceded by future standards, and it is not recommended for implementation outside of 3GPP. On Thu, 31 Mar 2005, Adrangi, Farid wrote: > Sorry, just to be clear, the link below contains the update we made to > the applicability section in -011 version, based on Glen's comment on > -10 version in the last WG meeting. > Thanks, > Farid > > > > -----Original Message----- > > From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] > > On Behalf Of Adrangi, Farid > > Sent: Thursday, March 31, 2005 9:33 AM > > To: Bernard Aboba > > Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; > > gwz@cisco.com; jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang > > Subject: [eap] RE: FW: I-D > > ACTION:draft-adrangi-eap-network-discovery-11.txt > > > > > > I think so! The applicability section was introduced in version -08. > > Since then we have made several updates to that section based on > > comments from Glen Zorn, Eugene Chang, Jari Arkko, and yourself. The > > updates to this section was made based on Glen Zorn's comment > > during the > > last IETF meeting (relayed to me by Pasi) -- the exact change is > > captured in > > http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.tx > > t -- see > > #3. Please let me know if you have any questions. > > BR, > > Farid > > > > > > > > > -----Original Message----- > > > From: Bernard Aboba [mailto:aboba@internaut.com] > > > Sent: Thursday, March 31, 2005 9:08 AM > > > To: Adrangi, Farid > > > Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; > > > gwz@cisco.com; jsalowey@cisco.com > > > Subject: Re: FW: I-D > > ACTION:draft-adrangi-eap-network-discovery-11.txt > > > > > > > > > As I recall there was a discussion relating to the appropriate > > > applicability statement that should be attached to this document. > > > > > > Have we come to agreement on what the applicability statement > > > should be? > > > > > > On Mon, 28 Mar 2005, Adrangi, Farid wrote: > > > > > > > Hi Everyone, > > > > In this version, we have done some editorial fixes through out the > > > > document and addressed issues brought up during IESG review. > > > > ** Editorial changes are summarized in > > > > > > > http://mng.ctgisp.com/IETF/EAP/Network%20Selection/Editorial_c > > > hanges.txt > > > > ** List of issues with their resolutions are summarized in > > > > http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.txt > > > > Thanks, > > > > Farid > > > > > > > > > -----Original Message----- > > > > > From: i-d-announce-bounces@ietf.org > > > > > [mailto:i-d-announce-bounces@ietf.org] On Behalf Of > > > > > Internet-Drafts@ietf.org > > > > > Sent: Monday, March 28, 2005 8:04 AM > > > > > To: i-d-announce@ietf.org > > > > > Subject: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt > > > > > > > > > > > > > > > A New Internet-Draft is available from the on-line > > > > > Internet-Drafts directories. > > > > > > > > > > > > > > > Title : Identity selection hints for > > > > > Extensible Authentication > > > > > Protocol (EAP) > > > > > Author(s) : F. Adrangi, et al. > > > > > Filename : > > draft-adrangi-eap-network-discovery-11.txt > > > > > Pages : 13 > > > > > Date : 2005-3-25 > > > > > > > > > > The Extensible Authentication Protocol (EAP) is defined > > > in RFC 3748. > > > > > This document defines a mechanism that allows an > > > access network to > > > > > provide identity selection hints to an EAP peer. The > > > purpose is to > > > > > assist the EAP peer in selecting an appropriate > > Network Access > > > > > Identifier (NAI) when there is no direct roaming > > > > > relationship between > > > > > the access network and the peer's home network. In > > this case, > > > > > authentication is typically accomplished via a mediating > > > > > network such > > > > > as a roaming consortium or broker. > > > > > > > > > > A URL for this Internet-Draft is: > > > > > http://www.ietf.org/internet-drafts/draft-adrangi-eap-network- > > > > discovery-11.txt > > > > > > > > To remove yourself from the I-D Announcement list, send a > > message to > > > > i-d-announce-request@ietf.org with the word unsubscribe in > > > the body of > > > > the message. > > > > You can also visit > > > https://www1.ietf.org/mailman/listinfo/I-D-announce > > > > to change your subscription settings. > > > > > > > > > > > > Internet-Drafts are also available by anonymous FTP. > > Login with the > > > > username > > > > "anonymous" and a password of your e-mail address. After > > logging in, > > > > type "cd internet-drafts" and then > > > > "get draft-adrangi-eap-network-discovery-11.txt". > > > > > > > > A list of Internet-Drafts directories can be found in > > > > http://www.ietf.org/shadow.html > > > > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > > > > > Internet-Drafts can also be obtained by e-mail. > > > > > > > > Send a message to: > > > > mailserv@ietf.org. > > > > In the body type: > > > > "FILE > > > > /internet-drafts/draft-adrangi-eap-network-discovery-11.txt". > > > > > > > > NOTE: The mail server at ietf.org can return the document in > > > > MIME-encoded form by using the "mpack" utility. To use this > > > > feature, insert the command "ENCODING mime" before the "FILE" > > > > command. To decode the response(s), you will need "munpack" or > > > > a MIME-compliant mail reader. Different MIME-compliant mail > > > > readers > > > > exhibit different behavior, especially when dealing with > > > > "multipart" MIME messages (i.e. documents which have been split > > > > up into multiple messages), so check your local documentation on > > > > how to manipulate these messages. > > > > > > > > > > > > Below is the data which will enable a MIME compliant mail reader > > > > implementation to automatically retrieve the ASCII version of the > > > > Internet-Draft. > > > > > > > > > _______________________________________________ > > eap mailing list > > eap@frascone.com > > http://mail.frascone.com/mailman/listinfo/eap > > > _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From ingmar@abovenbeyond.com Sat Apr 2 23:23:16 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA21465 for ; Sat, 2 Apr 2005 23:23:16 -0500 (EST) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DHwlW-0003Wa-DI for eap-archive@ietf.org; Sat, 02 Apr 2005 23:31:14 -0500 Received: from champigny-2-82-67-237-29.fbx.proxad.net ([82.67.237.29]) by mx2.foretec.com with smtp (Exim 4.24) id 1DHwdp-0003Dz-AA for eap-archive@ietf.org; Sat, 02 Apr 2005 23:23:18 -0500 Message-ID: <966e01c53802$565204cb$29da5ea7@abovenbeyond.com> From: "Vanessa J. Smith" To: eap-archive@ietf.org Subject: =?iso-8859-1?B?TWljcm9zb2Z0IE9mZmljZSAyMDAzIC0gdmVyeSBsb3cgcHJpY2U=?= Date: Sun, 03 Apr 2005 04:07:38 +0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_7FCDCE9E.23E72CEC" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 16.3 (++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024 This is a multi-part message in MIME format. ------=_NextPart_000_0000_7FCDCE9E.23E72CEC Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_770C4F0D.48398E2C" ------=_NextPart_001_0001_770C4F0D.48398E2C Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Get access to all the software you ever imagined for prices substantially lower than in stores! Our software is 2-10 times cheaper than sold by our competitors. Just a few examples: $79.95 Windows XP Professional (Including: Service Pack 2) $89.95 Microsoft Office 2003 Professional / $79.95 Office XP Professional $99.95 Adobe Photoshop 8.0/CS (Including: ImageReady CS) $179.95 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX) $79.95 Adobe Acrobat 6.0 Professional $69.95 MS Visio 2003 Professional Special Offers: $89.95 Windows XP Professional + Office XP Professional $149.95 Adobe Creative Suite Premium (5 CD) $129.95 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10 All main products from Microsoft, Adobe, Macromedia, Corel, etc. And many more... Enter here: http://www.oemunlimited.biz Best regards, Vanessa Smith _____________________________________________________ To change your mail preferences, go here: http://www.oemunlimited.biz/uns.htm _____________________________________________________ ------=_NextPart_001_0001_770C4F0D.48398E2C Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit
Get access to all the software possible for prices substantially lower than in stores!
We sell software 2-6 times cheaper than retail price.

Just a few examples:
$79.95 Windows XP Professional (Including: Service Pack 2)
$89.95 Microsoft Office 2003 Professional / $79.95 Office XP Professional
$99.95 Adobe Photoshop 8.0/CS (Including: ImageReady CS)
$179.95 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX)
$79.95 Adobe Acrobat 6.0 Professional
$69.95 Quark Xpress 6 Passport Multilanguage

Special Offers:
$89.95 Windows XP Professional + Office XP Professional
$149.95 Adobe Creative Suite Premium (5 CD)
$129.95 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10

All main products from Microsoft, Adobe, Macromedia, Corel, etc.
And many other... Go visit us at:

http://www.oemunlimited.biz

Best regards,
Vanessa J. Smith


_____________________________________________________
To be taken off future campaigns, go: http://www.oemunlimited.biz/uns.htm
_____________________________________________________

------=_NextPart_001_0001_770C4F0D.48398E2C-- ------=_NextPart_000_0000_7FCDCE9E.23E72CEC-- From WilmaHampton@autumn-leaves.co.uk Sun Apr 3 19:08:18 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA05537 for ; Sun, 3 Apr 2005 19:08:15 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DIEKL-00071N-Ny for eap-archive@ietf.org; Sun, 03 Apr 2005 19:16:24 -0400 Received: from [211.245.76.134] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DIECR-0002F1-T4 for eap-archive@ietf.org; Sun, 03 Apr 2005 19:08:14 -0400 Received: from Fqm@localhost by BeA.int (8.11.6/8.11.6); Sun, 03 Apr 2005 20:04:11 -0400 Message-ID: From: "Terri Sanchez" Reply-To: "Terri Sanchez" To: dxcqmmmusic@ietf.org Cc: e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org Subject: Thousands of academic software titles, 80% off, Instant Download Date: Mon, 04 Apr 2005 04:03:11 +0400 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: WilmaHampton@autumn-leaves.co.uk Content-Type: multipart/mixed; boundary="--bdg7ijTul5LdZmXa7Tj" X-Spam-Score: 6.8 (++++++) X-Spam-Flag: YES X-Scan-Signature: 09f2eafe5f7c426554d5f494540a89cd pAn ----bdg7ijTul5LdZmXa7Tj Content-Type: text/html; Content-Transfer-Encoding: quoted-printable 8579555
Browse Search Shop My eSoft Community
Back to Softwa= re Overview

Home > All Categories > Computers > Software > Operating Systems > Windows
All Items
Auctions
Bu= y It Now
    Refine Search
 Top Sellers
1   Windows XP Pro
2   Office XP 2002 Pro
3   Adobe Acrobat
     7.0 Professional
4   Adobe Photoshop
     CS 8.0
5   Office 2003 Pro     
6   Macromedia
     Dream Weaver
     MX 2004
7   Macromedia Flash
     MX 2004 Pro
8   MS 2003 Server
     (Enterprise Edition)
9   Norton Antivirus 2005
10 CorelDraw
     Graphics Suite 12.0
11 Adobe Creative Suite
     Premium
12 Alias Wavefront 6.0
13 Adobe Primer
14 AutoDesk 3d Studio
     MAX v6.0
15 Adobe Encore DVD

 

 

Featured It= em

 PRlCE Bids Time Left

3D"New"  Micros= oft Windows XP PRO
-Current Edition-

 3D"Gift from Our eStore

$49.95 USD

9
3D"Gift

= 0h 13m

Nevv It= ems

 PRlCE Bids Time Left

3D"New"  Mi= crosoft Office 2003 PRO or
Microsoft Office XP PRO

 3D"Gift from Our eStore

$49.95 USD

3
3D"Gift

 0h 19m

3D"New"  Ad= obe Photoshop CS 8.0 or Adobe Acrobat PRO 7.0

 3D"Gift from Our eStore

$59.95 USD

 9=
3D"Gift		 0h 11m

3D"New"  Ma= cromedia FlashMX Pro 2004 or Macromedia Dreamweaver MX Pro 2004

 3D"Gift from Our eStore

 $39.95 USD 2=
3D"Gift		 0h 18m
----bdg7ijTul5LdZmXa7Tj-- From eap-admin@frascone.com Mon Apr 4 00:30:13 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA25857 for ; Mon, 4 Apr 2005 00:30:11 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id DE7EF1FC62; Mon, 4 Apr 2005 00:30:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 25EEF20358; Mon, 4 Apr 2005 00:30:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5A069202CF for ; Mon, 4 Apr 2005 00:29:54 -0400 (EDT) Received: from orsfmr005.jf.intel.com (fmr20.intel.com [134.134.136.19]) by mail.frascone.com (Postfix) with ESMTP id 278291FC62 for ; Mon, 4 Apr 2005 00:29:52 -0400 (EDT) Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr005.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j344TnVH016897; Mon, 4 Apr 2005 04:29:49 GMT Received: from orsmsxvs040.jf.intel.com (orsmsxvs040.jf.intel.com [192.168.65.206]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j344TgeB030238; Mon, 4 Apr 2005 04:29:42 GMT Received: from orsmsx331.amr.corp.intel.com ([192.168.65.56]) by orsmsxvs040.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005040321294209851 ; Sun, 03 Apr 2005 21:29:42 -0700 Received: from orsmsx408.amr.corp.intel.com ([192.168.65.52]) by orsmsx331.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 3 Apr 2005 21:29:42 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt Message-ID: Thread-Topic: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt Thread-Index: AcU36Zc402VBn6AFS+W4rxdYTRQc/AA4x82Q From: "Adrangi, Farid" To: "Bernard Aboba" Cc: , , "Jari Arkko" , , , , "Eugene Chang" X-OriginalArrivalTime: 04 Apr 2005 04:29:42.0198 (UTC) FILETIME=[EBE4B560:01C538CE] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 3 Apr 2005 21:29:40 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable I don't recall talking about an IESG note on the mailing list! Anyhow, as to your strawman IESG note, it should be noted that the draft was reviewed and accepted by IEEE 802.11 (WIEN? - the WG has sent an official review report to IETF. And also, I would remove the last part of the note: "and it is not recommended for implementation outside of 3GPP." I think we should state the facts about the solution and let the implementer decided whether or not the solution is suitable for their deployments outside 3GPP.=20 BR, Farid > -----Original Message----- > From: Bernard Aboba [mailto:aboba@internaut.com]=20 > Sent: Saturday, April 02, 2005 5:08 PM > To: Adrangi, Farid > Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko;=20 > gwz@cisco.com; jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang > Subject: RE: [eap] RE: FW: I-D=20 > ACTION:draft-adrangi-eap-network-discovery-11.txt >=20 >=20 > I think we were talking about an IESG note in addition to=20 > material in the > applicability statement, no? >=20 > For example, EAP SIM contains the following note: >=20 > IESG Note >=20 > The EAP-SIM protocol was developed by 3GPP. The documentation of > EAP-SIM is provided as information to the Internet=20 > community. While > the EAP WG has verified that EAP-SIM is compatible with EAP as > defined in RFC 3748, no other review has been done, including > validation of the security claims. >=20 > Here is a potential strawman note for the EAP Network=20 > Discovery document: >=20 > EAP Network Discovery was developed by 3GPP. Documentation is > provided as information to the Internet community. While the > EAP WG has verified that EAP Network Discovery is compatible with > EAP as defined in RFC 3748, no other review has been done,=20 > including > investigation of potential security issues. There is work > underway in IEEE 802.11 which may provide similar functionality, > enabling an EAP peer to determine network availability prior to > handoff. As a result, the approach described in this document may > be superceded by future standards, and it is not recommended for > implementation outside of 3GPP. >=20 >=20 > On Thu, 31 Mar 2005, Adrangi, Farid wrote: >=20 > > Sorry, just to be clear, the link below contains the update=20 > we made to > > the applicability section in -011 version, based on Glen's=20 > comment on > > -10 version in the last WG meeting. > > Thanks, > > Farid > > > > > > > -----Original Message----- > > > From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] > > > On Behalf Of Adrangi, Farid > > > Sent: Thursday, March 31, 2005 9:33 AM > > > To: Bernard Aboba > > > Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; > > > gwz@cisco.com; jsalowey@cisco.com; Pasi.Eronen@nokia.com;=20 > Eugene Chang > > > Subject: [eap] RE: FW: I-D > > > ACTION:draft-adrangi-eap-network-discovery-11.txt > > > > > > > > > I think so! The applicability section was introduced in=20 > version -08. > > > Since then we have made several updates to that section based on > > > comments from Glen Zorn, Eugene Chang, Jari Arkko, and=20 > yourself. The > > > updates to this section was made based on Glen Zorn's comment > > > during the > > > last IETF meeting (relayed to me by Pasi) -- the exact change is > > > captured in > > > http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.tx > > > t -- see > > > #3. Please let me know if you have any questions. > > > BR, > > > Farid > > > > > > > > > > > > > -----Original Message----- > > > > From: Bernard Aboba [mailto:aboba@internaut.com] > > > > Sent: Thursday, March 31, 2005 9:08 AM > > > > To: Adrangi, Farid > > > > Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; > > > > gwz@cisco.com; jsalowey@cisco.com > > > > Subject: Re: FW: I-D > > > ACTION:draft-adrangi-eap-network-discovery-11.txt > > > > > > > > > > > > As I recall there was a discussion relating to the appropriate > > > > applicability statement that should be attached to this=20 > document. > > > > > > > > Have we come to agreement on what the applicability statement > > > > should be? > > > > > > > > On Mon, 28 Mar 2005, Adrangi, Farid wrote: > > > > > > > > > Hi Everyone, > > > > > In this version, we have done some editorial fixes=20 > through out the > > > > > document and addressed issues brought up during IESG review. > > > > > ** Editorial changes are summarized in > > > > > > > > > http://mng.ctgisp.com/IETF/EAP/Network%20Selection/Editorial_c > > > > hanges.txt > > > > > ** List of issues with their resolutions are summarized in > > > > >=20 > http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.txt > > > > > Thanks, > > > > > Farid > > > > > > > > > > > -----Original Message----- > > > > > > From: i-d-announce-bounces@ietf.org > > > > > > [mailto:i-d-announce-bounces@ietf.org] On Behalf Of > > > > > > Internet-Drafts@ietf.org > > > > > > Sent: Monday, March 28, 2005 8:04 AM > > > > > > To: i-d-announce@ietf.org > > > > > > Subject: I-D=20 > ACTION:draft-adrangi-eap-network-discovery-11.txt > > > > > > > > > > > > > > > > > > A New Internet-Draft is available from the on-line > > > > > > Internet-Drafts directories. > > > > > > > > > > > > > > > > > > Title : Identity selection hints for > > > > > > Extensible Authentication > > > > > > Protocol (EAP) > > > > > > Author(s) : F. Adrangi, et al. > > > > > > Filename : > > > draft-adrangi-eap-network-discovery-11.txt > > > > > > Pages : 13 > > > > > > Date : 2005-3-25 > > > > > > > > > > > > The Extensible Authentication Protocol (EAP) is defined > > > > in RFC 3748. > > > > > > This document defines a mechanism that allows an > > > > access network to > > > > > > provide identity selection hints to an EAP peer. The > > > > purpose is to > > > > > > assist the EAP peer in selecting an appropriate > > > Network Access > > > > > > Identifier (NAI) when there is no direct roaming > > > > > > relationship between > > > > > > the access network and the peer's home network. In > > > this case, > > > > > > authentication is typically accomplished via a mediating > > > > > > network such > > > > > > as a roaming consortium or broker. > > > > > > > > > > > > A URL for this Internet-Draft is: > > > > > >=20 > http://www.ietf.org/internet-drafts/draft-adrangi-eap-network- > > > > > discovery-11.txt > > > > > > > > > > To remove yourself from the I-D Announcement list, send a > > > message to > > > > > i-d-announce-request@ietf.org with the word unsubscribe in > > > > the body of > > > > > the message. > > > > > You can also visit > > > > https://www1.ietf.org/mailman/listinfo/I-D-announce > > > > > to change your subscription settings. > > > > > > > > > > > > > > > Internet-Drafts are also available by anonymous FTP. > > > Login with the > > > > > username > > > > > "anonymous" and a password of your e-mail address. After > > > logging in, > > > > > type "cd internet-drafts" and then > > > > > "get draft-adrangi-eap-network-discovery-11.txt". > > > > > > > > > > A list of Internet-Drafts directories can be found in > > > > > http://www.ietf.org/shadow.html > > > > > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > > > > > > > > Internet-Drafts can also be obtained by e-mail. > > > > > > > > > > Send a message to: > > > > > mailserv@ietf.org. > > > > > In the body type: > > > > > "FILE > > > > > /internet-drafts/draft-adrangi-eap-network-discovery-11.txt". > > > > > > > > > > NOTE: The mail server at ietf.org can return the document in > > > > > MIME-encoded form by using the "mpack" utility.=20 > To use this > > > > > feature, insert the command "ENCODING mime"=20 > before the "FILE" > > > > > command. To decode the response(s), you will=20 > need "munpack" or > > > > > a MIME-compliant mail reader. Different=20 > MIME-compliant mail > > > > > readers > > > > > exhibit different behavior, especially when dealing with > > > > > "multipart" MIME messages (i.e. documents which=20 > have been split > > > > > up into multiple messages), so check your local=20 > documentation on > > > > > how to manipulate these messages. > > > > > > > > > > > > > > > Below is the data which will enable a MIME compliant=20 > mail reader > > > > > implementation to automatically retrieve the ASCII=20 > version of the > > > > > Internet-Draft. > > > > > > > > > > > > _______________________________________________ > > > eap mailing list > > > eap@frascone.com > > > http://mail.frascone.com/mailman/listinfo/eap > > > > > >=20 _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Apr 4 06:54:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA16965 for ; Mon, 4 Apr 2005 06:54:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3010720452; Mon, 4 Apr 2005 06:54:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 7683420445; Mon, 4 Apr 2005 06:54:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D0B7820445 for ; Mon, 4 Apr 2005 06:53:08 -0400 (EDT) Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by mail.frascone.com (Postfix) with ESMTP id F2E7D20441 for ; Mon, 4 Apr 2005 06:53:06 -0400 (EDT) Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130]) by p130.piuha.net (Postfix) with ESMTP id A7BE689862; Mon, 4 Apr 2005 13:53:04 +0300 (EEST) Message-ID: <42511C8D.2090809@piuha.net> From: Jari Arkko User-Agent: Mozilla Thunderbird 1.0 (X11/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Bernard Aboba Cc: eap@frascone.com Subject: Re: [eap] [Issue 294] Rewrite of Security Considerations Section References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 04 Apr 2005 13:53:01 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Bernard Aboba wrote: >Issue 294: Rewrite of the Security Considerations & Requirements Sections >Submitter name: Bernard Aboba >Submitter email address: aboba@internaut.com >Date first submitted: 3/31/05 >Reference: >Document: KEY-05 >Comment type: T >Priority: S >Section: 6, 7 >Rationale/Explanation of issue > >The major rationale for creating the EAP Key Management Framework document >in the first place was to provide a security analysis of EAP usage in >existing applications. > >However, while Section 6.1 defines terminology and Section 6.2 provides a >Threat Model based on the Housley Criteria, the document never actually >provides a security analysis of existing EAP Usage. > >For example, does EAP when used with PPP & RADIUS satisfy the security >requirements? How about when used with 802.11i, and Diameter EAP? The >document does not provide any guidance. It is no wonder that the reader >is left to wonder what the point of the document is. > >Section 7 consists of requirements on EAP methods, AAA >protocols, Secure Association Protocols and Ciphersuites that is in no way >tied back to the security requirements and threat model. One is left to >wonder whether these "requirements" were developed out of thin air, or >whether there is any basis/justification for them. > >The recommended fix is to rewrite Section 6 to analyze the following EAP >usage scenarios according to the security requirements: > >1. EAP over PPP [RFC3748] > a. With RADIUS ([RFC3579] + [RFC2548]) > b. With Diameter-EAP & Redirect >2. EAP over 802.1X > a. With RADIUS ([RFC3579] + [RFC2548]) > b. With Diameter-EAP & Redirect >3. EAP over 802.11i > a. With RADIUS ([RFC3579] + [RFC2548]) > b. With Diameter-EAP & Redirect > >Then, based on the outcome of this Section 6 analysis, we can decide which >of the "requirements" are actually required. > > Agreed. --Jari _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From XRZNH@gmx.net Mon Apr 4 08:48:03 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA29370; Mon, 4 Apr 2005 08:48:02 -0400 (EDT) Received: from [218.155.214.35] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DIR7k-0001pg-FK; Mon, 04 Apr 2005 08:56:14 -0400 X-Message-Info: ZGGCKaIMY6zCYIiZved4QZNw1+Njc5sJW Received: from occ9.mindspring.com (192.254.171.73) by r6-dws007.mindspring.com with Microsoft SMTPSVC(5.0.2195.6824); Mon, 04 Apr 2005 06:45:37 -0700 Received: from Brentic3f086x485ag (176.144.192.38) by jzumej63.mindspring.com (InterMail vM.5.01.06.05 758-023-727-401-079-81829) with SMTP id <445802517782855.DXKX970.inmcdx8292.mindspring.com@bittengs6tjv109pt468jin> for ; Mon, 04 Apr 2005 14:42:37 +0100 Message-ID: <3766bj38xh4638$110876100$zwp881r5@Brentyh73v283olk361mq> From: "Leonor Gomes" To: Subject: The new rollax repliccas gen is here cinematic Date: Mon, 04 Apr 2005 15:46:37 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--tynrhh6864156637etpgwmqhm" X-Spam-Score: 5.6 (+++++) X-Spam-Flag: YES X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17 ----tynrhh6864156637etpgwmqhm Content-Type: text/plain; Content-Transfer-Encoding: 7Bit The new craze is finnally here - one of the bast sites that can give you the things you've allways wanted to get - watchees, repliccas to be correct, of the bast brand s in the world! Impress you're lady with tag heur, roleex, and more. You naame it - We got it for you! mmmmm show me more :-) http://chemistry.rrox.com/r/erika/antecedent.htm just found the site! any one from east berlin gdr top dibiase bud ford dan bresnahan carlos dorta etc or brussels belgium top hedgepeth tommy fleming dj dejesus etc drop me a line!! sheryl crow - sheryl crow with the songs - if it makes you happy everyday is the winding road a change. the movie that bob did with hilary duff called heart of summer it s title might be changed to raise your voice check out the review from. ton sîte est super bien!! faut dire que les jumelles olsen sont très belles! continue comme ça et vive mary kate et ashley! oh of course it stands out a mile doesn t it he s so common - unlike that cockney git whose ulterior motive will soon no doubt become apparent to you poor innocent misguided child that you are. comments omg i love clay aiken he is so hott and i love his voice!! i comments i love clay aiken and i love this site because i get to. banshi and hades are very quiet and seem to be a bit more independant than the others and djinn is a right mummies kitten she has to be right on top of spook all the time! my comments anyone looking for a new opportunity with a technology company in the following areas. enjoyed your tour looking for hanford and nuner roots in this area and enjoy just touring joyce curry. welcome to amanda moon s gallery of pictures from my favorite animated series sailor moon! ashcroft on al-qaeda gallimaufry catches this contemptible quote from john ashcroft yesterday when he announced the possibility of an al-qaeda attack in the united states this summer. nbsp attbi is turning into comcast following mediaone turning into attbi so my e-mail address will be changing to. it is i who acknowledged your craving for peach ice cream nbsp nbsp nbsp by knocking the cold bowl off your belly. all i have to say is that there are some pretty cool drumlines out there so hold on to your butts!!!!!!!!! halliburton drivers tell of convoys of empty loads just to be able to bill the government. to a perfect couple wishing you love happiness and much laughter from your northern california family member love. page and please if you re going to take the scans to put on your site credit siobhan!! it s not hard to ask thanks siobhan! i love your site it s so organized and well set up i ve been hoping to get my site to look this good! -p. ----tynrhh6864156637etpgwmqhm-- From wkauehnmmf@lcc.net Mon Apr 4 09:35:32 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA05983; Mon, 4 Apr 2005 09:35:31 -0400 (EDT) Message-Id: <200504041335.JAA05983@ietf.org> Received: from [211.203.143.17] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DIRrl-00050i-98; Mon, 04 Apr 2005 09:43:46 -0400 Subject: Re: I need your help From: "Jessi Levell" To: dccp@ietf.org Date: Mon, 04 Apr 2005 18:30:29 +0400 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Spam-Score: 6.4 (++++++) X-Spam-Flag: YES X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a Content-Transfer-Encoding: quoted-printable It had the effect of rallying the ship's crew!=20






Cïålis definetely better = then Viãgrå
..can last for 2 days
..You can have alcohol with Cïãlîs
..improves sexual performances twice better then Víagrá ..it costs much cheaper than Pfìzêr Vîâgr&atild= e;
Get CÌALÌS (SÙPÊR V&Iac= ute;ÁGRÂ) here









Discontinue I FORM MY RESOLUTION. Hobson's letter I no more thought of pursuing the un= icorn than of attempting the passage of the North Sea. To coin money, regu= late the value thereof, and of foreign coin, and fix the standard of weigh= ts and measures;=20!=20 From eap-admin@frascone.com Mon Apr 4 21:33:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA03795 for ; Mon, 4 Apr 2005 21:33:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 6D4DD20452; Mon, 4 Apr 2005 21:33:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1A5412042E; Mon, 4 Apr 2005 21:33:02 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 438FB2042E for ; Mon, 4 Apr 2005 21:32:58 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id 7BA272041F for ; Mon, 4 Apr 2005 21:32:55 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DIcw3-000N5E-5d; Mon, 04 Apr 2005 21:32:55 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j351WrX11760; Mon, 4 Apr 2005 18:32:53 -0700 From: Bernard Aboba To: gwz@cisco.com Cc: jsalowey@cisco.com, eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] RE: draft-adrangi-eap-network-discovery-11.txt Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 4 Apr 2005 18:32:53 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Can you review -11 and confirm that issues 287 and 293 have been resolved to your satisfaction? ---------- Forwarded message ---------- Date: Sun, 3 Apr 2005 21:29:40 -0700 From: "Adrangi, Farid" To: Bernard Aboba Cc: eap@frascone.com, iesg@ietf.org, Jari Arkko , gwz@cisco.com, jsalowey@cisco.com, Pasi.Eronen@nokia.com, Eugene Chang Subject: RE: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt I don't recall talking about an IESG note on the mailing list! Anyhow, as to your strawman IESG note, it should be noted that the draft was reviewed and accepted by IEEE 802.11 (WIEN? - the WG has sent an official review report to IETF. And also, I would remove the last part of the note: "and it is not recommended for implementation outside of 3GPP." I think we should state the facts about the solution and let the implementer decided whether or not the solution is suitable for their deployments outside 3GPP. BR, Farid > -----Original Message----- > From: Bernard Aboba [mailto:aboba@internaut.com] > Sent: Saturday, April 02, 2005 5:08 PM > To: Adrangi, Farid > Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; > gwz@cisco.com; jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang > Subject: RE: [eap] RE: FW: I-D > ACTION:draft-adrangi-eap-network-discovery-11.txt > > > I think we were talking about an IESG note in addition to > material in the applicability statement, no? > > For example, EAP SIM contains the following note: > > IESG Note > > The EAP-SIM protocol was developed by 3GPP. The documentation of > EAP-SIM is provided as information to the Internet community. While > the EAP WG has verified that EAP-SIM is compatible with EAP as > defined in RFC 3748, no other review has been done, including > validation of the security claims. > > Here is a potential strawman note for the EAP Network > Discovery document: > > EAP Network Discovery was developed by 3GPP. Documentation is > provided as information to the Internet community. While the > EAP WG has verified that EAP Network Discovery is compatible with > EAP as defined in RFC 3748, no other review has been done, including > investigation of potential security issues. There is work > underway in IEEE 802.11 which may provide similar functionality, > enabling an EAP peer to determine network availability prior to > handoff. As a result, the approach described in this document may > be superceded by future standards, and it is not recommended for > implementation outside of 3GPP. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Apr 4 22:08:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA06372 for ; Mon, 4 Apr 2005 22:08:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1F05120463; Mon, 4 Apr 2005 22:08:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A04C720446; Mon, 4 Apr 2005 22:08:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1B99820446 for ; Mon, 4 Apr 2005 22:07:35 -0400 (EDT) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by mail.frascone.com (Postfix) with ESMTP id 358F820435 for ; Mon, 4 Apr 2005 22:07:33 -0400 (EDT) Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 04 Apr 2005 19:07:34 -0700 Received: from gwzw2k01 (sjc-vpn6-268.cisco.com [10.21.121.12]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j3527TgS006968; Mon, 4 Apr 2005 19:07:30 -0700 (PDT) Message-Id: <200504050207.j3527TgS006968@sj-core-3.cisco.com> Reply-To: From: "Glen Zorn (gwz)" To: "'Bernard Aboba'" Cc: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcU5f5MCJ7Up60OuRMypCPY/9cUZiQABI/Ug In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] RE: draft-adrangi-eap-network-discovery-11.txt Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 4 Apr 2005 19:07:29 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Bernard Aboba supposedly scribbled: > Can you review -11 and confirm that issues 287 and 293 have been > resolved to your satisfaction? You betcha, this evening. > > ---------- Forwarded message ---------- > Date: Sun, 3 Apr 2005 21:29:40 -0700 > From: "Adrangi, Farid" > To: Bernard Aboba > Cc: eap@frascone.com, iesg@ietf.org, Jari Arkko > , gwz@cisco.com, jsalowey@cisco.com, > Pasi.Eronen@nokia.com, Eugene Chang > Subject: RE: [eap] RE: FW: I-D > ACTION:draft-adrangi-eap-network-discovery-11.txt > > I don't recall talking about an IESG note on the mailing list! > Anyhow, as to your strawman IESG note, it should be noted that the > draft was reviewed and accepted by IEEE 802.11 (WIEN? - the WG has > sent an official review report to IETF. And also, I would remove the > last part of the note: "and it is not recommended for implementation > outside of 3GPP." I think we should state the facts about the > solution and let the implementer decided whether or not the solution > is suitable for their deployments outside 3GPP. BR, > Farid > >> -----Original Message----- >> From: Bernard Aboba [mailto:aboba@internaut.com] >> Sent: Saturday, April 02, 2005 5:08 PM >> To: Adrangi, Farid >> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; >> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang >> Subject: RE: [eap] RE: FW: I-D >> ACTION:draft-adrangi-eap-network-discovery-11.txt >> >> >> I think we were talking about an IESG note in addition to material in >> the applicability statement, no? >> >> For example, EAP SIM contains the following note: >> >> IESG Note >> >> The EAP-SIM protocol was developed by 3GPP. The documentation of >> EAP-SIM is provided as information to the Internet community. While >> the EAP WG has verified that EAP-SIM is compatible with EAP as >> defined in RFC 3748, no other review has been done, including >> validation of the security claims. >> >> Here is a potential strawman note for the EAP Network Discovery >> document: >> >> EAP Network Discovery was developed by 3GPP. Documentation is >> provided as information to the Internet community. While the EAP WG >> has verified that EAP Network Discovery is compatible with EAP as >> defined in RFC 3748, no other review has been done, including >> investigation of potential security issues. There is work underway >> in IEEE 802.11 which may provide similar functionality, enabling an >> EAP peer to determine network availability prior to handoff. As a >> result, the approach described in this document may be superceded by >> future standards, and it is not recommended for implementation >> outside of 3GPP. Hope this helps, ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Apr 4 22:57:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA09933 for ; Mon, 4 Apr 2005 22:57:05 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B528120497; Mon, 4 Apr 2005 22:57:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3782320477; Mon, 4 Apr 2005 22:57:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A101620477 for ; Mon, 4 Apr 2005 22:56:02 -0400 (EDT) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by mail.frascone.com (Postfix) with ESMTP id 37B0B2046C for ; Mon, 4 Apr 2005 22:55:59 -0400 (EDT) Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 04 Apr 2005 19:55:59 -0700 Received: from gwzw2k01 (sjc-vpn6-268.cisco.com [10.21.121.12]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j352tsgS022841; Mon, 4 Apr 2005 19:55:55 -0700 (PDT) Message-Id: <200504050255.j352tsgS022841@sj-core-3.cisco.com> Reply-To: From: "Glen Zorn (gwz)" To: "'Adrangi, Farid'" , "'Bernard Aboba'" Cc: , , "'Jari Arkko'" , , , "'Eugene Chang'" Subject: RE: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcU36Zc402VBn6AFS+W4rxdYTRQc/AA4x82QAC8VD3A= In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 4 Apr 2005 19:55:54 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Adrangi, Farid supposedly scribbled: > I don't recall talking about an IESG note on the mailing list! > Anyhow, as to your strawman IESG note, it should be noted that the > draft was reviewed and accepted by IEEE 802.11 I'm not sure what this means. Does it mean accepted as in "whatever you want to do" or as in adopted as correct? > (WIEN? - Last time I checked, WIEN was just a study group (the 802.11 equivalent of a BOF). Has this changed? > the WG has > sent an official review report to IETF. Did we receive a liaison from the 802.11 Working Group or a note from the WIEN Study Group? There's a big difference... > And also, I would remove the > last part of the note: "and it is not recommended for implementation > outside of 3GPP." I think we should state the facts about the > solution Unless the draft has changed drastically for the better, the facts were pretty slim, certainly too slim for it to be called a "solution" (without volumes of supporting documentation). > and let the implementer decided whether or not the solution > is suitable for their deployments outside 3GPP. If and when the RFC Editor becomes a vanity publisher for 3GPP, I will agree; until then, however, I think that we at least a right (if not a duty) to publish applicability statements that express the opinions of the IETF (regardless if those opinions coincide with those of the author(s)). > BR, > Farid > >> -----Original Message----- >> From: Bernard Aboba [mailto:aboba@internaut.com] >> Sent: Saturday, April 02, 2005 5:08 PM >> To: Adrangi, Farid >> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; >> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang >> Subject: RE: [eap] RE: FW: I-D >> ACTION:draft-adrangi-eap-network-discovery-11.txt >> >> >> I think we were talking about an IESG note in addition to material in >> the applicability statement, no? >> >> For example, EAP SIM contains the following note: >> >> IESG Note >> >> The EAP-SIM protocol was developed by 3GPP. The documentation of >> EAP-SIM is provided as information to the Internet community. >> While the EAP WG has verified that EAP-SIM is compatible with EAP >> as defined in RFC 3748, no other review has been done, including >> validation of the security claims. >> >> Here is a potential strawman note for the EAP Network Discovery >> document: >> >> EAP Network Discovery was developed by 3GPP. Documentation is >> provided as information to the Internet community. While the >> EAP WG has verified that EAP Network Discovery is compatible with >> EAP as defined in RFC 3748, no other review has been done, >> including investigation of potential security issues. There is >> work underway in IEEE 802.11 which may provide similar >> functionality, enabling an EAP peer to determine network >> availability prior to handoff. As a result, the approach >> described in this document may be superceded by future standards, >> and it is not recommended for implementation outside of 3GPP. >> >> >> On Thu, 31 Mar 2005, Adrangi, Farid wrote: >> >>> Sorry, just to be clear, the link below contains the update we made >>> to the applicability section in -011 version, based on Glen's >>> comment on -10 version in the last WG meeting. >>> Thanks, >>> Farid >>> >>> >>>> -----Original Message----- >>>> From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On >>>> Behalf Of Adrangi, Farid Sent: Thursday, March 31, 2005 9:33 AM >>>> To: Bernard Aboba >>>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; >>>> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang >>>> Subject: [eap] RE: FW: I-D >>>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>> >>>> >>>> I think so! The applicability section was introduced in version >>>> -08. Since then we have made several updates to that section based >>>> on comments from Glen Zorn, Eugene Chang, Jari Arkko, and >>>> yourself. The updates to this section was made based on Glen >>>> Zorn's comment during the last IETF meeting (relayed to me by >>>> Pasi) -- the exact change is captured in >>>> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.tx >>>> t -- see >>>> #3. Please let me know if you have any questions. >>>> BR, >>>> Farid >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: Bernard Aboba [mailto:aboba@internaut.com] >>>>> Sent: Thursday, March 31, 2005 9:08 AM >>>>> To: Adrangi, Farid >>>>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; >>>>> jsalowey@cisco.com Subject: Re: FW: I-D >>>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>>> >>>>> >>>>> As I recall there was a discussion relating to the appropriate >>>>> applicability statement that should be attached to this document. >>>>> >>>>> Have we come to agreement on what the applicability statement >>>>> should be? >>>>> >>>>> On Mon, 28 Mar 2005, Adrangi, Farid wrote: >>>>> >>>>>> Hi Everyone, >>>>>> In this version, we have done some editorial fixes through out >>>>>> the document and addressed issues brought up during IESG review. >>>>>> ** Editorial changes are summarized in >>>>>> >>>>> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/Editorial_c >>>>> hanges.txt >>>>>> ** List of issues with their resolutions are summarized in >>>>>> >> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.txt >>>>>> Thanks, >>>>>> Farid >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: i-d-announce-bounces@ietf.org >>>>>>> [mailto:i-d-announce-bounces@ietf.org] On Behalf Of >>>>>>> Internet-Drafts@ietf.org Sent: Monday, March 28, 2005 8:04 AM >>>>>>> To: i-d-announce@ietf.org >>>>>>> Subject: I-D >> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>>>>> >>>>>>> >>>>>>> A New Internet-Draft is available from the on-line >>>>>>> Internet-Drafts directories. >>>>>>> >>>>>>> >>>>>>> Title : Identity selection hints for >>>>>>> Extensible Authentication >>>>>>> Protocol (EAP) >>>>>>> Author(s) : F. Adrangi, et al. >>>>>>> Filename : >>>> draft-adrangi-eap-network-discovery-11.txt >>>>>>> Pages : 13 >>>>>>> Date : 2005-3-25 >>>>>>> >>>>>>> The Extensible Authentication Protocol (EAP) is defined in RFC >>>>>>> 3748. This document defines a mechanism that allows an >>>>>>> access network to provide identity selection hints to an EAP >>>>>>> peer. The purpose is to assist the EAP peer in selecting an >>>>>>> appropriate Network Access Identifier (NAI) when there is no >>>>>>> direct roaming relationship between the access network and >>>>>>> the peer's home network. In this case, authentication is >>>>>>> typically accomplished via a mediating network such as a >>>>>>> roaming consortium or broker. >>>>>>> >>>>>>> A URL for this Internet-Draft is: >>>>>>> >> http://www.ietf.org/internet-drafts/draft-adrangi-eap-network- >>>>>> discovery-11.txt >>>>>> >>>>>> To remove yourself from the I-D Announcement list, send a >>>>>> message to i-d-announce-request@ietf.org with the word >>>>>> unsubscribe in the body of the message. You can also visit >>>>> https://www1.ietf.org/mailman/listinfo/I-D-announce >>>>>> to change your subscription settings. >>>>>> >>>>>> >>>>>> Internet-Drafts are also available by anonymous FTP. Login with >>>>>> the username "anonymous" and a password of your e-mail address. >>>>>> After logging in, type "cd internet-drafts" and then >>>>>> "get draft-adrangi-eap-network-discovery-11.txt". >>>>>> >>>>>> A list of Internet-Drafts directories can be found in >>>>>> http://www.ietf.org/shadow.html or >>>>>> ftp://ftp.ietf.org/ietf/1shadow-sites.txt >>>>>> >>>>>> >>>>>> Internet-Drafts can also be obtained by e-mail. >>>>>> >>>>>> Send a message to: >>>>>> mailserv@ietf.org. >>>>>> In the body type: >>>>>> "FILE >>>>>> /internet-drafts/draft-adrangi-eap-network-discovery-11.txt". >>>>>> >>>>>> NOTE: The mail server at ietf.org can return the document in >>>>>> MIME-encoded form by using the "mpack" utility. >> To use this >>>>>> feature, insert the command "ENCODING mime" before the "FILE" >>>>>> command. To decode the response(s), you will need "munpack" or >>>>>> a MIME-compliant mail reader. Different MIME-compliant mail >>>>>> readers exhibit different behavior, especially when dealing with >>>>>> "multipart" MIME messages (i.e. documents which have been split >>>>>> up into multiple messages), so check your local documentation on >>>>>> how to manipulate these messages. >>>>>> >>>>>> >>>>>> Below is the data which will enable a MIME compliant mail reader >>>>>> implementation to automatically retrieve the ASCII version of >>>>>> the Internet-Draft. >>>>>> >>>>> >>>> _______________________________________________ >>>> eap mailing list >>>> eap@frascone.com >>>> http://mail.frascone.com/mailman/listinfo/eap Hope this helps, ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 00:05:09 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA13683 for ; Tue, 5 Apr 2005 00:05:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 927D620498; Tue, 5 Apr 2005 00:05:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A792B204AE; Tue, 5 Apr 2005 00:05:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id DD1BE20498 for ; Tue, 5 Apr 2005 00:04:22 -0400 (EDT) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by mail.frascone.com (Postfix) with ESMTP id DF1CC2048F for ; Tue, 5 Apr 2005 00:04:20 -0400 (EDT) Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 04 Apr 2005 21:04:20 -0700 Received: from gwzw2k01 (sjc-vpn6-268.cisco.com [10.21.121.12]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j3544JgS011053; Mon, 4 Apr 2005 21:04:19 -0700 (PDT) Message-Id: <200504050404.j3544JgS011053@sj-core-3.cisco.com> Reply-To: From: "Glen Zorn (gwz)" To: Cc: , , "'Bernard Aboba'" Subject: RE: [eap] RE: draft-adrangi-eap-network-discovery-11.txt MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcU5f5MCJ7Up60OuRMypCPY/9cUZiQABI/UgAAH4PGA= In-Reply-To: <200504050207.j3527TgS006968@sj-core-3.cisco.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 4 Apr 2005 21:04:16 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Glen Zorn (gwz) <> supposedly scribbled: > Bernard Aboba supposedly scribbled: > >> Can you review -11 and confirm that issues 287 and 293 have been >> resolved to your satisfaction? > > You betcha, this evening. As far as issues 287 & 293, looks OK to me. A few other comments: 1. (editorial) I think the paragraph break here In such scenarios, a limited number of identity hints (e.g., a list of roaming partners of the access network) can be provided by the mechanism to enable the EAP peer to influence routing of AAA packets. The immediate application of the proposed mechanism is in 3GPP systems interworking with WLANs [TS 23.234] and [TS 24.234]. The roaming partner information provided via this mechanism is limited by the link layer MTU size. For example, assuming an average of 20 is in the wrong place -- this make more sense to me: In such scenarios, a limited number of identity hints (e.g., a list of roaming partners of the access network) can be provided by the mechanism to enable the EAP peer to influence routing of AAA packets. The immediate application of the proposed mechanism is in 3GPP systems interworking with WLANs [TS 23.234] and [TS 24.234]. The roaming partner information provided via this mechanism is limited by the link layer MTU size. For example, assuming an average of 20 2. (technical) It's not clear to me what the required behavior is from the following (section 2. paragraph 3) If the peer responds with an EAP-Response/Identity containing an unknown realm after the local AAA proxy/server sends an identity hint, then the local AAA proxy/server MAY respond immediately with an EAP Failure packet. Alternatively, it MAY first send an EAP-Notification providing the reason for the failure. I think what is meant is that the proxy MAY send an EAP-Notification message before sending EAP FAILURE, but EAP Failure is always sent in this case. If that is correct, may I suggest the following replacement text: If the peer responds with an EAP-Response/Identity containing an unknown realm after the local AAA proxy/server sends an identity hint, then the local AAA proxy/server MAY send an EAP-Notification message providing the reason for the failure; whether an EAP notification message is sent, the AAA proxy/server MUST respond with an EAP Failure packet. or something similar. 3. The message flows in the Appendix only shoe the success cases -- it would be nice if at least one failure case was illustrated. > >> >> ---------- Forwarded message ---------- >> Date: Sun, 3 Apr 2005 21:29:40 -0700 >> From: "Adrangi, Farid" >> To: Bernard Aboba >> Cc: eap@frascone.com, iesg@ietf.org, Jari Arkko >> , gwz@cisco.com, jsalowey@cisco.com, >> Pasi.Eronen@nokia.com, Eugene Chang >> Subject: RE: [eap] RE: FW: I-D >> ACTION:draft-adrangi-eap-network-discovery-11.txt >> >> I don't recall talking about an IESG note on the mailing list! >> Anyhow, as to your strawman IESG note, it should be noted that the >> draft was reviewed and accepted by IEEE 802.11 (WIEN? - the WG has >> sent an official review report to IETF. And also, I would remove the >> last part of the note: "and it is not recommended for implementation >> outside of 3GPP." I think we should state the facts about the >> solution and let the implementer decided whether or not the solution >> is suitable for their deployments outside 3GPP. BR, >> Farid >> >>> -----Original Message----- >>> From: Bernard Aboba [mailto:aboba@internaut.com] >>> Sent: Saturday, April 02, 2005 5:08 PM >>> To: Adrangi, Farid >>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; >>> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang >>> Subject: RE: [eap] RE: FW: I-D >>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>> >>> >>> I think we were talking about an IESG note in addition to material >>> in the applicability statement, no? >>> >>> For example, EAP SIM contains the following note: >>> >>> IESG Note >>> >>> The EAP-SIM protocol was developed by 3GPP. The documentation of >>> EAP-SIM is provided as information to the Internet community. While >>> the EAP WG has verified that EAP-SIM is compatible with EAP as >>> defined in RFC 3748, no other review has been done, including >>> validation of the security claims. >>> >>> Here is a potential strawman note for the EAP Network Discovery >>> document: >>> >>> EAP Network Discovery was developed by 3GPP. Documentation is >>> provided as information to the Internet community. While the EAP WG >>> has verified that EAP Network Discovery is compatible with EAP as >>> defined in RFC 3748, no other review has been done, including >>> investigation of potential security issues. There is work underway >>> in IEEE 802.11 which may provide similar functionality, enabling an >>> EAP peer to determine network availability prior to handoff. As a >>> result, the approach described in this document may be superceded >>> by future standards, and it is not recommended for implementation >>> outside of 3GPP. > > Hope this helps, > > ~gwz > > Why is it that most of the world's problems can't be solved by simply > listening to John Coltrane? -- Henry Gabriel > _______________________________________________ eap mailing list > eap@frascone.com > http://mail.frascone.com/mailman/listinfo/eap Hope this helps, ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 00:53:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA17076 for ; Tue, 5 Apr 2005 00:53:05 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 45394204CA; Tue, 5 Apr 2005 00:53:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5B879204BF; Tue, 5 Apr 2005 00:53:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3C92E204BF for ; Tue, 5 Apr 2005 00:52:40 -0400 (EDT) Received: from orsfmr002.jf.intel.com (fmr17.intel.com [134.134.136.16]) by mail.frascone.com (Postfix) with ESMTP id 26D382049F for ; Tue, 5 Apr 2005 00:52:37 -0400 (EDT) Received: from orsfmr100.jf.intel.com (orsfmr100.jf.intel.com [10.7.209.16]) by orsfmr002.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j354qauv031391; Tue, 5 Apr 2005 04:52:36 GMT Received: from orsmsxvs040.jf.intel.com (orsmsxvs040.jf.intel.com [192.168.65.206]) by orsfmr100.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j354qXeO024516; Tue, 5 Apr 2005 04:52:35 GMT Received: from orsmsx332.amr.corp.intel.com ([192.168.65.60]) by orsmsxvs040.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005040421523531442 ; Mon, 04 Apr 2005 21:52:35 -0700 Received: from orsmsx408.amr.corp.intel.com ([192.168.65.52]) by orsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 4 Apr 2005 21:52:35 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt Message-ID: Thread-Topic: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt Thread-Index: AcU36Zc402VBn6AFS+W4rxdYTRQc/AA4x82QAC8VD3AAA+DrAA== From: "Adrangi, Farid" To: , "Bernard Aboba" Cc: , , "Jari Arkko" , , , "Eugene Chang" X-OriginalArrivalTime: 05 Apr 2005 04:52:35.0089 (UTC) FILETIME=[489D0010:01C5399B] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 4 Apr 2005 21:52:34 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Hi Glen, The report was sent to IETF -- will send you a copy if I find it in my archives. I will let IESG interpret the report and decide whether not it should be mentioned in the IESG applicability note! So, Please discard my e-mail. Brian made it clear to me that it is IESG's responsibility to determine the need for the applicability note and its content! BR, Farid > -----Original Message----- > From: Glen Zorn (gwz) [mailto:gwz@cisco.com]=20 > Sent: Monday, April 04, 2005 7:56 PM > To: Adrangi, Farid; 'Bernard Aboba' > Cc: eap@frascone.com; iesg@ietf.org; 'Jari Arkko';=20 > jsalowey@cisco.com; Pasi.Eronen@nokia.com; 'Eugene Chang' > Subject: RE: [eap] RE: FW: I-D=20 > ACTION:draft-adrangi-eap-network-discovery-11.txt >=20 >=20 > Adrangi, Farid supposedly > scribbled: >=20 > > I don't recall talking about an IESG note on the mailing list!=20 > > Anyhow, as to your strawman IESG note, it should be noted that the > > draft was reviewed and accepted by IEEE 802.11=20 >=20 > I'm not sure what this means. Does it mean accepted as in "whatever > you want to do" or as in adopted as correct? =20 >=20 > > (WIEN? -=20 >=20 > Last time I checked, WIEN was just a study group (the 802.11 > equivalent of a BOF). Has this changed? >=20 > > the WG has > > sent an official review report to IETF. =20 >=20 > Did we receive a liaison from the 802.11 Working Group or a note > from the WIEN Study Group? There's a big difference... >=20 > > And also, I would remove the > > last part of the note: "and it is not recommended for > implementation > > outside of 3GPP." I think we should state the facts about the > > solution=20 >=20 > Unless the draft has changed drastically for the better, the facts > were pretty slim, certainly too slim for it to be called a > "solution" (without volumes of supporting documentation). >=20 > > and let the implementer decided whether or not the solution > > is suitable for their deployments outside 3GPP.=20 >=20 > If and when the RFC Editor becomes a vanity publisher for 3GPP, I > will agree; until then, however, I think that we at least a right > (if not a duty) to publish applicability statements that express the > opinions of the IETF (regardless if those opinions coincide with > those of the author(s)). >=20 >=20 > > BR, =20 > > Farid > >=20 > >> -----Original Message----- > >> From: Bernard Aboba [mailto:aboba@internaut.com] > >> Sent: Saturday, April 02, 2005 5:08 PM > >> To: Adrangi, Farid > >> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; > >> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang > >> Subject: RE: [eap] RE: FW: I-D > >> ACTION:draft-adrangi-eap-network-discovery-11.txt > >>=20 > >>=20 > >> I think we were talking about an IESG note in addition to > material in > >> the applicability statement, no? > >>=20 > >> For example, EAP SIM contains the following note: > >>=20 > >> IESG Note > >>=20 > >> The EAP-SIM protocol was developed by 3GPP. The documentation > of > >> EAP-SIM is provided as information to the Internet community. > >> While the EAP WG has verified that EAP-SIM is compatible with > EAP > >> as defined in RFC 3748, no other review has been done, > including > >> validation of the security claims. > >>=20 > >> Here is a potential strawman note for the EAP Network Discovery > >> document:=20 > >>=20 > >> EAP Network Discovery was developed by 3GPP. Documentation is > >> provided as information to the Internet community. While the > >> EAP WG has verified that EAP Network Discovery is compatible > with > >> EAP as defined in RFC 3748, no other review has been done, > >> including investigation of potential security issues. There > is > >> work underway in IEEE 802.11 which may provide similar > >> functionality, enabling an EAP peer to determine network > >> availability prior to handoff. As a result, the approach > >> described in this document may be superceded by future > standards, > >> and it is not recommended for implementation outside of 3GPP. > >>=20 > >>=20 > >> On Thu, 31 Mar 2005, Adrangi, Farid wrote: > >>=20 > >>> Sorry, just to be clear, the link below contains the update we > made > >>> to the applicability section in -011 version, based on Glen's > >>> comment on -10 version in the last WG meeting. > >>> Thanks, > >>> Farid > >>>=20 > >>>=20 > >>>> -----Original Message----- > >>>> From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On > >>>> Behalf Of Adrangi, Farid Sent: Thursday, March 31, 2005 9:33 AM > >>>> To: Bernard Aboba > >>>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; > >>>> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang > >>>> Subject: [eap] RE: FW: I-D > >>>> ACTION:draft-adrangi-eap-network-discovery-11.txt > >>>>=20 > >>>>=20 > >>>> I think so! The applicability section was introduced in version > >>>> -08. Since then we have made several updates to that section > based > >>>> on comments from Glen Zorn, Eugene Chang, Jari Arkko, and > >>>> yourself. The updates to this section was made based on Glen > >>>> Zorn's comment during the last IETF meeting (relayed to me by > >>>> Pasi) -- the exact change is captured in > >>>> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.tx=20 > >>>> t -- see > >>>> #3. Please let me know if you have any questions. > >>>> BR, > >>>> Farid > >>>>=20 > >>>>=20 > >>>>=20 > >>>>> -----Original Message----- > >>>>> From: Bernard Aboba [mailto:aboba@internaut.com] > >>>>> Sent: Thursday, March 31, 2005 9:08 AM > >>>>> To: Adrangi, Farid > >>>>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; > gwz@cisco.com; > >>>>> jsalowey@cisco.com Subject: Re: FW: I-D > >>>> ACTION:draft-adrangi-eap-network-discovery-11.txt > >>>>>=20 > >>>>>=20 > >>>>> As I recall there was a discussion relating to the appropriate > >>>>> applicability statement that should be attached to this > document. > >>>>>=20 > >>>>> Have we come to agreement on what the applicability statement > >>>>> should be?=20 > >>>>>=20 > >>>>> On Mon, 28 Mar 2005, Adrangi, Farid wrote: > >>>>>=20 > >>>>>> Hi Everyone, > >>>>>> In this version, we have done some editorial fixes through > out > >>>>>> the document and addressed issues brought up during IESG > review. > >>>>>> ** Editorial changes are summarized in > >>>>>>=20 > >>>>> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/Editorial_c > >>>>> hanges.txt > >>>>>> ** List of issues with their resolutions are summarized in > >>>>>>=20 > >> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.txt > >>>>>> Thanks, > >>>>>> Farid > >>>>>>=20 > >>>>>>> -----Original Message----- > >>>>>>> From: i-d-announce-bounces@ietf.org > >>>>>>> [mailto:i-d-announce-bounces@ietf.org] On Behalf Of > >>>>>>> Internet-Drafts@ietf.org Sent: Monday, March 28, 2005 8:04 > AM > >>>>>>> To: i-d-announce@ietf.org > >>>>>>> Subject: I-D > >> ACTION:draft-adrangi-eap-network-discovery-11.txt > >>>>>>>=20 > >>>>>>>=20 > >>>>>>> A New Internet-Draft is available from the on-line > >>>>>>> Internet-Drafts directories. > >>>>>>>=20 > >>>>>>>=20 > >>>>>>> Title : Identity selection hints for > >>>>>>> Extensible Authentication > >>>>>>> Protocol (EAP) > >>>>>>> Author(s) : F. Adrangi, et al. > >>>>>>> Filename : > >>>> draft-adrangi-eap-network-discovery-11.txt > >>>>>>> Pages : 13 > >>>>>>> Date : 2005-3-25 > >>>>>>>=20 > >>>>>>> The Extensible Authentication Protocol (EAP) is defined in > RFC > >>>>>>> 3748. This document defines a mechanism that allows an > >>>>>>> access network to provide identity selection hints to an > EAP > >>>>>>> peer. The purpose is to assist the EAP peer in selecting > an > >>>>>>> appropriate Network Access Identifier (NAI) when there is > no > >>>>>>> direct roaming relationship between the access network > and > >>>>>>> the peer's home network. In this case, authentication is > >>>>>>> typically accomplished via a mediating network such as a > >>>>>>> roaming consortium or broker.=20 > >>>>>>>=20 > >>>>>>> A URL for this Internet-Draft is: > >>>>>>>=20 > >> http://www.ietf.org/internet-drafts/draft-adrangi-eap-network- > >>>>>> discovery-11.txt > >>>>>>=20 > >>>>>> To remove yourself from the I-D Announcement list, send a > >>>>>> message to i-d-announce-request@ietf.org with the word > >>>>>> unsubscribe in the body of the message. You can also visit > >>>>> https://www1.ietf.org/mailman/listinfo/I-D-announce > >>>>>> to change your subscription settings. > >>>>>>=20 > >>>>>>=20 > >>>>>> Internet-Drafts are also available by anonymous FTP. Login > with > >>>>>> the username "anonymous" and a password of your e-mail > address. > >>>>>> After logging in, type "cd internet-drafts" and then > >>>>>> "get draft-adrangi-eap-network-discovery-11.txt". > >>>>>>=20 > >>>>>> A list of Internet-Drafts directories can be found in > >>>>>> http://www.ietf.org/shadow.html or > >>>>>> ftp://ftp.ietf.org/ietf/1shadow-sites.txt > >>>>>>=20 > >>>>>>=20 > >>>>>> Internet-Drafts can also be obtained by e-mail. > >>>>>>=20 > >>>>>> Send a message to: > >>>>>> mailserv@ietf.org. > >>>>>> In the body type: > >>>>>> "FILE > >>>>>> /internet-drafts/draft-adrangi-eap-network-discovery-11.txt". > >>>>>>=20 > >>>>>> NOTE: The mail server at ietf.org can return the document > in > >>>>>> MIME-encoded form by using the "mpack" utility. > >> To use this > >>>>>> feature, insert the command "ENCODING mime" before the > "FILE" > >>>>>> command. To decode the response(s), you will=20 > need "munpack" > or > >>>>>> a MIME-compliant mail reader. Different=20 > MIME-compliant mail > >>>>>> readers exhibit different behavior, especially=20 > when dealing > with > >>>>>> "multipart" MIME messages (i.e. documents which=20 > have been > split > >>>>>> up into multiple messages), so check your local > documentation on > >>>>>> how to manipulate these messages. > >>>>>>=20 > >>>>>>=20 > >>>>>> Below is the data which will enable a MIME compliant mail > reader > >>>>>> implementation to automatically retrieve the ASCII version of > >>>>>> the Internet-Draft.=20 > >>>>>>=20 > >>>>>=20 > >>>> _______________________________________________ > >>>> eap mailing list > >>>> eap@frascone.com > >>>> http://mail.frascone.com/mailman/listinfo/eap >=20 > Hope this helps, >=20 > ~gwz >=20 > Why is it that most of the world's problems can't be solved by > simply > listening to John Coltrane? -- Henry Gabriel >=20 _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 01:18:09 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA19076 for ; Tue, 5 Apr 2005 01:18:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2BF31204E3; Tue, 5 Apr 2005 01:18:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 8E8B4204C4; Tue, 5 Apr 2005 01:18:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 43AC9204C4 for ; Tue, 5 Apr 2005 01:17:51 -0400 (EDT) Received: from orsfmr005.jf.intel.com (fmr20.intel.com [134.134.136.19]) by mail.frascone.com (Postfix) with ESMTP id C1E94204C0 for ; Tue, 5 Apr 2005 01:17:48 -0400 (EDT) Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr005.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j355GgD9016410; Tue, 5 Apr 2005 05:16:42 GMT Received: from orsmsxvs040.jf.intel.com (orsmsxvs040.jf.intel.com [192.168.65.206]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j355GgpI009214; Tue, 5 Apr 2005 05:16:42 GMT Received: from orsmsx331.amr.corp.intel.com ([192.168.65.56]) by orsmsxvs040.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005040422164200825 ; Mon, 04 Apr 2005 22:16:42 -0700 Received: from orsmsx408.amr.corp.intel.com ([192.168.65.52]) by orsmsx331.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 4 Apr 2005 22:16:42 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] RE: draft-adrangi-eap-network-discovery-11.txt Message-ID: Thread-Topic: [eap] RE: draft-adrangi-eap-network-discovery-11.txt Thread-Index: AcU5f5MCJ7Up60OuRMypCPY/9cUZiQABI/UgAAH4PGAABEJLUA== From: "Adrangi, Farid" To: Cc: , "Bernard Aboba" , X-OriginalArrivalTime: 05 Apr 2005 05:16:42.0188 (UTC) FILETIME=[A726C8C0:01C5399E] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 4 Apr 2005 22:16:32 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Hi Glen, Thanks so much for your quick review and feedback. And thanks for confirming fixes for issues 287 & 293 :-) Please see my comments inline. BR, Farid > -----Original Message----- > From: eap-admin@frascone.com [mailto:eap-admin@frascone.com]=20 > On Behalf Of Glen Zorn (gwz) > Sent: Monday, April 04, 2005 9:04 PM > To: eap@frascone.com > Cc: jsalowey@cisco.com; gwz@cisco.com; 'Bernard Aboba' > Subject: RE: [eap] RE: draft-adrangi-eap-network-discovery-11.txt >=20 >=20 > Glen Zorn (gwz) <> supposedly scribbled: >=20 > > Bernard Aboba supposedly scribbled: > >=20 > >> Can you review -11 and confirm that issues 287 and 293 have been > >> resolved to your satisfaction? > >=20 > > You betcha, this evening. >=20 > As far as issues 287 & 293, looks OK to me. A few other comments: >=20 > 1. (editorial) I think the paragraph break here >=20 > In such scenarios, a limited number of identity hints (e.g., a=20 > list of roaming partners of the access network) can be provided=20 > by the mechanism to enable the EAP peer to influence routing of > AAA packets. >=20 > The immediate application of the proposed mechanism is in 3GPP > systems interworking with WLANs [TS 23.234] and [TS 24.234]. The > roaming partner information provided via this mechanism is > limited by > the link layer MTU size. For example, assuming an average of 20 >=20 > is in the wrong place -- this make more sense to me: >=20 > In such scenarios, a limited number of identity hints (e.g., a=20 > list of roaming partners of the access network) can be provided=20 > by the mechanism to enable the EAP peer to influence routing of > AAA packets. The immediate application of the proposed mechanism > is in 3GPP systems interworking with WLANs [TS 23.234] and=20 > [TS 24.234]. =20 >=20 > The roaming partner information provided via this mechanism is=20 > limited by the link layer MTU size. For example, assuming an=20 > average of 20 >=20 [FA] Good suggestion! Will do. > 2. (technical) It's not clear to me what the required behavior is > from the following (section 2. paragraph 3) >=20 > If the peer responds with an EAP-Response/Identity containing an > unknown realm after the local AAA proxy/server sends an identity > hint, then the local AAA proxy/server MAY respond immediately > with an > EAP Failure packet. Alternatively, it MAY first send an > EAP-Notification providing the reason for the failure. >=20 > I think what is meant is that the proxy MAY send an EAP-Notification > message before sending EAP FAILURE, but EAP Failure is always sent > in this case. If that is correct, may I suggest the following > replacement text: >=20 > If the peer responds with an EAP-Response/Identity containing an > unknown realm after the local AAA proxy/server sends an identity > hint, then the local AAA proxy/server MAY send an > EAP-Notification > message providing the reason for the failure; whether an > EAP notification message is sent, the AAA proxy/server MUST > respond=20 > with an EAP Failure packet.=20 >=20 > or something similar. >=20 [FA] Ok. I thought we could send an EAP-Notificaiton or Failure message - I guess I was wrong. So, how about if we say: " If the peer responds with an EAP-Response/Identity containing an unknown realm after the local AAA proxy/server sends an identity hint, then the local AAA proxy/server MUST respond with an EAP Failure packet. The local AAA proxy/server MAY also send an EAP-Notification message providing the reason for the failure." Will this work for you? > 3. The message flows in the Appendix only shoe the success cases -- > it would be nice if at least one failure case was illustrated. [FA] Ok. I will a failure case to one of the delivery options.=20 > >=20 > >>=20 > >> ---------- Forwarded message ---------- > >> Date: Sun, 3 Apr 2005 21:29:40 -0700 > >> From: "Adrangi, Farid" > >> To: Bernard Aboba > >> Cc: eap@frascone.com, iesg@ietf.org, Jari Arkko > >> , gwz@cisco.com, jsalowey@cisco.com, > >> Pasi.Eronen@nokia.com, Eugene Chang > >> Subject: RE: [eap] RE: FW: I-D > >> ACTION:draft-adrangi-eap-network-discovery-11.txt > >>=20 > >> I don't recall talking about an IESG note on the mailing list! > >> Anyhow, as to your strawman IESG note, it should be noted that > the > >> draft was reviewed and accepted by IEEE 802.11 (WIEN? - the WG > has > >> sent an official review report to IETF. And also, I would remove > the > >> last part of the note: "and it is not recommended for > implementation > >> outside of 3GPP." I think we should state the facts about the > >> solution and let the implementer decided whether or not the > solution > >> is suitable for their deployments outside 3GPP. BR, > >> Farid > >>=20 > >>> -----Original Message----- > >>> From: Bernard Aboba [mailto:aboba@internaut.com] > >>> Sent: Saturday, April 02, 2005 5:08 PM > >>> To: Adrangi, Farid > >>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; > >>> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang > >>> Subject: RE: [eap] RE: FW: I-D > >>> ACTION:draft-adrangi-eap-network-discovery-11.txt > >>>=20 > >>>=20 > >>> I think we were talking about an IESG note in addition to > material > >>> in the applicability statement, no? > >>>=20 > >>> For example, EAP SIM contains the following note: > >>>=20 > >>> IESG Note > >>>=20 > >>> The EAP-SIM protocol was developed by 3GPP. The documentation > of > >>> EAP-SIM is provided as information to the Internet community. > While > >>> the EAP WG has verified that EAP-SIM is compatible with EAP as > >>> defined in RFC 3748, no other review has been done, including > >>> validation of the security claims. > >>>=20 > >>> Here is a potential strawman note for the EAP Network Discovery > >>> document:=20 > >>>=20 > >>> EAP Network Discovery was developed by 3GPP. Documentation is > >>> provided as information to the Internet community. While the > EAP WG > >>> has verified that EAP Network Discovery is compatible with EAP > as > >>> defined in RFC 3748, no other review has been done, including > >>> investigation of potential security issues. There is work > underway > >>> in IEEE 802.11 which may provide similar functionality, > enabling an > >>> EAP peer to determine network availability prior to handoff. > As a > >>> result, the approach described in this document may be > superceded > >>> by future standards, and it is not recommended for > implementation > >>> outside of 3GPP. > >=20 > > Hope this helps, > >=20 > > ~gwz > >=20 > > Why is it that most of the world's problems can't be solved by > simply > > listening to John Coltrane? -- Henry Gabriel > > _______________________________________________ eap mailing list > > eap@frascone.com > > http://mail.frascone.com/mailman/listinfo/eap >=20 > Hope this helps, >=20 > ~gwz >=20 > Why is it that most of the world's problems can't be solved by > simply > listening to John Coltrane? -- Henry Gabriel > _______________________________________________ > eap mailing list > eap@frascone.com > http://mail.frascone.com/mailman/listinfo/eap >=20 _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 02:12:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA04106 for ; Tue, 5 Apr 2005 02:12:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2D8B9204F1; Tue, 5 Apr 2005 02:12:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id DD16D204C4; Tue, 5 Apr 2005 02:12:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 18CBC204C4 for ; Tue, 5 Apr 2005 02:11:40 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id 7AAF2204C0 for ; Tue, 5 Apr 2005 02:11:35 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DIhHj-000Lqu-9o; Tue, 05 Apr 2005 02:11:35 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j356BX928434; Mon, 4 Apr 2005 23:11:33 -0700 From: Bernard Aboba To: "Glen Zorn (gwz)" Cc: "'Adrangi, Farid'" , eap@frascone.com Subject: RE: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt In-Reply-To: <200504050255.j352tsgS022841@sj-core-3.cisco.com> Message-ID: References: <200504050255.j352tsgS022841@sj-core-3.cisco.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 4 Apr 2005 23:11:33 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > Last time I checked, WIEN was just a study group (the 802.11 > equivalent of a BOF). Has this changed? Yes, it has. WIEN has now been chartered as 802.11u. > Did we receive a liaison from the 802.11 Working Group or a note > from the WIEN Study Group? There's a big difference... We got a note from WIEN indicating that they had reviewed the document and found that it was not in conflict with the proposed PAR for 802.11u. Having said that, the 802.11u PAR does authorize work on network selection within state 1 (unassociated, unauthenticated; EAP network discovery requires the STA to be in state 3 (associated, authenticated). _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From SeymourMullen@electronica-usa.org Tue Apr 5 02:20:29 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA12248 for ; Tue, 5 Apr 2005 02:20:25 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DIhYN-0002fb-Uw for eap-archive@ietf.org; Tue, 05 Apr 2005 02:28:49 -0400 Received: from c-24-60-18-74.hsd1.ma.comcast.net ([24.60.18.74]) by mx2.foretec.com with smtp (Exim 4.24) id 1DIhQG-0008IJ-VX for eap-archive@ietf.org; Tue, 05 Apr 2005 02:20:25 -0400 Received: from PMt@localhost by Iyv.int (8.11.6/8.11.6); Tue, 05 Apr 2005 06:29:52 -0100 Message-ID: From: "Garth Stein" Reply-To: "Garth Stein" To: eap-archive@ietf.org Subject: Win a brand new Jaguar XJ 2005 in our casino ID:SMM7k Date: Tue, 05 Apr 2005 05:29:52 -0200 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: SeymourMullen@electronica-usa.org Content-Type: multipart/mixed; boundary="--E5OGe2rNKdLwdNg" X-Spam-Score: 12.6 (++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955 F51 ----E5OGe2rNKdLwdNg Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Dpy4NiboFew

Welcome to MS@Casino - a REVOLUTION in = Online Gambling!
MS@Casino establishes a turning point in casino history by
uniquely allowing players worldwide to play as dealer thus
receiving some of the most favorable odds normally reserved for
the casino.

MS@Casino offers popular games, including Blackjack, Roulette,
Slot Machines and Video Poker all featuring unmatched graphics and sounds.=

You may play with REAL Money or just play for Fun (no bank details needed)=

Questions and Answers
--------------------

Q: MS@Casino offers matchless credibility and it's easy to check. How ? A: Robert as Player and Graham as Dealer enter one of the games. Once the = game
is over, they verify that one's losing sum is the other's winning sum.
=
Q: MS@Casino offers the highest payouts available. How is that possible? A: Payouts are constant in games like Blackjack and Roulette (and for all<= br> games with the same rules). MS@Casino 's unique concept allows players to<= br> become the Dealer, which improves their winning odds, thus increasing
their payout rates.

The top daily player (determined at 23:59) gets $200 bonus!

Winnings generated from playing as Dealer are also accumulated.

The scoreboard will be updated every hour.

Visit our site 4highrollers.net - try your luck & no deposit required = ! ! !

Best regards,

Benjamin Stein
Casino Manager

----E5OGe2rNKdLwdNg-- From eap-admin@frascone.com Tue Apr 5 11:06:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA28319 for ; Tue, 5 Apr 2005 11:06:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 7CDF4206A5; Tue, 5 Apr 2005 11:06:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 22C0020534; Tue, 5 Apr 2005 11:06:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B5BA22056B for ; Tue, 5 Apr 2005 11:05:12 -0400 (EDT) Received: from motgate.mot.com (motgate.mot.com [129.188.136.100]) by mail.frascone.com (Postfix) with ESMTP id D9E8C20534 for ; Tue, 5 Apr 2005 11:05:10 -0400 (EDT) Received: from az33exr03.mot.com (az33exr03.mot.com [10.64.251.233]) by motgate.mot.com (Motorola/Motgate) with ESMTP id j35F59Q0005016 for ; Tue, 5 Apr 2005 08:05:09 -0700 (MST) Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4]) by az33exr03.mot.com (8.13.1/8.13.0) with ESMTP id j35F676s016751 for ; Tue, 5 Apr 2005 10:06:08 -0500 (CDT) Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72) id ; Tue, 5 Apr 2005 10:05:07 -0500 Message-ID: From: Nakhjiri Madjid-MNAKHJI1 To: eap@frascone.com, "'henry.haverinen@nokia.com'" MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C539F0.D9AD866C" X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] EAP-SIM fast re-auth identity Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 5 Apr 2005 10:05:05 -0500 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C539F0.D9AD866C Content-Type: text/plain Hi, I have a question regarding the EAP-SIM method for fast re-authentication and would appreciate it if the authors and other people respond. Why is a specific identity used for fast re-authentication? What is the problem with using the identities that were used during the full authentication? The initial identity that is sent in EAP-Response/ Identity should not have a problem, right? Thanks in advance, Madjid Nakhjiri ------_=_NextPart_001_01C539F0.D9AD866C Content-Type: text/html Content-Transfer-Encoding: base64 PGh0bWw+DQoNCjxoZWFkPg0KPE1FVEEgSFRUUC1FUVVJVj0iQ29udGVudC1UeXBlIiBDT05URU5U PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXMtYXNjaWkiPg0KDQoNCjxtZXRhIG5hbWU9R2VuZXJhdG9y IGNvbnRlbnQ9Ik1pY3Jvc29mdCBXb3JkIDEwIChmaWx0ZXJlZCkiPg0KDQo8c3R5bGU+DQo8IS0t DQogLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCiBwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBk aXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZv bnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KYTpsaW5r LCBzcGFuLk1zb0h5cGVybGluaw0KCXtjb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRl cmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe2NvbG9yOnB1 cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnNwYW4uRW1haWxTdHlsZTE3DQoJ e2ZvbnQtZmFtaWx5OkFyaWFsOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KQHBhZ2UgU2VjdGlvbjEN Cgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMjVpbiAxLjBpbiAxLjI1aW47 fQ0KZGl2LlNlY3Rpb24xDQoJe3BhZ2U6U2VjdGlvbjE7fQ0KLS0+DQo8L3N0eWxlPg0KDQo8L2hl YWQ+DQoNCjxib2R5IGxhbmc9RU4tVVMgbGluaz1ibHVlIHZsaW5rPXB1cnBsZT4NCg0KPGRpdiBj bGFzcz1TZWN0aW9uMT4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPUFy aWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6QXJpYWwnPkhp LCA8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBm YWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6QXJp YWwnPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQg c2l6ZT0yIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZh bWlseTpBcmlhbCc+SSBoYXZlIGEgcXVlc3Rpb24gcmVnYXJkaW5nIHRoZSBFQVAtU0lNIG1ldGhv ZCBmb3IgZmFzdA0KcmUtYXV0aGVudGljYXRpb24gYW5kIHdvdWxkIGFwcHJlY2lhdGUgaXQgaWYg dGhlIGF1dGhvcnMgYW5kIG90aGVyIHBlb3BsZQ0KcmVzcG9uZC4gV2h5IGlzIGEgc3BlY2lmaWMg aWRlbnRpdHkgdXNlZCBmb3IgZmFzdCByZS1hdXRoZW50aWNhdGlvbj8gV2hhdCBpcw0KdGhlIHBy b2JsZW0gd2l0aCB1c2luZyB0aGUgaWRlbnRpdGllcyB0aGF0IHdlcmUgdXNlZCBkdXJpbmcgdGhl IGZ1bGwNCmF1dGhlbnRpY2F0aW9uPyBUaGUgaW5pdGlhbCBpZGVudGl0eSB0aGF0IGlzIHNlbnQg aW4gRUFQLVJlc3BvbnNlLyBJZGVudGl0eQ0Kc2hvdWxkIG5vdCBoYXZlIGEgcHJvYmxlbSwgcmln aHQ/PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIg ZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OkFy aWFsJz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250 IHNpemU9MiBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1m YW1pbHk6QXJpYWwnPlRoYW5rcyBpbiBhZHZhbmNlLDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBj bGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQt c2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseTpBcmlhbCc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+ DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT1BcmlhbD48c3BhbiBzdHls ZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OkFyaWFsJz5NYWRqaWQgTmFraGppcmk8 L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjwvYm9keT4NCg0KPC9odG1sPg0K ------_=_NextPart_001_01C539F0.D9AD866C-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 13:13:05 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09681 for ; Tue, 5 Apr 2005 13:13:04 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 95558206AC; Tue, 5 Apr 2005 13:13:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1A8742058D; Tue, 5 Apr 2005 13:13:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 511522058D for ; Tue, 5 Apr 2005 13:12:34 -0400 (EDT) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by mail.frascone.com (Postfix) with ESMTP id F1CF520582 for ; Tue, 5 Apr 2005 13:12:32 -0400 (EDT) Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-5.cisco.com with ESMTP; 05 Apr 2005 10:12:32 -0700 Received: from gwzw2k01 (sjc-vpn6-268.cisco.com [10.21.121.12]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j35HCPgT024038; Tue, 5 Apr 2005 10:12:28 -0700 (PDT) Message-Id: <200504051712.j35HCPgT024038@sj-core-3.cisco.com> Reply-To: From: "Glen Zorn (gwz)" To: "'Adrangi, Farid'" , "'Bernard Aboba'" Cc: , , "'Jari Arkko'" , , , "'Eugene Chang'" Subject: RE: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcU36Zc402VBn6AFS+W4rxdYTRQc/AA4x82QAC8VD3AAA+DrAAAaO/sg In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 5 Apr 2005 10:12:25 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Adrangi, Farid supposedly scribbled: > Hi Glen, > The report was sent to IETF -- will send you a copy if I find it in > my archives. OK, cool. I must admit to some confusion on this issue: a cursory search of IETF liaisons @ https://datatracker.ietf.org/public/liaisons.cgi didn't turn up anything; furthermore, since Bernard is listed as the IETF liaison to IEEE 802, I would think that he would be aware of said document. I'm not doubting your veracity in the least: it's just a bit weird. > I will let IESG interpret the report and decide whether > not it should be mentioned in the IESG applicability note! So, > Please discard my e-mail. Brian made it clear to me that it is IESG's > responsibility to determine the need for the applicability note and > its content! BR, > Farid > >> -----Original Message----- >> From: Glen Zorn (gwz) [mailto:gwz@cisco.com] >> Sent: Monday, April 04, 2005 7:56 PM >> To: Adrangi, Farid; 'Bernard Aboba' >> Cc: eap@frascone.com; iesg@ietf.org; 'Jari Arkko'; >> jsalowey@cisco.com; Pasi.Eronen@nokia.com; 'Eugene Chang' >> Subject: RE: [eap] RE: FW: I-D >> ACTION:draft-adrangi-eap-network-discovery-11.txt >> >> >> Adrangi, Farid supposedly >> scribbled: >> >>> I don't recall talking about an IESG note on the mailing list! >>> Anyhow, as to your strawman IESG note, it should be noted that the >>> draft was reviewed and accepted by IEEE 802.11 >> >> I'm not sure what this means. Does it mean accepted as in "whatever >> you want to do" or as in adopted as correct? >> >>> (WIEN? - >> >> Last time I checked, WIEN was just a study group (the 802.11 >> equivalent of a BOF). Has this changed? >> >>> the WG has >>> sent an official review report to IETF. >> >> Did we receive a liaison from the 802.11 Working Group or a note from >> the WIEN Study Group? There's a big difference... >> >>> And also, I would remove the >>> last part of the note: "and it is not recommended for implementation >>> outside of 3GPP." I think we should state the facts about the >>> solution >> >> Unless the draft has changed drastically for the better, the facts >> were pretty slim, certainly too slim for it to be called a "solution" >> (without volumes of supporting documentation). >> >>> and let the implementer decided whether or not the solution is >>> suitable for their deployments outside 3GPP. >> >> If and when the RFC Editor becomes a vanity publisher for 3GPP, I >> will agree; until then, however, I think that we at least a right >> (if not a duty) to publish applicability statements that express the >> opinions of the IETF (regardless if those opinions coincide with >> those of the author(s)). >> >> >>> BR, >>> Farid >>> >>>> -----Original Message----- >>>> From: Bernard Aboba [mailto:aboba@internaut.com] >>>> Sent: Saturday, April 02, 2005 5:08 PM >>>> To: Adrangi, Farid >>>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; >>>> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang >>>> Subject: RE: [eap] RE: FW: I-D >>>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>> >>>> >>>> I think we were talking about an IESG note in addition to material >>>> in the applicability statement, no? >>>> >>>> For example, EAP SIM contains the following note: >>>> >>>> IESG Note >>>> >>>> The EAP-SIM protocol was developed by 3GPP. The documentation >>>> of EAP-SIM is provided as information to the Internet community. >>>> While the EAP WG has verified that EAP-SIM is compatible with >>>> EAP as defined in RFC 3748, no other review has been done, >>>> including validation of the security claims. >>>> >>>> Here is a potential strawman note for the EAP Network Discovery >>>> document: >>>> >>>> EAP Network Discovery was developed by 3GPP. Documentation is >>>> provided as information to the Internet community. While the >>>> EAP WG has verified that EAP Network Discovery is compatible >>>> with EAP as defined in RFC 3748, no other review has been done, >>>> including investigation of potential security issues. There is >>>> work underway in IEEE 802.11 which may provide similar >>>> functionality, enabling an EAP peer to determine network >>>> availability prior to handoff. As a result, the approach >>>> described in this document may be superceded by future >>>> standards, and it is not recommended for implementation outside >>>> of 3GPP. >>>> >>>> >>>> On Thu, 31 Mar 2005, Adrangi, Farid wrote: >>>> >>>>> Sorry, just to be clear, the link below contains the update we >>>>> made to the applicability section in -011 version, based on Glen's >>>>> comment on -10 version in the last WG meeting. >>>>> Thanks, >>>>> Farid >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On >>>>>> Behalf Of Adrangi, Farid Sent: Thursday, March 31, 2005 9:33 AM >>>>>> To: Bernard Aboba Cc: eap@frascone.com; iesg@ietf.org; Jari >>>>>> Arkko; gwz@cisco.com; jsalowey@cisco.com; Pasi.Eronen@nokia.com; >>>>>> Eugene Chang Subject: [eap] RE: FW: I-D >>>>>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>>>> >>>>>> >>>>>> I think so! The applicability section was introduced in version >>>>>> -08. Since then we have made several updates to that section >>>>>> based on comments from Glen Zorn, Eugene Chang, Jari Arkko, and >>>>>> yourself. The updates to this section was made based on Glen >>>>>> Zorn's comment during the last IETF meeting (relayed to me by >>>>>> Pasi) -- the exact change is captured in >>>>>> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.tx t >>>>>> -- see #3. Please let me know if you have any questions. >>>>>> BR, >>>>>> Farid >>>>>> >>>>>> >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Bernard Aboba [mailto:aboba@internaut.com] >>>>>>> Sent: Thursday, March 31, 2005 9:08 AM >>>>>>> To: Adrangi, Farid >>>>>>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; >>>>>>> jsalowey@cisco.com Subject: Re: FW: I-D >>>>>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>>>>> >>>>>>> >>>>>>> As I recall there was a discussion relating to the appropriate >>>>>>> applicability statement that should be attached to this >>>>>>> document. >>>>>>> >>>>>>> Have we come to agreement on what the applicability statement >>>>>>> should be? >>>>>>> >>>>>>> On Mon, 28 Mar 2005, Adrangi, Farid wrote: >>>>>>> >>>>>>>> Hi Everyone, >>>>>>>> In this version, we have done some editorial fixes through out >>>>>>>> the document and addressed issues brought up during IESG >>>>>>>> review. ** Editorial changes are summarized in >>>>>>>> >>>>>>> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/Editorial_c >>>>>>> hanges.txt >>>>>>>> ** List of issues with their resolutions are summarized in >>>>>>>> >>>> http://mng.ctgisp.com/IETF/EAP/Network%20Selection/issues-1.txt >>>>>>>> Thanks, >>>>>>>> Farid >>>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: i-d-announce-bounces@ietf.org >>>>>>>>> [mailto:i-d-announce-bounces@ietf.org] On Behalf Of >>>>>>>>> Internet-Drafts@ietf.org Sent: Monday, March 28, 2005 8:04 AM >>>>>>>>> To: i-d-announce@ietf.org Subject: I-D >>>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>>>>>>> >>>>>>>>> >>>>>>>>> A New Internet-Draft is available from the on-line >>>>>>>>> Internet-Drafts directories. >>>>>>>>> >>>>>>>>> >>>>>>>>> Title : Identity selection hints for >>>>>>>>> Extensible Authentication >>>>>>>>> Protocol (EAP) >>>>>>>>> Author(s) : F. Adrangi, et al. >>>>>>>>> Filename : >>>>>> draft-adrangi-eap-network-discovery-11.txt >>>>>>>>> Pages : 13 >>>>>>>>> Date : 2005-3-25 >>>>>>>>> >>>>>>>>> The Extensible Authentication Protocol (EAP) is defined in RFC >>>>>>>>> 3748. This document defines a mechanism that allows an >>>>>>>>> access network to provide identity selection hints to an >>>>>>>>> EAP peer. The purpose is to assist the EAP peer in >>>>>>>>> selecting an appropriate Network Access Identifier (NAI) >>>>>>>>> when there is no direct roaming relationship between the >>>>>>>>> access network and the peer's home network. In this case, >>>>>>>>> authentication is typically accomplished via a mediating >>>>>>>>> network such as a roaming consortium or broker. >>>>>>>>> >>>>>>>>> A URL for this Internet-Draft is: >>>>>>>>> >>>> http://www.ietf.org/internet-drafts/draft-adrangi-eap-network- >>>>>>>> discovery-11.txt >>>>>>>> >>>>>>>> To remove yourself from the I-D Announcement list, send a >>>>>>>> message to i-d-announce-request@ietf.org with the word >>>>>>>> unsubscribe in the body of the message. You can also visit >>>>>>> https://www1.ietf.org/mailman/listinfo/I-D-announce >>>>>>>> to change your subscription settings. >>>>>>>> >>>>>>>> >>>>>>>> Internet-Drafts are also available by anonymous FTP. Login with >>>>>>>> the username "anonymous" and a password of your e-mail address. >>>>>>>> After logging in, type "cd internet-drafts" and then >>>>>>>> "get draft-adrangi-eap-network-discovery-11.txt". >>>>>>>> >>>>>>>> A list of Internet-Drafts directories can be found in >>>>>>>> http://www.ietf.org/shadow.html or >>>>>>>> ftp://ftp.ietf.org/ietf/1shadow-sites.txt >>>>>>>> >>>>>>>> >>>>>>>> Internet-Drafts can also be obtained by e-mail. >>>>>>>> >>>>>>>> Send a message to: >>>>>>>> mailserv@ietf.org. >>>>>>>> In the body type: >>>>>>>> "FILE >>>>>>>> /internet-drafts/draft-adrangi-eap-network-discovery-11.txt". >>>>>>>> >>>>>>>> NOTE: The mail server at ietf.org can return the document in >>>>>>>> MIME-encoded form by using the "mpack" utility. >>>> To use this >>>>>>>> feature, insert the command "ENCODING mime" before the "FILE" >>>>>>>> command. To decode the response(s), you will >> need "munpack" >> or >>>>>>>> a MIME-compliant mail reader. Different MIME-compliant mail >>>>>>>> readers exhibit different behavior, especially >> when dealing >> with >>>>>>>> "multipart" MIME messages (i.e. documents which >> have been >> split >>>>>>>> up into multiple messages), so check your local documentation >>>>>>>> on how to manipulate these messages. >>>>>>>> >>>>>>>> >>>>>>>> Below is the data which will enable a MIME compliant mail >>>>>>>> reader implementation to automatically retrieve the ASCII >>>>>>>> version of the Internet-Draft. >>>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> eap mailing list >>>>>> eap@frascone.com >>>>>> http://mail.frascone.com/mailman/listinfo/eap >> >> Hope this helps, >> >> ~gwz >> >> Why is it that most of the world's problems can't be solved by simply >> listening to John Coltrane? -- Henry Gabriel Hope this helps, ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 15:29:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA23235 for ; Tue, 5 Apr 2005 15:29:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D1A64206B3; Tue, 5 Apr 2005 15:29:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5EA73205BC; Tue, 5 Apr 2005 15:29:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C24E4205BC for ; Tue, 5 Apr 2005 15:28:40 -0400 (EDT) Received: from ietf.org (odin.ietf.org [132.151.1.176]) by mail.frascone.com (Postfix) with ESMTP id 0EEDD20582 for ; Tue, 5 Apr 2005 15:28:36 -0400 (EDT) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA23218; Tue, 5 Apr 2005 15:28:33 -0400 (EDT) Message-Id: <200504051928.PAA23218@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org Cc: eap@frascone.com From: Internet-Drafts@ietf.org X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] I-D ACTION:draft-ietf-eap-keying-06.txt Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 05 Apr 2005 15:28:33 -0400 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Extensible Authentication Protocol Working Group of the IETF. Title : Extensible Authentication Protocol (EAP) Key Management Framework Author(s) : B. Aboba, et al. Filename : draft-ietf-eap-keying-06.txt Pages : 70 Date : 2005-4-5 The Extensible Authentication Protocol (EAP), defined in [RFC3748], enables extensible network access authentication. This document provides a framework for the generation, transport and usage of keying material generated by EAP authentication algorithms, known as 'methods'. It also specifies the EAP key hierarchy. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-eap-keying-06.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-eap-keying-06.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-eap-keying-06.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2005-4-5160019.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-eap-keying-06.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-eap-keying-06.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2005-4-5160019.I-D@ietf.org> --OtherAccess-- --NextPart-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 16:28:11 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13261 for ; Tue, 5 Apr 2005 16:28:11 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1B400206B6; Tue, 5 Apr 2005 16:28:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 83FD3206A8; Tue, 5 Apr 2005 16:28:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 6ECD6206A8 for ; Tue, 5 Apr 2005 16:27:06 -0400 (EDT) Received: from sj-iport-3.cisco.com (sj-iport-3-in.cisco.com [171.71.176.72]) by mail.frascone.com (Postfix) with ESMTP id 65987205BC for ; Tue, 5 Apr 2005 16:26:59 -0400 (EDT) Received: from sj-core-3.cisco.com (171.68.223.137) by sj-iport-3.cisco.com with ESMTP; 05 Apr 2005 13:26:55 -0700 X-IronPort-AV: i="3.91,152,1110182400"; d="scan'208"; a="245958165:sNHT3750776508" Received: from gwzw2k01 (sjc-vpn6-268.cisco.com [10.21.121.12]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j35KQqgS000307; Tue, 5 Apr 2005 13:26:52 -0700 (PDT) Message-Id: <200504052026.j35KQqgS000307@sj-core-3.cisco.com> Reply-To: From: "Glen Zorn (gwz)" To: "'Adrangi, Farid'" Cc: , "'Bernard Aboba'" , Subject: RE: [eap] RE: draft-adrangi-eap-network-discovery-11.txt MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcU5f5MCJ7Up60OuRMypCPY/9cUZiQABI/UgAAH4PGAABEJLUAAf7Xdg In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 5 Apr 2005 13:26:52 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit Adrangi, Farid supposedly scribbled: > " > If the peer responds with an EAP-Response/Identity containing an > unknown realm after the local AAA proxy/server sends an identity > hint, then the local AAA proxy/server MUST respond with an EAP > Failure packet. The local AAA proxy/server MAY also send an > EAP-Notification message providing the reason for the failure." > > Will this work for you? I'm pretty sure that the EAP-{Request, Response}/Notification exchange has to come before EAP Failure; if you could make that sequential character clear (which I attempted to do, but apparently failed), it would be great. > > >> 3. The message flows in the Appendix only shoe the success cases -- >> it would be nice if at least one failure case was illustrated. > > [FA] Ok. I will a failure case to one of the delivery options. > >>> >>>> >>>> ---------- Forwarded message ---------- >>>> Date: Sun, 3 Apr 2005 21:29:40 -0700 >>>> From: "Adrangi, Farid" >>>> To: Bernard Aboba >>>> Cc: eap@frascone.com, iesg@ietf.org, Jari Arkko >>>> , gwz@cisco.com, jsalowey@cisco.com, >>>> Pasi.Eronen@nokia.com, Eugene Chang >>>> Subject: RE: [eap] RE: FW: I-D >>>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>> >>>> I don't recall talking about an IESG note on the mailing list! >>>> Anyhow, as to your strawman IESG note, it should be noted that the >>>> draft was reviewed and accepted by IEEE 802.11 (WIEN? - the WG has >>>> sent an official review report to IETF. And also, I would remove >>>> the last part of the note: "and it is not recommended for >>>> implementation outside of 3GPP." I think we should state the >>>> facts about the solution and let the implementer decided whether >>>> or not the solution is suitable for their deployments outside >>>> 3GPP. BR, Farid >>>> >>>>> -----Original Message----- >>>>> From: Bernard Aboba [mailto:aboba@internaut.com] >>>>> Sent: Saturday, April 02, 2005 5:08 PM >>>>> To: Adrangi, Farid >>>>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; gwz@cisco.com; >>>>> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang >>>>> Subject: RE: [eap] RE: FW: I-D >>>>> ACTION:draft-adrangi-eap-network-discovery-11.txt >>>>> >>>>> >>>>> I think we were talking about an IESG note in addition to material >>>>> in the applicability statement, no? >>>>> >>>>> For example, EAP SIM contains the following note: >>>>> >>>>> IESG Note >>>>> >>>>> The EAP-SIM protocol was developed by 3GPP. The documentation of >>>>> EAP-SIM is provided as information to the Internet community. >>>>> While the EAP WG has verified that EAP-SIM is compatible with EAP >>>>> as defined in RFC 3748, no other review has been done, including >>>>> validation of the security claims. >>>>> >>>>> Here is a potential strawman note for the EAP Network Discovery >>>>> document: >>>>> >>>>> EAP Network Discovery was developed by 3GPP. Documentation is >>>>> provided as information to the Internet community. While the EAP >>>>> WG has verified that EAP Network Discovery is compatible with >>>>> EAP as defined in RFC 3748, no other review has been done, >>>>> including investigation of potential security issues. There is >>>>> work underway in IEEE 802.11 which may provide similar >>>>> functionality, enabling an EAP peer to determine network >>>>> availability prior to handoff. As a result, the approach >>>>> described in this document may be superceded by future >>>>> standards, and it is not recommended for implementation outside >>>>> of 3GPP. >>> >>> Hope this helps, >>> >>> ~gwz >>> >>> Why is it that most of the world's problems can't be solved by >>> simply listening to John Coltrane? -- Henry Gabriel >>> _______________________________________________ eap mailing list >>> eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap >> >> Hope this helps, >> >> ~gwz >> >> Why is it that most of the world's problems can't be solved by simply >> listening to John Coltrane? -- Henry Gabriel >> _______________________________________________ >> eap mailing list >> eap@frascone.com >> http://mail.frascone.com/mailman/listinfo/eap Hope this helps, ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 16:49:09 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15615 for ; Tue, 5 Apr 2005 16:49:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id ECEAD204EE; Tue, 5 Apr 2005 16:49:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3EFD4204C9; Tue, 5 Apr 2005 16:49:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id CB782204C9 for ; Tue, 5 Apr 2005 16:48:11 -0400 (EDT) Received: from orsfmr005.jf.intel.com (fmr20.intel.com [134.134.136.19]) by mail.frascone.com (Postfix) with ESMTP id DF2E0204C7 for ; Tue, 5 Apr 2005 16:48:09 -0400 (EDT) Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr005.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j35Km8D9001111; Tue, 5 Apr 2005 20:48:08 GMT Received: from orsmsxvs040.jf.intel.com (orsmsxvs040.jf.intel.com [192.168.65.206]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j35Km7pI020604; Tue, 5 Apr 2005 20:48:07 GMT Received: from orsmsx331.amr.corp.intel.com ([192.168.65.56]) by orsmsxvs040.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005040513480717425 ; Tue, 05 Apr 2005 13:48:07 -0700 Received: from orsmsx408.amr.corp.intel.com ([192.168.65.52]) by orsmsx331.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 5 Apr 2005 13:48:07 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] RE: draft-adrangi-eap-network-discovery-11.txt Message-ID: Thread-Topic: [eap] RE: draft-adrangi-eap-network-discovery-11.txt Thread-Index: AcU5f5MCJ7Up60OuRMypCPY/9cUZiQABI/UgAAH4PGAABEJLUAAf7XdgAADgDAA= From: "Adrangi, Farid" To: Cc: , "Bernard Aboba" , X-OriginalArrivalTime: 05 Apr 2005 20:48:07.0420 (UTC) FILETIME=[C55873C0:01C53A20] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 5 Apr 2005 13:48:06 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Ok. So, we can revise the text as follows: " If the peer responds with an EAP-Response/Identity containing an unknown realm after the local AAA proxy/server sends an identity hint, then the local AAA proxy/server MUST respond with an EAP Failure packet. The local AAA proxy/server MAY also send an EAP-Notification message providing the reason for the failure prior=20 to the EAP Failure packet. " Will this work for you? BR, Farid > -----Original Message----- > From: Glen Zorn (gwz) [mailto:gwz@cisco.com]=20 > Sent: Tuesday, April 05, 2005 1:27 PM > To: Adrangi, Farid > Cc: jsalowey@cisco.com; 'Bernard Aboba'; eap@frascone.com > Subject: RE: [eap] RE: draft-adrangi-eap-network-discovery-11.txt >=20 >=20 > Adrangi, Farid supposedly > scribbled: >=20 > > " > > If the peer responds with an EAP-Response/Identity containing an > > unknown realm after the local AAA proxy/server sends an identity > > hint, then the local AAA proxy/server MUST respond with an EAP > > Failure packet. The local AAA proxy/server MAY also send an > > EAP-Notification message providing the reason for the failure." >=20 > >=20 > > Will this work for you? >=20 > I'm pretty sure that the EAP-{Request, Response}/Notification > exchange has to come before EAP Failure; if you could make that > sequential character clear (which I attempted to do, but apparently > failed), it would be great. >=20 > >=20 > >=20 > >> 3. The message flows in the Appendix only shoe the success cases > -- > >> it would be nice if at least one failure case was illustrated. > >=20 > > [FA] Ok. I will a failure case to one of the delivery options. > >=20 > >>>=20 > >>>>=20 > >>>> ---------- Forwarded message ---------- > >>>> Date: Sun, 3 Apr 2005 21:29:40 -0700 > >>>> From: "Adrangi, Farid" > >>>> To: Bernard Aboba > >>>> Cc: eap@frascone.com, iesg@ietf.org, Jari Arkko > >>>> , gwz@cisco.com, jsalowey@cisco.com, > >>>> Pasi.Eronen@nokia.com, Eugene Chang > > >>>> Subject: RE: [eap] RE: FW: I-D > >>>> ACTION:draft-adrangi-eap-network-discovery-11.txt > >>>>=20 > >>>> I don't recall talking about an IESG note on the mailing list! > >>>> Anyhow, as to your strawman IESG note, it should be noted that > the > >>>> draft was reviewed and accepted by IEEE 802.11 (WIEN? - the WG > has > >>>> sent an official review report to IETF. And also, I would > remove > >>>> the last part of the note: "and it is not recommended for > >>>> implementation outside of 3GPP." I think we should state the > >>>> facts about the solution and let the implementer decided > whether > >>>> or not the solution is suitable for their deployments outside > >>>> 3GPP. BR, Farid=20 > >>>>=20 > >>>>> -----Original Message----- > >>>>> From: Bernard Aboba [mailto:aboba@internaut.com] > >>>>> Sent: Saturday, April 02, 2005 5:08 PM > >>>>> To: Adrangi, Farid > >>>>> Cc: eap@frascone.com; iesg@ietf.org; Jari Arkko; > gwz@cisco.com; > >>>>> jsalowey@cisco.com; Pasi.Eronen@nokia.com; Eugene Chang > >>>>> Subject: RE: [eap] RE: FW: I-D > >>>>> ACTION:draft-adrangi-eap-network-discovery-11.txt > >>>>>=20 > >>>>>=20 > >>>>> I think we were talking about an IESG note in addition to > material > >>>>> in the applicability statement, no? > >>>>>=20 > >>>>> For example, EAP SIM contains the following note: > >>>>>=20 > >>>>> IESG Note > >>>>>=20 > >>>>> The EAP-SIM protocol was developed by 3GPP. The documentation > of > >>>>> EAP-SIM is provided as information to the Internet community. > >>>>> While the EAP WG has verified that EAP-SIM is compatible with > EAP > >>>>> as defined in RFC 3748, no other review has been done, > including > >>>>> validation of the security claims. > >>>>>=20 > >>>>> Here is a potential strawman note for the EAP Network > Discovery > >>>>> document:=20 > >>>>>=20 > >>>>> EAP Network Discovery was developed by 3GPP. Documentation > is > >>>>> provided as information to the Internet community. While the > EAP > >>>>> WG has verified that EAP Network Discovery is compatible with=20 > >>>>> EAP as defined in RFC 3748, no other review has been done, > >>>>> including investigation of potential security issues. There > is > >>>>> work underway in IEEE 802.11 which may provide similar > >>>>> functionality, enabling an EAP peer to determine network > >>>>> availability prior to handoff. As a result, the approach > >>>>> described in this document may be superceded by future > >>>>> standards, and it is not recommended for implementation > outside > >>>>> of 3GPP.=20 > >>>=20 > >>> Hope this helps, > >>>=20 > >>> ~gwz > >>>=20 > >>> Why is it that most of the world's problems can't be solved by > >>> simply listening to John Coltrane? -- Henry Gabriel > >>> _______________________________________________ eap mailing list > >>> eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap > >>=20 > >> Hope this helps, > >>=20 > >> ~gwz > >>=20 > >> Why is it that most of the world's problems can't be solved by > simply > >> listening to John Coltrane? -- Henry Gabriel > >> _______________________________________________ > >> eap mailing list > >> eap@frascone.com > >> http://mail.frascone.com/mailman/listinfo/eap >=20 > Hope this helps, >=20 > ~gwz >=20 > Why is it that most of the world's problems can't be solved by > simply > listening to John Coltrane? -- Henry Gabriel >=20 _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 20:45:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA06018 for ; Tue, 5 Apr 2005 20:45:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 7187120589; Tue, 5 Apr 2005 20:45:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1D60620537; Tue, 5 Apr 2005 20:45:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id ACD6D20526 for ; Tue, 5 Apr 2005 20:44:23 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id E286720520 for ; Tue, 5 Apr 2005 20:44:21 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DIyea-00098o-Kt; Tue, 05 Apr 2005 20:44:20 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j360iJD31549; Tue, 5 Apr 2005 17:44:19 -0700 From: Bernard Aboba To: "Glen Zorn (gwz)" Cc: eap@frascone.com Subject: RE: [eap] RE: FW: I-D ACTION:draft-adrangi-eap-network-discovery-11.txt In-Reply-To: <200504051712.j35HCPgT024038@sj-core-3.cisco.com> Message-ID: References: <200504051712.j35HCPgT024038@sj-core-3.cisco.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 5 Apr 2005 17:44:19 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > OK, cool. I must admit to some confusion on this issue: a cursory > search of IETF liaisons @ > https://datatracker.ietf.org/public/liaisons.cgi didn't turn up > anything; furthermore, since Bernard is listed as the IETF liaison > to IEEE 802, I would think that he would be aware of said document. > I'm not doubting your veracity in the least: it's just a bit weird. I've dug through my email and IEEE 802 document archive. It appears that some of the liaison communications were not cc:'d to statements@ietf.org, which may explain why they didn't end up on the liaisons page. In any case, they are now available on the web at the following links: http://www.drizzle.com/~aboba/IEEE/stuart1.txt http://www.drizzle.com/~aboba/IEEE/11-04-1109-01-0000-input-to-ietf-from-wien-ad-hoc-september-2004.doc http://www.drizzle.com/~aboba/IEEE/11-04-xxxx-00-0000-input-to-ietf-from-WIEN-Ad-Hoc-November-2004.doc Below find the text of the Network Discovery review (the September 2004 document). Note the reference to potential future standards work in 802.11 (now chartered as 802.11u). --------------------------------------------------------------------------------------------- From: Stuart J.Kerry, Chair IEEE 802.11 Working Group To: Harald Alvestrand, IETF Chair CC: Bernard Aboba, IETF to IEEE 802 liaison Title: Review IETF EAP draft documents, September 2004 Purpose: Review of IETF draft-adrangi-eap-network-discovery-03 Dear Harald, As mentioned in our earlier liaison, the IEEE 802.11 Wireless Interworking with External Networks Study Group (WIEN SG) is investigating the changes needed to the IEEE 802.11 specification to support interworking with external non-IEEE 802.11 networks. Attached are comments regarding the document "Identity selection hints for Extensible Authentication Protocol (EAP)" (draft-adrangi-eap-network-discovery-03), for IETF consideration. The draft provides an effective solution for network identity selection at the EAP level, minimizing the impact on the existing EAP messages, with very little impact on access points and associated infrastructure. It is noted that this solution applies to EAP enabled hotspot deployments only; it does not apply to those that utilize the web based access methods, such as the WiFi Alliance Universal Access Method (UAM), mode of authentication. Within option 3, network hints are only received when the authentication attempt cannot be successfully routed to the home network. This information may be useful even for a successful attempt, providing similar functionality to options 1 and 2. The draft is a reasonable approach for a solution using EAP. IEEE 802.11 intends to investigate network identity selection solutions that occur at an earlier stage, prior to association and the subsequent use of EAP. It appears that the EAP solution can co-exist with future IEEE 802.11 link layer solutions. Potential characteristics of the IEEE 802.11 link layer solution are: " It is applicable to both the UAM and IEEE 802.11i based solutions " An EAP exchange is not required to receive network information " Association attempts with invalid networks are avoided " Passive network selection is possible " It reduces the message overhead for roaming We look forward to continued dialogue on network discovery topics. For IETF reference, ANSI/IEEE Std 802.11 -1999 (2003 Reaffirmation) edition as amended by IEEE Std 802.11g-2003 and IEEE Std. 802.11h-2003 is the current version of the IEEE 802.11 Standard. Please contact Stuart J.Kerry, IEEE 802.11 Working Group Chair together with Stephen McCann, IEEE 802.11 WIEN SG chair and Dorothy Stanley, IEEE 802.11/IETF Liaison with any questions, and to discuss further IETF follow-up. Best Regards, Stuart J. Kerry Contact information: Stuart J Kerry stuart.kerry@philips.com +1 408 474 7356 Stephen McCann stephen.mccann@roke.co.uk +44 1794 833341 Dorothy Stanley dstanley@agere.com +1 630 979 1572 _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 21:08:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA07789 for ; Tue, 5 Apr 2005 21:08:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 82BA020520; Tue, 5 Apr 2005 21:08:05 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2740720526; Tue, 5 Apr 2005 21:08:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B88B720526 for ; Tue, 5 Apr 2005 21:07:06 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id E820020520 for ; Tue, 5 Apr 2005 21:07:04 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DIz0a-000BD9-9x for eap@frascone.com; Tue, 05 Apr 2005 21:07:04 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j36173L00450 for ; Tue, 5 Apr 2005 18:07:03 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Split of EAP Key Management Framework document Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 5 Apr 2005 18:07:02 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) I'm currently working on the second half of the split of the EAP Key Management framework document, the EAP Key Management Extensions document. An early version of this will be available for inspection here by the end of the week: http://www.drizzle.com/~aboba/EAP/draft-aboba-eap-keying-extns-00.txt _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Tue Apr 5 22:31:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA13816 for ; Tue, 5 Apr 2005 22:31:05 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 46D53206BB; Tue, 5 Apr 2005 22:31:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 759E520587; Tue, 5 Apr 2005 22:31:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 0E8AA20587 for ; Tue, 5 Apr 2005 22:30:32 -0400 (EDT) Received: from orsfmr003.jf.intel.com (fmr18.intel.com [134.134.136.17]) by mail.frascone.com (Postfix) with ESMTP id 384C02054B for ; Tue, 5 Apr 2005 22:30:30 -0400 (EDT) Received: from orsfmr100.jf.intel.com (orsfmr100.jf.intel.com [10.7.209.16]) by orsfmr003.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j362UTqT011398; Wed, 6 Apr 2005 02:30:29 GMT Received: from orsmsxvs040.jf.intel.com (orsmsxvs040.jf.intel.com [192.168.65.206]) by orsfmr100.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j362UKeY022206; Wed, 6 Apr 2005 02:30:29 GMT Received: from orsmsx332.amr.corp.intel.com ([192.168.65.60]) by orsmsxvs040.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005040519302903774 ; Tue, 05 Apr 2005 19:30:29 -0700 Received: from orsmsx402.amr.corp.intel.com ([192.168.65.208]) by orsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 5 Apr 2005 19:30:29 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] Re: IEEE 802.16e EAP usage modes Message-ID: Thread-Topic: [eap] Re: IEEE 802.16e EAP usage modes thread-index: AcUult+FPjsDvvzeT+CM7dRZ8huz5AAdW4Bg From: "Bakshi, Sanjay" To: "Bernard Aboba" , X-OriginalArrivalTime: 06 Apr 2005 02:30:29.0419 (UTC) FILETIME=[9954BFB0:01C53A50] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 5 Apr 2005 19:30:28 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Hi Bernard, I have tried to answer your questions below as best as I can. I need to provide more details in order to fully answer some your questions. But one thing is apparent, 802.16e follow the eap-keying-06 upto the point of delivery of AAA-Key to authenticator. But Security Association Protocol is not followed fully as detailed in the eap-keying-06. Following is more generalized version of my question that I had earlier asked. I prefer not to get dragged into overall 802.16e security analysis over the email at this point. The question is: What are the issues with having multiple relaying/switching devices between a Peer and an Authenticator .. specifically a pass-thru Authenticator? Issues that come to my mind are=20 a) MTU discovery=20 For the minimum MTU of 1020 specified in RFC3748 can be used b) Channel Binding Are there any EAP methods that implement this? It is not clear to me how Channel Binding is implemented when pass- thru authenticator is in use. This because the Channel (lower layer) between peer and pass-thru authenticator is different from the lower=20 layer between pass-thru authenticator and AAA backend that execute the=20 EAP method. Is my understanding correct? Appreciate answers/clarifications to these. Thanks, --sanjay >>-----Original Message----- >>From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On Behalf Of >>Bernard Aboba >>Sent: Monday, March 21, 2005 8:22 PM >>To: eap@frascone.com >>Subject: [eap] Re: IEEE 802.16e EAP usage modes >> >>The EAP Key Management Framework includes security requirements for EAP >>usage modes. In particular, the "Housley Criteria" describes the >>requirements for publication of AAA key management documents in the IETF. >>My advice would be to look carefully at those requirements in order to >>understand whether 802.16e is compliant or not. [<>] The question I am asking is not related to AAA key management but I will nevertheless check the document >> >>> Basically, in the context of EAP in this model BS acts as a relay and >>> implements two functions. >>> >>> 1. On uplink BS removes EAP pdus from the PKMv2 encapsulation, >>> encapsulates them in a "to be defined" encapsulation and forwards them >>> to the Gateway which is a RADIUS client. >> >>Does the uplink BS perform any cryptographic operations on data or EAP >>packets? Or does it just encapsulate/decapsulate packets? [<>] It just encapsulates/decapsulates EAP packets. However, data from application sessions is encrypted.=20 >> >>> 2. On downlink BS removes EAP pdus from a "to be defined" >>> encapsulation, encapsulates them in PKMv2 and forwards them to the MSS >> >>Where are cryptographic keys stored in this architecture? On the MSS? on >>the BS? On both? How are the keys transported? How many parties possess >>them? [<>]=20 Main keys on MSS (peer) and BS (Authenticator) MSK, AAA-Key as per eap-keying-draft PMK derived by truncation from AAA-Key. AK (Authentication Key) derived from PMK using a KDF(PMK, SS ID, BS, ID) Two MACs (uplink and downlink) for signing the control messages One or more TEK (Traffic Encryption Keys) for encrypting user traffic. These are derived from randoms by the BS and sent to MSS MSK, AAA-Key are transported as per eap-keying-draft PMK, AK, MACs are derived by peer and authenticator independently >> >>How are transient session keys derived? How are they bound to the correct >>context? How are authorization attributes handled? Does this ensure >>proper cryptographic binding? >> [<>] These are defined in 802.16 specs. If people are interested in getting an update on that, I will be glad to provide material for that. >>> BS does not implement any Authenticator functions. >> >>How do the parties identify themselves within the IEEE 802.16e exchanges? >>If the BS is not an authenticator, then the EAP peer cannot be aware of >>its identity; that is, the BS must appear to be a port of the MSS, and >>the EAP peer can only be aware of the MSS identity in the layer below EAP. >>Is this how 802.16e works? >>=20 [<>] Assuming I understood your question correctly. Upon successful network entry (at PHY and MAC layer), MSS gets a connection identifier that represent the connection to the BS and eap packet are exchanged over this connection. So in my opinion for forwarding EAP packets, BS does appear as a port to EAP-peer. >>How does IEEE 802.16e negotiate the key lifetime of the MSK and TSKs? Is >>this done explicitly? What meaning is ascribed to the RADIUS Session-Time >>attribute? [<>] Lifetime of MSK (derived from the eap session) is expected to be exchange by RADIUS Session-Time attribute. There is no Security Association protocol defined for lifetime management etc. of the AAA-key. IMO equivalent to TSKs, 802.16e has TEKs (Traffic Encryption Key) but 802.16e's current key derivation of TEKs does not follow the guidelines mentioned in 1.3.3 of eap-keying-06. TEKs are derived as randoms by BS and send to MSS encrypted and signed by keys derived from PMK(AAA-Key) >> >>How are keys named in IEEE 802.16e? How do the parties synchronize the >>key cache? Are the messages within the Secure Association protocol >>authenticated? [<>] 802.16e does not define anything analogous to Secure Association protocol. Validity of AAA-Key in Authenticator and MSS is assumed. There is a 3-way handshake to verify the liveliness of the session key namely (AK) that is derived from AAA-key >>_______________________________________________ >>eap mailing list >>eap@frascone.com >>http://mail.frascone.com/mailman/listinfo/eap _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From bxycugorh@antennauno.it Wed Apr 6 01:34:41 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA26758; Wed, 6 Apr 2005 01:34:38 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJ3Jo-0006sS-M2; Wed, 06 Apr 2005 01:43:13 -0400 Received: from [210.14.38.69] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DJ3BB-0004FW-FV; Wed, 06 Apr 2005 01:34:18 -0400 Received: from wsqque (210.14.38.69) by mail.hob.com (7.0.027) ; Tue, 05 Apr 2005 22:33:42 -0800 Message-ID: <000701c539b1$9beb4950$0301a8c0@wsqque> From: "Brandi Randle" To: rserpool@ietf.org, disman@ietf.org, rps-archive@ietf.org, eap-archive@ietf.org, ietf-archive@ietf.org, iporpr-admin@ietf.org, amyk@ietf.org, idr-admin@ietf.org, policy@ietf.org, rmonmib-admin@ietf.org, meeting-planning@ietf.org Subject: Refinance your mortgag*e at low rate. infringement lit Date: Tue, 05 Apr 2005 22:33:42 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.224 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224 X-Spam-Score: 18.8 (++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad Content-Transfer-Encoding: 7bit We tried contacting you awhile ago about your low interest mor-tgage rate. You have qualified for the lowest rate in years... You could get over $450,000 for as little as $450 a month! Bad c-redit? Doesn't matter, low rates are fixed no matter what! To get a free, no obl_igation consultation click below: http://bznjmlfloxqd.12refinancenow.com/x/loan.php?id=sv Best Regards, mortg-age Broker Specialist Brandi Randle From eap-admin@frascone.com Wed Apr 6 01:47:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA27748 for ; Wed, 6 Apr 2005 01:47:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4F250206CA; Wed, 6 Apr 2005 01:47:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B470B206C2; Wed, 6 Apr 2005 01:47:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 234CE206C2 for ; Wed, 6 Apr 2005 01:46:34 -0400 (EDT) Received: from greenlantern.frascone.com (adsl-66-137-237-100.dsl.rcsntx.swbell.net [66.137.237.100]) by mail.frascone.com (Postfix) with ESMTP id 0EB522058B for ; Wed, 6 Apr 2005 01:46:32 -0400 (EDT) From: David Frascone To: eap@frascone.com Message-ID: <20050406004631.5cc5f45c@greenlantern.frascone.com> In-Reply-To: <6.1.2.0.0.20050406105954.02736938@172.16.1.10> References: <20050405112101.15976.5106.Mailman@xavier> <6.1.2.0.0.20050406105954.02736938@172.16.1.10> X-Mailer: Sylpheed-Claws 1.0.1 (GTK+ 1.2.10; i686-pc-linux-gnu) X-Face: BZe8R&S)}GEDsLp@ay#IT{'D/X6}Xu/])^zA7D2W{)kwVA7)IhgW*{QSX6W(\BWhSON`p7% e3xQ1oJ=Qb@cQf#x[_Qas)'1f0;9DQJ>02}F_!.`'y>LE~`8e'{XO=fNX{n#\1:s:`Xy Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Re: Your message to eap awaits moderator approval Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 6 Apr 2005 00:46:31 -0500 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit You're subscribed as sureshvv@intotoinc.com, which is not the same as where this mail came from: sureshvv@intoto.com. -Dave On Wed, 06 Apr 2005 11:01:43 +0530 Suresh wrote: > Hi > > I am a member of eap mailing list. And every month I get reminder mails and > all mail discussions. > I am not sure why my mail has been blocked. Kindly look into it. > > regards > Suresh > At 04:51 PM 4/5/2005, eap-admin@frascone.com wrote: > >Your mail to 'eap' with the subject > > > > EAP SIM and AKA identities. > > > >Is being held until the list moderator can review it for approval. > > > >The reason it is being held: > > > > Post by non-member to a members-only list > > > >Either the message will get posted to the list, or you will receive > >notification of the moderator's decision. > > > -- David Frascone Smash forehead on keyboard to continue... _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Apr 6 03:07:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA08420 for ; Wed, 6 Apr 2005 03:07:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A4FA0206D2; Wed, 6 Apr 2005 03:07:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A5124206CC; Wed, 6 Apr 2005 03:07:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id BF51D206CC for ; Wed, 6 Apr 2005 03:06:27 -0400 (EDT) Received: from smtp.intoto.com (ip-66-80-10-146.dsl.sca.megapath.net [66.80.10.146]) by mail.frascone.com (Postfix) with SMTP id AF607206C6 for ; Wed, 6 Apr 2005 03:06:25 -0400 (EDT) Received: from brahma.intotoind.com ([172.16.1.10]) by smtp.intoto.com (SMSSMTP 4.0.0.59) with SMTP id M2005040600054713805 for ; Wed, 06 Apr 2005 00:05:49 -0700 Received: from sureshvv.intotoinc.com (2mc55.intotoind.com [172.16.2.55]) by brahma.intotoind.com (8.12.11/8.12.8) with ESMTP id j3676G1q014471 for ; Wed, 6 Apr 2005 12:36:17 +0530 Message-Id: <6.1.2.0.0.20050406123959.0275f100@172.16.1.10> X-Sender: sureshvv@172.16.1.10 X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 To: eap@frascone.com From: Suresh Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=====================_180006765==.ALT" X-Scanned-By: MIMEDefang 2.41 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] EAP SIM and AKA identities. Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 06 Apr 2005 12:43:06 +0530 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) --=====================_180006765==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed > >Hi >I have a small clarification in the identities and user names used in the >EAP-SIM and AKA implementations. >When ever a client needs to send fill in the AT_IDENTITY attribute, it has >to fill in the complete identity, and the identity may or may not have a >realm portion. >The format of the permanent user name is 0|IMSI and 1|IMSI for the AKA and >SIM respectively. >It is also given that > > The EAP server MAY use the leading "1" as a hint to try EAP-SIM as > the first authentication method during method negotiation, rather > than for example EAP/AKA. The EAP-SIM server MAY propose EAP-SIM > even if the leading character was not "1". > >for EAP-AKA. > >I could not understand how user name is sent to the EAP-Server, in actual, >complete identity is sent in the AT_IDENTITY attribute and not just the >user name. > >regards, >Suresh > > --=====================_180006765==.ALT Content-Type: text/html; charset="us-ascii"

Hi
I have a small clarification in the identities and user names used in the EAP-SIM and AKA implementations.
When ever a client needs to send fill in the AT_IDENTITY attribute, it has to fill in the complete identity, and the identity may or may not have a realm portion.
The format of the permanent user name is 0|IMSI and 1|IMSI for the AKA and SIM respectively.
It is also given that

   The EAP server MAY use the leading "1" as a hint to try EAP-SIM as
   the first authentication method during method negotiation, rather
   than for example EAP/AKA.  The EAP-SIM server MAY propose EAP-SIM
   even if the leading character was not "1".

for EAP-AKA.

I could not understand how user name is sent to the EAP-Server, in actual, complete identity is sent in the AT_IDENTITY attribute and not just the user name.

regards,
Suresh
                                                                                                                                         

--=====================_180006765==.ALT-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Apr 6 03:42:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA10542 for ; Wed, 6 Apr 2005 03:42:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 0A191206D4; Wed, 6 Apr 2005 03:42:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1CF23206D0; Wed, 6 Apr 2005 03:42:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 48D89206D0 for ; Wed, 6 Apr 2005 03:41:37 -0400 (EDT) Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by mail.frascone.com (Postfix) with ESMTP id 5B8F4206CF for ; Wed, 6 Apr 2005 03:41:32 -0400 (EDT) Received: from sj-core-1.cisco.com (171.71.177.237) by sj-iport-2.cisco.com with ESMTP; 06 Apr 2005 00:41:32 -0700 Received: from mira-sjc5-c.cisco.com (IDENT:mirapoint@mira-sjc5-c.cisco.com [171.71.163.17]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j367fUDr014502; Wed, 6 Apr 2005 00:41:30 -0700 (PDT) Received: from twieland-w2k02.cisco.com (sjc-vpn2-88.cisco.com [10.21.112.88]) by mira-sjc5-c.cisco.com (MOS 3.4.5-GR) with ESMTP id BFM56847; Wed, 6 Apr 2005 00:41:29 -0700 (PDT) Message-Id: <4.3.2.7.2.20050406002041.0244f418@mira-sjc5-4.cisco.com> X-Sender: twieland@mira-sjc5-4.cisco.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 To: Nakhjiri Madjid-MNAKHJI1 From: Thomas Wieland Subject: Re: [eap] EAP-SIM fast re-auth identity Cc: eap@frascone.com, "'henry.haverinen@nokia.com'" In-Reply-To: Mime-Version: 1.0 Content-Type: text/html; charset="us-ascii" X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 06 Apr 2005 00:41:14 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Hi Madjid,

  I'm not an author but "other people", but maybe I can shed
some light on this.  Henry can always correct and expand.

There is nothing "wrong" with the identities used during full
authentication (i.e. either permanent identity, e.g. 1IMSI @realm,
or pseudonym identity).  The "problem", if you will, is that by
definition of a full authentication, these identities require the
use of 2 or 3 GSM triplets to authenticate. 

For one, this implies at least one round trip to a remote server,
i.e. the HLR/AuC where the triplets are generated.  This is
usually much slower than going through the calculations
necessary to iterate the keying material locally at the AAA
server.  It also means additional load on the HLR/AuC.

The second "bad" aspect is that each full EAP-SIM authentication uses
up 2 or 3 triplets.  The number of triplets that can be generated by each
SIM is usually limited (e.g. to 50,000) due to security concerns.  This
doesn't matter too much in a GSM mobile network as authentications
only use only one triplet and occur relatively infrequently compared to,
for example, public WLAN.  For EAP-SIM used in a PWLAN scenario,
not only do you use up 2 or 3 triplets per authentication, the authentications
also happen much more frequently.  For example every time every time
a PC gets turned on (or woken up), when a user roams between access
points etc.  You can see how you could be chewing through the available
triplets pretty fast and once you've reached the limit hard-wired into the
SIM, your SIM is dead and needs to be replaced. 

By using the fast re-auth mechanism, not only do you speed up
EAP-SIM authentications (hence "fast" :-), you also reduce the
load on the back-end server (AuC) and extend the life of your SIM.
In other words, "it's a good thing".

Regards,

  Thomas



At 10:05 05-04-05 -0500, Nakhjiri Madjid-MNAKHJI1 wrote:

Hi,

 

I have a question regarding the EAP-SIM method for fast re-authentication and would appreciate it if the authors and other people respond. Why is a specific identity used for fast re-authentication? What is the problem with using the identities that were used during the full authentication? The initial identity that is sent in EAP-Response/ Identity should not have a problem, right?

 

Thanks in advance,

 

Madjid Nakhjiri
_______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Apr 6 04:40:08 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA14960 for ; Wed, 6 Apr 2005 04:40:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 63302206DB; Wed, 6 Apr 2005 04:40:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 02651206D6; Wed, 6 Apr 2005 04:40:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 95726206D3 for ; Wed, 6 Apr 2005 04:39:14 -0400 (EDT) Received: from mgw-x2.nokia.com (mgw-x2.nokia.com [131.228.20.22]) by mail.frascone.com (Postfix) with ESMTP id 49B62206D2 for ; Wed, 6 Apr 2005 04:39:11 -0400 (EDT) Received: from esdks001.ntc.nokia.com (esdks001.ntc.nokia.com [172.21.138.120]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j368d8F28952; Wed, 6 Apr 2005 11:39:08 +0300 (EET DST) X-Scanned: Wed, 6 Apr 2005 11:52:29 +0300 Nokia Message Protector V1.3.34 2004121512 - RELEASE Received: (from root@localhost) by esdks001.ntc.nokia.com (8.12.9/8.12.9) id j368qTAa004196; Wed, 6 Apr 2005 11:52:29 +0300 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks001.ntc.nokia.com 00fj8YR0; Wed, 06 Apr 2005 11:52:26 EEST Received: from esebh001.NOE.Nokia.com (esebh001.ntc.nokia.com [172.21.138.28]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j368YZU08380; Wed, 6 Apr 2005 11:34:35 +0300 (EET DST) Received: from esebh005.NOE.Nokia.com ([172.21.138.86]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 6 Apr 2005 11:34:29 +0300 Received: from esebe009.NOE.Nokia.com ([172.21.138.41]) by esebh005.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 6 Apr 2005 11:34:28 +0300 Received: from trebe101.NOE.Nokia.com ([172.22.124.61]) by esebe009.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 6 Apr 2005 11:34:28 +0300 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C53A83.716629C4" Subject: RE: [eap] EAP-SIM fast re-auth identity Message-ID: Thread-Topic: [eap] EAP-SIM fast re-auth identity Thread-Index: AcU6fJ2RVBbuEHGXT8G5bSpC9saQogABBsOA From: To: , Cc: X-OriginalArrivalTime: 06 Apr 2005 08:34:28.0266 (UTC) FILETIME=[724C58A0:01C53A83] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 6 Apr 2005 11:34:26 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. ------_=_NextPart_001_01C53A83.716629C4 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Madjid, Thomas, =20 Thomas already justified very well why there is a separate fast = re-authentication procedure. =20 The use of separate identities on fast re-authentication is just one way = to design the re-authentication procedure. Alternatively, we could have used the same pseudonyms during = fast re-authentication. There are some benefits in using separate identities. =20 Thanks to the separate identities, fast re-authentication and full = authentication can be implemented=20 separately, more modularly, at the server. When the server runs fast = re-authentication, it does not have=20 to update the information about the full authentication pseudonym. Fast = re-authentication=20 could even be distributed to a separate entity, a separate subsystem of = the EAP server that does not need to have any access to the triplets or to other "long-term" = state of the subscriber.=20 =20 A separate fast-reauthentication identity also indicates to the server = that the client wants to use fast re-authentication. Hence it is possible to "overload" the identity = with this indication and save a roundtrip in some cases. =20 When there are several AAA servers, pseudonyms should be decodable by = all the servers at the home network. They should also be decodable a long time after = they were delivered. Hence, the storing mechanism for pseudonyms is likely to be "expensive". = Fast re-authentication identities can be locally administered by a single server, and it does = not matter if they are not stored so "reliably". For example, some EAP-SIM server = implementations use cryptographically generated pseudonyms that contain the IMSI, but use short number IDs as = re-authentication identities. (However, 3GPP decided to use the same format for both types of = identities in release 6 specifications.) =20 Regards, Henry=20 =20 =20 -----Original Message----- From: eap-admin@frascone.com [mailto:eap-admin@frascone.com]On Behalf Of = ext Thomas Wieland Sent: 06 April, 2005 10:41 To: Nakhjiri Madjid-MNAKHJI1 Cc: eap@frascone.com; Haverinen Henry (Nokia-ES/Jyvaskyla) Subject: Re: [eap] EAP-SIM fast re-auth identity Hi Madjid, I'm not an author but "other people", but maybe I can shed=20 some light on this. Henry can always correct and expand. There is nothing "wrong" with the identities used during full authentication (i.e. either permanent identity, e.g. 1IMSI @realm, or pseudonym identity). The "problem", if you will, is that by definition of a full authentication, these identities require the use of 2 or 3 GSM triplets to authenticate. =20 For one, this implies at least one round trip to a remote server,=20 i.e. the HLR/AuC where the triplets are generated. This is=20 usually much slower than going through the calculations=20 necessary to iterate the keying material locally at the AAA=20 server. It also means additional load on the HLR/AuC. The second "bad" aspect is that each full EAP-SIM authentication uses=20 up 2 or 3 triplets. The number of triplets that can be generated by = each=20 SIM is usually limited (e.g. to 50,000) due to security concerns. This=20 doesn't matter too much in a GSM mobile network as authentications only use only one triplet and occur relatively infrequently compared to, for example, public WLAN. For EAP-SIM used in a PWLAN scenario, not only do you use up 2 or 3 triplets per authentication, the = authentications=20 also happen much more frequently. For example every time every time=20 a PC gets turned on (or woken up), when a user roams between access points etc. You can see how you could be chewing through the available triplets pretty fast and once you've reached the limit hard-wired into = the SIM, your SIM is dead and needs to be replaced. =20 By using the fast re-auth mechanism, not only do you speed up=20 EAP-SIM authentications (hence "fast" :-), you also reduce the load on the back-end server (AuC) and extend the life of your SIM. In other words, "it's a good thing". Regards, Thomas At 10:05 05-04-05 -0500, Nakhjiri Madjid-MNAKHJI1 wrote: Hi,=20 =20 I have a question regarding the EAP-SIM method for fast = re-authentication and would appreciate it if the authors and other = people respond. Why is a specific identity used for fast = re-authentication? What is the problem with using the identities that = were used during the full authentication? The initial identity that is = sent in EAP-Response/ Identity should not have a problem, right? =20 Thanks in advance, =20 Madjid Nakhjiri _______________________________________________ eap mailing list = eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap=20 ------_=_NextPart_001_01C53A83.716629C4 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi=20 Madjid, Thomas,
 
Thomas=20 already justified very well why there is a separate fast = re-authentication=20 procedure.
 
The=20 use of separate identities on fast re-authentication is just one way to=20 design the re-authentication
procedure. Alternatively, we could have used the same = pseudonyms during=20 fast re-authentication.
There=20 are some benefits in using separate identities.
 
Thanks=20 to the separate identities, fast re-authentication and full = authentication can=20 be implemented
separately, more modularly, at the server.=20 When the server runs fast re-authentication, it does not have=20
to=20 update the information about the full authentication = pseudonym. Fast=20 re-authentication
could=20 even be distributed to a separate entity, a separate = subsystem of=20 the EAP server that
does=20 not need to have any access to the triplets or to other "long-term" = state of the=20 subscriber.
 
A=20 separate fast-reauthentication identity also indicates to the server = that the=20 client wants to use
fast=20 re-authentication. Hence it is possible to "overload" the identity with = this=20 indication and
save a=20 roundtrip in some cases.
 
When=20 there are several AAA servers, pseudonyms should be decodable by all the = servers
at the=20 home network. They should also be decodable a long time after they were=20 delivered.
Hence,=20 the storing mechanism for pseudonyms is likely to be "expensive". Fast=20 re-authentication
identities can be locally administered by a single server, and = it does=20 not matter if they are
not=20 stored so "reliably". For example, some EAP-SIM server implementations = use=20 cryptographically generated
pseudonyms that contain the IMSI, but use short number IDs as=20 re-authentication identities.
(However, 3GPP decided to use the same format for both types of = identities in release 6 specifications.)
 
Regards,
Henry 
 
 
-----Original Message-----
From: = eap-admin@frascone.com=20 [mailto:eap-admin@frascone.com]On Behalf Of ext Thomas=20 Wieland
Sent: 06 April, 2005 10:41
To: Nakhjiri=20 Madjid-MNAKHJI1
Cc: eap@frascone.com; Haverinen Henry=20 (Nokia-ES/Jyvaskyla)
Subject: Re: [eap] EAP-SIM fast re-auth = identity


Hi Madjid,

  I'm not an = author=20 but "other people", but maybe I can shed
some light on this.  = Henry=20 can always correct and expand.

There is nothing "wrong" with = the=20 identities used during full
authentication (i.e. either permanent = identity,=20 e.g. 1IMSI @realm,
or pseudonym identity).  The "problem", if = you=20 will, is that by
definition of a full authentication, these = identities=20 require the
use of 2 or 3 GSM triplets to authenticate.  =

For=20 one, this implies at least one round trip to a remote server,
i.e. = the=20 HLR/AuC where the triplets are generated.  This is
usually = much=20 slower than going through the calculations
necessary to iterate = the keying=20 material locally at the AAA
server.  It also means additional = load on=20 the HLR/AuC.

The second "bad" aspect is that each full EAP-SIM=20 authentication uses
up 2 or 3 triplets.  The number of = triplets that=20 can be generated by each
SIM is usually limited (e.g. to 50,000) = due to=20 security concerns.  This
doesn't matter too much in a GSM = mobile=20 network as authentications
only use only one triplet and occur = relatively=20 infrequently compared to,
for example, public WLAN.  For = EAP-SIM used=20 in a PWLAN scenario,
not only do you use up 2 or 3 triplets per=20 authentication, the authentications
also happen much more=20 frequently.  For example every time every time
a PC gets = turned on=20 (or woken up), when a user roams between access
points etc.  = You can=20 see how you could be chewing through the available
triplets pretty = fast and=20 once you've reached the limit hard-wired into the
SIM, your SIM is = dead and=20 needs to be replaced. 

By using the fast re-auth = mechanism, not=20 only do you speed up
EAP-SIM authentications (hence "fast" :-), = you also=20 reduce the
load on the back-end server (AuC) and extend the life of = your=20 SIM.
In other words, "it's a good = thing".

Regards,

 =20 Thomas



At 10:05 05-04-05 -0500, Nakhjiri = Madjid-MNAKHJI1=20 wrote:

Hi,=20

 

I have a question regarding the EAP-SIM method for fast=20 re-authentication and would appreciate it if the authors and other = people=20 respond. Why is a specific identity used for fast re-authentication? = What is=20 the problem with using the identities that were used during the full = authentication? The initial identity that is sent in EAP-Response/ = Identity=20 should not have a problem, right?

 

Thanks in=20 advance,

 

Madjid=20 = Nakhjiri
_____________________________________________= __=20 eap mailing list eap@frascone.com=20 http://mail.frascone.com/mailman/listinfo/eap = ------_=_NextPart_001_01C53A83.716629C4-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Apr 6 06:26:19 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA23731 for ; Wed, 6 Apr 2005 06:26:18 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id EC46E206DC; Wed, 6 Apr 2005 06:26:11 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 74F60206DA; Wed, 6 Apr 2005 06:26:08 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 41F3E20653 for ; Wed, 6 Apr 2005 06:25:06 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id 17B0E206DA for ; Wed, 6 Apr 2005 06:25:01 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DJ7iW-0009gL-E5; Wed, 06 Apr 2005 06:25:00 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j36AOxH00961; Wed, 6 Apr 2005 03:24:59 -0700 From: Bernard Aboba To: "Bakshi, Sanjay" Cc: eap@frascone.com Subject: RE: [eap] Re: IEEE 802.16e EAP usage modes In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 6 Apr 2005 03:24:58 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > Issues that come to my mind are > a) MTU discovery > For the minimum MTU of 1020 specified in RFC3748 can be used EAP can't do MTU discovery, per se. Are you saying that a minimum MTU of 1020 is always available? > b) Channel Binding > Are there any EAP methods that implement this? Yes, there are methods that are capable of this. The EAP peer and server verify that the "authenticator" they see is offering the same information to each of them. For example: Authenticator MAC address as seen by peer = Called-Station-ID in Access-Request SSID as seen by peer = SSID in Access-Request NAS-Identifer as seen by peer = NAS-Identifier in Request > It is not clear to me how Channel Binding is implemented when pass- > thru authenticator is in use. This because the Channel (lower > layer) between peer and pass-thru authenticator is different from the > lower layer between pass-thru authenticator and AAA backend that execute > the EAP method. I'm not sure why this would affect Channel bindings. > Does the uplink BS perform any cryptographic operations on data or EAP > packets? Or does it just encapsulate/decapsulate packets? > > It just encapsulates/decapsulates EAP packets. However, > data from application sessions is encrypted. Presumably this occurs after the EAP conversation completes, no? So the EAP conversation itself is never encrypted, even in a re-authentication? >Where are cryptographic keys stored in this architecture? On the MSS? > on the BS? On both? How are the keys transported? How many parties > possess them? > > Main keys on MSS (peer) and BS (Authenticator) > MSK, AAA-Key as per eap-keying-draft The liaison letter from Roger Marks indicated that the AAA-Key was derived from the AMSK/EMSK via the "pre-emptive handoff" formula, rather than from the MSK. Is this coreect? > MSK, AAA-Key are transported as per eap-keying-draft Again, Roger's seemed to imply that the RADIUS pre-emptive keying extension was used within 802.16e. Is that right? > PMK, AK, MACs are derived by peer and authenticator independently > How are transient session keys derived? How are they bound to the > correct context? How are authorization attributes handled? Does this > ensure proper cryptographic binding? > > [<>] These are defined in 802.16 specs. If people are > interested in getting an update on that, I will be glad to provide > material for that. Yes, we'd like to understand whether the requirements relating to TSK freshness are being fulfilled. > How do the parties identify themselves within the IEEE 802.16e > exchanges? If the BS is not an authenticator, then the EAP peer cannot > be aware of its identity; that is, the BS must appear to be a port of > the MSS, and the EAP peer can only be aware of the MSS identity in the > layer below EAP. Is this how 802.16e works? > >> > [<>] Assuming I understood your question correctly. Upon > successful network entry (at PHY and MAC layer), MSS gets a connection > identifier that represent the connection to the BS and eap packet are > exchanged over this connection. So in my opinion for forwarding EAP > packets, BS does appear as a port to EAP-peer. If the BS appears as a port to the MSS, is the EAP peer aware of what MSS it is connecting to? This relates to whether the EAP peer and server are in sync with respect to the Key Scope (the context of the key that is being derived). > How does IEEE 802.16e negotiate the key lifetime of the MSK and TSKs? > Is this done explicitly? What meaning is ascribed to the RADIUS > Session-Time attribute? > > [<>] Lifetime of MSK (derived from the eap session) is expected > to be exchange by RADIUS Session-Time attribute. The Session-Time attribute represents the maximum time to re-authentication of a session-in-progress. It isn't clear that this is the right attribute to use to determine the lifetime of the AAA-Key in pre-authentication, for example. > There is no Security Association protocol defined for lifetime > management etc. of the AAA-key. Does 802.16e support pre-authentication? If so, how does the peer and authenticator know how long the AAA-Key lives after being derived? > IMO equivalent to TSKs, 802.16e has TEKs (Traffic Encryption > Key) but 802.16e's current key derivation of TEKs does not follow the > guidelines mentioned in 1.3.3 of eap-keying-06. TEKs are derived as > randoms by BS and send to MSS encrypted and signed by keys derived from > PMK(AAA-Key) The keying draft doesn't require a certain derivation for the TSKs, it merely requires that they be fresh. Derivation of TSKs via two nonce/counters (one for each side) means that freshness can be provided even if one party has a broken random number generator. Deriving a TSK from a Nonce provided by only one party (particularly if that party is an embedded device that may lack the required boot entropy) seems risky, no? In particular, one can no longer say that TSKs freshness is guaranteed if the EAP method generates a fresh AAA-Key and if the peer can generate Nonces/counters that are fresh (as one can do in 802.11i, for example). In existing usage, freshness can be provided even if the EAP server generates unfresh Nonces/counters since the EAP method includes nonces/counters from both sides. Similarly, if the method exported keys are fresh and the EAP peer generates a fresh nonce/counter then the authenticator nonce/counter need not be fresh for the freshness requirement to be met. > How are keys named in IEEE 802.16e? How do the parties synchronize > the key cache? Are the messages within the Secure Association protocol > >>authenticated? > [<>] 802.16e does not define anything analogous to Secure > Association protocol. Validity of AAA-Key in Authenticator and MSS is > assumed. There is a 3-way handshake to verify the liveliness of the > session key namely (AK) that is derived from AAA-key The 3-way handshake sounds like a Secure Association Protocol, as defined in the keying framework. For example, it appears that it provides for mutual authentication between the peer and authenticator (one of the Housley criteria), as well as potentially providing for key freshness. What other functions does the 3-way handshake provide? For example: * Secure confirmation of ciphersuites (another required property) * TSK lifetime determination (e.g. can the 3-way handshake be used for a TSK rekey by either side?) * Proper identification (e.g. are the parties identified, not merely their ports?) * Is the key properly bound to its context? This includes not only use of the appropriate identifiers in the 3-way handshake, but but also ability to verify channel bindings. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From giacobo_beal@huntconstructiongroup.com Wed Apr 6 06:31:38 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA24935; Wed, 6 Apr 2005 06:31:37 -0400 (EDT) From: giacobo_beal@huntconstructiongroup.com Message-Id: <200504061031.GAA24935@ietf.org> Received: from bl4-210-21.dsl.telepac.pt ([81.193.210.21]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DJ7xH-0000Ie-40; Wed, 06 Apr 2005 06:40:17 -0400 Date: Wed, 06 Apr 2005 06:22:20 -0500 To: dhcwg@ietf.org Subject: Fwd: Great news MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7Bit X-Spam-Score: 3.6 (+++) X-Scan-Signature: 8ac499381112328dd60aea5b1ff596ea Content-Transfer-Encoding: 7Bit Hey, I'm Amanda. I'm from Los Angelos, California. Two week's ago I turned 18 and my parents bought me a web cam for my birthday. I started playing with it, now me and my friends are addicted to showing off our young bodys to everyone that wants to see us! We love this thing! I signed up with a program that is absolutely free of charge, and hosts my web cam 24 hours a day, 7 days a week!! You can check me out on my web cam by clicking here. Remember, it's FREE of charge, http://www.terra.es/personal2/rod452/amanda/amanda1.html From eap-admin@frascone.com Wed Apr 6 11:41:10 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27398 for ; Wed, 6 Apr 2005 11:41:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 551C0206FC; Wed, 6 Apr 2005 11:41:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id E09CD206F4; Wed, 6 Apr 2005 11:41:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id EAB82206F7 for ; Wed, 6 Apr 2005 11:40:16 -0400 (EDT) Received: from mtaout4.012.net.il (mtaout4.012.net.il [84.95.2.10]) by mail.frascone.com (Postfix) with ESMTP id 03D0C206F4 for ; Wed, 6 Apr 2005 11:40:11 -0400 (EDT) Received: from [127.0.0.1] ([192.114.180.130]) by i_mtaout4.012.net.il (HyperSendmail v2004.12) with ESMTPA id <0IEJ00DAR7NCD170@i_mtaout4.012.net.il> for eap@frascone.com; Wed, 06 Apr 2005 18:42:56 +0300 (IDT) From: Jeff Mandin Subject: RE: [eap] Re: IEEE 802.16e EAP usage modes To: aboba@internaut.com, sanjay.bakshi@intel.com Cc: eap@frascone.com Message-id: <42541185.40309@streetwaves-networks.com> MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_wmJw54aqWUv4iTAZpu2EAA)" X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 06 Apr 2005 18:42:45 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. --Boundary_(ID_wmJw54aqWUv4iTAZpu2EAA) Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7BIT Sanjay and Bernard hi, Just to clarify a few points - and let Sanjay respond to the rest: 1. MTU: 1020 bytes is always available (as EAP messages are sent on a connection with capability for fragmentation) 2. Channel Binding: 802.16e includes the BSId in the derivation of the "Authorization Key" (AK) from the PMK. I think that this constitutes an adequate channel binding. 3. Pre-emptive keying: 802.16e is only an air interface. It relies on pre-emptive keying without saying how it's to be done. But yes a RADIUS extension is an obvious possibility. Similarly, 16e only uses the AAA-Key that it receives and doesn't tell the AAA Server how to create it. 4. TSKs: Traffic Encryption Keys (as we call them) are transported from BS to MSS wrapped in a KEK that is derived from the AK (using AES Key Wrap). The TEK lifetime is specified explicitly by the BS and there is overlap in the lifetime of successive generations of TEK. This scheme was inherited from DOCSIS (why it has been retained is a different story). Additionally a TEK can expire prematurely by using up its 32bit Counter space. The context of a TEK is defined in a roundabout manner, but essentially there are potentially several sessions who are permitted to access a particular TEK. These sessions are identified by an ID that is carried in the 802.16 MAC header. The MAC header in turn is not protected by the Message Authentication Code, but is instead used in generated the CCM-mode initialization block. Bottom line is that the MSS must rely on the BS guaranteeing TEK freshness. The TEK context is dictated by the BS to MSS and mutually enforced (and the AAA-Server is not in the picture at all for TEKs). - Jeff --------------------------------------------------- > Issues that come to my mind are > a) MTU discovery > For the minimum MTU of 1020 specified in RFC3748 can be used EAP can't do MTU discovery, per se. Are you saying that a minimum MTU of 1020 is always available? > b) Channel Binding > Are there any EAP methods that implement this? Yes, there are methods that are capable of this. The EAP peer and server verify that the "authenticator" they see is offering the same information to each of them. For example: Authenticator MAC address as seen by peer = Called-Station-ID in Access-Request SSID as seen by peer = SSID in Access-Request NAS-Identifer as seen by peer = NAS-Identifier in Request > It is not clear to me how Channel Binding is implemented when pass- > thru authenticator is in use. This because the Channel (lower > layer) between peer and pass-thru authenticator is different from the > lower layer between pass-thru authenticator and AAA backend that execute > the EAP method. I'm not sure why this would affect Channel bindings. > Does the uplink BS perform any cryptographic operations on data or EAP > packets? Or does it just encapsulate/decapsulate packets? > > It just encapsulates/decapsulates EAP packets. However, > data from application sessions is encrypted. Presumably this occurs after the EAP conversation completes, no? So the EAP conversation itself is never encrypted, even in a re-authentication? >Where are cryptographic keys stored in this architecture? On the MSS? > on the BS? On both? How are the keys transported? How many parties > possess them? > > Main keys on MSS (peer) and BS (Authenticator) > MSK, AAA-Key as per eap-keying-draft The liaison letter from Roger Marks indicated that the AAA-Key was derived from the AMSK/EMSK via the "pre-emptive handoff" formula, rather than from the MSK. Is this coreect? > MSK, AAA-Key are transported as per eap-keying-draft Again, Roger's seemed to imply that the RADIUS pre-emptive keying extension was used within 802.16e. Is that right? > PMK, AK, MACs are derived by peer and authenticator independently > How are transient session keys derived? How are they bound to the > correct context? How are authorization attributes handled? Does this > ensure proper cryptographic binding? > > [<>] These are defined in 802.16 specs. If people are > interested in getting an update on that, I will be glad to provide > material for that. Yes, we'd like to understand whether the requirements relating to TSK freshness are being fulfilled. > How do the parties identify themselves within the IEEE 802.16e > exchanges? If the BS is not an authenticator, then the EAP peer cannot > be aware of its identity; that is, the BS must appear to be a port of > the MSS, and the EAP peer can only be aware of the MSS identity in the > layer below EAP. Is this how 802.16e works? > >> > [<>] Assuming I understood your question correctly. Upon > successful network entry (at PHY and MAC layer), MSS gets a connection > identifier that represent the connection to the BS and eap packet are > exchanged over this connection. So in my opinion for forwarding EAP > packets, BS does appear as a port to EAP-peer. If the BS appears as a port to the MSS, is the EAP peer aware of what MSS it is connecting to? This relates to whether the EAP peer and server are in sync with respect to the Key Scope (the context of the key that is being derived). > How does IEEE 802.16e negotiate the key lifetime of the MSK and TSKs? > Is this done explicitly? What meaning is ascribed to the RADIUS > Session-Time attribute? > > [<>] Lifetime of MSK (derived from the eap session) is expected > to be exchange by RADIUS Session-Time attribute. The Session-Time attribute represents the maximum time to re-authentication of a session-in-progress. It isn't clear that this is the right attribute to use to determine the lifetime of the AAA-Key in pre-authentication, for example. > There is no Security Association protocol defined for lifetime > management etc. of the AAA-key. Does 802.16e support pre-authentication? If so, how does the peer and authenticator know how long the AAA-Key lives after being derived? > IMO equivalent to TSKs, 802.16e has TEKs (Traffic Encryption > Key) but 802.16e's current key derivation of TEKs does not follow the > guidelines mentioned in 1.3.3 of eap-keying-06. TEKs are derived as > randoms by BS and send to MSS encrypted and signed by keys derived from > PMK(AAA-Key) The keying draft doesn't require a certain derivation for the TSKs, it merely requires that they be fresh. Derivation of TSKs via two nonce/counters (one for each side) means that freshness can be provided even if one party has a broken random number generator. Deriving a TSK from a Nonce provided by only one party (particularly if that party is an embedded device that may lack the required boot entropy) seems risky, no? In particular, one can no longer say that TSKs freshness is guaranteed if the EAP method generates a fresh AAA-Key and if the peer can generate Nonces/counters that are fresh (as one can do in 802.11i, for example). In existing usage, freshness can be provided even if the EAP server generates unfresh Nonces/counters since the EAP method includes nonces/counters from both sides. Similarly, if the method exported keys are fresh and the EAP peer generates a fresh nonce/counter then the authenticator nonce/counter need not be fresh for the freshness requirement to be met. > How are keys named in IEEE 802.16e? How do the parties synchronize > the key cache? Are the messages within the Secure Association protocol > >>authenticated? > [<>] 802.16e does not define anything analogous to Secure > Association protocol. Validity of AAA-Key in Authenticator and MSS is > assumed. There is a 3-way handshake to verify the liveliness of the > session key namely (AK) that is derived from AAA-key The 3-way handshake sounds like a Secure Association Protocol, as defined in the keying framework. For example, it appears that it provides for mutual authentication between the peer and authenticator (one of the Housley criteria), as well as potentially providing for key freshness. What other functions does the 3-way handshake provide? For example: * Secure confirmation of ciphersuites (another required property) * TSK lifetime determination (e.g. can the 3-way handshake be used for a TSK rekey by either side?) * Proper identification (e.g. are the parties identified, not merely their ports?) * Is the key properly bound to its context? This includes not only use of the appropriate identifiers in the 3-way handshake, but but also ability to verify channel bindings. - Show quoted text - --Boundary_(ID_wmJw54aqWUv4iTAZpu2EAA) Content-type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7BIT Sanjay and Bernard hi,

Just to clarify a few points -  and let Sanjay respond to the rest:

1.  MTU: 1020 bytes is always available (as EAP messages are sent on a connection with capability for fragmentation)

2.  Channel Binding:  802.16e includes the BSId in the derivation of the "Authorization Key" (AK) from the PMK.  I think that this constitutes an adequate channel binding.

3.  Pre-emptive keying: 802.16e is only an air interface.  It relies on pre-emptive keying without saying how it's to be done.  But yes a RADIUS extension is an obvious possibility.   Similarly, 16e only uses the AAA-Key that it receives and doesn't tell the AAA Server how to create it. 

4. TSKs:  Traffic Encryption Keys (as we call them) are transported from BS to MSS wrapped in a KEK that is derived from the AK (using AES Key Wrap). The TEK lifetime is specified explicitly by the BS and there is overlap in the lifetime of successive generations of TEK.  This scheme was inherited from DOCSIS (why it has been retained is a different story).

Additionally a TEK can expire prematurely by using up its 32bit Counter space.

The context of a TEK is defined in a roundabout manner, but essentially there are potentially several sessions who are permitted to access a particular TEK.  These sessions are identified by an ID that is carried in the 802.16 MAC header.  The MAC header in turn is not protected by the Message Authentication Code, but is instead used in generated the CCM-mode initialization block.

Bottom line is that the MSS must rely on the BS guaranteeing TEK freshness.  The TEK context is dictated by the BS to MSS and mutually enforced (and the AAA-Server is not in the picture at all for TEKs).

- Jeff

---------------------------------------------------

> Issues that come to my mind are
>    a) MTU discovery
>       For the minimum MTU of 1020 specified in RFC3748 can be used

EAP can't do MTU discovery, per se.  Are you saying that a minimum MTU of
1020 is always available?

>    b) Channel Binding
>       Are there any EAP methods that implement this?

 Yes, there are methods that are capable of this.  The EAP peer and server
verify that the "authenticator" they see is offering the same information
to each of them.  For example:

Authenticator MAC address as seen by peer = Called-Station-ID in
                                           Access-Request
SSID as seen by peer                      = SSID in Access-Request
NAS-Identifer as seen by peer             = NAS-Identifier in Request

> It is not clear to me how Channel Binding is implemented when pass-
> thru authenticator is in use. This because the Channel (lower
> layer) between peer and pass-thru authenticator is different from the
> lower layer between pass-thru authenticator and AAA backend that execute
> the EAP method.

I'm not sure why this would affect Channel bindings.

> Does the uplink BS perform any cryptographic operations on data or EAP
> packets?  Or does it just encapsulate/decapsulate packets?
>
 > It just encapsulates/decapsulates EAP packets. However,
> data from application sessions is encrypted.

Presumably this occurs after the EAP conversation completes, no?  So the
EAP conversation itself is never encrypted, even in a re-authentication?

>Where are cryptographic keys stored in this architecture?  On the MSS?
> on the BS?  On both? How are the keys transported?  How many parties
> possess them?
>
> Main keys on MSS (peer) and BS (Authenticator)
>     MSK, AAA-Key as per eap-keying-draft

The liaison letter from Roger Marks indicated that the AAA-Key was derived
from the AMSK/EMSK via the "pre-emptive handoff" formula, rather than from
the MSK.  Is this coreect?

> MSK, AAA-Key are transported as per eap-keying-draft

Again, Roger's seemed to imply that the RADIUS pre-emptive keying
extension was used within 802.16e.  Is that right?

> PMK, AK, MACs are derived by peer and authenticator independently

> How are transient session keys derived?  How are they bound to the
> correct context?  How are authorization attributes handled?  Does this
> ensure proper cryptographic binding?
>
> [<<sbakshi>>] These are defined in 802.16 specs. If people are
> interested in getting an update on that, I will be glad to provide
> material for that.

Yes, we'd like to understand whether the requirements relating to TSK
freshness are being fulfilled.

> How do the parties identify themselves within the IEEE 802.16e
> exchanges? If the BS is not an authenticator, then the EAP peer cannot
> be aware of its identity;  that is, the BS must appear to be a port of
> the MSS, and the EAP peer can only be aware of the MSS identity in the
> layer below EAP. Is this how 802.16e works?
> >>
> [<<sbakshi>>] Assuming I understood your question correctly. Upon
> successful network entry (at PHY and MAC layer), MSS gets a connection
> identifier that represent the connection to the BS and eap packet are
> exchanged over this connection. So in my opinion for forwarding EAP
> packets, BS does appear as a port to EAP-peer.

 If the BS appears as a port to the MSS, is the EAP peer aware of what MSS
it is connecting to?  This relates to whether the EAP peer and server are
in sync with respect to the Key Scope (the context of the key that is
being derived).

> How does IEEE 802.16e negotiate the key lifetime of the MSK and TSKs?
> Is this done explicitly?  What meaning is ascribed to the RADIUS
> Session-Time attribute?
>
> [<<sbakshi>>] Lifetime of MSK (derived from the eap session) is expected
> to be exchange by RADIUS Session-Time attribute.

The Session-Time attribute represents the maximum time to
re-authentication of a session-in-progress.  It isn't clear that this is
the right attribute to use to determine the lifetime of the AAA-Key in
pre-authentication, for example.

> There is no Security Association protocol defined for lifetime
> management etc. of the AAA-key.

Does 802.16e support pre-authentication?  If so, how does the peer and
authenticator know how long the AAA-Key lives after being derived?

> IMO equivalent to TSKs, 802.16e has TEKs (Traffic Encryption
> Key) but 802.16e's current key derivation of TEKs does not follow the
> guidelines mentioned in 1.3.3 of eap-keying-06. TEKs are derived as
> randoms by BS and send to MSS encrypted and signed by keys derived from
> PMK(AAA-Key)

The keying draft doesn't require a certain derivation for the TSKs, it
merely requires that they be fresh.  Derivation of TSKs via two
nonce/counters (one for each side) means that freshness can be provided
even if one party has a broken random number generator.  Deriving a TSK
from a Nonce provided by only one party (particularly if that party is an
embedded device that may lack the required boot entropy) seems risky, no?

In particular, one can no longer say that TSKs freshness is guaranteed if
the EAP method generates a fresh AAA-Key and if the peer can generate
Nonces/counters that are fresh (as one can do in 802.11i, for example).
In existing usage, freshness can be provided even if the EAP server
generates unfresh Nonces/counters since the EAP method includes
nonces/counters from both sides.  Similarly, if the method exported keys
are fresh and the EAP peer generates a fresh nonce/counter then the
authenticator nonce/counter need not be fresh for the freshness
requirement to be met.

> How are keys named in IEEE 802.16e?  How do the parties synchronize
> the key cache?  Are the messages within the Secure Association protocol
> >>authenticated?
> [<<sbakshi>>] 802.16e does not define anything analogous to Secure
> Association protocol. Validity of AAA-Key in Authenticator and MSS is
> assumed. There is a 3-way handshake to verify the liveliness of the
> session key namely (AK) that is derived from AAA-key

The 3-way handshake sounds like a Secure Association Protocol, as defined
in the keying framework.  For example, it appears that it provides for
mutual authentication between the peer and authenticator (one of the
Housley criteria), as well as potentially providing for key freshness.

What other functions does the 3-way handshake provide?  For example:

* Secure confirmation of ciphersuites (another required property)
* TSK lifetime determination (e.g. can the 3-way handshake be used for
 a TSK rekey by either side?)
* Proper identification (e.g. are the parties identified, not merely
 their ports?)
* Is the key properly bound to its context?  This includes not only
 use of the appropriate identifiers in the 3-way handshake, but
 but also ability to verify channel bindings.
- Show quoted text -

--Boundary_(ID_wmJw54aqWUv4iTAZpu2EAA)-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From oseskyw@whale-mail.com Wed Apr 6 13:36:06 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA09076; Wed, 6 Apr 2005 13:36:06 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJEa9-0007RZ-39; Wed, 06 Apr 2005 13:44:50 -0400 Received: from [200.171.45.100] (helo=200-171-45-100.speedyterra.com.br) by mx2.foretec.com with smtp (Exim 4.24) id 1DJERW-00047Y-QY; Wed, 06 Apr 2005 13:35:59 -0400 X-Message-Info: 18M005GIGpjtl7DPO697ukPvdITH971rlDW5tTHcqCO23QRE4 Received: (from adenosine@200.171.45.100) by rabin9.27.167.8.131 (6.44.8/1.82.4) id zp498SnM2433; Thu, 07 Apr 2005 00:29:27 +0600 Message-ID: <4237155712584.93937@200.171.45.100> Reply-To: "Adrienne Gardner" From: "Adrienne Gardner" To: edu-discuss@ietf.org, edu-team-web-archive@ietf.org, edu-team@ietf.org, eap-archive@ietf.org Subject: health database, american medical directory & physiciansPrice of $247.00 (Reg. $1,299). Date: Wed, 06 Apr 2005 16:32:27 -0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--34754843567667526083" X-Spam-Score: 27.1 (+++++++++++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d ----34754843567667526083 Content-Type: text/plain; charset="iso-9572-1" Content-Transfer-Encoding: quoted-printable 7,000 hospitals, 172,000 Senior Hospital Administrators. PRE_PUBLICATION OFFER OF $247.00 (Reg. $1,299). "The New American Hospital Marketing Guide is an extremely cost-effective way of increasing your marketing efforts". David Stanford, Chicago, IL. In response to numerous inquiries from healthcare marketers, HealthLine Publications Corp. is introducing The New American Hospital Marketing Guide. The new guide is an attempt to assist healthcare professionals to target hospital decision-makers throughout the country. The Guide includes administrators in hospitals in the United States such as CEOs, CFOs, Directors (surgery, nursing, purchasing, etc.) In addition to mailing addresses, fax and phone numbers, the publication includes important hospital stats such as number of beds, hospital type, hospital number and staff size. In a rapidly-changing industry, current healthcare information is an invaluable resource to businesses and organizations. The New American Hospital Marketing Guide includes comprehensive information on more than 7,000 hospitals and 172,000 administrators. It is the most extensive and database of key decision-makers in the health care market. Each record is indexed by such features as name, address, phone and fax. The database is available in Excel format on CD Rom. It is designed for mailing lists and merges. The data can be selected by state or other criteria such as type of practice. It can be used on an unlimited basis. If you are interested in identifying and contacting hospital decision-makers most likely to benefit from your product or service, The New American Hospital Guide will save you time and money. To order The New American Hospital Guide, simply fill out the information below and fax it to 416 760-3763 (tel: 416 760-3762). Bonus Offer: New Customer Offer. Order now and receive free of charge our marketing publication: Build a Successful Healthcare Marketing Campaign.This popular publication offers a number of strategies relating to effective marketing of healthcare products. NAME: TITLE: COMPANY: ADDRESS: CITY: ZIP: TEL: FAX: EMAIL: ----34754843567667526083-- From scuito@emailaccount.com Wed Apr 6 14:11:18 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11828; Wed, 6 Apr 2005 14:11:17 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJF8B-0008Ko-9n; Wed, 06 Apr 2005 14:20:00 -0400 Received: from s01060010dca1966e.lb.shawcable.net ([70.65.185.158]) by mx2.foretec.com with smtp (Exim 4.24) id 1DJEzl-0004wE-Go; Wed, 06 Apr 2005 14:11:17 -0400 Received: from freak-jcoppens.com (EHLO injunct.jcoppens.com) by wolcott.jcoppens.com with SMTP; Wed, 06 Apr 2005 18:03:43 -0100 Date: Wed, 06 Apr 2005 12:01:43 -0700 From: "Earnest Curry" To: drafts@ietf.org Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org, ediint-archive@ietf.org, edu-discuss@ietf.org, edu-discuss-admin@ietf.org, edu-discuss-web-archive@ietf.org, edu-team@ietf.org Subject: High rates? Not with us! low fixed rate Message-ID: X-SpamTest-Info: Profile: SysLog X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [932], SpamtestISP/Release X-Mailer: MIME-tools 5.41 (Entity 5.404) X-Spam-Score: 0.2 (/) X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.3-m-n.net/sign.asp Best Regards, Felipe Summers to be remov(ed: http://www.3-m-n.net/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From eap-admin@frascone.com Wed Apr 6 15:20:11 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA18814 for ; Wed, 6 Apr 2005 15:20:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id BED9420707; Wed, 6 Apr 2005 15:20:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 29F532069F; Wed, 6 Apr 2005 15:20:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5CBFC20693 for ; Wed, 6 Apr 2005 15:19:09 -0400 (EDT) Received: from motgate8.mot.com (motgate8.mot.com [129.188.136.8]) by mail.frascone.com (Postfix) with ESMTP id 0C2132025A for ; Wed, 6 Apr 2005 15:19:07 -0400 (EDT) Received: from il06exr03.mot.com (il06exr03.mot.com [129.188.137.133]) by motgate8.mot.com (Motorola/Motgate8) with ESMTP id j36JLQ24013829 for ; Wed, 6 Apr 2005 12:21:26 -0700 (MST) Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4]) by il06exr03.mot.com (8.13.1/8.13.0) with ESMTP id j36JKxnD003996 for ; Wed, 6 Apr 2005 14:21:00 -0500 (CDT) Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72) id ; Wed, 6 Apr 2005 14:19:04 -0500 Message-ID: From: Nakhjiri Madjid-MNAKHJI1 To: "'Thomas Wieland'" Cc: eap@frascone.com, henry.haverinen@nokia.com, Nakhjiri Madjid-MNAKHJI1 Subject: RE: [eap] EAP-SIM fast re-auth identity MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C53ADD.7DC1DF9A" X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 6 Apr 2005 14:19:02 -0500 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C53ADD.7DC1DF9A Content-Type: text/plain Hi Thomas, Thanks for being among helpful "other people" :-) Ok, I am not sure how fast re-authentication protects the use identity, so I can understand if no protection is provided, that would be one way to protect the permanent identities such as IMSI. But what I don't understand is how every use of IMSI means use of new triplets? Sure EAP-SIM draft says that it does not allow re-use of triplets (I guess for full authentication), but from what I understand the fast re-authentication does not use any triplets, so the question of "re-use versus using fresh" should be moot. I do have another issue with the fast re-auth. Most of the sequence charts only show a peer and an authenticator. Does this mean the authenticator is the NAS or that it is the EAP server? I am trying to understand how this fits into a 3 party EAP authentication model and whether the fast re-authentication can apply to handovers or it is just re-authentication to the same authenticator? Regards, Madjid -----Original Message----- From: Thomas Wieland [mailto:twieland@cisco.com] Sent: Wednesday, April 06, 2005 2:41 AM To: Nakhjiri Madjid-MNAKHJI1 Cc: eap@frascone.com; henry.haverinen@nokia.com Subject: Re: [eap] EAP-SIM fast re-auth identity Hi Madjid, I'm not an author but "other people", but maybe I can shed some light on this. Henry can always correct and expand. There is nothing "wrong" with the identities used during full authentication (i.e. either permanent identity, e.g. 1IMSI @realm, or pseudonym identity). The "problem", if you will, is that by definition of a full authentication, these identities require the use of 2 or 3 GSM triplets to authenticate. For one, this implies at least one round trip to a remote server, i.e. the HLR/AuC where the triplets are generated. This is usually much slower than going through the calculations necessary to iterate the keying material locally at the AAA server. It also means additional load on the HLR/AuC. The second "bad" aspect is that each full EAP-SIM authentication uses up 2 or 3 triplets. The number of triplets that can be generated by each SIM is usually limited (e.g. to 50,000) due to security concerns. This doesn't matter too much in a GSM mobile network as authentications only use only one triplet and occur relatively infrequently compared to, for example, public WLAN. For EAP-SIM used in a PWLAN scenario, not only do you use up 2 or 3 triplets per authentication, the authentications also happen much more frequently. For example every time every time a PC gets turned on (or woken up), when a user roams between access points etc. You can see how you could be chewing through the available triplets pretty fast and once you've reached the limit hard-wired into the SIM, your SIM is dead and needs to be replaced. By using the fast re-auth mechanism, not only do you speed up EAP-SIM authentications (hence "fast" :-), you also reduce the load on the back-end server (AuC) and extend the life of your SIM. In other words, "it's a good thing". Regards, Thomas At 10:05 05-04-05 -0500, Nakhjiri Madjid-MNAKHJI1 wrote: Hi, I have a question regarding the EAP-SIM method for fast re-authentication and would appreciate it if the authors and other people respond. Why is a specific identity used for fast re-authentication? What is the problem with using the identities that were used during the full authentication? The initial identity that is sent in EAP-Response/ Identity should not have a problem, right? Thanks in advance, Madjid Nakhjiri ------_=_NextPart_001_01C53ADD.7DC1DF9A Content-Type: text/html Content-Transfer-Encoding: base64 PGh0bWw+DQoNCjxoZWFkPg0KPE1FVEEgSFRUUC1FUVVJVj0iQ29udGVudC1UeXBlIiBDT05URU5U PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXMtYXNjaWkiPg0KDQoNCjxtZXRhIG5hbWU9R2VuZXJhdG9y IGNvbnRlbnQ9Ik1pY3Jvc29mdCBXb3JkIDEwIChmaWx0ZXJlZCkiPg0KDQo8c3R5bGU+DQo8IS0t DQogLyogRm9udCBEZWZpbml0aW9ucyAqLw0KIEBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6V2lu Z2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0KCXtm b250LWZhbWlseTpUYWhvbWE7DQoJcGFub3NlLTE6MiAxMSA2IDQgMyA1IDQgNCAyIDQ7fQ0KIC8q IFN0eWxlIERlZmluaXRpb25zICovDQogcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z b05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCmE6bGluaywgc3Bh bi5Nc29IeXBlcmxpbmsNCgl7Y29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5l O30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXtjb2xvcjpwdXJwbGU7 DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLkVtYWlsU3R5bGUxNw0KCXtmb250 LWZhbWlseTpBcmlhbDsNCgljb2xvcjpuYXZ5O30NCkBwYWdlIFNlY3Rpb24xDQoJe3NpemU6OC41 aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjI1aW4gMS4waW4gMS4yNWluO30NCmRpdi5TZWN0 aW9uMQ0KCXtwYWdlOlNlY3Rpb24xO30NCi0tPg0KPC9zdHlsZT4NCg0KPC9oZWFkPg0KDQo8Ym9k eSBsYW5nPUVOLVVTIGxpbms9Ymx1ZSB2bGluaz1wdXJwbGU+DQoNCjxkaXYgY2xhc3M9U2VjdGlv bjE+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFy aWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29s b3I6bmF2eSc+SGkgVGhvbWFzLDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3Jt YWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1z aXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48 L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkg ZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFy aWFsO2NvbG9yOm5hdnknPlRoYW5rcyBmb3IgYmVpbmcgYW1vbmcgaGVscGZ1bCAib3RoZXINCnBl b3BsZSIgPC9zcGFuPjwvZm9udD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPVdpbmdkaW5n cz48c3Bhbg0Kc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6V2luZ2RpbmdzO2Nv bG9yOm5hdnknPko8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250 IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEw LjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5Jz5PaywgSSBhbSBub3Qgc3VyZSBob3cg ZmFzdA0KcmUtYXV0aGVudGljYXRpb24gcHJvdGVjdHMgdGhlIHVzZSBpZGVudGl0eSwgc28gSSBj YW4gdW5kZXJzdGFuZCBpZiBubw0KcHJvdGVjdGlvbiBpcyBwcm92aWRlZCwgdGhhdCB3b3VsZCBi ZSBvbmUgd2F5IHRvIHByb3RlY3QgdGhlIHBlcm1hbmVudA0KaWRlbnRpdGllcyBzdWNoIGFzIElN U0kuPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIg Y29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9u dC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+QnV0IHdoYXQgSSBkb24ndCB1bmRlcnN0YW5kIGlz IGhvdyBldmVyeQ0KdXNlIG9mIElNU0kgbWVhbnMgdXNlIG9mIG5ldyB0cmlwbGV0cz88L3NwYW4+ PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1uYXZ5 IGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpB cmlhbDtjb2xvcjpuYXZ5Jz5TdXJlIEVBUC1TSU0gZHJhZnQgc2F5cyB0aGF0IGl0IGRvZXMgbm90 DQphbGxvdyByZS11c2Ugb2YgdHJpcGxldHMgKEkgZ3Vlc3MgZm9yIGZ1bGwgYXV0aGVudGljYXRp b24pLCBidXQgZnJvbSB3aGF0IEkgdW5kZXJzdGFuZA0KdGhlIGZhc3QgcmUtYXV0aGVudGljYXRp b24gZG9lcyBub3QgdXNlIGFueSB0cmlwbGV0cywgc28gdGhlIHF1ZXN0aW9uIG9mICJyZS11c2UN CnZlcnN1cyB1c2luZyBmcmVzaCIgc2hvdWxkIGJlIG1vb3QuPC9zcGFuPjwvZm9udD48L3A+DQoN CjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxz cGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2 eSc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBz aXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4w cHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+SSBkbyBoYXZlIGFub3RoZXIgaXNzdWUg d2l0aCB0aGUgZmFzdA0KcmUtYXV0aC4gTW9zdCBvZiB0aGUgc2VxdWVuY2UgY2hhcnRzIG9ubHkg c2hvdyBhIHBlZXIgYW5kIGFuIGF1dGhlbnRpY2F0b3IuIERvZXMNCnRoaXMgbWVhbiB0aGUgYXV0 aGVudGljYXRvciBpcyB0aGUgTkFTIG9yIHRoYXQgaXQgaXMgdGhlIEVBUCBzZXJ2ZXI/IEkgYW0N CnRyeWluZyB0byB1bmRlcnN0YW5kIGhvdyB0aGlzIGZpdHMgaW50byBhIDMgcGFydHkgRUFQIGF1 dGhlbnRpY2F0aW9uIG1vZGVsIGFuZA0Kd2hldGhlciB0aGUgZmFzdCByZS1hdXRoZW50aWNhdGlv biBjYW4gYXBwbHkgdG8gaGFuZG92ZXJzIG9yIGl0IGlzIGp1c3QNCnJlLWF1dGhlbnRpY2F0aW9u IHRvIHRoZSBzYW1lIGF1dGhlbnRpY2F0b3I/PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNz PU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxl PSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7 PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29s b3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1m YW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+UmVnYXJkcyw8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAg Y2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNwYW4g c3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5Jz4m bmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9 MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtm b250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5Jz5NYWRqaWQ8L3NwYW4+PC9mb250PjwvcD4NCg0K PHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNw YW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5 Jz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNp emU9MiBmYWNlPVRhaG9tYT48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFt aWx5OlRhaG9tYSc+LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnI+DQo8Yj48c3BhbiBzdHls ZT0nZm9udC13ZWlnaHQ6Ym9sZCc+RnJvbTo8L3NwYW4+PC9iPiBUaG9tYXMgV2llbGFuZA0KW21h aWx0bzp0d2llbGFuZEBjaXNjby5jb21dIDxicj4NCjxiPjxzcGFuIHN0eWxlPSdmb250LXdlaWdo dDpib2xkJz5TZW50Ojwvc3Bhbj48L2I+IFdlZG5lc2RheSwgQXByaWwgMDYsIDIwMDUNCjI6NDEg QU08YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+VG86PC9zcGFuPjwvYj4g TmFraGppcmkgTWFkamlkLU1OQUtISkkxPGJyPg0KPGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2VpZ2h0 OmJvbGQnPkNjOjwvc3Bhbj48L2I+IGVhcEBmcmFzY29uZS5jb207DQpoZW5yeS5oYXZlcmluZW5A bm9raWEuY29tPGJyPg0KPGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2VpZ2h0OmJvbGQnPlN1YmplY3Q6 PC9zcGFuPjwvYj4gUmU6IFtlYXBdIEVBUC1TSU0gZmFzdA0KcmUtYXV0aCBpZGVudGl0eTwvc3Bh bj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0zIGZhY2U9IlRp bWVzIE5ldyBSb21hbiI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEyLjBwdCc+Jm5ic3A7PC9z cGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTMgZmFjZT0i VGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTIuMHB0Jz48YnI+DQpI aSBNYWRqaWQsPGJyPg0KPGJyPg0KJm5ic3A7IEknbSBub3QgYW4gYXV0aG9yIGJ1dCAmcXVvdDtv dGhlciBwZW9wbGUmcXVvdDssIGJ1dCBtYXliZSBJIGNhbiBzaGVkIDxicj4NCnNvbWUgbGlnaHQg b24gdGhpcy4mbmJzcDsgSGVucnkgY2FuIGFsd2F5cyBjb3JyZWN0IGFuZCBleHBhbmQuPGJyPg0K PGJyPg0KVGhlcmUgaXMgbm90aGluZyAmcXVvdDt3cm9uZyZxdW90OyB3aXRoIHRoZSBpZGVudGl0 aWVzIHVzZWQgZHVyaW5nIGZ1bGw8YnI+DQphdXRoZW50aWNhdGlvbiAoaS5lLiBlaXRoZXIgcGVy bWFuZW50IGlkZW50aXR5LCBlLmcuIDFJTVNJIEByZWFsbSw8YnI+DQpvciBwc2V1ZG9ueW0gaWRl bnRpdHkpLiZuYnNwOyBUaGUgJnF1b3Q7cHJvYmxlbSZxdW90OywgaWYgeW91IHdpbGwsIGlzIHRo YXQgYnk8YnI+DQpkZWZpbml0aW9uIG9mIGEgZnVsbCBhdXRoZW50aWNhdGlvbiwgdGhlc2UgaWRl bnRpdGllcyByZXF1aXJlIHRoZTxicj4NCnVzZSBvZiAyIG9yIDMgR1NNIHRyaXBsZXRzIHRvIGF1 dGhlbnRpY2F0ZS4mbmJzcDsgPGJyPg0KPGJyPg0KRm9yIG9uZSwgdGhpcyBpbXBsaWVzIGF0IGxl YXN0IG9uZSByb3VuZCB0cmlwIHRvIGEgcmVtb3RlIHNlcnZlciwgPGJyPg0KaS5lLiB0aGUgSExS L0F1QyB3aGVyZSB0aGUgdHJpcGxldHMgYXJlIGdlbmVyYXRlZC4mbmJzcDsgVGhpcyBpcyA8YnI+ DQp1c3VhbGx5IG11Y2ggc2xvd2VyIHRoYW4gZ29pbmcgdGhyb3VnaCB0aGUgY2FsY3VsYXRpb25z IDxicj4NCm5lY2Vzc2FyeSB0byBpdGVyYXRlIHRoZSBrZXlpbmcgbWF0ZXJpYWwgbG9jYWxseSBh dCB0aGUgQUFBIDxicj4NCnNlcnZlci4mbmJzcDsgSXQgYWxzbyBtZWFucyBhZGRpdGlvbmFsIGxv YWQgb24gdGhlIEhMUi9BdUMuPGJyPg0KPGJyPg0KVGhlIHNlY29uZCAmcXVvdDtiYWQmcXVvdDsg YXNwZWN0IGlzIHRoYXQgZWFjaCBmdWxsIEVBUC1TSU0gYXV0aGVudGljYXRpb24gdXNlcw0KPGJy Pg0KdXAgMiBvciAzIHRyaXBsZXRzLiZuYnNwOyBUaGUgbnVtYmVyIG9mIHRyaXBsZXRzIHRoYXQg Y2FuIGJlIGdlbmVyYXRlZCBieSBlYWNoIDxicj4NClNJTSBpcyB1c3VhbGx5IGxpbWl0ZWQgKGUu Zy4gdG8gNTAsMDAwKSBkdWUgdG8gc2VjdXJpdHkgY29uY2VybnMuJm5ic3A7IFRoaXMgPGJyPg0K ZG9lc24ndCBtYXR0ZXIgdG9vIG11Y2ggaW4gYSBHU00gbW9iaWxlIG5ldHdvcmsgYXMgYXV0aGVu dGljYXRpb25zPGJyPg0Kb25seSB1c2Ugb25seSBvbmUgdHJpcGxldCBhbmQgb2NjdXIgcmVsYXRp dmVseSBpbmZyZXF1ZW50bHkgY29tcGFyZWQgdG8sPGJyPg0KZm9yIGV4YW1wbGUsIHB1YmxpYyBX TEFOLiZuYnNwOyBGb3IgRUFQLVNJTSB1c2VkIGluIGEgUFdMQU4gc2NlbmFyaW8sPGJyPg0Kbm90 IG9ubHkgZG8geW91IHVzZSB1cCAyIG9yIDMgdHJpcGxldHMgcGVyIGF1dGhlbnRpY2F0aW9uLCB0 aGUgYXV0aGVudGljYXRpb25zIDxicj4NCmFsc28gaGFwcGVuIG11Y2ggbW9yZSBmcmVxdWVudGx5 LiZuYnNwOyBGb3IgZXhhbXBsZSBldmVyeSB0aW1lIGV2ZXJ5IHRpbWUgPGJyPg0KYSBQQyBnZXRz IHR1cm5lZCBvbiAob3Igd29rZW4gdXApLCB3aGVuIGEgdXNlciByb2FtcyBiZXR3ZWVuIGFjY2Vz czxicj4NCnBvaW50cyBldGMuJm5ic3A7IFlvdSBjYW4gc2VlIGhvdyB5b3UgY291bGQgYmUgY2hl d2luZyB0aHJvdWdoIHRoZSBhdmFpbGFibGU8YnI+DQp0cmlwbGV0cyBwcmV0dHkgZmFzdCBhbmQg b25jZSB5b3UndmUgcmVhY2hlZCB0aGUgbGltaXQgaGFyZC13aXJlZCBpbnRvIHRoZTxicj4NClNJ TSwgeW91ciBTSU0gaXMgZGVhZCBhbmQgbmVlZHMgdG8gYmUgcmVwbGFjZWQuJm5ic3A7IDxicj4N Cjxicj4NCkJ5IHVzaW5nIHRoZSBmYXN0IHJlLWF1dGggbWVjaGFuaXNtLCBub3Qgb25seSBkbyB5 b3Ugc3BlZWQgdXAgPGJyPg0KRUFQLVNJTSBhdXRoZW50aWNhdGlvbnMgKGhlbmNlICZxdW90O2Zh c3QmcXVvdDsgOi0pLCB5b3UgYWxzbyByZWR1Y2UgdGhlPGJyPg0KbG9hZCBvbiB0aGUgYmFjay1l bmQgc2VydmVyIChBdUMpIGFuZCBleHRlbmQgdGhlIGxpZmUgb2YgeW91ciBTSU0uPGJyPg0KSW4g b3RoZXIgd29yZHMsICZxdW90O2l0J3MgYSBnb29kIHRoaW5nJnF1b3Q7Ljxicj4NCjxicj4NClJl Z2FyZHMsPGJyPg0KPGJyPg0KJm5ic3A7IFRob21hczxicj4NCjxicj4NCjxicj4NCjxicj4NCkF0 IDEwOjA1IDA1LTA0LTA1IC0wNTAwLCBOYWtoamlyaSBNYWRqaWQtTU5BS0hKSTEgd3JvdGU6PGJy Pg0KPGJyPg0KPGJyPg0KPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48 Zm9udCBzaXplPTIgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZv bnQtZmFtaWx5OkFyaWFsJz5IaSwgPGJyPg0KPC9zcGFuPjwvZm9udD48YnI+DQo8Zm9udCBzaXpl PTIgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpB cmlhbCc+Jm5ic3A7PGJyPg0KPC9zcGFuPjwvZm9udD48YnI+DQo8Zm9udCBzaXplPTIgZmFjZT1B cmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpBcmlhbCc+SSBo YXZlDQphIHF1ZXN0aW9uIHJlZ2FyZGluZyB0aGUgRUFQLVNJTSBtZXRob2QgZm9yIGZhc3QgcmUt YXV0aGVudGljYXRpb24gYW5kIHdvdWxkDQphcHByZWNpYXRlIGl0IGlmIHRoZSBhdXRob3JzIGFu ZCBvdGhlciBwZW9wbGUgcmVzcG9uZC4gV2h5IGlzIGEgc3BlY2lmaWMNCmlkZW50aXR5IHVzZWQg Zm9yIGZhc3QgcmUtYXV0aGVudGljYXRpb24/IFdoYXQgaXMgdGhlIHByb2JsZW0gd2l0aCB1c2lu ZyB0aGUNCmlkZW50aXRpZXMgdGhhdCB3ZXJlIHVzZWQgZHVyaW5nIHRoZSBmdWxsIGF1dGhlbnRp Y2F0aW9uPyBUaGUgaW5pdGlhbCBpZGVudGl0eQ0KdGhhdCBpcyBzZW50IGluIEVBUC1SZXNwb25z ZS8gSWRlbnRpdHkgc2hvdWxkIG5vdCBoYXZlIGEgcHJvYmxlbSwgcmlnaHQ/PGJyPg0KPC9zcGFu PjwvZm9udD48YnI+DQo8Zm9udCBzaXplPTIgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1z aXplOjEwLjBwdDtmb250LWZhbWlseTpBcmlhbCc+Jm5ic3A7PGJyPg0KPC9zcGFuPjwvZm9udD48 YnI+DQo8Zm9udCBzaXplPTIgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBw dDtmb250LWZhbWlseTpBcmlhbCc+VGhhbmtzDQppbiBhZHZhbmNlLDxicj4NCjwvc3Bhbj48L2Zv bnQ+PGJyPg0KPGZvbnQgc2l6ZT0yIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZTox MC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWwnPiZuYnNwOzxicj4NCjwvc3Bhbj48L2ZvbnQ+PGJyPg0K PGZvbnQgc2l6ZT0yIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9u dC1mYW1pbHk6QXJpYWwnPk1hZGppZA0KTmFraGppcmk8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9k aXY+DQoNCjwvYm9keT4NCg0KPC9odG1sPg0K ------_=_NextPart_001_01C53ADD.7DC1DF9A-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Apr 6 15:51:11 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA23939 for ; Wed, 6 Apr 2005 15:51:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 834AA2070B; Wed, 6 Apr 2005 15:51:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 8EDBD206BC; Wed, 6 Apr 2005 15:51:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B4BA2206BC for ; Wed, 6 Apr 2005 15:50:47 -0400 (EDT) Received: from motgate8.mot.com (motgate8.mot.com [129.188.136.8]) by mail.frascone.com (Postfix) with ESMTP id 5D8CF20693 for ; Wed, 6 Apr 2005 15:50:44 -0400 (EDT) Received: from il06exr01.mot.com (il06exr01.mot.com [129.188.137.131]) by motgate8.mot.com (Motorola/Motgate8) with ESMTP id j36Jr524027074 for ; Wed, 6 Apr 2005 12:53:05 -0700 (MST) Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4]) by il06exr01.mot.com (8.13.1/8.13.0) with ESMTP id j36Jqqbs003485 for ; Wed, 6 Apr 2005 14:52:52 -0500 (CDT) Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72) id ; Wed, 6 Apr 2005 14:50:42 -0500 Message-ID: From: Nakhjiri Madjid-MNAKHJI1 To: "'henry.haverinen@nokia.com'" , twieland@cisco.com Cc: eap@frascone.com Subject: RE: [eap] EAP-SIM fast re-auth identity MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C53AE1.E96122E8" X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 6 Apr 2005 14:50:40 -0500 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C53AE1.E96122E8 Content-Type: text/plain Hi Henry, Thank you for sending a quick response. I don't have an issue with having a fast re-authentication method that is more lightweight than the full authentication as long as the security is not compromised. One thing I am not clear about is whether the procedure is intended for handovers or not. But that is a different issue. The point I was trying to understand is not why fast re-authentication is needed, it is why a different identity is being used. Please see inline. Regards, Madjid -----Original Message----- From: henry.haverinen@nokia.com [mailto:henry.haverinen@nokia.com] Sent: Wednesday, April 06, 2005 3:34 AM To: twieland@cisco.com; Nakhjiri Madjid-MNAKHJI1 Cc: eap@frascone.com Subject: RE: [eap] EAP-SIM fast re-auth identity Hi Madjid, Thomas, Thomas already justified very well why there is a separate fast re-authentication procedure. The use of separate identities on fast re-authentication is just one way to design the re-authentication procedure. Alternatively, we could have used the same pseudonyms during fast re-authentication. There are some benefits in using separate identities. Thanks to the separate identities, fast re-authentication and full authentication can be implemented separately, more modularly, at the server. Madjid>>Can't both modules use the same identity for the peer? I am guessing for fast re-auth you need to locate the MK, can't you do it with the same identity as the one you used for full authentication? When the server runs fast re-authentication, it does not have to update the information about the full authentication pseudonym. Fast re-authentication could even be distributed to a separate entity, a separate subsystem of the EAP server that does not need to have any access to the triplets or to other "long-term" state of the subscriber. Madjid>> why do you need the triplets for fast re-authentication. Isn't the user id and MK enough? A separate fast-reauthentication identity also indicates to the server that the client wants to use fast re-authentication. Hence it is possible to "overload" the identity with this indication and save a roundtrip in some cases. Madjid>>Couldn't this be done with the same identity by some sort of flag or subtype? When there are several AAA servers, pseudonyms should be decodable by all the servers at the home network. They should also be decodable a long time after they were delivered. Hence, the storing mechanism for pseudonyms is likely to be "expensive". Fast re-authentication identities can be locally administered by a single server, and it does not matter if they are not stored so "reliably". Madjid>> I guess it depends on how fast re-auth ID is created/ communicated to the local server. I am guessing fast re-auth ID is generated after a full authentication with a perm. ID is performed and the master key is sent from the central server to the local server. If the MK is sent to the local server processing the fast re-auth, why not send the perm. ID with it? Unless you want to protect the perm. ID from the local server? For example, some EAP-SIM server implementations use cryptographically generated pseudonyms that contain the IMSI, but use short number IDs as re-authentication identities. (However, 3GPP decided to use the same format for both types of identities in release 6 specifications.) Regards, Henry -----Original Message----- From: eap-admin@frascone.com [mailto:eap-admin@frascone.com]On Behalf Of ext Thomas Wieland Sent: 06 April, 2005 10:41 To: Nakhjiri Madjid-MNAKHJI1 Cc: eap@frascone.com; Haverinen Henry (Nokia-ES/Jyvaskyla) Subject: Re: [eap] EAP-SIM fast re-auth identity Hi Madjid, I'm not an author but "other people", but maybe I can shed some light on this. Henry can always correct and expand. There is nothing "wrong" with the identities used during full authentication (i.e. either permanent identity, e.g. 1IMSI @realm, or pseudonym identity). The "problem", if you will, is that by definition of a full authentication, these identities require the use of 2 or 3 GSM triplets to authenticate. For one, this implies at least one round trip to a remote server, i.e. the HLR/AuC where the triplets are generated. This is usually much slower than going through the calculations necessary to iterate the keying material locally at the AAA server. It also means additional load on the HLR/AuC. The second "bad" aspect is that each full EAP-SIM authentication uses up 2 or 3 triplets. The number of triplets that can be generated by each SIM is usually limited (e.g. to 50,000) due to security concerns. This doesn't matter too much in a GSM mobile network as authentications only use only one triplet and occur relatively infrequently compared to, for example, public WLAN. For EAP-SIM used in a PWLAN scenario, not only do you use up 2 or 3 triplets per authentication, the authentications also happen much more frequently. For example every time every time a PC gets turned on (or woken up), when a user roams between access points etc. You can see how you could be chewing through the available triplets pretty fast and once you've reached the limit hard-wired into the SIM, your SIM is dead and needs to be replaced. By using the fast re-auth mechanism, not only do you speed up EAP-SIM authentications (hence "fast" :-), you also reduce the load on the back-end server (AuC) and extend the life of your SIM. In other words, "it's a good thing". Regards, Thomas At 10:05 05-04-05 -0500, Nakhjiri Madjid-MNAKHJI1 wrote: Hi, I have a question regarding the EAP-SIM method for fast re-authentication and would appreciate it if the authors and other people respond. Why is a specific identity used for fast re-authentication? What is the problem with using the identities that were used during the full authentication? The initial identity that is sent in EAP-Response/ Identity should not have a problem, right? Thanks in advance, Madjid Nakhjiri _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap ------_=_NextPart_001_01C53AE1.E96122E8 Content-Type: text/html Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxodG1sPg0KDQo8aGVhZD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIg Q09OVEVOVD0idGV4dC9odG1sOyBjaGFyc2V0PXVzLWFzY2lpIj4NCg0KDQo8bWV0YSBuYW1lPUdl bmVyYXRvciBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxMCAoZmlsdGVyZWQpIj4NCg0KPHN0eWxl Pg0KPCEtLQ0KIC8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCiBAZm9udC1mYWNlDQoJe2ZvbnQtZmFt aWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQogLyogU3R5bGUg RGVmaW5pdGlvbnMgKi8NCiBwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFs DQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMi4w cHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5 cGVybGluaw0KCXtjb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2 aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe2NvbG9yOnB1cnBsZTsNCgl0ZXh0 LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnNwYW4uRW1haWxTdHlsZTE3DQoJe2ZvbnQtZmFtaWx5 OkFyaWFsOw0KCWNvbG9yOm5hdnk7fQ0KQHBhZ2UgU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4w aW47DQoJbWFyZ2luOjEuMGluIDEuMjVpbiAxLjBpbiAxLjI1aW47fQ0KZGl2LlNlY3Rpb24xDQoJ e3BhZ2U6U2VjdGlvbjE7fQ0KIC8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCiBvbA0KCXttYXJnaW4t Ym90dG9tOjBpbjt9DQp1bA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQotLT4NCjwvc3R5bGU+DQoN CjwvaGVhZD4NCg0KPGJvZHkgbGFuZz1FTi1VUyBsaW5rPWJsdWUgdmxpbms9cHVycGxlPg0KDQo8 ZGl2IGNsYXNzPVNlY3Rpb24xPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNv bG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQt ZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPkhpIEhlbnJ5LDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8 cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3Bh biBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnkn PiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6 ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0 O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPlRoYW5rIHlvdSBmb3Igc2VuZGluZyBhIHF1 aWNrIHJlc3BvbnNlLiBJDQpkb24ndCBoYXZlIGFuIGlzc3VlIHdpdGggaGF2aW5nIGEgZmFzdCBy ZS1hdXRoZW50aWNhdGlvbiBtZXRob2QgdGhhdCBpcw0KbW9yZSBsaWdodHdlaWdodCB0aGFuIHRo ZSBmdWxsIGF1dGhlbnRpY2F0aW9uIGFzIGxvbmcgYXMgdGhlIHNlY3VyaXR5IGlzIG5vdA0KY29t cHJvbWlzZWQuIE9uZSB0aGluZyBJIGFtIG5vdCBjbGVhciBhYm91dCBpcyB3aGV0aGVyIHRoZSBw cm9jZWR1cmUgaXMNCmludGVuZGVkIGZvciBoYW5kb3ZlcnMgb3Igbm90LiBCdXQgdGhhdCBpcyBh IGRpZmZlcmVudCBpc3N1ZS4gVGhlIHBvaW50IEkgd2FzDQp0cnlpbmcgdG8gdW5kZXJzdGFuZCBp cyBub3Qgd2h5IGZhc3QgcmUtYXV0aGVudGljYXRpb24gaXMgbmVlZGVkLCBpdCBpcyB3aHkgYQ0K ZGlmZmVyZW50IGlkZW50aXR5IGlzIGJlaW5nIHVzZWQuIFBsZWFzZSBzZWUgaW5saW5lLjwvc3Bh bj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5h dnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5 OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1N c29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0n Zm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPlJlZ2FyZHMs PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29s b3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1m YW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNs YXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0 eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+TWFk amlkPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIg Y29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9u dC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxw IGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT1UYWhvbWE+PHNwYW4gc3R5bGU9J2Zv bnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseTpUYWhvbWEnPi0tLS0tT3JpZ2luYWwgTWVzc2Fn ZS0tLS0tPGJyPg0KPGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2VpZ2h0OmJvbGQnPkZyb206PC9zcGFu PjwvYj4gaGVucnkuaGF2ZXJpbmVuQG5va2lhLmNvbQ0KW21haWx0bzpoZW5yeS5oYXZlcmluZW5A bm9raWEuY29tXSA8YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+U2VudDo8 L3NwYW4+PC9iPiA8L3NwYW4+PC9mb250Pjxmb250IHNpemU9MiBmYWNlPVRhaG9tYT48c3BhbiBz dHlsZT0nZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpUYWhvbWEnPldlZG5lc2RheSwNCiBB cHJpbCAwNiwgMjAwNTwvc3Bhbj48L2ZvbnQ+PGZvbnQgc2l6ZT0yIGZhY2U9VGFob21hPjxzcGFu IHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6VGFob21hJz4gPC9zcGFuPjwv Zm9udD48Zm9udCBzaXplPTIgZmFjZT1UYWhvbWE+PHNwYW4NCiBzdHlsZT0nZm9udC1zaXplOjEw LjBwdDtmb250LWZhbWlseTpUYWhvbWEnPjM6MzQgQU08L3NwYW4+PC9mb250Pjxmb250IHNpemU9 Mg0KZmFjZT1UYWhvbWE+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6 VGFob21hJz48YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+VG86PC9zcGFu PjwvYj4gdHdpZWxhbmRAY2lzY28uY29tOyBOYWtoamlyaQ0KTWFkamlkLU1OQUtISkkxPGJyPg0K PGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2VpZ2h0OmJvbGQnPkNjOjwvc3Bhbj48L2I+IGVhcEBmcmFz Y29uZS5jb208YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+U3ViamVjdDo8 L3NwYW4+PC9iPiBSRTogW2VhcF0gRUFQLVNJTSBmYXN0DQpyZS1hdXRoIGlkZW50aXR5PC9zcGFu PjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTMgZmFjZT0iVGlt ZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTIuMHB0Jz4mbmJzcDs8L3Nw YW4+PC9mb250PjwvcD4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9 MiBjb2xvcj1ibHVlIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtm b250LWZhbWlseTpBcmlhbDtjb2xvcjpibHVlJz5IaSBNYWRqaWQsIFRob21hcyw8L3NwYW4+PC9m b250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBz aXplPTMgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTIu MHB0Jz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoNCjxwIGNs YXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFyaWFsPjxzcGFuIHN0 eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6Ymx1ZSc+VGhv bWFzIGFscmVhZHkganVzdGlmaWVkIHZlcnkgd2VsbCB3aHkNCnRoZXJlIGlzIGEgc2VwYXJhdGUg ZmFzdCByZS1hdXRoZW50aWNhdGlvbiBwcm9jZWR1cmUuPC9zcGFuPjwvZm9udD48L3A+DQoNCjwv ZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0zIGZhY2U9IlRp bWVzIE5ldyBSb21hbiI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEyLjBwdCc+Jm5ic3A7PC9z cGFuPjwvZm9udD48L3A+DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+ PGZvbnQgc2l6ZT0yIGNvbG9yPWJsdWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXpl Og0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOmJsdWUnPlRoZSB1c2Ugb2Ygc2VwYXJh dGUgaWRlbnRpdGllcyBvbiBmYXN0DQpyZS1hdXRoZW50aWNhdGlvbiBpcyBqdXN0IG9uZSB3YXkg dG8gZGVzaWduJm5ic3A7dGhlIHJlLWF1dGhlbnRpY2F0aW9uPC9zcGFuPjwvZm9udD48L3A+DQoN CjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9y PWJsdWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFt aWx5OkFyaWFsO2NvbG9yOmJsdWUnPnByb2NlZHVyZS4gQWx0ZXJuYXRpdmVseSwgd2UgY291bGQg aGF2ZQ0KdXNlZCB0aGUgc2FtZSBwc2V1ZG9ueW1zIGR1cmluZyBmYXN0IHJlLWF1dGhlbnRpY2F0 aW9uLjwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNv Tm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1ibHVlIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2Zv bnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpibHVlJz5UaGVyZSBhcmUg c29tZSBiZW5lZml0cyBpbiB1c2luZyBzZXBhcmF0ZQ0KaWRlbnRpdGllcy48L3NwYW4+PC9mb250 PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXpl PTMgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTIuMHB0 Jz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoNCjxwIGNsYXNz PU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxl PSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6Ymx1ZSc+VGhhbmtz IHRvIHRoZSBzZXBhcmF0ZSBpZGVudGl0aWVzLCBmYXN0DQpyZS1hdXRoZW50aWNhdGlvbiBhbmQg ZnVsbCBhdXRoZW50aWNhdGlvbiBjYW4gYmUgaW1wbGVtZW50ZWQgPC9zcGFuPjwvZm9udD48L3A+ DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNv bG9yPWJsdWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQt ZmFtaWx5OkFyaWFsO2NvbG9yOmJsdWUnPnNlcGFyYXRlbHksIG1vcmUgbW9kdWxhcmx5LCBhdCB0 aGUgc2VydmVyLg0KPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9u dCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQox MC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7PC9zcGFuPjwvZm9udD48 L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9cmVkIGZhY2U9QXJp YWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xv cjpyZWQnPk1hZGppZCZndDsmZ3Q7Q2FuJ3QgYm90aCBtb2R1bGVzIHVzZQ0KdGhlIHNhbWUgaWRl bnRpdHkgZm9yIHRoZSBwZWVyPyBJIGFtIGd1ZXNzaW5nIGZvciBmYXN0IHJlLWF1dGggeW91IG5l ZWQgdG8NCmxvY2F0ZSB0aGUgTUssIGNhbid0IHlvdSBkbyBpdCB3aXRoIHRoZSBzYW1lIGlkZW50 aXR5IGFzIHRoZSBvbmUgeW91IHVzZWQNCmZvciBmdWxsIGF1dGhlbnRpY2F0aW9uPzwvc3Bhbj48 L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkg ZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFy aWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29O b3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9u dC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bh bj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPWJs dWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5 OkFyaWFsO2NvbG9yOmJsdWUnPldoZW4gdGhlIHNlcnZlciBydW5zIGZhc3QNCnJlLWF1dGhlbnRp Y2F0aW9uLCBpdCBkb2VzIG5vdCBoYXZlIDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0K PGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1ibHVlIGZhY2U9 QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtj b2xvcjpibHVlJz50byB1cGRhdGUgdGhlIGluZm9ybWF0aW9uIGFib3V0IHRoZSBmdWxsDQphdXRo ZW50aWNhdGlvbiBwc2V1ZG9ueW0uIEZhc3QgcmUtYXV0aGVudGljYXRpb24gPC9zcGFuPjwvZm9u dD48L3A+DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6 ZT0yIGNvbG9yPWJsdWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0 O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOmJsdWUnPmNvdWxkIGV2ZW4gYmUgZGlzdHJpYnV0ZWQg dG8gYSBzZXBhcmF0ZQ0KZW50aXR5LCBhIHNlcGFyYXRlIHN1YnN5c3RlbSBvZiB0aGUgRUFQIHNl cnZlciB0aGF0PC9zcGFuPjwvZm9udD48L3A+DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFz cz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPWJsdWUgZmFjZT1BcmlhbD48c3BhbiBzdHls ZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOmJsdWUnPmRvZXMg bm90IG5lZWQgdG8gaGF2ZSBhbnkgYWNjZXNzIHRvIHRoZQ0KdHJpcGxldHMgb3IgdG8gb3RoZXIg JnF1b3Q7bG9uZy10ZXJtJnF1b3Q7IHN0YXRlIG9mIHRoZSBzdWJzY3JpYmVyLiA8L3NwYW4+PC9m b250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBz aXplPTMgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTIu MHB0Jz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250 IHNpemU9MiBjb2xvcj1yZWQgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAu MHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOnJlZCc+TWFkamlkJmd0OyZndDsgd2h5IGRvIHlv dSBuZWVkIHRoZSB0cmlwbGV0cw0KZm9yIGZhc3QgcmUtYXV0aGVudGljYXRpb24uIElzbid0IHRo ZSB1c2VyIGlkIGFuZCBNSyBlbm91Z2g/PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1z b05vcm1hbD48Zm9udCBzaXplPTMgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0n Zm9udC1zaXplOg0KMTIuMHB0Jz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoN CjxkaXY+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNl PUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7 Y29sb3I6Ymx1ZSc+QSBzZXBhcmF0ZSBmYXN0LXJlYXV0aGVudGljYXRpb24gaWRlbnRpdHkNCmFs c28gaW5kaWNhdGVzIHRvIHRoZSBzZXJ2ZXIgdGhhdCB0aGUgY2xpZW50IHdhbnRzIHRvIHVzZTwv c3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFs Pjxmb250IHNpemU9MiBjb2xvcj1ibHVlIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6 ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpibHVlJz5mYXN0IHJlLWF1dGhlbnRp Y2F0aW9uLiBIZW5jZSBpdCBpcw0KcG9zc2libGUgdG8gJnF1b3Q7b3ZlcmxvYWQmcXVvdDsgdGhl IGlkZW50aXR5IHdpdGggdGhpcyBpbmRpY2F0aW9uIGFuZDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8 L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1i bHVlIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWls eTpBcmlhbDtjb2xvcjpibHVlJz5zYXZlIGEgcm91bmR0cmlwIGluIHNvbWUgY2FzZXMuPC9zcGFu PjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2 eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6 QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1z b05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9cmVkIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2Zv bnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpyZWQnPk1hZGppZCZndDsm Z3Q7Q291bGRuJ3QgdGhpcyBiZSBkb25lDQp3aXRoIHRoZSBzYW1lIGlkZW50aXR5IGJ5IHNvbWUg c29ydCBvZiBmbGFnIG9yIHN1YnR5cGU/IDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0K PGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MyBmYWNlPSJUaW1lcyBOZXcg Um9tYW4iPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMi4wcHQnPiZuYnNwOzwvc3Bhbj48L2Zv bnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNp emU9MiBjb2xvcj1ibHVlIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBw dDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpibHVlJz5XaGVuIHRoZXJlIGFyZSBzZXZlcmFsIEFB QSBzZXJ2ZXJzLA0KcHNldWRvbnltcyBzaG91bGQgYmUgZGVjb2RhYmxlIGJ5IGFsbCB0aGUgc2Vy dmVyczwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNv Tm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1ibHVlIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2Zv bnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpibHVlJz5hdCB0aGUgaG9t ZSBuZXR3b3JrLiBUaGV5IHNob3VsZCBhbHNvIGJlDQpkZWNvZGFibGUgYSBsb25nIHRpbWUgYWZ0 ZXIgdGhleSB3ZXJlIGRlbGl2ZXJlZC48L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxk aXY+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFy aWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29s b3I6Ymx1ZSc+SGVuY2UsIHRoZSBzdG9yaW5nIG1lY2hhbmlzbSBmb3IgcHNldWRvbnltcw0KaXMg bGlrZWx5IHRvIGJlICZxdW90O2V4cGVuc2l2ZSZxdW90Oy4gRmFzdCByZS1hdXRoZW50aWNhdGlv bjwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9y bWFsPjxmb250IHNpemU9MiBjb2xvcj1ibHVlIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQt c2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpibHVlJz5pZGVudGl0aWVzIGNh biBiZSBsb2NhbGx5IGFkbWluaXN0ZXJlZCBieQ0KYSBzaW5nbGUgc2VydmVyLCBhbmQgaXQgZG9l cyBub3QgbWF0dGVyIGlmIHRoZXkgYXJlPC9zcGFuPjwvZm9udD48L3A+DQoNCjwvZGl2Pg0KDQo8 ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPWJsdWUgZmFjZT1B cmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2Nv bG9yOmJsdWUnPm5vdCBzdG9yZWQgc28gJnF1b3Q7cmVsaWFibHkmcXVvdDsuIDwvc3Bhbj48L2Zv bnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFj ZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFs O2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3Jt YWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1z aXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPk1hZGppZCZndDsmZ3Q7 IEkgZ3Vlc3MgaXQgZGVwZW5kcyBvbiBob3cgZmFzdA0KcmUtYXV0aCBJRCBpcyBjcmVhdGVkLyBj b21tdW5pY2F0ZWQgdG8gdGhlIGxvY2FsIHNlcnZlci48L3NwYW4+PC9mb250PjwvcD4NCg0KPHAg Y2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNwYW4g c3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5Jz5J IGFtIGd1ZXNzaW5nIGZhc3QgcmUtYXV0aCBJRCBpcyBnZW5lcmF0ZWQNCmFmdGVyIGEgZnVsbCBh dXRoZW50aWNhdGlvbiB3aXRoIGEgcGVybS4gSUQgaXMgcGVyZm9ybWVkIGFuZCB0aGUgbWFzdGVy IGtleSBpcw0Kc2VudCBmcm9tIHRoZSBjZW50cmFsIHNlcnZlciB0byB0aGUgbG9jYWwgc2VydmVy LiBJZiB0aGUgTUsgaXMgc2VudCB0byB0aGUNCmxvY2FsIHNlcnZlciBwcm9jZXNzaW5nIHRoZSBm YXN0IHJlLWF1dGgsIHdoeSBub3Qgc2VuZCB0aGUgcGVybS4gSUQgd2l0aCBpdD8gVW5sZXNzDQp5 b3Ugd2FudCB0byBwcm90ZWN0IHRoZSBwZXJtLiBJRCBmcm9tIHRoZSBsb2NhbCBzZXJ2ZXI/PC9z cGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9 bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1p bHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNz PU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxl PSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6Ymx1ZSc+Rm9yIGV4 YW1wbGUsIHNvbWUgRUFQLVNJTSBzZXJ2ZXINCmltcGxlbWVudGF0aW9ucyB1c2UgY3J5cHRvZ3Jh cGhpY2FsbHkgZ2VuZXJhdGVkPC9zcGFuPjwvZm9udD48L3A+DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0K DQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPWJsdWUgZmFjZT1BcmlhbD48 c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOmJs dWUnPnBzZXVkb255bXMgdGhhdCBjb250YWluIHRoZSBJTVNJLCBidXQgdXNlDQpzaG9ydCBudW1i ZXIgSURzIGFzIHJlLWF1dGhlbnRpY2F0aW9uIGlkZW50aXRpZXMuPC9zcGFuPjwvZm9udD48L3A+ DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNv bG9yPWJsdWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQt ZmFtaWx5OkFyaWFsO2NvbG9yOmJsdWUnPihIb3dldmVyLCAzR1BQIGRlY2lkZWQgdG8gdXNlIHRo ZSBzYW1lDQpmb3JtYXQgZm9yIGJvdGggdHlwZXMgb2YgaWRlbnRpdGllcyBpbiByZWxlYXNlIDYg c3BlY2lmaWNhdGlvbnMuKTwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0K PHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MyBmYWNlPSJUaW1lcyBOZXcgUm9tYW4iPjxz cGFuIHN0eWxlPSdmb250LXNpemU6DQoxMi4wcHQnPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0K DQo8L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xv cj1ibHVlIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZh bWlseTpBcmlhbDtjb2xvcjpibHVlJz5SZWdhcmRzLDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rp dj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1ibHVl IGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpB cmlhbDtjb2xvcjpibHVlJz5IZW5yeTwvc3Bhbj48L2ZvbnQ+Jm5ic3A7PC9wPg0KDQo8L2Rpdj4N Cg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MyBmYWNlPSJUaW1lcyBO ZXcgUm9tYW4iPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMi4wcHQnPiZuYnNwOzwvc3Bhbj48 L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250 IHNpemU9MyBmYWNlPSJUaW1lcyBOZXcgUm9tYW4iPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQox Mi4wcHQnPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGJsb2NrcXVvdGUg c3R5bGU9J2JvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGluZzow aW4gMGluIDBpbiA0LjBwdDsNCm1hcmdpbi1sZWZ0OjMuNzVwdDttYXJnaW4tdG9wOjUuMHB0O21h cmdpbi1ib3R0b206NS4wcHQnPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWwgc3R5bGU9J21hcmdpbi1i b3R0b206MTIuMHB0Jz48Zm9udCBzaXplPTIgZmFjZT1UYWhvbWE+PHNwYW4NCnN0eWxlPSdmb250 LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlRhaG9tYSc+LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0t LS08YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+RnJvbTo8L3NwYW4+PC9i PiBlYXAtYWRtaW5AZnJhc2NvbmUuY29tDQpbbWFpbHRvOmVhcC1hZG1pbkBmcmFzY29uZS5jb21d PGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2VpZ2h0OmJvbGQnPk9uIEJlaGFsZiBPZiA8L3NwYW4+PC9i PmV4dA0KVGhvbWFzIFdpZWxhbmQ8YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9s ZCc+U2VudDo8L3NwYW4+PC9iPiAwNiBBcHJpbCwgMjAwNSAxMDo0MTxicj4NCjxiPjxzcGFuIHN0 eWxlPSdmb250LXdlaWdodDpib2xkJz5Ubzo8L3NwYW4+PC9iPiBOYWtoamlyaSBNYWRqaWQtTU5B S0hKSTE8YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+Q2M6PC9zcGFuPjwv Yj4gZWFwQGZyYXNjb25lLmNvbTsgSGF2ZXJpbmVuDQpIZW5yeSAoTm9raWEtRVMvSnl2YXNreWxh KTxicj4NCjxiPjxzcGFuIHN0eWxlPSdmb250LXdlaWdodDpib2xkJz5TdWJqZWN0Ojwvc3Bhbj48 L2I+IFJlOiBbZWFwXSBFQVAtU0lNIGZhc3QNCnJlLWF1dGggaWRlbnRpdHk8L3NwYW4+PC9mb250 PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MyBmYWNlPSJUaW1lcyBOZXcg Um9tYW4iPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMi4wcHQnPjxicj4NCkhpIE1hZGppZCw8 YnI+DQo8YnI+DQombmJzcDsgSSdtIG5vdCBhbiBhdXRob3IgYnV0ICZxdW90O290aGVyIHBlb3Bs ZSZxdW90OywgYnV0IG1heWJlIEkgY2FuIHNoZWQgPGJyPg0Kc29tZSBsaWdodCBvbiB0aGlzLiZu YnNwOyBIZW5yeSBjYW4gYWx3YXlzIGNvcnJlY3QgYW5kIGV4cGFuZC48YnI+DQo8YnI+DQpUaGVy ZSBpcyBub3RoaW5nICZxdW90O3dyb25nJnF1b3Q7IHdpdGggdGhlIGlkZW50aXRpZXMgdXNlZCBk dXJpbmcgZnVsbDxicj4NCmF1dGhlbnRpY2F0aW9uIChpLmUuIGVpdGhlciBwZXJtYW5lbnQgaWRl bnRpdHksIGUuZy4gMUlNU0kgQHJlYWxtLDxicj4NCm9yIHBzZXVkb255bSBpZGVudGl0eSkuJm5i c3A7IFRoZSAmcXVvdDtwcm9ibGVtJnF1b3Q7LCBpZiB5b3Ugd2lsbCwgaXMgdGhhdCBieTxicj4N CmRlZmluaXRpb24gb2YgYSBmdWxsIGF1dGhlbnRpY2F0aW9uLCB0aGVzZSBpZGVudGl0aWVzIHJl cXVpcmUgdGhlPGJyPg0KdXNlIG9mIDIgb3IgMyBHU00gdHJpcGxldHMgdG8gYXV0aGVudGljYXRl LiZuYnNwOyA8YnI+DQo8YnI+DQpGb3Igb25lLCB0aGlzIGltcGxpZXMgYXQgbGVhc3Qgb25lIHJv dW5kIHRyaXAgdG8gYSByZW1vdGUgc2VydmVyLCA8YnI+DQppLmUuIHRoZSBITFIvQXVDIHdoZXJl IHRoZSB0cmlwbGV0cyBhcmUgZ2VuZXJhdGVkLiZuYnNwOyBUaGlzIGlzIDxicj4NCnVzdWFsbHkg bXVjaCBzbG93ZXIgdGhhbiBnb2luZyB0aHJvdWdoIHRoZSBjYWxjdWxhdGlvbnMgPGJyPg0KbmVj ZXNzYXJ5IHRvIGl0ZXJhdGUgdGhlIGtleWluZyBtYXRlcmlhbCBsb2NhbGx5IGF0IHRoZSBBQUEg PGJyPg0Kc2VydmVyLiZuYnNwOyBJdCBhbHNvIG1lYW5zIGFkZGl0aW9uYWwgbG9hZCBvbiB0aGUg SExSL0F1Qy48YnI+DQo8YnI+DQpUaGUgc2Vjb25kICZxdW90O2JhZCZxdW90OyBhc3BlY3QgaXMg dGhhdCBlYWNoIGZ1bGwgRUFQLVNJTSBhdXRoZW50aWNhdGlvbiB1c2VzDQo8YnI+DQp1cCAyIG9y IDMgdHJpcGxldHMuJm5ic3A7IFRoZSBudW1iZXIgb2YgdHJpcGxldHMgdGhhdCBjYW4gYmUgZ2Vu ZXJhdGVkIGJ5IGVhY2ggPGJyPg0KU0lNIGlzIHVzdWFsbHkgbGltaXRlZCAoZS5nLiB0byA1MCww MDApIGR1ZSB0byBzZWN1cml0eSBjb25jZXJucy4mbmJzcDsgVGhpcyA8YnI+DQpkb2Vzbid0IG1h dHRlciB0b28gbXVjaCBpbiBhIEdTTSBtb2JpbGUgbmV0d29yayBhcyBhdXRoZW50aWNhdGlvbnM8 YnI+DQpvbmx5IHVzZSBvbmx5IG9uZSB0cmlwbGV0IGFuZCBvY2N1ciByZWxhdGl2ZWx5IGluZnJl cXVlbnRseSBjb21wYXJlZCB0byw8YnI+DQpmb3IgZXhhbXBsZSwgcHVibGljIFdMQU4uJm5ic3A7 IEZvciBFQVAtU0lNIHVzZWQgaW4gYSBQV0xBTiBzY2VuYXJpbyw8YnI+DQpub3Qgb25seSBkbyB5 b3UgdXNlIHVwIDIgb3IgMyB0cmlwbGV0cyBwZXIgYXV0aGVudGljYXRpb24sIHRoZSBhdXRoZW50 aWNhdGlvbnMgPGJyPg0KYWxzbyBoYXBwZW4gbXVjaCBtb3JlIGZyZXF1ZW50bHkuJm5ic3A7IEZv ciBleGFtcGxlIGV2ZXJ5IHRpbWUgZXZlcnkgdGltZSA8YnI+DQphIFBDIGdldHMgdHVybmVkIG9u IChvciB3b2tlbiB1cCksIHdoZW4gYSB1c2VyIHJvYW1zIGJldHdlZW4gYWNjZXNzPGJyPg0KcG9p bnRzIGV0Yy4mbmJzcDsgWW91IGNhbiBzZWUgaG93IHlvdSBjb3VsZCBiZSBjaGV3aW5nIHRocm91 Z2ggdGhlIGF2YWlsYWJsZTxicj4NCnRyaXBsZXRzIHByZXR0eSBmYXN0IGFuZCBvbmNlIHlvdSd2 ZSByZWFjaGVkIHRoZSBsaW1pdCBoYXJkLXdpcmVkIGludG8gdGhlPGJyPg0KU0lNLCB5b3VyIFNJ TSBpcyBkZWFkIGFuZCBuZWVkcyB0byBiZSByZXBsYWNlZC4mbmJzcDsgPGJyPg0KPGJyPg0KQnkg dXNpbmcgdGhlIGZhc3QgcmUtYXV0aCBtZWNoYW5pc20sIG5vdCBvbmx5IGRvIHlvdSBzcGVlZCB1 cCA8YnI+DQpFQVAtU0lNIGF1dGhlbnRpY2F0aW9ucyAoaGVuY2UgJnF1b3Q7ZmFzdCZxdW90OyA6 LSksIHlvdSBhbHNvIHJlZHVjZSB0aGU8YnI+DQpsb2FkIG9uIHRoZSBiYWNrLWVuZCBzZXJ2ZXIg KEF1QykgYW5kIGV4dGVuZCB0aGUgbGlmZSBvZiB5b3VyIFNJTS48YnI+DQpJbiBvdGhlciB3b3Jk cywgJnF1b3Q7aXQncyBhIGdvb2QgdGhpbmcmcXVvdDsuPGJyPg0KPGJyPg0KUmVnYXJkcyw8YnI+ DQo8YnI+DQombmJzcDsgVGhvbWFzPGJyPg0KPGJyPg0KPGJyPg0KPGJyPg0KQXQgMTA6MDUgMDUt MDQtMDUgLTA1MDAsIE5ha2hqaXJpIE1hZGppZC1NTkFLSEpJMSB3cm90ZTo8YnI+DQo8YnI+DQo8 YnI+DQo8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9 MiBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6 QXJpYWwnPkhpLCA8YnI+DQo8L3NwYW4+PC9mb250Pjxicj4NCjxmb250IHNpemU9MiBmYWNlPUFy aWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsJz4mbmJz cDs8YnI+DQo8L3NwYW4+PC9mb250Pjxicj4NCjxmb250IHNpemU9MiBmYWNlPUFyaWFsPjxzcGFu IHN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsJz5JIGhhdmUNCmEgcXVl c3Rpb24gcmVnYXJkaW5nIHRoZSBFQVAtU0lNIG1ldGhvZCBmb3IgZmFzdCByZS1hdXRoZW50aWNh dGlvbiBhbmQgd291bGQNCmFwcHJlY2lhdGUgaXQgaWYgdGhlIGF1dGhvcnMgYW5kIG90aGVyIHBl b3BsZSByZXNwb25kLiBXaHkgaXMgYSBzcGVjaWZpYw0KaWRlbnRpdHkgdXNlZCBmb3IgZmFzdCBy ZS1hdXRoZW50aWNhdGlvbj8gV2hhdCBpcyB0aGUgcHJvYmxlbSB3aXRoIHVzaW5nIHRoZQ0KaWRl bnRpdGllcyB0aGF0IHdlcmUgdXNlZCBkdXJpbmcgdGhlIGZ1bGwgYXV0aGVudGljYXRpb24/IFRo ZSBpbml0aWFsIGlkZW50aXR5DQp0aGF0IGlzIHNlbnQgaW4gRUFQLVJlc3BvbnNlLyBJZGVudGl0 eSBzaG91bGQgbm90IGhhdmUgYSBwcm9ibGVtLCByaWdodD88YnI+DQo8L3NwYW4+PC9mb250Pjxi cj4NCjxmb250IHNpemU9MiBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0 O2ZvbnQtZmFtaWx5OkFyaWFsJz4mbmJzcDs8YnI+DQo8L3NwYW4+PC9mb250Pjxicj4NCjxmb250 IHNpemU9MiBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFt aWx5OkFyaWFsJz5UaGFua3MNCmluIGFkdmFuY2UsPGJyPg0KPC9zcGFuPjwvZm9udD48YnI+DQo8 Zm9udCBzaXplPTIgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDtmb250 LWZhbWlseTpBcmlhbCc+Jm5ic3A7PGJyPg0KPC9zcGFuPjwvZm9udD48YnI+DQo8Zm9udCBzaXpl PTIgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpB cmlhbCc+TWFkamlkDQpOYWtoamlyaTwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29O b3JtYWw+PGZvbnQgc2l6ZT0zIGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+PHNwYW4gc3R5bGU9J2Zv bnQtc2l6ZToNCjEyLjBwdCc+X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX18gZWFwIG1haWxpbmcgbGlzdA0KZWFwQGZyYXNjb25lLmNvbSBodHRwOi8vbWFpbC5m cmFzY29uZS5jb20vbWFpbG1hbi9saXN0aW5mby9lYXAgPC9zcGFuPjwvZm9udD48L3A+DQoNCjwv YmxvY2txdW90ZT4NCg0KPC9kaXY+DQoNCjwvYm9keT4NCg0KPC9odG1sPg0K ------_=_NextPart_001_01C53AE1.E96122E8-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Apr 6 17:44:10 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA07578 for ; Wed, 6 Apr 2005 17:44:09 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 712FC20711; Wed, 6 Apr 2005 17:44:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A9C7120386; Wed, 6 Apr 2005 17:44:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3EC3E20386 for ; Wed, 6 Apr 2005 17:43:36 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id B80D2202C6 for ; Wed, 6 Apr 2005 17:43:32 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DJIJ7-0008A2-OX; Wed, 06 Apr 2005 17:43:29 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j36LhRb10957; Wed, 6 Apr 2005 14:43:28 -0700 From: Bernard Aboba To: Alper Yegin Cc: "'Bakshi, Sanjay'" , eap@frascone.com Subject: Re: clarification.... (was RE: [eap] Re: IEEE 802.16e EAP usage modes) In-Reply-To: <000001c53af0$330e1490$6601a8c0@sisa.samsung.com> Message-ID: References: <000001c53af0$330e1490$6601a8c0@sisa.samsung.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 6 Apr 2005 14:43:27 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > Bernard, Sanjay, > > There are two separate discussions that are getting tangled, I'm afraid. > > One is, how IEEE 802.16e uses EAP as defined in the current IEEE > specifications. Many of Bernard's questions are targeting understanding > that. > > Sanjay's original question is about extending the IEEE 802.16e's EAP > usage in a particular way (EAP-Proxy model). > > While in order to discuss the latter, understanding the former is a > must. But I have a feeling that things are getting blurred... Separating > the threads might help... > > If it is only me getting confused, never mind. > > Alper OK. I was getting confused, too :) We have recently received a liaison letter from Roger Marks, chair of 802.16, requesting review of 802.16e compatibility with RFC 3748 and the Key Management Framework. So that request was motivating some of my questions. It would appear that Sanjay's model is somewhat different from the 802.16e model described in the liaison letter. So yes, we should keep these proposals separate. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Wed Apr 6 17:51:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA08243 for ; Wed, 6 Apr 2005 17:51:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 652F420716; Wed, 6 Apr 2005 17:51:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 9E4802070E; Wed, 6 Apr 2005 17:51:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id AFC7A20711 for ; Wed, 6 Apr 2005 17:50:11 -0400 (EDT) Received: from orsfmr004.jf.intel.com (fmr19.intel.com [134.134.136.18]) by mail.frascone.com (Postfix) with ESMTP id E184B2070A for ; Wed, 6 Apr 2005 17:50:09 -0400 (EDT) Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr004.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j36Lo9FU009206; Wed, 6 Apr 2005 21:50:09 GMT Received: from orsmsxvs041.jf.intel.com (orsmsxvs041.jf.intel.com [192.168.65.54]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j36LnMIs015950; Wed, 6 Apr 2005 21:50:09 GMT Received: from orsmsx331.amr.corp.intel.com ([192.168.65.56]) by orsmsxvs041.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005040614500625393 ; Wed, 06 Apr 2005 14:50:06 -0700 Received: from orsmsx402.amr.corp.intel.com ([192.168.65.208]) by orsmsx331.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 6 Apr 2005 14:50:06 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: clarification.... (was RE: [eap] Re: IEEE 802.16e EAP usage modes) Message-ID: Thread-Topic: clarification.... (was RE: [eap] Re: IEEE 802.16e EAP usage modes) thread-index: AcU68a+NMT9RHa7JRvyqacWObtn4LAAACzIA From: "Bakshi, Sanjay" To: "Bernard Aboba" , "Alper Yegin" Cc: X-OriginalArrivalTime: 06 Apr 2005 21:50:06.0627 (UTC) FILETIME=[98942730:01C53AF2] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 6 Apr 2005 14:50:05 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Bernard, I will start a separate thread based on response I got from you so that we can separate out 802.16e specific details. -- sanjay7 -----Original Message----- From: Bernard Aboba [mailto:aboba@internaut.com]=20 Sent: Wednesday, April 06, 2005 2:43 PM To: Alper Yegin Cc: Bakshi, Sanjay; eap@frascone.com Subject: Re: clarification.... (was RE: [eap] Re: IEEE 802.16e EAP usage modes) > Bernard, Sanjay, > > There are two separate discussions that are getting tangled, I'm afraid. > > One is, how IEEE 802.16e uses EAP as defined in the current IEEE > specifications. Many of Bernard's questions are targeting understanding > that. > > Sanjay's original question is about extending the IEEE 802.16e's EAP > usage in a particular way (EAP-Proxy model). > > While in order to discuss the latter, understanding the former is a > must. But I have a feeling that things are getting blurred... Separating > the threads might help... > > If it is only me getting confused, never mind. > > Alper OK. I was getting confused, too :) We have recently received a liaison letter from Roger Marks, chair of 802.16, requesting review of 802.16e compatibility with RFC 3748 and the Key Management Framework. So that request was motivating some of my questions. It would appear that Sanjay's model is somewhat different from the 802.16e model described in the liaison letter. So yes, we should keep these proposals separate. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From info@avanoslular.com Thu Apr 7 00:16:46 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA12034; Thu, 7 Apr 2005 00:16:45 -0400 (EDT) Received: from server008.webpack.hosteurope.de ([80.237.130.16]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJOaD-00086K-QZ; Thu, 07 Apr 2005 00:25:35 -0400 Received: by server008.webpack.hosteurope.de running Exim 4.34 using local from nobody id 1DJOR5-0006t6-VY; Thu, 07 Apr 2005 06:16:07 +0200 Subject: Hello(From Sister Princess). From: princessabiola X-Priority: 3 (Normal) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: RLSP Mailer Message-Id: Date: Thu, 07 Apr 2005 06:16:07 +0200 X-Spam-Score: 7.2 (+++++++) X-Spam-Flag: YES X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a Content-Transfer-Encoding: 7bit How are you my dear friend? Multiplied blessings to you and your family today. I am Dr.(Mrs.) Princess Doyin Abiola, married to late [Chief M.K.O. Abiola] of Nigeria.I wish to propose a business involving huge sums of money, which hopefully will be of mutual benefit to both parties on successful completion. In retrospect, my late husband was Nigeria's foremost politician,businessman and philantropist.I sincerely need your assistance to take custodian of huge sum of money,but I want you to bear in mind this has to be strictly confidential. After the Presidential Election campaign, my late husband [Chief M.K.O.Abiola withdrew some of his funds from Nigeria banks and changed them to America dollars which he deposited with a private finance/security company oversease for safe keeping with an opened beneficiary stating that the trunk box containing the cash belongs to the family. After his death in the year 1998, there was confusion in the entire Abiola's family as regards sharing of the family assets and moreso. Right now there is envy and jealousy as it was obvious that I was my husband's favourite wife, while he was alive before he passed away,coupled with the fact that, what I have and what is due to me might be taking away from me by greedy family relations whose reasons would be bothering on family tradition and ethics. I am therefore asking you to come to my aid in getting this money from the finance/security company and for a possible onward investment. I should have contaced other members of the family but I'm afraid of doing so because of the way widows are being treated in some African countries. they are often dispossed of their husband's properties without a recourse to the right of the woman and the children left behind by the deceased. My son, Jimola Abiola is my only son and we share secrets, he stays far away from the family Villa who is just 12 years old. He is a manior and therefore not complete to enter any legal contract with the finance/security company. I will appreciate if you will kindly assist me and my immediate family on this matter,if I may say I'm interested to invest in any good investment that would yied quick turn over but I wish to do a joint partnership with you since I have no any experience on such or if possible, just kindly help me to accomodate this money in your account while I give you a handsome persentage( say 20% ) of the total sum at the successful completion of the transaction.I would advise that this matter be treated in capsule. You will be adequately compensated for this. Please do get in touch with me on receipt of this mail as I look forward to it. My humble regards to your family. Yours sincerely, Dr.(Mrs.)Princess Doyin Abiola ___________________________________________________________________________ Hersey Sizler icin - http://www.avanoslular.com From MRNTDYNMKRW@cox.net Thu Apr 7 00:26:44 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA16143; Thu, 7 Apr 2005 00:26:44 -0400 (EDT) Received: from [202.61.42.194] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DJOjm-0008VT-Ks; Thu, 07 Apr 2005 00:35:28 -0400 Message-ID: <3871135453324577741386.10vcxik3qwb@delphi.com> Received: from 96.208.24.52 by sglf315-dnv43.sxd1.delphi.com with DAV; Thu, 07 Apr 2005 09:20:39 +0400 Reply-To: "Lucille Hamm" From: "Lucille Hamm" To: Subject: Watch dateable women from your zip code! preclude Date: Thu, 07 Apr 2005 04:20:39 -0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--fubeaqpx355886rvmdq" X-Spam-Score: 18.6 (++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a ----fubeaqpx355886rvmdq Content-Type: text/plain; Content-Transfer-Encoding: 7Bit Now more then ever you have to possibility to see and experience one of a kind relation, with exitement, joy and hapiness. No matter what is your objective, your goal, you cna get it - just watch and talk to the women, real women just like you're a real man. so enter the site now for more... http://www.raisesexlife.com/sour/megawatt/phthalate.htm hey thanx! my lipgloss is cappuchino and its nyc!! i like lip lites lip glosses they taste good and r pretty!! i dont wear eyeshadows though!! xoxoxo. procure aproveitar ao máximo o momento que está vivendo tirando todas as vantagens que puder para seu aperfeiçoamento. beth good luck in all your work in bosnia we are all proud of you and wish god s blessings on you and the children he brings to you everyday! have fun--come home safe. george yes of course let s just keep on smiling and behave like we re having fun just like buddies does. the most important thing in acting is honesty if you can fake that you ve got it made -- george burns. michael scott doerrie adjust andrew cowan s address matt a gargett. jerry but first we have a surprise for you michelle because as it happens there is someone else here to see you! so let s bring out jess! just outta curiosity how much do you weigh?! i wanna lose weight but wanna pick a good weight you seem perfect! já viram esse filme hilário com o ben stiller? eu rolei no chão de tanto dar risada aliás tenho a impressão de que morro de rir em to dos os filmes que ele faz! organization internex online io org toronto ontario canada subject re recorder revival in article. dont worry about lets just say i know you and you know me i know all about you and jonny those late nights in craigs garage this girl isnt as inosent as she pretends to be. newsletter subscribe to our free newsletter sensual adult greeting nbsp cards members only preview the card a fire within members nbsp. great art!!! have two paintings on my walls that my house could not do without! am waiting anxiously for the newest addition! hi i think that your site is grey t and i am sure that it will help me with raising my grey i have only had my grey for a day but i am sure that we wil l get on very well together. enter the name of a movie tv show or person and then click go to get more information about it them from. ----fubeaqpx355886rvmdq-- From eap-admin@frascone.com Thu Apr 7 00:55:05 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA19412 for ; Thu, 7 Apr 2005 00:55:05 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A4278202BF; Thu, 7 Apr 2005 00:55:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 400DA20261; Thu, 7 Apr 2005 00:55:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D333C20252 for ; Thu, 7 Apr 2005 00:54:25 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id F40631FE3C for ; Thu, 7 Apr 2005 00:54:23 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DJP26-000M8i-Hu; Thu, 07 Apr 2005 00:54:22 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j374sIk03940; Wed, 6 Apr 2005 21:54:20 -0700 From: Bernard Aboba To: Jeff Mandin Cc: sanjay.bakshi@intel.com, eap@frascone.com Subject: RE: [eap] Re: IEEE 802.16e EAP usage modes In-Reply-To: <42541185.40309@streetwaves-networks.com> Message-ID: References: <42541185.40309@streetwaves-networks.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Wed, 6 Apr 2005 21:54:18 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > Just to clarify a few points - and let Sanjay respond to the rest: > > 1. MTU: 1020 bytes is always available (as EAP messages are sent on a > connection with capability for fragmentation) > > 2. Channel Binding: 802.16e includes the BSId in the derivation of the > "Authorization Key" (AK) from the PMK. I think that this constitutes an > adequate channel binding. Binding requires that all parties have the same understanding of who the key is being derived with and for what purpose it is being used. For EAP, the "entities" that possess the PMK are the EAP peer, server and authenticator. Channel binding is a way for the peer to verify that the authenticator has provided it with the same parameters as it provided to the EAP server. As I understand it, the BSId identifies a port on the authenticator, not the authenticator itself, correct? > 3. Pre-emptive keying: 802.16e is only an air interface. It relies on > pre-emptive keying without saying how it's to be done. But yes a RADIUS > extension is an obvious possibility. Similarly, 16e only uses the > AAA-Key that it receives and doesn't tell the AAA Server how to create it. The pre-emptive keying formula that was in -05 has been removed from the EAP Key Management framework document to enable a more complete analysis. There are a number of problems with pre-emptive keying that have been raised by Jesse Walker and others. For example, in pre-emptive keying the peer does not know where the server has sent the keys and this can result in key cache misses until the server's view of the world synchronizes with the peer. Also, pre-emptive keying does not provide for mutual authentication between the EAP peer and server via the authenticator that will be used. This raises the question about whether the pre-emptive key is properly bound. From a AAA perspective, pre-emptive keying faces some deployment obstacles. RFC 3576 has not yet been widely adopted, and requires changes to RADIUS proxies and possibly firewall configurations. The RADIUS extension document describing pre-emptive keying was created for the IRTF, not the IETF, so it doesn't even have the status of an IETF individual submission, let alone a WG work item. Given that 802.16e is in Sponsor ballot, it would be very hard to see how a dependency that immature could be resolved in time. > 4. TSKs: Traffic Encryption Keys (as we call them) are transported from > BS to MSS wrapped in a KEK that is derived from the AK (using AES Key > Wrap). The TEK lifetime is specified explicitly by the BS and there is > overlap in the lifetime of successive generations of TEK. This scheme > was inherited from DOCSIS (why it has been retained is a different story). > > Additionally a TEK can expire prematurely by using up its 32bit Counter > space. > > The context of a TEK is defined in a roundabout manner, but essentially > there are potentially several sessions who are permitted to access a > particular TEK. These sessions are identified by an ID that is carried > in the 802.16 MAC header. The MAC header in turn is not protected by > the Message Authentication Code, but is instead used in generated the > CCM-mode initialization block. > > Bottom line is that the MSS must rely on the BS guaranteeing TEK > freshness. The TEK context is dictated by the BS to MSS and mutually > enforced (and the AAA-Server is not in the picture at all for TEKs). Right. It sounds like 802.16e handles the key lifetime of transient session keys. Does it also negotiate the PMK key lifetime in situations where PMK caching is supported? _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From viole.azim@cozadnebraska.com Thu Apr 7 02:06:22 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA00249; Thu, 7 Apr 2005 02:06:17 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJQIB-0003aF-6B; Thu, 07 Apr 2005 02:15:06 -0400 Received: from [61.232.112.61] (helo=BILLGATESJJJJ) by mx2.foretec.com with smtp (Exim 4.24) id 1DJQ9Z-00043l-9x; Thu, 07 Apr 2005 02:06:11 -0400 Received: from mail pickup service by 61.232.112.61 with Microsoft SMTPSVC; Thu, 07 Apr 2005 12:01:51 +0500 Content-Class: urn:content-classes:message Language: English X-MIME-Autoconverted: Yes Reply-To: "tania brigg" From: "tania brigg" To: eap-archive@ietf.org Cc: ing-admin@ietf.org, speechsc@ietf.org, sic@ietf.org, geopriv@ietf.org, mailserv@ietf.org, uri-review-web-archive@ietf.org, announce@ietf.org, sip-security-admin@ietf.org, opes-archive@ietf.org, seamoby@ietf.org, sipping@ietf.org, internet-drafts@ietf.org, asrg@ietf.org, pmtud-web-archive@ietf.org Subject: Approved rate Date: Thu, 07 Apr 2005 11:54:51 +0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--838673_383768.WbB45" Message-Id: X-Spam-Score: 5.9 (+++++) X-Spam-Flag: YES X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32 ----838673_383768.WbB45 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: text/html Dear Homeowner,

You have been pre-approved for $400,000 with a low fixed rate.

This offer is being extended to you unconditionally and your credit is in no way a factor.

To take Advantage of this Limited Time opportunity all
we ask is that you visit our Website and complete
the 1 minute post Approval Form.

http://www.quotelab.com/?partid=aaks9

Sincerely,

Case 1 Associates

r-m-v http://www.quotelab.com/byebye.php ----838673_383768.WbB45-- From ToriPack@trifoxent.com Thu Apr 7 02:29:44 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA16960; Thu, 7 Apr 2005 02:29:43 -0400 (EDT) Received: from 163.102.33.65.cfl.res.rr.com ([65.33.102.163]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DJQes-0004Mj-Lc; Thu, 07 Apr 2005 02:38:32 -0400 Received: from dSha@localhost by dI54.int (8.11.6/8.11.6); Thu, 07 Apr 2005 04:21:36 -0300 Message-ID: From: "Ingrid Mcbride" Reply-To: "Ingrid Mcbride" To: internet-drafts@ietf.org, iab-wireless-workshop@ietf.org, eap-archive@ietf.org, edu-team-bounces@ietf.org, asrg@ietf.org Subject: Windows XP & Windows XP Software Starting at $29 Date: Thu, 07 Apr 2005 12:19:36 +0500 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: ToriPack@trifoxent.com Content-Type: multipart/mixed; boundary="--jZRPjq4mEtNerESBMHzD" X-Spam-Score: 5.0 (+++++) X-Spam-Flag: YES X-Scan-Signature: 09f2eafe5f7c426554d5f494540a89cd ciH ----jZRPjq4mEtNerESBMHzD Content-Type: text/html; Content-Transfer-Encoding: quoted-printable 2143528
Browse Search Shop My eSoft Community
Back to Softw= are Overview

Home > All Categories > Computers > Software > Operating Systems > Windows
All Items
Auctions
Bu= y It Now
    Refine Search
 Top Sellers
1   Windows XP Pro
2   Office XP 2002 Pro
3   Adobe Acrobat
     7.0 Professional
4   Adobe Photoshop
     CS 8.0
5   Office 2003 Pro     
6   Macromedia
     Dream Weaver
     MX 2004
7   Macromedia Flash
     MX 2004 Pro
8   MS 2003 Server
     (Enterprise Edition)
9   Norton Antivirus 2005
10 CorelDraw
     Graphics Suite 12.0
11 Adobe Creative Suite
     Premium
12 Alias Wavefront 6.0
13 Adobe Primer
14 AutoDesk 3d Studio
     MAX v6.0
15 Adobe Encore DVD

 

 

Featured It= em

 PRlCE Bids Time Left

3D"New"  Micro= soft Windows XP PRO
-Current Edition-

 3D"Gift from Our eStore

$49.95 USD

2
3D"Gift

= 0h 14m

Nevv It= ems

 PRlCE Bids Time Left

3D"New"  M= icrosoft Office 2003 PRO or
Microsoft Office XP PRO

 3D"Gift from Our eStore

$49.95 USD

7
3D"Gift

 0h 13m

3D"New"  A= dobe Photoshop CS 8.0 or Adobe Acrobat PRO 7.0

 3D"Gift from Our eStore

$59.95 USD

 4
3D"Gift		 0h 12m

3D"New"  M= acromedia FlashMX Pro 2004 or Macromedia Dreamweaver MX Pro 2004

 3D"Gift from Our eStore

 $39.95 USD 8
3D"Gift		 0h 18m
----jZRPjq4mEtNerESBMHzD-- From eap-admin@frascone.com Thu Apr 7 05:09:08 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA29714 for ; Thu, 7 Apr 2005 05:09:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id F23DC2038D; Thu, 7 Apr 2005 05:09:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1364620377; Thu, 7 Apr 2005 05:09:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 9EA8F2037A for ; Thu, 7 Apr 2005 05:08:19 -0400 (EDT) Received: from mgw-x1.nokia.com (mgw-x1.nokia.com [131.228.20.21]) by mail.frascone.com (Postfix) with ESMTP id 6D20C20368 for ; Thu, 7 Apr 2005 05:08:16 -0400 (EDT) Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158]) by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3798EG08926; Thu, 7 Apr 2005 12:08:14 +0300 (EET DST) X-Scanned: Thu, 7 Apr 2005 12:04:19 +0300 Nokia Message Protector V1.3.34 2004121512 - RELEASE Received: (from root@localhost) by esdks003.ntc.nokia.com (8.12.9/8.12.9) id j3794IhV005426; Thu, 7 Apr 2005 12:04:19 +0300 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks003.ntc.nokia.com 00lTl8CG; Thu, 07 Apr 2005 12:03:18 EEST Received: from esebh001.NOE.Nokia.com (esebh001.ntc.nokia.com [172.21.138.28]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3793IU12186; Thu, 7 Apr 2005 12:03:18 +0300 (EET DST) Received: from esebe017.NOE.Nokia.com ([172.21.138.56]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Thu, 7 Apr 2005 12:02:20 +0300 Received: from trebe101.NOE.Nokia.com ([172.22.124.61]) by esebe017.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Thu, 7 Apr 2005 12:02:21 +0300 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C53B50.9A3932CA" Subject: RE: [eap] EAP SIM and AKA identities. Message-ID: Thread-Topic: [eap] EAP SIM and AKA identities. Thread-Index: AcU6d7pQR+hVUTi1Tp2viZEBsi0l6AA1g3Fw From: To: , X-OriginalArrivalTime: 07 Apr 2005 09:02:21.0985 (UTC) FILETIME=[82535910:01C53B50] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Thu, 7 Apr 2005 12:03:02 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. ------_=_NextPart_001_01C53B50.9A3932CA Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 Hello Suresh, =20 The term "identity" refers to an identity string that includes the realm portion in environments where a realm is needed. "Username" refers to the username portion of the identity. Explanations for the terms=20 "permanent identity" and "permanent username" are included in the terms = section of the documents.=20 =20 The leading digit (0 or 1) of the permanent username would be useful as = a hint only when processing=20 an EAP-Response/Identity packet. The peer uses AT_IDENTITY only in = response to an EAP-SIM or EAP-AKA packet, so the EAP method has already been selected in this phase. Hence the server does not need to use the leading digit of the username as an = EAP method selection hint anymore. Nevertheless, if the peer composes the permanent username = from the IMSI, as specified in the drafts, then the peer will still include = the leading digit. =20 The format of AT_IDENTITY is specified in section 9.8 of EAP-SIM and = section 9.5 of EAP-AKA. These sections say that the same identity format is used = in the AT_IDENTITY attribute and the EAP-Response/Identity packet, with the exception that the peer MUST NOT decorate the identity it includes in AT_IDENTITY. = The identity format is=20 specified in section 4.2.1 of EAP-SIM and 4.1.1 of EAP-AKA. =20 The realm portion is not considered as decoration. In other words, If = the identity includes a realm=20 portion in the present enviroment, then the peer includes the realm also = in the AT_IDENTITY attribute. =20 Best regards, Henry =20 -----Original Message----- From: eap-admin@frascone.com [mailto:eap-admin@frascone.com]On Behalf Of = ext Suresh Sent: 06 April, 2005 10:13 To: eap@frascone.com Subject: [eap] EAP SIM and AKA identities. Hi I have a small clarification in the identities and user names used in = the EAP-SIM and AKA implementations. When ever a client needs to send fill in the AT_IDENTITY attribute, it = has to fill in the complete identity, and the identity may or may not = have a realm portion. The format of the permanent user name is 0|IMSI and 1|IMSI for the AKA = and SIM respectively.=20 It is also given that=20 The EAP server MAY use the leading "1" as a hint to try EAP-SIM as the first authentication method during method negotiation, rather than for example EAP/AKA. The EAP-SIM server MAY propose EAP-SIM even if the leading character was not "1". for EAP-AKA.=20 I could not understand how user name is sent to the EAP-Server, in = actual, complete identity is sent in the AT_IDENTITY attribute and not = just the user name. regards, Suresh = =20 ------_=_NextPart_001_01C53B50.9A3932CA Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

 
Hello=20 Suresh,
 
The=20 term "identity" refers to an identity string that includes the=20 realm
portion in environments where a realm is = needed.=20 "Username" refers to
the=20 username portion of the identity. Explanations for the terms=20
"permanent identity" and "permanent username" = are=20 included in the terms = section
of the=20 documents.
 
The leading digit (0 or 1) of the permanent = username=20 would be useful as a hint only when processing =
an EAP-Response/Identity packet.=20 The peer uses AT_IDENTITY only in response to = an=20 EAP-SIM or EAP-AKA
packet, so the EAP method has already been = selected in=20 this phase. Hence
the=20 server does not need to use the leading digit of the username as an EAP = method=20 selection
hint=20 anymore. Nevertheless, if the peer composes the permanent username=20 from
the=20 IMSI, as specified in the drafts, then the peer will still include=20 the leading digit.
 
The=20 format of AT_IDENTITY is specified in section 9.8 of EAP-SIM and=20 section
9.5 of=20 EAP-AKA. These sections say that the same identity format is used in the = AT_IDENTITY
attribute and the EAP-Response/Identity = packet, with=20 the exception
that=20 the peer MUST NOT decorate the identity it includes in AT_IDENTITY.=20 The identity format is
specified in section 4.2.1 of EAP-SIM = and  4.1.1=20 of EAP-AKA.
 
The=20 realm portion is not considered as decoration. In other = words, If the=20 identity includes a realm
portion in the present enviroment, then the = peer=20 includes the realm also in the AT_IDENTITY = attribute.
 
Best=20 regards,
Henry
 
-----Original Message-----
From: = eap-admin@frascone.com=20 [mailto:eap-admin@frascone.com]On Behalf Of ext = Suresh
Sent:=20 06 April, 2005 10:13
To: eap@frascone.com
Subject: = [eap]=20 EAP SIM and AKA identities.


Hi
I have=20 a small clarification in the identities and user names used in the = EAP-SIM=20 and AKA implementations.
When ever a client needs to send fill in = the=20 AT_IDENTITY attribute, it has to fill in the complete identity, and = the=20 identity may or may not have a realm portion.
The format of the = permanent=20 user name is 0|IMSI and 1|IMSI for the AKA and SIM respectively. =
It is=20 also given that

   The=20 EAP server MAY use the leading "1" as a hint to try EAP-SIM=20 as
   the first authentication method during method=20 negotiation, rather
   than for example EAP/AKA.  = The=20 EAP-SIM server MAY propose EAP-SIM
   even if the = leading=20 character was not "1".

for EAP-AKA.

I could not = understand=20 how user name is sent to the EAP-Server, in actual, complete = identity is=20 sent in the AT_IDENTITY attribute and not just the user=20 = name.

regards,
Suresh
      &n= bsp;           &nb= sp;           &nbs= p;            = ;            =             &= nbsp;           &n= bsp;           &nb= sp;           &nbs= p;            = ;            =          =20

------_=_NextPart_001_01C53B50.9A3932CA-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From nykxhlhbkrp@quantumcars.com Thu Apr 7 08:38:53 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA16804; Thu, 7 Apr 2005 08:38:52 -0400 (EDT) Received: from [222.102.111.145] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DJWQ9-0000EA-AU; Thu, 07 Apr 2005 08:47:45 -0400 Received: from homemade.com (EHLO mta333.maxwell.com) by mta184.mail.dcn.elysian.com with SMTP; Thu, 07 Apr 2005 12:40:16 -0100 Date: Thu, 07 Apr 2005 08:38:16 -0500 From: "Ginger Jewell" Message-Id: <3.33333.3132363035453934.3@arose.com> To: eap-archive@ietf.org Subject: esteem blossom begetting crowbait hedge watery Mime-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_00IW_07I2483QC_08G.192F92G0" X-Spam-Score: 3.5 (+++) X-Scan-Signature: f6ef73100908d67495ce675c3fe8f472 This is a multi-part message in MIME format. ------=_NextPart_000_00IW_07I2483QC_08G.192F92G0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00IR_09X1547RJ_09E.363P21R0" ------=_NextPart_000_00IR_09X1547RJ_09E.363P21R0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Get a capable html e-mailer ------=_NextPart_000_00IR_09X1547RJ_09E.363P21R0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

3D""

 

 

"Actually, it was a relief because I don't have to wonder," said Mark Luns= ford, Jessica's father. Investigators awaited results of a test on evidenc= e from the home where Couey was staying, and officials have informed the g= irl's family about the details surrounding Jessica's death.Citrus County S= heriff Jeff Dawsy said that investigators are meeting with state attorneys= later Monday and that suspect John Evander Couey would see an array of ch= arges related to the case."We may never have a true timeline," he said. "T= here were two people that knew -- Jessica, who's gone, and this individual= Couey, and because of his state with drugs, he was all over the place."Ot= unbayeva said the opposition would guarantee the security of Akayev and ot= her government officials if they go, "like it was in Georgia and Ukraine."= "We may never have a true timeline," he said. "There were two people that = knew -- Jessica, who's gone, and this individual Couey, and because of his= state with drugs, he was all over the place.""We may never have a true ti= meline," he said. "There were two people that knew -- Jessica, who's gone,= and this individual Couey, and because of his state with drugs, he was al= l over the place."Another opposition member, Anvar Artykov, told the crowd= that "Power in Osh has been taken over by people! ... I congratulate you = on our victory and urge you to maintain order."But another opposition lead= er, Kurmanbek Bakiyev, said talks would be possible if Akayev attended.In = Osh, Kyrgyzstan's second-largest city, about 1,000 protesters -- armed wit= h clubs and flammable liquid and chanting "Akayev go!" -- took control of = the governor's building. Activists first stormed the building Friday, were= ousted by security forces Saturday but retook it Monday.Akayev was long r= egarded as the most reform-minded leader in ex-Soviet Central Asia and the= country won praise for its comparative openness."There was no forced entr= y. The residence was unsecured," Dawsy said of the home where Jessica live= d with her grandparents and father.Citrus County Sheriff Jeff Dawsy said t= hat investigators are meeting with state attorneys later Monday and that s= uspect John Evander Couey would see an array of charges related to the cas= e.Akayev has led this mainly Muslim nation for 15 years.But another opposi= tion leader, Kurmanbek Bakiyev, said talks would be possible if Akayev att= ended."We may never have a true timeline," he said. "There were two people= that knew -- Jessica, who's gone, and this individual Couey, and because = of his state with drugs, he was all over the place."Protesters in the sout= hern town of Toktogul held captive for a third day a district governor and= a chief district prosecutor, both of whom are accused of colluding with A= kayev's government, police said.The sheriff and other sources said the sus= pect entered the house during the night of February 23, made his way to Je= ssica's room, covered her mouth, order her to remain quiet and forced her = to leave.

 

------=_NextPart_000_00IR_09X1547RJ_09E.363P21R0-- ------=_NextPart_000_00IW_07I2483QC_08G.192F92G0 Content-Type: image/jpeg; name="ms.jpg" Content-Transfer-Encoding: base64 Content-ID: Content-Transfer-Encoding: base64 R0lGODlh5wEXAfcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/ /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/ MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/ mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/ /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///ywAAAAA5wEXAQAI/wAfCBxI sKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJsqTJkyhTqlzJsqXLlzBjypxJs6bN mzhz6tzJs6fPn0CDCh1KtKjRoNSSKl3KtKnTp1CjSp1KtarVq1izat3KtWvUo2DDIkwltqxZkmTP qiVKba1bjQkExo04d2bbt3h5ps3IoC9BvwIZBC7YV/ADwIcDFzZMuPDfxxATSJY8cDJBynIXWq48 OW7nunI3JwQ92mDnj6Qz7s3L2uZdjIxjxx5MeCBiw4wRzqbNW+Lcur8zP0h9ubLx4giBKyRuurlw jswtvm5NXebqirkTJ8bdm7dg7toT7v+mnT3y8eHCPS8vGBz5QeWcf28W3d59cMrAMQ/Xvx8+x+vV BcjSdNjVth15Bs0G3mLlhZcdYhP5l99z77EXGmanWfgcfMS1lxqHHBoXooYcESjgiSgBONGDCIIH mXbfdXcYYIsl2GB8ydnnHH/npUeiaaL1h+Fl81F4oX/oJRkfhqRFV5GKKEYpkokrGsidi7ZleWB4 unWHpXnnfZikmMg1WZqSaG54XH09Ushmmpy1mRGVUtbpEZQSjSebjHp+maCWXN64no5lGqmmkdFJ uGaYPv7opppIwvmfnZSGROeKEO45o2OOOYhbjX9qmZugZxJJ5n6j8WdmjmGqKt+QcJ7/qiR9+gXp JEWXVqorRXju6mtNvf4q7EK5DmvsgMcm21Aq1DDrbLPQPitttNROa2212F6rbbbcbuttt+B+K264 5I5rbrnonmutsuy26+678MYr77z01mvvvfjmq+++/Pbr778nAiDwwAQXbPDBCCes8MIMN+zwwxBH LPHEFFds8cUYZ6zxxhx37DHEBgEA8MgkRylyQSeXrPLKb6U8kMssxyyzUTA/UPPMOOe8U8036+zz zzHxDPTQRL8k9EvU+EMNPtPgk3SxRUdt79En4cM00/c0c880Wzst9dcAUz3S0tNMw4zZaDeD9tnN eA322/iKbak/ZTOT9drN2K221mpP/wP33/TK/VHda0+DCipnJ1442/Xmc5A/B20Ts+QGQe6z4B0t rbbe06iNSt5ld343580A3u8221BTDdT7Yr4R4Yor3kwzoSxeOCqm66sKLLBUA0ssvMOisutz4rN5 4cczwwzftqsdbO7JUsN75Nv0Xs3IxF9EjdnMIB674d0rj3fioCtfOruvUf4A2Vu333Rb6Zds+frV qBJLW9dTk3rqD1wffNghAwk+lHcKZoTCgOKzG9e45jnlda98WWvG/NzlD6wt0H33yGDT7lHBmFXD d6jrnwgld70SPmAbIPRX9nDlj7ydIhR9QEUfROEHUXjPbKALhShs6AdUiCJvoEMF6/92xcD28e0e dkuiEbs2xHoFb3/6U10UV1c9Kqpud01s1wpxxb1QpCIV0/jiFx2INsSJ4othRKPicOcuDbZPiXBE ohwv2DR8+GsbhohFNaqXOhCqDhbb0CMgBYnC6gGvdQHM3D0KiDg/VKsZjOyeKPrwRWpxT3lCpEiQ cLQcJt2KJZArYhIdWAzlIdFsp0yi6LT2voGojyB2vEiGONnJV9VEenn8nS6Bx8td+pKX9uOdIa63 kU1eqD9m2eJE8ubAs61vfc26pAG/+My2wM5wWTTVe3gEJFveBB8YZIY9lmHKOI5SgXNsHwcnWMzP 1Iqb3TymXWDBCN/18p6/zOc9DQH/SLjA0zLGpFkiSwRJZkTyNUlJhUGZYQdUMAt+Dyib9xzIxgjx KKDsgectByhH5RVDdInrKDPI6cBUmlSBHXEnRmuJE1UwIo8whUVMYRqLmdb0pvy0qSFUkc1UNUmj YVEmRJbWTAL6bSAJNaAXk4LUVIrvcD2VJy2FlB9v0sqWGZplRloo0mW8saNINCXXlndOsC6QnRa5 qjePVFWpujMlMhUDI7ZgiLoaohGFKMQfZAqLvP4BpzXVK1//UFec9i4jm5yPqxKLH0+iiq0nEapD kpK3AxbwgKFgalu+GIpQOBKi20PcZcOXWbSmwg9k8QNq46lNtjoWmbCFrUpnu5HN/zkwFGFlhjTI yNuiljIU5Nyt8nZrNqYqBLV+eIBqk5vRn9JSpfJU7FtNQg1DcEEMW5iCFsSQAkNkVwtUoIJ3/bAF LWyhEWKo6x+08IdCNIK97E1vXcUgvBMmBLnKPS1rOanW/kr3vyvtiGQnS41mTrSiAqFGM0RhXIEM kKK3zeRBTkvh5LxzQtF97VWPxOHYag9rdivlWMFqznKa2JxIbAhy9bvfbcqHvxp+LUmql970wuAP W6CCGMTwgkbQFbtUaAQVCiFfQwzZvYbwQ16DPN9GGELFFGbufjf8WNkC9L9xkupIBuyQyiIQs8zY S0I1KxB/KA/MmIWh2wxSYQu3tf+bVpWxdJ8L1KE+QGsebaZwi7pnA16Se8XoczOPuhD8upilzY3z qz7pkWoQecdA3gIMvEuFLVjaEDCYwgsqDenyasG8Ri5EeWtsiPSyztCHdis3s3phLZuK0RnhMkOI isACFrB7CH0mQcw2WlsbUMJj0UxjP/SZDK91zqqG9axR6dHc2sOBzzYxbkuaZ2hbW38q9imiXWvs JSl7TqXeMaU5vYUXGHm72S33o3dMV05XOseljrcYHiJlN3vYVsWOLbJfXWeOyFohSTEbmr+cSdAO ROBf/rIOG+ybYTfXyoqG8Zs9XBHVKfTMpSwqSRF45ts6cBkZbyY5ybkXtDqEsXT/9kyMQZPvklCD yFsQw3VTMAW63qDmVHiBGGBQaSqgG8g3CK8hXqAFnl/3unSN6qHx3dZ97/uYAfb3QDWSFALW+st0 2l6vr24Hhjdc5SxfebfHru9+P6TqHmcGPJqZ8bAekO2kROLalTd3YKf1whGHuKuFRN2XQ5oLWjD3 jsP7gj8A2cgxh3R4p1Dq7FY63FzYaTvB3lpkU5npewfJv4lFOwO+0POYRev2gBuKz5f+gHagpK41 qVW9ux7LZZ+4dB6g0JEXQxPF+G0xQpF7Uu5+GW/f/e4/PlJmlJLBbXHc3aE7dsuL3SRfjPkNsOtd 7Fpf+tfPPl1jjnTrT/8PXl/+/0WffxpWh32tW576nBT8ZeAnXIhPo5vblYrmhSvd24k2v7GnS2WK V5waE0VOvDeAyhNt5FQMIGeARZVnoeBQ4VcRtLV/+gdxLTc2tJcK3CdzGpiBGXh01td9Hth9hfCA ENh6AOZfMkZVUbcRm4cQ8EMNotBZp9AHnVWDp4cK9WeDdiCDnWUHzIIRFchhV3ZsQ5hsU6U9qXBA pSSAxkdKCLSExXdAB2h8wLdDYuQ39+diP1VVlOd0QTg2zZIKOHYDXECGZliGaEiGW5CGbHiGN/AH f1BJWZh/DyeErfZ0fLeCsaZ+VDcNpGeDBuR+pBeIaVaDCGQHokBo0ZMKI1d8yv/TiJBYfI34W1b4 LHN4IvADC4S1hjHXidjFBZ7YiaCofaAohz2hhyrRggmRVD3YWQxlg7Cog6FwBzVoB3fwUMqSUKjw W01YSrzoi00IXAioQ6glRkuxeugDTc4ialvghmXYjM9ohtB4hlpgipfoEf1HE6q4is1Cf95Yg8AX i4BoB3bwWe2ii0rYhFM4hcNYhWeUCs3wUGtGLy/4RWPYhvjohnAILdcIEhFoE9vIjTgoi51Fg7K4 g6BQi6n3g/34FvWYCgb5ewMofANIQ2JkiatHTAVhcsLykOR1A1sQAzcQAyE5kiVJkiK5BYVQjEwF OQ0JHV84EwEpkID4h63YWbT/CI7k2AckeCwJlQo7VEOYFYM0NEmp4FAP1ZP4khSw8HKilo9paGmF gIuxlC8zeRCbdVqhkJAEWYN8UIMJuZOm6C7W1AwOxUM0hAo9tJZHaZbxmBQdBDDSM5V+sF4nOZIm eWNKxpIvSSlXiZXrMw0xKI61WJi26AfToBTxQjbGE4+O+TnwCEZ7czVN00r+0ju8owqqQJfMaGmW pgV6lQqFAAu7owqrg0goMyVhWEM72JpbGQquSY6px5fvYk2UqWCdk5t70zkKRpm+WZlew5G5SD+7 8zuluZl6tZLr9QdKFoeFoJmkyTuxYJp9iSJ/6YIKZpZJCJswxJ22uIM2BJlq/xMv+KA0FXSb73M1 VvM+5mk1SVOe03Ce1VkdmOk79lmfu/Oc+qkKqUCa9/mfvTOfAXKdBpGYzmOWPqSWk7SgMXRG76ib 8+iTdPObFFqZ23M1jJmewGmZ5/ifPIWZzeKfmqmZo1mapCk9vgMt9Sk8wqksBLprTkOZuRmZYRSP NQpGoROjTeMu5bmeFdSeShOj7+k08nme8Vme72meAroWf1Q9zfJB1ZAKTro6psksmFlFPLU6AcpH UlQvLyoQiQmcZKNg3BKmTHOhFrqkYhF/7Lk0TyOkRMqebUqkbhqkbnqOVdQ7VuqkTJmiPKU/INqU gGSlKAqoGikvX9oWSPoASP+qNNX0qIrqqIu6qOwCOXZ0qYyaqZaaqZfaQZjao5waqu6yR3ukP6tT qvyDqqbaP/xjqlDEqiYUOHyIEU+zPo5aqwaXq7eqpBHakc80qb8arIpqq3Y0rMaaqRCFPlCkWcv6 gvCDQuvTqtKaP9CqpnjxpZu6qQhRlQk2EHaUre0COeAqrg9Art9aruhqrgMxPy16LBqpPpITrwPx rvNqX/BqX1MzqxWHrsearJCKVI9arMg6nC45sAJ7sMJqsM9UsP6ajBAlOfjzTBBrX9czsfljXwbn pfoKPRybO1/qresKsmUmsujqYCRbqSE7siarsiXbsvGjL4e6EK9Ur6hJED3/07E4CzcfSyU8C5j2 0rMGAbQr00TWap0bm7NIGzUfm7RMGzdH27RQizNLG7VU+y5TW7VYmyxXm7Vc+ytbKxFTAABTYLNh CxFjSxBhe7YVkbZiK7YIUTNqaxBxixNti7Zu6xBpS7Y36xBty7YIMbc2kxB76xJ5+zJl+xBzW7gC UbcW0beMK7cbO7gS8bUQkTInY7l46zKYixGDC7g3K7lG8zKLOxCAexCbu7kXMbjEU7owobaXK7oN ITBoC7uo27gLAbeCK2BP6xIno7ZxW7tj+7uwG7y96zJlezMw87gic7cP4Lt3y7iKaxNnC7yk+7YC 4buj+7y/G7wHkbjMS7yw/2szh1u4jysTvVu94Wu8zWuzw4u+yzu927u+kGu32Hu4gbu446u9oKsQ lDsR0xu+2Wu6s3u9+FvA93u5yMu+o2szr3u/2HvAAKyNC3y/1Xuz/7vAssvAGHy9CZy+i9vAFwzB FLy/JtHAFBzAU3e6w1u8BHzAHdzC8vu8G7zAIUzCApyaAPnA8lu9pSu8NIy+MRzBE1wQNdzCmxvC dOvB7NszOlzEPwzDA5xID3y+RgzFM9HERLzDUTzCMOzEDgzEW6zAU9zFT8y5u9sSJuw6mku7Sly7 EUwwE9zABRPHGQyQSqzAN8zFeizCJ/zGAxPHGAzHI1zHQXPHQjzEKjzDev/sxkPMwBmcyHM8yDac x4dsvmQ8uz2Mx1S8w16Mx5wMyEGcxThMEz7cx8tLyWMMyjq8xUfsvlbcx1rMu1GcuLEMxa1cxaoM xmB8y6HsufNLEf2Lt67cyKc8dam8yB9MyQiczCKcyoz8EnPrxmMrN4mMzM37wi7MzFQMyZWcEsn7 xrB8wtW8yc6MzfBrwHLcvns8EcGcudv7zY0cy4qLxRwczsnLvYH7vaT7vcXLui3Bts5Ly7bst/iL ugaNz6K8z19sv5bL0PA7yZpH0OILz7Dsve98xw1dy/JczOAbxw5d0Kl7xnUC0cPzNyQduqPsK30b NRLN0uX7E+3ctTJttCn/PdM2zS8xfdM6fa0ivdM+rbU9/dNC7bVBPdRG7ZdFfdQjMQV+wNSs29QG 0dRQXRBS7c/XK9Vyi9UC4tRTHdWAW9Ve3dV/q9VoS9a6W9NvUW9Ew9VOHdZUzdYEUdViTcRyXdZc HSBsPdfKxdRvDdYDIdf+nNd2bdYsmNRCAdd9/dVtrRB3Tdd87SttHbxdjdgCodWPvdfMddmOXdm+ O9V6/RaR3byT7decndme/diabdecTbqn/RE5jRJ5HbeAHdeUndWNfdW3XSlYrdainduLbdmnzduY jdulTdytsdu2bda/jdrBfRDAfbbP7RGvbRKhvdym/dfMPdbQ3dnbTRS3/z0Fnd28sj3erI3Q2C3e 4322iw3ept3D4F3cvc3ZVs0S4H3Zo73XtJ3f1/veih3f2i3fxr3Zw43e8C11aG0WyC3g0T3gfW3c Cw4U2e3fUJ3arT3YAq3czS3hqQ3f1h3gMhHhyy3ab73aFi7KhF3a3F3gtN3eHP7ZIX3gK3Hb9y3W NJ7iis3iA77YCs7c2y3cOqHZfA3c+F3WV53cG67jOZ7hSF7eLd7jpFxvQZ7dcx3hFs7bS47bUvbg qp3kTn7WnvzPma3eU83fal3h5f3eaIvmC97U7o3jlo3mP1HjvZ1cE27lJ47dhJ3ngo3idz7nOh7b NCHnd13nyX1fuc3gbv/N5xuO5X8+217ezScB5HQu5Yl73Y5N1mvO492r5Bn+E5KO35I95HTN2P7N 5Ild46Rt5FBe11e86qAu4p+96Dw85S5e6ph95eWN4Ye+hzCOEoK+26F+6YaO6Xt+630O6Ixe6zjx 67cu4l7t1pNe5rKO6HjOELiO6y3B7GC96HqN3Hq+6l3e4Atx7coOzIbdEZ8+4bDewz5OwEju6Iqe EMXu5+2OE+nu5LFu59y75O9O5ULe5CSu4TVx78Wd77a9vvyO6g7u75ou6iEu3efOEdoe2cLd7UFO 7Spe7eOe7/N9EyDO4tzO7rWd8fBu7Cme7FUuvZau6SG/6SNP7SUP743/7tus/ujxrBIEP9wGv9mS 3eX2zfBufvLlnhPfHd7s3ejaHetwTrpXnuq6ru/1Trjsfd5FzuZ/zrovb+vyDbhHn+ZQPvXC7toR zxEfT9wtr+rj7fSUPfNPP+12EvU4A/dnMd1h7/DRjvQub/F6n/aDXejG0vEzA/jJNPYQrtSGz86E 7+mHv/gPQfeM//gS3OuQP/mt4fiUf/krYfmYv/klnPic//k6ofmgP/o2H86kf/pDIfqov/rmLvms //pJ7PqwP/syGTIfc/u4n/u6v/u83/u+//vAH/zBT/vEX/zGf/zIn/zKv/zM3/zO//zQH/0dK/zU X/3Wf/3Yn/3av/3c/38wsi/94B8RFB3+5G+7X17+6F+535/+mAiw/lq0lTL+7P8rubp68C8l8m/4 BhezDKENtfmvAEHtgUBqBQceJHjwwUKGDR0+hBhR4kSKFS1exPgQgMONGT1+BBlS5EiSJR9We1BN 5TaV1FhWc4nS5EyaNUsmxIlQ4U6bPX3+ZNgxKFCiRY0elagSFsxt1Jg6dQm12lKBSK1eZZhTq86t CbF+xSp0oViwZc2eTQkzJUu2MdlWY5k2Jlq6M7tyxeu17l6TZMnyBRwYpFTCMA0XRjx120N/ggPj NAhZa2SE1FLxdJw5ol/NnT07VAlX9FvSolWuHQ031mfNd11zNchaNv9n2bUBJ8Z9WHdhWFVtnyVI Ofhk4gNj/85MG/nyrzENt3zpFHrL0M6tv2Re9vV22L6z71X+XfxPqUvNGz6fHv16p1SrqaLWeLxR ycaH28dfcLjl4/PNhvcvwJFeei606Qp0zkDrDNxGFQGB4i7Cyrx7MCyOKsTQo/amei8WWFZRhcMQ zQPxPQ4/HLEaQzo877IM7bJPPxn1yy8yG4NLpb8XjQJwR4gSABLIkYKMiEirVErRkBKXUqXJ0JSE RZWlqollRepUWQWxkoxciMvv6qMxzLzyssynIL18sceM8hkoH3zafJMaN+GkU84457SzzqxsOjOB IYX8EdCjnGpSlVj/VDGEi0OjNATREB1VBRAOAYFlxUcNsdRE+Cj8yEs0l9svxxwLElW/UfmbccZU csTszz799FHNi9h8s9YHbMX1Vl1z5XVXX/k809W9ND10FUBiURRRRQFptBpJEY1FRRBXWTFKQ1OM 1sEtAf2UORxlfOBUcY27jFThUKXp1WB3lLWiOPGB1xl85MFHXnrtrXfefO/VF19/9ZWTU2E9FXLd dR8gkmBYuzwY4YK7pejaQyM9FNNYjjUU4yarfE/KjmE59D0QD51Y4E5hFZShPlV+OGWHuYTZZZNk XNVc/si1bFRxUTX15pkUbmhllv00GE2hy2p3olr1pRdeep+Gl2l9/52WmmqoqcYnH5MbSsWPy7p2 8aGEU1a3bIZfHXrog8te2CJCSZb42g4fDVliJkXUlFhtJfLajwf6LvLos4tWV+2YiZb5phhXHddm /kQd6FSaR70I7HC9FjtxwwVlG+3BIT4q6YiyllfeZvI93XTUV1e9dXxSf531fPWCCGzMA0e8bcJR 5nbs3nlf2EjCMSrI0EaxPB5SagtNvvmNC534Wke3XsgP67ueqGGH034ZeIa5fzn8mvYzV1RxSzW/ fMkZ11Ei28MO2nO1ux+8fvE51zz0Cz+Kemr/m/5f1AA4QAEWEGv4oN5CLIc78B2Oew68H/68d7aM FA9uF4zbyCSmpP+4YbBuq4Af37CXPdANj4IOaZjgbEIzU4WrZ6aCHPp6RjmMLDBQ8oMgBMUXv/zx aH8V7FcQ+TXEfRXxX0Q84uva95AQotBsJ9yh8CR4QrZBEXQRSUWUloc8RzUKU4BgXqQMwawmHW+L W4wUqyriN4po73MT3GH3XHZFkkyOfaSqWfn0GDnzsc8jTcyc0HI4RSjKsW0WashfKJK1q/1PHlCL R9Qi+ch1xON0VKvkMZpGQKfJI4EWqaIVCTlI4HlOh26jBvKmdS1qTYuMrYyUoRTFQQ3CcnmfvIj8 KCjF4E3RaD0cCfl4NqMYETNVdyQKLx9IyCi27D8/dJvsYOeMeBj/Qx6mW8fpjrEOZ8jjGPXKZuya EU54wc6cSsSlRDoHR1IuE45O7OUhJ0KQLtbTi45alqO2gCgy3tOfYqQhSXrHQyqO8nc8BOZgcHbM VKmqoXj0Wrl+RraDFjSe7iwkIoeSEasFcB3edJom8RGPb8ojHvGQxzr6hw9NfpSAV5MHIDPyS3Ya tGUTbGdGLZKKJtmSlkoaIxcR1SguSOun01LSH5Z4spri1KaizB15HjpVqsIwj+kKZbBM2EynytMq ontIPkoXO3qdrhnxcEY4j0FSb1oSH9akZklf9zRj6Ouc9DrGUnM5x4py9Y3MLBxUNWSZeoLRn4bY 5xjBCAhA7LOM/44yrBj/oAqZegRohuwrL4/mO5+wUI87K9VnSdU3vYbkiX9toE1VeBWwOqSjUEup Jtea0kcCY6Qo/ShLVSq1cb6WaTEtLQm9ylnBhu+ynyOoTitCqi4uD6iIAhHFvDix5z6XWX9Y1UR1 J8Go6lCrzlTuTao63mOCrbKu+pTgvMvdOLIWmssVpzzMes1q5ssY9R0nNeRRV2Oso79mfZ1/1/HN Zsh3rvM9RjPS6aOINAaPzFpsUCE8RglTGMJihDAgsEu5NzE4JAKRYYgfN2IZ9u2qHi5KaxtCDalB soAvNWCL4ZUP2EoNpedFMSpXBYhWetG5P/ZxkCWb3RzXkbxHZv/ciYv8ExUvhBoFNnCB5xtJKR/Y ylC+8jWzDGBqNkONS/4IRC1c4QiXGcOI/cNkAwrmMJPYzSJGX9euRzs2z6TJTn7kSPU1ST3Ti89/ 3nOg/SzoPnvTGTiuc0TwmOY/SHh5kfWihQER0TIlWiR6dNzOMs04PwTX0iC5M4tTIV9SS7nUpzZ1 qlG96ip3M8Fr/vREHJwzP/yh1lpgLGJzvQXGNvYPWrB1zWAd6+Xy8c3HXlXfrjdsYofkzk7Gco2l LeNpV3te3gTugptdPFp3zdZpLgSjbR3uVKg5SnBp9mCGyTPQvq/TNEp3SZ79gGY0Y61rVXW+Wb3v VJOUpM0QhZL/4/2Q8qQSFqsqhCq8ht2Fgy3hPM3RptQycFQWhNJw5rScKa1tikPk2QFzxijq7e97 k9zkJUf5yUkuX0sCXOAdd3J0qjMVgzcpi00qRJRSWRAEhQbmy9V4knOWbNst29M/l0iotfY6L6dC FKMI+NOjDnWnU13qVZ961rFe9Yg6wxmtGnhu2pPK9+wcPvBxT2J6gxL5ID0r3bZe3DUedxNDzu2g fu9F4mSZpouccU1PRTNGsaqmi0LwhF+V4Qcf+L+nwhmnC5jbUSKalFSe8qGROVxggRrOX/7uELGj u82bR3B9PiPztpPWnsyfZhzay6z38uNZf+jV50jBtmf9kxGo/xOYuwUqTVkJYoBPGODD5ffHN313 HpdkoUuu9MmvyLNptSutLf3rLMY+ArWffe5Xv/vY9xXHwTx5y5ef/Oc3f/rRL5PPd4Wq3QE79N+r SIkIJE66ijz2tTaQ3es/YPBqE+4LwIO4PzqLN5SIioNAQIRoioE4DYFYwAVMCAmMv7Abk6pSPvH7 uXl7ADZZiA7rwA6ckw9kCBC0FQ/UFTZBQRQEQQ0sssVYCPSLwcpbDPKbwRusvJNIPt/gwT1xMh/E C/mbiHnrFVuxP18pQiQkQCUswJ8TiBqsPN9Av8WAQAXciSokPxdcMgmJkKMzPQ4kwYVgQYYYQzEk wzM0wzTUFf81FMI2pIke/ME4vEIgzAk3nL8KCsEj1EP848P788Ml3MM/rEMnBEL2k8JCRMQfXECk 48ILhD873KhIhMRJZDM4dAgtbEPUQ8M1TEFOfJPpI0FQ7EQT5D1KNEU8fI0flBBKBMNTdEUBEZhY PEUw3EM26UFb3BNc/EFdPAhcNED5w8QKZMQ9acQeHERIbMVXVMZlZLBkVDTQg0aCY8ZpxEM5tMRr jMZJdEZq5MZuXI5t9MZwFEfNAMdxNMdzRItyBAoAAIApSCR2zAh3fEd5FIkpYMd2hEeP0wiJoEfP wMd5xAh7pD+MYEeBbMfNeIh+zDvwsEeAvAiBTCSIHIuDHAn/g5TIfVzIhVDIvsjIvaBHeRSKgXSI hmSIjzSJjRxJjNTHzwhJjSxJizDJkkDJhtjIgRTJZxoLl9RJiojJB1DInqxInlTJobSzjgyMjmjJ SBSLjVjKjWLKjiDJiXwARfKLqGRKehQKibzHibxJugBJScxKhJzKqURKsWhIquSIfBxLtQzJfPxH suxKRErKnaQ/qFRJpPTJsnzHsSTKrcxJtcRKtxTMmTw9owSMr8zJROJLaIpJinRMnaTIlFRKjbRL vmzMnSTMuqhMn0xJwgTJz0xM0ExIxQzNytxMxARKujjNzuTHsbDHnhTNx+TMqUTJfkxKkkTNl7RM 3RQJdVxH/9i8kNokzd3EzMRczOGUzKTEy9A0Ts2wSklcS7FcTOWEzuYkzds0zuWMS6x4TutkSo+b y+UkztmczblETprMzsTEzuMkCd8kCsRkT/JkTN0Mz+IcTZp8y8vMy9fMzqhMDvs8z+GsT/IUTvzE TfqkTP6cTv/UTACtTvTcH/2cTgflzQRdTcvER/h8y5Fwz3VMT8VEy8mcUPV80KYk0RP9ixTtDPHk jBD9UL40T7B0yhmNTxXlCxa9EJvESOr80BhtTh6FUeus0fY0TLSQ0BZdSfscUNGUzNKkTMhUUgpt UObcSZesyR9az8iEUCfNSyglUCqVT6TZqNR0x59EUDDV0P8xdU2IsM0n7dLyjNIv5dAiTUct9UsR 3dKJBE7M/M6+3IivZMugiEzcVMuj9M+CxNKI9MsBJcv4ZM+DxMtBLUm2LMvMZK1D1dIRndSlxNQ9 JdA+nb8//cvwHFSoLFRno9N0s1RxXFV0rNDa6NAKucdWpUZ83E5zvMdbPcpUddVe9dWziNVfFdZh RdUAJdZjRVYfMtZkZdZmLcplddZoldbChNYio9Vp9UY2wpBgrQ0/mAJv1daRDFeNBNeELNeIANdv VdeGSNdxtbR0fQh4nQh1dVd6vVYUs9d4XVeHkFd+PFea/Fef4FbWaNdvNdefbFeApdeIsNeAzVdi K1h2fVj/Nk1YiQ3YWGvYfoxYhthYil3YkqxYgeXVCilXv/nXkK0eefRWkFXZVt1Xn1zZdDtXg01Z NqLZg01Zi6W4dS3TmJ1Zbf1ZhvXZjxxaD61WH+FZfe3Xv6HZff1ZS31Zph04p23aoXVXprXZmIXZ jitZnMVacm3Zq33amgVbJhtZs+jXm13Zm91akOVYg61Xk2Vbqs3asKUIrQVbvGWNj5Vacu3bnH1b nYVZux1cjyXbmmVb2+BbrYVbjXVclg3Try1cyY1ayKVcqzXbo62LomVaeWxccfVbmuTb6inbt63b lPVcvR3JxJ2Cif2Mqi3dtR3XmG3d1SVcqq3NqiVadb1X/4+02dT13J7l15YV19b9ydq93JbN3dOl XOTtiYE1CbyVXeJNXM612MqV3NjV3cMV2uFlXs+YW7nN2r8N3erd3uQ1XPTN3r0N18YdX72F3eI9 2fMdW6+t34ulCeiVyfYVX+FV3aWVX4R13O/NWH/NTPx1DOnt2c9N3MEV24Y13dFVWAAuXdlQYAeW 2gaW4OsFWghGXAR24JctYJHVXLS4YLjN4AeeCPH1XoXl3hC+2hf2WvDl3wzeWtVtW4joWKzFXpZF YBDOjPC14c8113md3A8e4B7O2/Dd4Gd90MOs4emVW4rF2QUuXsHtYSUGYhnOjBPu3xyW2DVq4PUV 2trEYf/N8GIeBuPAbWEWVlodHuMrnmGb0F+SSOPCHeP/ReGL5WPi1V7LPWLTreDOEGLMxeE8jt/L FeTJZVzMrY1CtttDjtsyZeREDtrDpVrLPWOOLGET9mNDNmM4RtlBhuEJVttTfmAKds7xbVueVWFR jtqOFWGU9WDFZeXtRWSPXdodluVGHt1aft6zLYu07eBSBlylReRJVmYXJuUI/o3FJVoebmS+wd5d ZuJlXg5odtteLmM99uYBnuCDjWEnFlI2611sncZzhlVhxpBxRudxVOfZYOd3pudjreN6xudXvOd8 5mdtnOd+Buhw3OeAJugv/OeCRmh9PuiEZmh/7uSGhmj/VxzoiKboRJvoisboIrvojOboWEnLXAXp kBbpkSbpkjbpk0bplFbplWbplnbpl4bpmJbpmabpmrbpm8bpnIbpjubpnvbpnwbqoBbqoSbqojbq o0bqpFbqpWbqpnbqp2YNBugJqV4OquYLqrZqhshqidjqq+hqqLYKBvjqiBjrkShrzzhrsMDqh0jr hWjrithqsc5quXaIuAZrpBBrjHhrj9hrwehrvHZrtraIv2brvNbqw34Aq1Zsug7suy6KtXZrxo5s w24IuZZqyVZsrTZsy4YIzpbsxKbsy8ZqyibrzzbtzUZs0J5rzCbtz25syFZtxO5qztbszJ5s2W5s wU5t/9hea7t2bKLgbdzO7d0W7sTO7ctObeJ+bdm2bePm6uRe7sCG7co+7up27s6ObtuebuvWbu6O bt327uX27d/+ieD+7tlW7u6m7uG2budW78kmbfBebNSm7rhmbO2m7fg+bOQe7ftm7+vub/rubv4m 6/V2791ubfIub8s27+ZW7gP/7vZ+8AY3cIp47+027eLebs0WbAK/7uJOb90ecOMe67nW8PqGbgWf CRMHcAlvbwqX7hRvbhh/cfkObxKv8RbX8RTfcfVG7/MGchev8AtHcRUHChafcdfu8dqebyGf8dqG 7gyv69MObfoGcNau8ibH7uHG7P+m7ds+7gT/b9XO8v/KznIWN/JJ/PHH/jnCTvOMYPA4l/M5p/M6 t/M7x/M81/M95/M+9/M/B/RAp/M3J/RCN/RDR/REV/RFZ/RGd/RHh/RIl/RJp/RKt/RLx/RM/8Y7 DdKkG0Ki5NCQxjtQ780kjT5NJ7ZC9VFTB3VdpQhX3wy/gPWkk3WCRPVYs9G4FEkb5eT2rHU7+3WL mPVbD5Bdz847NdHqbMtAFcxTLWeubMlTBdVpR/ZGhUu0jHZBVXV4XPZhJ3bkMPZOP9Eh3R8TDVRl l04YxfahEE91l9EcZfcfPXZ5/3aP9nRxv07wFPXjbPdk1/Zqp9F9zHZ+p3chnXZ87/dnr/cMCfd2 j3ehVlf3XP1RkCZ1gnfUINXOfP93Z49U9aR4i7f2hbd3sXR4qXTRgEfOm6xLjd/RTjf3o+14fH93 QRX5kafRktdUdHdUf4d4el/56ET4gid5lzf1k6/5B1H1m2d5Xkf5hNf5ocR5TXV6f+d1IBV3t3zo o9/0pJ9OgPfOu/R6aO95sX92RpV47+R0PO32d6R2Z9f6t4f7uJf7uaf7urf7u3fFgAAAOw== ------=_NextPart_000_00IW_07I2483QC_08G.192F92G0-- From eap-admin@frascone.com Thu Apr 7 21:54:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA29285 for ; Thu, 7 Apr 2005 21:54:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2EA8220659; Thu, 7 Apr 2005 21:54:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id BCB9220448; Thu, 7 Apr 2005 21:54:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4A78F20448 for ; Thu, 7 Apr 2005 21:53:34 -0400 (EDT) Received: from orsfmr003.jf.intel.com (fmr18.intel.com [134.134.136.17]) by mail.frascone.com (Postfix) with ESMTP id 3EE3320445 for ; Thu, 7 Apr 2005 21:53:32 -0400 (EDT) Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr003.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j381rVVa030847; Fri, 8 Apr 2005 01:53:31 GMT Received: from orsmsxvs040.jf.intel.com (orsmsxvs040.jf.intel.com [192.168.65.206]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j381rVRa025440; Fri, 8 Apr 2005 01:53:31 GMT Received: from orsmsx331.amr.corp.intel.com ([192.168.65.56]) by orsmsxvs040.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005040718533123000 ; Thu, 07 Apr 2005 18:53:31 -0700 Received: from orsmsx402.amr.corp.intel.com ([192.168.65.208]) by orsmsx331.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 7 Apr 2005 18:53:31 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] Re: IEEE 802.16e EAP usage modes Message-ID: Thread-Topic: [eap] Re: IEEE 802.16e EAP usage modes thread-index: AcU6kuZXPrt11VEnQu2fOuj/A1z3RgAuyt2w From: "Bakshi, Sanjay" To: "Bernard Aboba" Cc: X-OriginalArrivalTime: 08 Apr 2005 01:53:31.0422 (UTC) FILETIME=[C420C3E0:01C53BDD] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Thu, 7 Apr 2005 18:53:29 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Bernard, Starting a new thread as promised... Please see my comments below. Thanks, sanjay > Issues that come to my mind are > a) MTU discovery > For the minimum MTU of 1020 specified in RFC3748 can be used EAP can't do MTU discovery, per se. Are you saying that a minimum MTU of 1020 is always available? <> Per RFC MTU of 1020 is the minimum that should be supported > b) Channel Binding > Are there any EAP methods that implement this? Yes, there are methods that are capable of this. The EAP peer and server verify that the "authenticator" they see is offering the same information to each of them. For example: Authenticator MAC address as seen by peer =3D Called-Station-ID in Access-Request SSID as seen by peer =3D SSID in Access-Request NAS-Identifer as seen by peer =3D NAS-Identifier in Request <> So is it fair to say that channel binding is a way to verify the identity of the authenticator. It seems it directly does not really have to do anything with the lower layer used to communicate between peer and authenticator. Lower layer just happens to have some attributes such Authenticator MAC that help identify the Authenticator? Also it seems there is an implicit assumption that for channel binding to work as per rfc3748, either the peer needs to know the identity of the authenticator up front or an authenticator should be able to advertise its identity to securely somehow? Also can you give me examples of EAP-methods that support channel binding? > It is not clear to me how Channel Binding is implemented when pass-=20 > thru authenticator is in use. This because the Channel (lower > layer) between peer and pass-thru authenticator is different from the=20 > lower layer between pass-thru authenticator and AAA backend that=20 > execute the EAP method. I'm not sure why this would affect Channel bindings. <> I agree with you. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From gt7080a@yahoo.com Thu Apr 7 23:27:02 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA05680 for ; Thu, 7 Apr 2005 23:27:02 -0400 (EDT) From: gt7080a@yahoo.com Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJkHq-00069E-EN for eap-archive@ietf.org; Thu, 07 Apr 2005 23:36:03 -0400 Received: from c-67-171-203-7.hsd1.or.comcast.net ([67.171.203.7] helo=aar.alcatel-alsthom.fr) by mx2.foretec.com with smtp (Exim 4.24) id 1DJk97-0002Mb-Mm for eap-archive@ietf.org; Thu, 07 Apr 2005 23:27:04 -0400 Date: Tue, 30 Nov 2004 10:00:31 +0000 Subject: sold out - cheap viagra price. as low as 0.78$ To: Eap-archive References: In-Reply-To: Message-ID: <3BF34KBB4HLI5F3L@yahoo.com> MIME-Version: 1.0 Content-Type: text/html; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-Spam-Score: 8.0 (++++++++) X-Spam-Flag: YES X-Scan-Signature: b5d20af10c334b36874c0264b10f59f1 Content-Transfer-Encoding: 8bit

SAVE 70%

SHIPPED WORLDWIDE

Zocor
Viagra
Cialis

$1.89

$0.78

$3.00
Soma
Lipitor
Levitra
$1.22
$1.89
$1.00

MERIDIA

ULTRAM

SOMA

$1.11

$1.11

$1.22
SEE OUR FULL OFFER

 

 

 

 

no more

 

 

 

From pthoms@fadmail.com Fri Apr 8 05:47:54 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA27868; Fri, 8 Apr 2005 05:47:53 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJq4y-0001od-VM; Fri, 08 Apr 2005 05:47:10 -0400 Received: from j36015.upc-j.chello.nl ([24.132.36.15]) by mx2.foretec.com with smtp (Exim 4.24) id 1DJpwF-0003cc-Sr; Fri, 08 Apr 2005 05:38:08 -0400 Authentication-Results: quartzite.es from=premium.mexico.es; domainkeys=neutral (no sig) X-Originating-IP: [79.152.6.208] Received: from premium.desperate.es (EHLO premium.lectionary.es) by premium.bottommost.es with SMTP; Fri, 08 Apr 2005 13:38:52 +0300 Date: Fri, 08 Apr 2005 13:31:52 +0300 From: "Alison Castro" To: drafts@ietf.org Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org, ediint-archive@ietf.org, edu-discuss@ietf.org, edu-discuss-admin@ietf.org, edu-discuss-web-archive@ietf.org, edu-team@ietf.org Subject: Your account #2M7015 Message-ID: <119441.7259.pthoms@fadmail.com> X-Mailer: Kana Connect 6 X-Spam-Score: 0.1 (/) X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.3-m-n.net/sign.asp Best Regards, Bryan Savage to be remov(ed: http://www.3-m-n.net/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From saul@doramail.com Fri Apr 8 05:48:00 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA27970; Fri, 8 Apr 2005 05:47:59 -0400 (EDT) Received: from [219.255.124.24] (helo=MW0T1T8WEVK4XVF) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DJq1i-0001cz-DY; Fri, 08 Apr 2005 05:43:48 -0400 Received: from apart.eduardo-rubicund.com (HELO chinatown.com 66.0.117.61) by dortmund.com with EMQP; Fri, 08 Apr 2005 06:29:14 -0400 Date: Fri, 08 Apr 2005 05:22:14 -0500 From: "Edgar Durham" Message-Id: To: drafts@ietf.org Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org, ediint-archive@ietf.org, edu-discuss@ietf.org, edu-discuss-admin@ietf.org, edu-discuss-web-archive@ietf.org, edu-team@ietf.org Subject: Save hundreds every month on low rates X-Mailer: CompuServe 7.0 X-Spam-Score: 1.4 (+) X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.3-m-n.net/sign.asp Best Regards, Lemuel Metcalf to be remov(ed: http://www.3-m-n.net/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From pqedvehp@mailexcite.com Fri Apr 8 05:48:09 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA28157; Fri, 8 Apr 2005 05:48:09 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJpvR-0000rI-3t; Fri, 08 Apr 2005 05:37:22 -0400 Received: from [218.13.43.100] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DJpmE-0003C0-LO; Fri, 08 Apr 2005 05:27:47 -0400 X-Message-Info: 8imqzrrc0325fPUX/yjtInddDVAeLICrbwBSM503HSfft Received: from wife (216.234.194.164) by ka5.blackfeet.tansy.quadripartite.verizon.net (InterMail vC.6.81.82.76 203-33195-38-06250-89-2987433) with ESMTP id <390993.GHEG4829.pzt368-mail.angora.bruce.net.cable.rogers.com@chub> for ; Fri, 08 Apr 2005 04:25:46 -0600 Message-ID: <39310rpnh86023bcrri$966xp69$6734tcz28zlp593@foulmouth> Reply-To: "Cecilia Rosas" From: "Cecilia Rosas" To: Subject: hExttendder is here now! Do not waise your time dairylea Date: Fri, 08 Apr 2005 05:19:46 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--ramyp66263457gpikzvx" X-Spam-Score: 9.4 (+++++++++) X-Spam-Flag: YES X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228 ----ramyp66263457gpikzvx Content-Type: text/plain; Content-Transfer-Encoding: 7Bit New... and improved: exxtend your tool now! simple, safe, quick ! a few minutes and you got yourself a hugge tool, with permenent reasults and no surgary needed. you'll get tired of scrrewing, for sure :) come take a look now! The new, bast Exttendder online website! http://contemptuous.k3y.net/pe/erika/propellant.htm statewide conference scholarships for outstanding ged graduates and outstanding educator recognition. hi! some call me leroy some call me lee and some just call me hey you! just don t call me yeawho even though i am one! hey! yeah i sent that person and im and i was like no that was just about the mean ones!!!!! i was like i have friends that are! brain changes may point to future alzheimer s advantages of schizophrenia drug questioned - study u s senate passes medicare reform bill early repair of heart defect improves growth men. you know sherry i came here a few days ago to return the tag but i got side-tracked with your link to that photo place i spent all my computer time there that day and forgot to come back here. hi anita i contacted a few months back and you had no puppies but you asked me to follow up do you hav any female puppies available yet? maptech mapserver maps and charts with gps interface digital usgs topo maps topographic maps on cd rom with free viewer and navigation. by the way as an american it saddens me to see some of the messages some of my countrymen have put in your guest book may i apologize for their lack of character and integrity? what causes diabetes during pregnancy? provided by yourmedicalsource com several factors increase your chances of developing diabetes during pregnancy. wow!? what happened? i had some really neat tags over the last week or so and they re gone!? does anyone know what happened? in is padi s top-rated group of centres in the uk with two careeer development centres it is also the andi uk college. the place to purchase your music cd s - choices in every kind of music rock r amp b jazz classical country christian and more!!! woohoo i see i was last to tag last night and first today super sunday to you and your family sending lots of hugs and christmas joy my prayers are with you and yours. ----ramyp66263457gpikzvx-- From eap-admin@frascone.com Fri Apr 8 08:46:09 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA13480 for ; Fri, 8 Apr 2005 08:46:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C1EFA20728; Fri, 8 Apr 2005 08:46:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4385B20722; Fri, 8 Apr 2005 08:46:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 350E420725 for ; Fri, 8 Apr 2005 08:45:42 -0400 (EDT) Received: from mtaout4.012.net.il (mtaout4.012.net.il [84.95.2.10]) by mail.frascone.com (Postfix) with ESMTP id 234AD20722 for ; Fri, 8 Apr 2005 08:45:40 -0400 (EDT) Received: from [192.168.2.125] ([80.178.126.213]) by i_mtaout4.012.net.il (HyperSendmail v2004.12) with ESMTPA id <0IEM00HTJOWKUYB0@i_mtaout4.012.net.il> for eap@frascone.com; Fri, 08 Apr 2005 15:48:27 +0300 (IDT) From: Jeff Mandin To: Sanjay , Bernard Aboba Cc: eap@frascone.com Message-id: <42568B00.1000204@streetwaves-networks.com> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us, en User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Re: IEEE 802.16e EAP usage modes Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Fri, 08 Apr 2005 15:45:36 +0200 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7BIT Sanjay and Bernard, 1. Regarding channel binding: "pure" 802.16e authentication is done entirely inside the MAC layer (fundamentally different from 802.1x) and all credentials belong to a single Interface/BSId. 2. Consequently, for pure 802.16e the Authenticator as well is always identified with a particular BSId/Interface. Consequently a channel-binding EAP method could use the BSId to enable both the AAA Server and peer to affirm the endpoints for the authentication and key scope. (EAP-TTLS has optional support for channel binding BTW). So basic 16e can support channel binding methods easily. 3. The "Split Authenticator" proposal does seem to introduce issues however .... because in that case the authentication is being done simultaneously - in effect - for all BSes using the same centralized "back-half" Authenticator. I think that's what Sanjay was suggesting before (as the BSes aren't really ports on the "back-half" authenticator but are Access Controllers with distinct identity and credentials). - Jeff On Apr 8, 2005 3:53 AM, Bakshi, Sanjay wrote: > Bernard, > Starting a new thread as promised... > Please see my comments below. > Thanks, > sanjay > > > Issues that come to my mind are > > a) MTU discovery > > For the minimum MTU of 1020 specified in RFC3748 can be used > > EAP can't do MTU discovery, per se. Are you saying that a minimum MTU > of 1020 is always available? > <> Per RFC MTU of 1020 is the minimum that should be supported > > > b) Channel Binding > > Are there any EAP methods that implement this? > > Yes, there are methods that are capable of this. The EAP peer and > server verify that the "authenticator" they see is offering the same > information to each of them. For example: > > Authenticator MAC address as seen by peer = Called-Station-ID in > Access-Request > SSID as seen by peer = SSID in Access-Request > NAS-Identifer as seen by peer = NAS-Identifier in Request > > <> So is it fair to say that channel binding is a way to verify > the identity of the authenticator. It seems it directly does not really > have to do anything with the lower layer used to communicate between > peer and authenticator. Lower layer just happens to have some attributes > such Authenticator MAC that help identify the Authenticator? > > Also it seems there is an implicit assumption that for channel binding > to work as per rfc3748, either the peer needs to know the identity of > the authenticator up front or an authenticator should be able to > advertise its identity to securely somehow? > > Also can you give me examples of EAP-methods that support channel > binding? > > > > It is not clear to me how Channel Binding is implemented when pass- > > thru authenticator is in use. This because the Channel (lower > > layer) between peer and pass-thru authenticator is different from the > > lower layer between pass-thru authenticator and AAA backend that > > execute the EAP method. > > I'm not sure why this would affect Channel bindings. > <> I agree with you. > > _______________________________________________ > eap mailing list > eap@frascone.com > http://mail.frascone.com/mailman/listinfo/eap > _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eliezerRDCEhanley@fornariusa.com Fri Apr 8 12:46:35 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA12178; Fri, 8 Apr 2005 12:46:35 -0400 (EDT) Message-Id: <200504081646.MAA12178@ietf.org> Received: from dhcp80ff79c8.dynamic.uiowa.edu ([128.255.121.200]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DJwli-0007u9-Eq; Fri, 08 Apr 2005 12:55:42 -0400 Received: from server722.crancofoods.com (128.255.121.200) by 128.255.121.200 (Sun Java System Messaging Server 5.8 HotFix 0.69) with SMTP id ; Fri, 08 Apr 2005 18:42:21 +0100 Reply-To: "casi hashimot" From: "casi hashimot" To: dn@ietf.org Cc: drafts@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, edu-team@ietf.org, edu-team-web-archive@ietf.org, entmib@ietf.org, entmib-admin@ietf.org, entmib-request@ietf.org, enum@ietf.org, enum-admin@ietf.org, enum-archive@ietf.org, enum-request@ietf.org, eos@ietf.org, ep@ietf.org, eqncdtwgkfussru@ietf.org, equest@ietf.org, er-wgchairs@ietf.org Subject: Mort App : 067561 Date: Fri, 08 Apr 2005 19:42:21 +0200 MIME-Version: 1.0 X-Scanned: Symantec Scan Engine v0.1 Content-Type: multipart/alternative; boundary="--675326_21543490.jBc263" X-Spam-Score: 19.3 (+++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 ----675326_21543490.jBc263 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7Bit Dear Homeowner,

Would you like to cut your monthly mortg/age payment in
half? Imagine how much e.xtra cash you would have
every month to take a vacation, buy a new car, or
make home improvements.

All homeowners are approved regardless of credit
for a low interest rate. We'll drop your
mortg/age payment by fifty percent or more, and
this means more money in your pocket right away.

We approve everyone even if you've had bankruptcy
or foreclosure. We can ref1nance your home in
less than three days, and most people get money at
closing.

http://excellentlowrates.com/?name=rm2342

Sincerely,

casi hashimot

--------------------------------------------------
r-m-v your self: http://excellentlowrates.com/x/st.html ----675326_21543490.jBc263-- From eap-admin@frascone.com Fri Apr 8 17:16:08 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA13072 for ; Fri, 8 Apr 2005 17:16:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id AD03E20746; Fri, 8 Apr 2005 17:16:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 37DDC2073C; Fri, 8 Apr 2005 17:16:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 92D5E20741 for ; Fri, 8 Apr 2005 17:15:12 -0400 (EDT) Received: from mailout3.samsung.com (mailout3.samsung.com [203.254.224.33]) by mail.frascone.com (Postfix) with ESMTP id 76D392073B for ; Fri, 8 Apr 2005 17:15:09 -0400 (EDT) Received: from custom-daemon.mailout3.samsung.com by mailout3.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) id <0IEN00701CD8YT@mailout3.samsung.com> for eap@frascone.com; Sat, 09 Apr 2005 06:15:08 +0900 (KST) Received: from ep_mmp1 (mailout3.samsung.com [203.254.224.33]) by mailout3.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IEN007BGCD8H1@mailout3.samsung.com> for eap@frascone.com; Sat, 09 Apr 2005 06:15:08 +0900 (KST) Received: from Alperyegin ([105.144.29.41]) by mmp1.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTPA id <0IEN004XFC9XIL@mmp1.samsung.com> for eap@frascone.com; Sat, 09 Apr 2005 06:15:08 +0900 (KST) From: Alper Yegin Subject: RE: [eap] Re: IEEE 802.16e EAP usage modes In-reply-to: <42568B00.1000204@streetwaves-networks.com> To: "'Jeff Mandin'" , "'Sanjay'" , "'Bernard Aboba'" Cc: eap@frascone.com Message-id: <020201c53c80$0b4b93b0$6601a8c0@sisa.samsung.com> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Mailer: Microsoft Outlook, Build 10.0.2627 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Fri, 08 Apr 2005 14:13:10 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7BIT Hi, Just a clarification question: > 1. Regarding channel binding: "pure" 802.16e authentication is done > entirely inside the MAC layer (fundamentally different from 802.1x) and > all credentials belong to a single Interface/BSId. How are they fundamentally different? I'd appreciate some elaboration. Thanks Alper _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Fri Apr 8 17:49:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA14888 for ; Fri, 8 Apr 2005 17:49:05 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 23EC720379; Fri, 8 Apr 2005 17:49:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id AB78B2026A; Fri, 8 Apr 2005 17:49:03 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 352EE2026A for ; Fri, 8 Apr 2005 17:48:40 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id 0C7D11FE05 for ; Fri, 8 Apr 2005 17:48:35 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DK1L5-000Nq3-7D; Fri, 08 Apr 2005 17:48:31 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j38LmTs22788; Fri, 8 Apr 2005 14:48:30 -0700 From: Bernard Aboba To: Jeff Mandin Cc: Sanjay , eap@frascone.com In-Reply-To: <42568B00.1000204@streetwaves-networks.com> Message-ID: References: <42568B00.1000204@streetwaves-networks.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Re: IEEE 802.16e EAP usage modes Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Fri, 8 Apr 2005 14:48:29 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > 1. Regarding channel binding: "pure" 802.16e authentication is done > entirely inside the MAC layer (fundamentally different from 802.1x) and > all credentials belong to a single Interface/BSId. EAP is media independent. The EAP peer and server identities are not bound to a particular port or MAC address, and so neither are the exported keys. Channel binding, if it is to be accomplished, needs to be done explicitly within the EAP method, AAA protocol and/or Secure Association Protocol. > 2. Consequently, for pure 802.16e the Authenticator as well is always > identified with a particular BSId/Interface. As described in the EAP key management framework, an EAP authenticator's identity is not bound to a particular interface by the EAP conversation. An EAP authenticator can have multiple ports, and where key caching is supported, an EAP peer cannot necessarily assume that the key scope is restricted to the particular port on which it connects to the authenticator. For example, when a WLAN switch is deployed, the key cache may exist on the switch, not on each individual BSSID. As a result, if 802.16e supports key caching, and if an authenticator may have more than one port, then the authenticator identity needs to be made available to the EAP peer, not just the BSId, so that the peer can determine the key scope. I'd also note that an EAP peer can have multiple ports too, so that it cannot be assumed that the EAP exchange implicitly binds the exported keys to the interface over which EAP occurred. > Consequently a > channel-binding EAP method could use the BSId to enable both the AAA > Server and peer to affirm the endpoints for the authentication and key > scope. (EAP-TTLS has optional support for channel binding BTW). If an 802.16e authenticator can have multiple ports, then the BSId is not equivalent to the authenticator identity. That would imply that the key scope is undefined on the EAP peer, and that Channel bindings can only verify the Called-Station-Id, not the NAS-Identifier. > So basic 16e can support channel binding methods easily. If an authenticator can have multiple ports, it would not appear to me that Channel Binding is correctly supported. > 3. The "Split Authenticator" proposal does seem to introduce issues > however .... because in that case the authentication is being done > simultaneously - in effect - for all BSes using the same centralized > "back-half" Authenticator. Yes. This raises the same issues as were caused by the introduction of WLAN switches in 802.11. > I think that's what Sanjay was suggesting > before (as the BSes aren't really ports on the "back-half" authenticator > but are Access Controllers with distinct identity and credentials). Overall, it seems like 802.16e is grappling with some of the issues that IEEE 802.11i failed to resolve successfully. That is part of the reason why the EAP Key Management framework gives fairly detailed advice on the effects of key caching. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From WXWMBQSY@execpc.com Sat Apr 9 00:47:48 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA10623; Sat, 9 Apr 2005 00:47:48 -0400 (EDT) Received: from 12-203-113-223.client.insightbb.com ([12.203.113.223]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DK81h-0000nq-NT; Sat, 09 Apr 2005 00:57:00 -0400 X-Message-Info: LUTOqJ0pvsQSSa/pvyQLfLfKnRcHMi406KJH Received: from couscous-v625.alfalfa.email.msn.com (192.148.185.217) by ofq929-m00.email.msn.com with Microsoft SMTPSVC(5.0.2195.6824); Sat, 09 Apr 2005 03:43:01 -0200 From: Jordan Presley To: ldap-dir@ietf.org Subject: Posses whatever drag you want structure Date: Fri, 08 Apr 2005 23:41:01 -0600 EST Message-ID: <08989713.0097439.401@silky-dzr90.email.msn.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--zbcxgv661602717mofkl" X-Spam-Score: 8.2 (++++++++) X-Spam-Flag: YES X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 ----zbcxgv661602717mofkl Content-Type: text/plain; Content-Transfer-Encoding: 7Bit neew, improoved drags on our online website! just try us, you wont be dissappointed... for sure :) you wont stop scrrewing with viaggra, enjoy!: http://uproarious.oi6.net/p/erika/20/degeneracy.htm wanna get rid of smoking? Zybban is the simple and elegant answer: http://uproarious.oi6.net/p/erika/28/douse.htm lose wieght fast and easy? Maridia is the ultimate solution: http://uproarious.oi6.net/p/erika/6/insolvent.htm loosing hair? stop it now! look good again with Propesia, recomended! : http://uproarious.oi6.net/p/erika/12/larval.htm main page: http://uproarious.oi6.net/p/erika/choosy.htm also: men's haelth mucsle relexers pajn reliev today i feel a bit green green is the colour of clovers and i could do with some irish luck colour. a film is a petrifying fountain of thought a film revives lifeless deeds a film permits one to give the appearance of reality to that which is unreal jean cocteau. comments i just want to let everyone know that i am not a republican or a democrat in recent elections it appears that out international want to put all of our money and support on the wrong horse. directed by coolio starring moby and raquel welch this is truly an inspirational masterpiece not to be overlooked a definitive classic a wonderous spectacle of all things good check it out a review. daniel my dear brother i love you so very much and i miss you! i am so glad that you are out of pain i can t wait till the day i can see your smiling face again up in heaven kiss kiss your sister dena. batman i m pretty sure that rainbow was asking for you to go to their forum and post your thoughts there not here now i have vomit on my tagboard. batman i m pretty sure that rainbow was asking for you to go to their forum and post your thoughts there not here now i have vomit on my tagboard. haer kjaem en liten hilsen fra oss i l a vi har det kjempebra! har forresten sett masse klaer vi har paa flava baade haer og i london! dritkult! vi er fortsatt flavatjejjor! hugs - britt og marte. they re talking on robtv about interactive television itv which i think is total baloney. comment just to let you know the guy who played ming in the serials was also in a luaral and hardy episode but i don t remember the name. ive him a gift that implies sophistication with just a hint of naughtiness such as a mini bottle of fine scotch or a dominican cigar -- the kind of thing that makes it clear you think of him as a man. posterity you will never know how much it has cost my generation to preserve your freedom i hope you will make good use of it john quincy adams. for others do i wait for higher ones stronger ones more triumphant ones merrier ones for such as are built squarely in body and soul laughing lions must come friedrich wilhelm nietzsche. always enjoyed last of the summer wine glad that it has gone on for many years pearl is a great charactor who brings so much to the program nbsp. ----zbcxgv661602717mofkl-- From idellVGQSHardelis@kingjuice.com Sat Apr 9 07:16:24 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA28382; Sat, 9 Apr 2005 07:16:24 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DKE5t-0002ZS-Ox; Sat, 09 Apr 2005 07:25:42 -0400 Received: from [61.249.147.215] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DKDws-00019J-Pm; Sat, 09 Apr 2005 07:16:23 -0400 Received: from lacosse.customcornedbeef.com (61.249.147.215) by 61.249.147.215 with Microsoft SMTP203(5.4539.47.67); Sat, 09 Apr 2005 15:09:04 +0300 Received: from 61.249.147.215 (borkowic[61.249.147.215]) by cowman.customcornedbeef.com (azmfawwr55) with SMTP id <280wqtl768ua>;Sat, 09 Apr 2005 05:17:04 -0700 Message-ID: Reply-To: "stan cucciole" From: "stan cucciole" To: eap-archive@ietf.org, edu-team@ietf.org, edu-team-web-archive@ietf.org, entmib@ietf.org, entmib-admin@ietf.org, entmib-request@ietf.org, enum@ietf.org, enum-admin@ietf.org, enum-archive@ietf.org, enum-request@ietf.org, eos@ietf.org, ep@ietf.org, eqncdtwgkfussru@ietf.org, equest@ietf.org, er-wgchairs@ietf.org Subject: Dont be left out, rates just dropped! Date: Sat, 09 Apr 2005 09:11:04 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--52033_3761175.Xt696" X-Spam-Score: 9.2 (+++++++++) X-Spam-Flag: YES X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 ----52033_3761175.Xt696 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7Bit Dear Homeowner,

Would you like to cut your monthly mortg/age payment in
half? Imagine how much e.xtra cash you would have
every month to take a vacation, buy a new car, or
make home improvements.

All homeowners are approved regardless of credit
for a low interest rate. We'll drop your
mortg/age payment by fifty percent or more, and
this means more money in your pocket right away.

We approve everyone even if you've had bankruptcy
or foreclosure. We can ref1nance your home in
less than three days, and most people get money at
closing.

http://lowrateway.com/?name=rm2342

Sincerely,

stan cucciole

--------------------------------------------------
r-m-v your self: http://lowrateway.com/x/st.html ----52033_3761175.Xt696-- From dcpdikuubctm@aem.nl Sat Apr 9 10:40:58 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA12767; Sat, 9 Apr 2005 10:40:58 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DKHHs-0003lG-5o; Sat, 09 Apr 2005 10:50:17 -0400 Received: from cm223.sigma49.maxonline.com.sg ([218.212.49.223]) by mx2.foretec.com with smtp (Exim 4.24) id 1DKH8k-000648-0v; Sat, 09 Apr 2005 10:40:50 -0400 Received: from (65.246.255.50) (port=2669 helo=pYtYlPiHcF) by mx3.nmy.com with smtp id 401237c4d3c0$2180fea0$824aa2@ambient for cfrg@ietf.org; Sat, 09 Apr 2005 07:43:53 -0800 Message-ID: <305687c4d3c0$2180fea0$027aa4@slag> From: "Celina Ferguson" To: cfrg@ietf.org Subject: Having a bad hair day? Blame your genes Date: Sat, 09 Apr 2005 07:43:53 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--0" X-Spam-Score: 2.5 (++) X-Scan-Signature: 6ffdee8af20de249c24731d8414917d3 ----0 Content-Type: text/html; Content-Transfer-Encoding: 7Bit

  Sa p To 70  OF  Reta il Pri ces With Online-R
ve U % F X! 

     VI

   RA,  CI   S,  VA   UM,   AM   EN   SO  
AG ALI Ll Bl MA      

      $2.

        $2.        $1.         $2.          $1.  
79 36 79 68 15       
   To    Spe : Cia  16x20m ls on ly $87.
day cial lis g pil 00      
  


Otunbayeva said the opposition would guarantee the security of Akayev and other government officials if they go, "like it was in Georgia and Ukraine."

----0-- From barnabe_angy@battellemedia.com Sat Apr 9 13:03:30 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA22470; Sat, 9 Apr 2005 13:03:30 -0400 (EDT) Received: from [221.157.142.60] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKJVq-000237-NZ; Sat, 09 Apr 2005 13:12:51 -0400 Received: from mail.breadboard.com (221.157.142.60) by 221.157.142.60 (baynesv.015) with SMTP id <87674d51m> (Authid: 938); Sat, 09 Apr 2005 20:00:43 +0200 Message-ID: X-Originating-IP: [221.157.142.60] X-Sender: danielle suat X-MIME-Autoconverted: Yes Reply-To: "danielle suat" From: "danielle suat" To: dmin@ietf.org Cc: dn@ietf.org, drafts@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, edu-team@ietf.org, edu-team-web-archive@ietf.org, entmib@ietf.org, entmib-admin@ietf.org, entmib-request@ietf.org, enum@ietf.org, enum-admin@ietf.org Subject: You have to fill out and return Date: Sun, 10 Apr 2005 00:05:43 +0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--637976_59617990.ho85" X-Spam-Score: 16.5 (++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32 ----637976_59617990.ho85 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7Bit Dear Homeowner,

Alert, This is your Second Notification:

Thank you for your recent inquiry, we have been notified that two
lenders are interested in offering you a deal. Remember, for this special
offer past credit history is not a factor.

In accordance with our terms please verify your information on our
secure, private site to ensure our records are accurate.

http://excellentlowrates.com/?name=aaks9

Sincerely,

danielle suat

------------------------------
r-m-v yourself -http://excellentlowrates.com/st.html ----637976_59617990.ho85-- From zfnifjh@aei.ca Sat Apr 9 15:53:30 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03601; Sat, 9 Apr 2005 15:53:30 -0400 (EDT) Received: from cpc2-bolt3-4-0-cust95.manc.cable.ntl.com ([82.6.153.95]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKMAE-0001ZT-Ed; Sat, 09 Apr 2005 16:02:51 -0400 Received: from (132.151.6.1) (port=5739 helo=jDmOoFxUuZ) by mx3.sprint-telecenters.com with smtp id 802668c4d3c0$2180fea0$182aa2 for bofchairs@ietf.org; Sat, 09 Apr 2005 12:56:38 -0800 Message-ID: <802668c4d3c0$2180fea0$182aa2> From: "Kenny Chang" To: bofchairs@ietf.org Subject: Smell gene may help ward off mosquitoes Date: Sat, 09 Apr 2005 12:56:38 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--0-1-86961497758232304804971" X-Spam-Score: 7.0 (+++++++) X-Spam-Flag: YES X-Scan-Signature: 36b1f8810cb91289d885dc8ab4fc8172 ----0-1-86961497758232304804971 Content-Type: text/html; Content-Transfer-Encoding: 7Bit

 
  Sa p To 70  OF  Reta il Pri ces With Online-R
ve U % F X! 

     VI

   RA,  CI   S,  VA   UM,   AM   EN   SO  
AG ALI Ll Bl MA      

      $69.

       $89.      $69.95       $109.        $59.95  
95 95 95     
   To    Spe : Cia  16x20m ls on ly $89.
day cial lis g pil 95     
  
----0-1-86961497758232304804971-- From ezequiel-pell@mlklegal.com Sat Apr 9 18:36:42 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA14751; Sat, 9 Apr 2005 18:36:42 -0400 (EDT) Message-Id: <200504092236.SAA14751@ietf.org> Received: from c-24-13-181-1.hsd1.il.comcast.net ([24.13.181.1]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKOiL-0000aD-9Q; Sat, 09 Apr 2005 18:46:06 -0400 Received: from mail.sekebal.com (24.13.181.1) by 24.13.181.1 (insupportablev.987) with SMTP id <64806587j0g> (Authid: 244436); Sun, 10 Apr 2005 05:31:58 +0600 Reply-To: "gavrielle filmore" From: "gavrielle filmore" To: eap-archive@ietf.org Cc: edu-team@ietf.org, edu-team-web-archive@ietf.org, entmib@ietf.org, entmib-admin@ietf.org, entmib-request@ietf.org, enum@ietf.org, enum-admin@ietf.org, enum-archive@ietf.org, enum-request@ietf.org, eos@ietf.org, ep@ietf.org, eqncdtwgkfussru@ietf.org, equest@ietf.org, er-wgchairs@ietf.org, ernet-drafts@ietf.org, erv@ietf.org, esg@ietf.org, est@ietf.org, et@ietf.org Subject: Mórt.gage ratés dip to record lows. Date: Sat, 09 Apr 2005 18:37:58 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--8041500_66505342.b803" X-Spam-Score: 18.4 (++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32 ----8041500_66505342.b803 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: text/html Dear Homeowner,

You have been pre-approved for $400,000 with a low fixed rate.

This offer is being extended to you unconditionally and your credit is in no way a factor.

To take Advantage of this Limited Time opportunity all
we ask is that you visit our Website and complete
the 1 minute post Approval Form.

http://excellentlowrates.com/?partid=aaks9

Regards,

gavrielle filmore

-------------
r-m-v yourself - http://excellentlowrates.com/st.html ----8041500_66505342.b803-- From Cipriano@jesusbuttons.com Sat Apr 9 21:44:57 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA23059 for ; Sat, 9 Apr 2005 21:44:57 -0400 (EDT) Message-Id: <200504100144.VAA23059@ietf.org> Received: from p5480a1c3.dip.t-dialin.net ([84.128.161.195] helo=jesusbuttons.com) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKReV-0000NH-V5 for eap-archive@ietf.org; Sat, 09 Apr 2005 21:54:22 -0400 From: "Kirstie Jacques" To: "Karesinda Chance" Subject: Re: Ci-alis WALLIUM Viagrra Date: Sat, 9 Apr 2005 21:45:00 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0008_01C53A01.4258851C" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 1.5 (+) X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5 This is a multi-part message in MIME format. ------=_NextPart_000_0008_01C53A01.4258851C Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, A smile irradiated the face and eyes of Captain Blood. I have lay bare his lordship's mangled side, and called for water and li It was agreed before they parted that Pitt should begin with thes despise him, he could not doubt, deeming him no better than all looked along the ranks, making it plain that he addressed them al My superior officer! You! Lord of the World! Why, you are jus that William of Orange had been invited to come over. eyes upon the jury. What an impudent rogue is this! You heard swell if he added that this girl had that day informed him that s spoke without excitement, almost with a certain listlessness. W But she, endeavouring to thrust him back, her hands against his the great ridge of the Blue Mountains whose peaks were thrust int inhabitants who became French subjects had been assured should that heralded their approach disturbed him not at all. For one Have a nice day. ------=_NextPart_000_0008_01C53A01.4258851C Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello, = Would you like to spend less on your MEDlCATl0NNS?
 
VlSIT Meddications-By-Mail SHOP and SAVE OVER 70%
 
VA U AG  C IS
Ll M Vl RA lAL  and many other
 
Have a nice = day.
P.S. Youu will be pleasantly surprised with our prices!
------=_NextPart_000_0008_01C53A01.4258851C-- From cbpxuewt@sprs.com Sun Apr 10 01:18:24 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA02394; Sun, 10 Apr 2005 01:18:22 -0400 (EDT) Received: from 82-36-26-250.cable.ubr02.smal.blueyonder.co.uk ([82.36.26.250]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKUz3-0001MU-0R; Sun, 10 Apr 2005 01:27:48 -0400 Received: from (132.151.6.1) (port=0771 helo=wMxObXaDhP) by mx4.ltm.com with smtp id 091142c4d3c0$2180fea0$640aa3@allah for gsmp-admin@ietf.org; Sat, 09 Apr 2005 22:21:29 -0800 Message-ID: <536554c4d3c0$2180fea0$121aa0@boeing> From: "Jenny Middleton" To: gsmp-admin@ietf.org Subject: 90 minutes of exercise a day? Not likely ... Date: Sat, 09 Apr 2005 22:21:29 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--0" X-Spam-Score: 3.7 (+++) X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d ----0 Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable Hello We tried to contact you earlier about flnanclng your home at a lower rate= I would like to let you know that we have gone ahead and started the prea= pproval process, Here are the results: Negotiable Amount: $212,000 to $812,000 For more information or to have a broker contact you please visit: http://jBfUrZuZcE.com.4-ever-mrg.com/d.asp Best Regards, Jenny Middleton, Account Manager ----0-- From bibcpatmxnqb@biby.fsnet.co.uk Sun Apr 10 01:19:12 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA02440; Sun, 10 Apr 2005 01:19:10 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DKUzr-0001Sx-5I; Sun, 10 Apr 2005 01:28:36 -0400 Received: from pcp03084693pcs.glst3401.nj.comcast.net ([68.46.155.47]) by mx2.foretec.com with smtp (Exim 4.24) id 1DKUqe-0003CS-L2; Sun, 10 Apr 2005 01:19:05 -0400 Received: from lsdocsmhk (68.46.155.47) by mail.philosophy.com (7.0.027) ; Sat, 09 Apr 2005 22:18:54 -0800 Message-ID: <000701c53c41$95054ae0$0301a8c0@lsdocsmhk> From: "Lorrie Reilly" To: rserpool@ietf.org, disman@ietf.org, rps-archive@ietf.org, eap-archive@ietf.org, ietf-archive@ietf.org, iporpr-admin@ietf.org, amyk@ietf.org, idr-admin@ietf.org, policy@ietf.org Subject: Lowest possible 3.41% mor_tgage finessed permutation Date: Sat, 09 Apr 2005 22:18:54 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.3790.224 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224 X-Spam-Score: 17.6 (+++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad Content-Transfer-Encoding: 7bit We tried contacting you awhile ago about your low interest mortga.ge rate. You have qualified for the lowest rate in years... You could get over $450,000 for as little as $450 a month! Bad credi-t? Doesn't matter, low rates are fixed no matter what! To get a free, no obl_igation consultation click below: http://wnmkhws.12mtgnow.com/x/loan.php?id=sv Best Regards, mortga-ge Broker Specialist Lorrie Reilly From alazar@emailaccount.com Sun Apr 10 03:31:16 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA29484; Sun, 10 Apr 2005 03:31:15 -0400 (EDT) Received: from [222.113.98.82] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKX3h-0007K2-HX; Sun, 10 Apr 2005 03:40:43 -0400 Received: from transvestite.dross-disciplinary.com (HELO horse.com 66.8.198.97) by eavesdropper.com with EMQP; Sun, 10 Apr 2005 11:25:24 +0300 Date: Sun, 10 Apr 2005 04:23:24 -0400 From: "Deana Joyner" Message-Id: To: drafts@ietf.org Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org Subject: Lowest rates in 45 years X-Mailer: CompuServe 7.0 X-Spam-Score: 17.7 (+++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.3-m-n.net/sign.asp Best Regards, Janette Bass to be remov(ed: http://www.3-m-n.net/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From Wang@mail2world.com Sun Apr 10 05:54:10 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA06753; Sun, 10 Apr 2005 05:54:10 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DKZI3-00016K-4f; Sun, 10 Apr 2005 06:03:40 -0400 Received: from [222.45.30.192] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DKZ8o-0003DA-13; Sun, 10 Apr 2005 05:54:08 -0400 Received: from [96.153.132.126] (helo=alpinas) by greene.dattaweb.com with asmtp (Exim 4.26) id 1Cn4Tf-0132Vk-40 for Wang@mail2world.com; Sun, 10 Apr 2005 03:47:28 -0700 Date: Sun, 10 Apr 2005 12:52:28 +0200 From: "huhmail.com" Message-ID: <171.26e558d5.2a9TFQ44@sol.com> To: web@ietf.org Subject: xxxxfreepasswords X-Mailer: Mailman v2.0.8 X-Spam-Score: 4.6 (++++) X-Scan-Signature: 7bac9cb154eb5790ae3b2913587a40de Dear male :: web@ietf.org:: .................... Get your password today, to the best adult playground on the internet! (20 niches in1site) .................... *YES! It costs $0 http://www.herhelp.com/d/r/1.php From bzmihfs@prodigy.net Sun Apr 10 07:30:25 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA11435; Sun, 10 Apr 2005 07:30:24 -0400 (EDT) Message-Id: <200504101130.HAA11435@ietf.org> Received: from [211.186.83.55] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKan9-0003qR-U3; Sun, 10 Apr 2005 07:39:54 -0400 Received: from ZNOVG-HN67 (211.186.83.55) by 211.186.83.55; Sun, 10 Apr 2005 06:27:07 -0600 From: "Kim Sosa" To: diffserv-interest-admin@ietf.org Subject: Software 3000 kowalewski Date: Sun, 10 Apr 2005 06:27:07 -0600 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_000_00QV_05L7568NC_06P.673O79U0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1437 X-Spam-Score: 15.2 (+++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 31b28e25e9d13a22020d8b7aedc9832c This is a multi-part message in MIME format. ------=_000_00QV_05L7568NC_06P.673O79U0 Content-Type: multipart/alternative; boundary="----=_000_00MN_00L9025ZJ_03O.862J12V0" ------=_000_00MN_00L9025ZJ_03O.862J12V0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Get a capable html e-mailer ------=_000_00MN_00L9025ZJ_03O.862J12V0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
3D""
 
 
 
 
 
 
 
 
 
 
 
 
 
arcane
elijah
michel
%Q
 
News; Blogs; White Papers= ; Downloads; Reviews; Prices. Go. Alerts |; Newsletters |; RSS Feeds. Click Here. ENTERPRISE NEWS. Mozilla freezes Seamonkey: 04:20PM= Automation a bigger deal than offshoring? 03:33PM. time to kill it for the
 
------=_000_00MN_00L9025ZJ_03O.862J12V0-- ------=_000_00QV_05L7568NC_06P.673O79U0 Content-Type: image/jpeg; name="gkinhm.JPEG" Content-Transfer-Encoding: base64 Content-ID: <603510c4d3c0$2180fea0$508aa0c0@ZKZPYD> Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACAAOoDASIA AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3 ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD1/wAV +K9O8HaMdV1MTG3DrHiJdzbmzjgkehrhbP49aDfeY0Ol6iI0YDc+wE/gGNT/AB8VX+HUaMwRWv4Q zHsMNXzzoypHFcLE+9N64OOvFAH0cnxq0BvvWWoL9EU/+zVOnxk8OMeYL9frGv8A8VXg8S2zRgyX DK2ORsJ5pQqmUrG25eMNjGeKYrnv6fFrwy/U3i/WEf41ch+JXhyb7s84+sDV4bp+nGRlJHFdbYab GijKiiwXPU08b6C4yLph9Ym/wqT/AITHQR1v1H1jb/CuASyTy8jbk8AU2SwR1JBHUAe5osFzvj43 8Ng4OrQg/wC0GH9K2oZ47m3jnhdXikUOjjoQRkGvn/X9NFuwYEHPNe4+HR/xTGkj/pzh/wDQBSBM 57V/idoeiazNpVzDeNcwsFby4wV5APUketVR8XvD5P8Ax76gP+2S/wDxVefeObaN/GesXDR/NHKg 37j3Ve1cptwx4716lDBU6kbs4a+KlTZ7ePi34dPWO+H/AGxH+NPX4seGz3ux/wBsa8QCk1IsJaun +zaXmefPNKielj28fFTwwes1yP8At3b+lOHxS8LHrdTj/t3f/CvEvs7elIbcjtR/ZtHuyP7Vq9ke 4L8UPCpOBfy59Ps0h/ktA+KPhEj/AJCbf+A8n/xNeO6Ne6hpl1JJp/l+a6bD5kYcEZz3+laP9ray vzfYrBtp3AmzTjvWM8BCLt+v/AOylj5TV3+R7bofiHTvENtJcaZcedFHJ5bMVK4bGcYIHYitavPf hVPLdaTqlxMVMsl+S21do+4nQV6HXmVoKE3FHp05c0UyKWWOGMySuqIOrMcAfjVO01nS7+5kt7LU rO5njG54oZ1dlHTJAOQK+VPiVLcTfEPXoZp5pI47tgiPIWVRgHAB4HWvQvgXaw2ninWFiCgGxiJ2 njO85x6D681i5K6RsqbcXPorfie8bl9RRuA4zWfcavp9tdJbT3sEcrttVHcDLccfX5l468j1rzvx teXS+JJhazzxPFGigRsV7A59D94/iCKxr11Rhzbm2Gwsq8+W9tG/uPVaK8M0Txjrv2x4pNRl2yMI 4mkbeqkZwMtnkjkc8+teuaNd3dxpkT3RVpAozNHjbJ746g9iMdelbRfNFSORSXO4djYoqBndejfm KgjvN120JU5Xbk/Xp/n/AOvTuXYvUUUUxHmPxyihm8C28c+fKbUI92Dj+F+9fPcUMdrdXsESFY0l AVSSSOPfmvoH47HHgazGMk6nBxnHZu9fPkeTf34AAAuCoA4AA4GPwprYl7l6MFmAFbenWm4gkVn2 UGSCRXSWSBQMUAatlEqBeBWzC4UCseF8AVdjl96ANdJeKkLqRzWYs2O9KbjjrQBR10q0RxXsvh7/ AJFnSf8Arzh/9AFeGavcblIzXuXh3/kWtK/684f/AEAUho8Y8cH/AIqfWsA83EQz2+6tciF+bHvX YeN8/wDCUayMDBuYhk/7q1zMEe5819Fgv4Z89mMnz2Q6GAt2q/DaZxxU1rb5PSteC14HFdEp2OGn TuZgsz6Ux7PjpXRLaEjpTJLTHGKz9qauic/YxCG9VyMAZ5qTUlhukIFxtCj7qkcn8qtXNtgHFYt3 Gwz1qrczuTzci5bHqHwiXHhy87f6Yf8A0Fa9Erz74Srjw5df9fR/9BWvQa+fxX8aR9JhHejFnyN8 TRs+J3iAcc3IP5xrXovwWSZPFuqebbzwbtPjZVmiMZYb+uCOmQRmvPfi0vl/FLXh0JeNvziSvU/h l5UfjmaG3CLBHosaoi5+UeaTyMnGSxIHHBXIBzXLZXudim1Bx6P9DN8QTznxHqTM53reOyn0KthT +ACj8OelSXGpT6teSzzuXJyFDf3NxIH6mqnjFZ7PxxqT3ivEJJN8Rds748DBB9O3sePaq9tdwJlm lAAyODk/h6187jY1IylBXabPt8E6M8NCo0lJKwlvqWmWurXEWp208llOu2cRD5sjlWUZzuU4PY+x yK9e8EXD3HhWDzJRM8U08LTL92QpKyll9iQce1eJ2Xm61fXF0yP9nQ+XCSpAc9W698FfzFeweA9Q FxopsXxvtCFUhcZQ8jPvnI/AV9BhqNSOGjKZ8PiJ05YqbhszqnPNYVlM8ninVE3yeXGtuojbIXJ/ iGfyyPStt+tYdhlvFOqyDJQC2TdnjIGSPryPz96pDZ1FFFFUQeT/AB+cJ4CtCeFGpRE/QK1eDaYq zPcTAkiSdmBI5INe9ftALv8AANqo76hH/wCgvXiGmQiK1UY6t/QU0JmzaoFArVgbAFZUDYxV6J8Y 5piNWOSrKS1mRyVOJaANETe9Ne4wvWqfm4HWoJp8KeaLAVdRuNxIzX0N4bP/ABS+k/8AXlD/AOgC vme6m3v+NfS/hr/kVtJ/68of/QBUsaPFfGkijxzrMLMSzzQlVxxwoyayrWMbvxq744bHxI1EdjIn /oC1DaD5hX0WE0pnzeO96rY2LOHpxW3bW/tWfZJllHc8AV0VrbSdChyKirPoXQgQSqIEViMA5P1w M/4Vi6fqMtykouEGF3MDjG0AkAEfhn8a29YivnsrtbK3eSX7MyxDIA3Hr9DwKgsNMhg0BUuRuvAq 243NhiQAvzevr+NfPY+tVpTjOEnq0rW/E9qnGE8O6dlda36mZPHuiDFSpYZwawL2Lk11l9g5PH0r mr4DmvpcPK6Pn8RG3Q9D+FIx4duf+vlv5Cu+rhPhZj/hHJz63DfyFd3Xh4r+NI97B/wInyf8ZVC/ FbW890gP/kFa9R+Hg2/EWTEflk6GvmL5jP8AMJscE9uPzz9T5n8a0K/FTUyP4oYDx/1zA/pXa/CO /jv/AB/NJEYWxo5RzEm0ErKo6bm/DngY4HQc51HW/FXSXuNLh1KC1id4iYpJi7K8at90jBGRuOMc 9Qema8n0nTZop5C7ZJPzH9T+Ne+eN4pJvCV+kUEs77VISLhvvDkcHOOpHcAjjOa8ssrUxEyvE4Ud AEGWPrjP+NeVmFR05K3VHp0pw+qPmfvJ6ehe8N6Lcato19a2IQTWc/nCN2wJPMUKV/2SPKBGeOfx rtvBWiXGl2k093BJb3MwEbwuQ2NhPzggn7wIJ5+9kjggDm/A17DbeKZVkd4I5rcoPM+VJG3rs6nB PLAf75x1NdL4s8Yw6HDm0ubKS4RsPE8uTnOCML0I68kdD1r06FaboRjI8r3E3M0ba5e48R6sgJMN vHbwdePMwzt+OJE/So7Z9ut3arBHHmWHcQihn4PJI5PTjPI5rG8B6s+pWt4Z49k9xPJdLIQQJlZs HbnqqYVMgnHAIHGd+OyWDUXuQRmeaP5VQKBjPJ9Scnn6elM0jJSjc6CiiiqJPMPjknmeC7Rf+n9D /wCOvXinl+TBEPUn+le6/GSPzPCtmv8A0+qf/HWrxLUV8tYB9f6U0SwifgVaR62LGO2l02CCCONr xrdpNs26ORmG45U7SrLhe5yeeRU8SWF9PpGbCJGvgzOVd8/KzKAPm77RV8hHMkZCS471MJeOtXdM tLZtOiuZrcSPtumKszANsVSvQjoSelTpZ2c9kLkwC3Mttv2hmKofOVNwyc4Kk9c96aiwc0jLM3HW qdxcfKea6Jre1a6njewWFLW8jiQ7m/eqWIKtk8kgZyMVkT20MEDEQi4kmmRoVJOWhbO3/vrJHttq GrblRdzn3l3P+NfUvhv/AJFbSP8Aryh/9AFfL+qRQ212kVuQ8AUMk2c+aCTlvwOVx/s+ua+oPDX/ ACKukf8AXlD/AOgCpZSPDPHH/JStQ/66J/6AKitG+YVJ47U/8LI1B8HaJUye33BVK2kAbGa+jwut NWPmcarVmdZYSiORHz90g/lXbLNab2jSOTbz/CeR1B/Mn8q86tJ+MZ610FvqtwMnzm59hWNek5O6 NsPWUVZnWJLa+XgQsM4ODETz/XioZrmwhKlrQoxXncvb2rE/tWcrzO38qq3N80nzO5Y9OTXMsO76 nXLEK2hSuVSMuwJOfX61g38g5Nad3c5BOa5+8myGr0KFNQVkjzMRWc5XbPVvhZ/yLU3/AF8N/IV3 QrhPhVz4WkP/AE8v/Su7FeFiv40j6DCfwYny58cU2fFC4P8AetID+hH9K1PgE+PHN0uRzp8n/ocd UPjsuPiWSRw1jCf1epfgTIE+IgXn57KYD80NYHSfTNeX+JbKTTr14maNoym6MpGseFyeCFAGQeM/ SvUK4L4hadIBDqscigKot3UsA3LfKVz16tkenY4rix1F1aem6KjLl1ZwExuXnimtrp4Z4ZBLHs5+ ZTxx35xmuE1SLXoNVWO7ulnlmkys8y8yP2DeuTgc+tdpqr2yWDx3AX9793djAI5zz/TuRWLoOk3P i++trOCFkdwzCZz/AKtU2ksTyf4lH1IrbDwcKSUjmjLnd1tc9Y+G2nBNGXVAzRi5hSJrTJ8uGeNn SZ4x0USEIxAHauwmz5kH/XZP51Bo+nLo+iWWnrgmCFUdgc7nx8zficmpZMmWDrxMhP51r1OlaI2K KKKok4H4sru8N2g/6fFP/jrV4brvytbj2b+le7/FBQ2hWQIyDeqD/wB8tXg/iUhbiFRgY3fzFNCZ attS1AaaltGl60RQou1224I5A46ew96rhdTUQ/u7lfI/1XBBTktx6ckmstLgKgH2mdSABtC5A9vv U8Tx/wDPxOcdPkH/AMVTuxcqRtm91uS6E32i8adVKq3mNuUdCAc8DmonfVLlpJJJJ5C67XZ5cllB zg5PIyP0rIM0X9+U/UAf1prz2/8A01P4gUXbCyNO5k1V1hE0szKpxFvmyFOM8ZPFUngvw23eqgDb zcKBj0+905/WsmWcZOOnvVbfk0NgtDTZnjk8qQ8qcYDZAz6V9Z+Gf+RV0f8A68of/QBXx8j/ADDn vX2D4Z/5FTSP+vGH/wBAFJjR4j45l2+ONXTaxzNEQR0HyDrWDHIVc/WtPx7/AMlJ1Dn/AJaJ/wCg CsTOD6e3pX0WCjaB89mMXKdzctrjGOa1IbsY61y8UxX1q3HdH1rocLnnxm4nSi8GOtQy3gx1rFF5 7/qKikusjrUKmW6zLtzdZ71kXEu49aJJ2c4GfwqP7NcOxHkSZ91xWisiYxlUZ7R8KOfCJPrcPXeV wfwoGPB49ftD/wA67yvmcS71pH1WGVqUUfNHx9XHxDtm/vadGf8Ax96rfBFtvxMtBn71tOP0B/pW h+0EuPHenN66av8A6Mesf4MOq/E/TAWxlJx/5Cb/AArE3PqmvCfjtr93BrOmaTBcvFEkP2plTjLM WQEn2Ctge5PpXu1eT+PPh1r3jDxMrxXtrb6QwjEhLnzSB142845KqTjJJ6k0AeDPqLSLtZ3bJ3Eu xYk/U19G/C7w1HpHhKxv51zfXkPmFskhY3O5QPw25+grLuvhBp8djr95vNxeXFm8NnCFASFVVRGO eS37tQTx1bjmu7tNUjfQdPvI7ZtlxbpIiRrhUBQNg/3Rg1LHFal96qM6+aib1370O3PON684/Efn UEOqm6u/KHlgD7yxBpz9CV+4fqKjh0+catNKtj5aySIzTuwHCkHgBmyTtHZe3XFJFPQ6SiiirIOQ 8f6XfapokCafAZpYpxKygjOArDgHryRxXz94rs7xL6GFrWZZlVtyGMhhz6Yr6wop3EfHMWkas4/d 6Xet/u27H+lW4/DXiGXmPQ9TYe1o/wDhX13RRcLHyYvgvxVIPl8Pal+Nuw/mKf8A8K98ZSdPD17/ AMCUL/M19YUUXCx8nj4WeOZeRoMo/wB6WMfzap4vhB45fGdHC/71xEP/AGavqmikFj5ii+DXjU4J sIF+tyn9DX0VottLY6Dp1rMAJYLaOJwDn5goB/lWnSEA0DPnTx/C6/Ee9Z1eMyyoIt6FVk+QDhul Vv7MS1tDLcxwMQTybrbn/gOK+i7uxtL6Hybu2iuIz/BKgYfkaqx+HdFgO6HSbGM/7Fug/pXXHGTi konFWwjm7pnzkl3ZKeILVieg3lj/ADq5AbmRg0GmeYAf4bV2/pX0alpbx/cgiX/dQCpgijoBW7zG XREf2fDqfOjaVrd4iomi3mM5BWzKfqQKsReCPEkwGNGuOe7so/8AZq+g8AdhS4HpUf2jU6Iay+ke DxfDXxNIc/YoYj/tzjP6ZrQj+F3iOX5prm1Q+8rN/SvZ8D2oxUPHVmaxwlOK0Rz3g7QJvDehrYzy pK/mM5ZAQOfrXRUUVySk5ScmdMUoqyPN/if8OJvGscd5YvaLqMEXlobgOMruJwGVsDqeqt+HWuN8 M+HfEnhO/wBBl1jTLmGGynm82bek0IUwuiFdh3LywGGHJOc9h73RSGZsepfaI2ltoZJkHKhUK7x6 qz7VP50scmqTurGKC0j7rJmVz/3yQB+ZrRooAz5tMW6kJuLq6kj7ReZsUf8AfIBP4k1agtYLWPy7 eFIk9EUCpqKACiiigAooooAKKKKACiiigAoqhNrelWmoxabc6nZQX8y7o7WSdVkcc8qpOSODyB2N VI/GHhmW1muo/EekPbwFVllW9jKRls7Qx3YGcHGeuDQBtUVi/wDCYeGDZm8HiPSPsokERm+3RbA5 GQu7djOATj2oufGHhmzaNbrxHpEBljWWMS3sa70YZVhluQRyD0NAG1RWWPEugnUP7PGt6ab3bv8A s/2pPM27d+duc42/N9OelWbXVNPvtP8A7QtL62uLLDN9ohlV48LnJ3A44wc/SgC3RXO+FPGWleLd Jlv7O5th5UkiyRLOrNGgkdUdx1XeqbgCOh74zWvZarp2pWX2yxv7W6tef38EyunHX5gcUAW6Kpw6 tptxcfZ4NQtZZ/KWby0mVm8tuj4BztPY9Ko/8Jh4YNmbweI9I+yiQRGb7dFsDkZC7t2M4BOPagDa orEvfEVg1tImnazo5vfIW5RZ7pdvkkj94dpzsIPDdORV+61fTLJZWu9RtLcRFRIZZ1TYWOFzk8ZI IHrQBcoqvPf2drJbx3F3BC9w2yBZJAplbGcKCeTjniobjWdLtNNTUrnUrOGwkVWS6knVYmDfdIcn BByMc85oAvUVzPjPxtpng7w1Nqs9xbyTGMtaWxmCtctkDCdyAWXJAOAc1maX8QbR/FkGhXesaFdp dWxntr2zuNiu/mBFh2lmDMcnBD5O0/KKAO5oprusaM7sFRRksxwAKr2GpWGq2gu9Ovba8tiSBNby rIhI6/MpIoAtUVTstV07UvO+w6ha3XkOY5vImV/LYdVbB4PsaE1fTZJ4YE1C0aacMYYxMpaQKcNt GcnB4OOlAFyiq9pf2eoI72V3BcojmN2hkDhWBwVODwR6VYoAKKKKACiiigAooooAKKKKAOL+IVu9 nZad4ptbYz3mg3QuNsagu9u3yTKM452MT16qKxNH0+9sPHU2i3dvvtdYMevyFgCscyECRB9JPs5H HrXp9Jn2oA8t1Xw3NP4i8Q+D4bd4tK8RRf2n58YAWGQDbKPqXEB6fxNz2q7ommt4/wDh9qD61aLD eX9uLCQso3K8GVz36Teawr0akzQB42dR16RNA8aSWcseoOToFxAwHBf5BJ14H2lfU/Lj8PVbJrDT 2t9Ctisb29qrRwqhAWJfkGOMdsYq/mjPtQB4n4ajv4/gr4etIY5C2m6ujatbiMswhS8cuuB3GASO eB05FaviaCDWj411fT5LW80CbwwweSPbJFNdoZWVlI4LIFXnqDt6EV6vn2NZfiTS5td8NajpEF0l q97bvbmZ4TKEVxtb5Qy5O0nHPBweehAPOrAR6xoHwztdHnjOpae1ncXXlgF4Lf7O3mbx/CH4UZ65 yM1PqvhuafxF4h8Hw27xaV4ii/tPz4wAsMgG2UfUuID0/ibntXfeG9Mm0Lw3pukT3KXT2VuluJ0h MQdUG1fl3Ng7QM88nnjOBqZoA8K8ZX39r/AzUta1m3ht9VuGtrJBKFDmSCUK4Xk87vtJAH8JPvSy axoEmp/GKa01DTmgudLhaB4pU2yk27KxUg8kyuoOP4mHc17pu9jRkUAeQaXq7zaHoc+ma3ZC4Xw9 Yx3cGpjdZ3YYyIE8wHKSh0lU8HOQCGK8bYkTQfFHhu81CIaV4ci0FrWGO6f5bKctH8kjk4B2KFBJ 5IPJzXom4UbhnGDQB4Z4zYaP8E/EVhf3UMP2/VZZNItXYK7Wwu0YBVJyQBluBwGFdZBqFnd/G+z1 W1uYrjT73w00FtcwMJElkW7G5VK5yRkZ9Oc9DXo+aNwoA4bx7ey6h4QsNT0oSXenw6lb3F7HFGxa a2jkzIoXqeVBIxyAar+ILqPxT8PvEeo+Do7hrq/s1VbgwvH9oC5BVFbB3bNwzjncvJxx6Du9jRnj oaAPPZ7jTtX8X6Pq2m3NmdHs9NvItZYlfLjj2psilzwpB3Eq3QBsgZrzXSdW0u2+E3w3WS/tIpYf Eym4DSqCkYllMm7ngBJI857OueCK+jN3saM0Aec+DdStJ/jB8QraG8ikJNkyRLIDkpEUlIH+y21W 9DgGvR6KKACiiigAooooA//Z ------=_000_00QV_05L7568NC_06P.673O79U0-- From eap-admin@frascone.com Sun Apr 10 12:56:08 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA02060 for ; Sun, 10 Apr 2005 12:56:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id BF0D32056B; Sun, 10 Apr 2005 12:56:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 363FE20565; Sun, 10 Apr 2005 12:56:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 8F1ED20565 for ; Sun, 10 Apr 2005 12:55:37 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id 703BD20561 for ; Sun, 10 Apr 2005 12:55:34 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DKfif-0004Ve-V4 for eap@frascone.com; Sun, 10 Apr 2005 12:55:34 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j3AGtWJ20748 for ; Sun, 10 Apr 2005 09:55:33 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] RE: IEEE 802.16e EAP usage modes Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 10 Apr 2005 09:55:32 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > 1. Is Channel Binding a mandatory requirement? > Based on my understanding it is not. Please let me if I am wrong. The Housley Criteria describe the mandatory properties of AAA key management. One of those mandatory propreties is binding of the key to the proper context. Channel binding is just one way to accomplish this, but there are other approaches. In fact, those other approaches (such as binding within the Secure Association Protocol) may be preferrable since they work with any EAP method. > 2. What issues do you see if Authenticator and Peer are separated by a > layer 2 switch that changes the EAP lower layer? > I know channel binding becomes an issue. Besides that what other > issues do you see? There are a number of potential issues depending on the exact configuration. As I understand it, this issue is now under discussion within CAPWAP, for example. Overall, the issue is whether the Housley Criteria are being compromised. > 3. Also, I was trying to understand the purpose of channel binding? > As I understand, it is used for establishing the identity of > Authenticator and it uses channel (lower layer) properties mainly > because they identify the Authenticator in some way. The key transported from the AAA server to the authenticator has a context. This includes: * The identity of the parties involved (peer, authenticator, server). * The key lifetimes. * The scope of key usage (key cache extent) * Authorizations (authorized SSID, authorized called-station-id, etc.) The Housley Criteria require that this context be synchronized between the EAP peer, server and authenticator. Channel binding is a mechanism for achieving key context synchronization between the EAP peer and server. However, that is not the only way that synchronization can be achieved between the three parties. > 4. How does a peer come to know about the attributes, such as Called- > Station-Id, NAS-Identifier etc., used for channel binding? It seems > to me that they have to configured in the peer via some secure means > and cannot be determined via a beacon etc. from the access point or > a base station. The server obtains the Called-Station-Id, NAS-Identifier and other attributes from the authenticator. It is the job of the lower layer to securely provide these attributes to the peer so that the state can be synchronized between the peer, authenticator and server. The information can be transmitted in a Beacon or Probe Response, but it also needs to be verified in a cryptographically secured handshake (such as the 4-way handshake in 802.11i). The attributes to be passed between the peer and authenticator need to be defined within the lower layer, such as within IEs in 802.11. New IEs can be defined later that may have significant security implications (such as cost), so extensibility is recommended. For example, 802.11i allows additional IEs to be included (and verified) within the 4-way handshake. Note that there is wide latitude in terms of the format with which the attributes are exchanged between the authenticator and peer. For example, the AAA server could send an encrypted token to the NAS that could be passed to the peer via the lower layer. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Sun Apr 10 13:06:05 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA02535 for ; Sun, 10 Apr 2005 13:06:04 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 7B9D92056D; Sun, 10 Apr 2005 13:06:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5357520567; Sun, 10 Apr 2005 13:06:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4449420567 for ; Sun, 10 Apr 2005 13:05:36 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id 7DDB420561 for ; Sun, 10 Apr 2005 13:05:34 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DKfsL-0005Fh-JZ; Sun, 10 Apr 2005 13:05:33 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j3AH5WH21514; Sun, 10 Apr 2005 10:05:32 -0700 From: Bernard Aboba To: "Bakshi, Sanjay" Cc: eap@frascone.com Subject: RE: [eap] Re: IEEE 802.16e EAP usage modes In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 10 Apr 2005 10:05:32 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > <> Per RFC MTU of 1020 is the minimum that should be supported Yes. > <> So is it fair to say that channel binding is a way to verify > the identity of the authenticator. Channel binding is a way to attempt to satisfy one of the security requirements (key binding) in a scenario where the lower layer doesn't provide the required binding. Authenticator identity is only one element of the key binding problem. Others include key lifetime, key scope, and authorizations. > Lower layer just happens to have some attributes > such Authenticator MAC that help identify the Authenticator? Actually the point was that the Authenticator MAC does not identify the Authenticator if the Authenticator may have multiple ports. > Also it seems there is an implicit assumption that for channel binding > to work as per rfc3748, either the peer needs to know the identity of > the authenticator up front or an authenticator should be able to > advertise its identity to securely somehow? The EAP peer needs to know the Authenticator identity in order to determine the key scope, for example. It is better to learn this information early on, so as to enable more efficient roaming. As an example, when WLAN switches are implemented, the key cache may reside on the switch rather than in individual access points. Where the WLAN switch acts as the Authenticator, the view of the Authenticator identity is not synchronized between the EAP peer, server and authenticator. As a result, an EAP peer may not know whether a given Access Point has a AAA-Key in the key cache or not. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Sun Apr 10 13:43:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA05165 for ; Sun, 10 Apr 2005 13:43:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 54E232056E; Sun, 10 Apr 2005 13:43:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 9FCB820569; Sun, 10 Apr 2005 13:43:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id F29FC20569 for ; Sun, 10 Apr 2005 13:42:26 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id CB31920561 for ; Sun, 10 Apr 2005 13:42:24 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DKgRz-0006dO-Hv for eap@frascone.com; Sun, 10 Apr 2005 13:42:23 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j3AHgMl23660 for ; Sun, 10 Apr 2005 10:42:22 -0700 From: Bernard Aboba To: eap@frascone.com Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Any last comments on draft-adrangi-eap-network-discovery-12.txt? Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 10 Apr 2005 10:42:22 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) The -12 version of the EAP Network Discovery document is now available on the IETF archive at: http://www.ietf.org/internet-drafts/draft-adrangi-eap-network-discovery-12.txt This document has requested publication as an Informational RFC via the RFC editor individual submissino route. Unless we hear any comments by Monday, April 18, 2005 we are going to assume this document has completed review and we will inform the IESG of that. So if you any remaining issues, please post them to the EAP WG mailing list (eap@frascone.com). Note: there appears to be an IPR claim related to this document: http://www.ietf.org/ietf/IPR/telecom-italia-ipr-wlan-access.txt _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From aryqxicfcwap@data-comone.com Sun Apr 10 15:18:37 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA12792; Sun, 10 Apr 2005 15:18:36 -0400 (EDT) Received: from host-66-81-178-131.rev.o1.com ([66.81.178.131]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKi6L-0001mj-ET; Sun, 10 Apr 2005 15:28:10 -0400 Received: from (132.151.6.1) (port=8423 helo=zSvZsRyX) by mx1.qualitypro.com with smtp id 328960c4d3c0$2180fea0$404aa8@wary for bridge-mib-request@ietf.org; Sun, 10 Apr 2005 12:21:52 -0800 Message-ID: <739266c4d3c0$2180fea0$696aa0@protectorate> From: "Luz White" To: bridge-mib-request@ietf.org Subject: New 'Marathon Mice outrun rodent peers Date: Sun, 10 Apr 2005 12:21:52 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--0-00-918261-34-00346515772514" X-Spam-Score: 5.4 (+++++) X-Spam-Flag: YES X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d ----0-00-918261-34-00346515772514 Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable Hello We tried to contact you earlier about flnanclng your home at a lower rate= I would like to let you know that we have gone ahead and started the prea= pproval process, Here are the results: Negotiable Amount: $272,000 to $849,000 For more information or to have a broker contact you please visit: http://lPtYrQkAbJwL.com.4-ever-mrg.com/d.asp Best Regards, Luz White, Account Manager ----0-00-918261-34-00346515772514-- From GLQMAI@netscape.net Sun Apr 10 18:56:37 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA28750; Sun, 10 Apr 2005 18:56:36 -0400 (EDT) Received: from c9065410.virtua.com.br ([201.6.84.16]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKlVD-0008Do-4I; Sun, 10 Apr 2005 19:06:08 -0400 X-Message-Info: IjkD27znIvqm/xiSuiXHnszDJMitRWtJSIytd0NYQ Received: from apostle-eqk3.bishopric.netzero.net (112.134.64.46) by kc11-ukl829.netzero.net with Microsoft SMTPSVC(5.0.2195.6824); Sun, 10 Apr 2005 21:53:24 -0200 From: Gerald Hebert To: eap-archive@ietf.org Subject: Tha new rawlex repliccas has finelly arrived authenticate Date: Sun, 10 Apr 2005 16:51:24 -0700 EST Message-ID: <99154331023754193743.231.580188@buick-vj22.netzero.net> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--pkrngnm468031ueysvegny" X-Spam-Score: 13.6 (+++++++++++++) X-Spam-Flag: YES X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17 ----pkrngnm468031ueysvegny Content-Type: text/plain; Content-Transfer-Encoding: 7Bit The new craze is finnally here - one of the bast sites that can give you the things you've allways wanted to get - watchees, repliccas to be correct, of the bast brand s in the world! Impress you're lady with tag heur, roleex, and more. You naame it - We got it for you! mmmmm show me more :-) http://churchgoing.p1k.net/r/erika/cascade.htm the small bit of humor is very dry and brittle with an ouch quality and i believe mr nicholson will be the recipient of awards for it. read a few of bbcs stories this morning about iran including those about the man sentenced to death for apostasy. the younger mr chalabi said the reason for the raid was unclear but they must be afraid of his political movement. me maybe my book will give hope and faith to someone else or maybe touch them in a w ay they have never been touched before. which uses the same poll numbers to put a completely different spin on the situation in california. j i dont thinkhe knows i have a bf which is good cuz he is capable of doing something to make me single. this session will highlight the best of the best in java open source it will explain how and where each project could be used in developing enterprise java applications. george clooney who was here on the weekend to do a commerc ial for an italian sparkling wine and director steven soderbergh ocean s eleven may also make the montreal gazette canada. possible resistance from parents due to the fact that all of them do not have e-mail addresses also the problem that everyone does not check their e-mail every day. davis bobby amp mary nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp nbsp boligee. as the designated driv er in her dinner party pat habib was careful to consume no more than one alcoholic drink and follow it up with two sodas. who says she gets on better with men than women had no problem hanging out with the men on the set of intolerable cruelty where she stars with george clooney times of india india. for further information o tkvp tkvp is a video poker application built using tclprop to be added to the tkvp mailing list contact. ted dunning what berkeley db library interface where in development by the contact description a tcl interface to the berkeley db library updated contact. also your preview page template needs widened as well to show a true preview not one corresponding to the former smaller width. i wrote some slash yes i did actually i ve had it quite awhile but i ve never really written slash it s ringo paul and i feel okay about it i posted it. phil gordon what database otto where from the contact description tcl tk frontend to a simple database updated contact. emma what was he saying about you? and i doubt he loves her that much but i don t want to get into it. ----pkrngnm468031ueysvegny-- From eap-admin@frascone.com Mon Apr 11 01:55:09 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA22671 for ; Mon, 11 Apr 2005 01:55:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5DC27204B3; Mon, 11 Apr 2005 01:55:08 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id F0318204A1; Mon, 11 Apr 2005 01:55:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D735C20485 for ; Mon, 11 Apr 2005 01:54:54 -0400 (EDT) Received: from guri.intoto.com (ip-66-80-10-146.dsl.sca.megapath.net [66.80.10.146]) by mail.frascone.com (Postfix) with SMTP id 68B7520452 for ; Mon, 11 Apr 2005 01:54:51 -0400 (EDT) Received: from brahma.intotoind.com ([172.16.1.10]) by guri.intoto.com (SMSSMTP 4.0.0.59) with SMTP id M2005041022541519285 ; Sun, 10 Apr 2005 22:54:15 -0700 Received: from sureshvv.intotoinc.com (2mc55.intotoind.com [172.16.2.55]) by brahma.intotoind.com (8.12.11/8.12.8) with ESMTP id j3B5si2N012999; Mon, 11 Apr 2005 11:24:46 +0530 Message-Id: <6.1.2.0.0.20050411110612.025dd5c0@172.16.1.10> X-Sender: sureshvv@172.16.1.10 X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 To: , From: Suresh Subject: RE: [eap] EAP SIM and AKA identities. In-Reply-To: References: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=====================_2935406==.ALT" X-Scanned-By: MIMEDefang 2.41 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 11 Apr 2005 11:31:34 +0530 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) --=====================_2935406==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Hell Henry, Thanks for the mail. Just to consolidate my understanding, Identity exchanged in the EAP-Identity/Response, can be obfuscated, truncated, or decorated. This information can be used to select the method for authentication, and some routing information. So, if the Identity exchanged in the EAP-Identity/Response, has user name, which is prep ended with "0", then the authentication method to be selected can be AKA. If prep ended with "1", then the authentication method can be SIM. This is how, permanent user names if sent, the server has the clue to select the authentication methods. Of course this has to be done, only during EAP-Identity/response phase, not during AT_IDENTITY, as in the latter case, method is already known. Is my understanding correct? regards Suresh > >Hello Suresh, > >The term "identity" refers to an identity string that includes the realm >portion in environments where a realm is needed. "Username" refers to >the username portion of the identity. Explanations for the terms >"permanent identity" and "permanent username" are included in the terms >section >of the documents. > >The leading digit (0 or 1) of the permanent username would be useful as a >hint only when processing >an EAP-Response/Identity packet. The peer uses AT_IDENTITY only in >response to an EAP-SIM or EAP-AKA >packet, so the EAP method has already been selected in this phase. Hence >the server does not need to use the leading digit of the username as an >EAP method selection >hint anymore. Nevertheless, if the peer composes the permanent username from >the IMSI, as specified in the drafts, then the peer will still include the >leading digit. > >The format of AT_IDENTITY is specified in section 9.8 of EAP-SIM and section >9.5 of EAP-AKA. These sections say that the same identity format is used >in the AT_IDENTITY >attribute and the EAP-Response/Identity packet, with the exception >that the peer MUST NOT decorate the identity it includes in AT_IDENTITY. >The identity format is >specified in section 4.2.1 of EAP-SIM and 4.1.1 of EAP-AKA. > >The realm portion is not considered as decoration. In other words, If the >identity includes a realm >portion in the present enviroment, then the peer includes the realm also >in the AT_IDENTITY attribute. > >Best regards, >Henry > >-----Original Message----- >From: eap-admin@frascone.com [mailto:eap-admin@frascone.com]On Behalf Of >ext Suresh >Sent: 06 April, 2005 10:13 >To: eap@frascone.com >Subject: [eap] EAP SIM and AKA identities. > >> >>Hi >>I have a small clarification in the identities and user names used in the >>EAP-SIM and AKA implementations. >>When ever a client needs to send fill in the AT_IDENTITY attribute, it >>has to fill in the complete identity, and the identity may or may not >>have a realm portion. >>The format of the permanent user name is 0|IMSI and 1|IMSI for the AKA >>and SIM respectively. >>It is also given that >> >> The EAP server MAY use the leading "1" as a hint to try EAP-SIM as >> the first authentication method during method negotiation, rather >> than for example EAP/AKA. The EAP-SIM server MAY propose EAP-SIM >> even if the leading character was not "1". >> >>for EAP-AKA. >> >>I could not understand how user name is sent to the EAP-Server, in >>actual, complete identity is sent in the AT_IDENTITY attribute and not >>just the user name. >> >>regards, >>Suresh >> >> --=====================_2935406==.ALT Content-Type: text/html; charset="us-ascii" Hell Henry,

Thanks for the mail. Just to consolidate my understanding, Identity exchanged in the EAP-Identity/Response, can be obfuscated, truncated, or decorated. This information can be used to select the method for authentication, and some routing information. So, if the Identity exchanged in the EAP-Identity/Response, has user name, which is prep ended with "0", then the authentication method to be selected can be AKA. If prep ended with "1", then the authentication method can be SIM. This is how, permanent user names if sent, the server has the clue to select the authentication methods.

Of course this has to be done, only during EAP-Identity/response phase, not during AT_IDENTITY, as in the latter case, method is already known.
Is my understanding correct?

regards
Suresh



 
Hello Suresh,
 
The term "identity" refers to an identity string that includes the realm
portion in environments where a realm is needed. "Username" refers to
the username portion of the identity. Explanations for the terms
"permanent identity" and "permanent username" are included in the terms section
of the documents.
 
The leading digit (0 or 1) of the permanent username would be useful as a hint only when processing
an EAP-Response/Identity packet. The peer uses AT_IDENTITY only in response to an EAP-SIM or EAP-AKA
packet, so the EAP method has already been selected in this phase. Hence
the server does not need to use the leading digit of the username as an EAP method selection
hint anymore. Nevertheless, if the peer composes the permanent username from
the IMSI, as specified in the drafts, then the peer will still include the leading digit.
 
The format of AT_IDENTITY is specified in section 9.8 of EAP-SIM and section
9.5 of EAP-AKA. These sections say that the same identity format is used in the AT_IDENTITY
attribute and the EAP-Response/Identity packet, with the exception
that the peer MUST NOT decorate the identity it includes in AT_IDENTITY. The identity format is
specified in section 4.2.1 of EAP-SIM and  4.1.1 of EAP-AKA.
 
The realm portion is not considered as decoration. In other words, If the identity includes a realm
portion in the present enviroment, then the peer includes the realm also in the AT_IDENTITY attribute.
 
Best regards,
Henry
 
-----Original Message-----
From: eap-admin@frascone.com [mailto:eap-admin@frascone.com]On Behalf Of ext Suresh
Sent: 06 April, 2005 10:13
To: eap@frascone.com
Subject: [eap] EAP SIM and AKA identities.


Hi
I have a small clarification in the identities and user names used in the EAP-SIM and AKA implementations.
When ever a client needs to send fill in the AT_IDENTITY attribute, it has to fill in the complete identity, and the identity may or may not have a realm portion.
The format of the permanent user name is 0|IMSI and 1|IMSI for the AKA and SIM respectively.
It is also given that

   The EAP server MAY use the leading "1" as a hint to try EAP-SIM as
   the first authentication method during method negotiation, rather
   than for example EAP/AKA.  The EAP-SIM server MAY propose EAP-SIM
   even if the leading character was not "1".

for EAP-AKA.

I could not understand how user name is sent to the EAP-Server, in actual, complete identity is sent in the AT_IDENTITY attribute and not just the user name.

regards,
Suresh
                                                                                                                                         

--=====================_2935406==.ALT-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Apr 11 04:50:09 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA22876 for ; Mon, 11 Apr 2005 04:50:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id AAD4F204C7; Mon, 11 Apr 2005 04:50:08 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id E50C3204B3; Mon, 11 Apr 2005 04:50:05 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 6C4FC204A8 for ; Mon, 11 Apr 2005 04:49:43 -0400 (EDT) Received: from mgw-x3.nokia.com (mgw-x3.nokia.com [131.228.20.26]) by mail.frascone.com (Postfix) with ESMTP id DD4B2204A1 for ; Mon, 11 Apr 2005 04:49:40 -0400 (EDT) Received: from esdks002.ntc.nokia.com (esdks002.ntc.nokia.com [172.21.138.121]) by mgw-x3.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3B8nZe15559; Mon, 11 Apr 2005 11:49:35 +0300 (EET DST) X-Scanned: Mon, 11 Apr 2005 11:45:42 +0300 Nokia Message Protector V1.3.34 2004121512 - RELEASE Received: (from root@localhost) by esdks002.ntc.nokia.com (8.12.9/8.12.9) id j3B8jgQ2010548; Mon, 11 Apr 2005 11:45:42 +0300 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks002.ntc.nokia.com 00xdM9s4; Mon, 11 Apr 2005 11:45:40 EEST Received: from esebh004.NOE.Nokia.com (esebh004.ntc.nokia.com [172.21.138.84]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3B8jeU12916; Mon, 11 Apr 2005 11:45:40 +0300 (EET DST) Received: from esebe009.NOE.Nokia.com ([172.21.138.41]) by esebh004.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Mon, 11 Apr 2005 11:45:31 +0300 Received: from trebe101.NOE.Nokia.com ([172.22.124.61]) by esebe009.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Mon, 11 Apr 2005 11:45:31 +0300 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C53E72.D0B13742" Subject: RE: [eap] EAP-SIM fast re-auth identity Message-ID: Thread-Topic: [eap] EAP-SIM fast re-auth identity Thread-Index: AcU63cr85t/OVNmsTkC+sAIw76VUGQDlDVMg From: To: , Cc: X-OriginalArrivalTime: 11 Apr 2005 08:45:31.0759 (UTC) FILETIME=[D1D617F0:01C53E72] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 11 Apr 2005 11:45:29 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. ------_=_NextPart_001_01C53E72.D0B13742 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 Hi Madjid, =20 The term "EAP server" simply refers to the entity that implemens the EAP-SIM server part. Usually this is implemented in a AAA server. The "authenticator" is a term that EAP documents use for the first-hop = entity (NAS or 802.11 access point). In principle, the EAP server could be co-located in the NAS, but I don't think this is likely in the case of = EAP-SIM. =20 If the access technology requires an EAP exhange upon a handover,=20 then you can run either mode of EAP-SIM there (full or fast re-auth). Unless pre-authentication is used, this kind of handover is not likely = to be very smooth. If there is a need to run an EAP exchange even through=20 you haven't moved to a new AP, you can also run either mode.=20 EAP-SIM does not define when to use the fast re-auth mode. =20 Regards, Henry -----Original Message----- From: ext Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri@motorola.com] Sent: 06 April, 2005 22:19 To: 'Thomas Wieland' Cc: eap@frascone.com; Haverinen Henry (Nokia-ES/Jyvaskyla); Nakhjiri = Madjid-MNAKHJI1 Subject: RE: [eap] EAP-SIM fast re-auth identity Hi Thomas, =20 Thanks for being among helpful "other people" :-) Ok, I am not sure how fast re-authentication protects the use identity, = so I can understand if no protection is provided, that would be one way = to protect the permanent identities such as IMSI. But what I don't understand is how every use of IMSI means use of new = triplets? Sure EAP-SIM draft says that it does not allow re-use of triplets (I = guess for full authentication), but from what I understand the fast = re-authentication does not use any triplets, so the question of "re-use = versus using fresh" should be moot. =20 I do have another issue with the fast re-auth. Most of the sequence = charts only show a peer and an authenticator. Does this mean the = authenticator is the NAS or that it is the EAP server? I am trying to = understand how this fits into a 3 party EAP authentication model and = whether the fast re-authentication can apply to handovers or it is just = re-authentication to the same authenticator? =20 Regards, =20 Madjid =20 -----Original Message----- From: Thomas Wieland [mailto:twieland@cisco.com]=20 Sent: Wednesday, April 06, 2005 2:41 AM To: Nakhjiri Madjid-MNAKHJI1 Cc: eap@frascone.com; henry.haverinen@nokia.com Subject: Re: [eap] EAP-SIM fast re-auth identity =20 Hi Madjid, I'm not an author but "other people", but maybe I can shed=20 some light on this. Henry can always correct and expand. There is nothing "wrong" with the identities used during full authentication (i.e. either permanent identity, e.g. 1IMSI @realm, or pseudonym identity). The "problem", if you will, is that by definition of a full authentication, these identities require the use of 2 or 3 GSM triplets to authenticate. =20 For one, this implies at least one round trip to a remote server,=20 i.e. the HLR/AuC where the triplets are generated. This is=20 usually much slower than going through the calculations=20 necessary to iterate the keying material locally at the AAA=20 server. It also means additional load on the HLR/AuC. The second "bad" aspect is that each full EAP-SIM authentication uses=20 up 2 or 3 triplets. The number of triplets that can be generated by = each=20 SIM is usually limited (e.g. to 50,000) due to security concerns. This=20 doesn't matter too much in a GSM mobile network as authentications only use only one triplet and occur relatively infrequently compared to, for example, public WLAN. For EAP-SIM used in a PWLAN scenario, not only do you use up 2 or 3 triplets per authentication, the = authentications=20 also happen much more frequently. For example every time every time=20 a PC gets turned on (or woken up), when a user roams between access points etc. You can see how you could be chewing through the available triplets pretty fast and once you've reached the limit hard-wired into = the SIM, your SIM is dead and needs to be replaced. =20 By using the fast re-auth mechanism, not only do you speed up=20 EAP-SIM authentications (hence "fast" :-), you also reduce the load on the back-end server (AuC) and extend the life of your SIM. In other words, "it's a good thing". Regards, Thomas At 10:05 05-04-05 -0500, Nakhjiri Madjid-MNAKHJI1 wrote: Hi,=20 =20 I have a question regarding the EAP-SIM method for fast = re-authentication and would appreciate it if the authors and other = people respond. Why is a specific identity used for fast = re-authentication? What is the problem with using the identities that = were used during the full authentication? The initial identity that is = sent in EAP-Response/ Identity should not have a problem, right? =20 Thanks in advance, =20 Madjid Nakhjiri ------_=_NextPart_001_01C53E72.D0B13742 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
Hi=20 Madjid,
 
The=20 term "EAP server" simply refers to the entity that = implemens
the=20 EAP-SIM server part. Usually this is implemented in a AAA=20 server.
The=20 "authenticator" is a term that EAP documents use for the first-hop=20 entity
(NAS=20 or 802.11 access point). In principle, the EAP server could=20 be
co-located in the NAS, but I don't think this is likely in the = case of=20 EAP-SIM.
 
If the=20 access technology requires an EAP exhange upon a handover, =
then=20 you can run either mode  of EAP-SIM there (full or fast=20 re-auth).
Unless=20 pre-authentication is used, this kind of handover is not likely to=20 be
very=20 smooth. If there is a need to run an EAP = exchange even=20 through
you=20 haven't moved to a new AP, you can also run either = mode.=20
EAP-SIM does not define when to use the fast = re-auth=20 mode.
 
Regards,
Henry
-----Original Message-----
From: ext Nakhjiri = Madjid-MNAKHJI1=20 [mailto:Madjid.Nakhjiri@motorola.com]
Sent: 06 April, 2005=20 22:19
To: 'Thomas Wieland'
Cc: eap@frascone.com; = Haverinen=20 Henry (Nokia-ES/Jyvaskyla); Nakhjiri = Madjid-MNAKHJI1
Subject: RE:=20 [eap] EAP-SIM fast re-auth identity

Hi=20 Thomas,

 

Thanks for = being=20 among helpful "other people" J

Ok, I am = not sure how=20 fast re-authentication protects the use identity, so I can understand = if no=20 protection is provided, that would be one way to protect the permanent = identities such as IMSI.

But what I = don't=20 understand is how every use of IMSI means use of new=20 triplets?

Sure = EAP-SIM draft=20 says that it does not allow re-use of triplets (I guess for full=20 authentication), but from what I understand the fast re-authentication = does=20 not use any triplets, so the question of "re-use versus using fresh" = should be=20 moot.

 

I do have = another=20 issue with the fast re-auth. Most of the sequence charts only show a = peer and=20 an authenticator. Does this mean the authenticator is the NAS or that = it is=20 the EAP server? I am trying to understand how this fits into a 3 party = EAP=20 authentication model and whether the fast re-authentication can apply = to=20 handovers or it is just re-authentication to the same=20 authenticator?

 

Regards,

 

Madjid

 

-----Original=20 Message-----
From: = Thomas=20 Wieland [mailto:twieland@cisco.com]
Sent: Wednesday, April 06, 2005 = 2:41=20 AM
To: Nakhjiri=20 Madjid-MNAKHJI1
Cc: = eap@frascone.com; henry.haverinen@nokia.com
Subject: Re: [eap] EAP-SIM fast = re-auth=20 identity

 


Hi Madjid,

  I'm not an = author but=20 "other people", but maybe I can shed
some light on this.  = Henry can=20 always correct and expand.

There is nothing "wrong" with the = identities=20 used during full
authentication (i.e. either permanent identity, = e.g. 1IMSI=20 @realm,
or pseudonym identity).  The "problem", if you will, = is that=20 by
definition of a full authentication, these identities require = the
use=20 of 2 or 3 GSM triplets to authenticate. 

For one, this = implies at=20 least one round trip to a remote server,
i.e. the HLR/AuC where = the=20 triplets are generated.  This is
usually much slower than = going=20 through the calculations
necessary to iterate the keying material = locally=20 at the AAA
server.  It also means additional load on the=20 HLR/AuC.

The second "bad" aspect is that each full EAP-SIM=20 authentication uses
up 2 or 3 triplets.  The number of = triplets that=20 can be generated by each
SIM is usually limited (e.g. to 50,000) = due to=20 security concerns.  This
doesn't matter too much in a GSM = mobile=20 network as authentications
only use only one triplet and occur = relatively=20 infrequently compared to,
for example, public WLAN.  For = EAP-SIM used=20 in a PWLAN scenario,
not only do you use up 2 or 3 triplets per=20 authentication, the authentications
also happen much more=20 frequently.  For example every time every time
a PC gets = turned on=20 (or woken up), when a user roams between access
points etc.  = You can=20 see how you could be chewing through the available
triplets pretty = fast and=20 once you've reached the limit hard-wired into the
SIM, your SIM is = dead and=20 needs to be replaced. 

By using the fast re-auth = mechanism, not=20 only do you speed up
EAP-SIM authentications (hence "fast" :-), = you also=20 reduce the
load on the back-end server (AuC) and extend the life of = your=20 SIM.
In other words, "it's a good = thing".

Regards,

 =20 Thomas



At 10:05 05-04-05 -0500, Nakhjiri = Madjid-MNAKHJI1=20 wrote:


Hi, =

 

I have a=20 question regarding the EAP-SIM method for fast re-authentication and = would=20 appreciate it if the authors and other people respond. Why is a = specific=20 identity used for fast re-authentication? What is the problem with = using the=20 identities that were used during the full authentication? The initial = identity=20 that is sent in EAP-Response/ Identity should not have a problem,=20 right?

 

Thanks in=20 advance,

 

Madjid=20 Nakhjiri

------_=_NextPart_001_01C53E72.D0B13742-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Apr 11 04:58:08 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA23463 for ; Mon, 11 Apr 2005 04:58:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C6CB0204D1; Mon, 11 Apr 2005 04:58:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id EDD7C204AA; Mon, 11 Apr 2005 04:58:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id CD8FE204AA for ; Mon, 11 Apr 2005 04:57:10 -0400 (EDT) Received: from mgw-x4.nokia.com (mgw-x4.nokia.com [131.228.20.27]) by mail.frascone.com (Postfix) with ESMTP id 8817D204A1 for ; Mon, 11 Apr 2005 04:57:05 -0400 (EDT) Received: from esdks001.ntc.nokia.com (esdks001.ntc.nokia.com [172.21.138.120]) by mgw-x4.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3B8v4r19492; Mon, 11 Apr 2005 11:57:04 +0300 (EET DST) X-Scanned: Mon, 11 Apr 2005 12:13:52 +0300 Nokia Message Protector V1.3.34 2004121512 - RELEASE Received: (from root@localhost) by esdks001.ntc.nokia.com (8.12.9/8.12.9) id j3B9DqhL006756; Mon, 11 Apr 2005 12:13:52 +0300 Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks001.ntc.nokia.com 000AOt85; Mon, 11 Apr 2005 12:13:50 EEST Received: from esebh004.NOE.Nokia.com (esebh004.ntc.nokia.com [172.21.138.84]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3B8tOM19772; Mon, 11 Apr 2005 11:55:24 +0300 (EET DST) Received: from esebe016.NOE.Nokia.com ([172.21.138.55]) by esebh004.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Mon, 11 Apr 2005 11:55:23 +0300 Received: from trebe101.NOE.Nokia.com ([172.22.124.61]) by esebe016.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Mon, 11 Apr 2005 11:55:23 +0300 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C53E74.31ACF61F" Subject: RE: [eap] EAP-SIM fast re-auth identity Message-ID: Thread-Topic: [eap] EAP-SIM fast re-auth identity Thread-Index: AcU64iVxyG2+WEVTRAKdh4YTqwCS0ADkLp2w From: To: , Cc: X-OriginalArrivalTime: 11 Apr 2005 08:55:23.0071 (UTC) FILETIME=[324924F0:01C53E74] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 11 Apr 2005 11:55:22 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. ------_=_NextPart_001_01C53E74.31ACF61F Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Madjid, =20 Please see in line. -----Original Message----- From: ext Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri@motorola.com] =20 =20 -----Original Message----- From: henry.haverinen@nokia.com [mailto:henry.haverinen@nokia.com]=20 =20 Thanks to the separate identities, fast re-authentication and full = authentication can be implemented=20 separately, more modularly, at the server.=20 =20 Madjid>>Can't both modules use the same identity for the peer? I am = guessing for fast re-auth you need to locate the MK, can't you do it = with the same identity as the one you used for full authentication? =20 Yes, if we had designed the protocol differently :-)=20 =20 This all relates to the management of temporary identities. If you want = to use a separate identity upon each EAP exchange, and if you perform a full = authentication after a fast re-authentication, then the last temporary identity that = you distributed during fast re-authentication would have to be available to the module = that performs full authentication. =20 When the server runs fast re-authentication, it does not have=20 to update the information about the full authentication pseudonym. Fast = re-authentication=20 could even be distributed to a separate entity, a separate subsystem of = the EAP server that does not need to have any access to the triplets or to other "long-term" = state of the subscriber.=20 =20 Madjid>> why do you need the triplets for fast re-authentication. Isn't = the user id and MK enough? =20 You don't need triplets for fast re-authentication. The = fast-reauthentication id, the counter, and the MK are enough. =20 A separate fast-reauthentication identity also indicates to the server = that the client wants to use fast re-authentication. Hence it is possible to "overload" the identity = with this indication and save a roundtrip in some cases. =20 Madjid>>Couldn't this be done with the same identity by some sort of = flag or subtype?=20 =20 Yes. In this procol, we did it with a separate identity. =20 When there are several AAA servers, pseudonyms should be decodable by = all the servers at the home network. They should also be decodable a long time after = they were delivered. Hence, the storing mechanism for pseudonyms is likely to be "expensive". = Fast re-authentication identities can be locally administered by a single server, and it does = not matter if they are not stored so "reliably".=20 =20 Madjid>> I guess it depends on how fast re-auth ID is created/ = communicated to the local server. I am guessing fast re-auth ID is generated after a full authentication = with a perm. ID is performed and the master key is sent from the central = server to the local server. If the MK is sent to the local server = processing the fast re-auth, why not send the perm. ID with it? Unless = you want to protect the perm. ID from the local server? =20 As said, this relates to the use of temporary identities, which are used = instead of the permanent identity for privacy reasons. If there were scenarios where fast = re-authentication would be distributed closer to=20 the access network (which I am not aware of, BTW ), and if you want to = use temporary identities, then it is better to have a separate identity "space" for the local server to = administer -- just as we=20 have currently in EAP-SIM.=20 =20 EAP-SIM does not allow the use of the permanent identity upon fast = re-authentication. This is not a problem, since the server needs to keep state anyway, so the = identity can be managed as part of the other state. =20 Regards, Henry =20 ------_=_NextPart_001_01C53E74.31ACF61F Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi=20 Madjid,
 
Please=20 see in line.
-----Original Message-----
From: ext Nakhjiri = Madjid-MNAKHJI1=20 [mailto:Madjid.Nakhjiri@motorola.com]
 
 

-----Original=20 Message-----
From:=20 henry.haverinen@nokia.com = [mailto:henry.haverinen@nokia.com] 
 

Thanks to = the=20 separate identities, fast re-authentication and full authentication = can be=20 implemented

separately, = more=20 modularly, at the server.

 

Madjid>>Can't=20 both modules use the same identity for the peer? I am guessing for = fast=20 re-auth you need to locate the MK, can't you do it with the same = identity as=20 the one you used for full = authentication?

 

Yes, if we had designed the protocol = differently :-)=20

 

This all relates to the management of = temporary=20 identities. If you want to use

a separate identity upon each EAP exchange, = and if you=20 perform a full authentication

after a fast re-authentication, then the last = temporary=20 identity that you distributed

during fast re-authentication would have to = be=20 available to the module that

performs full = authentication.

 

When the = server runs=20 fast re-authentication, it does not have

to update = the=20 information about the full authentication pseudonym. Fast = re-authentication=20

could even = be=20 distributed to a separate entity, a separate subsystem of the EAP = server=20 that

does not = need to have=20 any access to the triplets or to other "long-term" state of the = subscriber.=20

 

Madjid>> why do=20 you need the triplets for fast re-authentication. Isn't the user id = and MK=20 enough?

 

You don't = need triplets=20 for fast re-authentication. The fast-reauthentication id,=20 the

counter,=20 and the MK = are=20 enough.

 

A separate=20 fast-reauthentication identity also indicates to the server that the = client=20 wants to use

fast=20 re-authentication. Hence it is possible to "overload" the identity = with this=20 indication and

save a = roundtrip in=20 some cases.

 

Madjid>>Couldn't=20 this be done with the same identity by some sort of flag or subtype?=20

 

Yes. In this = procol, we=20 did it with a separate identity.

 

When there = are=20 several AAA servers, pseudonyms should be decodable by all the=20 servers

at the home = network.=20 They should also be decodable a long time after they were=20 delivered.

Hence, the = storing=20 mechanism for pseudonyms is likely to be "expensive". Fast=20 re-authentication

identities = can be=20 locally administered by a single server, and it does not matter if = they=20 are

not stored = so=20 "reliably".

 

Madjid>> I=20 guess it depends on how fast re-auth ID is created/ communicated to = the local=20 server.

I am = guessing fast=20 re-auth ID is generated after a full authentication with a perm. ID is = performed and the master key is sent from the central server to the = local=20 server. If the MK is sent to the local server processing the fast = re-auth, why=20 not send the perm. ID with it? Unless you want to protect the perm. ID = from=20 the local server?

 

As said, this relates to the use of temporary = identities, which are used instead of the permanent = identity

for privacy reasons.  = If there were scenarios where fast = re-authentication=20 would be distributed closer to

the access network (which I am not aware of, BTW ), and = if you=20 want to use temporary identities, then

it is better to have a separate identity = "space" for=20 the local server to administer -- just as we

have currently in EAP-SIM.

 

EAP-SIM does not allow the use of the = permanent=20 identity upon fast re-authentication. This

is not a problem, since the server needs to = keep state=20 anyway, so the identity can

be managed as part of the other=20 state.

 

Regards,

Henry

 

------_=_NextPart_001_01C53E74.31ACF61F-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Apr 11 05:21:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA24904 for ; Mon, 11 Apr 2005 05:21:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 72533204ED; Mon, 11 Apr 2005 05:21:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id F2583204CB; Mon, 11 Apr 2005 05:21:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 721EC204CB for ; Mon, 11 Apr 2005 05:20:58 -0400 (EDT) Received: from mgw-x2.nokia.com (mgw-x2.nokia.com [131.228.20.22]) by mail.frascone.com (Postfix) with ESMTP id 272A6204BF for ; Mon, 11 Apr 2005 05:20:55 -0400 (EDT) Received: from esdks004.ntc.nokia.com (esdks004.ntc.nokia.com [172.21.138.159]) by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3B9KrO18556; Mon, 11 Apr 2005 12:20:53 +0300 (EET DST) X-Scanned: Mon, 11 Apr 2005 12:19:38 +0300 Nokia Message Protector V1.3.34 2004121512 - RELEASE Received: (from root@localhost) by esdks004.ntc.nokia.com (8.12.9/8.12.9) id j3B9Jc3j021065; Mon, 11 Apr 2005 12:19:38 +0300 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks004.ntc.nokia.com 00A72IAU; Mon, 11 Apr 2005 12:19:37 EEST Received: from esebh004.NOE.Nokia.com (esebh004.ntc.nokia.com [172.21.138.84]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3B9JbU10584; Mon, 11 Apr 2005 12:19:37 +0300 (EET DST) Received: from esebe017.NOE.Nokia.com ([172.21.138.56]) by esebh004.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Mon, 11 Apr 2005 12:19:36 +0300 Received: from trebe101.NOE.Nokia.com ([172.22.124.61]) by esebe017.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Mon, 11 Apr 2005 12:19:37 +0300 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C53E77.93D9C362" Subject: RE: [eap] EAP SIM and AKA identities. Message-ID: Thread-Topic: [eap] EAP SIM and AKA identities. Thread-Index: AcU+W2c64IxCfDAdSMeXF9g7nHpZHQAG0Arg From: To: , X-OriginalArrivalTime: 11 Apr 2005 09:19:37.0202 (UTC) FILETIME=[9503ED20:01C53E77] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 11 Apr 2005 12:19:35 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. ------_=_NextPart_001_01C53E77.93D9C362 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 Hi Suresh, =20 Please see inline. =20 -----Original Message----- From: eap-admin@frascone.com [mailto:eap-admin@frascone.com]On Behalf Of = ext Suresh =20 Hell Henry, Thanks for the mail. Just to consolidate my understanding, Identity = exchanged in the EAP-Identity/Response, can be obfuscated, truncated, or = decorated. This information can be used to select the method for = authentication, and some routing information. So, if the Identity = exchanged in the EAP-Identity/Response, has user name, which is prep = ended with "0", then the authentication method to be selected can be = AKA. If prep ended with "1", then the authentication method can be SIM. = This is how, permanent user names if sent, the server has the clue to = select the authentication methods.=20 =20 Right. The drafts recommend the server not to rely on the identity = string sent in EAP-Identity/Response. The leading digit may be used as an EAP method seletion hint during = method negotiation, but there may=20 be other ways to select the EAP method, too.=20 =20 Of course this has to be done, only during EAP-Identity/response phase, = not during AT_IDENTITY, as in the latter case, method is already known. Is my understanding correct? =20 =20 Yes, you are right that the contents of the identity in AT_IDENTITY must = not be used as any kind of hint to select the EAP method anymore. But if you compose the permanent = user name from the IMSI=20 as specified in the drafts, then you must prepend the leading digit in = all cases, even for AT_IDENTITY. For simplicity, the drafts only specify one format for the permanent = identity, and that format is used always. =20 Best regards, Henry =20 =20 =20 =20 ------_=_NextPart_001_01C53E77.93D9C362 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
Hi=20 Suresh,
 
Please=20 see inline.
 
 -----Original = Message-----
From:=20 eap-admin@frascone.com [mailto:eap-admin@frascone.com]On Behalf Of = ext=20 Suresh
 
Hell Henry,

Thanks for the mail. Just to consolidate my=20 understanding, Identity exchanged in the EAP-Identity/Response, can be = obfuscated, truncated, or decorated. This information can be used to = select=20 the method for authentication, and some routing information. So, if = the=20 Identity exchanged in the EAP-Identity/Response, has user name, which = is prep=20 ended with "0", then the authentication method to be selected can be = AKA. If=20 prep ended with "1", then the authentication method can be SIM. This = is how,=20 permanent user names if sent, the server has the clue to select the=20 authentication methods. 
 
Right.=20 The drafts recommend the server not to rely on the identity string sent = in=20 EAP-Identity/Response.
The=20 leading digit may be used as an EAP method seletion hint during method=20 negotiation, but there may
be=20 other ways to select the EAP method, too. =
 
Of course this = has to be=20 done, only during EAP-Identity/response phase, not during AT_IDENTITY, = as in=20 the latter case, method is already known.
Is my understanding=20 correct?
 
 
Yes,=20 you are right that the contents of the identity in AT_IDENTITY=20 must not be used as any kind of
hint=20 to select  the EAP method anymore. But = if = you compose the=20 permanent user name from the IMSI
as=20 specified in the drafts, then you must=20 prepend the leading digit in all cases, even for=20 AT_IDENTITY.
For=20 simplicity, the drafts only specify one format for the permanent = identity, and=20 that format
is=20 used always.
 
Best=20 regards,
Henry
 
 
 
 
------_=_NextPart_001_01C53E77.93D9C362-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From jude@resalehost.networksolutions.com Mon Apr 11 06:53:39 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA01623 for ; Mon, 11 Apr 2005 06:53:29 -0400 (EDT) Received: from amontpellier-252-1-6-15.w81-251.abo.wanadoo.fr ([81.251.50.15]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKwhD-0003wi-EV for eap-archive@ietf.org; Mon, 11 Apr 2005 07:03:13 -0400 Message-ID: <0bcc01c53e83$89f9060a$57168588@achilles.net> From: "Vanessa J. Smith" To: eap-archive@ietf.org Subject: =?iso-8859-1?B?QWRvYmUgQ3JlYXRpdmUgU3VpdGUgKDUgQ0QpIC0gNzUlIE9GRg==?= Date: Mon, 11 Apr 2005 10:42:16 +0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_4D4C2CFB.47FA0DDD" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 2.7 (++) X-Scan-Signature: d185fa790257f526fedfd5d01ed9c976 This is a multi-part message in MIME format. ------=_NextPart_000_0000_4D4C2CFB.47FA0DDD Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_83A8181A.0BCC6076" ------=_NextPart_001_0001_83A8181A.0BCC6076 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Get access to all the software possible for unbelievably low prices! We sell software 2-6 times cheaper than retail price. A few examples: $79.95 Windows XP Professional (Including: Service Pack 2) $89.95 Microsoft Office 2003 Professional / $79.95 Office XP Professional $99.95 Adobe Photoshop 8.0/CS (Including: ImageReady CS) $179.95 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX) $79.95 Adobe Acrobat 6.0 Professional $69.95 MS Project 2003 Professional Special Offers: $89.95 Windows XP Professional + Office XP Professional $149.95 Adobe Creative Suite Premium (5 CD) $129.95 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10 All main products from Microsoft, Adobe, Macromedia, Corel, etc. And many other... Please visit us at: http://www.bestcds.su Sincerely, Vanessa Smith _____________________________________________________ To change your mail preferences, go here: http://www.bestcds.su/uns.htm _____________________________________________________ ------=_NextPart_001_0001_83A8181A.0BCC6076 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit
Get all the popular software imaginable for less!
We sell software 2-6 times cheaper than retail price.

A few examples:
$79.95 Windows XP Professional (Including: Service Pack 2)
$89.95 Microsoft Office 2003 Professional / $79.95 Office XP Professional
$99.95 Adobe Photoshop 8.0/CS (Including: ImageReady CS)
$179.95 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX)
$79.95 Adobe Acrobat 6.0 Professional
$69.95 MS Visio 2003 Professional

Special Offers:
$89.95 Windows XP Professional + Office XP Professional
$149.95 Adobe Creative Suite Premium (5 CD)
$129.95 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10

All main products from Microsoft, Adobe, Macromedia, Corel, etc.
And many other... For full list of products go:

http://www.bestcds.su

Best regards,
Vanessa J. Smith


_____________________________________________________
To change your mail details, go: http://www.bestcds.su/uns.htm
_____________________________________________________

------=_NextPart_001_0001_83A8181A.0BCC6076-- ------=_NextPart_000_0000_4D4C2CFB.47FA0DDD-- From Elizabeta@jeepjazz.com Mon Apr 11 09:59:55 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA14905 for ; Mon, 11 Apr 2005 09:59:55 -0400 (EDT) Message-Id: <200504111359.JAA14905@ietf.org> Received: from [218.144.94.150] (helo=jeepjazz.com) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DKzbe-0000Qr-CF for eap-archive@ietf.org; Mon, 11 Apr 2005 10:09:40 -0400 From: "Columbine Mobley" To: "Maitland Clark" Subject: Re: Va1ium C1ALlS VlA'GRA Date: Mon, 11 Apr 2005 06:59:47 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0008_01C53DE2.425A66B3" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 4.7 (++++) X-Scan-Signature: 2b2ad76aced9b1d558e34a970a85c027 This is a multi-part message in MIME format. ------=_NextPart_000_0008_01C53DE2.425A66B3 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, torn from his quiet homestead amid the fragrant cider orchards with Dyke. I will take leave to doubt it. His lordship's tone abated noth Perfectly. But it is not possible that you are aware of the ambitions of the King of France. And there was worse than this: Mr. Blood smiled and inclined his head, for he was on friendly te forward, the long pennon with the cross of St. George fluttering crippled state, the Spaniards boarded her. They are going to attack us by land - to attempt to storm the fo Within the hour the Arabella and La Foudre were beating out to se oval face that was delicately beautiful. There were dark stains was not raised again, and Captain Blood was left to his idle Have a nice day. ------=_NextPart_000_0008_01C53DE2.425A66B3 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello, = Do you want to cut down expenses on ddruggs?
 
Visit = PharmaacyByMail STORE and=20 save up to   7 5 %
 
*      =20 *  ***      =20 *       *****   =20 ******      =20 *            =       =20  *      = *      =20 *      **   =20 **      *     =20 *     =20 *            =  =20 ******    ***      =20 *      ***     =20 ***   *****
*       * =20 ***       = *      =20 *****    ******      =20 *            =      =20   *     =20 *       *     =20 **    **     =20 *      *      *=20            =20  ******    ***      =20 *      ***     =20 ***   ***** 
*      =20 *   *       * = *    =20 *     *   *    =20 *     *=20 *            =        =20 *    *       *=20 *      **   = *      *=20 *      *   =20 *            =  =20 *      *   =20 *       * *     =20 *        *  =20 *     *
*      =20 *   *       * = *    =20 *     *   *    =20 *     *=20 *            =        =20 *    *       *=20 *      **   = *      *=20 *      *   =20 *            =  =20 *      *   =20 *       * *     =20 *        *  =20 *     *
 *    =20 *    *      *  =20 *    *        =20 *     *    *  =20 *            =        =20 ****       *   = *    =20 * *  *     *  =20 *     =20 ****           &nb= sp;  =20 *          =20 *      *   *    =20 *        *    = **** =20
 *     *   =20 *      *   *   =20 *         = *    =20 *    *  =20 *            =        =20 ****       *   = *    =20 * *  *     *  =20 *     =20 ****           &nb= sp;  =20 *          =20 *      *   *    =20 *        *    = **** =20
  *   *     = *    =20 *******   *  ****   * ****   =20 *******           =        =20 *  *      *******    = *  *=20 *    *******     * =20 *            =   =20 *          =20 *     *******   =20 *       =20 *        **
  *  =20 *     *     *******   = * =20 ****   * ****   =20 *******           =        =20 *  *      *******    = *  *=20 *    *******     * =20 *            =   =20 *          =20 *     *******   =20 *       =20 *        **
   *=20 *      *   =20 *       *  *    =20 *   *   *   =20 *      =20 *            =     =20 *    *    = *      =20 *   *   **   = *      =20 *   *   =20 *            =  =20 *      *    *   =20 *       *   *   =20 *   *   *     *
   = *=20 *      *   =20 *       *  *    =20 *   *   *   =20 *      =20 *            =     =20 *    *    = *      =20 *&p;        =     =20 *    *    = *      =20 *   *   **   = *      =20 *   *   =20 *            =  =20 *      *    *   =20 *       *   *   =20 *   *   *     = *
   =20 *      ***  =20 *       *    = ****   =20 *    **  *      =20 *            =    =20 *      *  =20 *       *  ***   ** =20 *       *  = *     =20 *            =  =20 ******    ***   = *      =20 *  ******   ***   *****
   =20 *      ***  =20 *       *    = ****   =20 *    **  *      =20 *            =    =20 *      *  =20 *       *  ***   ** =20 *       *  = *     =20 *            =  =20 ******    ***   = *      =20 *  ******   ***   ***** =
 
----- Original Message -----
; Mon, 11 Apr 2005 15:01:49 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DL4Jq-0001U4-5V for eap-archive@ietf.org; Mon, 11 Apr 2005 15:11:36 -0400 Received: from [203.90.45.68] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DL4A4-0000oH-1R for eap-archive@ietf.org; Mon, 11 Apr 2005 15:01:31 -0400 Received: from YO1l@localhost by Z3j.int (8.11.6/8.11.6); Mon, 11 Apr 2005 15:51:51 -0400 Message-ID: From: "Ursula Coleman" Reply-To: "Ursula Coleman" To: e3@ietf.org Subject: Over 80% Savings on ALL best-selling Photoshop titles Date: Mon, 11 Apr 2005 15:57:51 -0400 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: LindaRothschild@globaltradingsystems.org Content-Type: multipart/mixed; boundary="--oyDoHulTvrK9RlX" X-Spam-Score: 6.0 (++++++) X-Spam-Flag: YES X-Scan-Signature: 9d5866e4c615ceea0db8f42c46495d22 oDCQ ----oyDoHulTvrK9RlX Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Z
Opt-= in Email Special Offer     unsubscribe me
SEARCH

TOP 10 NEW TITLES

 ON SALE NOW!
  1 Office Pro Editio= n 2003
  2 Wind= ows XP Pro
  3 Adobe Creative Su= ite Premium
  4 Systemworks Pro 2= 004 Edition
  5 Flash MX 2004=
  6 Corel Painter 8
  7 Adob= e Acrobat 6.0
  8 Windows 2003 Serv= er
  9 Alias Maya 6.0 Wa= vefront
  10 Adobe Premiere
  = See more by this man= ufacturer
    Microsoft
    Apple Software
  = Customers also bough= t
    these other items= ..



Micr= osoft Office Professional Edition *2003*
Microsoft
Choose:
 
=
List Price: $899.00
Price: $69.99
You Save: $830.01 (92%)



Availability: Available for INSTANT download!
Coupon Code: ISe229
Media: CD-ROM / Download

System requ= irements  |  Accessories  |&n= bsp; Other Versions

Features:

  • Analyze and manage business inf= ormation using Access databases
  • Exchange data with other system= s using enhanced XML technology
  • Control information sharing rul= es with enhanced IRM technology
  • Easy-to-use wizards to create e= -mail newsletters and printed marketing materials
  • More than 20 preformatted busin= ess reports
Sales Rank: #1
Shipping: International/US or via instant downlo= ad
Date Coupon Expires: April 28th, 2005
Average Customer Review: 3D"5 Based on 1,768 reviews. Write a r= eview.
Microsoft Wind= ows XP Professional or Longhorn Edition
Microso= ft
Choose:
 

=

List Price: $279.00
Price: $49.99
You Save: $229.01 (85%)



Availability: Available for INSTANT download!
Coupon Code: ISe229
Media: CD-ROM / Download

System = requirements  |  Accessories = |  Other Versions

Features:

  • Designed for businesses of a= ll sizes
  • Manage digital pictures, mu= sic, video, DVDs, and more
  • More security with the abil= ity to encrypt files and folders
  • Built-in voice, video, and = instant messaging support
  • Integration with Windows se= rvers and management solutions

Sales Rank: #2
Shipping: International/US or via instant do= wnload
Date Coupon Expires: April 28th, 2005
Average Customer Review: 3D"5 Based on 868 reviews. Write a= review.

Adobe Crea= tive Suite Premium
Ado= be
Choose:
 =

List Price: $1149.00
Price: $99.99
You Save: $849.01 (90%)


Availability: Available for INSTANT download!
Coupon Code: ISe229
Media: CD-ROM / Download

Sys= tem requirements  |  Accessories&n= bsp; |  Other Versions

Features: <= /font>

  • An integrated design en= vironment featuring the industry's foremost design tools
  • In-depth tips, expert t= ricks, and comprehensive design resources
  • Intuitive file finding,= smooth workflow, and common interface and toolset
  • Single installer--contr= ol what you install and when you install it
  • Cross-media publishing-= -create content for both print and the Web

Sales Rank: #3
Shipping: International/US or via instan= t download
Date Coupon Expires: April 28th, 2005
Average Customer Review: 3D"5 Based on 498 reviews. Wri= te a review.

Symantec SystemWorks = 2004 Professional
Symantec
Choose:
 

List Price: $99.00
Price: $29.99
You Save: $69.01 (70%)



Availability: Available for INSTANT download!
Coupon Code: ISe229
Media: CD-ROM / Download

System requirements  |  Accessories = |  Other Versions


Features: =

  • Norton Utilities op= timizes your PC=BFs performance and solves computer problems <= /li>
  • Norton Password Man= ager keeps your passwords secure and easy to manage
  • Norton GoBack Perso= nal Edition restores your PC after a serious problem
  • Norton CleanSweep r= emoves unwanted programs and files that waste disk space
  • Norton Ghost protec= ts your data from computer disasters

Sales Rank: #4
Shipping: International/US or via in= stant download
Date Coupon Expires: April 28th, 2005
Average Customer Review: 3D"5 Based on 217 reviews. Write a review.

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20

----oyDoHulTvrK9RlX-- From ealasaidsibelle15398@crsolutionsllc.com Tue Apr 12 01:55:29 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA06760; Tue, 12 Apr 2005 01:55:28 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DLEWV-0005Cp-M7; Tue, 12 Apr 2005 02:05:21 -0400 Received: from [220.70.58.76] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DLDdQ-0002Bx-Qv; Tue, 12 Apr 2005 01:08:25 -0400 Received: from lachesis.tradeattache.com (220.70.58.76) by 220.70.58.76 (deliav.8) with SMTP id <679298o0vxi>; Tue, 12 Apr 2005 10:50:08 +0400 Reply-To: "despain gurica" From: "despain gurica" To: ran@ietf.org, eap-archive@ietf.org, maddogs@ietf.org, workshop@ietf.org, seamoby-admin@ietf.org, ipoverib-admin@ietf.org, dccp-request@ietf.org, manet@ietf.org, vrrp@ietf.org, subip-area@ietf.org, dinaras@ietf.org, urn-nid-admin@ietf.org, ieprep@ietf.org, gaco@ietf.org, magma-admin@ietf.org, p2prg-web-archive@ietf.org Subject: The Results of Your Application Date: Tue, 12 Apr 2005 02:51:08 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--36034_21941748.mHO88" Message-Id: X-Spam-Score: 8.4 (++++++++) X-Spam-Flag: YES X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a ----36034_21941748.mHO88 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7Bit Dear Homeowner,

We tried contacting you awhile ago about your low interest mortga/ge rate.
You have qualified for the lowest rate in years.
You could get over $965,000 for as little as $480 a month!
Have Ba/d credit?..Not a Problem! Low rates are guaranteed.

To get a free, no obliga/tion consultation click below:
http://hotrefinance.com/?name=rm2342
(please allow up to 30 seconds for the website to load)

Best Regards,
despain gurica

---------------------------
to be re -mov(ed: http://gavan.hotrefinance.com/st.html ----36034_21941748.mHO88-- From eap-admin@frascone.com Tue Apr 12 15:20:05 2005 Received: from mail.frascone.com (postfix@[204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27870 for ; Tue, 12 Apr 2005 15:20:03 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id A5FCD2036B; Tue, 12 Apr 2005 15:19:08 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id EF55C20263; Tue, 12 Apr 2005 15:19:05 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 9F7D620263 for ; Tue, 12 Apr 2005 15:18:18 -0400 (EDT) Received: from motgate4.mot.com (motgate4.mot.com [144.189.100.102]) by mail.frascone.com (Postfix) with ESMTP id 3ABEA1FFF3 for ; Tue, 12 Apr 2005 15:18:15 -0400 (EDT) Received: from az33exr02.mot.com (az33exr02.mot.com [10.64.251.232]) by motgate4.mot.com (8.12.11/Motgate4) with ESMTP id j3CJNIER000679 for ; Tue, 12 Apr 2005 12:23:22 -0700 (MST) Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4]) by az33exr02.mot.com (8.13.1/8.13.0) with ESMTP id j3CJJBdK028903 for ; Tue, 12 Apr 2005 14:19:12 -0500 (CDT) Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72) id ; Tue, 12 Apr 2005 14:18:08 -0500 Message-ID: From: Nakhjiri Madjid-MNAKHJI1 To: "'henry.haverinen@nokia.com'" , twieland@cisco.com Cc: eap@frascone.com Subject: RE: [eap] EAP-SIM fast re-auth identity MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C53F94.5A812F50" X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Tue, 12 Apr 2005 14:18:05 -0500 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C53F94.5A812F50 Content-Type: text/plain Hi Henry, I understand that most of EAP methods are designed for both 2- and 3 party models. However, I do think the EAP master key from EAP authentication only resides at the peer and the EAP server and so far we are ok for both 2 and 3 party models. Now if you choose to implement a key distribution based on the initial EAP authentication, you can choose to send your master key to the NAS. I am ok with that too, as long as you are not doing handovers. If you ARE doing handovers, then the master key should not be sent to the NAS, because then after the handover both NAS will come to share the same master key and if the idea is to use the master key to run a security association protocol (such as a 4-way handshake) to arrive at peer-NAS temp keys, then you will have a serious threat problem. The fast re-authentication in this draft seems to use the initial master key to derive temp session keys (section 5.1). So based on what I said above, I am assuming it is the EAP server is the one who keeps the master key (EAP server or NAS) and derives the temp keys would be important in case fast re-authentication is used for handovers. So fast re-authentication still needs to happen based on interaction with the EAP server, even though you don't run all the initial EAP exchanges, correct? Regards, Madjid -----Original Message----- From: henry.haverinen@nokia.com [mailto:henry.haverinen@nokia.com] Sent: Monday, April 11, 2005 3:45 AM To: Nakhjiri Madjid-MNAKHJI1; twieland@cisco.com Cc: eap@frascone.com Subject: RE: [eap] EAP-SIM fast re-auth identity Hi Madjid, The term "EAP server" simply refers to the entity that implemens the EAP-SIM server part. Usually this is implemented in a AAA server. The "authenticator" is a term that EAP documents use for the first-hop entity (NAS or 802.11 access point). In principle, the EAP server could be co-located in the NAS, but I don't think this is likely in the case of EAP-SIM. If the access technology requires an EAP exhange upon a handover, then you can run either mode of EAP-SIM there (full or fast re-auth). Unless pre-authentication is used, this kind of handover is not likely to be very smooth. If there is a need to run an EAP exchange even through you haven't moved to a new AP, you can also run either mode. EAP-SIM does not define when to use the fast re-auth mode. Regards, Henry -----Original Message----- From: ext Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri@motorola.com] Sent: 06 April, 2005 22:19 To: 'Thomas Wieland' Cc: eap@frascone.com; Haverinen Henry (Nokia-ES/Jyvaskyla); Nakhjiri Madjid-MNAKHJI1 Subject: RE: [eap] EAP-SIM fast re-auth identity Hi Thomas, Thanks for being among helpful "other people" :-) Ok, I am not sure how fast re-authentication protects the use identity, so I can understand if no protection is provided, that would be one way to protect the permanent identities such as IMSI. But what I don't understand is how every use of IMSI means use of new triplets? Sure EAP-SIM draft says that it does not allow re-use of triplets (I guess for full authentication), but from what I understand the fast re-authentication does not use any triplets, so the question of "re-use versus using fresh" should be moot. I do have another issue with the fast re-auth. Most of the sequence charts only show a peer and an authenticator. Does this mean the authenticator is the NAS or that it is the EAP server? I am trying to understand how this fits into a 3 party EAP authentication model and whether the fast re-authentication can apply to handovers or it is just re-authentication to the same authenticator? Regards, Madjid -----Original Message----- From: Thomas Wieland [mailto:twieland@cisco.com] Sent: Wednesday, April 06, 2005 2:41 AM To: Nakhjiri Madjid-MNAKHJI1 Cc: eap@frascone.com; henry.haverinen@nokia.com Subject: Re: [eap] EAP-SIM fast re-auth identity Hi Madjid, I'm not an author but "other people", but maybe I can shed some light on this. Henry can always correct and expand. There is nothing "wrong" with the identities used during full authentication (i.e. either permanent identity, e.g. 1IMSI @realm, or pseudonym identity). The "problem", if you will, is that by definition of a full authentication, these identities require the use of 2 or 3 GSM triplets to authenticate. For one, this implies at least one round trip to a remote server, i.e. the HLR/AuC where the triplets are generated. This is usually much slower than going through the calculations necessary to iterate the keying material locally at the AAA server. It also means additional load on the HLR/AuC. The second "bad" aspect is that each full EAP-SIM authentication uses up 2 or 3 triplets. The number of triplets that can be generated by each SIM is usually limited (e.g. to 50,000) due to security concerns. This doesn't matter too much in a GSM mobile network as authentications only use only one triplet and occur relatively infrequently compared to, for example, public WLAN. For EAP-SIM used in a PWLAN scenario, not only do you use up 2 or 3 triplets per authentication, the authentications also happen much more frequently. For example every time every time a PC gets turned on (or woken up), when a user roams between access points etc. You can see how you could be chewing through the available triplets pretty fast and once you've reached the limit hard-wired into the SIM, your SIM is dead and needs to be replaced. By using the fast re-auth mechanism, not only do you speed up EAP-SIM authentications (hence "fast" :-), you also reduce the load on the back-end server (AuC) and extend the life of your SIM. In other words, "it's a good thing". Regards, Thomas At 10:05 05-04-05 -0500, Nakhjiri Madjid-MNAKHJI1 wrote: Hi, I have a question regarding the EAP-SIM method for fast re-authentication and would appreciate it if the authors and other people respond. Why is a specific identity used for fast re-authentication? What is the problem with using the identities that were used during the full authentication? The initial identity that is sent in EAP-Response/ Identity should not have a problem, right? Thanks in advance, Madjid Nakhjiri ------_=_NextPart_001_01C53F94.5A812F50 Content-Type: text/html Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxodG1sPg0KDQo8aGVhZD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIg Q09OVEVOVD0idGV4dC9odG1sOyBjaGFyc2V0PXVzLWFzY2lpIj4NCg0KDQo8bWV0YSBuYW1lPUdl bmVyYXRvciBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxMCAoZmlsdGVyZWQpIj4NCg0KPHN0eWxl Pg0KPCEtLQ0KIC8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCiBAZm9udC1mYWNlDQoJe2ZvbnQtZmFt aWx5OldpbmdkaW5nczsNCglwYW5vc2UtMTo1IDAgMCAwIDAgMCAwIDAgMCAwO30NCkBmb250LWZh Y2UNCgl7Zm9udC1mYW1pbHk6VGFob21hOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDMgNSA0IDQgMiA0 O30NCiAvKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KIHAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjt9DQphOmxp bmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe2NvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVu ZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7Y29sb3I6 cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0Kc3Bhbi5lbWFpbHN0eWxlMTcN Cgl7Zm9udC1mYW1pbHk6QXJpYWw7DQoJY29sb3I6bmF2eTt9DQpzcGFuLkVtYWlsU3R5bGUxOA0K CXtmb250LWZhbWlseTpBcmlhbDsNCgljb2xvcjpuYXZ5O30NCkBwYWdlIFNlY3Rpb24xDQoJe3Np emU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjI1aW4gMS4waW4gMS4yNWluO30NCmRp di5TZWN0aW9uMQ0KCXtwYWdlOlNlY3Rpb24xO30NCi0tPg0KPC9zdHlsZT4NCg0KPC9oZWFkPg0K DQo8Ym9keSBsYW5nPUVOLVVTIGxpbms9Ymx1ZSB2bGluaz1wdXJwbGU+DQoNCjxkaXYgY2xhc3M9 U2VjdGlvbjE+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBm YWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJp YWw7Y29sb3I6bmF2eSc+SGkgSGVucnksPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1z b05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdm b250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7PC9z cGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9 bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1p bHk6QXJpYWw7Y29sb3I6bmF2eSc+SSB1bmRlcnN0YW5kIHRoYXQgbW9zdCBvZiBFQVAgbWV0aG9k cyBhcmUNCmRlc2lnbmVkIGZvciBib3RoIDItIGFuZCAzIHBhcnR5IG1vZGVscy4gSG93ZXZlciwg SSBkbyB0aGluayB0aGUgRUFQIG1hc3RlciBrZXkNCmZyb20gRUFQIGF1dGhlbnRpY2F0aW9uIG9u bHkgcmVzaWRlcyBhdCB0aGUgcGVlciBhbmQgdGhlIEVBUCBzZXJ2ZXIgYW5kIHNvIGZhcg0Kd2Ug YXJlIG9rIGZvciBib3RoIDIgYW5kIDMgcGFydHkgbW9kZWxzLiBOb3cgaWYgeW91IGNob29zZSB0 byBpbXBsZW1lbnQgYSBrZXkNCmRpc3RyaWJ1dGlvbiBiYXNlZCBvbiB0aGUgaW5pdGlhbCBFQVAg YXV0aGVudGljYXRpb24sIHlvdSBjYW4gY2hvb3NlIHRvIHNlbmQNCnlvdXIgbWFzdGVyIGtleSB0 byB0aGUgTkFTLiBJIGFtIG9rIHdpdGggdGhhdCB0b28sIGFzIGxvbmcgYXMgeW91IGFyZSBub3Qg ZG9pbmcNCmhhbmRvdmVycy4gSWYgeW91IEFSRSBkb2luZyBoYW5kb3ZlcnMsIHRoZW4gdGhlIG1h c3RlciBrZXkgc2hvdWxkIG5vdCBiZSBzZW50DQp0byB0aGUgTkFTLCBiZWNhdXNlIHRoZW4gYWZ0 ZXIgdGhlIGhhbmRvdmVyIGJvdGggTkFTIHdpbGwgY29tZSB0byBzaGFyZSB0aGUNCnNhbWUgbWFz dGVyIGtleSBhbmQgaWYgdGhlIGlkZWEgaXMgdG8gdXNlIHRoZSBtYXN0ZXIga2V5IHRvIHJ1biBh IHNlY3VyaXR5DQphc3NvY2lhdGlvbiBwcm90b2NvbCAoc3VjaCBhcyBhIDQtd2F5IGhhbmRzaGFr ZSkgdG8gYXJyaXZlIGF0IHBlZXItTkFTIHRlbXANCmtleXMsIHRoZW4geW91IHdpbGwgaGF2ZSBh IHNlcmlvdXMgdGhyZWF0IHByb2JsZW0uIDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1N c29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0n Zm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwv c3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9y PW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFt aWx5OkFyaWFsO2NvbG9yOm5hdnknPlRoZSBmYXN0IHJlLWF1dGhlbnRpY2F0aW9uIGluIHRoaXMg ZHJhZnQNCnNlZW1zIHRvIHVzZSB0aGUgaW5pdGlhbCBtYXN0ZXIga2V5IHRvIGRlcml2ZSB0ZW1w IHNlc3Npb24ga2V5cyAoc2VjdGlvbiA1LjEpLiBTbw0KYmFzZWQgb24gd2hhdCBJIHNhaWQgYWJv dmUsIEkgYW0gYXNzdW1pbmcgaXQgaXMgdGhlIEVBUCBzZXJ2ZXIgaXMgdGhlIG9uZSB3aG8NCmtl ZXBzIHRoZSBtYXN0ZXIga2V5IChFQVAgc2VydmVyIG9yIE5BUykgYW5kIGRlcml2ZXMgdGhlIHRl bXAga2V5cyB3b3VsZCBiZQ0KaW1wb3J0YW50IGluIGNhc2UgZmFzdCByZS1hdXRoZW50aWNhdGlv biBpcyB1c2VkIGZvciBoYW5kb3ZlcnMuIFNvIGZhc3QNCnJlLWF1dGhlbnRpY2F0aW9uIHN0aWxs IG5lZWRzIHRvIGhhcHBlbiBiYXNlZCBvbiBpbnRlcmFjdGlvbiB3aXRoIHRoZSBFQVANCnNlcnZl ciwgZXZlbiB0aG91Z2ggeW91IGRvbid0IHJ1biBhbGwgdGhlIGluaXRpYWwgRUFQIGV4Y2hhbmdl cywgY29ycmVjdD88L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250 IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEw LjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5Jz4mbmJzcDs8L3NwYW4+PC9mb250Pjwv cD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJp YWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xv cjpuYXZ5Jz5SZWdhcmRzLDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+ PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXpl Og0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48L2Zv bnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFj ZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFs O2NvbG9yOm5hdnknPk1hZGppZDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3Jt YWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1z aXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48 L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9VGFob21h PjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6VGFob21hJz4tLS0t LU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxicj4NCjxiPjxzcGFuIHN0eWxlPSdmb250LXdlaWdodDpi b2xkJz5Gcm9tOjwvc3Bhbj48L2I+IGhlbnJ5LmhhdmVyaW5lbkBub2tpYS5jb20NClttYWlsdG86 aGVucnkuaGF2ZXJpbmVuQG5va2lhLmNvbV0gPGJyPg0KPGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2Vp Z2h0OmJvbGQnPlNlbnQ6PC9zcGFuPjwvYj4gTW9uZGF5LCBBcHJpbCAxMSwgMjAwNSAzOjQ1DQpB TTxicj4NCjxiPjxzcGFuIHN0eWxlPSdmb250LXdlaWdodDpib2xkJz5Ubzo8L3NwYW4+PC9iPiBO YWtoamlyaSBNYWRqaWQtTU5BS0hKSTE7IHR3aWVsYW5kQGNpc2NvLmNvbTxicj4NCjxiPjxzcGFu IHN0eWxlPSdmb250LXdlaWdodDpib2xkJz5DYzo8L3NwYW4+PC9iPiBlYXBAZnJhc2NvbmUuY29t PGJyPg0KPGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2VpZ2h0OmJvbGQnPlN1YmplY3Q6PC9zcGFuPjwv Yj4gUkU6IFtlYXBdIEVBUC1TSU0gZmFzdA0KcmUtYXV0aCBpZGVudGl0eTwvc3Bhbj48L2ZvbnQ+ PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0zIGZhY2U9IlRpbWVzIE5ldyBS b21hbiI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEyLjBwdCc+Jm5ic3A7PC9zcGFuPjwvZm9u dD48L3A+DQoNCjxkaXY+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTMgZmFjZT0i VGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTIuMHB0Jz4mbmJzcDs8 L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoNCjxwIGNsYXNzPU1zb05vcm1h bD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNp emU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6Ymx1ZSc+SGkgTWFkamlkLDwvc3Bh bj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxm b250IHNpemU9MyBmYWNlPSJUaW1lcyBOZXcgUm9tYW4iPjxzcGFuIHN0eWxlPSdmb250LXNpemU6 DQoxMi4wcHQnPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4NCg0K PHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1ibHVlIGZhY2U9QXJpYWw+PHNw YW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpibHVl Jz5UaGUgdGVybSAmcXVvdDtFQVAgc2VydmVyJnF1b3Q7IHNpbXBseQ0KcmVmZXJzIHRvIHRoZSBl bnRpdHkgdGhhdCBpbXBsZW1lbnM8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+ DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFyaWFs PjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6 Ymx1ZSc+dGhlIEVBUC1TSU0gc2VydmVyIHBhcnQuIFVzdWFsbHkgdGhpcyBpcw0KaW1wbGVtZW50 ZWQgaW4gYSBBQUEgc2VydmVyLjwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8L2Rpdj4NCg0KPGRpdj4N Cg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1ibHVlIGZhY2U9QXJpYWw+ PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpi bHVlJz5UaGUgJnF1b3Q7YXV0aGVudGljYXRvciZxdW90OyBpcyBhIHRlcm0NCnRoYXQgRUFQIGRv Y3VtZW50cyB1c2UgZm9yIHRoZSBmaXJzdC1ob3AgZW50aXR5PC9zcGFuPjwvZm9udD48L3A+DQoN CjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9y PWJsdWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFt aWx5OkFyaWFsO2NvbG9yOmJsdWUnPihOQVMgb3IgODAyLjExIGFjY2VzcyBwb2ludCkuIEluDQpw cmluY2lwbGUsIHRoZSBFQVAgc2VydmVyIGNvdWxkIGJlPC9zcGFuPjwvZm9udD48L3A+DQoNCjwv ZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPWJs dWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5 OkFyaWFsO2NvbG9yOmJsdWUnPmNvLWxvY2F0ZWQgaW4gdGhlIE5BUywgYnV0IEkgZG9uJ3QgdGhp bmsNCnRoaXMgaXMgbGlrZWx5IGluIHRoZSBjYXNlIG9mIEVBUC1TSU0uPC9zcGFuPjwvZm9udD48 L3A+DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0z IGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEyLjBwdCc+ Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBjbGFzcz1N c29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPWJsdWUgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0n Zm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOmJsdWUnPklmIHRoZSBh Y2Nlc3MgdGVjaG5vbG9neSByZXF1aXJlcyBhbiBFQVANCmV4aGFuZ2UgdXBvbiBhIGhhbmRvdmVy LCA8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoNCjxwIGNsYXNzPU1zb05v cm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250 LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6Ymx1ZSc+dGhlbiB5b3UgY2Fu IHJ1biBlaXRoZXIgbW9kZSZuYnNwOyZuYnNwO29mDQpFQVAtU0lNIHRoZXJlIChmdWxsIG9yIGZh c3QgcmUtYXV0aCkuPC9zcGFuPjwvZm9udD48L3A+DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0KDQo8cCBj bGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPWJsdWUgZmFjZT1BcmlhbD48c3BhbiBz dHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOmJsdWUnPlVu bGVzcyBwcmUtYXV0aGVudGljYXRpb24gaXMgdXNlZCwgdGhpcw0Ka2luZCBvZiBoYW5kb3ZlciBp cyBub3QgbGlrZWx5IHRvIGJlPC9zcGFuPjwvZm9udD48L3A+DQoNCjwvZGl2Pg0KDQo8ZGl2Pg0K DQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPWJsdWUgZmFjZT1BcmlhbD48 c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOmJs dWUnPnZlcnkgc21vb3RoLiBJZiB0aGVyZSZuYnNwO2lzIGEgbmVlZCB0bw0KcnVuIGFuIEVBUCBl eGNoYW5nZSZuYnNwO2V2ZW4gdGhyb3VnaCA8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoN CjxkaXY+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNl PUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7 Y29sb3I6Ymx1ZSc+eW91IGhhdmVuJ3QgbW92ZWQgdG8gYSBuZXcgQVAsIHlvdSBjYW4NCmFsc28g cnVuIGVpdGhlciBtb2RlLiA8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoN CjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFyaWFsPjxz cGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6Ymx1 ZSc+RUFQLVNJTSBkb2VzIG5vdCBkZWZpbmUgd2hlbiB0byB1c2UgdGhlDQpmYXN0IHJlLWF1dGgg bW9kZS48L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+DQoNCjxwIGNsYXNzPU1z b05vcm1hbD48Zm9udCBzaXplPTMgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0n Zm9udC1zaXplOg0KMTIuMHB0Jz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoN CjxkaXY+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNl PUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7 Y29sb3I6Ymx1ZSc+UmVnYXJkcyw8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxkaXY+ DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9Ymx1ZSBmYWNlPUFyaWFs PjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6 Ymx1ZSc+SGVucnk8L3NwYW4+PC9mb250PjwvcD4NCg0KPC9kaXY+DQoNCjxibG9ja3F1b3RlIHN0 eWxlPSdib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGlu IDBpbiAwaW4gNC4wcHQ7DQptYXJnaW4tbGVmdDozLjc1cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJn aW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206NS4wcHQnPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWwg c3R5bGU9J21hcmdpbi1ib3R0b206MTIuMHB0Jz48Zm9udCBzaXplPTIgZmFjZT1UYWhvbWE+PHNw YW4NCnN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlRhaG9tYSc+LS0tLS1Pcmln aW5hbCBNZXNzYWdlLS0tLS08YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+ RnJvbTo8L3NwYW4+PC9iPiBleHQgTmFraGppcmkgTWFkamlkLU1OQUtISkkxDQpbbWFpbHRvOk1h ZGppZC5OYWtoamlyaUBtb3Rvcm9sYS5jb21dPGJyPg0KPGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2Vp Z2h0OmJvbGQnPlNlbnQ6PC9zcGFuPjwvYj4gMDYgQXByaWwsIDIwMDUgMjI6MTk8YnI+DQo8Yj48 c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+VG86PC9zcGFuPjwvYj4gJ1Rob21hcyBXaWVs YW5kJzxicj4NCjxiPjxzcGFuIHN0eWxlPSdmb250LXdlaWdodDpib2xkJz5DYzo8L3NwYW4+PC9i PiBlYXBAZnJhc2NvbmUuY29tOyBIYXZlcmluZW4NCkhlbnJ5IChOb2tpYS1FUy9KeXZhc2t5bGEp OyBOYWtoamlyaSBNYWRqaWQtTU5BS0hKSTE8YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWln aHQ6Ym9sZCc+U3ViamVjdDo8L3NwYW4+PC9iPiBSRTogW2VhcF0gRUFQLVNJTSBmYXN0DQpyZS1h dXRoIGlkZW50aXR5PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9u dCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQox MC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+SGkgVGhvbWFzLDwvc3Bhbj48L2Zv bnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0zIGZhY2U9IlRpbWVzIE5l dyBSb21hbiI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEyLjBwdCc+Jm5ic3A7PC9zcGFuPjwv Zm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBm YWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJp YWw7Y29sb3I6bmF2eSc+VGhhbmtzIGZvciBiZWluZyBhbW9uZyBoZWxwZnVsICZxdW90O290aGVy DQpwZW9wbGUmcXVvdDsgPC9zcGFuPjwvZm9udD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNl PVdpbmdkaW5ncz48c3Bhbg0Kc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6V2lu Z2RpbmdzO2NvbG9yOm5hdnknPko8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9y bWFsPjxmb250IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQt c2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5Jz5PaywgSSBhbSBub3Qg c3VyZSBob3cgZmFzdA0KcmUtYXV0aGVudGljYXRpb24gcHJvdGVjdHMgdGhlIHVzZSBpZGVudGl0 eSwgc28gSSBjYW4gdW5kZXJzdGFuZCBpZiBubw0KcHJvdGVjdGlvbiBpcyBwcm92aWRlZCwgdGhh dCB3b3VsZCBiZSBvbmUgd2F5IHRvIHByb3RlY3QgdGhlIHBlcm1hbmVudA0KaWRlbnRpdGllcyBz dWNoIGFzIElNU0kuPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9u dCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQox MC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+QnV0IHdoYXQgSSBkb24ndCB1bmRl cnN0YW5kIGlzIGhvdyBldmVyeQ0KdXNlIG9mIElNU0kgbWVhbnMgdXNlIG9mIG5ldyB0cmlwbGV0 cz88L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBj b2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250 LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5Jz5TdXJlIEVBUC1TSU0gZHJhZnQgc2F5cyB0aGF0IGl0 IGRvZXMgbm90DQphbGxvdyByZS11c2Ugb2YgdHJpcGxldHMgKEkgZ3Vlc3MgZm9yIGZ1bGwgYXV0 aGVudGljYXRpb24pLCBidXQgZnJvbSB3aGF0IEkNCnVuZGVyc3RhbmQgdGhlIGZhc3QgcmUtYXV0 aGVudGljYXRpb24gZG9lcyBub3QgdXNlIGFueSB0cmlwbGV0cywgc28gdGhlDQpxdWVzdGlvbiBv ZiAmcXVvdDtyZS11c2UgdmVyc3VzIHVzaW5nIGZyZXNoJnF1b3Q7IHNob3VsZCBiZSBtb290Ljwv c3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0zIGZhY2U9 IlRpbWVzIE5ldyBSb21hbiI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEyLjBwdCc+Jm5ic3A7 PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29s b3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1m YW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+SSBkbyBoYXZlIGFub3RoZXIgaXNzdWUgd2l0aCB0aGUg ZmFzdA0KcmUtYXV0aC4gTW9zdCBvZiB0aGUgc2VxdWVuY2UgY2hhcnRzIG9ubHkgc2hvdyBhIHBl ZXIgYW5kIGFuIGF1dGhlbnRpY2F0b3IuDQpEb2VzIHRoaXMgbWVhbiB0aGUgYXV0aGVudGljYXRv ciBpcyB0aGUgTkFTIG9yIHRoYXQgaXQgaXMgdGhlIEVBUCBzZXJ2ZXI/IEkgYW0NCnRyeWluZyB0 byB1bmRlcnN0YW5kIGhvdyB0aGlzIGZpdHMgaW50byBhIDMgcGFydHkgRUFQIGF1dGhlbnRpY2F0 aW9uIG1vZGVsIGFuZA0Kd2hldGhlciB0aGUgZmFzdCByZS1hdXRoZW50aWNhdGlvbiBjYW4gYXBw bHkgdG8gaGFuZG92ZXJzIG9yIGl0IGlzIGp1c3QNCnJlLWF1dGhlbnRpY2F0aW9uIHRvIHRoZSBz YW1lIGF1dGhlbnRpY2F0b3I/PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1h bD48Zm9udCBzaXplPTMgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHlsZT0nZm9udC1z aXplOg0KMTIuMHB0Jz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9y bWFsPjxmb250IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQt c2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5Jz5SZWdhcmRzLDwvc3Bh bj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0zIGZhY2U9IlRp bWVzIE5ldyBSb21hbiI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEyLjBwdCc+Jm5ic3A7PC9z cGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9 bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1p bHk6QXJpYWw7Y29sb3I6bmF2eSc+TWFkamlkPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNz PU1zb05vcm1hbD48Zm9udCBzaXplPTMgZmFjZT0iVGltZXMgTmV3IFJvbWFuIj48c3BhbiBzdHls ZT0nZm9udC1zaXplOg0KMTIuMHB0Jz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xh c3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPVRhaG9tYT48c3BhbiBzdHlsZT0nZm9udC1z aXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OlRhaG9tYSc+LS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0t LS08YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6Ym9sZCc+RnJvbTo8L3NwYW4+PC9i PiBUaG9tYXMgV2llbGFuZA0KW21haWx0bzp0d2llbGFuZEBjaXNjby5jb21dIDxicj4NCjxiPjxz cGFuIHN0eWxlPSdmb250LXdlaWdodDpib2xkJz5TZW50Ojwvc3Bhbj48L2I+IFdlZG5lc2RheSwg QXByaWwgMDYsIDIwMDUNCjI6NDEgQU08YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6 Ym9sZCc+VG86PC9zcGFuPjwvYj4gTmFraGppcmkgTWFkamlkLU1OQUtISkkxPGJyPg0KPGI+PHNw YW4gc3R5bGU9J2ZvbnQtd2VpZ2h0OmJvbGQnPkNjOjwvc3Bhbj48L2I+IGVhcEBmcmFzY29uZS5j b207DQpoZW5yeS5oYXZlcmluZW5Abm9raWEuY29tPGJyPg0KPGI+PHNwYW4gc3R5bGU9J2ZvbnQt d2VpZ2h0OmJvbGQnPlN1YmplY3Q6PC9zcGFuPjwvYj4gUmU6IFtlYXBdIEVBUC1TSU0gZmFzdA0K cmUtYXV0aCBpZGVudGl0eTwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+ PGZvbnQgc2l6ZT0zIGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6 ZToNCjEyLjBwdCc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1h bCBzdHlsZT0nbWFyZ2luLWJvdHRvbToxMi4wcHQnPjxmb250IHNpemU9Mw0KZmFjZT0iVGltZXMg TmV3IFJvbWFuIj48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEyLjBwdCc+PGJyPg0KSGkgTWFkamlk LDxicj4NCjxicj4NCiZuYnNwOyBJJ20gbm90IGFuIGF1dGhvciBidXQgJnF1b3Q7b3RoZXIgcGVv cGxlJnF1b3Q7LCBidXQgbWF5YmUgSSBjYW4gc2hlZCA8YnI+DQpzb21lIGxpZ2h0IG9uIHRoaXMu Jm5ic3A7IEhlbnJ5IGNhbiBhbHdheXMgY29ycmVjdCBhbmQgZXhwYW5kLjxicj4NCjxicj4NClRo ZXJlIGlzIG5vdGhpbmcgJnF1b3Q7d3JvbmcmcXVvdDsgd2l0aCB0aGUgaWRlbnRpdGllcyB1c2Vk IGR1cmluZyBmdWxsPGJyPg0KYXV0aGVudGljYXRpb24gKGkuZS4gZWl0aGVyIHBlcm1hbmVudCBp ZGVudGl0eSwgZS5nLiAxSU1TSSBAcmVhbG0sPGJyPg0Kb3IgcHNldWRvbnltIGlkZW50aXR5KS4m bmJzcDsgVGhlICZxdW90O3Byb2JsZW0mcXVvdDssIGlmIHlvdSB3aWxsLCBpcyB0aGF0IGJ5PGJy Pg0KZGVmaW5pdGlvbiBvZiBhIGZ1bGwgYXV0aGVudGljYXRpb24sIHRoZXNlIGlkZW50aXRpZXMg cmVxdWlyZSB0aGU8YnI+DQp1c2Ugb2YgMiBvciAzIEdTTSB0cmlwbGV0cyB0byBhdXRoZW50aWNh dGUuJm5ic3A7IDxicj4NCjxicj4NCkZvciBvbmUsIHRoaXMgaW1wbGllcyBhdCBsZWFzdCBvbmUg cm91bmQgdHJpcCB0byBhIHJlbW90ZSBzZXJ2ZXIsIDxicj4NCmkuZS4gdGhlIEhMUi9BdUMgd2hl cmUgdGhlIHRyaXBsZXRzIGFyZSBnZW5lcmF0ZWQuJm5ic3A7IFRoaXMgaXMgPGJyPg0KdXN1YWxs eSBtdWNoIHNsb3dlciB0aGFuIGdvaW5nIHRocm91Z2ggdGhlIGNhbGN1bGF0aW9ucyA8YnI+DQpu ZWNlc3NhcnkgdG8gaXRlcmF0ZSB0aGUga2V5aW5nIG1hdGVyaWFsIGxvY2FsbHkgYXQgdGhlIEFB QSA8YnI+DQpzZXJ2ZXIuJm5ic3A7IEl0IGFsc28gbWVhbnMgYWRkaXRpb25hbCBsb2FkIG9uIHRo ZSBITFIvQXVDLjxicj4NCjxicj4NClRoZSBzZWNvbmQgJnF1b3Q7YmFkJnF1b3Q7IGFzcGVjdCBp cyB0aGF0IGVhY2ggZnVsbCBFQVAtU0lNIGF1dGhlbnRpY2F0aW9uIHVzZXMNCjxicj4NCnVwIDIg b3IgMyB0cmlwbGV0cy4mbmJzcDsgVGhlIG51bWJlciBvZiB0cmlwbGV0cyB0aGF0IGNhbiBiZSBn ZW5lcmF0ZWQgYnkgZWFjaCA8YnI+DQpTSU0gaXMgdXN1YWxseSBsaW1pdGVkIChlLmcuIHRvIDUw LDAwMCkgZHVlIHRvIHNlY3VyaXR5IGNvbmNlcm5zLiZuYnNwOyBUaGlzIDxicj4NCmRvZXNuJ3Qg bWF0dGVyIHRvbyBtdWNoIGluIGEgR1NNIG1vYmlsZSBuZXR3b3JrIGFzIGF1dGhlbnRpY2F0aW9u czxicj4NCm9ubHkgdXNlIG9ubHkgb25lIHRyaXBsZXQgYW5kIG9jY3VyIHJlbGF0aXZlbHkgaW5m cmVxdWVudGx5IGNvbXBhcmVkIHRvLDxicj4NCmZvciBleGFtcGxlLCBwdWJsaWMgV0xBTi4mbmJz cDsgRm9yIEVBUC1TSU0gdXNlZCBpbiBhIFBXTEFOIHNjZW5hcmlvLDxicj4NCm5vdCBvbmx5IGRv IHlvdSB1c2UgdXAgMiBvciAzIHRyaXBsZXRzIHBlciBhdXRoZW50aWNhdGlvbiwgdGhlIGF1dGhl bnRpY2F0aW9ucyA8YnI+DQphbHNvIGhhcHBlbiBtdWNoIG1vcmUgZnJlcXVlbnRseS4mbmJzcDsg Rm9yIGV4YW1wbGUgZXZlcnkgdGltZSBldmVyeSB0aW1lIDxicj4NCmEgUEMgZ2V0cyB0dXJuZWQg b24gKG9yIHdva2VuIHVwKSwgd2hlbiBhIHVzZXIgcm9hbXMgYmV0d2VlbiBhY2Nlc3M8YnI+DQpw b2ludHMgZXRjLiZuYnNwOyBZb3UgY2FuIHNlZSBob3cgeW91IGNvdWxkIGJlIGNoZXdpbmcgdGhy b3VnaCB0aGUgYXZhaWxhYmxlPGJyPg0KdHJpcGxldHMgcHJldHR5IGZhc3QgYW5kIG9uY2UgeW91 J3ZlIHJlYWNoZWQgdGhlIGxpbWl0IGhhcmQtd2lyZWQgaW50byB0aGU8YnI+DQpTSU0sIHlvdXIg U0lNIGlzIGRlYWQgYW5kIG5lZWRzIHRvIGJlIHJlcGxhY2VkLiZuYnNwOyA8YnI+DQo8YnI+DQpC eSB1c2luZyB0aGUgZmFzdCByZS1hdXRoIG1lY2hhbmlzbSwgbm90IG9ubHkgZG8geW91IHNwZWVk IHVwIDxicj4NCkVBUC1TSU0gYXV0aGVudGljYXRpb25zIChoZW5jZSAmcXVvdDtmYXN0JnF1b3Q7 IDotKSwgeW91IGFsc28gcmVkdWNlIHRoZTxicj4NCmxvYWQgb24gdGhlIGJhY2stZW5kIHNlcnZl ciAoQXVDKSBhbmQgZXh0ZW5kIHRoZSBsaWZlIG9mIHlvdXIgU0lNLjxicj4NCkluIG90aGVyIHdv cmRzLCAmcXVvdDtpdCdzIGEgZ29vZCB0aGluZyZxdW90Oy48YnI+DQo8YnI+DQpSZWdhcmRzLDxi cj4NCjxicj4NCiZuYnNwOyBUaG9tYXM8YnI+DQo8YnI+DQo8YnI+DQo8YnI+DQpBdCAxMDowNSAw NS0wNC0wNSAtMDUwMCwgTmFraGppcmkgTWFkamlkLU1OQUtISkkxIHdyb3RlOjxicj4NCjxicj4N Cjwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZh Y2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseTpBcmlh bCc+SGksIDxicj4NCjwvc3Bhbj48L2ZvbnQ+PGJyPg0KPGZvbnQgc2l6ZT0yIGZhY2U9QXJpYWw+ PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWwnPiZuYnNwOzxi cj4NCjwvc3Bhbj48L2ZvbnQ+PGJyPg0KPGZvbnQgc2l6ZT0yIGZhY2U9QXJpYWw+PHNwYW4gc3R5 bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWwnPkkgaGF2ZQ0KYSBxdWVzdGlv biByZWdhcmRpbmcgdGhlIEVBUC1TSU0gbWV0aG9kIGZvciBmYXN0IHJlLWF1dGhlbnRpY2F0aW9u IGFuZCB3b3VsZCBhcHByZWNpYXRlDQppdCBpZiB0aGUgYXV0aG9ycyBhbmQgb3RoZXIgcGVvcGxl IHJlc3BvbmQuIFdoeSBpcyBhIHNwZWNpZmljIGlkZW50aXR5IHVzZWQgZm9yDQpmYXN0IHJlLWF1 dGhlbnRpY2F0aW9uPyBXaGF0IGlzIHRoZSBwcm9ibGVtIHdpdGggdXNpbmcgdGhlIGlkZW50aXRp ZXMgdGhhdCB3ZXJlDQp1c2VkIGR1cmluZyB0aGUgZnVsbCBhdXRoZW50aWNhdGlvbj8gVGhlIGlu aXRpYWwgaWRlbnRpdHkgdGhhdCBpcyBzZW50IGluDQpFQVAtUmVzcG9uc2UvIElkZW50aXR5IHNo b3VsZCBub3QgaGF2ZSBhIHByb2JsZW0sIHJpZ2h0Pzxicj4NCjwvc3Bhbj48L2ZvbnQ+PGJyPg0K PGZvbnQgc2l6ZT0yIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9u dC1mYW1pbHk6QXJpYWwnPiZuYnNwOzxicj4NCjwvc3Bhbj48L2ZvbnQ+PGJyPg0KPGZvbnQgc2l6 ZT0yIGZhY2U9QXJpYWw+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6 QXJpYWwnPlRoYW5rcw0KaW4gYWR2YW5jZSw8YnI+DQo8L3NwYW4+PC9mb250Pjxicj4NCjxmb250 IHNpemU9MiBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFt aWx5OkFyaWFsJz4mbmJzcDs8YnI+DQo8L3NwYW4+PC9mb250Pjxicj4NCjxmb250IHNpemU9MiBm YWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFs Jz5NYWRqaWQNCk5ha2hqaXJpPC9zcGFuPjwvZm9udD48L3A+DQoNCjwvYmxvY2txdW90ZT4NCg0K PC9kaXY+DQoNCjwvYm9keT4NCg0KPC9odG1sPg0K ------_=_NextPart_001_01C53F94.5A812F50-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From gruyere@yebox.com Tue Apr 12 18:51:35 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA20959; Tue, 12 Apr 2005 18:51:35 -0400 (EDT) Received: from [222.105.43.170] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DLUO0-0002ua-Pn; Tue, 12 Apr 2005 19:01:38 -0400 Received: from torpid-jcoppens.com (EHLO mite.jcoppens.com) by bordello.jcoppens.com with SMTP; Tue, 12 Apr 2005 18:53:32 -0500 Date: Wed, 13 Apr 2005 05:51:32 +0600 From: "Sybil Currie" To: drafts@ietf.org Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org Subject: You've been selected for a low rate Message-ID: X-SpamTest-Info: Profile: SysLog X-SpamTest-Status: Not detected X-SpamTest-Version: SMTP-Filter Version 2.0.0 [642], SpamtestISP/Release X-Mailer: MIME-tools 5.41 (Entity 5.404) X-Spam-Score: 13.0 (+++++++++++++) X-Spam-Flag: YES X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.mrg-now-yes.com/sign.asp Best Regards, Alfred Valentine to be remov(ed: http://www.mrg-now-yes.com/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From koreji@mail.bulgaria.com Tue Apr 12 22:52:07 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA08205; Tue, 12 Apr 2005 22:52:07 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DLY8o-0008VN-ON; Tue, 12 Apr 2005 23:02:11 -0400 Received: from [220.72.38.55] (helo=mail.bulgaria.com) by mx2.foretec.com with esmtp (Exim 4.24) id 1DLXyx-0006Wg-5e; Tue, 12 Apr 2005 22:51:59 -0400 message-id: <000d01c53fd4$4382a820$df3a13a8@obqhd> From: "PerfectHGH" To: Subject: Help eliminate stress, fatigue and depression! Date: Tue, 12 Apr 2005 19:55:34 -0800 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000A_01C53F99.9723D020" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 0.0 (/) X-Scan-Signature: 7d705d72e8b350fed958d93136c5ddf2 This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C53F99.9723D020 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000A_01C53F99.9723D020" ------=_NextPart_001_000A_01C53F99.9723D020 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Incredible Benefits! The United States has objected to an Israeli plan to add 3,650 homes to the West Bank's largest settlement, Maaleh Adumim. The plan would cut off Arab neighborhoods in Jerusalem from the rest of the West Bank. Israel insists it has the right to continue expanding these settlements. The United States opposes any further construction there, saying it threatens peace with the Palestinians and violates the internationally backed "road map" peace plan that calls for a settlement freeze. Bush said Friday he would raise the issue with Sharon. "What I say publicly, I say privately. And that is, the 'road map' has clear obligations on settlements and that we expect the prime minister to adhere to those road map obligations," Bush said. The president has made the spread of democracy in the Mideast a goal of his second term. He also plans to meet with Saudi Crown Prince Abdullah at his Texas ranch on April 25 and will see Palestinian leader Mahmoud Abbas when he visits the United States next month. Some Crawford businesses displayed the Israeli flag to welcome Sharon, while a few dozen protesters waving Palestinian flags marched around the small town's downtown intersection Sunday. The Unity Coalition for Israel also planned a demonstration Monday to tout claims that Palestinian statehood would be a reward for terrorism. The "road map" peace plan envisions an independent Palestinian state alongside Israel but has been frozen since its launch in June 2003 amid violations by both sides. Sharon has said he will not begin talks on a final peace deal until Palestinian leader Mahmoud Abbas cracks down on militant groups and disarms them. Bush agrees with Israel that Abbas must do more to rein in militants. Sharon wants Palestinian leaders to guarantee that Israelis will not come under fire during settlement evacuation. On Saturday, Israeli troops shot and killed three teenagers in disputed circumstances in the Gaza Strip, shattering weeks of calm and raising tensions. In response, Palestinian militants fired at least 21 mortar r ounds at Jewish settlements there, the army said. ------=_NextPart_001_000A_01C53F99.9723D020 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

3DHere
 
Incredible Benefits!

 
 
 
 
 
 
The United States has objected to an Israeli = plan to add 3,650 homes to the West Bank's largest settlement, Maaleh = Adumim. The plan would cut off Arab neighborhoods in Jerusalem from the = rest of the West Bank. Israel insists it has the right to continue expanding these settlements. = The United States opposes any further construction there, saying it = threatens peace with the Palestinians and violates the internationally = backed "road map" peace plan that calls for a settlement freeze. Bush said Friday he would raise the issue with Sharon. "What I say publicly, I say privately. And that is, the 'road map' has = clear obligations on settlements and that we expect the prime minister to = adhere to those road map obligations," Bush said. The president has made the spread of democracy in the Mideast a goal of = his second term. He also plans to meet with Saudi Crown Prince Abdullah at = his Texas ranch on April 25 and will see Palestinian leader Mahmoud Abbas = when he visits the United States next month. Some Crawford businesses displayed the Israeli flag to welcome Sharon, = while a few dozen protesters waving Palestinian flags marched around the = small town's downtown intersection Sunday. The Unity Coalition for Israel = also planned a demonstration Monday to tout claims that Palestinian = statehood would be a reward for terrorism. The "road map" peace plan envisions an independent Palestinian state = alongside Israel but has been frozen since its launch in June 2003 amid = violations by both sides. Sharon has said he will not begin talks on a final peace deal until = Palestinian leader Mahmoud Abbas cracks down on militant groups and = disarms them. Bush agrees with Israel that Abbas must do more to rein in = militants. Sharon wants Palestinian leaders to guarantee that Israelis will not come = under fire during settlement evacuation. On Saturday, Israeli troops shot and killed three teenagers in disputed = circumstances in the Gaza Strip, shattering weeks of calm and raising = tensions. In response, Palestinian militants fired at least 21 mortar = rounds at Jewish settlements there, the army said.
------=_NextPart_001_000A_01C53F99.9723D020-- ------=_NextPart_000_000A_01C53F99.9723D020 Content-Type: image/jpeg; name="PerfectHGH1.jpg" Content-Transfer-Encoding: base64 Content-ID: <000301c53e66$d82fe150$1102a8c0@Sony> Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsK CwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQU FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT/wgARCAEcAjADASIA AhEBAxEB/8QAHAAAAQUBAQEAAAAAAAAAAAAAAAMEBQYHAgEI/8QAGwEAAgMBAQEAAAAAAAAAAAAA AAMBAgQFBgf/2gAMAwEAAhADEAAAAYyGsER7fFwt3bgi9FVOIx47SccxnnUoguWgt6CPqnYIeP2g M+ZlVsZ03ucT0V5r5pNN6dHt/qd0wMtMpGyXDf175jF17QY5YL00Mr3SWz5jcHqzfQBkM4tmhFGr cGulHoVo3UoFzS14AtgAAAAAAAAAAAAAAAAAAAAAAAAAHylFWCM9piR0Sj2hM3KezG/cZtn5Yec5 kxzF+wSPjHsPUfOJOnEazZFqr6D6w2eso1sWHMbVD66L3Wq2dc2F+xfcx3VNuSBX5j7+jYPp87Gr Dpz9d8cpP04nY+dmP0jHMXltD+pG9LQeXbe2U3D7xc7PMLAc7eAAAAAAAAAAAAAAAAAAAAAAAAAB 85w+nsO/lpM3anKpgZrpXJbpVmsqzgTZLs/S9xmlrBQGUvyulYLPldoXOylasPf5K7Xh3asdFTaG mOLPDWNdpV40d4Wde+e1kAApV1zhPQtqUFRlbtFTaUOr9qiFKu3BZ+cZ1Be6SSil7IjLLTRezQIq mvbJsrmr3O+eq+OO6aX7DhkUd2GnMoZbH+eTExO2HP7ffHXHMVKL2TkliV6suYdV/PYZpa9SXi1z n8w1V/JAHc/OPOk9KnKXHECqfLZsPE0q/wA7VKLse+V0IPBvpHPbzSN2i3VXVzL/AKLrk1jL/WLR 3+L6tHudaPZdBZEvJODkqXmnLR2i/XvntZAAKrairazIypF6xNPQq0hbKSQr54EV2XdhLHiRCsNH IJti0x1WkbLduM/YMNqRyO4Qq0Mo+WTojZvIGOlOp2PGbou1rjqnV7V1+OdfPkW+kaPI40WvF2qj 1Wq+u6uTitBinujPMDdNzVOmSd4kGzZWZ7pVrqXjO5dl2FEH2aGZtFs0HMHcyyG0+/fbMkkM+PU8 FzIw7mIepI8QSk7XrEq828Zu8DuvfPayAAAAAAAAAAAAAAABg+afT3fW5fzrNbmmTks7pSyHfN03 usY1Xzpr9nmq2+ZOvo/plMCb/QCMT87Qn1Pyxbv5N+tWWbRE5ftTmlvkuy/RUTsy/Osf9ZchTnlx 75+7K2Miy3Sl4r7eCYgl/KdmsQDys8rfpsxV6eU0nBJW7vysZC9QFmQdyeo+h5yHCPHf5jrxmXH4 wcBN2iq2nA2wvGbzlO6989rYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIGbtv2c6Xq ndhmp6x8L6GNxzV8QJ+gKXylldfL3jVonyWkPMztrxlYnrPX2azE6XQfVc9j72dXKm4Sc1JS1Vm0 c9089ZvOU/qKlWyHskZLM9CNK5pqOjNe/a7XonRUM6s0xPq0eEtXU1M3ma2nX1Fj7V03mjMqzo6O fWqLO39Th7V0iNpEXeumP6bZ0OlQM7wAAAAAAAAAAAAAAAMQZrsvTY3nbTpczUU6R+d+oa5NodVK ryFQuudM/A3RrTzed3bPvbv213lWnv7k7GNJ3oooHnp7jijhFxUlrPW7Nz3Tjtq75rvYWaTQ+H9l 6c1U45rMppzOWkO0auZdVWcmLmBg2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYYymGPpMaPqnMTz IJRnzP1aNbe1W8PrbEWZfImo9Z3TkReU7xTbPp1/zKyR6vWrBU7X0efRml4pXseLy4ScbEytnirN y3vV01MLfYGe9U6vQV+qL0uI+Wa6sxx50RL0e8QQN0Hzm9Xc/XLHl0gCmAAAAAAAAAAAAAAAAAAA AAAAAAAAAZTFqx3dyeIrN6Xjqctx889Tcqlapm6qXY0aZHEu0XRXlM2rvc/va1524lmE9i5ya8ho 3ylcnWvc5rfh8n2edMysRK5GSCiSqmewE+KdX67oUM5NcdyjvVlqMw4kQzmdnC9G8JcW62QUdZVb 1i4y4NqzDun/AHEy4GXSAAAAAAAAAAAAAAAAAAAAAAABirR019Fi668AojGwZr899VpXmO6Au1vk 65YpmfhWMWxF9Wz9NZp3eZBbR0s/ek31znc1vyz7muOPWcO2zFQsWRk+s0d42+wM94h8Dn+uttCK jCaR1qzZ95oQRQ2OldBkNjt8haM1t8uKY5AzaAAAAAAAAAAAAAAAAAAAAAAAAAAAAMUbPWnoMfvf K0TCZjruceL7+eeTHUEzYs90DJVCIdRa5i7rWrffUyZ3hYvT7pF3Hv8AJbLcK97l+OEHF6yljr1h xNmnbR3gd7BzjfPoisz2Fd6MxZa75ryZPZbavW2VN9dSvTDJ/WPbRU6DtSK75TOaB4GN3KxSMwAY 9YIqkegEgAAAAAAAAAAAAAAAAAAAY4zfM+9j5iZqm0tDOs2heFt0m4fOn1zW0LWt6o/Prm8fL0/m OScQTRzNJWy6Zv0dPk0p/qclJ30ek5nLhFaZlLBX7BkZMu2jvC32Jlo/NoRy7VnGhGbtNdNeTDn2 xl65qtogpmRWy4spjLYjZ37V0CqbJ1S+fQ2vFZyhLXGlq5ddrEotgJKZn+gEgAAAAAAAAAAAAAAA AAZA0etu3l5oWhZqm2Y1y1QWNsT97fHP2OuyrBXPElx+cIG8ovpKU8uvbgmm2tasTCbBfRSDA9By hZFYmSsFesOS807Zu8LemL6KQ9fPL0i9NBl7HJbsWW2mbkonPub75Bnbq9LSZ5B7OwmKGy1BGDP5 mzEWzmyTL0jJFdYZspn2rsec75QYcodIkZ4RKAVuAAAAAAAAAAAAABkjWZh+xm9y3Uc6pOeQNsrn OdfPpfGNfrY+ZLT8/wCZeqVypuEz9GyeO6PyenYJbHtxzj+GKT24uHdfsXouNyrwu4fWCFsOR0k6 buMd+m7iEQ+Tz23RGlHMRaDXjg3lmia2pr61x7Vs4qcsdLR1enl6XqS1iUvRhWbTJxNPeTbO0Vta 0R1qx8jcjNoz2O1MtXMHuhAAGXSAAAAAAAAAAAAABmMZmsP3+VsMPm/l4iK5PtsLdk0P53exNgiY WrLqOmvURUrDKy+Rlkv+TLJ26lXaU01Tc9A+dLLu5m1q4vN642GfzC58/XcnLR5g0+89QKHzlOlK xpQt4la9uLqsxdgBaO8kAjpmJstLQUtDJzHXNiaRMNOQ7yYUb9uYtFyKDW1b2ViuodpJSfYLqVZp E3Qot4rboBbAAAAAAAAAAAAPhevWGve58aAMWABoLyeneT1M+Lk7gzOUlLnJmL6wXKl8ijlfNeWi AbsQABaataVN0bRc60XhdnRJCPkON1j3yBQ+frC9S0Im5utJa8ss4ras1lhOtSXKRoz+lp3x9RK2 s8lT070m+YKTtDicpfcTLrNmUFlYxJEvZinrWiwJc16s2mw0SJidSMxmqXuhSICY1YzfsNFKdBxO mlBQDRSrsK2u5m1gmPkCvfaiHY5XxkfZ3tq/GB9oeh8X+faXofFh9qeh8VH2t6HxT59seh8TH236 HxGfbnQfEJ9v+h8P2n64WpbB9Fvrnn7+ZBPvDs9989iSFmi1YB5JkxGcyoDJrLkTDqShMRcfZCYi PZYiYVxJAQPU4TEfxJlbRXksTEbxKgRicuBHIy4FdfShMMG8uRMWq/ImO4lAiJ7kySG9mAIlw+In /8QAMRAAAQQCAAQEBQMFAQEAAAAABAECAwUABhAREhMUFRYhByAiJEAxNFAlMDI1NiNB/9oACAEB AAEFArtP60iYjca3AYup8DfpamJzxffGtzlnLOXFUxU5Z1exLP8A2LDaYkob41iZgjfcFMgxP426 T+so3EbmuVMdufBR1L55IHBzNTpRMEDSd0rWdXTyxEVca1ZJJ4uxKJChEr05SGB9mVwQ46Wde2KA wBolfXgIcKkP1CjrgkatSDE4bfa2euW0uxyWuxDb7TFFR3wclrVXgl1kV2cHv4u3lP3n1FIm2hb5 UHFGbpVAT3e+hspdV2GO7rB/iFHJsp+81FcUIXCeN+ZcN/rCNzpzSE5W8bKQQ6se2xPb1SxCydmt DKfPgqrIyb6xZ5FEhjJWQyzlc6eq/dOmD7pDkSzMcnmJdfC4GVRWVIbhJAUj5KOmCO+mLE4biNGV rQYvL4bbAQJLo1OT5funwvVHN+I/VXWRVe4TTgjGBapdzyzTVUEc2/BQsdpulvEfQQtEF+IGoziD U/wwZK2g/Mt2/wBXRuI3KCwbVGRs7xFdN4Nzp4GsSf7MUhB0GI7SSyx9tCo3xylq+cuWOdwc7R55 XfWcZ4qfx8JCFndyA0xJQgT0Eg/XIG4MmRcSB4y4BKsUEQbUagQk3W62xMr6kSrywqxbaGWoDnAd RAOrY9RqIo4qcOAyHX66AWqogqXLDWa20JN1SqsCIYWDxfmWoq+Z9lUxg6uWOtVEji6MjdyRJOeI uK7OedWSTNiZZ7LIro7ggkkWTvIJay9ztJiQoi8kyQfqWWFrEc3k6DB8jxPm146csyxtx6zArwU5 ItqCkfXHTS7ECfDZQk7CPAR6iA8AJsIpZc+yhwEaodJY1A/jba+77degAuhz5PVgOQHTP2u2YeSV NIRr1rWoTs0WuWUxjK6ynBuRL7Bb4UlfVoSNP2IKtldtgaZI7zGvrdm7NOJcrXQpsATgSz4QXS7M GyV2wAtrG7MpJy7YCmH7CFWvhk70XA6DrL8Ei5EI1mOZzxIUzpRMVMavLP8A6w2GWZM2i67pohHN /kkMsULpElimRX05sk0SvxHK5VXkj15rJCrlHGXnFD05GmJ82rva0/ram57o109ls8kD9SbVn2lr rxqHVQM5ltILyIpNk/2WmyMho9HVrqCuqRrPZja94ez3teV1wjES65RxdjZra6gqIwKyU0jSX9uk 1n7mx34aOauth5o9nuUfWk7C05msAxtk3IOvKiTXT/MqeyAgfvOufRaWP1LtM8fjtXYiHvlSAA6M y3QYcmXXKgSOPZOJK8i2+/BcXlnPFxXpFgLnPgrdbGAhU6ypz7gGYYqiAcbM0SN41jqURUbFJr3a gqzRuXI3e7388a1XuY3kjFyNcauJ8xGrVRU661WeFCqxa6IfWq0WeMOGEiESEeQjW64olKYJGTiQ kvJ16vMKGFiDjhCgHnPrh7OCvqBKvPS9X32hwtKsKMC1ePq1UJObr1fYzQQRjRFhQHRnV49lAJRA hMi1arhyMCCIgjWKwqaGFg8Tw4ZCj6MKylSsFaCNrlcJkAcIrruierpKCUud2r1b5vCRIVxIX7vn yxX4i81fnWvNXcksyVYG8yMIWDYmSFXpkasvKVhccI8NYNDahqvSrcsamInNUhSOqfifrHGqq1vT iPxr/eJ2MxPw7nbK6jmg3CsIrPX9N37XcK2nM0K6LtyZrs7XdwrtmeVYVO51lwULtVeZDWWg90Fq mwGNm0HaDLGw17be2HU7jW3JD/iFTMi23e2wCV9pBbgDbhNWUuq30d7WWG42FXtjbmeTeJPiBTRk jbKAXZhbIBYElWVptR+kXZ89sYv3nV9Ku90k6c72dXvJL/5zld4kB8cjSpghEPnH2AeukfFAjYy2 WGtvhIbaP18Ee2fdjwNYKO9/PGr9SP5J14j8iXmsOR/iHXXd3AReqlu4I2aLQzQib58MFapXxPHj fQ7SH4bVNuIHP2CkOgDrvhv/AMvufdpdl2gaTVTSiGUFPE97/iDrsEb9Rs409GDTCzhBxtdp2oTi y0Q1Qy8vKFC32VcWGz4dzNnoRpWEa2tmH5TpWm04VbUGfver2V+dWc8jY6XDI+lK8ZJi2D9TrDYl qpo7YcxyHI44oxzHBGMEmPiDKfGOwLFfnVjF9+vOrEXIXe8OR4n4Zut1tgUuvVqpLQ184huu1tjO FVCVzzq8eyhfXDShV2uVtTK/V6qQoIEeugNpgrGWwqA7VLCkBtYotdrYJYaGvGGk1+ulrwK0asGi 1+ugFrKUOmbBWjCkspwozpNSqJSTqoSziKpwjpCw4T4Bhog4Dv3vPjGzqdO5joVn7JFOSjSWnMxJ RZ2zhjC5KR4e0GRGwQpGZggUs0vPOedWdedzO7jX5CvuMuR4n8aav3nFr/rc72t2O5U0rfHuj9jC PqScuyIh+HoxsYmrMDgIgYMytsYLIYkRwrlzn8jMgwbI8T+NN/e8W/5udhvJWlFeXWviPt55ueCh xVgMcnRHGWnOeGGxi8qaNNG1Og0Nwq/IzIMGyL9E4WViytHrLFlmOJeBG4po6RkHjixxFwzjvMgj xSYWtIPgFGafAqOLgY5xkDHMnjlyC4DJa8yCNfERdxS4Eb4mLrnOgHFddBxq4yBjfERdwi5BFgHt xiShioy2fhGO++5pnTzzozp5LK7lhruTDnIZJXzPaHFB31CeXdWk1krZYjsGK5tciEQxcnIsaPjJ HUeblnLOWNTB0wfIsTgSNGXGMLGHHBqRLRPISkMZq8zYya+V2t+liI4yNTKeETSK7X59dmJmI0qa Yc+jIjL1+j8tnD1yeOyg1Qoetk1f+qM1o1Gt1B3c8tlkqfJy+a6i5IfR72iJrRxzZKCWaatEUKD8 I933/ViSqmd1VxE+mWP3UVHstalIJax8guPg68qIO3FdwOwMrrwMjkotm1kj3LFNFLzS2h64uLMg wfI+NvYOrRKewdZCQXI01e25Cc8SwHOxLkJzHbEAil7OEM12wCIT/BWH+wTiQSwaGOTvQusnkrfD PWIZXolajpY0Tsw9vm06KOtIjLdyrp+y5rvFjCTc8k/9IOLMgwfI04yRtlSONkSR669gDdZRJKem bURxajBHYM0qFkQ+qkqazXEiN/grD/YJiYv6TDsLZCxrmmMJHaX5irnRcsomdTZH9DfAuKwyrjkg UZa0lr+hac7lkAydxsfShY/h5+DEyBMHbkf6cLsucIKjLnNCi2trRYr+CeVdvBSAjZQRnEbOGI+W xjjPstyZGONtMUlOLtLpoQrsY8n886FXH9lUxW8s/wDkaIxs87o3Hvgnw0QGfGgD17Kn2j7yo9hT VXqRUtq5pGMc6N4ju3gpPOJsnNDR0Jh4MwZntE3kjflbrAnhkpY2yJrgrIk1cNpcetCRSy10ch7t UCcMmphpDFrgsDI6OGBn55aohcj+D39vJilxbJ5pAdYO2Owp3LYoGsa9x8kZEiQNSVzVBJSbCW9U V6Kqx08qTsr5kY8OyRyQv6kMi6ClEa9g7enI/bI8TjdqUgVH4rwQ2xkdtdrR1a3Yvvm7c17wr1DT 4NukgIL2mMaZLnkCRtfhGT7IkK2WwTvqqfYW3Eztt6YitkaOQNeoST+Ue/77nwJj7kETneKFGZ4y NzmZFP14YAOTJPEfTZBYvJJKt/ESVM/bVsyPbKiuhpqIlJIKmJjoQBB86mpk6c17mRKvWznkeN4/ piLzyGnDgzyIHsyVg0sraABrYgIIJfIwe55IF1qBAsb6gOTPIAER1KE5g1cOG5aUJzFpg1liqRIF /KP/AH/EiPtTAEMYWr0XGyOZnfYSyn7zHuFFnxmv1LZPKa/GwDsxOy3Fnbnikzv88if1YRJzaj0x krEyOZFyJyLjeN0NOUHSCziBs2E0OtguDJTG7RYSjy7bKpEm0FKTdWJQN36vn7HqIyM+2sTfRxew yCzUpjp6z8479/xuYe1LYj9zBbuevcJZxEsH+7yOeGOOU5MdY9WNt0YnnS55u5c8ycuIeqqhkmOv Fhwc5pkOMyHIMj4ucjGsekjYw4Ic8EP23CQPjUSB0vhIMmEgIXwsPemqhJ4HxMkZ4WHvRjRRfnn/ AL9ODG9T7kXrbOnPDR+rKtOiJ1nLNDGUxuSTo/DSEbCPUpK6OhV8flh8DjzpqltcQ+0dFUNbjBoY s5InBmQ5BkfG4rlshKauWsFri7ESvfYmqlXaFjAOt7BwdlYGh1MNlblRNtLNo5chLwQ7a2nZPZvZ Th39vODXEkH3UtsUMU/YLDw9RYEkWP5RyffcIvZ5XvlhEjXSt5tSN4glcyUguUJO06NWLNF05AY1 j2F9GQmK5JSIXRVIEQpi+yNcqt4NyHIMj4zkRjRjkxlRo5F4c0yWeODj3Wd39OM00Y8efpj4BLFO LZmOk/HO/e8Lad4oDdoaqqQOY3w6ROoarzV99SvrmQlQzxPYi5NHzyYbIjelIX5NY9oXX/eQ0762 sdKucsbkOQYzjZ1zbMasrm1g9fV2IFeQNbNGEqi229mPbnyMgtfLRx7GEm6CLcfdttiZqJho9MDF bkWzhLgytu4D5jrNbwrJIjA9er3lWFzHDbKP4O3shJgDY8pBVFX8Y797w2mXtBvHkR8hLZFbLJmk hqLrie2W+ujkSFUZ0CEtmY7uO6pnNdgRhIEtpMtqZSj9AvlEcHyNyHIMj4nHxV8IJ8VhCMVCYz5/ GQ+NgOhKmyWZkCMkbJ8kBcRKrI1r8llZBGi80/EN/e4mbHNI0o1JJklh6Fhic8pkbRYv1SeTodK6 TtW0lyfdD1qPQvSBClvNUmqYtY1LsweUx85xGwRcW5FkGR8TQ4z4AgowIYdfJlauvHSVK0REVpHr thlZTzDWplEZKSuvlNfDS2owmvURgFuPQFB2YOpnwAs16Var04X3hddNgbcVxplk3Wi4hq6lVoJu t2koglTMVbVmsFQCRp0s/EN/epiJmzf7SeL3IbzzWA0J2eT3VOaZtOzxUTm7TbpLS7GVbziTpOKP ZdGHFNLGQWRWoIQzJFe6HlxbkOQZGuJws7BtaNV2LbMYO7EOwm+DHTzAVMMuxA3KaOgzLISVPNA+ S2gbYVOHR8cjJmrahI7xo6kNtA3wgWUNiOtqEjC7oUQqSxFhl8cN1z3QI4z7EZkcVkO8Dx43c8yE x9mHHLJZjRP/AADf3mc82n3up2ZNH7/D0VZ9i59aTPWAcrVrE0puqx8kgmorVszmyKxxM8JkZ0kJ cjpmNmVDnqzGuSRODciyDI8ThOPGVGONGKyHUXQ16UDutdOb25tZfKURQPmqD9LlNSXU3SY6gmad Jq7hKutEmrkm1mSRj9TklFdrZEhEdQRFUQafKyQTV5xsK12Qi0rtPcEq6k5QbbXi7UmSje6ui1bs Mi0vpjdRkONqdekgD/AOiRSeXDbRl7sic8n9l+GsDYwl+nPiBs7lc6NOaM5NYeTC2rupe3C5Ywq5 wj9hKbGNNIdGxLOwSeMMtOLchyHG4nC4PdXB0x77INdlb4BNkrlz1HW8pz4Bpl2Sua2a9CHKK2YS KKr2oSwEIPgFlj2KvljrLVtki7AA3FvAkjG2IWd0dsLIK2/AfhGzBQxSbDXxPj2aJ5n4xknSUq8+ FuN4muVOWEt5L8P28qJzGqqfDrzAm3E1mpVZdeRUl1R7DZIllEs7CKHWe+GD1x9xZo3JZRxsQaCJ skL+5HjchyHGYnBzGvRrGsyXWWTq3TRWDrqvW4+tQ97tPhkEh15sdvBqMQ0AGqRg2B1E0430tF2I Knsju1EeWD0hA0ETT4BImUsba1dehUn00zlNqI07I6LpL/GudxKGuPXJeeuS8XeS1at/zR1vG/Ad zIrR1+IBy4duJNi3xQueKEzxYuD2cAsxe0vOxm5zxp65Kx26EOQjapChY7KCFYd2JHZ69MwXciZc E2GaTBLJ8mDu7icLomcUKkJnKCbuUKDEblDC+K3hfETvMaOk2mCNWbiMri9nGgc3cBo4CLWIY8Pa EmazdAJGj20RJt3ZTV+WW1xBp6iYhY20CFD1WxC3M0+0hjlz7VH2WXXIGq3OEmFu2iLH6tDSZuww PlF2mAhi7ZC8Bq9Tf72xf9B8tLrg1gKPqg0wfpgeSvIoK4d95RDgDjaf32N1kdQJdK5LPrA0WWFD CIB8oGAYDgn+PySa4DKLba1FaCsq4GxzayGTE+gDekWrgQrHq4EUsNCNApQERkkVINDPDSDjjTUM Lo5a6KdjdWAa0vXmyyjasIOOBWw1rGaqBHM7WwlkdUwOiD10SvwTWBoB2VUMcyUAiNi1wOBI6IWG JPb+/sX/AEHy6uO8oEMtJK5kDh6+whsHrtxCnVtAaxIkjVQK4+F08ZhBA1jIStd8oGAYDgn+PC6Q lQqRCmhM2cgcb1JMpEe1unSXcPD5Ptvh8CLPJfDtk8z5tvWCD1HP5lWmpZAO2UgEIra5BZn7l0ql +cNZbFsa0a2G1TBOI25YZQ9h8VbSbS5mRbQ+WOXafBv9XyY7bHRpd38dKku5+HGFsjXkw7dLAMzZ ifHD7Es01jsvl8ztnL80j3BVHB2yQ2e2tp4UTa5x2kbS4dCtrcJjreWGik2RYpBtskLPqrWWzm2L /oP7fP2/sAYBgOCf4/I2mCayejEIL8sF6G1orWuqxH4OHAJiVATWrThK2OsFhlGrRxJjdeCNH8pD zykNV8mBwutFOwmlFLJZSARvgCZAUtaK5vlQnV5UJ2pa0WeTy2HxBdYKcrqgJ8cNcMPjqgJ+E0AZ Lm1YjVkAHlzygPrbViNicAO6eevHJetWI6R1SG9z6wSV89SPNXeTh8oaoMeUcEcVSKWvln8hrM8h rM8hrM8grM8grM8grM8grM8grM8gq89P1een6vPT9Xnp+rz0/V56fq89P1eenqvPT1Xnp6qz09VY 2jrm42sDbjRYW4iI3+O//8QAOREAAQMCAwQIBAYBBQEAAAAAAQACAxESBCExEBNBURQVIjJSYaHw BSAwgSNAQnHB4bEkgpGy0dL/2gAIAQMBAT8BK1QFPmoi1UTdkkgibcUJ4zxV7TlVdJYNedEJ4zxT p421zRxEYDTXVCRrjQH65TdU0/NXY7NN2Pbc0tRwrraDlRR4d7Hg8BX1UmFL3OdXX/KOFfS2qOFc fX1ToXljRlUKKBzHCvD65arVTZQpjbzRNjA0TmB2qcLTTaPkgaHQTGnL/Kw+Bimc2E5EiteGvsfu sPhYJYpH9zUZ50o5mennRMwzN5JeKBvn/wCA1+wUuAgifus6m77UFRwWIgjhhlY1ubXNFfs5SMik kEJNAGg0tHgB1zPouhYW0SXZGnP/AOc/L+VKwsxDGwtqbRw8tf5z+6lc1kJeyhkbQE053f0KoRxO xhwxFA+n+00rl98qI4WCe23Vwy/wBpThma65roWGs3vAXaHlTiWjmsTBFE3eQcCPZBA5eYUseH3Z lDdQHU+9KDyrX0Cd8PjD2Btc6/8AUO9K5pmAgkk3Yrlb6ivLJHCYW1pOXA5nX/g18v5WLiigtYzX n/XywxXmpVhpkhGBnRUoERVTHtlV+aOaSE1jcR+ydiJni1zyR+6fPLJ33Eps0rDc1xBRlkJqXJ00 j2hrnEhbx4dfXNdOeHk73Pjmm4yw3tk0811nKbZi93KtUzFAuuDqFMxTrd2x+XKqPxF8pbe49rzX TjO1rXv/AGBK6duu21+nIp+PfEO+aOz1TPiRwxbNWtffvkpPi8j/ANVtMtT/ACSVvWu/UhiGlwbT XjtzOiw7LW5ogHNWt1Cop32MuVdo+m7DSOJJPP1XRXBwcOFPRCA7jdI4Z2g0NPRQ4d0bgTwTsITc Qf2Rwz6ihyFPRdDdbbXhT1qpYHS0+6MJe1odwTcI9gyPNHBH9J98UIqPu5DbDEGtB2vxDW8Uydkm ixm8Jz0+RqH5lndCkdY2qJaxtxValBxaahRy75vaU0VmY2tQUJjEgMo7PFYp/wCITh29lXycGovk GjUHyGvZRklGjUJHl1tq3kvhW8k8KD5DWrVfL4U6WbgxMc8ntD6RTcyAgE9gPe4LHZQGmyOJ0xo1 NwzYBkpWVFNrdkLmMkDpBULEvukLoW0HJNMte0FdiOSDpzw/JFM7wXknZNKklvw1Cc0VDKYnVTXC VikBBUrLHbGjZE8RyB7hUDgsU50shfCLRyR33D37zX4/kpBMe6qT5Jl1O3+QKhIbICdkjb2lqkwr 2K1ELASHNpT3sKnbVuwbIZN1IH0rRYlz5pTI3s1Vs3NNbN+ooMnApcnNl4FFsxBFVbNbrmqS11+s djHXRhyDgURkt0Dqty1btWKdtGEqqB2QyGKQPbqFijJiJDJWhW7k8S3cvjRikqSHIRPoQXaprHh1 SfyI1WHflYVNko8W0ZPRxkdaBMe2QdlUKxcz2utaUSTrsGyB745Gvi7wWLEk8pfIaOW5dWtyEZzF y3J8aGHINbk+JxzvohCQO97omRvBqXfXbqg61GQu1TWxu7y6GD3XpkToDdco5Wy5NWNb+JdtGyAy CRph73BYtj5ZiZ++ujitarow1uW5FKVQiDX33Lo4cO9zT4A+vaRgrTPRbgaFyZCGmv1W6/JH23gJ 8hqmts7QyRBdqa7RshEhkaIu9wWLjO9IxHeQii5+/ZTYo2nI6Lcx61QhjBBrojh4uaMEXNCKO3I5 JsUTTqjBGDWqjayLJpVw5q5vP6Q12lNNpBCcQ7tNXeyRG7aXHaNkLHySNbH3ljI7JC3Ed4V/tFsB 4hWQtrVGPDitVZC8XAqkTqNqt3Bz9VZC+nkrYANVZh29lbllSV0ePkhh2A1+icXEDRdMiXToV0+F dOhXTokMfCOKHxXDNyFV1vhxpVOxkJNQhioimytOmyGMyyBjdSsWxsMhjmOiDcO40CLoJCar/TnP 3mmiG2g0QdAM0WQ0uohuG5BfgONOa/AC3zAaErfR81vWc017X936D+8drImECo95LdNpomxRmUhN hjORCNlMhtZqoUNFFHvXhlaVWKbHBIWPNacVfADVX4fNEwilWoSQ6ImJgrTJbyAVV0FpJGQQkgZp wVYKK+DVB8A0TnQNNDwQliZ5f1khPG5OxEbcl0iI8UZ2NNCt/HzRlYNU2ZjzQJ3w9xNbl1c7xLq5 3iXVzvEurneJdXO8S6ud4l1c7xLq53iXVzvEm/D3D9SZAW8UNhAOqsbyVreStHJWN5KxpFKKxvJW N0orG60VoVjeStbyVreStbyVjeStbyVo5K1vJWt5KxvJWgcF/8QANhEAAgECBAMGBAQGAwAAAAAA AQIAAxEEEiExE0FRECIyUqHwFBUwYQVAceEGJEKBscEgotH/2gAIAQIBAT8Bp+AR3CKWMr1BUOka X/4AiU6m1jEr5rqeUxDAxt5SpGq2UQ4eoOU4bAXtBhHO3S8OHqDUC8XD1Wt3d4MNUYsoG0am6i7D 66HuiYi7UmAldco3uey3YJa5gXLrFDNa8pXQtK2saI2Rg0GMTNmPW8qYlHpkW1NvSU8WERFtt/iL jKYbNaDGKP8Ar6Ra6LUc62aVsStRSBz+umKsovHxd9o75oRNNpUbhreNVJ3MWoyG4MUl1uJqsRrb yowh7WPeWPUZQWjOwYDf2YXNhbnFqsRf9IjFmUnpAWAzff8A3OI97e/8xTdSWMUXax2lyKefpM7L f7TiPfLEYto0Be9r/aCqbGGqwF5ne8psW1PaFgExVfh91YHubtOKb25S4J1h0mFFqYhAjG8Kw9pU NvMqjYQKo2EKg7iWECgagSw2nwzFQcmkOGc90pPgu81LTTWPhnUbRqJGrLDgigYi3djYVqZJCxcH Uc5Su8p4Q1b2GogwTVi1PmIMERsL85wnHKHDMELX1HKZdBMsIVBczFvnqtliEkZRCTexgaYajxag WCnaMsCyoLQ/STF00AAHT0M+LQqVPO/rDiAcRxouLXcjUX9ZXxKVVIUb2/xFxqjICP1gxaZTcam/ rPjlz5rc7+lpRxC0b/qPSCuEZynONjUc6jp6QY5f6l98oat6ZXqYNuzFYhqlRl5CdTA5WKbnvc5l M/DOCBp4oFmWZRK0b8uNuyobux+8pi57L5IlbkYndNxMFiuMMjb9hMrRpVDlCKe8wqXp2xDd6cOl zaLTpndoadIEd7n6QUqJ3eNTphMwacKjfxe/es4dLzxkpC1mvOHR80WjRO76R1pgXU/SUd0SoAqk zlrAekcnsI5xHJ0mGrZHDdhlWGVVZkIQ2MwyWphazXMZaIU5TrMuG8xhXDjS/wCSVhlEexQ3g6zQ mG1oLGXtpL5TKRFphK/GT7iGVX7KqF0KqbGYVUp08lY3+8HA5+9/2n8v95TNAavL4bXSVMl+5+QR dBMUhqUHVekWA9JkJnDYQ6TxLaU0cbzBVMlS0zG0PZVTiIUva8wypRp5H1mah5ffu8ZqFu6sL4cm +WK1H+pYHoAg5ZmoZvDpC1HLtr9ZfCOyqgSsyRqbLrE+8zwkdJntynEJmE71VQIaQj07QyqgqoUb YzC8PD0wlriCrT8nvWcWj5IKtPKAyxq1MlSF2MeojLYD8gNhGNlJmLp68QSjKpVWsICISYLHefh+ GpPTNRxEy27sMqQysiVKZWptMI1OhSyUxdZx1tbJDVU2OScdfIIcSCLZIlVVFsl4aysfD7vePVQi wS31l2EqHuGZM+k4ISYjCB+8m84TqdRADsYVy7zCMz0hREUZYZUhlYUzTIq+HnMJUWlStRHdnxLA WtPizoMonHN81oaxdMgWfFMp8PT3/eJiCgHdgxFgdN58QdwseuzrY/UG0reCLpKm8JtqYWDRnRfF LLENjp21IZWKCmTV8POYSpalfDjuw1q3Tf3/AKj1qrDUbzjVdrQ16pBFt4MTV5D2IMRV6Q1aua5G ojVazDUQYmqRly+zKr1KurCZW6TI3T6Km4lXwwGE6yowJn6THZMt3NoRUqKrUtOoiGwsZSqCoJeV D2VmRKZaptMHULUw2H2Nv2gfEDYGCpXaxEFXEm1pxK9M5SPYl6yXa04mI6ekz10vpvM+IJ29JxMS xzf3nHewHSfFVesOJci30Uw1SwNocNVI2ny+vPl1efLK/ICfLK/QSr+D4ioQCikfr+0T+H6qOag3 P3g/CMRKOAr0jrDh6g5SpTYQyq4pIXbYTCM9VBUoCM2JUXMCYmmBafzI096RjiM1zvCuIOkFSuSF vD8Q2ph+IUEnlP5htIKFQgkCcCr5ZwanSNTZPEPoU/AO2pVqBjY+9Zxmv4o1WoKQbnrGr1F1BgNS 4ue2ptK8beVX4aF7XtMKalZA6aTJiCtuU4eJ0gWu17N6w0q+5iis5y31nCxBtMuIzgA6n/yGniHG vOWxBO/rOHiPD796w08Sd4q4hxdecNGq/wB/31jYeovKLhqjaz4aqL6RcPUYXE+GqnlBRc7CNQdB dov4mgAGWfNE8s+aJ5Z80Tyz5onlnzRPLPmieWfNE8s+aJ5Z80TyxvxJWHhlTEh+UOvYGI2mdusz t1mZuszt1gqODmvM7dZnbe84j7XmZuszt1mduszsOczt1nEc85nbrMzdZmbrM7dZnbrCzHcz/8QA ThAAAgECAwQFBggKCQQCAwAAAQIDABEEEiETIjFBBRQyUWEjcYGRobEQIDAzQlJz0SQ1QGJykpPB 0vAVNENQU4KywuEGdKLxY/Ilg6P/2gAIAQEABj8C6Q/7iT/UficbUL/KhqzjQ1w+Af3hj/t3/wBR +EwyMyKELXWtjD0g+2vaxHP1U0Dm5XnWo+Bs5IC15K9vGta0FBRxNFL3tWUm2lFfG1KiXa9AYiY5 u5aE8T7SI1h8QjNml4jlWLkkYjZLcAc+NaVeh8TC4yOcv0bIQHisNDzFKmDxex6Lwke1xMwtY+F/ 550IFxBUsbBmSympOjlkPWkGYrlqbqrl9kcrXFqbo/ETl8HMPJKQNNLj3EUcM05PR7TNAqWFr8B7 a6Q2uK2XRWCj3+7P/wC7+qlw6TMrubKXSwNTwzTkSw6MuU0ZsBP+EyaR3TgRa9/XSsZNpiIkG33b a06tP/8Ai8lk8nrm0/5psPJOWddG2a3ApJ4HEkTi6sPy3H/bv/q+Fvsj7xRnE0skyvmykc/VU+KK 8Bug1IuJlie/ZseFZrXIPOpSeQqWbTacLmjtHRpBwINRCPS+ppGChSdDRT6K8K9FG8T5r/zzqC/d TrKcq34+FPNFMzheXKsJ1qNpFtoFrGdViaLc1zeY+Pwj4mPEi5skZdfAisXLCu+83lCOagiuhooW RsQHG6vaGhv7bUzY+UROMIA7SH6WRb10qRwMo/fXRfSkQ34zl9Wo/fXRXSI+eXEtLm8//wBRWO6T xOFTFvjsXYJKN2+pv766DaXFYaUnKVhwy2EQuNK6a2iK9ka2Yeaul2yAsmITKbcKwggMRkES7XJa 9/GukFlEMUWzIQOAFzWFq/6gjxjIs1jmV+J0P76kL32ZmOzv5h+W477d/wDV8JmZC4K5bCme2jNe rgXHAimEUOrc25Vsba340+l81MrDMjcqyRx28TxpUmQtl4EUjhbBeArMqlW53rNo2nAGmbxvSSIC mUUOs4fO45rRghhEUVQwZCDHzqeMqTtBb47wyrnjcZWU8xRw0ECphze8fI3oYiPBIJAbjnalxWIw qSTD6R51J1SBYNobtl50IsXCs8YOYBu+lwTwK2FWwEXLSuodWTqg4R0iDAx2Rsw43vUuLSBVxEuj yczU2GTCosE3zifWqTqcOyz9rWhiMRhVeb63CtvPg0aXmeF6WKJBHGosFXgPy3Fnvmf3/BpV/kC7 myijHh08Aed6faOWPdm0rNG7I48aCSnPr8Xh8n0ws0hdYcUUQdwqMS5mkkNkijXM7eip7M0TwfOx zLkZPPUek8cUpyxzyRFY2PnrpiCSS8EOyyL9W6XNGWAl4r2D20bzVJAkeIxMkXznV4i+Xz1FjNtb DyPswxHA+PdSYcCaJ5AWj2sRUSD829SxeWk2OkskURZI/ORQnlk2rGSQZvDMbV0vD/SU+GiwzIEW ILzB7x4V+F42fGNK1o1ZQXPgAoqSMbSGaMXaKdMjAd9ZvLdXvl61sjsv1qxGG2l8OMKrhPG/GsNh sKxw+Ha5mxC2zDwFYCPrkuLwuKYoyTnMym3EGnxxxs+EhLsII4DbdHM99YrDYog4rCS7J2H0u41i ujsfLnB8thpX5pzHoqXpHESOMJM+ywmHVbl7fStx1qZTnw0kS53TEJkIXv15UsjJiUw7GwxDQMI/ XTRTO21Chsircm/C1OVTEyJH848cJKp56LYWfLtUvHMnvrEtj9Mdgjs5U5s30fXSQ4xpsZ0g42sk UEWfZg8tKTFiW8LOI+GobuIqASmxmkESac6liQTTyxMVeOGIsRakx+2/B5NEsNWPdbvqLCYbCSbb tyDE+SyJ3+NFvLHDg5TiREdl+tWSWQ58gcKguWuSBb1UkgBAYXswsfhn0+mffXCuHxgOZ4CnijkV 3Tjb4Hw4OWOHTzmib389bZ73bgRpRhcrIintvJlNWza+NFZDcppfv+Lp8l09dgPw08au7DfwdoT4 5t4efhWJ6rqY8GOs5Pq7QfuvU9rMkkQEVuZ+jaumMKk/V7ww7VvpM2yGnmvULbMQPH5KSIC2RhxF Y6TDYiHozDxTshtEGdiOLNet59urdNjet2tBXQVuPWv9pqbakJJHNLty3I350hTsGWS365rp7rCu cjx2ySsnI9xrAQ4WfqsfV3ETS3l3r6jePGpmfpJZ8amEktDHFlLIaRj0tAmAMFj+DiwW3nrZ7TbZ ejoxtPra8aG035n0jhTtOabH9IyJ1pkKQwKbrAD++hhH3Z8K7xyKeW8TXTOOX5macKh+tlFr1hXY b4xCqGHGx0NdGJBMuEj6uyQlkzDN3eq1dbxmNjxk8EDkYYQ5c6nv8KlmxPSMKxyRi2HhhGU+APGg zC5Xo9SD6axMvQvSMEmFeRmMGIS4Dc9eNQT7JYL3GROAsbaV0cxTV4mdu4leBrpxJf6x1nNrxyW3 a6Ymj/qnX4N7lcWzV0HFmG0OMRsvhXTrW3jjDrWFZSonTpWUxbQ2j465jyqfFtJhklgwsqRQ4aXO xLDmaRj0tAuAMFj+DiwW2o41hRn6xsui0ySkfnnX4k36Z+OC1YrHvrJKckP5oo7FmjlYdu962GLR cTE3zcqaUZZpVlMt2uvfSub5RQj7hRYG0vfTLmkVl7tQfRU7iTd+r3fLvNLgY3kc3ZjzNDD9UQRK 2cAcj308cEKor9rnm89LNFhVV1OZe5T4Cpp0jCzTWzv9a3CpXjQI0pzORzNNPJhVaRu13N5xzrIM MgXa7ew+v31E8iB2ibMhP0TRxEuGV5D2u5vOOdbOFBGly1h3mppo4wss1tow+latliYhKl72PI05 w0IRn7TcSfTW16ol82a30b99uFNiRGBOy5C/hSvi8Mk7KLAtSTRYKNJEN1Ycq2s+HDSEWLA2zeel iiQRxqLBV4Cgk8YlUMGAPfWxxMSyx8bGpViw6+VFnzbxYeN6YDCKQVK2Yk2Hh3Vt1iAmybPP+b3U 8r4UZ37eUkZvPSxxIEjUWCryqPEtGDOgKq/cKWXEQBpALZwbG1dTECDC2y7K2lKY8KoKsGDHUgjh UrRRhDK2d7czWFbCYWPEYaORpJcGzZRITzrDHDdDp0Q0coc4jaLmt3ALRlOES5bMV+iT5uFdYyDb ZNnn/N7viTfpn416lI7bsEFYWOQ2CjMa2QOa/K2tGPXbDeAtUTBtWewPhSqNAtBDLkY99XVsymg1 rNxraAayOde/8sEOIkYzEX2ca3NT45JjsYLCQZd5bmw0qKPbt5S29l0HnoYWeVtrxIRb5fPXSfWM QZ40YbO/Ia0uHx2KaXo2fsF7boP3Vj+lMRizB0Lhzsoo/wDEahh4ZGSY9lZFtm81Y2WKRimDF5d3 hx+6usYZiYmuL2tXTMHSGIM74QFgW8L3rEwY6dpQY9omblasd0h0nizsHnyQJb3eujBDIyzWvkkW 16z7Z23suUJrWHHRWI8tJZy2T6Gv7661hWJiNwCRasYP6TOLxzuNixDNlHPtVGwcyTxoomJW2/bW pw07vgYp8rRW0y0mGTEXwLYbaBeXDjRi2zkA2MgTdrqEcubEZcw00ItfQ+asVBDLd8Nfaad1RxdE yy4PowrfreQjMfPWN6Mxk/WxACRN5jbjU36Z9/x4Y+SeUNZpQDfvoyZST3hb2rZwM0OJyaFhY1DD MbyQrlY0QWGvfRaEDU30OlIcRez9kcakiSLYSHdznlUcMeiILD8snw+GGD6OkQEPjp0u50r/AKmI bOLxb1rX8rXQbqihzIbtbXnWObHusfk2yNL/AJbf+NdLlOxmW3mu1JKV8pHKMreeugDGlsNbNJb6 xAP310EOjnSWUEaw8hcW/fX/AFTFNKsckq5UU8WO/wDfUX2j++sdsRpj4Levj7qwMkGm0wWxJ8cu U+8GugsH1XDyYmUbXb4pbiIsf59VYYvi48bJlOaWJcq9g6V/1C7IpcW3iK6FfKM20lBa3jRbBtG0 Nj81wrpR8oLLiI7NbhWDGHaIusKCXJxDW51/1ThG4tYoe5r6VioDm6zFg5oVXmLA6VjoXeMYgydg nevpaugOlstpdmyn1m3/AImkCg5+kcF/rrqqYgYPJEqmU307+FRSYW0jTLmef69T/aH3/F7h3msq tm0tep29FcbU0WIE6AnhDHfTvuaiOFkZy1+2mVxasRfvtSZc299JdaCzsZEk0D91QRMwOl1NFUtr xI5/loxOIwcck31jz89YgdTjtiNZfz9b++osLJhY2w8WqRngtRzYjCRyyILAmpXw0CQtKbuV51sc VEs0d75Wrqjwq2Gtl2ZGlqMuFwiRSfW4mpMQ2CjMsl8x778aEOGiWGIa5VqOXE4ZJpI+yzcqQYvD pPk7OblSR4rDpKqdm/KoZI8HGkkIyowHAfyamw8eFRIZvnEHBqXBNhU6qpzCPuNdXw0Qih45RU2G TCRrBN20to1OMHAIQ+rW51NiIoVSab5xxxamxq4dFxTcZRxrbtgYjITfw9VJFisOk0aG6qw4VDJP hkkeH5skdmmhxEYlibirUkMKCOJBZVHKp/tG9/xNeFZLaUb89fVWI11zWNca3mp8TEoMhFrjnWWU jfJGhvY1c9k8xyry0eaT68ZADecUHlK7ml0Fh/fE/wBo3v8AiH4My8RrU/IuM3pFE2rduKTCh2SG +81LtJXhjQ7oXifGisM7S/myVKxj2RQb1CJ1AtwtyrXeU8G/vfEfaN7/AIh+GGYdm+9WmtGtsy3I W/nNKG7XP4MkqhqFhkHhWyk30NfWQ8D8mZXVm7rDnQlRWXvuOdDZzaFNoC6MgK9+ooSbeLIdA2cW qR5ZkURptG11C99qSdJFML8HvpQzTRrc21YcaJMqAA5b5udHESSeRuBmUZuJty8aBMmz8Jdw+o0y tNGGXVgW4UFaaNWbgCw1rckV9M26eVOVmACMUO0BTUceNANNGpIzasOHfQj2qbQ8FzammYzRgKcr HNwPdTJtUzqLsubUCjiXlAgH0xrUYkm2RdsiiVShva/OszTxheFywrJtEz3tlza08smKjyJ2spzW 9VTQK4zxlRqRZrrfd7+NF4mzKGKcOYNj+R4j7Rvf8Q/BepWbSNGy0qN2gLU7yEpCvE1BJiG/Bo2z rEug04UyniDQvQrx761oq2qmmQ+j5LZyrnS97Vs4lyJe9qiiaSMNFEEG+z5iHVufZ7PLvpsWNiZH aUmLMcozKg42/M7udbATRrC2F2MjZblm2YQNblbXnRwhTNOkQCiJvpL2Tr4gVJlljllxGEbDzM5t vsSS4011Y6aVLhEnh2bTyTBmBuc6MPRa/p8Kj6Ph2cbLs+G6twwY8O+xrFSnZoZcC2FXNI0hViTr mI8axMe1jLOzvHIzHTNa4t6OPhwrEJhIU6viJMPJoABGEI3fZf2W51ipWDDeMUCMRuQg3A9ZPsqL EzGEqk2ImsLn5y1uXK1YzCCSF+swohckjIVTL3a080WzjgLROijTZsl/ojj6x6amcyw9YyxiN79l lVhm4fncKn2pjmRnd14r2lsVyjh57nzU2HnMUsjNmNxod69r/wC701FIZFdosTtkieVmAGTLbORf nfhWFtsjIjzGWxybQPf6VuQNbFZIg3W0m2lj2FQLb300MqLh1TAJhVc65mVgf3e3nWMmOySTETQS 6a2CZbi9vCmQ5dZXfdvzYn8jxP2re/42tZV0VnzVlBRhyzi9qkN77Rr2FE+itunLRqAbiCKA4tWz HlH5nkK8G1+ASDivyRlEeflx4UJWjycr341h8YWMcU9sgcbxJ5WHOlUYhMx5HlrbXu101o7CTPYA +g8D5qDjELlKq9/BjZfbSBZw+ZlUW8Ta+vEXHKoisgbOU7V0GQsBnuRw1rDQqXkad2jGVOyVFyG7 v7jxX2re/wCJnc2FZ+zfvowYdAbcZjwqPM5kcG961NWPI0AKObgeN6LRyqY25d1FUbzmhWnbHD4G Hh8lZ1DDjY1ZFCjjpWDwxxSkYN1khbZcx9bXXj4Ur9ZYNtGkcotibsSQPDXgb+isoYPuLHmC2Nl4 XqPFbV2yTGUJrbnYceTMx9NQR7bSF1Ktk3yoa9ifutWFknnQRYWKOKMJqSEdW1/VoYpJ/KDFPiLF dN5cpH9x4n7Vvf8AEQNfTW1bLLmNbHDYJUjX+0ZrCkZxA47hSyRsrq/1TexqQnvq9rnkK8sd36go oqADhwown5s9k/ABRIOh+AjlxHyJkgUM3Dx9FB51CsN3x9NYTE4uDYQ4mNpEKPntYXN9BypYo0ke csy7MW0sATre30h66EtprHPa6Wvk7RF6GdnsyF1bId7dze6lWXaI1gzC3ZBbKD46916jwYV3ndNp Zfore1/bULYIBmdh86OKEPY6H83nUOKcESsUiIC6bRkDerWsH+CmWSVo0bZtaxaLac6MEWbNZiL8 wrZT7e/+4MT9o3v+J41cbo51dsfJD/8AGLa1CBjiLkXBbj4VsoVEYvm8KkP51aEVb4BTRSaOtA0r /Bp2hw+IPjrBIZJokiMUauRuA8bW5+NRSCWQTR5rSDLztcWtbkOVYZELqcOXMb6EjMbtxFqE6mVW DFgM3MrlOvHhQlUyCSxDNcbwLZvRqT2bVHjAzxzomzuv0lvexv5qjgJk2UZuguNNCO7x51HCGmES OkgTPpmUAA+oCkWNpEKMjq19QVTIPZUqRyTRh83YaxXMbmx4+v8AuCf7Rvf8Iqw1ejEnLQyV2Azf WaotpAHw43s3jV4XYDuPCgkWVPrEG9WvWbl8BPMUMRF21F/P31rzpoW1FZL3sbfBpwbWhVstcPin ql9odLAXvQ63faDdsRa1WkgWaUid7x7ihY3y63v/AD66nx8eGLYeLILM9nJbKeH+fvrq74Zo8pVZ SW+bJTPrysOF70yjDNuuAz59wApmGvs7vGnw6wMFDSJtPFDbXz8qxkMsT4p455iMg12auFAAHE/z epEEJmy9nI418oqH2t/6rpCd4rNgswdA1wbLm0PpqVpcL82cpySX12W0HLupQMMzZoo5c191A1+1 4C1YufCLsdjJHHnZgTclL6ajg3fRVcO6JlLK/LRstj3H108hwu4qSS/Oa5UfI3LjepIUgbEMFYjZ G53SAb+v2GootllVxpJnFm49nv7Pn8PyvEfaN7/hcDjars2lToNArk6V2qymmjLNFJa6m+nqq4Xa If7RdRQMjbi6uxrc0XkKBvrTjvFMnEo3spv7OO+hNZmZmY1uRBa0qN+75I5IeKsurE6N2vXRi2Fo jlvGGOU2tbT0D1U8jwhjJ2wey2ltRwOlOOr6PYNdjvDuPh4U0iJlZiTx0ueJtTP1dczFix13s2rA 94PdRbYC58TbtBuH6QBrER7MZMRcyj61xb3Uc+HRrtmN9bnLl92lN+DC7AKWub24cfMbebSnTYAR ta8akhdLW04ch6qvDEE428Lm5t3eiihw65SrJbwY5j7aMmxGY3PE6Em5I7jcA1EY4FTZdgDgPHz6 nX8rxP2je/4jCpszAM1rX+DSskot3HuqZZHzxDsvRD4eKQeKii3V7eGbSrrAPXWkYrRFFcfiCuNa fGKYdmWQ6aG2njWTEMWkBtqbi3hXR+LMhxjTYeSWVGAGWy3B0GmunpqLCskcTuz+UZeShD2b6dvv 5VhTHhYWlxO22YW5+b5W04+ekSCCOTOGUDPwkEeftez9/KtjBDHO0aZ5D2f7TKw1O7ax76kaFxki 6OkmMbk5SQ3d38q61sI9j1nq+x1zfN5r5v8AikxZZZoepQzTQx3tErNvG1+IHPuqbFn8ExTJfd4q CdPMbU2Dw9mCrLEJTmYh0jzX14+b28qwLYiZHxM0Ik+qW0F9PT+X4n7Rvf8AERvrC9HvFbOYGaPk eYrNG2bw5itBZRxPdQWNxlHtrnatDlFfPHzVx+J3V3VcG5+QLE2A1JoMpup1BptnBGmbQ5VAvQTY R5AbhcgsKEbQxmMG4UqLUZDDGZD9PKL1H5GPyfY3Ru+agZYY5CObqDW22SbX/Ey73rpoWgQRsLEJ u6XvbSsjKGT6pGlbbZJtf8TLveulyRImXhlW1vy/E/aN7/hA76Ljt/C7c71DhYDvnT/mtitiUXee tOx76Kr86+n6NasfXXksQQfHWvoOO+kaaJsrc1oCM5L99eVkZz4aVuxrWgA83yGyVsrX7VbJmztf tUJm2u16izRh2aTbP434Ed3jSxy4j8Hfa+WiUMxsq5V7Nr6twHKsLh9VYNhI0XZ/2ZVM/wC/WsAy 4jLNPm2+YKBC2U2Xhpr366Vg8YEzvubeJF+sLaX10JFRDN1WQzphWLRBrMI22jfre6sW6uw2ELyq uzvmbbSC3msBXSuGZWjjGKLxLk+d/CBc38O7007PLHENc4ZdYrSWtw3d3616w09pVebIMxQApfm3 dWIxLmzQjD2j2PbzNZq6JmxBczAYkPHkssWtgOHhzrHK5Lqusezj0QXUa9x1J56a1iWeVoligleJ 1jB2rB2AvproAdLcb1PDO2dQuYZY7KovYDz8fPxH5XiPtG9/wijY5l7jRy8D8C3QACg40XvFZUOQ HifguKCutvGrWoa5hRE8ZaI7rBhpXkGzRWuPCjWYi1+A+RLyOEUa60HjcMpF9K0N/g40m0kWPO2V cxtc93wmPOu0AzZL627/AIheV1jQfSc2HwgvHDichK3IDWPP4jRh1Mi2LKDqL8PyjEfaN7/heSNs r8jWXExlH+vHqKukiSems1s1SNLpEmlu+us4HDiWAfOQr2h4igyNofiBJdGHBu+t0+OWpZCVdbfN PxNM1u0tZU1A9prM+6vJfkdixy63zW1rZKc2t81taBSLJieotHFslsVfufx00PnoHDTSvnkaKz5l yK4Aza3O6bnXvrCzzpM0ceKxG/mPA2yHTl/JqM7CfKHSQodcjeUv/t4aU2z6zBio4I4xHdiH0TO3 cD2hYVhmM2Jni2hshBUBSw4m99BfteisbicNtQ4wSiIxm15AzevzcNamEMUwUkgqLkWEiZT3cM3D 000mI20+MOc7KVvE5R7qhWY4pMEXu28R/Za+Pa/4qRMbHipZsuH2Qvpo+/m7/TrU+wadYhgHKbJr AzX3aIWKdSY2RlHA+TFj3dq/jWP2d4ZusSPe9tza3J/VvQOGnxX9HJK+u1zA7kZAJN9Cb1uNiFnG FzSbRjYzhgbDwO9w0rpGPEq6KcO+yj2h3mc5gP8ALovrrpDEYMYpJNlBsbk3ZgTe9+Nu46a10hcO Npi3kGdbcbcPD8nxH2je/wCGJeF2osCAPrHhQRexbj499XWR1YeNYdnLF5/Km/s+Dawnq8zcbDdb 0UTsdovfEb1lKOGPI0QbirFqzRvtFHI8qjZVGi5bjnRUg3AtpSSqSyjk3L5IyStYcvGhJE1+8d1Z 4JFlS9rob6/IDCZ/wjZ7XJb6N7XqaKJs7QtlfdNge6/D4FMjhAzBRc8SeApspBymx8/xJhG2YxPs 304Na/76VSd5uA+BpJGCIouzNwA/JsR9o3v+GKNGy7t/bXlCWPeTS1HGOLuE9dRxLoqLlHwDS5rs AmocJiw0IL3RV7Fu+l2iIb/SK61mCLf83dNHFQsZMODZwe0tLJiAsk/a/Q/5o9oeN6PlNy30uVcb +PyOylvkJubVsor5L31q08QsI8SApfTM75l/nvFYiGWMS42TZWxJfUACPMM3H6LVJPD9DKcOWfQA R5crfStflUrsu9nWSOMyDJnyZSSP38amxMt7l5TmDCzKxuAeZt7KxRjA2UsiyNmkuz7408RlHBuH AaVhtn8zGFzo76yjalgunZy8dPNWDiRYs+GgliztJ2yxH7hT4iYAQZJVQXG7eQMBYcK63HFGQMZN LlDWurJYe2pw4XrNoNi207JVt72UkM2GjlxCYpZpJGsduNoTx8x51jWeBJYZdtsoiw3C2TK3sNQu 758UuMjkaXaHWMIof16+eoJIwuyjeIqwOoGbf9Y7uPOsKiBdMMqTjP8AOMJENj37oYV0ph5I1w0e KlcqsX0VKAfuoStIOslJTNkJ7kAAA7wntqTEjAZOjxNfqjrlDeStfKbc66QXFeVllwqwpaX82xHu pR3D8lxH2je/4Yh/8P76J4Vyro6Mi4EoY+jX4dmPK4txon1fE00gx8qk8uVdXxRV2C5lkA1oqRvD 2VlfdYU8IQNtxla9b8rHTgDarx4l4/Am9MsseeTvXn8kZWVm8w50JVVl77jnS7NyA0e1UupW69+t Ya0qz9YfJHs3XU+e9qj/AAmHymib43vN6x66jDSBy0wgOQg5CQTvd3CusbePYf4ucZfXRyYqFrLn NpB2e/zVGetwWk7HlBvealmOLgETGwfaCx9NZDiIs/DLnF+X3j11mRg68Lqb0ynGQBlOUjaDQ0cP t49uP7LOM3qp5VxcBiTtOJBYU08R8kHZMx52Nr+ag3W4MpFwdoOF7e+ocM0geeWQR7NCMy3F7kd1 GJ8TCkoFyjSAG3Go06xFmkGZFzi7DvFSztiozHEAz5GzWB4Ur7eNsylkCsN8DjbvqHGPIIIJUVwZ SF4ihH1iLaHQLnFzzpvwqHdbIfKDQ91GNsXAsg1KGQXGl6jUyqWkkEYC67xFx7PyGf7Rvf8ADhfG Ij20eVcaafiIYSfSdK8aklCGQopIQfSPdT4npHE4XDPK2YiScZqNpopvFJL1FLlkSINYkjkaDpKQ eGakjL5pOTWtYd9TLA6s0D204tVtbitWC0PLsp7xVwb/ACOSVc6cbGskS5Fvewo4dZwTJhTh3LXN j3r3eIqJ8yowmaV9WbNePJxNYZLx5VwvVpV1UMdDm048KhbaRrh4sQs+ytfmxPmvm9lYvB7VQ02I M4a3Dyme1SDrKrmlxEnZ/wAS1vdWLKukZxEMiHVm3mya3P6NTYqORCXeU5W7nVB/s9tYsQgT4zJF sHSyuCiqBqfFb1h8MuVsMsRLyHtGS/8A9qlG2XfXFLw/xTceqnwpnUQtNJNntvb6Mtrf5qw2IMsY kw+yCqL2bJm/irEYYYhRPLI77QJpvNe1vZWOd5kJxEM0Y4nKXN73qBNvGYo8WMX2Tc7trVJihMoD YiCbLb/DB++lzypMLo30hYq7MNOfaqPDiZFy4FsLcL9IkHN7KWRsRGq5o2y67uW+njxrouASDPg8 vMrmsmXjy41OqMih5MOy2B0EeXT2Vg0do5Orul2a5zopJtbgONCAwZ8D1mWdnNt4Oracfzu6sI0+ /ihOJ5DKbkWUqALdwt7fyGYj6x+HAYgcmMZ9Irvo1jprdqRVv6P+azXzUnRmEdkYb0zqbeYVq9zV 7isqzvl+rm0opimVVHBhXWYyCbZn/QrCY3CRtlzjaovDz12hc62rj7KaARNvsCZb+yhfQnj8i0qx 5+XHhSytHk5ceNLikwzmNsuW5HNwuvdxprYm9rWsp37nKMum9r3VfrS2sGvY6Am1z3aj0c6jike0 knAAE6d/gNaLHEWTk+Rsrahd023tSOFdWeY7e9tmqMx4A8h3EUGgPWmJj+bBsA5AF2tYcb2NQyO2 wlcopi1axa+UXtztUccr5WkNhobX5XPKtouIumXODkbeF7aaa6kDTnWKYIYlglMW/cE7oN7Hhxo5 p8pAYkMjAjKLnl3G9SvtrrFbNZSeIze7WsQGdUEbsAwbMGUIGz+A1qbECQiOEEyZlIK6X4HXhUWX EZhJwIU245Rc8te+opFLzrJMIQYkJ48/EacuNSq+JC7MHNcG2nEA8zqNBTw7CQDrCYdWIKklkzXI Nrfk836Z9/wyrzXfHoq9vgkP1pj7hV2PoFS4rGYs5pXL5Ih++thJM8ko4rFvEVrFjWH6QqzQY2I9 97064Uu2GHZzjWkw8iGPNuLmFiRSDLsznJbTtU0m9mbkRW+vpNMRdSgzHwHfQnXHLNFfQDWrjX5D eAbz1ugL5qu87XAC3C2Js6tr3ndpIg3zbBkbZi+jXsx51i4dqseDnjRCsaAHRmJ8B2qibOYzGQbq N7iDoeXCosM08myhVli01F2Da9/ZFDpBsQ8k12NiABqqr/toxJiZAjbIvoN4x2t7qwUgs8eFhyBi TmZrniOGlz66TENMwytG2W17ZDfTuvWGj2z+QhEKm3c6tf1rWNjM7lsW7O0g0KkqBp6qeKSRiHmW U5N3guUjTvF/XS4aOaRVzu7X3s+YW18wtbzVOizyWni2Mv5y5Qo9X76xWEuFGIQozRoF4raoprhi kaRb6Buybi3dR/CHB26TrYAKrL+b486xSs3z7M+bIM6km517r0+IacySPMkzZo1+iuWw7vf+T46E YbDFY53QEhr6N+lX9Vwvqf8Air+q4X1P/FRBwuEsfB/4q/F+F/8A6fx1r0bhfXL/AB1sMPg8JHFe 9rOf91f1bCfqv/FWWfDwlfqq8qj2PX4qwv60v8dfirCfrS/x1+KsJ+tL/HSSx9F4MOnC+1P++o9v gMHJszdT5TT/AM6suCwnqf8Air+p4P1P/FWuCwn/AJ/xU2GkwWGaFuK3l1/86unRmFX/ADS/x1kT B4QL/wDs/jr+qYT1P/FWuFwvoD/xV8xCPNm++uwg9fxC+HAZ+z4+ig2IAVxu+Ppro+Z0AGIR3kAN 9nlUt6eFRPs22G+sosGcMNna1jb6dYt3V4Oq/OiQaqMua+l+VRGCM5N8yrIAWts84tY2qW+HxFo9 rvbtiIzvntcqxK7GeQwCRzs1HZQ2J1NGNA0shiMsfINZc1u/hr3emsG2IikikniSUrocisbA8dfR r4VBgyrtLMCwsNAOH7+VYbbYOeN8RJJGgWzXyk9x8KYqJW7OXQb4LZQeOn+a1NhlSTMqhiSO8X8/ PzVg1gjDPiJxDmbUL6LjurFLFC800BS63FiC+W/HvpsN1eZsRmsIVy37Csdb20zDnTzKkuVDEpuB /aWtz/Op44M1wucFrby3Iv7OdjTYZhKZAyrure92y+//AIvU4w+HlfFxJKWiIXyeTjm18RwJro53 iaXEYxAVihtxy5jxP76wwxK5cRIbNsxuqSzBRxvy5VG5ixCiRFkS6asCwXhfvI/demiZZkZQb3UX uFzFbXve3orDx7OXPMpccNAPG+vov41G2ylynZB5ABlRntlHG/McKfERwSj8HbER7UAZwvH30D3/ AC/Sf/dS/wCo/Gw74jEvDJipTDAES4uObeusIGxTpjsTtciZLpdCRx9FI0eKfrpwnXNmybuW/C/o rA4c4rEdbxKxNbIMoz2508+ExDzJHP1aQSJYhrX/AHV0TLtm2WNjkLG3YZVJ/dQJxL9eOGOMyZdz IOV++sXs5mZYZoY107Qe2v8A5VpiXNukOp8Bw01rHTrMzNh8acKAeY7/AIwoUPjYbDshMWHVkQZu RFjWzMzrKOzK29bVSdP8orEowMnWfnS57WlvdUUcu1dY1Krd+AK5fdTgq28Jgd7/ABO3WIKo3l0e N97k/GlcI2lzlzaapkPsqFkMitFGIQc+uQcFqJpMx2bBwt9LjUVDKoa8Lu8YzaKW7Xvrq8bSpDwC h+yK8k7wyJA0ELhj5K62uPUKwqylpOruJEYnXMBa59dOuRsrII7ZuyA2YW9NbeCTZYrNcyvdr7oU 8CO4VHHeRrbPNvWzlLWJ9VbOHMIxoqFtFqOQK94zdBn0Xfz++p3tIrTZ9oVe181rj2CsIm8vVdIm VtRu5fdX4PtI9ADv8bEkX9ZrDpK7zyQoiBybdkhuHnAqaRDIm1bOwV7DNa16Ub5Ak21i/F73v66U IHCDIcubQlOzf1Coo49ogiiaFCrkEKbX19H5B0n/AN1L/qPxuiJI7FMHi3ec5rbNbDU+quj8NGke 1xUWL2E+XeVs7WsfGocfJZML/Q5gzk8XJbdroVlwsZwAXCkz5Rmvpz40zxxpEsGOkjmWJbZm+ix9 F66Mwkn0sAZYv0xnB9hNDH6dUHRDYcyX/tLEZa6GjY6YrCmR/wBJQtv9FLKImZG6R2ua41Y8q6RV 4GRf6QzO1xutvbvxhQofEIwhO0OlgONAYsnaDdsRwrPLCmIsJ5HIbJZI3y6Cxua6sMGhxAMgby24 MoQ8cvc/dRaPBHJ5JVZpLb0gQqD+v7KkWTC2lRnisJNHlGWyg25huNYpupSNDEzRiQX1YMF10sNT 3nhXS8bbJMREwWFb5kU7MEa2BOpqBlhLRF4sO4tZtqVZmA9gtUMsmFysytmhD6q25YG407f/ALpe j+pIcVdgfL7gsqtxy/nd1YfFKpQSoHynlST4lFeVxm2K6AjOo3W1v2hTYbqBlxis3k0ckEBA2hC3 vvDl6axT/wBHz7CHOM/MMqg2bSw7uPorpBMRArJFs9EfciBViSWy35d1YdhDtlkR3tmtwy/xU6th QGhnEbgS34x5xy/nxrBRrgto2JihkA2lrZydOHhR6P6vkmQybTfvkUWynh9K9TAYMnLi+poc+jNx 5C408DWJkOBaJMLAJZ1lbK4JUmwFteHO1MuLw6w7MptHWXMqqysQeA5rb00x/o6QiOMNLZichMef utbgL+ysLtMFkfFIjQpte2S1rcOQN6W6bU9p1B1VLgX9vO3npJ5cERHIJsmWS5JjPm4fzaum0nyI cMiGNEOYLdCeNhesImIw20xM0EMiMG7eY5STYaa916VThWG22aLh5NzIx2tze17bgrDI2G2SyM0Z kL7ucMVyrprw5209VY9eqtImERGLh+JbgPXUKNA+HQjK0TDidsi5gSAbWalxL4F48ISh25JyqjEi 53ePDQX48agQdHSWcRlypLZM97Hhw4cbca6Qiw0a5sNhts0rNwuGtYWN+zWDhlwe2xE6xFcsoGbO G1Ommq8PGppDhQYVaaNTtd4tGrE3FtBunnQ22G2dirsEfNuFHb17n/NSdIzYdBlj2qxpLe4tfjYV ioWw4XFRFcsZk7QIJ5A62U8AfPUeHgwuczjMmeTLl8mj66H61JIIimEkwqSqSPpEm4v6q6T/AO6l /wBR+Uty+RFCh8ZkGGTKQykeB40mIZLMua4GgbNluT+qKZNggVspIA7uHqsKRRAlkk2o0+n3+epM 2HQ7TtAjjT7GJY85u2XmayjDR5dptrW+n31Y4aMjXiO+1/cPVSyrAokW9n568fcK2kSZDs1hAHAK L299NE0ezDW3k4ixBsO7gK+YW982bnfhxp/waPf7QtodLVJ+DJ5Tt6drz0vWIElyggZhw/m1JM66 iTasBwdsuUZvMKRlwsYZLZTbhbhWJxALGSe2a/Kw0A/nnTKYEs0m1On0+/z0T1dLlch04jx7+NSR dXQpJbOD9K3Cnd4VZnFm/O89YWUXHVlKxoOyL6e730DPAkptbeHKkRsNGUTNlBHDN2vXUuzhVdr8 5+d56S+Gj3EEa6cFHAVCTHkMbh9zTNbNx/WNREYdLx6rpw/m5qbPCjbYASXHatwpX6uhccGI1439 4HqqSIQJs3GVltpburbGJdrpvebhTNJErMy5D4ju9tROcOheLKENuzbh7zTlsOhL3zad/Gsz4eNj pxHcCB7z66mwQBigkXKch4eaj+Dpqb358LcaSSPDokiCysBw0A9wFAxRLHZBGMo+iOA9tSO+Awzu zElmhW5Nfi7CfsFr8XYT9gtfi7CfsF+6vxdhP2C/dX4uwn7Bfur8XYT9gv3V+LsJ+wX7q/F2E/YL 91fi3CfsF+6vxbhP2C/dX4twn7Bfur8W4T9gv3V+LcJ+wX7q/FuE/YL91fi3CfsF+6vxbhP2C/dX 4twf7Bfur8W4P9gv3V+LcH+wX7q/FmD/AGC/dWnR+FHmhWtMJAPNGK0hQeZa0Fv7u//EACoQAQAC AgICAQMEAgMBAAAAAAEAESExQVFhcYEQkaFAscHwIOEwUNHx/9oACAEBAAE/IfrwBlihVk2yZsfS wZh19fGV9MMTIll2RquJYGkjq8eyZD6BgIcE1/7CMPGvAt2J37m6lE3w0g0F1Tk4Y5WF9ks6lQjW 1uBrbX3ucAR8zaD6m/YouO1bTPxL7hZxK40KAXIbz3cDheadfhmlPldkYOqt0xcaJYgrBZ+0BsaJ hxcBNCafRbGRoDkq8mTyM+e4iKyPRj9kuUU0j3EwM9qCh3rkmvb2tHPfqIMjhl7w1e4PXDKADV8e eYYguBCyorV3bCLLcYI4zG2rTZvo7ilMhtkYD4hftpYRma444lEF0dnxXuFI3kW9KczjHuN/W3f2 8von07xxErCi/pz5hWyro8D+PzMHgtFlLKrEGl3MAShANRKt7TGGCbWGwpRvVZW9TWVWzccaYEV4 j/PDjlNt83ADo/8AuoqyJvrD2ex2Wf8AswotYqmvZBUqxfd6OU4So4kFJ39Gn0OF9ykMfBFdz8AJ mRw48nNwCvucXznsYqVojAzMl+7UfmCybJyblMs6m4KC56ZZwgCnQm1+/UqRUiyoYd6EKVLp4gpK BwXXne5QX2oaK8XuOSwpA6KO/wCULUudhkTxd/n9b/UeX1VGabNOU/8AJY1EVeLY9Jc8glJHzPwg jttb7oQrorEDnfQmqztzw5A3EJokjfIdl4meEsULllSrVJdAUFvN3ccPBXdLlRvtgqoVrTiP7ayc YT+Zd8wGqlATUh9AFv6BNk1bNF8i77lpP22H2DiVo32aas5nl6Gy/rM0sZYol49sMvSF0NICe64R u7ObtZkLJ/cXd8QLZILpdxFc3kRQcDjwTda3BrKt1Nauty3haV+WnMr8Sag6P1r6ewffLmSGgXAr +0rGMw9ELwl0AhNoTwtqyiaI2IaOkt9scBKnniW/DUYUeHTHrlglkEpgGU4SodQzU/zIkRwa9S51 +W3mhKqktAG7Dxjcs0BQy1TKzGe5KqqH5IYcPEUc9jzK/KUPdXSMX4mZ5EA24HSncXaYljKoZxmV AFWDOiYrnqUW7McgtPFQgackZjsh3kUK1plwFwDjwB48zpvznuuFVfOoiVhmodfwhYfvwTV+l7lK 29grc2uyHbu+RKMOTWnEWk4Kg7r4siNBtUdy9wNYvC9wAsq/RHxudvGfySpky4Xpx15lZgtd1Qpt nPy+7yMMJz1A7ZgVZiEU4DeEg/vcsjRktSgwGs7j1LFHZa5A3HD1Qtb0TkQNS8ocZ3MgiWI3ars2 HHiARIy7sCond11KLLuWG64VV8x65dyUhXa2+0EQ2aBZeTh+vIF/vob08S+iA5YakZWUA5mFyGGz LE/rRd0yzC2+NPt/8gO1OhS1M9yD3iYwMKD67miow3uvNxBm3P3Ram0/RNtDVJT3iVNyg/zDzfKr iBioNzFGh6W9Shz86BT8H6i2ynzuqn4QrvYwqfFbM4+SMx6OIMYm3AjAiYBeHULkrzLDYXAyyUwW stX4VKSLGpWME9imZXXVejcs4QPyZNliudRmBA6im6dXUKM+zSiXyNe5YBg9FIBVPMb08xusH8yq q4oKmu3ywO+G50L9jDtPEcXB4uOMt4oXjfkhluVRDkjgf2IJO7TTOK7U5gK2s5qp35eJcO/uGhf2 WZGu/wBsa4QC6ld0i9MQ06Ee2jlL/BM1Z4djH21K6VenOD+6XBWYaHNMX6yQqiheSBj94QdILG/A VNpzNHKHrB3KQiW3Cp2Ne5TNWVFlNDjH7/4f2Dv6DiOYJgx1CNpzXR3EbaLdvqv3m95Ast7uZ0rd p7O/ERMS2YtkngAVYmPTgJRuTBmaGil86BwISqc4hzDI4X0JWyhlP/BF1euLTncUN9tRfYbs0R66 XzPycvzN/GavYRo+JjqAt0Vb0TxLzpVfuNuEc0XwNfKL6BUqKfvnhNmwqyUQ7s3g1wfKePsTstfu xx+raWl/dmifv3QeGLcgu+2sxazut+6/sg8oh2lsJlMkzBM0vkWu9xjdohjqjn5lDqzUE4F9kjTG 1teC9nTA0y7t0StZCaOSFNln8Jgu3upki5lboL8BplezSUCLAme02SnA6jxrOI0bMTTG0qcewF46 jGGr92ylgnkffFi3mWIYVAOUW71mKTb08hv+yChJjso2fcv+FH9HMJYPpxrJAI7gmcxGLUPmXqJb zohysA2wXp8kcI6gWqs5+JQ0CDl6/EU4NV9wHOEcH5jh3kDHBp5J1HFFTDQaGH6k/iS/6BGpqfpG kCyI7eouSjCwHyFnUYs+ftxE9GCqp1h94L4dQpHWjwTWUm0RjNcsepTSSArs1a815OpkSzClzyGs p073hJ/C7LMMGcUoUVafExWUoMmao6fxAYjc80ZQhnAl8bjZgy13iczhY61muszvMCiwOef4TPys isw4iYpuQCVwOGenOTgPm5ivnD0a9p6iuTi1e7Fo6bpul9xC/Ar4wPJlcUWdWYAqUedRtSVjDYe2 Ks5nKc82xp2u7z1NC/8A3QBtL4ASoR3Spec/37ywW7vZx/MxgHANHECx5Te+EKs9MAdz3bjCNX+I ZAGqnYNT+LxLjS14kTEDxvKncPCjP1LEsgpXRzF7iBOM1Ifo6dNt0RYWh0F8HxDGWQNGPNcepQpR Ml55+CXvKwAF2yfaUe2SutCCvSOQLWft9pYWNDneHyzmNUA5Y41QRZae9YCg+H0ApOCYcjD5W/vB cyS4u5fcAe1tCLfxZ8QJsAOjrVuu4c1AWErJUOUkYyeJf3mN5xrnzqKTmUA3eYXN8rgRx5w7gEly PElf3hZRkYG4Xz4iVS0S1rK3q4Wkl5i6y/hPRF9QjfCs/NH5nmETBS+C5V+8QYdkWvF5DxUv/d2g SjM2Ip+i0Sh3iCcpWB2y+d3p4MQAqoxU0U0a/wAF8RpaUB81WxjxggylyKKkMPiY0OlsXmWrxC0R 4VshRb9FFpnK1BuYUzCa/pA8HVhw15fMVVqDWEbPyjmVpMnj7sEEI/g0PfzKeIBq+d/dmDluPZCh cRco0RyVKrYHhdQT3lzgpVq23MdsCNVu5o5RM53AlLWnlv8AYnjOnPqkxBIqc3/r7zUbofciheCs ZsnTl+8ztBtLl3uUA4TyDVx5ilhcNbj02v8AIJcziple4lvk4ye+E10AAVVifMaxg4+xKqncZnAG AYmH9TKWlSoQkgoqCINXYHv/AEuOJcOnvcQl0gqkmsnILXBLjI21BdX8y578guGB6cz54pp8kF0M SEgPtK/RU19OkVZiTRHg/wCuWf3MpglkKmD6iwDlVI6vBIeyn8MFWKJQj4kxUqv13UC7OUbfLj1M EKoEz8x+twEq86/MouKl+xKq+BaYowv0ubTcmhNT/rlz+hlOPqM/mDLKcFbD4cSrfcbIRuUEECDQ 7Tj5cS7Bhp3zAbYj26GFjmmOHWIsgOeIQT+ppjKlSoMzcnCaPqJgayjpfU4SBhHanmANrZoKCUrM n3i0JrNh6u4kRmwDozDroOIrwfnFTZMDWsYT2RwtUhQMp7KftC6UsKyBAsuQQed9E764WAYWiicZ etn3mr6WnhgjwLNALdqv1MQ9fDXxLqy5RTCDL/BO/C0sF3R8P2lig4Ndzp8RF+hR5ScGSD6gdFto qt2oYmSB9ZyACY5ca7mSz4UXnF/D9mDgs0KLIWleCGu1WtWQ1Z2kA+tthI7cBLOczYzgz0j+jKp/ ovoHBAjlhZdxIVR1EAbA1tnLE18x+FBbt6PdQZIoHyj3E1qv8OmNs5PzLZdsXLwx5Su7QRqlJNDB ldn1DKZpkIdTQ+rT0E9NTZUAdFxOOdU4nY61blxBKMRIcbvTLT7Mu2iuc6RwGRkNVzDRiHZqQQGx n8y4MOqlVy8A0Mx9YmhqVOzz5aUkzY81suiy2SttylUhVB2VYTmCbJ0pPyPgvCw1kBFQWcZg+5TN MpBcgrtGba7XLQAaXpWM2TBQ9UTAtRobs3rvPZpaeICr34Lccr8yaYYDBA8aVZfMcT01lj9QdCj0 KzE2CxsA3RWFjpZBs2hZd3Gy+15mNs62n2E2A13khpCgu8gN2IL53Go8IUFWnn7YP+RrvSgvevcO 8ub0rnec5/R1f3coPv6RyJafURXUZA+8wCudwjAYAaPEyzcNB6+7BqgoDCXl0/HcQswD8RCdl11f cfU95FxdGJWCUGZVzu9QjAz9B1Biaw+jP+6gJ0sd54hGbSegojAFl+Bcy5XuGvP/ABluNzA28lJ7 Dapp01HMA+Wbt84RaPeoDeS0LQu2peAdoKyoIo3+Y8ykZxgbXiub1n/o3/Z5RQhiUkgSh4F+MWMu td67m7Uri5RkZyMXMrXanEKMiFCGqPVG1zDEOnmYQw8vDcYlsHm2SqlSoczjNCYiH0GkTg2XFCE2 DRcKYGEOU8KlqLn2P7srY3LQCrWrRdSsxJZbbl6OgiuuftA2+cHm5qF2h1NoLnPwGXDwCrR0AMgy gHe9Ed7W7ePRs4MN/D/0Z/q8oZtMVEhavkNSysOm9VKAtun/AOjGoHm018zCBrsOwYiY7RK+ISDg w3G8jHzH7wwKYljC1N+SICalpWOqCXUwG43LsniVKmaKpUSjEFRz9EMR3ul4EG4oSNLsm0OoaF2d 4cOo6uPFgle1OBWt/BnBL/D2uIEK4ea3dApipQAMDe93VbLsSEGiqXOCnB+yYgFDAoQmqc6FviON frGuHRnWj4mCsPqSDPXL4qZwNwPagvjfCrlKwKuEzZWGl8f9AqH9lF+pXucpfVpQwyHbiMBcM/uG 4jlVFf3OYVE2q2UhKqv9Yh4HNzK2foSFisOSEXbp8+YyFxKkdbhmx15alU19DbKx5frTn6JcAIfD fZvWAaYtbVnLGj7hDRHA+rh5ZfYvFpAiK16xUBPTL0drCsDC1FJPLhhGvMWF+opUDQpQiDzsU+ZQ ss5YgMZYebPmBhumRqYzwtdVCZVMotsla1k5h23JXmsBlfKa4r/oOw/5EYI3LTSyZAv7EwDWtuDw eZR7zYWrDQnQTBwGp9pwP7yst/SmX3R65Yf0g2rtCUjtudew9TSHjQYgS4M+pXmQt6xMjAwYEB3U FPBKk0Y7Pp5+lxrG9Bxjr3GgQWl0Dt59xxsxTugK3xeUKqwkPqwRLRND4MHLJoOxU0qXJxWY+sVa zya4X7nTMqKTDYBWlFr2briEmwAAEZzLmtQi9F2jiWcDRWXWbYmR13ET0DYNk1OMORdVYxSl4eGX mB8KJtApstOzEFKc/O4AKYbt47jlsvzRVgrQ0OHM6JoZNU8BC6Tkh+RW2QgrAN8W1gvEIhHb53n0 TLjI7B+qxP8AS0bQjd4D3LpS0jTKR03n+Y7QD3C0V7iMBU//AES4dw5/0xMlvgOiA4KNHEFp23Lo xqXZY7UWsG/F9RFvJmibuO7WDekN42SbYlhEqjx/gUCuAgARsdJBBRZ7IEZeQL59yoZGAOyNqU37 wgWOqw/KZpaag5CFkoFFjmgHDBjEu7o0uQFqF5QzFacYkZjI5BlY8RdHUYmbVqOA5IlmXI5g7+AR F0MRoG85kCDaQIEbXs224YlsOthuRVyN9cI+Y6BUNAXBXKUujqPQN7OarvnKLK6sxAEXSWBTYO5v 8ixZSYaeQzlz+rX9LlDUJzC8u1AkFYW49uL3l4lXaelXhiDwTHS+GWZzLvQ/5m0sPxLSrfaa1Otx raHdQvSNtDmDbUZW6h6JU5Eq5ZlfmCbjh9H5hhSVv7IVrwFINQDJp9hGpGGWPaZf+IRKYZnt2VmN gC4tslk0VWbUF5uiwd20AqOjvAOnaii+PDel1AW74xExqwk3RPZwL6fv8H4e3ivvg5QHc65K2Dp4 VPE4dKLTN2TyMafORjaW+Fr4bRQrnAZAsuKWmM6P1/8AddofVr0ciuHUPqXCbnbIx/NzCAjzp7CZ M+x6jlLHlUAOQPO4lfQcxiWMZekA4VnbWBktSc6xEQT3jtFmWD9HGaTQh9DdDscEC4UByQ8BjTjp qX9v0DsKlpVBQc5r5fvDDlSmZVb9YmIYlY3f2fEFulCUPmfsXOFeWsQBIjMxsUavjmIX4pEr4n7F zhXlrE5NAqZN17/X/wBV2mkqMHyqVooZa5PUU38MIqGZwPy86lrQsTBfKhJWDB+Ybg0/KZVw+DuE G54yhNr2sURPjrGNJLRmD3MilrHUyXTsEIwPKWwDQHQqH0bk1JoQ+lWVaktBzrcWit4Lk4w6mY50 J1scM+RbhiITBsIbMicNjQ2MZlwuzlmtWm2nEvsTCqZrdUdlgMrhuVl5CMVpTnFNZl+1kdgoHWIZ rDuoJEVbCClzwxnVJyUuktzb7N2zsJSNo4u2E1tatyXq5fya8hFlmOLRLTHESCyAAshzVWtc9GIs OFawDa0GEuu5gt8anc87E0cGCklOUMsFcA1XBYGkkWHsAFpNzdmFBv8AVf27lCEdqrrqJNLm3ErH zB1Bbl6m3MHu2WLi1oo6iFsDcscBrUbsepvEaqwzm+GoAUTQ4Zf1IQ/6SvZbdvwmQcBFP3cV5gWS odTcms0IfQ/0NlV11A/IyXV9zRno/S5ql+5ohFXb0L24cQbLMn0HChVRVKFOrHPiKC1o8/VUvAhC 2jL5Q+igtaIUTEp80OabM+vqtFuCB7UERtZOLp+0EdN/p/6ztKlRjBJRCfPX5A3HfVkh7EWUwL4A SNmVVdZ6Hnv9TqP1xBbGUpeM6zlv3TNh1Zl36gGMOHC69xawXgceJozhif3xA94Bb/MqbfTsTQmp D6YolaLD1H9Zeyi9x/LIjiFyZwfA3VpKi3q2ulos7KxUPtPQHji2pt1GUEVIpNFxgeHTETV77UAX AopbFypQAcayNaJYlbjyzC1q1JnXoJl5BxSFqiTQnkVy3lLPUMY4rXgTZvfUWH7WxFLdK1jTwiFV UsORAQWDlo+Y4naqRgxz/dYhWdFw7C4LxYZFqiUHq+hjQF1uvfWYVw1mIIhbQ3ZaYbJf9E/orOAC VQ+oofSFzyXF0KNeQypIV/KTtC9DRxWuc4XBlk3hvHr9OP7HKBUC4ai5d/EGMTfQJq0KqUsCDwxH SS/Ayu0vT7B95dx0bS5Lt7eZhSN1H23BaMoJLY57hpF1Ln82CjM5r9IBxRw/jxuJ4gGdRWe+M1nn 1Nyvr2JoTQh9MEKaVt1K+WjFv1FJcnUU2f8AAlsCFmgya2keTbZgo6bOSwcfRYEFVar2LNs0q46f 4XNzCxQKZ3gahBS5bbW/ohnzFA2rABGxyP6Uf2OUrEEYX4YnwY6y7ENgvUsJpHyD+YVVIXgKnRmU oOsGEWRFC8XCRIuyltDzgjhpYS3u4vum3+BK23C+V7JZWAAlhc15gz2jwwRValwQHAPTT/h3JpNC H0UXCAqupicKArq5SDOIoKoYat3oHpl474TmRdk6z5mOEXJmBlZlG7vcxr8FAv8ANtHi7uNQxlAH CWAAvGVTjrIaomyuEMmyzdGNJ7kAoAtKZ8SMWJUVkYGslK72BuhVr3DUQKvBiBaBDM+9ri2POLmi 1ryFjw9vZzMcSyITllbj3ScncwDYTgqrGSHQv5GgS9yx4XxKLRqgklvJgPg4Q6J5KQ+gF4BrBGzz cVw3VOWCNXuhDNnC2tRxRnWUIEYtxtaXc20xcvO02HC0ZwrQfpR/Y5QXMkfHzfMsXMM5zFytY1FH gbx/ohcssYY/H0IOP/COpG7I/YkuaXQPSXRMSatMIcwb58wH5wuvPv8A8h5SoYT8Sj9En8xcA5dA 7riOX13mxFiYJkfQXrozHS+pwGXCO1dy0rImGglGiz7x0YS6BFuQw97Q5i4JLB3UEMs40dO55Egj mDCnLAHe3Jrw3iPA6s2g076PM8KF4865ZzjEakR990WqByEgWQ4FX/8AN3Mp8aQWNJ8IksaXd91U l4bgCOVuBxfK9ZiREBW7q26JspqCrSCKaWPUQZ3rW7A3rT3A01WkQWrKG/JEtqIEFlLuqz6l3yjo dF5PJGVZALYUZzeO4JAtiQXt0OpS8keBIOavPc5/pkwgAL6R+ZlGX3K5Zw4ceGCONByLFL6z6jTU d3JNasXn9D/WdoMIT0IwsxQOoFwjeDh6oH8xKFUNjCUHbbRge3EU+ikV8UX6lUqcU19px5g/oYq+ 0qbPPDDQu2ABbR1B/KYvkiw+A8Sw/IZmGgOFpJjeednuVKgqbkGCCj6q5bDhNSju9wrZ4coDte4O OBodmTHylqn2N661HDWuC9NnHLVS8ZgfGC8KKl8gxraF5jlUE/gKlDmVk1Zj439wgP12HKlv278W lxsEgbOckl0oBK/cBrX+YOW/w5V9NpxtIOzpssV/gZlU+eaHoDFs3xDV2SWJy8X4up3DtersWrF5 VctK/wCLuxloU7YjZSbLPvRz78c3pGRWAE+YruKMi4KP3NVzqGkUcJwd7f3gtgElNn2Z26zK6pug LrwzySsvS8jqq3es8wPKIb5bycZ3KKwukDJM8NM5bxWWYMh0wzC6WbPsr9BvSz/eWJUTpXvyH7Mq VVkhyzmI3LuYFv3iz+0Geeguxt/L8R1yfOczCC9YmQp20r4Yr1IEdNTKtljlpkJX/a61u7/Yy4ZX sUlWK/Jij1jbA2CWHjvlElSsrZiKgjx9Vvbyws6fOZaWc8rm2uMxiRcWs1S7b07pmDDYC2zR0oS7 wYBLYVMDDgIK1bFLlAQLjQgqjYMtGZuKFlTccAULtuNaCrko0BLysdxnuIpYgktaBcdkLJs0OMRe T+ZQIzPWNACrOC6t1EuEaBYPsoWRVuWGahELYB8L1M/CpQG8bGAdji52xj4wqAt5q0DdUy+n9w7s FUb61nMRUYj5bZHZrMx4o3nJ4CrBDC3UzKrQyQOORTbBq6YmDaj6cRQUNjbVRWjKsBU0Ck84f09L /raXblTBGn3Zftc+JfxGBi6r72ghqieq4llAYILq3WoyBVUPYaojj4FRd/TbuJdrOhPVHMDtDJU2 d9HMoe4vtZ3Ego7jH9hfDRMlgfR2vETYDYOF0wSqHZKhYGyHE0+okCDdC8w1BFtBWYWpDCBYvuOf LDfg828HYPFYlwK9zwIAHht7zleRCl0qbbYPZGgjsBtZ0ejmCOzUhrMcAK/Nxx9kv9BwYWH34jpN 9JOeEKnfwJV8NYCU/Iz3RFeD4M0a+HHlh07gOsHqtIFpjFeytUn2lMMedEuJd0F7csXfUmPwQ0W/ K+KFPeEIaNtdxlVHYBkttbv1HHih6SMKOWFX4lS0fNJqK3g1+YN2jQLUYODs+W/096JEUIW1t9Xv 1koKSUKGn3Ju2yHhBc6d5Z27QngUr8JB9V5uqDygQaAe6YypLEW+UVYyMAqXXCR8TG3YVlBsLLVc MJjOJ+dvVS/f6D9NQgUF+kjTX6x/6mVQPU19G8hwRcsXTmNtDCkwxduYopjSGExthD5Tq0ICnZit L98TPu6bgNm2V4z4lVkogC63y93hKIPKawMQBtVjYLwMFzBKHFB7/wB0QOV4Unl2ncnIvSCzw1QH NBXQaFojGogqCZKl5GLJtozB8HkNEXYdsd8ZlO+tXKQHE2dtJBnDDAUAq+AzWWLvEx+roti3kLlz 34HCVIGxbaVhTTkxWY1TfTVNR1H4XuCKll6/4ZfzuYobMo1BSpnTYMQ/LgLnIDeMUQXYEecw8tQS qJeyUyq2kBelqAAd/dELlVBQ0br6kLykoLuq26AnAnvdEFbXGI9aqPDIQYcSLKYyshGTzpulQLPh AqkuzxEzvcxH7walMKlI2ernG1L/AEvIgNtiIXJrDBAI3SGEzay+fmUqUslyhFsOUWoJmqybcWx4 Px1yCU5KUFYAIbAz0/yhkIQHedl4F/iWVAVOC/spEHcG9ET75/EH+ixRf6/8QVz/AIKn6awu7vDB GBKMCZkHF+Yej5ymtX4ViVVu67QfdKUbMGmP3V8QCltzy1+uSVI7JvMl+TAZRVWa0ej7+ZhDiGNr E8P+4eipdh082iiklfSLYdmebgwbxCoVb2HJxGQWaMgJztC+5VuqS9M4UtyPYJGnZnviNmhuGcNj 0xr94JUuwIXdH+4XcCwwUB43gpzeFP2qRxK1gD7PaoJWjQn5gU+7mYTy3IJXAtc6iARliIvDmg8R Rj9Iq5ed2vH8R4qNfSA/I/BLzFqGqm14ZgoHXf6XlYv3xYUs4yjghDFv1jQLPkmP1c5hQNrkmNBO /bHo1CUeVKZpbaC3+ZnbyR0lT39pDm4qdGlbu2Z33L5F8X/Mq56GgQ/PXiWPoYhSFec+sf8AEFc/ S7Qsc0cOePcvAGhShrPPuX4HGonkDeU9zCs2ueTZEPY6zG/Lk4RABTa0v3vA0czus7NaDYKpK5jW WOtKdbUcCJSxxM3WhrWlYyOOUlK+p9hImKuIjdxd2p4011Vm8Y2aW1xWuWJ3c2epOYNAxssalG5L OwU6Gmvm4VwDvssEgKwu/bJBe1cATBbRm2dorSs489dqboLsMyx1tX1s0/8AxMpnjgSl8RHpMNos o4jYQyyrljfEZrEHJ7NfhiTIuVEKW0KccHmnkaxGHx5lbalL1aa0iuXQrhmNRXRoQFp3RI27S7xf goaNcB86xOMTq+pdPOGBp23pEaqIIlKVb3d+SxloS6GTWQckZ5g4UQK9wC46HEfXY5s6yrlzGm64 mvG5axGDtu3gLDskERklVWYGS8X4HU8OwoXJ4Bz1cV88ywARgmgxg0lOaOKriJVhgNQ4BtHXoeq8 k+Z8XhYAAVuFlbcQmL76ORSobcYjNsFA01sOfGskLpbbYoWqnPTLQ6sIe5UCyAMZFoD0l644jxcX qaPOMy+G0H3ef8+QpdNX/lbY8q/5Qrn/AAt4eBdqJ+UFiibVdkDkLRblJndEikH8KPUFg8Df7W5h J3bgS2td3m5nQ2YrFVvbibzbx7FPvURPWee/5H43UelSos0DLyB8RX3qLUA+cwPA0jlSwXiJdWsx 2izy0B8EXK5fsljWrrFzzOltqCFucLASDmdRqz8PtMYtBFJJhbY4v3c7RtXbf28RcStMwqwNbfan vMNv6sz9liWlfI33M+wML8i+pYH9ppVe2I1oNfsItXYKPCgdzl7A16sGVhc2p0Pk3NNeCDNSvbCw y0suzbLqkuURL3MgAXJn7t3AbVt5Mt++Tyxdq51VtR9Wy1FZyGAOfY+EBifsi3Tg8QG3QYZezurx 1LY6F8+XZl94YSE8hfH1+Sb0uWDVMfIt+2GCMN34+wA/lFKyLIEra6loKNlmb8jSnyzaXhMYp8L4 IquYUUi+gV94tiDBDlWss/sP8T+w/wAfSkf8LJky5epQoUKIKP8AP1+/NmxaN+DlfxPwMv8Aifh7 Caw9D/rv/9oADAMBAAIAAwAAABB0lUB/AycWd6wTz7rnjvn/AM8888888888888Tz+7lt+cvzye0 qTfEp/Ai88888888888888huTxO7gCpvyGW88r3bS5wI0wITaMvzcsg38PbFb9lo1SGXm988tO/N +cuxTpPhIs8IJdV9QDavAbyfMrj9M888888888R4ohlCA4x/hJQmxniddKuKkIUX888888888888 8888888888y2R8CazWwp70+4siqVdJvL5WaC888888888wVSVLYxZ9MoYYsq+008888888888888 8888GFby7QDR/vYx3phkmxGc888888888888888+5Lmd1mIfEY3S8dSddRI5l8888888888888/h 0QdTAi8TuVJqN8KCUk888888888888888j04WQD53v0f1psTLKJMJtx4/wDPPPPPPPPPPJcMmsqx 7I0xgafm/wBw1lSD4tbfzzzzzzzzzzTDh9kmc5kehufkpjhqCisBvprr/wA8888888x16gUW2udp FI19E3hlXeP2V5eee88888888/UE0mrCweE8MVuUy0RiDBDgMw7yz8888888CDDJVyodDDrVBtRo LBzKJQst3cCy4111y04CCKGOOOCKCnWE89O9udNMt9e9NNN9dOvNOu//xAApEQEAAgIBAwMEAwEB AQAAAAABABEhMUFRYZFxgaEQsdHwMMHh8UAg/9oACAEDAQE/ENmAqiLtCV9aiomYop+klQ1Oa47x REGaLTPp9oKoLyeN+IsAJ9zr6RxEDaZTNNY7XBknHFlxm4a/vbmNjKbp/n2YgCyxyYly+suXiXRE OIoXUoD6CdyBIMMZC3jN2fpEKii5vCAYUMdsM/EaQKo67u31vv4gmz9q8TY4jzWMdI6sooVttvP8 6XDrhSXMF1iPFpMCoS8fEwxLgh9XJZCuMmOumJY6HnwsFVWuq/HESuFJ6QKDdJAb5BaAdzrOitFq LU1g5ut7yYLfojJ6OvQdNCyCjexMFDV1biultvEegYTRyrl6L3WQFWUVxW7pu26gNlohI8QaK7B5 PQEuMZwWKyShVNU9c9UbQVgDQWoXZV1gVZwRPVaBdlLQLrwUZKoMoPNyBMuM2GQoJpOkJZgjbkUU KU2tYCvVG9yKKvKUobHqPFcYpF71AEON4PRoiAwuzZm1HYQzmi1GEBtYAja1yGqrADY2LjllQKub 0FBOuW81WMzEuLKjRKFXf2hGhYaEDZl3anRCDD6tFL1J9ohQG0Ul9d7iC2hWVcXdZdWXXXMdrBVi jXS+mDxASFL5ecPkw9YUYaFUK1R2gAHWqbbKKKd4MHQgFIZy2gc54PE1GcLKJ0LHpxKVoeRYXy3q 4EuK03S52ZvLrlmTN80VNO6utnkhotsZTVbHPNSwFOoVwUXjGu0qb9mjYDwZ1nU6iBVgvVzlYCUM cqmkzSOBaRvgkBNacMmlygdC6OAttYXbgz049ukEipUcF3jmu85l1AWhcoE5ItZgQJEuWXHLiN9w alzeH8RsOjfBNaxz1loS9Gawp/yGbS2/TLccqGz1Oz1jYiBCrvLcSqlR7M2xVRYjf+Pdihov5IXN QQD6pWJQP1VyUmPMUAK0zems+uJm4aqvWgXvUAaFUHU/rXvHc3ObrmNWVzEN3U3mjBs8+JoOOpcu W/8ApFzLgQOxBFPpGOurikVywkmYvXEscL9c/oRQ2wNp2hDC10O6xReuv7tz/p3/AM4r0lYWYF9e lftcwbUhju9INt96/wBzLqoZt8+b/uAmev7Xru47biLXW89Pzx61xCcBprnPf/Nyq9vjp69VrDR1 gCsjdcnvKLgzn3x8Z/iWWepGLuECthgEHafeahmQHe9sFFz/APAlAncmrOlzIm3VtZKLXpf+RxBD nx69Y0a+fT99u8bugWeLzz0/8QbZbB1Iqw1T0f3MHOAnrvHxLXD51zAiZGVCazTD6BCkstWntBoI r0GSjrq9cwcx+18+Gplfdj0/fTHeWIw/Sv7uDtkA338zol9v/AszSNcSmX41cCvZ1mOGVMJbxuJN Cyza1APqwHsukseyQ0SxaMBaaK9fPWGBTx/d8enzCJTV/HjpEFHb9qJCs9vXt6fMpxLHXvWa9I0C u3HOK49YZ6K/e382zAjc0hMJzLqEddAuCAMSpLP1UJuhqBsKCCWPqRiWlWigbHXslPWLar+n4c7z 2ll3y6cfueemrmJMW/38cw+kE9F59sVnrHV04OAx/v8A4EywWCWeBHQiVn4/7CVFOstjuNGITqFZ mdVw+kmygs5z6c+kRtY3istccVWK+2I7D+ldff1hyyqHs4zv3etyvavP7viUY9V8tc8Xj8xEsAJ8 b3xuNgVrd+w69rgtKFdc/NfQR1/I7Zpi5czO7RCrnc/EMsn2lMGub5mUPWKdKiOYEMJZRR0y36Rw kyu8NtXj2i4SxTXGEf6gS2WzNu/So6Stx2/7BzNHqxkqvbjoxAWL6MsVYUx6X9+etEcaMlVe8frK PdeMq/34CWXX8aWzCLWGooZYyw5jkIPsQOUYBpRIQQlzORhu+KiGnNu0tbFvrmpaxkVyd0/Xab4O W/eKrydzrf386cQyvSsnQr4CCpaGeTkp+DHmIAdMbOOv9wNcjO/n5+0QJpjZ01LZxKW02HV8vWDd J/d79/FTspVw8/wpT9KvoxaYe9EHOX4hljoxE4FFbzDf1NXSQM1njOKgrLyM302L7d+NwenyHb8R qEFiOeHfpiXlF85zg864g/gObvVlc6fXmJcrpnjHTjEOAf4Mc8Eyl3SjPT93MTSt77V9mVCx0378 enM1DLvPe/v+1F6vT+2/vNyPr7faser1/hcJcdoC3b4h13xO6+I8N+IHy+Idse0G+ygK/YrH3iy0 HtHKF8TdoNlxN6QBWjzCjKku7HIb9yYg4xzqn+r8PSLCvh32/wA95gbG3l3g+df9l1XkY7uD8feV QQs76rp6Pz3g3Qhj5/Maa+OebK90f1gACXavsy3UqzpfF/lr8RMoX/n5H0zNWP8A3Uz1+uftMYr5 86/g+e/f6tW475892p29pv70cLjrv51ESYordbPvr1lDQ1W83gfKeIWnhevR/wDi4TVMT7Kt0d2E GNimRBNdrrt7ZgjzcOHge3At+GUcO+H5x2mnFrWORr7kGV1jFPOuOYYeQW64x/VY7dpdF1w4dntx 8YjgomcJVKHfd10jXBw0/jr8ym1FXWnZ7cf5uWI69afTp2r27Q/s7PGN17fET132aNdPaCXVG+Or 8MfnE1j8PWv7IhZz6PWvuMGAb6w/iXQfD1qolv4P4lJarzp79uzLQ23Wnj/p5i+jL3nbeGdt4Z23 hnbeGdt4Z23hnbeGdt4Z23hid0+ZvYFFfTSrgKtM9vacVPEvApjtKG6eI3kV+Z2HiYGintM7RfpM NV1+dzsPEWzT9b+8WVRb2mKqV6QNsHiLbHicdPEWbR4naeJY3TxDOB4n/8QAKREBAAEDAwMDBQEB AQAAAAAAAREAITFBUWFxgZGhsfAQMMHR4fFAIP/aAAgBAgEBPxD0J7ViRKzIOYRLd6urYUtTRm1K CaFnE4P7W5GVAW+lMsHSdeOtHCJtLA22nnXpSolBDjRx50oJUJ6e2M0cIECwNpJh5inQLCGGL/y9 XqGefTrpQpoOFPvl2z2oXTUosiCLuOKSnKKihcYoLXp4I07lQhOd7hHFHamM30phrKuJkfFIQtmc XtEPxo0oAaRdTwUq7vdb1pI3MuzaIMto4zvTEw/GfNYgBNJJh3orWWLOCCLfD74A2UijGgzoclTO 69HYy6VNlRKkaazRNZrGdOw1n9WCnf2oQQgxGuPj0rPpZtaZLM8TVxpeH7SO7WDYPKWHWlgspja5 TMEqiZXUYsetX0bkun+Ob+KCECXXnH4tSDIOUJ2j+sUmBll3Ji/a80X7Cu+q5nWxGLUcwxk3nQXa nt8fgi78NRLwbu0y8xB5aWjFo73T1i1SfF59EN70TgvqWMd0jn8VJ4Nv79EUKTNSk0pWvrRSGPep pWR9AKEBarj1vRmWkcFJEv8A4lQR60MkB6VhQ7UFAJQZAUkgFqYstXYAta+3WkhF7xGeaYkJCyM2 m1sxS4ZgXgsWmHprtSrES0puTHihkhBtrN7W0qzoMoW5vxrQeLLUt3tS4CUITEvS0a0RQLvrpbXm zSwS0MMdgCaQrMtONHD3pQCCXUExfSeM1dQFIaQLBzRykk2ooXejwsU0YioFbF3pRY0rR7fQZ/aS jvxoLfLOmhtUQ2MtpJCf2joGBLa2AaACMHZ59KYgKTMRaFEpoCcrQeIoshEXHqydCKBUkR7Pg00Q UUN4U35qSrCFyMjfxQZcBVozK3S9W1yZnpKjtNLIsyOz+c9qxfR2ZEDpSWCmpoJc+6gCImk0zZnX goGg0kUCKy/5yg6VJQi6r3onHGverijpUMGVpl0KsFjUrYH6lTVilWVJaEbLieaMbBApjWWM7fMF t+Op/YvO01JMF0Djefk6VBMxE2iN3X40wWO0/wAt/SlkltB48Qr4nalLNvvDfg7sZoYnYaase156 TqUrYJJ0trH9xzQkYeHd42CbkuYKSmwidGOM/msxFrdifW3b7RvQKgPgXwTTEFUmbKgZoYhagsxQ F1ynH0fTWpPpVZ1J/wAs5h3oIzYljNmWxvH9pgV0eem1E19DTrxp+eKPg1h8xYxv/wAUInQpyK0P tTYlRCppRitRXYVKak0ARdB/dO1X4KbtJ9YgTJzRpDINzZl2mYb6FK2D86MT1Z4q2MrX6/j1vxTI C483n8R3pIglcceGtxjn58eP+C6O1ZilR7x3xUAZqJ0NJ7NTIoShoGIXKGJRTjLIn6qVD9LV/kES WTkovNEIW6wOWZzD2pvAtdeka/CUxTDHrGc70Il5+TQlke/Tnr6VMgwmepNp60TFWEE6XnXp61Yh 2Z58/e9AVNSisL4m3pW+jekzNEbUpmsRb6BPflaposKENPcgQownejYKCJZUhM9xk2oOQ/LvUti3 NARGBvrf/NN8xR5ChHz95NKuhQXkNNr3m23NBY7q6rf+eP8AgfiKijQahOrn90pEcH0JKbUxvQqH DWWJxAHanECDpFqVqdqzrIPIdLddKBFsRfQnzM3n3uF7EdtGdu3SnIAC9xW2OYNo3qbEVnBp21xU /DM+gOmsS/q1PIko32nBbUtRlTARHdZbmKdgTO1scT/v0RM/cUdIqNeKRYxQUDFWBj3UwTH0xClW 0p24lVeLW+dKMwXd96VYVnUQsjKxFFxNsakEwT3oYAvJOtxPzTAEB8vuUGYPGbz86tGSQM2L234+ TSBaJshszP5blMEWLElXiVlfaQMcRbaWi+CzMxi/wqIWYvrYDPbytQxP23b0pSikC1KQUBoPioc1 ULcJKgkw0NqWlasqg0sbsRrNAEyBEDAQhG1l8VAvbLR4G3xmsNwQWelqDDR4do9jtkhKdpymzur6 r0pcgLabOqTXdZ3xQVTK+HXa+sW9KVebGMcenvRkyXmHeZ9KgiSyEDhaB4NtL0jvNuIgO3ma5nip NXj7JjQl1o1JKoNtUjhSIWNt3Q6/GlUYQJZOuaikv1qybJT9A5oVrRW021tQexaWjfBjn3xScgjh 5j3tUDFhEtqNtL381Fwxpa13xE6tIt8QRGZTpk6aNDJRuprffW9Osr+5vpq29qt1kpbb/MVc5S28 p23KlIvZBtN7a6VnFsLcR7fvNAzGcehHt+81i86d/eb9Db7MOZG5Sg9xQbg80roeaS/IoP8AZQXD eVSOkFjzLUB2vdvQrMeb+1T0EOzR0vqKmJKEMUdkhKBPpT8AQcXLKW6DVwd76N5L+Y8m9AoTUxz/ AHs7VDEHBoYuOkTP+VEz2JPAy/v20qeYsPDed+p6cVJWLe8RjPj5NE77rppDPQE7dKgAhCbFsJ+O 1AQhh3jDH6J5jWpQgMe/pInW1ZrrfjPjWpifm8e+N+9FzBk8Z+x6E9vqIY3i0dOIBd9M1h4S6hfb F+meaHjlLExDxpnpU1KzOLRdPAneiBqk43P/AA6qyVd5BMGXpR9rYssIo+sTrrHFRGlcuapzqhHk qWF+Lmu19ZqCSQE8En2felpmveTTOun6pWLCETrL+ZlxfmoqidS5h76+t+aLpAkuIyFL2xEzZ5o9 kXZI65jHpVslMThheuufXF6AET0k64m+rq807y5Nb4nv0vR1lFa+XO/E0vEyI12but/1est6jafw +LUHAt1Nh9k80mTaZufv5beoHnknEzRgeo/dS9yLZOOeS+L1HKCBya/4+GmarAZK5Pkrk+SuT5K5 Pkrk+SuT5K5Pkrk+SuT5KjgvJWCVKU/TJkpcBUGL8z71cmXmolZX5qciXlqAnNrztiuf5avkknLV glgtmr0ym3pjxXK8tAWlt6R7WoEAoOauzKetIIXHWgMLzU15eaCIF5rleaDIFvn5tVkR71//xAAq EAEBAAMAAgIBAwUAAwEBAAABEQAhMUFRYXGBEJGhIECxwfBQ0eEw8f/aAAgBAQABPxBFPeUuWxEG B4BEuMgFDpkQ7wyIecOrAFTI8YXrETkesS4LhlC4IEoZLSBtMWj213XGRpeGsnq/jFG+ch+iXHDv /jAdeZSayGAPycEQ0SbZd3AhQo7AtODvxh3DLmwIfYmvGFsNqxT85qgW61jUSxMS33zj4w2jxNf4 DKWguCOWKJ0FyK4dtAV85MqKJBUP+87oQzdT394S5Ri9gzALzGtpEJ9YbFxWH8j86x7yiRt0NJS6 dCOKdyqbHpC+POMwqdRqUXp57xFZPPWENUvPOLEfWCZcsO41iq74gHcv0DZTyDIULhPlDdMCfquy wBmq6rMVppQhQ61rzecOfci/oEF65iLqAEsAFNyvX7ziKG9C20Wvw+uENDtGHQnLA7cjpI7+wC5W BZ3L2uhFnhi34xZ5WcwcEISXt1m4qQURgAjb0xHoxN8AV4+zX8Y0Jrhvugh0hYiOzKD+DRqP0iIj sRH+9dE6+LXmT3lDg6omba3RvnFjR3FiHg7Wj5Dvwr4wmS3D7uaOannuJVzSXRB/Fv4wd+qaFG/4 wCXWyML8dP2wT35oprWp88+Mr3PHVz293/GIiQu0qb+/nEzGAFFK7/OKof8AtMSZAGo9H8vjG/BA X3/7pjxCTFoET8TCnmEQsTqHis1ndaVe2apfLhgaalXUvHfruOdtcUa6mcAnnBQmcsO4IkbOkMz9 n5FPOP7OdUgP2X8uB0k1QAgwqqm2YXiEp0ZXV+zMMkZ3kRjg6aR8VZ/3tyyeG9gHvd//ALwmHWDk REUSYjU2dxu+O2G4HxFqvlSwBQFMKD5in5w/WAphpUIFnYYaBr4WNdtj9zKxQFs0RFCPzmuD/t+l FbEN0eZgzl65Et9I1qny/vWU9tjDxiQ13BeRyAptf+XCcC7oEY/vnfI7n/2M8l1RP0N9/H8Z7ZAy cPPxkjSmgkv/ALyA06mI+z/vWT5GDPoHc/fCUpIynp2eA/bESkA7Qa19uGpb5yACF+sU3Xk0ni/G Pcj3gFuKRygKBAT7M4pEaI/cT6qZoyF5YI8NGwrtcR5lIYo0fnL6eOA+q/8AJiBYb8YpL9ACYc4d y16xokSbiYufEamQhNBpHWU9cMrxZCeNa8YcJjUR4JCfkda5gYCINR2LV9ue8MYOcCAFDwPzmyu2 hBJG6Q84sqjC3NpYoW3eFKUVQ133EiVhNY4PZdEhrNw4eMi7FTwRasTwkmBD2vJ7yMlf3wadlJv2 ARJvxjyfeZABICgFd4GgxkvgGg/vbYT6kvmgQcvkfGRhHp5Zy35YJ6QykJ+eCCtMIIYqOP6X5IzW tINIJrx2/hySOACQjs55JjwVlHDeNB+2J71vKOt+o7wQJGWH9sXJDEyz8YNKRLjw0dMUfhgIawTD jDv9JBTlAwhgU+64gvY9AsdUDa8MZtYpHYsSE+Gu4Au9aiAyFxYPjDsahg0gy7S7XHhh5KcXfPQG mMubGPFNAuI3tfjCEQWo8Lira8J84ZIpTsAa/ZN4S9UOFVYIVG9GyOJodPw4QCBA43wZeKhVpE35 cOo88waw93TPezEzvV7ycr9KZbWDl/pSB7POFZ0wrAGVvymHjQsCJqrfFgab1nzBgxkI+SgcmK7y praUuSpHAwATL/FlpdA1S+YWzvskKYAxX3BXUxtCOC5GKcg4B7xmYjl+yF02KHnuVN9g6lECXS04 nWEK3JG5HR6uauUIk7FPBb9sVUHUK0KiMZRPZmgkXA5gu3ImrWgxJVHU9XS8DshfIYHY7A2ZIkUT VvMC7Itt6Thp24ymkjRMsKCtLouJomNQIDNASUr04rTQIVS9ToI7qZcTJu9LwNHi+cZHBakJVjw8 VzE0r0GAG2FiPH9RdDTzCCEOP0J+sigAZaU+M57WCAYSrIyO2qgL8HXHuCmAaQ9x1+MENIuX+mb7 YueU9vnN+IKRr2/nf4DBTXVroGNIHMPftTFdWAi6ivj3g6orqNYAXXv1pyI1ABRCUfGsXs5Img5A 3uYBA14zc3rDiwecUpfwYhUzgw7/AEuzCgKdfeJ/8xUqvyIG9PBh2mvk1bnkYHe/hydCohpidboH rIB4kQVflB7ITi4IDyE0H+ISh6TFnXt2jQrLJZ1cAHCA42egpYa3gSz4G2h9PnFpzgEDi89z4MK8 aMFrB4JMQ0S6v/unCbkrYkjEFFQUV0wBrAW0EWFTaWL1Idw9NLQCn5BeY94CY7soItiAd+8Wfb8E HhF6tGW/luKBDqOn2hTIgtCloD1SPENZFkZ+Rc8oO/h9YZE/NiCNyA/WBl/YZthJJNxBkjtTgBLQ PU6a3g4xqo06UBuOFaDAEbUK7B8wX5cS68l1DqDTicjvqqwhDk81a0+ExZiTWn6rhL/BiTASk6IP KdTwbMSOALx4LzQV7TNgBiHZT4oL5XAkh+aAhfRX7ubKDgAQiFFEreHUPds+WkCEMrtdYLDj9hA+ QjscuTZKRmMzpcvYjz/QkG/R98pmsg6wGGS0d5YBnhpXGXLw/D14lbvKKD1YifxhQjvdAoq734yt AcSnj1vPXkuPUEQUaw78iPET1lxbh5UfL5ysOtHb7xTTNul8Cecr36iAPE3H4wt8orgs3siOsJKn 24hVmAtrncIGEB2h3AL5zQ+csHnOMO/07YBX0qp0uQ8gdkAdCUj4MWFbWqEVzpXp6+8b4QF+auHu 6DOheN1PZNAE9YJkNkmKlmgChuF5i8rMOOJCfRvnGReyCQBBgADWtczYfhVq0nsU/OODJqC9ySEJ DiFviko73tH85RwhkRHt4A17yG3AjQ4SIV2I7xdPCkvwSoPVx82q7ur7S4AKRj9UMHeM2FsztQie cGO/VzwXrCP6PV0RphJWCdUZI4AZdUZUXTibHFYIk3XxiIV2Oc87XBLSh4WYlqwQOGaEUdM4eFrv Gy8EH3rNw6rysTlfNN1wOiDpvADmVoqB423I4/H1dHm4vWnW3HbERabUT3d3t33KiDp82MQplQvM tmsquRs9ZgvcTLxvbYBrvNij2p2oD5Q7l7OE729o33hs9UjvfUgjnn+gqU+b74q1zD0XeJC47Fpj gXKkgWOPE/mYk4Ruggf9/thYTMgU+TmjC0TUA8CdPcxCVnxa2S6Gj6chSLdqH+TBjlqbXtxPQ8Ff jBptMVazdvg0fbfzg+HPUrfwHJmWsHuRSwwF8MEoame9cZ9Mdy4MO/2QPgUn+R1UsWzeHRKaaw6Q AJTT6cvxAPn4eRsumeZhCjSpKlxSQViM2ZrJTb4CGk6esfSKipppDptXquUXQGggJWLJ/EsCGavZ BWnSwWd05Xy9d6h/Y+j3ij8tmmgdkcRdb2TJBpR5XUw8dcGmvnnIJ4dmtjQFXRCu9iQjuG+yICy2 C+HDpM0aEJSk0FetCxycd1AcJqhIElFmRdsHSuxvSYVzS6aiIvoTeQMyY0XgCRxrEyIa5VIShDo7 5bx7hVt42LEjbM2qrW5HXafIPxcCVQGh5QCIni5bAjzFxoCtnxk26Pi5qESAEUXDBj6PqPQKdLZK 2+PAENwNTaYyVxirvLGqvvLK+4wWJSfgJhDgRTylL/dfthjTYdnxvCqidCNmhfoxU8JJDBj5OR8Z epNHfP5Bfziwux3+ML0BqqD0np35+MGVgAU+XLrH1YWwYnYAOj2mUKvnUEr8vXBtha8gBjMi8HUw 4PnNSn9Jzh3+yAeERN44ADqt8iMjTIwJ0HvpZi1BQipV01/YPWWnTdYcIFmexnnOJD3KaB6kyG7P awW9M09j1mnhqM+TPgfGwmsRuR0oh8wxkLdYSQEOSvUo19W/o4p5kfRr8j/XywQPCwYH4fkTCdVF uH4oqj4HTgKsoRqDSENl8PJgEW0jDQ7It1gYh6SGpFnQPzjpWLpxR4jvZ3CpZoEiBFB1fes1TELw gbb+xpwQE5+eL43p+B5ye64wSD0FR616yA5kj3BtQbTUcJ19Uj+7vpnHzFrRkn3EJ0S4Zqx0SoJL Zh14Dz9HY8IFsh7Sq5SLDEujmE+bHMZ3gnmv/wD6vowDK3QwCofx/GGUQlNjRPwX84BQwZ84js8R 072KeGzNoN6RCykAm/eJkRJSwa/vjoUL27Zpvw4AASIfoHn14mD/AFTCgl+rTvrNeGAB00s7hcYl NuHsYFS6xRxmE6uHGkwiBuaDODDv9ls5IcZSAhIBo6AxTgosAlN8A084mUKCi1F//pigSA/EBhPB WGLc4RKHb3+5nPkgXxnT0rkyFdmEB9Qj0mIgFMk6IUPxMRbwNKthAUBdrbgpWlQpVt8uajCtoeDf suE1oXbjSJ3+AwdbwhDAjBCBqzRlPgeVmgjutVq1k4+1jTPLGC+Ghql7abh8sHkEwHoVLvHokkPQ BemkTiYX6orAlU8r++FssGijR29uC7MIkwVubAusqtw2V1Qb38YFTmqZBBJpTGAaNJkGngUnxmt+ JLNEs+Qcm59E9Q/fCpPOAqzFfWW+caHVr85xRIGo+8kAGH2U/dDD6igsOUPkbhHqNdzEts2VKP3g URY9zCQNrMlaDWqzDSp+KZpqBNYdg+Ecbi7JBIGmAN0quVs0OFdBep5cABVABXEh3iF26wP7YK9b htF3hjeOrfWKgcZy4MO/+MA74DBQ0Z7jE87GCAy3G/GL7F4dfjBMHrdBD7D9sSKK2ZFaD5pleahe k8HkNHy4g8lowFSvVPLVXeTSP7RMHXElW3YgB7r0ZGpRIL94HE2x/h+H4xguWMW4LOZS7zlmt/eb BiuHBh3/AMZqXnIrtcbe4KPc/fzADfGKjEjm5AcGGtftbleIq7tTF+NWyK7zxHJgdL9qflgw0O7X lH5cFAfywiQQTfaHyWayGTQ+L/7mqMw9r7xmlbE5/gcOF44Ns1Mp+LD/AIfoeDDuQ3RB9DRcCwrh AAAV0tOQHVMHtMuoCopqLIvcRW8AN0al06uC5O4JV2EeCDVAqhk3vfBYFZFRSN1LrPYnapB12iCd F3gBmXwVasAROgrzCZNLmpFDpB2/eLUiMeqCmYogpGauEte6roK0eR9PZgG4EMlQo1qJryJh/rqV EDHdCXlExn/eioBG1BFBQuaAvGpWBdwLeac8VTRsgq1ibDVenJISW0ytlPLeBwvbEAt1gldbPeJm sOxJb1gAKqAK5e64QKYOZsDYWgTrFLdIbGWnP8TgLRbGwqtQU8CL3Dy+hRC9jQ0ecjFc8o6Ejc0b 9m84/O8wsB014yim/wCzRxAslCEMV8YQC3iF8TMYf2zc5FcBYzdNfB5C/nHMUC+ANJ9mLHGg1uQr 7C+M82NkIA1uzvrLDqZ4af6jA8K6P4ZNoHRexjkDx23Ucvz849MT28Ob05D1/wC8oEp8h44jxjo5 bExrP4TBDAy4MO47KqEiKlnS+MeDqUqKsvC+MXoLTbUDuJiGEMiGTC8banhm1lNsCh6IWafdGKVj bTlvESh06UANGNppsqX11Bg0DzGHArhUSUD7uT0whtNBJQKFCa2t3HPplcPFrsGyIEmF8IgGnykQ XcHQ4WRY0tJcQueicCjmRr6DkfYSYKmq+cLQhCAvkROpjbB5qQb7WFKKmFNOpEiiBx0JmEwsCpu/ jVYmuRaNUM0ojgG+hAEW3CfDw0rQE0zIYDB7AXZoU3dIFjWgU02w8eSwb1BAqBXUMyG9AgML6Vwi 3/0CTIHdnINGhQxEr7pKeINKFcF8SGSi2uh01bNT+zUQ8/Qq4TmqLdyKAuHze3cKVE1hHo2abTYf kv5wgBQgXzNY6QSajswcCpPnLqCmeOv+sgqaAb8z8Hf4zajg+Ez+JiLblHRV/wD4ytbhoL6+/gwj Ctz07C+8lWtZ2WY/K/8A7/nEPMFxnTEUJvGv4ZIfWaDOcO5M86DQYjtK+MfiG60CIbC+HA7aaFy4 bRdqC8Fw1pTRakAFcTwK6Zvhjj5qYBCg2iLMCD4iF+Xhp+ezJJKpFKlAmF0uIQ6dk8hp4YngbwGq gu4EJJskAgX/AINDIqNwuOh8EcT2gB3fAfl1l/F6Ql+Bx+A94/o+WN9CgrT+AyxCccZUQK9QcFV0 x7J3Kwc4km7lgCNh8aUTxm/FxVQ+n/eNSBRd5pY0b7Dn5xRuPq5YCn8RhCeTWFeMJ5mjrBvXBuxH DTDuDj6AwcY+sV/8Ki6w8uL89CDIF0BLDGwRr1037asdRdRMBJO8EiM/eiPtN5RT2VvAEIqR4Yk+ o0GmirBAqsmETnwEnQIgQrQCIUYO5P4ZQWKLsP8Awe3wguCxgUhYXWBwADIpUs0c18ZA1WAQI3zI rzTKu2BXyQ1EA6dFy/eCkKwAJdSUp++ABRh+cMCRTeXKG/aQL7efrHA5hCiTFAUB7ECn+seRrznm KhHNfufrd4NbEmM8r/KWInMHrIDJAuzNuxB1HPLDuCKJNk9wAtjiWiTDUgNl3DKUtoFauNAqkmrc TsMIzVthO1dAoG54pVCUEaNioAgYdRYxJjWy1L4obYeJFYURTZAiAYL5I0jlJD0j6W0WEGZCKZ6A tNHGRg2hgLeKrTfZc3bGpylp7USJSzBoMr4xMVEgIIhN/wDgAjtfKSYyIG5aD1JM+wF46M9mKuuX k3vvq0wOKDojgvlw1gdDjYURdzQbxz3gX3BzGog0RYfGa2PC5aBFTCrYULY62fOfQIAN0PhxHyE2 eMXrkN+HzlCF85oAEzd9n5xSRsYnrGkolxjDziCgTrhgdfeGGeWHcCKDGlOOUIBWsOuRrYyVBrrw AgYCn7jYErURzG1ai+hTCCEoCW4RN2Q1XPcilsGhZtEOwXZVQzsACMEkIrCFI4IIe0fSakfzOkgk 2TSe1C0o46PdIlOwoSuGxlJ8IV2wQVJGR7z3ocXJbiJpBR/vzcQSLhMCPziXnNlkp+ZrAUcUFxtn 7ZLxHyPfMrQX8piudFtCOANuK71rJe/SAl6KoZDEJpAAM81BfW8D6JAdPa4+VYpXuIOydzloX4cw W4WfwF/Efxk/ke3jI7FBvEYHowT0W38YYVbj4GIA4PnCCh4DEoVXXCyCGRM5M8sO5REZn2lT2FcL xGH0kQ8yP+2P6ztryF40eyDAf+kIZoChWvQSRwaVAZtGLYgt9LZC+o1do4RAnHtimg0CxmRRQwdF rH/yCMBMTc2bpcHeEpC0QXIBIh0A+ed7O9kFoo3SAqHO2iQTZO4iug3ll2/qPVI47CgqKtKUOAgv HcL4YZb/AGuoMJQSKaEiDLSbqYolrZg1wECM3w1iCKUVBAmwjxPFAICVSLFP7uJBqFknbc2d5UYC f4bMGEgR5Mfsoh6R/lgQoBrJwKdaacPhpFft8Nu494oMvVOr7xUQGrQPLwvMBuQEceL84th5eMcp TNgDibAU+dXNkkCKraTEMzHe16M2ANokLV8vy5tycQzthH5HmG4Gpq4iJ15jOsDuaONQw7h3HIAV VgGA2NUUT2YLAJHZ1XQjHaepSIQWUkkhFZoC4Owi8GKjBFhgLAyAaAUbyp2isNUQz5PWWqK+oClq 1wSQqsCAgg1vfk19tFva+SirBaNrae61DJ21dJNGHRWuUCooLYSI7HDgdF/dfFp7UxeENz5uwhAq BYTG1Ca9rJBgASIxFuzOI/wxj+eQyGVICLipIPZkXPFioq1vpASX7j/dhyudywA3CfTzk7bh8Jsw EBgCARl+ZjjS/dy5lDqqYxxXQ/IBscVtCmzWlxQDZ7xkNeu+TreH0VyR8B0YFlfE8f5zZFCGnX2u JKCaGuBkE60Bh+gPLnhphsbecgEQ5MHJJ6HBKB5OMCcIQYKEc6w7hH3oWuFetubxIeiGrW7JO71l Gc1BknG9pQERiHKbBw3Xo2wNAxxo8mgiEtoIjAbqJm87QO8w6d2DFwFIsEBtWCgNbwzMO4UCFgBI pbmH/UvFf+Ae2MsSHQhN3kUBQMfKgwoexRWvUyISDQQjTHOrZG26IyD7BIWtTBQ0If8AgJ3M/Q7g kCJLg0P1DBDtG6A6R/bIQBkQ/QuPh/fDOvpsesEqbUHPuffxkKt2V8quI3m/DhXS921ZLV7kofGK qNTbMmpm81Ug6YPLXgbgdiC9K40Y+03grmHw/WJeud4or6xqMX6U7iRmoQAqv0ZwNBAhRPxkoSwT 4gU26cUJVL/AQH5N43jzY6kMgrsl29uNkw6BcWVH2c1zPritUG6b0HjYZugcyCwQwz/nrPF+45rK UWDiAtpNalIiKIO7BUOCiJo/bP8AkLPB+45rCwOCQrEwEoFnYXn9+E0Z37mNBmgBGnxvCPKK2br6 D8ncAvbzfjCkxsZk72kLYnh+ckABDD92POeKxQC8QfKYmg2t77nI5RCeXv28GHN1VYwJ26R+hu8F I7i/7WN7lJce018YsgQPpW6+sG91L/8AXDXNkbflxItNgF/GaOspTKl9f0ZTuMGJg1XZ5DUdZYAB WL+ZwMhgRRXwF5UerbQoRqAOeVMxu4gMKvDEiJr4FrR0DDIgDp/OoFCHUBVbQ1UIjOCJIRoqNE4g y9ELHirCjwH7RRZbUrZRYbhZgRnhMgEEhFnAV1qBc6CJwkgCiQqUIDuKUBiG6HG7E/wP04QMRCIK DmYxIzACRhq0CmfxDKk0QCmLRHxfJ9+fUSgAEGLhBAHUQJLAKKpOf3d15jGBrP3YKrNKdSY0Ihlv 0XxiaRUpK8kzpT6B7wAoESpF3/H7ZwpcNgj8r3OedAqnb5+s7DgivMOXDptXK1iBpDjZCG6iHIOb /pL5w7thZHzfL5wVRH+QwXvvcYj6lc29Lc7eD/JyS0aWnMNpkuLgfy5w/VTuMiGDQFQPX4MM9oRQ FADp+HHUWOyZ+hIIlIC07igY0FYtIqIDbH1gEghROP6A0AzJAuiGRFR4cmEHlQ/VY6PGA1AFA9qH X9HAA6rAwUjrmY1IIjSMOzAAAIHg/QGQAqrAzRumaQNo0lN1OOVYQxjY+v7cGVFE8YTh9RzCjbAd bk384ZcAG2+9I+Zc3kxAFvk8I/CZCiDUGf43nzU/O0j6C/nBhgRmH0s296pgIU9v8PhPWAz6yZXE MoA38GaSANSA4fLNZALVmC2OfZm2/wAogaLx5H1kQ9d40Y/xiUpemJQD2Cv3MI8CVtht+/rIgEA9 YDbDE/SaYa/oTuQzeIFGu3F5ctn4wFaDOpy+sUbMNreo2ms2gJYUU0U1Mg+SmtFMZigm5ka6yiFE MdgECzb9AdCVFVxdpEx0ZZJIYTgk2NTiJKlNXkQEka6ANRK6QjYGDpOoCz1nQQAQkGODQOQiZqlW POAGS5JaBWigUCKSkHqlRGhdXp5GhFOVh9mwLMQpQjUo/cbSToC4aWdJXNs1Rd0bIAgoojIM7iCx DHdA7UdmjRv+E0aQjNilGLVFwQ60CjnCy11Oj5JhUVthkucsUJIXuHTvSb/tvyeVN+gFKPB4jDXn vPjO02E80t79G8aJmvTbV8qaPBjzlj7YUuKvaThpb1Z+WU46f2yqRX65I17DuLgMTRx8oNfGVOc3 pw3MeA+RCjwmWIXiLd4AUpUe1T0njGCdJTeNrwonxiGydy4+D4cMxE5CssKtmyky3Xb84jJshnZc 0/oAp3PJ2jKZQw683hZOgBUq6dPjAsjVHyB5PJ4//BQR1BsdPhJbuybyXuEtQKAygNAg/oFDBRAB eoAOq4yFavZSr0lP3/o7cuZxajp2jfaMGrjLTFB5lL9/obY4pSoaABVcBMYA0R8/2tcaeWRzSA7i Ww3R473JXFbD+PGAWQ8R7nPc6+Rf8MDKBJCIfXMJVgMCrL0Hlx/KqoS4KFnN4fxoOFBso13Zoy92 rKJyg7TBlhtQvq6v7YRwGzqwQ1VC9LszWKMXoJdQdro8ZMh0UIE+MJahrr0r2aySO8/dDIO8kzaY 7kYP1U7m1aEylC+qHMGjY/rVB9W9wyyqS9kiOBABTIuXjrAqTdTs3as1FIAxd4haYgnbDWalBPKi LExQ1aNP+i3pInjICxzgQ2knoIoMEUHFToBgFhAG4abUXAwgo8wRqw3oLhOaaoMOiBsQqHcq7n1I QgBbsgkJTOhxSVr6tA7RBBV1lTLXnwCXmRcbDGUlA35u+JpzybBLaADo4T1AAhyGG0PQKQGwAW7M u1gPLXdDrMT+40ItEAq6B4ptkyJAtBUog2oRrRA9CuZurpWDTqhrd1+EwLsJQMJRV4pUWyAd8/2s PkwBrABglhrF/l/OMZCdELcN3OhEnzgaw+0i2/GuM1/FyEaHy5tl4RtT8nx5YzCMrfAwD4MfgoK6 IKmi3aTNvo0UHhfB6c0EKt6B4PnHUEZRZyexPzhzqA/kAAjfMbZ5p31S8KQ4gvpnuNXuQVEfThow bj0mCZQOWGODh3ClwdMRq7osLmkLG4Qau6DS4MVuRsQFL+owIM68JdO0HqMKBc4EDfIRVYVRfCiv zIyDZhSu/jsDP4REMXfpHXddw5/815SaAR5ERc8l92RLj8Pub13AQ6GHtRRI0G6wKDZS1DZXUefj UwvmUVXClQHhEdmT8QbtdZAkd0mToQSBFOoUccRxkPmjIDoVAqW4jzzjbMBLo2hhzIZ01+sQ+Sa4 7i6BZ7ADEcPr3j14jSUoAKlIBeYCjnJdCNowLsIOTyX1lWd4uOiXHgP79sfAK8HmZUhhIhrCAQW7 FyvzrmxBKkAbA8TBjMEdz6ec61vwacpMWwkDQBWp7cyzciA2m9yWBI+T+xMyADCGvcYZBr7iplBw 9ePTmI0EO83cIyLJxH5EybkqdBkPREEUnuH5Zs/XLCnEA0PEmICHRVPSg/jFsZNr3V4y38YZhECU 0I4470DGDUsft28w9O0RJUnxQ/GVbeOQSTzlXid2xbcCBvIJy8/OD3Nptp5K3c53hvjLDfx4zoyJ c4w7m9PSlFSnnfjELaGsbGHj6MFRZwSoEsAMgomCEGgQuqlFfBIlqlQ7TFxuqL5gKUtACfhRqk5U q6dPmeAPiOqbHveGFwVFf7O5XnjmX8s42q/TvA6AbYbSOAsgC1qSJ0TdbluItcgPRNHDi1BHY9AQ 71Wg9MZ6sHcSP0j2usOTjcEKJDY6B0XRDnUCWXBZbqE9umu9VEVZBSVbBUMot7UMF1AOqPtwML5Q NM4BodwnhMEQtpUl8so+JvAAgqQWiHoFxJgVNZ2SI7YaaPK3nilvmHQJbG1oCOO2GOWENM1peR7j ou4UxUIbRU6857UwjyFC8AFW5pDkatt2Zo1AWtGV5lPI7MurW1N/2ITM0nzdxRHuP45bcNngT+TJ QYEtPPcjBJGjAfEiNi/ZhrI9oLmyqEPgJsi/Zhw8Kad+XIAoZ0v84guZ+XKhhcKawPE2jgxT1VeR 8PC/BmwwYryYNGmD5PnAtczZXihswmtcEMfvggLSBKLoUFsxwcwF+n5ymznTDbeCjzkpn85RaMoM 4w7kthqidZhKKNG8mCtpjSIFEOnPO216vslrKxaigDvHfsFQNE07ivSqK6Gsw1JGBZy46iIsAFmI LXG7jRUGoKOKSWzeSWJXDIh01P2GHzE5TICEQAIWxuxJGnhDZWATjyvXR+qgD2riSkQNDToBtsKs QCwUymiZVR430Pa70QHF0zwkLQ1HILLxBrqu1oNiEFFeKVK0ilNMCSYW0yeNCTYPgRLcZihlkcBK 9oElZVXwlFHd0YiK4CBmbtmxfsQ0VrPOkYkWDsguhp/t2M2STAFBLlOHsFinl/kw/OKohUi+MeeK lBu7knwpU4wLBY1tYgfu8oK2wQQ8Yp4LbM8VH23AKx66f0JkXphEL+M6CK/eCVI1Z+NZSSjvMyAo KPyMa9nNoqJ8kYDyYjoqr8fCPLdYKcs7J+OZpLpdB5L7ddOCgoeI2IaI++n04sqVD0eMr1hGS5cT 1iRh0zjDuGnIRgHGPnGf2JhXVnnGYOvuFagVx3yuNuvzJ5LbXYYqiyKxIyAugCBFttDCddo0IwSY goiTzh32pXbg0Pyj5afuRiggBPIjvZbXX21CKV2DWGl0qC4345Dj7tjptH9RdIQ3hRNjhMPwdLYH eWNEE4acNTxjj9PAqanlXayZ4DAgASt27iMiqqCxZXhVQ0hCorCkhywERhQVTowWBw3DhmmNp4Gg mJbeX0xrtaB5ES4+UXiGIGtJbEZEx5KCIMlWgZmgFBtoRBCRC5hJAJVT/bPO2PEcEoKwC8DA8UHi k2mdtEiYpr9MhBGcgf4ydgb4iqt8HnGVecG2aDqSbOfyZ36rV2rkLzfbYOLOPz5Wi9iX5TLRyAjp GAMTxzBoPdV795hEPzZNMESd/bJKZdukAw2lmOy4otTl8+vfeFRh2Nv2jhczLO+/8q86vv8AnVkH e/6V4wL5e/8AbgVDDuGJkLfqDoLd61j05TddwcLutbyCctVEMUvR24zxWymEkcgQIFCS7OADAAnC RxDrBmCRBXrKkUKFjhO6o9R6NggB2KZWqwiNXEx0ZQhsgdUxIGgFWRYgw5SM8bjplKQGvFy/kr3c pE6AQQDDSePcaqAbEA6KbC0spRtAbW2CE2GO6bd1J++a2OEiK6DaqRAAaS0wWRmM/AUwMaq7UrJ1 KM6wsMiq6AcC3yCYqQRDy9SOLKfEgq98muCauKaO9u5WbAJIgHNhiSR4LdxhIUQJ2QkO7H0OnArH NQtKDZpipAgdBo/eU50cIIYQVbdIwhQK3aUooVw/hPG6bDTTYUgbCCQMYslUabpCZhi44S9BUBtY 3lJKGPVL/ag073pZwQ0hofNwjWjoeTAOkMfTCVV1Wua2hRHXulma5Yew0hraGD2lEpRQf0UT5xsX lgJdxEm9k+GJTX6AI+i1SXjzhVmqxaU8+LrtwpCWUfJHyZOYJLpWKokaLWjX9J0z/Rn+j9Ln9Y94 dxnnCSnnCN6Bo6Q1Xi8d5bDip7lCoSSK7K03PI09aEhLh++8kwprYCEOhZeVYR2GIlYh6oT9mJbv VwTPZCJzxl61x04DqkHfSkcPnU55QCliTZwgAGWD42iOpYFAAsqViTq8hPFYusB1C9YBcSjseI7w 1e63RcNHxuhFXFcWlTcHaK3q3EaWFpfKFpVXw01kYYi9nHu8KFpFo0WcdUGUUA6gNKGHdZXPUL4r 2kND2s/va6KP5S6ZzHZHTz00dJSEkfCmDSjFqSI7WT3yI7wLGQTGuLeCpDKNY4LKAFhKI8KtCy2P zuUoUPhrCDKCMNm5fuaQmgHQ0AXvysFSdo8kGaO6LkDmGAgtwtJrBEVAFVX7f7UHNaeVSkIjb8ZO EgDuGtnDd9WFnu6tTTSag85oDvC49+iJJvBlYE4RhVRTo4V/T/gjPdb3PoxXjcxIHW0iTzcOgOQS unyCLe4AOMA0UrbKr5dxY4gsUg1sNPL/AEnTP9Gf6P0uf1j3h3BsxNL5Y8RXFTlpjTUeZHChRFWK xAJCBtI1lZ6SQspolcpKKl0bPu2RIR0xBTixybnasAKV1gi13+zVyFXpUSxIsE6R6EOysgoFp2jJ VMRKkSIItYDMLXXTHsCBXga0fsCBEhDq6IGiRzxGE0mme/Pxh1tnEwXLSIAR3R4FFWigidnoADhd ZchWG1xgjKIk734XgxZHyAbsQmAdFEHn0018rqA9FD3+KJ8SBIwCS4NrCvZD8GL7ebIKyAAIDY3b poahQoMsViKgu2KLRnnJQCS33zFDpukqI0omFBbAoKUAMkYEBKgFSdcpCuIDVsoIVjKbDWowCzOF FwAwTVMkWpAfS0AUBkPdpaQi2AJDQ10/fTR9HNy3AOKvrL8mbAAIMiVX2MF0cSUxUiG3gFbfZrjg gdGkphhG1usO7sluolGDy2sxLA3Kwho4n5xJWveHdibO3T5j9ugJULs9spZaQICnbggMphqMEAwe IQrtO6ClwkCTzBBKhgi5Ip0m5F10IEQa2DDRKjr1KGQhOMJcytL2jzTQdRHSFhMLGpsXhuBZB/WD FCARB6en+r5QdNX3P/wOmf6M/wBH6XP6x7w7+oQa3Q89eFHlL3OFII1UkBUBBo6gf5RNB9xCRJM5 kZ9HZgm7thFVms34SUtKWhAQBpbcYZSoRAP6BV29a4hAbEVtaOlpF9OHkQbHqK1Xod8eM3CufC66 vUPCeMEvTOeD57q/Bzyy3ek0rpESBohIIkbrwMB2HbG+B4MKQAc0BnJEQLNWLh5jCtCQpTBG0d3B oxIhbL0O36YyUMNqiIQgAboAMWLrLbSD3dfhw0GPgbcNJQQ2Suzdwe6QBCkGzYgkRmvOKdr001J5 oPTtl5Jb8kIaVEULDx3PeLickHEKCihJwxzVBQUTFoMIAY0kWW9i7W+dAaCXuBlQFG1g8pPa4BZa 0xBTvQV9uANXyRLPQQTiYj1IBAjloiIqdNbh+fXZfdNVRYauP+xx8mveD1aY8ElJ7YtsGrr4DPKX 8LvQSukMHu1PUa+pNKbWyYmNZ6Kg0vDS2V7wscQeDvwa3qs1flrK68BIQVKO3AAkC6qI6QYPgPOQ zDqKbiIAAiE5iKqVSFBa4kWQPLkRmmG+Twfiy8ZQG1AIPyEPliZh0KFS0VVdq4RyJPIk/wBABBTE FswV/ow0iBCGEJ/rR8DC2ILYgr+sGFAwAMf8RcydwP8AgMeIL/mDDoV6Iw7h3/xn/9k= ------=_NextPart_000_000A_01C53F99.9723D020-- From qdlhxvdypv@bsp.com.br Thu Apr 14 01:24:40 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA11890; Thu, 14 Apr 2005 01:24:39 -0400 (EDT) Received: from [220.81.8.198] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DLx08-0008Pz-KZ; Thu, 14 Apr 2005 01:34:56 -0400 Received: from (132.151.6.1) (port=6113 helo=mYqQbKfVxC) by mx7.fonds.com with smtp id 909969c4d3c0$2180fea0$562aa4 for bridge-mib-request@ietf.org; Wed, 13 Apr 2005 22:24:29 -0800 Message-ID: <909969c4d3c0$2180fea0$562aa4> From: "Margret Bernal" To: bridge-mib-request@ietf.org Subject: Soap and water best germ-fighters Date: Wed, 13 Apr 2005 22:24:29 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--8-5-33640340077623028819" X-Spam-Score: 8.8 (++++++++) X-Spam-Flag: YES X-Scan-Signature: 6640e3bbe8a4d70c4469bcdcbbf0921d ----8-5-33640340077623028819 Content-Type: text/html; Content-Transfer-Encoding: 7Bit
 
  Sa   p To 70    OF    Reta   il Pri ces With Online-R  
ve U % F   X! 

   VI

   RA,  CI   S,  VA   UM,   AM   EN     SO  
AG ALI Ll Bl MA      

    $69.

       $89.      $69.95       $109.         $59.95  
95 95   95     
   To    Spe   : Cia    16x20m   ls on ly $89.  
day cial lis g pil 95     
  
             Press Here To See Our Selecton
----8-5-33640340077623028819-- From tony2000@eresmas.com Thu Apr 14 06:51:32 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA28781; Thu, 14 Apr 2005 06:51:32 -0400 (EDT) Received: from smtp11.eresmas.com ([62.81.235.111]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DM26a-0000kr-JM; Thu, 14 Apr 2005 07:01:54 -0400 Received: from [192.168.105.166] (helo=ma20.eresmas.com) by smtp11.eresmas.com with esmtp (Exim 4.10) id 1DLjE5-0004yu-00; Wed, 13 Apr 2005 16:52:21 +0200 From: anthony uba 2341 To: tony2000@eresmas.com Reply-To: anthonyuba111@yahoo.co.in Message-ID: <217dba216589.216589217dba@ma20.eresmas.com> Date: Wed, 13 Apr 2005 14:52:23 GMT X-Mailer: Netscape Webmail MIME-Version: 1.0 Content-Language: en Subject: MR. Anthony Uba X-Accept-Language: en Content-Type: text/html; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Spam-Score: 12.3 (++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 68c8cc8a64a9d0402e43b8eee9fc4199 Content-Transfer-Encoding: 7bit

FROM THE DESK OF:
MR.Athony Uba

Dear Sir/Madam

I am MR Athony Uba, Bank Manager of Cometh Bank
Plc,Victoria-Island Branch I have an urgent and very confidential
business proposition  for you.

In 1996 - 1997, an Oil consultant/contractor with the Nigerian National
Petroleum Corporation, Engr. Nam Hyewon made a numbered time (Fixed)
Deposit for twelve calendar months, valued atS$25,000,000.00
(Twenty-five Million Dollars) in my branch. Upon maturity, I sent a
routine  notification to his forwarding address but got no reply. After
a
month, we  sent a reminder and finally we discovered from his contract
employers,  the Nigerian National Petroleum Corporation that Engr. Nam
Hyewon died in  Korean Air Flight 801, which crashed in Guam on August
1997. On further  investigation, I found out that he died without
making a WILL, and all attempts to trace his next of kin was fruitless.
I therefore made further investigation and discovered that Engr. Nam
Hyewon did not declare any next of kin or relations in all her official
documents, including her Bank Deposit paperwork in my Bank. This sum of
US$25,000,000.00 is still sitting in my Bank and the interest is being
rolled over with the principal sum at the end of each year. No one will
ever come forward to claim it. According to Nigerian Law, at the
expiration of 6 (six) years, the money will revert to the ownership of
the Nigerian Government if nobody applies to claim this fund.

Consequently, my proposal is that I will like you as a foreigner to
stand in as the next of kin to Engr. Nam Hyewon so that the fruits of
this His labor will not get into the hands of some corrupt
government officials. This is simple, I will like you to provide
immediately your full names and address so that the Attorney will
prepare the  necessary documents and affidavits which will! put you in
place as the  next of  kin. We shall employ the services of two
Attorneys
for drafting and notarization of the WILL and to obtain the necessary
documents and letter of probate/administration in your favor for the
transfer.

I would need you as a Foreigner acting as the next of kin and sole
benefactor to the inheritance of Engr. Nam Hyewon to claim from the
bank. The money will be transferred to you for us to share in the ratio
of 60% for me and 40% for you. There is no risk at all as all the
paperwork for this transaction will be done by the Attorney and my
position as the Branch Manager guarantees the successful execution of
this transaction. If you are interested, please reply immediately via
the private email address below.Upon your response, I shall then
provide you with more details and relevant documents that will help you
understand the
transaction.

Please observe utmost confidentiality, and! rest assured that this
transaction would be most profitable for both of us because I shall
require your assistance to invest my share in your country.

anthonyuba1@yahoo.co.in
Thanks and regards.

MR. Anthony Uba
Cometh Bank plc

 


 

From eap-admin@frascone.com Thu Apr 14 11:05:12 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA22696 for ; Thu, 14 Apr 2005 11:05:11 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 2ACC6205B6; Thu, 14 Apr 2005 11:05:09 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 1E354205B2; Thu, 14 Apr 2005 11:05:06 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C0DCA2057C for ; Thu, 14 Apr 2005 11:04:54 -0400 (EDT) Received: from mgw-x1.nokia.com (mgw-x1.nokia.com [131.228.20.21]) by mail.frascone.com (Postfix) with ESMTP id 272F7204F1 for ; Thu, 14 Apr 2005 11:04:51 -0400 (EDT) Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158]) by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3EF4g819468 for ; Thu, 14 Apr 2005 18:04:42 +0300 (EET DST) X-Scanned: Thu, 14 Apr 2005 18:02:10 +0300 Nokia Message Protector V1.3.34 2004121512 - RELEASE Received: (from root@localhost) by esdks003.ntc.nokia.com (8.12.9/8.12.9) id j3EF2Apx014454 for ; Thu, 14 Apr 2005 18:02:10 +0300 Received: from mgw-int2.ntc.nokia.com (172.21.143.97) by esdks003.ntc.nokia.com 00EAuliB; Thu, 14 Apr 2005 18:02:08 EEST Received: from esebh002.NOE.Nokia.com (esebh002.ntc.nokia.com [172.21.138.77]) by mgw-int2.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3EF28U02365 for ; Thu, 14 Apr 2005 18:02:08 +0300 (EET DST) Received: from esebe016.NOE.Nokia.com ([172.21.138.55]) by esebh002.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Thu, 14 Apr 2005 16:47:36 +0300 Received: from trebe101.NOE.Nokia.com ([172.22.124.61]) by esebe016.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Thu, 14 Apr 2005 16:47:37 +0300 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C540F8.8400EE2C" Subject: RE: [eap] EAP-SIM fast re-auth identity Message-ID: Thread-Topic: [eap] EAP-SIM fast re-auth identity Thread-Index: AcU/lIq0qgtpq9GXS4mnIsneKIH0EwBYkPBA From: To: , Cc: X-OriginalArrivalTime: 14 Apr 2005 13:47:37.0953 (UTC) FILETIME=[85210D10:01C540F8] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Thu, 14 Apr 2005 16:47:36 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. ------_=_NextPart_001_01C540F8.8400EE2C Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 Hi Madjid, =20 Yes, you are correct. The fast re-authentication exchange is performed = by the same=20 conceptual EAP server that performs the full authentication exchange. = The EAP-SIM document=20 or 3GPP WLAN IW documents do not have any provisions for distributing or = delegating fast handoffs outside the home network. So the master key is never sent = to the NAS. =20 The fast re-authentication exchange was not designed for fast handoffs. = The main reason is to have a less expensive procedure for frequent = re-authentications.=20 =20 Regards, Henry -----Original Message----- From: ext Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri@motorola.com] Sent: 12 April, 2005 22:18 To: Haverinen Henry (Nokia-ES/Jyvaskyla); twieland@cisco.com Cc: eap@frascone.com Subject: RE: [eap] EAP-SIM fast re-auth identity Hi Henry, =20 I understand that most of EAP methods are designed for both 2- and 3 = party models. However, I do think the EAP master key from EAP = authentication only resides at the peer and the EAP server and so far we = are ok for both 2 and 3 party models. Now if you choose to implement a = key distribution based on the initial EAP authentication, you can choose = to send your master key to the NAS. I am ok with that too, as long as = you are not doing handovers. If you ARE doing handovers, then the master = key should not be sent to the NAS, because then after the handover both = NAS will come to share the same master key and if the idea is to use the = master key to run a security association protocol (such as a 4-way = handshake) to arrive at peer-NAS temp keys, then you will have a serious = threat problem.=20 =20 The fast re-authentication in this draft seems to use the initial master = key to derive temp session keys (section 5.1). So based on what I said = above, I am assuming it is the EAP server is the one who keeps the = master key (EAP server or NAS) and derives the temp keys would be = important in case fast re-authentication is used for handovers. So fast = re-authentication still needs to happen based on interaction with the = EAP server, even though you don't run all the initial EAP exchanges, = correct? =20 Regards, =20 Madjid =20 -----Original Message----- From: henry.haverinen@nokia.com [mailto:henry.haverinen@nokia.com]=20 Sent: Monday, April 11, 2005 3:45 AM To: Nakhjiri Madjid-MNAKHJI1; twieland@cisco.com Cc: eap@frascone.com Subject: RE: [eap] EAP-SIM fast re-auth identity =20 =20 Hi Madjid, =20 The term "EAP server" simply refers to the entity that implemens the EAP-SIM server part. Usually this is implemented in a AAA server. The "authenticator" is a term that EAP documents use for the first-hop = entity (NAS or 802.11 access point). In principle, the EAP server could be co-located in the NAS, but I don't think this is likely in the case of = EAP-SIM. =20 If the access technology requires an EAP exhange upon a handover,=20 then you can run either mode of EAP-SIM there (full or fast re-auth). Unless pre-authentication is used, this kind of handover is not likely = to be very smooth. If there is a need to run an EAP exchange even through=20 you haven't moved to a new AP, you can also run either mode.=20 EAP-SIM does not define when to use the fast re-auth mode. =20 Regards, Henry -----Original Message----- From: ext Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri@motorola.com] Sent: 06 April, 2005 22:19 To: 'Thomas Wieland' Cc: eap@frascone.com; Haverinen Henry (Nokia-ES/Jyvaskyla); Nakhjiri = Madjid-MNAKHJI1 Subject: RE: [eap] EAP-SIM fast re-auth identity Hi Thomas, =20 Thanks for being among helpful "other people" :-) Ok, I am not sure how fast re-authentication protects the use identity, = so I can understand if no protection is provided, that would be one way = to protect the permanent identities such as IMSI. But what I don't understand is how every use of IMSI means use of new = triplets? Sure EAP-SIM draft says that it does not allow re-use of triplets (I = guess for full authentication), but from what I understand the fast = re-authentication does not use any triplets, so the question of "re-use = versus using fresh" should be moot. =20 I do have another issue with the fast re-auth. Most of the sequence = charts only show a peer and an authenticator. Does this mean the = authenticator is the NAS or that it is the EAP server? I am trying to = understand how this fits into a 3 party EAP authentication model and = whether the fast re-authentication can apply to handovers or it is just = re-authentication to the same authenticator? =20 Regards, =20 Madjid =20 -----Original Message----- From: Thomas Wieland [mailto:twieland@cisco.com]=20 Sent: Wednesday, April 06, 2005 2:41 AM To: Nakhjiri Madjid-MNAKHJI1 Cc: eap@frascone.com; henry.haverinen@nokia.com Subject: Re: [eap] EAP-SIM fast re-auth identity =20 Hi Madjid, I'm not an author but "other people", but maybe I can shed=20 some light on this. Henry can always correct and expand. There is nothing "wrong" with the identities used during full authentication (i.e. either permanent identity, e.g. 1IMSI @realm, or pseudonym identity). The "problem", if you will, is that by definition of a full authentication, these identities require the use of 2 or 3 GSM triplets to authenticate. =20 For one, this implies at least one round trip to a remote server,=20 i.e. the HLR/AuC where the triplets are generated. This is=20 usually much slower than going through the calculations=20 necessary to iterate the keying material locally at the AAA=20 server. It also means additional load on the HLR/AuC. The second "bad" aspect is that each full EAP-SIM authentication uses=20 up 2 or 3 triplets. The number of triplets that can be generated by = each=20 SIM is usually limited (e.g. to 50,000) due to security concerns. This=20 doesn't matter too much in a GSM mobile network as authentications only use only one triplet and occur relatively infrequently compared to, for example, public WLAN. For EAP-SIM used in a PWLAN scenario, not only do you use up 2 or 3 triplets per authentication, the = authentications=20 also happen much more frequently. For example every time every time=20 a PC gets turned on (or woken up), when a user roams between access points etc. You can see how you could be chewing through the available triplets pretty fast and once you've reached the limit hard-wired into = the SIM, your SIM is dead and needs to be replaced. =20 By using the fast re-auth mechanism, not only do you speed up=20 EAP-SIM authentications (hence "fast" :-), you also reduce the load on the back-end server (AuC) and extend the life of your SIM. In other words, "it's a good thing". Regards, Thomas At 10:05 05-04-05 -0500, Nakhjiri Madjid-MNAKHJI1 wrote: Hi,=20 =20 I have a question regarding the EAP-SIM method for fast = re-authentication and would appreciate it if the authors and other = people respond. Why is a specific identity used for fast = re-authentication? What is the problem with using the identities that = were used during the full authentication? The initial identity that is = sent in EAP-Response/ Identity should not have a problem, right? =20 Thanks in advance, =20 Madjid Nakhjiri ------_=_NextPart_001_01C540F8.8400EE2C Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
Hi=20 Madjid,
 
Yes,=20 you are correct. The fast re-authentication exchange is = performed by the=20 same
conceptual EAP server that performs the full authentication=20 exchange. The EAP-SIM document =
or=20 3GPP WLAN IW documents do not have any = provisions for=20 distributing or delegating
fast=20 handoffs outside the home network. So the master key is never sent to = the=20 NAS.
 
The=20 fast re-authentication exchange was not designed for fast handoffs. The=20 main
reason=20 is to have a less expensive procedure for = frequent re-authentications.
 
Regards,
Henry
-----Original Message-----
From: ext Nakhjiri = Madjid-MNAKHJI1=20 [mailto:Madjid.Nakhjiri@motorola.com]
Sent: 12 April, 2005=20 22:18
To: Haverinen Henry (Nokia-ES/Jyvaskyla);=20 twieland@cisco.com
Cc: eap@frascone.com
Subject: = RE: [eap]=20 EAP-SIM fast re-auth identity

Hi=20 Henry,

 

I = understand that=20 most of EAP methods are designed for both 2- and 3 party models. = However, I do=20 think the EAP master key from EAP authentication only resides at the = peer and=20 the EAP server and so far we are ok for both 2 and 3 party models. Now = if you=20 choose to implement a key distribution based on the initial EAP=20 authentication, you can choose to send your master key to the NAS. I = am ok=20 with that too, as long as you are not doing handovers. If you ARE = doing=20 handovers, then the master key should not be sent to the NAS, because = then=20 after the handover both NAS will come to share the same master key and = if the=20 idea is to use the master key to run a security association protocol = (such as=20 a 4-way handshake) to arrive at peer-NAS temp keys, then you will have = a=20 serious threat problem.

 

The fast=20 re-authentication in this draft seems to use the initial master key to = derive=20 temp session keys (section 5.1). So based on what I said above, I am = assuming=20 it is the EAP server is the one who keeps the master key (EAP server = or NAS)=20 and derives the temp keys would be important in case fast = re-authentication is=20 used for handovers. So fast re-authentication still needs to happen = based on=20 interaction with the EAP server, even though you don't run all the = initial EAP=20 exchanges, correct?

 

Regards,

 

Madjid

 

-----Original=20 Message-----
From:=20 henry.haverinen@nokia.com [mailto:henry.haverinen@nokia.com] =
Sent: Monday, April 11, 2005 = 3:45=20 AM
To: Nakhjiri=20 Madjid-MNAKHJI1; twieland@cisco.com
Cc: = eap@frascone.com
Subject: RE: [eap] EAP-SIM fast = re-auth=20 identity

 

 

Hi=20 Madjid,

 

The term = "EAP server"=20 simply refers to the entity that implemens

the EAP-SIM = server=20 part. Usually this is implemented in a AAA = server.

The = "authenticator"=20 is a term that EAP documents use for the first-hop=20 entity

(NAS or = 802.11 access=20 point). In principle, the EAP server could be

co-located = in the=20 NAS, but I don't think this is likely in the case of=20 EAP-SIM.

 

If the = access=20 technology requires an EAP exhange upon a handover, =

then you = can run=20 either mode  of EAP-SIM there (full or fast=20 re-auth).

Unless=20 pre-authentication is used, this kind of handover is not likely to=20 be

very = smooth. If=20 there is a need to run an EAP exchange even through=20

you haven't = moved to=20 a new AP, you can also run either mode.

EAP-SIM = does not=20 define when to use the fast re-auth mode.

 

Regards,

Henry

-----Original=20 Message-----
From: ext=20 Nakhjiri Madjid-MNAKHJI1 = [mailto:Madjid.Nakhjiri@motorola.com]
Sent: 06 April, 2005 = 22:19
To: 'Thomas = Wieland'
Cc: eap@frascone.com; = Haverinen Henry=20 (Nokia-ES/Jyvaskyla); Nakhjiri Madjid-MNAKHJI1
Subject: RE: [eap] EAP-SIM = fast re-auth=20 identity

Hi=20 Thomas,

 

Thanks = for being=20 among helpful "other people" J

Ok, I am = not sure=20 how fast re-authentication protects the use identity, so I can = understand if=20 no protection is provided, that would be one way to protect the = permanent=20 identities such as IMSI.

But what = I don't=20 understand is how every use of IMSI means use of new=20 triplets?

Sure = EAP-SIM draft=20 says that it does not allow re-use of triplets (I guess for full=20 authentication), but from what I understand the fast = re-authentication does=20 not use any triplets, so the question of "re-use versus using fresh" = should=20 be moot.

 

I do have = another=20 issue with the fast re-auth. Most of the sequence charts only show a = peer=20 and an authenticator. Does this mean the authenticator is the NAS or = that it=20 is the EAP server? I am trying to understand how this fits into a 3 = party=20 EAP authentication model and whether the fast re-authentication can = apply to=20 handovers or it is just re-authentication to the same=20 authenticator?

 

Regards,

 

Madjid

 

-----Original=20 Message-----
From: Thomas=20 Wieland [mailto:twieland@cisco.com]
Sent: Wednesday, April 06, = 2005 2:41=20 AM
To: Nakhjiri=20 Madjid-MNAKHJI1
Cc:=20 eap@frascone.com; henry.haverinen@nokia.com
Subject: Re: [eap] EAP-SIM = fast re-auth=20 identity

 


Hi = Madjid,

  I'm not an=20 author but "other people", but maybe I can shed
some light on=20 this.  Henry can always correct and expand.

There is = nothing=20 "wrong" with the identities used during full
authentication (i.e. = either=20 permanent identity, e.g. 1IMSI @realm,
or pseudonym = identity).  The=20 "problem", if you will, is that by
definition of a full = authentication,=20 these identities require the
use of 2 or 3 GSM triplets to=20 authenticate. 

For one, this implies at least one round = trip to=20 a remote server,
i.e. the HLR/AuC where the triplets are=20 generated.  This is
usually much slower than going through = the=20 calculations
necessary to iterate the keying material locally at = the AAA=20
server.  It also means additional load on the = HLR/AuC.

The=20 second "bad" aspect is that each full EAP-SIM authentication uses =
up 2=20 or 3 triplets.  The number of triplets that can be generated by = each=20
SIM is usually limited (e.g. to 50,000) due to security = concerns. =20 This
doesn't matter too much in a GSM mobile network as=20 authentications
only use only one triplet and occur relatively=20 infrequently compared to,
for example, public WLAN.  For = EAP-SIM=20 used in a PWLAN scenario,
not only do you use up 2 or 3 triplets = per=20 authentication, the authentications
also happen much more=20 frequently.  For example every time every time
a PC gets = turned on=20 (or woken up), when a user roams between access
points etc.  = You can=20 see how you could be chewing through the available
triplets = pretty fast=20 and once you've reached the limit hard-wired into the
SIM, your = SIM is=20 dead and needs to be replaced. 

By using the fast = re-auth=20 mechanism, not only do you speed up
EAP-SIM authentications = (hence=20 "fast" :-), you also reduce the
load on the back-end server (AuC) = and=20 extend the life of your SIM.
In other words, "it's a good=20 thing".

Regards,

  Thomas



At 10:05 = 05-04-05 -0500, Nakhjiri Madjid-MNAKHJI1 = wrote:

Hi, =

 

I have a=20 question regarding the EAP-SIM method for fast re-authentication and = would=20 appreciate it if the authors and other people respond. Why is a = specific=20 identity used for fast re-authentication? What is the problem with = using the=20 identities that were used during the full authentication? The = initial=20 identity that is sent in EAP-Response/ Identity should not have a = problem,=20 right?

 

Thanks=20 in advance,

 

Madjid=20 = Nakhjiri

------_=_NextPart_001_01C540F8.8400EE2C-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From wmwmwcdlfgw@utrc.utc.com Thu Apr 14 12:37:51 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00198; Thu, 14 Apr 2005 12:37:50 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DM7Vl-0007Jg-9M; Thu, 14 Apr 2005 12:48:15 -0400 Received: from host-84-222-166-233.cust-adsl.tiscali.it ([84.222.166.233]) by mx2.foretec.com with smtp (Exim 4.24) id 1DM7Lc-0004sd-80; Thu, 14 Apr 2005 12:37:45 -0400 Received: from (65.246.255.50) (port=5157 helo=cRoRrRrQsV) by mx9.sprinklertech.com with smtp id 269134c4d3c0$2180fea0$168aa6 for bridge-mib@ietf.org; Thu, 14 Apr 2005 09:36:49 -0800 Message-ID: <269134c4d3c0$2180fea0$168aa6> From: "Rocco Colvin" To: bridge-mib@ietf.org Subject: Soap and water best germ-fighters Date: Thu, 14 Apr 2005 09:36:49 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--0-07-21909-828-36144915106942" X-Spam-Score: 2.1 (++) X-Scan-Signature: 68ba2b07ef271dba6ee42a93832cfa4c ----0-07-21909-828-36144915106942 Content-Type: text/html; Content-Transfer-Encoding: 7Bit
 
  Sa   p To 70    OF    Reta   il Pri ces With Online-R  
ve U % F X! 

   VI

   RA,  CI   S,  VA   UM,   AM   EN     SO  
AG ALI Ll Bl MA      

    $69.

       $89.      $69.95       $109.         $59.95  
95 95   95     
   To    Spe   : Cia    16x20m   ls on ly $89.  
day cial lis g pil 95     
  
             Press Here To See Our Selecton
----0-07-21909-828-36144915106942-- From deadeye@yebox.com Thu Apr 14 14:50:20 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11579; Thu, 14 Apr 2005 14:50:20 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DM9Zz-0004PA-N8; Thu, 14 Apr 2005 15:00:45 -0400 Received: from [82.226.207.95] (helo=lec67-2-82-226-207-95.fbx.proxad.net) by mx2.foretec.com with smtp (Exim 4.24) id 1DM9Pu-00005R-In; Thu, 14 Apr 2005 14:50:19 -0400 X-Apparently-To: drafts@ietf.org X-Sieve: CMU Sieve 2.2 Received: from dodecahedral.balinese.pochta.ru ([unix socket]) by canvasback.coates.pochta.ru (Cyrus v2.2.1) with LMTPA; Thu, 14 Apr 2005 18:47:08 -0100 Date: Thu, 14 Apr 2005 17:45:08 -0200 From: "Rodney Barajas" Message-Id: X-Accept-Language: en,zh-TW,zh-CN,zh,ja,ko,tr,ru To: drafts@ietf.org Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org, ediint-archive@ietf.org, edu-discuss@ietf.org Subject: Become a homeowner with low rates X-Mailer: Forte Agent 1.91/32.564 X-Spam-Score: 3.4 (+++) X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.mrg-now-yes.com/sign.asp Best Regards, Sheldon Day to be remov(ed: http://www.mrg-now-yes.com/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From qkeyvvqwc@eml.cc Fri Apr 15 01:30:24 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA04176; Fri, 15 Apr 2005 01:30:23 -0400 (EDT) Received: from [218.247.166.82] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DMJZS-0005J1-22; Fri, 15 Apr 2005 01:40:53 -0400 X-Message-Info: 59KP3PVjd072CD6vqWdpeD36isFQB578orSQhbR576PDS134 Received: from dns1.aussiemail.com.au ([242.17.84.86]) by 6a-bm68.218.247.166.82 with Microsoft SMTPSVC(5.0.6188.4452); Fri, 15 Apr 2005 12:26:09 +0600 Message-ID: <9705078251.23023@218.247.166.82> Reply-To: "Frances " From: "Frances " To: edu-team@ietf.org, edu-discuss@ietf.org, eap-archive@ietf.org, edu-team-web-archive@ietf.org Subject: Medical Records,over 440,000 listings of professional executives in the healthcare field. Date: Fri, 15 Apr 2005 11:29:09 +0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--193304149063264575" X-Spam-Score: 20.5 (++++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da ----193304149063264575 Content-Type: text/plain; charset="iso-6835-2" Content-Transfer-Encoding: quoted-printable 442,077 Healthcare Executives on CD Rom. Listed by title (including mailing address/phone/fax). The largest, most extensive listing of healthcare professionals in the country. Complete list $279. Records can be merged easily. Excel format. Title: Healthcare Professionals.on CD-Rom (sku-2447). Healthline Publications has just assembled a full and complete directory of healthcare executives in the United States. It is available on CD-Rom at an introductory price of $279. This unprecedented tool includes over 440,000 listings of professional executives in the healthcare field. The following titles are included: CEO, President, CFO, Medical Director, Medical Records Director, Purchasing Director, Nursing Director, IT director, Human Resources Director, Legal Director, MIS, Director, Social Services Director, Radiology Director, Physician Services Director, Staff Development Director, Chief of Surgery, Chief of Urology, Respiratory Therapy, Psychiatric Services, Information Services Director, Library Services, Medical Records, Physical Therapy Director, Financial Services, Housekeeping Director, Managed Care Director, Pharmacy Director General/Office managers, Patient Services, and more. The above titles are separated by industry (e.g. nursing homes, hospitals, assisted living, group practices, clinics, etc.) Mailing addresses, fax/phone are included. The data and can be easily merged or manipulated. Bonus Offer: Unlike other publications of this type, Healthcare Professionals on CD-Rom is now offered on an unlimited use only. There are no restrictions. To order Healthcare Professionals on CD-Rom, simply fill out the information below and fax it to 888-641-7334 (tel: 888-640-3360). NAME: TITLE: COMPANY: ADDRESS: CITY: ZIP: TEL: FAX: EMAIL: ----193304149063264575-- From lilas.staton@oosting.com Fri Apr 15 04:59:40 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA08657; Fri, 15 Apr 2005 04:59:40 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DMMq0-0004Zi-MI; Fri, 15 Apr 2005 05:10:13 -0400 Received: from [221.124.187.37] (helo=USER-13U6T97D00) by mx2.foretec.com with smtp (Exim 4.24) id 1DMLwI-0001IE-Ug; Fri, 15 Apr 2005 04:12:41 -0400 Received: from mail.pharmasystems.com (221.124.187.37) by 221.124.187.37 (marigoldv.4) with SMTP id <11738925m75o> (Authid: 7981781); Fri, 15 Apr 2005 07:55:44 -0200 Reply-To: "hall leontine" From: "hall leontine" To: diffserv@ietf.org, diffserv-admin@ietf.org, diffserv-interest@ietf.org, diffserv-interest-admin@ietf.org, diffserv-interest-request@ietf.org, diffserv-request@ietf.org, dinaras@ietf.org, directory-web-archive@ietf.org, disman@ietf.org, disman-admin@ietf.org, disman-request@ietf.org, dmin@ietf.org, dn@ietf.org, drafts@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, edu-team@ietf.org, edu-team-web-archive@ietf.org, entmib@ietf.org Subject: You can start saving now Date: Fri, 15 Apr 2005 03:01:44 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--594661_283756.heY05" Message-Id: X-Spam-Score: 18.3 (++++++++++++++++++) X-Spam-Flag: YES X-Scan-Signature: 93238566e09e6e262849b4f805833007 ----594661_283756.heY05 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7Bit Dear Homeowner,

You have been pre-approved for $400,000 with a low fixed rate.

This offer is being extended to you unconditionally and your credit is in no way a factor.

Take Advantage of this Limited Time opportunity. Just answer only a few questions at
our site and we can give you an approval in under 30 seconds - it’s that simple!

http://www.refi-gazette.com/s5/jwex.php?l4d=63

Regards,

hall leontine

-------------
r-m-v yourself - http://www.refi-gazette.com/r1/ ----594661_283756.heY05-- From uwirjo@doramail.com Fri Apr 15 07:28:15 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA18642; Fri, 15 Apr 2005 07:28:15 -0400 (EDT) Received: from [220.121.5.133] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DMP9p-0001N9-LF; Fri, 15 Apr 2005 07:38:47 -0400 Delivered-To: maledict@schoolteacher.dreamhost.com Received: from burma.dreamhost.com by crete.dreamhost.com (Pingofix) with ESMTP id 7CC6A28D1B for ; Fri, 15 Apr 2005 11:23:08 -0100 Message-ID: Date: Fri, 15 Apr 2005 13:23:08 +0100 From: "Ty Kirk" To: Subject: Instant low rates X-Mailer: Mailman v2.0.7 X-SpamTest-Info: Profile: Formal (167/041134) X-SpamTest-Info: Profile: Detect Hard No RBL (4/030542) X-Spam-Score: 7.0 (+++++++) X-Spam-Flag: YES X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.n0wwewillsave.com/sign.asp Best Regards, Janice Humphrey to be remov(ed: http://www.n0wwewillsave.com/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From Myron@lomo.co.uk Fri Apr 15 07:39:02 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA19586 for ; Fri, 15 Apr 2005 07:39:01 -0400 (EDT) Received: from [220.90.85.11] (helo=220.90.85.11) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DMPKE-0001o6-Rf for eap-archive@ietf.org; Fri, 15 Apr 2005 07:49:32 -0400 Date: Fri, 15 Apr 2005 20:38:48 +0900 From: Amelia X-Mailer: The Bat! (v1.61) Business X-Priority: 3 (Normal) Message-ID: <678149690.14740@220.90.85.11> To: eap-archive@ietf.org Subject: ATTENTION: Latest updates. MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Spam-Score: 1.4 (+) X-Scan-Signature: 6d62ab47271805379d7172ee693a45db Content-Transfer-Encoding: 8bit Download any latest software now! http://Ottomanizations.395meds.com/ Miranda, with regards. From xuzkrybjagqtwq@netvigator.com Fri Apr 15 11:39:09 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA11071; Fri, 15 Apr 2005 11:39:08 -0400 (EDT) Received: from [216.155.93.194] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DMT3v-0002k9-G4; Fri, 15 Apr 2005 11:48:57 -0400 Message-ID: <9390789386045824203.52mpfw3jcy@mac.com> Received: from 192.120.245.180 by le3-jux90.aidy66.mac.com with DAV; Fri, 15 Apr 2005 12:33:40 -0400 Reply-To: "Alvaro Joiner" From: "Alvaro Joiner" To: Subject: Acquire whatever drags you desire plug Date: Fri, 15 Apr 2005 12:36:40 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--sgyfvcvsa769376kylpn" X-Spam-Score: 11.3 (+++++++++++) X-Spam-Flag: YES X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 ----sgyfvcvsa769376kylpn Content-Type: text/plain; Content-Transfer-Encoding: 7Bit neew, improoved drags on our website! just try us, you wont be dissappointed... for sure :) main page: http://smug.grlk.com/p/erika/hepburn.htm also: lose wieght fast and easy? Maridia is the ultimate solution: http://smug.grlk.com/p/erika/6/rumania.htm you wont stop scrrewing with viaggra, enjoy!: http://smug.grlk.com/p/erika/20/excuse.htm wanna get rid of smoking? Zybban is the simple and elegant answer: http://smug.grlk.com/p/erika/28/attrition.htm loosing hair? stop it now! look good again with Propesia, recomended! : http://smug.grlk.com/p/erika/12/peasanthood.htm also: men's haelth mucsle relexers pajn reliev still i wanna thank you for all the wonderful memories you gave me!being there for me always when i needed you! lady that s more than some whose tailors are as dear as yours can justly boast of what s your lordship s pleasure? the display boards prepared worked very well - not only for basic factual communication but also as a strong piece of brand promotion for our new logo and of course - the cars. two weeks before congress passed the iraq congressional resolution wesley clark made the case for war testified that saddam had chemical and biological weapons. they may be brief but they?re enticing little film treasures and for the outdoor types fliff offers maroone moonlight movies and beachplace. go and check them out please well for now i shall leave it to that i ll be posting more fictions soon thank you for your patience guys! xox. hamlet for if the sun breed maggots in a dead dog being a god kissing carrion --have you a daughter? vous allez avoir une meilleure version de celle de ckoi sous peu j envoie la cassette a sd lundi avec un peu de retard mais mieux vaut tard que jamais. this site is tight n it is truely for aaliyah the baby in heaven n i try to show much luv to her so peace out. better but my neck and head still hurt romy michele is on abc family so i m getting my nightly giggle in bed no less. nbsp nbsp she had never seen him softened and was much distressed he knew her to be so without looking at her and said. just wondering when the new stories are going to be added the site hasn t been updates in over a year kinda miss the stories. forest green rovers defender jamie impey has gone on loan to weymouth for the remainder of the season he joins lee russell who is also on loan there. hi! great homepage i hope you get the chance to visit my page keep up the good work see ya and thanx! ----sgyfvcvsa769376kylpn-- From sposh@doneasy.com Fri Apr 15 14:12:31 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA27895; Fri, 15 Apr 2005 14:12:31 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DMVT4-0004KU-BW; Fri, 15 Apr 2005 14:23:07 -0400 Received: from 219.10.97-84.rev.gaoland.net ([84.97.10.219]) by mx2.foretec.com with smtp (Exim 4.24) id 1DMUZL-0000HS-AB; Fri, 15 Apr 2005 13:25:27 -0400 Received: from northeastern.absence-aging.com (HELO diatonic.com 66.6.149.23) by poole.com with EMQP; Fri, 15 Apr 2005 15:03:04 -0400 Date: Sat, 16 Apr 2005 01:09:04 +0600 From: "Maude Kruse" Message-Id: To: drafts@ietf.org Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org, ediint-archive@ietf.org, edu-discuss@ietf.org Subject: Need a low mortage rate? X-Mailer: CompuServe 7.0 X-Spam-Score: 0.0 (/) X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.n0wwewillsave.com/sign.asp Best Regards, Katelyn Robinson to be remov(ed: http://www.n0wwewillsave.com/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From kwella@doramail.com Fri Apr 15 17:45:15 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA01756; Fri, 15 Apr 2005 17:45:14 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DMYn3-0003gd-5l; Fri, 15 Apr 2005 17:55:54 -0400 Received: from d57-55-109.home.cgocable.net ([24.57.55.109]) by mx2.foretec.com with smtp (Exim 4.24) id 1DMYcg-0006TB-NC; Fri, 15 Apr 2005 17:45:13 -0400 Authentication-Results: belly.es from=premium.teeing.es; domainkeys=neutral (no sig) X-Originating-IP: [146.227.156.26] Received: from premium.char.es (EHLO premium.hipster.es) by premium.irate.es with SMTP; Fri, 15 Apr 2005 16:40:19 -0600 Date: Sat, 16 Apr 2005 02:35:19 +0400 From: "Harris Calderon" To: drafts@ietf.org Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org Subject: Need a low mortage rate? Message-ID: <112141.3008.kwella@doramail.com> X-Mailer: Kana Connect 6 X-Spam-Score: 3.7 (+++) X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have qualified for the lowest rate in years... You could get over $380,000 for as little as $500 a month! Ba(d credit? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.n0wwewillsave.com/sign.asp Best Regards, Dawn Henley to be remov(ed: http://www.n0wwewillsave.com/gone.asp this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s. From eap-admin@frascone.com Sat Apr 16 07:41:13 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA15319 for ; Sat, 16 Apr 2005 07:41:13 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 8861C20447; Sat, 16 Apr 2005 07:41:09 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 9263320430; Sat, 16 Apr 2005 07:41:06 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 09E2D20430 for ; Sat, 16 Apr 2005 07:40:49 -0400 (EDT) Received: from orsfmr002.jf.intel.com (fmr17.intel.com [134.134.136.16]) by mail.frascone.com (Postfix) with ESMTP id A1F0920428 for ; Sat, 16 Apr 2005 07:40:47 -0400 (EDT) Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr002.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j3GBedvl031169; Sat, 16 Apr 2005 11:40:39 GMT Received: from orsmsxvs041.jf.intel.com (orsmsxvs041.jf.intel.com [192.168.65.54]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j3GBedeC025045; Sat, 16 Apr 2005 11:40:39 GMT Received: from orsmsx332.amr.corp.intel.com ([192.168.65.60]) by orsmsxvs041.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005041604403911363 ; Sat, 16 Apr 2005 04:40:39 -0700 Received: from orsmsx401.amr.corp.intel.com ([192.168.65.207]) by orsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 16 Apr 2005 04:40:38 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C54279.1C28FD2B" Message-ID: Thread-Topic: EAP Key Binding Discussion Thread-Index: AcVCeRtWOI4ciDmNRQCm37df40BsZQ== From: "Walker, Jesse" To: Cc: "Paul Funk" , "Henry Ptasinski" , "Steve Emeott" , "Russ Housley" , "Nancy Winget" X-OriginalArrivalTime: 16 Apr 2005 11:40:38.0985 (UTC) FILETIME=[1CB24B90:01C54279] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] EAP Key Binding Discussion Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sat, 16 Apr 2005 04:40:37 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) This is a multi-part message in MIME format. ------_=_NextPart_001_01C54279.1C28FD2B Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On Friday we had a conference call to discuss 802.11r keying that included Tony Braskich, Nancy Cam-Winget, Steve Emmeot, Paul Funk, Russ Housley, Henry Ptasinski, Kapil Sood, and myself. An issue came up on the call regarding the EAP keying draft which should be discussed here. I don't know if everyone from the 802.11r group is on the EAP mailing list, so please reply to all. =20 The core problem has been discussed many times before. Let us begin by setting the context. One of the goals of the EAP keying draft is to deliver a session key that an EAP Peer and a NAS can use to secure a session between them. The EAP keying draft defines a key hierarchy expressly for this purpose. The details of the hierarchy are method specific, but for EAP-TLS it appears thusly: =20 TMS | +----+----+ | | MSK EMSK | | AAA-Key =20 The TMS is an EAP method specific "session key" constructed between the EAP Peer and the EAP Server. From this the MSK and EMSK are derived, again in an EAP method specific manner. The AAA-Key is derived from the MSK and delivered to the NAS. The AAA-Key is then used as the session key between the EAP Peer and the NAS. =20 The issue has always been how to bind the AAA-Key to this NAS and this EAP Peer for this session. The NAS needs to know that this AAA-Key is for this pair for this session, and the EAP Peer likewise needs to know the same thing. The only party that is in a position to inform both parties of this binding is the EAP Server. The EAP Peer can trust the EAP Server to make this assertion, because it has authenticated the EAP Server (at least in the case where the EAP method provides mutual authentication), and the NAS can trust the EAP server to make this assertion, because it has some channel with the EAP server presumed to be secure. =20 I think everyone agrees this issue is solved for the NAS, as mechanisms exist to allow the EAP Server to attest to the binding. It could, for instance, deliver the EAP Peer's authenticated identity Peer-ID to the NAS with the AAA-Key along with the EAP Success message; abstractly: =20 EAP Server --> NAS: EAP-Success || AAA-Key || Peer-ID =20 The NAS can then check whether it is talking with the right EAP Peer using a=20 protocol that would require the EAP Peer to assert its identity: =20 NAS --> EAP Peer: Challenge EAP Peer --> NAS: f(AAA-Key, Challenge || Peer-ID) etc. =20 The function f used in this protocol would be selected so that it would be=20 computationally infeasible for the EAP Peer to produce the right response without knowing the AAA-Key, the Challenge value, and the Peer-ID value. And if exposure of the Peer-ID to the NAS is deemed onerous, then we can certainly replace it in the above with another session specific function of Peer-ID, e.g., =20 g(TMS, Peer-ID) =20 for some suitable function g. The EAP keying draft could specify that delivery of (a function of) the Peer-ID with the session key is a requirement, and we would be done with the key binding for the NAS. =20 The issue we have never been able to resolve successfully has been how to provide the same attestation by the EAP Server of the correct NAS to the EAP Peer, i.e., how does the EAP Server assert to the EAP Peer the correct NAS to which the session key AAA-Key is bound? There is no obvious channel within EAP itself for delivering this assertion. =20 The question from our conference call is whether that the assertion could come from the key derivation. In 802.11r, for instance, we could require the NAS to advertise its NAS-ID to the EAP Peer as part of the 802.11 discovery protocol: =20 NAS --> *: NAS-ID =20 Then the EAP Peer would know the NAS-ID being asserted by the NAS. The EAP Server also knows the NAS-ID associated with an EAP transaction through the normal instantiations of the EAP transport between the NAS and the EAP Server. The EAP Server could then make the assertion of NAS identity through the AAA-Key derivation: =20 AAA-Key :=3D kdf(MSK, NAS-ID) =20 where kdf is a suitable key derivation function. The EAP Peer would perform the same key derivation. If the EAP Server delivered the AAA-Key to some other NAS other than the one that advertised NAS-ID, then the EAP Peer could detect this, because its session would fail, as the EAP Server would have used the identifier NAS-ID' for that NAS instead. =20 On first blush it appears that this kind of mechanism would finally close the binding issues with EAP keying. =20 Of course life is never that simple, because the key hierarchy above is already in place, and doesn't include the derivation AAA-Key :=3D = kdf(MSK, NAS-ID). Therefore, we would have to do something else, in order to avoid breaking already deployed equipment. A candidate might be the EMSK, which is currently unused. We could define something like =20 Bound-AAA-Key :=3D kdf(EMSK, "bound EAP session key || SID || = NAS-ID) =20 where SID is the EAP session identifier, and deliver the Bound-AAA-Key to the NAS along with the AAA-Key. We could deliver this with a session specific EAP Peer identity =20 Peer-Session-ID :=3D hash(SID || Peer-ID) =20 And we could fix kdf and hash for all EAP methods, e.g., take hash to be the first 96 bits of SHA-256, and kdf as TLS-PRF. The Bound-AAA-Key id would then be NAS-ID || Peer-Session-ID. We don't, of course, have to use the EMSK for this function, but I have used it for concreteness. =20 This mechanism requires that a NAS find some way to advertise its NAS-ID to EAP peers, and it requires a few new attributes exchanged between the NAS and EAP Server. It leaves the existing key hierarchies intact, but provides a bound key for new applications that desire a bound key. It seems to put to rest the security issues with the existing key hierarchy, by giving the EAP Server some way to attest to the EAP Peer the NAS which should possess the key. =20 What do people thing? Would this be a productive addition to the EAP keying draft? =20 -- Jesse ------_=_NextPart_001_01C54279.1C28FD2B Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

On Friday we had a conference call to discuss 802.11r keying that included Tony Braskich, Nancy Cam-Winget, Steve = Emmeot, Paul Funk, Russ Housley, Henry Ptasinski, Kapil Sood, and myself. An = issue came up on the call regarding the EAP keying draft which should be discussed = here. I don't know if everyone from the 802.11r group is on the EAP mailing = list, so please reply to all.

 

The core problem has been discussed many = times before. Let us begin by setting the context. One of the goals of the EAP = keying draft is to deliver a session key that an EAP Peer and a NAS can use to = secure a session between them. The EAP keying draft defines a key hierarchy = expressly for this purpose. The details of the hierarchy are method specific, but = for EAP-TLS it appears thusly:

 

            = TMS

           &= nbsp; |

        = +----+----+

        = |         |

       = MSK       EMSK

        = |

        = |

     = AAA-Key

 

The TMS is an EAP method specific = "session key" constructed between the EAP Peer and the EAP Server. From this = the MSK and EMSK are derived, again in an EAP method specific manner. The = AAA-Key is derived from the MSK and delivered to the NAS. The AAA-Key is then = used as the session key between the EAP Peer and the NAS.

 

The issue has always been how to bind the = AAA-Key to this NAS and this EAP Peer for this session. The NAS needs to know that = this AAA-Key is for this <NAS, EAP Peer> pair for this session, and the = EAP Peer likewise needs to know the same thing. The only party that is in a position to inform both parties of this binding is the EAP Server. The = EAP Peer can trust the EAP Server to make this assertion, because it has = authenticated the EAP Server (at least in the case where the EAP method provides = mutual authentication), and the NAS can trust the EAP server to make this = assertion, because it has some channel with the EAP server presumed to be = secure.

 

I think everyone agrees this issue is solved = for the NAS, as mechanisms exist to allow the EAP Server to attest to the = binding. It could, for instance, deliver the EAP Peer's authenticated identity = Peer-ID to the NAS with the AAA-Key along with the EAP Success message; = abstractly:

 

      EAP Server = --> NAS:  EAP-Success || AAA-Key || Peer-ID

 

The NAS can then check whether it is talking = with the right EAP Peer using a

protocol that would require the EAP Peer to = assert its identity:

 

      NAS --> EAP = Peer:  Challenge

      EAP Peer = --> NAS:  f(AAA-Key, Challenge || Peer-ID)

      = etc.

 

The function f used in this protocol would be selected so that it would be

computationally infeasible for the EAP Peer = to produce the right response without knowing the AAA-Key, the Challenge = value, and the Peer-ID value. And if exposure of the Peer-ID to the NAS is = deemed onerous, then we can certainly replace it in the above with another = session specific function of Peer-ID, e.g.,

 

     g(TMS, = Peer-ID)

 

for some suitable function g. The EAP keying = draft could specify that delivery of (a function of) the Peer-ID with the = session key is a requirement, and we would be done with the key binding for the = NAS.

 

The issue we have never been able to resolve successfully has been how to provide the same attestation by the EAP = Server of the correct NAS to the EAP Peer, i.e., how does the EAP Server assert to = the EAP Peer the correct NAS to which the session key AAA-Key is bound? = There is no obvious channel within EAP itself for delivering this = assertion.

 

The question from our conference call is = whether that the assertion could come from the key derivation. In 802.11r, for instance, we could require the NAS to advertise its NAS-ID to the EAP = Peer as part of the 802.11 discovery protocol:

 

     NAS --> *:  = NAS-ID

 

Then the EAP Peer would know the NAS-ID being asserted by the NAS. The EAP Server also knows the NAS-ID associated = with an EAP transaction through the normal instantiations of the EAP transport = between the NAS and the EAP Server. The EAP Server could then make the assertion = of NAS identity through the AAA-Key derivation:

 

     AAA-Key :=3D = kdf(MSK, NAS-ID)

 

where kdf is a suitable key derivation = function. The EAP Peer would perform the same key derivation. If the EAP Server = delivered the AAA-Key to some other NAS other than the one that advertised NAS-ID, = then the EAP Peer could detect this, because its session would fail, as the EAP = Server would have used the identifier NAS-ID' for that NAS = instead.

 

On first blush it appears that this kind of mechanism would finally close the binding issues with EAP = keying.

 

Of course life is never that simple, because = the key hierarchy above is already in place, and doesn't include the derivation = AAA-Key :=3D kdf(MSK, NAS-ID). Therefore, we would have to do something else, in = order to avoid breaking already deployed equipment. A candidate might be the = EMSK, which is currently unused. We could define something like

 

     Bound-AAA-Key :=3D = kdf(EMSK, "bound EAP session key || SID || NAS-ID)

 

where SID is the EAP session identifier, and = deliver the Bound-AAA-Key to the NAS along with the AAA-Key. We could deliver = this with a session specific EAP Peer identity

 

     Peer-Session-ID :=3D = hash(SID || Peer-ID)

 

And we could fix kdf and hash for all EAP = methods, e.g., take hash to be the first 96 bits of SHA-256, and kdf as TLS-PRF. = The Bound-AAA-Key id would then be NAS-ID || Peer-Session-ID. We don't, of = course, have to use the EMSK for this function, but I have used it for = concreteness.

 

This mechanism requires that a NAS find some = way to advertise its NAS-ID to EAP peers, and it requires a few new attributes exchanged between the NAS and EAP Server. It leaves the existing key hierarchies intact, but provides a bound key for new applications that = desire a bound key. It seems to put to rest the security issues with the existing = key hierarchy, by giving the EAP Server some way to attest to the EAP Peer = the NAS which should possess the key.

 

What do people thing? Would this be a = productive addition to the EAP keying draft?

 

-- Jesse

------_=_NextPart_001_01C54279.1C28FD2B-- _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From Julie@jewishtravel.com Sat Apr 16 15:23:11 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA00747 for ; Sat, 16 Apr 2005 15:23:11 -0400 (EDT) Message-Id: <200504161923.PAA00747@ietf.org> Received: from [211.187.253.159] (helo=jewishtravel.com) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DMnlG-0000HN-EH for eap-archive@ietf.org; Sat, 16 Apr 2005 09:55:03 -0400 From: "Armando Prater" To: "Polyxena Sotelo" Subject: Re: Vallium C1ALlS Vi-agra Date: Sat, 16 Apr 2005 09:44:21 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0008_01C54072.426116B5" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 6.6 (++++++) X-Spam-Flag: YES X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1 This is a multi-part message in MIME format. ------=_NextPart_000_0008_01C54072.426116B5 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, dark, liquid eyes and the noble calm of that pale brow. It's an achievement, he admitted. But then, I have not fared Cussy, we should not desire to be witnesses of the rebukes you ma know better, for there's still a few was on Barbados with us, and He kept the log of the forty-gun frigate Arabella, on which he across the decks that were dangerously canted to starboard by the whilst the vanguard, led by the gunner Ogle, who had been driven taking the whole of the fleet with him. advised his kinsman that in the event of his finding Blood his had been disregarded, or that a man had failed in the obedien land-lubbers were not the only ones he tricked by his manouvre. I... I can't read, sir. I... I didn't know. the manner which he prescribed was to be accorded to the buccanee Have a nice day. ------=_NextPart_000_0008_01C54072.426116B5 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello,
 
#     #                         =
                     #####                                             # =
    #
#     #  #    ##     ####   #####     ##            #     #  #    ##    =
#       #   ####               #     #    ##    #       #  #    #  #    =
#
#     #  #   #  #   #    #  #    #   #  #           #        #   #  #   =
#       #  #                   #     #   #  #   #       #  #    #  ##  =
##
#     #  #  #    #  #       #    #  #    #          #        #  #    #  =
#       #   ####               #     #  #    #  #       #  #    #  # ## =
#
 #   #   #  ######  #  ###  #####   ######          #        #  ######  =
#       #       #               #   #   ######  #       #  #    #  #    =
#
  # #    #  #    #  #    #  #   #   #    #          #     #  #  #    #  =
#       #  #    #                # #    #    #  #       #  #    #  #    =
#
   #     #  #    #   ####   #    #  #    #           #####   #  #    #  =
######  #   ####                  #     #    #  ######  #   ####   #    =
#
 
And Many other.
 
Visit = PahrmacyByMail SSHOP and save up = to  =20 6 0 %
 
Have a nice = day.
----- Original Message -----
Try us and you will NOT BE DlSAPPOlNTED!
------=_NextPart_000_0008_01C54072.426116B5-- From mirankassam@fountech.com Sat Apr 16 16:04:21 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA01290; Sat, 16 Apr 2005 15:23:51 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DMnGE-0005zF-0W; Sat, 16 Apr 2005 09:23:00 -0400 Received: from [211.224.69.136] (helo=65.246.255.50) by mx2.foretec.com with smtp (Exim 4.24) id 1DMn5n-0004Ml-4B; Sat, 16 Apr 2005 09:12:12 -0400 Received: from mail.kather.net (211.224.69.136) by 211.224.69.136 (arturv.42) with SMTP id <9849607x2z> (Authid: 73011); Sat, 16 Apr 2005 19:03:52 +0500 Reply-To: "simulation pascal" From: "simulation pascal" To: disman-admin@ietf.org Subject: This is what you been waiting for Date: Sat, 16 Apr 2005 16:07:52 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--937857_80239102.t8k60" Message-Id: X-Spam-Score: 4.7 (++++) X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32 ----937857_80239102.t8k60 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7Bit Dear Homeowner,

Alert, This is your Second Notification:

Thank you for your recent inquiry, we have been notified that two
lenders are interested in offering you a great deal. Remember, for
this special offer past credit history is not a factor.

In accordance with our terms please verify your information on our
secure, private site to ensure our records are accurate.

http://www.refi-utopia.com/j8/o0o.php?h8x=63

Sincerely,

simulation pascal

------------------------------
r-m-v yourself - http://www.refi-utopia.com/r1/ ----937857_80239102.t8k60-- From aram@absolutemotion.com Sat Apr 16 16:35:30 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08019 for ; Sat, 16 Apr 2005 16:35:30 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DMuBI-0007Y0-Tf for eap-archive@ietf.org; Sat, 16 Apr 2005 16:46:22 -0400 Received: from lns-vlq-24-lyo-82-255-118-192.adsl.proxad.net ([82.255.118.192]) by mx2.foretec.com with smtp (Exim 4.24) id 1DMu0n-0005Hu-Vo for eap-archive@ietf.org; Sat, 16 Apr 2005 16:35:31 -0400 Message-ID: <55ff01c542c1$f2d9fd03$8330ce2b@absolutemotion.com> From: "Paul A. Davis" To: eap-archive@ietf.org Subject: =?iso-8859-1?B?Q2lhbGlzIC0gd2hvbGVzYWxlIHByaWNl?= Date: Sat, 16 Apr 2005 20:21:55 +0000 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_074C706B.786C2303" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 4.5 (++++) X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4 This is a multi-part message in MIME format. ------=_NextPart_000_0000_074C706B.786C2303 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_5C4A5045.26C526A3" ------=_NextPart_001_0001_5C4A5045.26C526A3 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Full & stable erections Long effects No prescription needed Give it a try! Cialis - http://www.lovemedicine.biz/sv/ Viagra - http://www.lovemedicine.biz/vt/ Directly from the manufacturer! _________________________________________________________________________ To be taken off future campaigns, go here: http://www.lovemedicine.biz/uns.htm _________________________________________________________________________ ------=_NextPart_001_0001_5C4A5045.26C526A3 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit

Full & hard erections
Long effects
No prescription needed

2 popular medicines:
CIALIS - http://www.lovemedicine.biz/sv/
VIAGRA - http://www.lovemedicine.biz/vt/

Directly from the manufacturer!


_________________________________________________________________________
To change your mail preferences, go here: http://www.lovemedicine.biz/uns.htm
_________________________________________________________________________

------=_NextPart_001_0001_5C4A5045.26C526A3-- ------=_NextPart_000_0000_074C706B.786C2303-- From eap-admin@frascone.com Sat Apr 16 17:23:06 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10824 for ; Sat, 16 Apr 2005 17:23:06 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C2A592044B; Sat, 16 Apr 2005 17:23:06 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 770CD2043C; Sat, 16 Apr 2005 17:23:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id D92362043C for ; Sat, 16 Apr 2005 17:22:24 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id D533B20432 for ; Sat, 16 Apr 2005 17:22:22 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DMuk9-0006AI-GE for eap@frascone.com; Sat, 16 Apr 2005 17:22:21 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j3GLMJD15961 for ; Sat, 16 Apr 2005 14:22:20 -0700 From: Bernard Aboba To: eap@frascone.com In-Reply-To: <20050416160002.3798.83950.Mailman@xavier> Message-ID: References: <20050416160002.3798.83950.Mailman@xavier> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] Re: EAP Key Binding Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sat, 16 Apr 2005 14:22:19 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > I think everyone agrees this issue is solved for the NAS, as mechanisms > exist to allow the EAP Server to attest to the binding. It could, for > instance, deliver the EAP Peer's authenticated identity Peer-ID to the > NAS with the AAA-Key along with the EAP Success message; abstractly: > > EAP Server --> NAS: EAP-Success || AAA-Key || Peer-ID > > The NAS can then check whether it is talking with the right EAP Peer > using a protocol that would require the EAP Peer to assert its identity: > > NAS --> EAP Peer: Challenge > > EAP Peer --> NAS: f(AAA-Key, Challenge || Peer-ID) Presumably, the verification would include the entire key context, which would include key-lifetime, Peer-ID, NAS-ID and restrictions on key usage: NAS --> EAP Peer: Challenge, NAS-Id, Peer-ID, Lifetime, Authorizations EAP Peer --> NAS: f(AAA-Key, Challenge || Peer-ID || NAS-ID, Lifetime, Authorizations) If restrictions are placed on the use of the key (e.g. key lifetime, Called-Station-Id/Calling-Station-Id restrictions, etc.) then all parties need to be aware of the restrictions or the key has not been properly bound to its context. Note that in the above, the Peer-ID may not necessarily be the same as what was provided by the EAP peer in the EAP-Response/Identity (e.g. in the case where privacy is supported), or even the peer-ID used within the EAP method (in the case where privacy is asserted and the AAA server does not provide a User-Name attribute within the Access-Accept). > The function f used in this protocol would be selected so that it would > be computationally infeasible for the EAP Peer to produce the right > response without knowing the AAA-Key, the Challenge value, and the > Peer-ID value. And if exposure of the Peer-ID to the NAS is deemed > onerous, then we can certainly replace it in the above with another > session specific function of Peer-ID, e.g., > > g(TMS, Peer-ID) The issue is one of synchronizing the key context between the parties. Where the EAP peer supports privacy (e.g. it does not place its userid within the NAI), then the peer-ID is provided to the NAS in the Access-Accept, either via the User-Name or CUI attribute. However, the CUI is typically not provided to the peer so that in this case the peer-ID may not be synchronized between the parties unless the Secure Association Protocol handles this. > for some suitable function g. The EAP keying draft could specify that > delivery of (a function of) the Peer-ID with the session key is a > requirement, and we would be done with the key binding for the NAS. The document does specify the peer/server-IDs to be passed up by methods, but as noted above, this is not sufficient where privacy is supported. My suggestion is that the Secure Association Protocol be modified to pass the peer-ID to the peer, and verify it. > The issue we have never been able to resolve successfully has been how > to provide the same attestation by the EAP Server of the correct NAS to > the EAP Peer, i.e., how does the EAP Server assert to the EAP Peer the > correct NAS to which the session key AAA-Key is bound? There is no > obvious channel within EAP itself for delivering this assertion. While EAP itself cannot deliver this information, the AAA protocol and Secure Association Protocol can together deliver it. For example, in addition to the authorizations and AAA-Key the AAA server can provide one or more Peer-tokens to the NAS. This token could be transmitted to the peer via the Secure Association Protocol, and could be encrypted and authenticated using keys known only to the EAP server and peer, so that it cannot be decrypted by the NAS or proxies. This could provide an additional vehicle for synchronization of key state and/or verification of channel bindings without requiring changes to EAP methods. > The question from our conference call is whether that the assertion > could come from the key derivation. In 802.11r, for instance, we could > require the NAS to advertise its NAS-ID to the EAP Peer as part of the > 802.11 discovery protocol: > > NAS --> *: NAS-ID > > Then the EAP Peer would know the NAS-ID being asserted by the NAS. The > EAP Server also knows the NAS-ID associated with an EAP transaction > through the normal instantiations of the EAP transport between the NAS > and the EAP Server. The EAP Server could then make the assertion of NAS > identity through the AAA-Key derivation: > > AAA-Key := kdf(MSK, NAS-ID) > > where kdf is a suitable key derivation function. The EAP Peer would > perform the same key derivation. If the EAP Server delivered the AAA-Key > to some other NAS other than the one that advertised NAS-ID, then the > EAP Peer could detect this, because its session would fail, as the EAP > Server would have used the identifier NAS-ID' for that NAS instead. > > On first blush it appears that this kind of mechanism would finally > close the binding issues with EAP keying. > > Of course life is never that simple, because the key hierarchy above is > already in place, and doesn't include the derivation AAA-Key > kdf(MSK, NAS-ID). Therefore, we would have to do something else, in > order to avoid breaking already deployed equipment. Which "equipment" are you talking about? Presumably the NAS and peer need to change in order to support 802.11r anyway. So presumably we are talking about changes to the AAA-Server, correct? Since this is a new application, there is no backward compatibility issue - have the NAS send an attribute requesting a different AAA-Key derivation, and if the AAA-Server supports it, it will respond with the attribute in an Access-Challenge, otherwise not. You can therefore know before starting the handshake whether the new scheme is supported by the AAA server. If not, you can use a backward compatible handshake instead (e.g. WPA2). > A candidate might be > the EMSK, which is currently unused. We could define something like > > Bound-AAA-Key = kdf(EMSK, "bound EAP session key || SID || NAS-ID) > > where SID is the EAP session identifier, and deliver the Bound-AAA-Key > to the NAS along with the AAA-Key. We could deliver this with a session > specific EAP Peer identity > > Peer-Session-ID := hash(SID || Peer-ID) > > And we could fix kdf and hash for all EAP methods, e.g., take hash to be > the first 96 bits of SHA-256, and kdf as TLS-PRF. The Bound-AAA-Key id > would then be NAS-ID || Peer-Session-ID. We don't, of course, have to > use the EMSK for this function, but I have used it for concreteness. > > =20 > > This mechanism requires that a NAS find some way to advertise its NAS-ID > to EAP peers, and it requires a few new attributes exchanged between the > NAS and EAP Server. It leaves the existing key hierarchies intact, but > provides a bound key for new applications that desire a bound key. It > seems to put to rest the security issues with the existing key > hierarchy, by giving the EAP Server some way to attest to the EAP Peer > the NAS which should possess the key. > > What do people thing? Would this be a productive addition to the EAP > keying draft? The original keying draft has now been split into two parts. The first part (the EAP Key Management Framework) is now only focussed on documenting and analyzing existing uses (e.g. IEEE 802.11i). The second part (EAP Key Management extensions) will document additional uses. While solutions to the key binding problem are appropriate for inclusion in the extensions document, the goal there is to describe and analyze complete proposals, including the EAP Key management and AAA extensions that are required. A key step toward that goal is for groups such as 802.11r to provide a set of requirements. Key binding seems like one of those requirements, but there are presumably others, such as extensions to provide faster handoff. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From sherrillzavala@zmail.sk Sun Apr 17 07:59:22 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA13251; Sun, 17 Apr 2005 07:59:21 -0400 (EDT) Received: from flh1aay240.kyt.mesh.ad.jp ([60.236.134.240] helo=zmail.sk) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DN8bS-0004me-Lj; Sun, 17 Apr 2005 08:10:20 -0400 message-id: <006301c54344$63585e60$0f214012@MGYZKC> Reply-To: From: "SimplyRX" To: Subject: High oil prices will soon force us to raise our med prices Date: Sun, 17 Apr 2005 04:55:45 -0800 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0060_01C54309.B6F98660" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 3.6 (+++) X-Scan-Signature: 5a5294b34f62cf4aba63c62e30e627ff This is a multi-part message in MIME format. ------=_NextPart_000_0060_01C54309.B6F98660 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0060_01C54309.B6F98660" ------=_NextPart_001_0060_01C54309.B6F98660 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Online Pharmacy New Lower Prices! Buy now from the internet's most trusted Online Pharmacy! Andrea Dworkin, a feminist who viewed pornography as a violation of women's civil rights and a direct cause of rape and violence, has died, her agent and family said Monday. She was 58. Dworkin died Saturday at her home in Washington, D.C., said John Stoltenberg, who married Dworkin in 1998 after living with her for three decades. She had been ill several years, and suffered from ailments including osteoarthritis. "Pornography is used in rape - to plan it, to execute it, to choreograph it, to engender the excitement to commit the act," Dworkin testified before the New York Attorney General's Commission on Pornography in 1986, according to a transcript posted on her Web site. Dworkin's first book, "Woman Hating," published when she was 27, launched her lifelong advocacy on the ways pornography harms women. She campaigned frequently on the subject, helping to draft a 1983 law that defined pornography as a civil rights violation against women, her agent, Elaine Markson, said in a statement. The law was inspired by the case of Linda Marchiano, who as Linda Lovelace appeared in the pornographic film "Deep Throat," the statement noted. ------=_NextPart_001_0060_01C54309.B6F98660 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Lowest Prices and = Overnight Shipping!
3DHERE
 
Buy Today!
Hurry, these low = prices will not last!!
 
 
 
 
 
 
 
Andrea Dworkin, a feminist who viewed = pornography as a violation of women's civil rights and a direct cause of = rape and violence, has died, her agent and family said Monday. She was 58. = Dworkin died Saturday at her home in Washington, D.C., said John = Stoltenberg, who married Dworkin in 1998 after living with her for three = decades. She had been ill several years, and suffered from ailments = including osteoarthritis. "Pornography is used in rape - to plan it, to execute it, to choreograph = it, to engender the excitement to commit the act," Dworkin testified = before the New York Attorney General's Commission on Pornography in 1986, = according to a transcript posted on her Web site. Dworkin's first book, "Woman Hating," published when she was 27, launched = her lifelong advocacy on the ways pornography harms women. She campaigned = frequently on the subject, helping to draft a 1983 law that defined = pornography as a civil rights violation against women, her agent, Elaine = Markson, said in a statement. The law was inspired by the case of Linda Marchiano, who as Linda Lovelace = appeared in the pornographic film "Deep Throat," the statement noted. ------=_NextPart_001_0060_01C54309.B6F98660-- ------=_NextPart_000_0060_01C54309.B6F98660 Content-Type: image/jpeg; name="2.JPG" Content-Transfer-Encoding: base64 Content-ID: <000c01c52e69$150a5690$2202a8c0@compaq> Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEAYABgAAD/4QAWRXhpZgAASUkqAAgAAAAAAAAAAAD/2wBDAAgGBgcGBQgH BwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/ 2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy MjIyMjIyMjIyMjL/wAARCAFvAbIDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQF BgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS 0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4 eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi 4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl 8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImK kpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP0 9fb3+Pn6/9oADAMBAAIRAxEAPwD2eNMxBgoLMTyegAP/AOul2P8A3V/75FXNP/49B/vN/M1ZIptu 4kZWx/7qf98ijY/91P8AvkVdvbyGxtzLMQB2HcmuXu/FF2DujVY1z07gYzk5rKpWUNHuaRpuWqNv Y/8AdT/vkUbH/up/3yKyrXxNOjL9oRZYyASRwQPWukt7iG6t1mhYNGw4P9KIVoz2YpQcdyh5cn91 f++RR5cn91f++RWpsX0pCq1rdkmZsk/ur/3yKPLk/ur/AN8itPaucYo2r6UXYGZ5cn91f++RRsk/ ur/3yK09i+lJgZ6UXYaGb5cn91f++RR5cn91f++RWmEGelLsX0ouw0MvZJ/dX/vkUeXJ/dX/AL5F anlrR5a0XYGX5cn91f8AvkUvlkqQ6qOCQQMYNaflrTJkAhkIH8J/lRdisZsS7od6qGYkjJ6DFLsf +6n/AHyKtab/AMeY/wB41ZkkWJCzYolK12xpGZsf+6n/AHyKNj/3U/75FMn1RsnZ09c0xNTmGCT1 7Vy/XIXsbewk1cm2P/dT/vkUbH/up/3yKtWd9Hd7lGBIuCV9vWreAeMV0KakrpmTjZ2ZleXJ/dX/ AL5FHlyf3V/75FanlrSFFHaquxGZsk/ur/3yKPLk/ur/AN8itMKMdKNo9KV2GhmeXJ/dX/vkUeXJ /dX/AL5FamxfSk2D0ouwMzy5P7q/98ijy5P7q/8AfIrT2rjgUBAT0p6hoZnlyf3V/wC+RR5cn91f ++RWp5a0eWtK7Ay/Lk/ur/3yKURlgQyr7EDBBrT8tabIgEbHHY07sVjMiUNDvVQzEkc9BS7H/up/ 3yKs6X/x6f8AAjVwgCht3BIytj/3U/75FGx/7qf98itTcoOCRS8GlfzHYytj/wB1P++RRsf+6n/f IrVx9KMA07sDK8uT+6v/AHyKPLk/ur/3yK1PLX0oKKO1F2Bl+XJ/dX/vkUeXJ/dX/vkVp7V9KNq+ lK7DQzPLk/ur/wB8ijy5P7q/98itMKCOlBVQOlF2GhmeXJ/dX/vkUeXJ/dX/AL5Fanlr6UeWvpRd gZflyf3V/wC+RR5cn91f++RWp5a0eWtF2Bl+XJ/dX/vkUqxFvlZVGehAwQe1aflrSMgAPFO7FYxA QQDRTU+4v0orUk1tP/49B/vN/M1aNVdP/wCPQf7zfzNWjWL3KWx5542uvtGo/ZCzBI1BwrY561Bf aeNN0mLUNOeW6tZAGCN8zA+ntzTPiFbzWmoLeIpaOQBfx/zmsfQvGsujQTW/2eO4gZtwVyRtYYyR 7dK82UlGpKNTqd8YtwUobo3ptHXTdLhv9Supftkp3CJWOM+n0rW8Gah51xeWm7KqqygHsTkH+Qrz 7W/FU+sXouJUVI0BXaD8sYHXrXafDWzma0utVmRlFyQkQYYPlr0P4kk/iKqjPnqrlWiJqQ5afvbn V3WuWdnfxWEzSi6lx5SCFm3+u0gYOO/p3rN13W7vR/EGixMsZ02/la2lYr8ySn7mDnoee3auj2Au rEDK9D6Vj+K9CPiLQZbBJRDNuWSGU5+R1OQeOa7p35Xy7mWGdP2qVX4Xo/K+l/luZcfim4fxFrSC IyaVpiJCRDCXlkuGxkLg9BnGMde+KzdV+Ie/SWn0qF4bqC/itbiG8iGVD55+ViOcHv2PFW4fBV3H 4Ju9FGpFL+8d5p7yMEb3LZ6dcEAA/j61kf8ACtb8QXcYvbCMXFzb3G2GFkRPL3ZULk8Hd69qwbrd EenTjgOZubWjSW+qVrv56s1rTxzHFe3cF6Zpv+Jz/ZcHlW6psYk43EyHcOPvcH/ZqxefEDS7JrtZ La+b7LfLYvsjQ5kYMQQN3K/KffpxWZceAL2Rr2aK/gW4fWv7VtyyEquCcKw79e3pUcnw/wBTn+0v PqNs00+qw6gzLGyjCBgVxk/3hjntRetayQKnl7fM5fn5eXqaMnxI0uFblprHVU+ySiO6DW6/uATg M3zdCTx1PtXYwyLKiyIcqwDA+oNcRqXga8voPFUa3kCnWpIHiyp/d+W2Tu9c+1dnZxNBaxQuQTGi rkd8DFaU+e75jixSw3KnR36/cn+d18ixRRRWpxBUc/8AqJP90/yqSo5/9RJ/un+VAFbTf+PQf7xr N8QXrwmOJTjd/n/CtLTf+PMf7xrB8XROnk3AB252k+hrlxzl7GXLub4VL2iTMv8AtLjB4z6DtUg1 FQvO/wCuB6fWsZrorEQGIHt9RSi5yuQeo6//AF6+aVZrW57ToLsbcGoiDWbFlb/WMYyPUHmu2ry3 RN+seKbfyuYbU7i49f8AP8q9SA4r6DLuZ0by7nlY1RjUsjOu9cs7G+isrhpVuJv9Uqws3mc4O0gY OM8+g5NZfiLXLzTNf8O2MHleTqE7xzl1JOABjB7da6TYC6kgEr0PpXM+LvDmo63eaTd6ZewWtxp8 jyK0qbhlgAOPwrsqX5fdIwipuqlVdlZ797O342NDWtftdCt4ZLhJpZJ5RDDBAm6SVz2AOB+Zqgnj XTWtLa58i8VZr0WDq0YDW82cYkBbjnjIzWZqHg7V9c0aGHWtStLvULa78+F/IxCU2gFHUYJBIbke oqe38Dqng6+0eR7ZJrtmlDwRbEifjZgckgYHUkkVDlVb0Wh0wp4KNOKnK8r627dw1TxqimNLETRb NYj02WSS3WRJCQSwX5wQOPvdv7prP0/4lEWOoXeraXexxQ6gbWMwxKccDCNl/vjnIHHIxmrj+B5v +Ec0XTIrqPz7HUEv7iZwT5rAuWx7ktx7Cqc/w/1GS2vbRL+0+zT6uNTTdG28E/eU846YxxUP217o 6Kay+3LLv53tf06mzqXje00q1juLzTNVjjZVeQmBf3ALEDcd2MnGcLk4rpbeVJ4UmjO6ORQ6n1B5 Bri/Fvga88R6lLcpfwrDJa+SI7iIv5LAg7o8EYJwATycZrrtMt5LXTra3lKl4oljYp90kDHFawc+ Z32OGvHDqjCVN+873XbsXKKKK0OMKZJ/q2+h/lT6ZJ/q2+h/lQBU0z/j0/4Ef5VT1/Vf7PgCq+1m BJb0FXNM/wCPP/gR/lXO+OLKaS2S5jRnjUFZNo5UetZ1+bkfLuXR5XNc2xk/bJpCJHfbnkIeSB7n 1qWPWbi2kGyUhTngHJ+uOnXA/GuUW9LcyXYcDqAAufqc/wCFOW6EsjiJ3kZiCFiXO3HSvGU530ue s4QtrY7+z8WEjFxGTg4Jxg59xXSWtzFeWyTwtujcZBrzbT9C1m+CiO38iPOTJKcsfevQdJ0/+zNO itd28oOW9TXp4f23/LzY86uqX2CO91yz0+8itLlpVnm/1SrCzeZyBhSByRkZHpzWd4s8Q3Gi29jB YwJPqF/OILdZDhAe5b2HH510JQMylgDtOR7Hpn9T+dYninw9/b9pbeVctaXtpMJ7a4VQ2xh6juD/ AIVvPm5Xy7hhXTVaLq/D/X4X3MC51/xRo3h/V59bt7aKW0EZhvLWPzY5NzAEbGZSSM+o7+gB0dR8 b2OjrCb63vjGwjEl0kAESllB7tk8HPy7sVn3HgzXNR0HVrXU9e+03l+sarlCsMQRg3Cjucdap+IP h1f6zdXEg1K22S28MaCaJmaExgDCHPyqx5PfNYN1UvdX9anpQjgZzXtZJK+trpbR269/8h11411G 31DVIHkijjttWhs4tlt5hKOGJz868/L17ehzW7F41sLnW5NLt7TUJTFc/ZJLlIN0SS9MMQcjnjJG OOtY174Bvru5vpxfW6tc6nDfBdp+UIGBX6/NwfarMvgu/fxhFrH2+2jjS6M5eG38uZ0/55MQdrL2 JIyfWmvap/MmSwElvZ2/Gy/W53I6UUDpRXSeOFFFFABTW+6adTW+6aAMFPuL9KKE+4v0orYg1dP/ AOPQf7zfzNWu9VdP/wCPQf7zfzNW+9YvcpbGNr9ouo2jWbwJIrDlnGQK87ufhrds5a3uiE/2lzj8 c162VBOSKNo9KynSjP4jWNRw+E8ns/hnKk8ct9OZ1RtwjI+XOf7vQ16ZppZLZYGhWPywANvQj1q5 sX0o2gdqcKah8Ip1HPcdSEZpaK0IE20baWigBNvFJtp1FACYNLiiigAooooAKjn/ANRJ/un+VSVH P/qJP90/yoArab/x6D/eNSX8MNxaSRToJI2GCpHWo9N/49B/vGrMqbwB6UpdQjuea3/hnVoJC1lL HNHnIWQHcPxqh/wi2v3zeXNIlvEeDsGMivVfIB7frR5HtXn/AFCm3zOJ3LG1ErJmN4Y0q30a1+zL GomxzIB9+ugqAQ4dWxgg1P2rugrKxxzd3cWkIzS0VZI3Zzml20tFACbaTbTqKAExQBilooAKKKKA CmSf6tvof5U+mSf6tvof5UAVNM/49P8AgR/lSamjzQGJRlSMsPX2pdM/49P+BH+VXSAaUlfQIu2p xz+EbJ23NaRMT1+TFTwaBBan9zbxoexC4xXU7B6UbB6Vl7JGvtWZcJvIwAHLDphhmtKF2eJSwwe4 pxUUorSMbdSG79BaQjNLRVEiY96TbTqKAG7aXFLRQAUUUUAFFFFABTW+6adTW+6aAMFPuL9KKE+4 v0orYg1dP/49B/vN/M1bqpp//HoP95v5mrdYvcpbBSN900tY1/4jtLC/ktJYblvJhS4nlRAY4Y3Z wrMc5x+7foD0oGVteuryzurKa2vCIvtVvBLAEQptllCFpCcvj+FNmMPy2Vztq+H9U1K9nYS3Ana4 shdxpIqqsTF2UIpUZ2cD724+9XmvfD9/eWU1ybA3ouJ4LL7SEE2+Nyknlbvm+8v8PtStL4ZsbbUb kyaPb27ymK/lJiRWkPBWU9C3zdG5596AKkGv3WreD7vWNPjhglETPb+Y4mAAUEltpwcHdgA4YYOc Nmq15rGoC/tzHc+XHFHpzvEEUiY3M7RPvyMjAXK7SvOc7hgV0Mp023WeOY2kSSxmWZXKqHQAKzNn qANoJPGMCqyv4fvrqJw+mXFxYzG3jYGN3t5e6DujcdBg8UAYsPi+/dY5ZNLgWAxrMSLkswjMnl9N v3iecdMZ5zV/TfEM+o6xLYG3iijaOd4pUm3SARyiL5kI4yckHkcY7Gr0K6FcOLaAabK5hBEUYjYm LdkHA/h3fhn3rO0+Pw5ZahfarDqtnJLJM8MshmhAjk4ZkJUD5sIpO7LAJ9aAKkN9qGmDVpp9VuL8 212LSCK5jQBsxxvkCGHezfM3CgjHbjNMsPGFxeXsM6QRtp88FkxUuVkRp5ZI8gFckZVT82OB0zxW rPqPhm4GqW1zJpr28RWW/aXyzCGLGMeYTxuBiwQeRgD0qWOPw5HdxTRJpS3MNuJonURB44efnU9Q nzNyOPmPrQBy+n+N9Ru9MtY0szLdNpyPJcmOQRic2gn3FlQxhckDbu3ZP3cYrb0nX7y51C2sb22i iZ4IyJcviWQxB22HZsP8Xybt+FLbdvNP0qbwnqQ02ewj0ozz2Cm0jCRiYW2MbVX7wQcggcDkUlpf +EbQzX1s+kWy2saWpvVEUaKmMLGJBgYG3G0HjHSgDpRyKWs+fWrC2SMvcxsZJhAoRgxL+YsR4Ho7 AN6d60KACo5/9RJ/un+VSVHP/qJP90/yoAraZ/x6D/eNXapaZ/x6D/eNXab3EFIelLWNqPiS00y8 mt5obhhbwLc3EsaApBExcB2Oen7tzwDwv0pDE1O6vbXWtFjjeJLS5uXhmXbl3xBK456KAYx7nPUA HdnaHqmo3d+RLcCYXME0yRuqqsTJL5YVSoztI5O7cc9D2rU/tjR7qS0MtxapObqaK1S4ZVdpY2eJ /LB5J+8Mjs3oajMvhuxh1G8Mmk28Rk8rUJsxoC542yt6/MOG5+b3oAr6bq76/oE17FLHpykDE/mJ KY12qztn7vGW2scqeHwykA441jWljgaa5aMwJFLhokBnSS5aNPNG3hvLCsdm3DFu2AOkvItENnNb 3senfZZoTNNHME2SRRhQWYHgqo2cngfL0qG3g8MM0cVtHo5bTp/LjSNYs2szHJUAfccnsMEmgDJ/ 4S6+VXlfTLcQIk02Rckt5UcvlnjbjceCB065NXtN8STahrjaebWKOJ1vDHIs25x9nnWA7lxgZYsR z0GOuavxjQriQ2kQ02WRom/cr5bExs53fL/dLq2e2VPcVm2UXhyy1TUNYTVbSSYSyRTyNNCBA5wz oSoHzYjTO8kgRjpzkAqQX+o6Y+uzXGrXF8LK6S0giuY4wHLRQSZxDDvZ8yMAFHIwMZ5qCy8a3F1q KTJBG2nyQWWUMhV1ee5mg3KCoJGVQ4bBAHTJxW1Pf+GpzqdrcvpzwjEuoGUIYs8R/vSeNw2BcNyA AOwqSKLw2t5BNDHpIulgE8LoIt6xHcQ6nqF+aTkcfM3qaAOe03xlqF1aafCLMzXMthE8twYpAgme DzMllQxqucAgsDzwDxm/ofiW8vLrT7O/too3ntYmE25sSyGESNsO3Zn73yFg+FLbdvNWdKufCmo/ 2Vc2A0ozzWYNiqrGJhBjG1B94KOQQOByOKbbXvhCykmvIG0i2WzhSA3qiKNI4yWURiQYAAKEbc8E dKAOmByKWs651qws40aS5jbfOluoRgxLtIseMD0Z1z6d60aACmSf6tvof5U+mSf6tvof5UAVNL/4 9P8AgR/lV6qOl/8AHp/wI/yq9Q9xIKQ9KWsfU/EdppVxLFPDcssEAubiWNAUgiJYb3OenyOeMnCm gYzVbu9tNa0KOJ4ktbq7eGdduWcC3mcYP8IBjB9T7c5oaNql/c6xsluPNjulvWSJlULCYJ1iUKQM 4YNltxbnGMDitNtX0e4ktTPcWqTfapIbVbllV2mQtG3lhuSeWHHOGPY0zzfDtj/aV75ulW/ziPUJ 8xp83ZZW9fmHDevvQBX0zV5Ne0i5uI3jsAhC+cJEl2fIrO393jcdpOQeHwykZxpdZ1iO0idrt18i B7kF4kDXCedsTzRt4ymGOzbz044rpLmPQhZywXSaaLSa3Msscoj8uSGMKCxB4KKCnPQAjpmoIYPD DbYIItH/AOJdcBVjRYv9FmduAAPuOzH2JJoAy5vF19ALiV9Nt/IhW9mBFySxitZfLc4243NlSo6d cmrum+JJr/XvsH2WJIJFvGjkE2X/ANHnSFtyY4yzMQc9AO+cX1GhXMr2ijTZpGSVGhHlsxV3bzQV 9GdG3epQ55BrOtYvDlnq2pa0NUs3uEZobiVpoQICdpZGKgHP7tPvkkBB05yAU4L7UNMOvXFzq9zf Jp91HaQxXMcaq5eKBgT5UO9n3SkAKOeBjPNVrHxvc3eoLKtvGbJ47RGjLlHV5bua2LqCoYgsqHDb SAOmTit2fUPDcr6lZ3D6e8ZBl1DzAhiyoVD5pPG4AIMNzgDsBToIfDRuraS3i0k3Hli4geNYt2wl 2DqRzg7pDkccue5oAxNO8XX076dafYmuZ5raJ5ZvLkCB5AcZZUKKuQM5YHngHjMvhzxTe350i21C 3iSS6s4XM+WAllaASnaQuzP3vkLB8Att24Jv6Zd+FNRbS7uwOlNPLATYbfLEoiGQwjxyAPmBA6Uy 3vPCFlcS3EH9kW39n26Rm7VYo0hjZ3QRiQYAw0bArng9uaAOmXkUtZtxrmn2kSO91G++4jtlEbBi ZHZVAwPd1J9BzWlQAU1vumnU1vumgDBT7i/SihPuL9KK2INXT/8Aj0H+838zVuqmn/8AHoP95v5m rdYvcpbBWFL4dtLnxHPq11FFOWtoIY0dPuGN5W3Z7580cY/h963aKBnFy+C7mS4gddRVYo7/AO2M oDqD/pjXOMKwD5Dbfn3BSMqBuOZLjwlczadZ2wvI1exuBLbPH5kLMoSRMO6MG6SsflIHHoTXYUUA cvc+G1aLw/ZW6lbWw2RylG2jyYwrKoySTl44hg5+Xfk5war2vhO8tI4Sl5bma0jtYLXMRClIPMC7 +epEpzjjgV2FITjrQBz/AIf0F9HkMss0U0zWsMDFE242NIxPJJwTJwPb3rO0zwY9nc6ZLcXUMy6e ttBGvk/eigjnWMnJ4fM+7I4G0Yrsdwo3D1oA4hfBVyIDCbyH9zBaW9s8XmROVtzLgu6MGBIk/hIx j0NbWiaAmj3Lyq0ZzaQW2FDEjy2kYnczFiCZD1JP51u7h60bhQBxWmeC7mys7OynvYZIIUUyFIiG aRbX7KMZOAu3DdznvinjwlqLW0ynUIIZpJYTvt0kjJVIjGCWVg+7kHhhnaFPBNdlkUuaAOL0zwe1 nMUkcmGBbPymJADSReWZGVRnap8qPjru354INdpRRQAVHP8A6iT/AHT/ACqSo5/9RJ/un+VAFbTP +PQf7xq7VLTP+PQf7xq7Te4grCn8O2l34hn1S8iin3W0MMaOn3DG8rE57g+YOMfw+9btFIZxtx4O upfKWPUlSNb17pwA6gg3TXAGFYbuG2/PkDGQBk0658JXM1pDEt3Gr2t2Z7ZkEkTEESja7owb/ls2 NpHT0YiuwooA5e78Nq9loFhApEGntGjlGKjyUUfL8xZirMiAgk5GcnvUEXhS7hiUC8gMlssCWpMR xtikLjfzyTuxxXX0hOOtAHO+H/D8mkXs13NPFNPLbRwt5cZUKVlnkOCSTg+cBj/Z96oaf4Me0ksT PcwSx2KWkES+T96K2EuwnJ+/mXORwCoxXY7hRuHrQBxLeC7l4pIWvIdqQwRW7xiSN8RSNIN7qwYf ex8pGOfWtbQ/DqaPfSXIeNme0htyoDEgpJNIx3OzMcmbuScjPeug3D1o3CgDjtM8H3VjDY2017DJ DAkPmbIiGdoovKXGTgArgnOec1HD4Ovo4Cv2+3jcfZ03QRvGXSJHQFnVg4bDDlWGQgUnaSK7XcPW lzQBw2l+CpLMx280ube0isRE2cb5YjCZGCjO1CIIQB13eZngg13NFFABTJP9W30P8qfTJP8AVt9D /KgCppf/AB6f8CP8qvVR0v8A49P+BH+VXqHuJBWHc+HrO912XUr2GK4H2eOKNJFztKPIxPuDvAxj +GtyigZx1/4PuruJYotSESfaZZ3ADqCHnMoBCsN3B2kNle+KkufCtxLbvGt3GrJevdW7IJIn+ZpW KvIjBsfv2A2kdOc7iK62igDmLzw4H0zQtPhTKWMsauVYhfKVSGVtxZmVsAbSTk4z0zUA8K3QRl+2 QboTGbU+Uf4JxP8APzzyoHHauupCcdaAOc0Dw9LpOoXV9cTwzXFxFtIjjKhCZ55mwSScHzgP+AA/ Sra+EZYTbCe5hkS1NqkI8rrHAzsu7J+9luo4GBXW7h60ZFAHEzeC551miN3CECIsDxq8cny3AnG9 1YHqMfKQRkmtTQfDaaLfTXO6Nnkto4SBuYhhLNK53uzMdxm7nOVz346LcPWjcKAOSsPCt5aNZrLe wvFF5Bl2xEMxhJ2bcnAyCM5z0OPapa+Cr23t1jW/t0MUNrboYUeNnSBZEDM6sHDESDlCPuBSdrEV 3G4etLmgDhdN8EyWptYJ5i8Fjb2SROGwJZYmiMj7ecAi3hC98mTPBBruh0oooAKa33TTqa33TQBg p9xfpRQn3F+lFbEGrp//AB6D/eb+Zq3VTT/+PQf7zfzNW6xe5S2CiiigZXv72HTrC4vbgkQ28TTS EDJCqCT+grldS8dy6VYme50gmZ7eK6ghiuNxeN5EjIJ28ODIvAyDng11txBFdW8lvOiyRSoUdGGQ ykYIP4Vgt4RsHSMTT3crReSsTu4LRxxyLIqD5em5FyTljjrwKAItJ8Zxavr39nQWymAtNsuVm3Bl jSBgcY7+f68bffiaz8TSXuqrpX9nsl9E7/bEMh2wRj7rhtvzb+NowM/N/dNQWvgmwsL1rvTrq8sp TLNKPKMbAebs3gB0YAfulx6c9q2rbS4LfVbvUVaRp7qKKOTcRtxHu2kDHB+c5/CgDzyK51Cw8bsf EGp6latNchbWWBw1rKhb5YyvIXOCOQDmksvEV5N42869uNRitjrEumxeVcKIMqMLG0RBznOd/BGR 6E106+AtITX21ALKITKLkWnmEReeCf3mPx6dM1bHhDShr39sbZ/NExuBAZD5ImK7TLt/vYA/IcZo A4nRNe1hPG1nBe3N6Z7u9uoLu0l3eTEigNFsBGBxnkHkcntWz8Qr3ULW702JLm9tNOdJzLPZlgxm CExKSozgtjjvW/beFbG11c6n5t3PMDI0KTzl0gL/AH9gPTOPfHaq58FWLaPZ6adQ1XZa+YFmF2RJ Irkllc4+YckdOBQBympalr2qeFdD1cR3xtIbGW51B7O9+ys5XA6j2DNjGPpXo2l3cN/pdpeW7O0M 8KSxl/vFWAIz781kal4N0vUbe3t913awQwfZvKtZ2RXh/uMOQR79fet63gjtoI4IUCRRqERR0VQM AflQBLRRRQAVHP8A6iT/AHT/ACqSo5/9RJ/un+VAFbTP+PQf7xq7VLTP+PQf7xq7Te4gooopDIbu 6isrSa6nOIoY2kc4zhVGT+grkdQ8eS6ZpgvLjSDulto7u2iS43GSNpY4yD8vyuPNU4GQc4zXYTRR zwvFKivG6lWRhkMCMEGuefwdp0lusMs95Isaxxws8gLQxxyLIEXjpuRck5YgdeBQBFpnjWLVdfi0 63tQ0Epl2XImzkJFBIDtx38/GM8bffixbeJnutWXSP7PZdQjlf7VH5nyQwj7sobb8wbK4GBzu/um oIfBNha6g17YXV5ZzGaecGIxsAZQm8AOjDH7tcDtz2xW1b6XDDqs+pb5WuJ4I4H3EbSqFiDgDrlz mgDzyS51DT/G7P4g1TUrRJblhZz27hrVoiy7Y2XkL3BJGckelNg8R3k3jZpry41GGzXW20yLyJ1E ORwqNER8245JbgjIxXUP4C0c6+dQ2yiFpftL2gkIiafIPmEevA+pAq23g/SX10auVn80TC58jzD5 JmA2iXb/AHsf/qzQBxOma/rEPjm3ivbm98+51Ge2uLOQN5McO0GIqMYB6nIPI5NbvxAvb+1udJiS 5vbTTJTN9puLMsH8wRnylyozgtj61uQeFrG21r+1fMu55Vd5IYppy8cLP94op6Z/HHaq48F2Q0i0 04ahqwW1Z2ScXZErB87lY45GDjpx2oA5K81PxBq3g7QdVCXr28NpPcai9refZWcoNo+YfRmxjB9q 9F0a8h1DR7O8t2kaGaBHQyHLEEdz6+tZWoeDNLvrK1tFa7tLe3h+ziO0nZA8JGCjDkEEd+vJ5rdt beG0to7a3jEcMSBEQdAoGAKAJqKKKACmSf6tvof5U+mSf6tvof5UAVNL/wCPT/gR/lV6qOl/8en/ AAI/yq9Q9xIKKKKBkVxPHa28k8pxHGhdj6ADJrkL7x6+n6Sl/NpJ23Fqt5Zotxkyxl41Ib5flYCV DgbhzjNdjLGksbRyKGRgQykZBB6iucl8GabNaC2lnvJIkjWGDfICYIldX2Jx0JRMlsnAxmgCLTvG 8Wp+IIdNt7QGGZmC3HndhBHL93HX95txnjb+FWYfEsk+rjR/7PZdQSZvPTzPkjgHIm3beQ2QAMfe yP4SahTwTp8GpvqFlc3lncNPLPmIxsA0gUPgOjDHyj6ZPtWxBpUMerSamZJXuZLaO2fcRtKozMDg Drl2z29qAPPby51DTvHDS69qeo2cD3Egsri2cNb+VvjCxsvIHoxI6lfSmXGq6ovj/b/bMwhGrpbC QS/6IsRUk25T/nqcDnHXPI6V1Nx4C0ebxB/aJWURPIZ5rQSERSTZUiQj/gPI7kD05nfwVo8muf2q VuN5nF01v5p8lpwMCQr/AHvxx7UAcbaa/rFv46ijvLm986bVpLSSzfd5C2xUeUyjG0HOTkHnFdB4 9u722n0eJbm9tNMmklF5cWZYSBgn7pcqMgFuPyrZi8LWEOtf2qZLuaVZGlihmnLRQuwwzIp6Ej8u wqBfBtoNLt7FdR1ZRBK8qTrdkSnd95SccrjjGOKAOQl1PxDrPgjQdSVL2RIop5tQe2vPsrv5e5Rl h64JxjmvQ9CvYNR0KxvLZpWhlgRkaY5cjH8R7n1NZl94M0u70+0so3u7OC2iMKLaTsm6MjDIw5DA 98889a3bO1gsbSK1toxHBCgSNB2UDAoAnooooAKa33TTqa33TQBgp9xfpRQn3F+lFbEF231CztIV juLqGFySwWRwpI3EZ5+hqYavpp6X9sf+2q/41yOrRLNrNoj52mA5Gf8AbkNSrYWwH+qH5n/GsnuU tjqv7W07/n+tv+/oo/tbTv8An+tv+/ormhYW2P8AVD8zS/Ybf/nmPzNIZ0n9rad/z/W3/f0Uf2tp 3/P9bf8Af0Vzf2G3/wCeY/M0fYbf/nmPzNAHSf2tp3/P9bf9/RR/a2nf8/1t/wB/RXHavLY6NpU2 oTwM8URQFUPPzOFHUgdWHesg+JtIEE8v2K5KwwNOxG0hlWYRHaQ2GGTkEcEZ5zxQB6R/a2nf8/1t /wB/RR/a2nf8/wBbf9/RXE2F3aahqU1glhcxTQbhOZVwsRDYUE56sPnXGRtxkjIqiniHR5razlht 5pHumVEh4V0dioCOCRtPzg+hHIzkUAeif2tp3/P9bf8Af0Uf2tp3/P8AW3/f0V5xP4l0q1jlaawu VePzlKfKSXidUdB83JG4NnpjvnitjT2stSimlggYRRzyQq7dJNh2ll56ZBHOD8p4oA6/+1tO/wCf 62/7+ij+1tO/5/rb/v6K5v7Db/8APMfmaPsNv/zzH5mgDpP7W07/AJ/rb/v6KP7W07/n+tv+/orm /sNv/wA8x+ZpDY2+P9WPzNAHS/2vpw/5f7b/AL+imPqmnyq0Ud7bvI4IVVkBJ4rmWsbb/nkPzNVB bxQ6zZeWu3L8jP8An1oA6u0v7O0t1juLqGFySQsjhSRnGefpVgavpp6X9sf+2q/41yOqxLNqlkjf dMRyB/vNUq2FsB/qh+Z/xpvcS2Oq/tbTv+f62/7+ij+1tO/5/rb/AL+iuaFhbY/1Q/M0v2G3/wCe Y/M0hnSf2tp3/P8AW3/f0Uf2tp3/AD/W3/f0Vzf2G3/55j8zR9ht/wDnmPzNAHSf2tp3/P8AW3/f 0Uf2tp3/AD/W3/f0Vx2ry2OjaVcajPAzxQAFlQ8nLBe5A71kN4n0hbe4m+xXBWC3muGKlWDLHIsZ 2MGw2S4wQccHnIxQB6R/a2nf8/1t/wB/RR/a2nf8/wBbf9/RXE2d3Z3uqzacthcxzQFhMZFwsWGw uTn+MfMuM8dcVSHiHR3t7SSK3meS6ZUWHhXR2aNQrAkYz5qkHoRyD0yAeh/2tp3/AD/W3/f0Uf2t p3/P9bf9/RXm9z4l0q0hneewuleEThkG0kvEV3IPmwThgwPTHfPFbNg1lqIuXhgYRw3D24dukhQ4 JXnpnI5wcqe3NAHX/wBrad/z/W3/AH9FH9rad/z/AFt/39Fc39ht/wDnmPzNH2G3/wCeY/M0AdJ/ a2nf8/1t/wB/RR/a2nf8/wBbf9/RXN/Ybf8A55j8zSGxt8f6sfmaAOl/tbTh/wAv9t/39FNOq6fJ +7S+t2duFVZASTXMtY23/PIfmap/ZoodY08xrtzMM8+hH+NAHVWd/aWluEubmGFiSQJHCkj8asjV 9NPS/tv+/q/41yOqxLLf2KN90oc4+tSpYWwH+qH5mm9xLY6r+1tO/wCf62/7+ij+1tO/5/rb/v6K 5oWFtj/VD8zS/Ybf/nmPzNIZ0n9rad/z/W3/AH9FH9rad/z/AFt/39Fc39ht/wDnmPzNH2G3/wCe Y/M0AdJ/a2nf8/1t/wB/RR/a2nf8/wBbf9/RXH6tJZaPpNzqM8DvFbpvZYz8xGQOMkDvWO3ibSFh uJfsVwwggnnYoVYMsTKrbGDYbJcYIOOGGQRigD0j+1tO/wCf62/7+ij+1tO/5/rb/v6K4izvbO91 WTT0sLlJoi3nF1+WNQRsYnPRxkrjOQDnFU/+Eg0YwQukEzySNs8no6MXjRQwJGMmVSD0Iyc9MgHo f9rad/z/AFt/39FH9rad/wA/1t/39Fec3HiPS7SOcz2FyjwGdXT5SfMiVXZB82CSrAg9ODyDxWtp 8ljqX2loIHEcE7Qb26Oy43beegORzjkHtzQB2H9rad/z/W3/AH9FH9rad/z/AFt/39Fc39ht/wDn mPzNH2G3/wCeY/M0AdJ/a2nf8/1t/wB/RR/a2nf8/wBbf9/RXN/Ybf8A55j8zSGxt8f6sfmaAOl/ tbTh/wAv9t/39FN/tbTnYRpfW7OxwqiQEkngCuZaxtv+eQ/M1Ta2ih1fTTGu3dcJnn0Zf8aAOgT7 i/SikT7i/SitiDL1KKX7fb3UUTzCJDG6RjLDkkNjqR8+PwNKs8mP+PK8/wC/JrVe1imj3yjvgADk 1H/Z9p/cb8h/jWbSuUmUhcSY/wCPO8/78ml8+T/nzu/+/Jq5/Z9p/cb8h/jR/Z9p/cb8h/jSsu4X Knnyf8+d3/35NHnyf8+d3/35NW/7PtP7jfkP8aP7PtP+ebfkP8aLLuFzMvoI9Ss3tLuwvHgcqWUI 6nKsGByCCMEA/hVB/D2lyDD6RetuLGQnzcy7nDt5h3fOCwB+bNdF/Z9p/wA83/If40f2faf883/I f40WXcLmbDGlve3V5FYXi3F0yNM/lsdxVdq8E4HAxx1qnJounSCHOkXQaCOOKOREdXVYyCnzA5yu ODnPX1Nb39n2n/PN/wAh/jR/Z9p/zzf8h/jRZdwuYkelWMf2crpV3ut7h7qN2VywlfIZixOWJ3HO c9vQVYsIItMsIbGz066itoFCxoImOB9Tyfqa0/7PtP8Anm/5D/Gj+z7T/nm/5D/Giy7hcqefJ/z5 3f8A35NHnyf8+d3/AN+TVv8As+0/55v+Q/xo/s+0/wCeb/kP8aLLuFyp58n/AD53f/fk0n2iT/nz vP8Avyauf2faf883/If40f2faf8APN/yH+NFl3C5ntPJ/wA+V5/35NQRxzT6nbzNBLDFDks0qbcn 0APXPHStf+z7T/nm/wCQ/wAafHYwJlokw4GfmHb2NCS7hcytShmN3bXEUbyiJWSRIxlhySDjqR83 pxilWeTH/Hlef9+TWq9rFOm6UcZwMDk1H/Z9p/cb8h/jTaVxJlIXEmP+PO8/78ml8+T/AJ87v/vy auf2faf3G/If40f2faf3G/If40rLuO5U8+T/AJ87v/vyaPPk/wCfO7/78mrf9n2n9xvyH+NH9n2n /PNvyH+NFl3C5mX0EepWUlnd6feSQSY3KI2UnBBHIII5AqhJ4e0uVWEmkXrb9/mkmXModgzBzuy4 JVeGz0rov7PtP+eb/kP8aP7PtP8Anm/5D/Giy7hczYo0gvrm9jsLwXF0UMz+Wx3bBheM4HB7dapy aLp0qwBtIug1vFHDE6o6uqoVZPmBzlSowc5HPqc739n2n/PN/wAh/jR/Z9p/zzf8h/jRZdwuYkel 2UX2crpd4Wt7o3kbsrs3nHOXLE5YnPfI6egxPp9tDpWnw2Nlpt1DbQrtRBExwPqeT9TWp/Z9p/zz f8h/jR/Z9p/zzf8AIf40WXcLlTz5P+fO7/78mjz5P+fO7/78mrf9n2n/ADzf8h/jR/Z9p/zzf8h/ jRZdwuVPPk/587v/AL8mk8+T/nzvP+/Jq5/Z9p/zzf8AIf40f2faf883/If40WXcLme08n/Plef9 +TUCRzXGpW0xglhhgbezSptyRzgZ6k4A49c9q1/7PtP+eb/kP8afHY26nMaYcdNw6/jQku4XMrUo ZjcWs8UbS+TlXjQZYA8ggdSOvbjFKs8mP+PK8/78mtVraKePdKOM4GByaj/s+0/uN+Q/xptK4kyk J5Mf8ed5/wB+TS+fJ/z53f8A35NXP7PtP+ebfkP8aP7PtP8Anm35D/GlZdx3Knnyf8+d3/35NHny f8+d3/35NW/7PtP+ebfkP8aP7PtP+ebfkP8AGiy7hczL6GPUrGazu9Pu5LeYbXTy2XIznqCCOlUJ PD+lzK4k0m+YyFzKxMu6Xft3hzuywO1eDkcCui/s+0/55v8AkP8AGj+z7T/nm/5D/Giy7hczYoo4 L64vYtPu1uLgIsr+W3zBAQvGcDG49PXmqcujadOsQfR7rMUSwxuqOrKisrqNwOeGRSD1H4mt7+z7 T/nm/wCQ/wAaP7PtP+eb/kP8aLLuFzETSrKPysaXeForv7arssjN5/TeWJyTjHXjgegqewtodLsY 7Ky026it487UETHqcnk8nk961P7PtP8Anm/5D/Gj+z7T/nm/5D/Giy7hcqefJ/z53f8A35NHnyf8 +d3/AN+TVv8As+0/55v+Q/xo/s+0/wCeb/kP8aLLuFyp58n/AD53f/fk0nnyf8+d5/35NXP7PtP+ eb/kP8aP7PtP+eb/AJD/ABosu4XM9p5P+fK8/wC/JqBUmuNRtZjbzQxW8gkdpU29OcDPUnbj8a1/ 7PtP+eb/AJD/ABp8dhbqcxphx03Dr+NCS7hcFGFA9qKdmitSTQsYUe2BYZO5h+pqx9ni/u/rUWn/ APHoP95v5mk1HUrXTIBLcyhAchR3Y+1ZWbdkO6SuyXyIv7v60v2eL0/WuZl8Sw3DYeUKh6Ro3X6n qfoKgGt2KDfHsj/242x+o/rWvsJ9jN4iF9zrRbxn+H9aQ20fYVg2fiq2LiK4kXnGJBj/AMeH9R+l dIpDKGBBB5BFZyhKL1LjNS2IPsy0G3UVOenFZN3rttZa5YaVOkqzXyuYJAo8sleqk5znkHpUt23N YwlN2ii99nX2pfs64zWBqfjGx0y+vbNra7nlsoUlnMKoQu8gKuWYfNzn0x+Vbr31rHcpayXMKTuM pEzgM30HU0lJPYqVGpFJtbjvs60fZ1qKfUbK2dknvbeJlAYiSVVIB4BOTxzSrqFm8xgS8t2mBKmM SDcCBkjHXIHNO5HLK17En2daPsy021vba8DG2uIpwpwxjcNg+hxVmgVmtyD7MtH2ZasYoxQBX+zL TZIFWJ2HUKf5VaxUc/8AqJP90/yoAp2ESyWqlhnkirX2eP0/WoNN/wCPMf7xqSW52nah+ppvcSH/ AGeL+7+tH2eL+7VQyZ6kn60CTHTI+nFIZb+zxelBto+wquLwxcyHKdz3HvV0HIyDmgCD7MtH2dRU xzg4rm/EnjC08Myot3ZahMrIX822hDIgBx8xJGDSlJRV2XSpTqyUKau2bv2daX7OtYWieMtP1qJ5 BHc2CgqFN+ixebkE/J8x3dK2P7Rs/Mij+2W++YAxL5q5kB6FfX8KFJNXQ6lGpTk4zVmiX7OtH2da i/tOx8zyze2wk3+Xs81c7/7uM9fanx3ltMJDFcQuI2KuVcHYR1B9Pxp3I5X2F8haPIWmxX9pPbvP DdQSQpndIkisq465PQVn6f4jsdS1jUNNty5eySN5JTt8tg67gVIPPHsKXMio05tNpbbml5C0v2Za zdW8R2GkaBcay8hubOEqG+ylXJJYLxyB1Yd614nWWFJFB2uoYZ96Lq9hOnJR5mtNv6+8i+zLSNAq qW7gGrOKZJ/q2+h/lTJKOnxrJagsM/Nj9Kt/Z4/7v61X00gWeSeNx/lUrXtupwZRmm9wim9h/wBn i/u0fZ4v7tR/brf/AJ6ij7db/wDPUUiuSXYk+zxf3f1pDbR+lNF7bscCUVYByM0Caa3IPsy0fZlq xgVR1fU7fRtKuNRutwgt0LvtGTj0HvQ3bVhGLk1GO7Jvs60fZ1rL0bxPp2t6KdVidre3Vij/AGna hQg4weSB+ferx1OwWORze2wSIgSEyrhSegPPGaSknsXKlUhJxlFprQl+zrS/Z1rLn8S2Ft4gGjTO 0cxtBd+c5URBN+zBYnrn29KsPq8Sa5DpXlSmWWAziVQvlgA4wed2fwx70c0XsJ0qitddL/IufZ1o +zLTEv7SQSmO7gcQ/wCtKyA7Mdd3p+NEF/aXL7ILuCV9ofbHIrHae+B296dyeV9h/wBmWj7MtTjk UuKBFf7MtBt1XnuKsYprfdNAGCp+RfpRQn3F+lFbEGrp/wDx6D/eb+Zrgvibpl3dLHOsbS2wiaJl HO3PU13un/8AHoP95v5mo9Su4oIdkkXnFgfk7fjU05uE7xJqwU4WZ84RxtE0J85NyIRIdvJYliSP Tlv0qWKWSDS2sxcB2LBgz5x264/3f5V3XiHwpFq032m1jW2kfkBFI/P8q5628Aag77ppiIgeSo5r 1oVqLV5aM8ydGreyehS003k2ot5LGeR1CAKpyThQSfQfLx9a970K3mtdDs4Lg5lSIBvrXLeGbO00 JBEtkrkAEyKuG/8Ar9a7eJlkiV0PysMivPxVXn0Ssjtw9JQvJu7M670CwvdTiv54MzR9Ru+WTH3d w747elZPjvTbq60aC+0+FpdQ025S6gRBlmwfmUAcnI7d8V1dIRmuOceaLR6FCq6NRVF0PJNR0XVb 74c65ez6dctq2q3izm1ERMiosgCrt68AE/Qio/GGk6teeJLqaLRJ9sVxBLHPb2+/zU6MzPy2R8o2 LjABOO9eu7Pel2cYzWLoJq1z0aebVIT5uVbv8bafJJJHh/i2yeBfEj3entNPPqUcsF/tBVYicCPO cgjpt68ZIrqLHQ50uvGt5JognupZnFp58ZTzlIbIVuDg98Hmutl8HaBNqp1N9NiN2ZBKWy20v/eK 52lvcjNbXl+9EaFnd/1v/mVWzTmpqEF630/l21f8vkeZfDzTr+y8UXVxc6dc2sVzYofntRCgkBG5 QqjC4IOAeSOe9enjrSBcHNOrWnDkVjgxWJeJqe0att+AUUUVZzBUc/8AqJP90/yqSo5/9RJ/un+V AFXTzixyPU1jvI7OWEhX8a2dN/48x/vGsXV7Se0mM9mnnRscvCDgr7g/0NN7iWwnmTf89/zFOE0n eQfgKx/7YtlIWUywv/dljIP+FMfXLNeEd5X/ALscbMf5Uhm6Lry1dpJBsAyfYVp6JI02jWrsCCUH B9K5SztL3XplWaN7Sxzkhj80n+A9q7mKNYoljQAKowAKAM280Cxv9RhvbiHdLF2DfLJjkbh/Fg8j PQ1S8cW0934L1WC3hkmneHCRxqWZjkcADrXRUhGaUldNGlKo6c4zXRp/ceda5o9xf2Xge2fT5Z44 ZIRdoYiwjXYobeOw4I5rD8aaJqdzrd4tnoEqxwmB7aW0tg4kQAA5bqNuAAi47kjivYNnvSbPesZ0 FJHdQzOpRkmkna/4u/8AwDxzWfDl5c6Z4xuo9GuJL2TUlezcWzGRk3ZJTjOOecVp3+iXen6x4rTS tCEtpJYwCCARlYZWBXdjGAxA3HHfGO9eobPel2e9HsF3/rX/ADK/tWq1ZrT5/wB3/wCR/FnikXh7 WW0jxNDb6dexpci1njje2ERmRSxkUKo2g8j5evTqaty6BqV9H4wXSdGutNiu4LX7LA8XlbgMb1Hb JweM8Zwa9g2UbPel9Xj3/rX/ADNP7Zq6vlXTv05f/kV+J45qOh6hdaH4ouNO0O7srK6jtUt7DySr vIsibmEY54APPevX7NStlArAhhGoIPbinlM0+tIU1DVHHicbPERUZK1v8kuvoFMk/wBW/wBD/Kn0 yT/Vv9D/ACrQ4zElnaDRxtONz4/SsO4ufLjBRDI5OAoBOe56Vs3Nq91ouIv9aJMrn6dK5eWa+gYo +nTkjjK8ih7noYRwUNSwdQJY7IiYyflfHUY6/nx+tOjuna1aQ+WGBABPC849+ep71T+2Xef+Qdc/ TvQLu8YZ/s25OPpUnZz0zUjmDxI5yCy55GK3dAunnjuI3ORE+0H2xXH/AGjUH/1enT7z0LdM11vh eymtLB/tJ/fu258dBTRx4uUHGyLF/oNhqN7Fd3UO54uDg/LIo5AcfxAEA4Peuf8AH9pqes21hoen wttup99xM0ZMSKnzAOcY5ODjviu0xxSFM0pR5lZnLh67oVFVirtbev8AwDx3UNE8Q6dpHifSbi1e +N+kV5HLZwMUMvmLvAAH3iBnH+zmrVx4SU67qSpof+ijw8fKxbfIbnAAxxzJyfevV9nuPyo2e9ZL DxO/+1626STe9tOiX6fmeMtpF6s2my33h6+vo08O+QV+zljHMXfbkH+IZHHUA5xxWjaeHtdj1DTI XhmW4Xw5LbfadvyRSnfsUsOAQCo69q9W2e9J5fTmhYeK6jnm9WS+Ffj5/wCZ414f8N6rDHds1heQ PFpE9vIhsViWVmU4TcGzKd2CGx2xWl4f0C40/XPBVxHpMtvttJxfSeQVwxRtokOODnpmvU9h9aXZ QqEV/X9diambVZ810ve/VNfqIPr0p9IFwKWtzywprfdNOprfdNAGCn3F+lFCfcX6UVsQaun/APHo P95v5mpZreOb7yg1Fp//AB6D/eb+Zq3WXUroVhZQD/lmPypfscOMBFx6YqxSN900XYWRX+xxdlAP rU6qEUKOgrDk8RxIuo4tbndZ3EVqoddnnSSFVXbnkLuYDcfcjIwTPB4hsv7JS/vXFlF50lvIZm+S N42dW3P0C5RgGOAeO5ApXbC1jXorJuNYiiu9KgWG4b+0XZY2MRQR4iaT5w2CDhCNvXPUcGs1/F8K TSRfYpiGkkitjuH75450t3B/ujzZFAJzkZPbFAzqKK5+PxhpEcMZvp/scpMgkSQFhH5cjRuzMBgI GUjcSAMrnGRUtx4t0S3tI7ie8aKOTf8AfgkDJtwG3rtynJA+YDJZQOWAIBt0Vianq95Yaja2sOlt crcv5cUguFX5wjOQQeRwp5pl34q0y1ilffK3lTRRMPJdc+ZIEDJkfvF3N1TOeg5oA3qKwP8AhK9N +0TJumZUgilXZC7u5dpl8sRKC+9fJfcu3IwcgbThE8X6V59wmbpljMIR47WWTz/MQuvlhVJfCgk7 c4wc4oA6CimxyJNEksTq8bgMrKchgehB7inUAFRz/wCok/3T/KpKjn/1En+6f5UAVtN/48x/vGpT GdxqLTP+PQf7xq7Te4ik9nFKP3kKN9RTUsLdD8kEa/Rav0jdKQyDyfapx0FZWp6s2mzW4e0d4JZE jaUSKNrMwUALnLHucdBzUNj4gjvriWP7PLGqo8sTffMiI2xjtHIOeg5J/SgDcorEvPFGlwaFdarD cJcwQhApRgFkZwvlqHPy/NvQZJwN2SQM1V/4SpNls32XzFkVHleG4WRI0eQxoQw+/kjt0oA6WisO Pxbohfy/tpyHZM+RIF+VirnO3G1WG1m+6pIBIyM2INf0291CXTrW58y8jEhKbGAPlsqvhiMEBmCn B6hh1VsAGpRXOWviSRn1D7dpstpFYyCKVkfz2aQpG4VEQFmysg6DqCMVJH4r0p9WSwMzK0kUMiSF GCEyPIgVuPkbdGVw2PmZV+9xQBv0Vz1t4u0yewtbgm4V7i0W6EawPJt3R+YELKpXzMdEzuPYGptJ 8T6bqht44XlWaeFJQjwuApZA4jLEbRJtIbZndt+bGOaANuiiigApkn+rb6H+VPpkn+rb6H+VAFHT 13WWD2Y/yqYxKRg4x6EUzS/+PT/gR/lV6h7gnZFTyVznAzSeQm3GBirlI3SgrmZV8sD3+lSQRmMN xjJzWfqurNpZidrR5IGZVeQSKNpJwAFJyx9h6VHZa/He30tt9nkjUCdoZM7vMEMgjkO0cjDEYHcf lQJts26KzE12xurGe5sne8WJUJW3QsWLKGUDoMkMp6gAEE4HNZ0niqFLSxuUtJXjubWO8k+YAxRO QAf9o5YcCgR0lFYQ8XaGkkkTXpDRyPGx8iTaCjFJDu242oRh2+6mQWIDDNqDX9MvNTk0y3ug92qy NtCNtIjZVfDY2ttZwpweGyOqkAA06K5y18Ryu+ofbdNktIbCQRTOsnnEyFI3VVRAWYkSqBgdeMU6 PxbpMmqJY+cymSOJ0cowBaR5IwjDGY2Dx7SHx8zKv3jigDoaKwbbxVps0Fq7tPG9xCJgggeTaCMq rMqlQxxwuct2BpdF8VaZrEdn5DTJLdQJMI3hfCFkD+Wz42h9p3bM7tuGxgg0AbtFFFABTW+6adTW +6aAMFPuL9KKE+4v0orYg1dP/wCPQf7zfzNW6qaf/wAeg/3m/mat1i9ylsFMLjpkAnpzT643U/DU mseMLu4kS3jtjYWsazva75QRJcFhFJuHlsAynOD1FAzZu9Ciuvtzee6PdTQzhgAfLkhKlCB3+ZAS D7ioZPDkM+hf2VLdz+U8zzTyJhGkZ3aRsH+H52yMegFc2sWu2dzaJbWt6o/tWWQ4LeX5UmoOZGKr gf6pgcyZ4YFBkMamuP7b/seEkanv+1j+0d3mfd2Sf6ryv3u3f5P+r+X0430AdZPp/wBpfTXnnZpb GXz9wUASN5TxnI7D94Tx3xWS/hGB5pJTeTYWSSS2G0fuXknS4Y/7Q82NSAegBHeoL46ylvoFt9sZ b28jW1uicIQ2FeSQBMhWCpKAQSoZlHIOapafLrcMUdxONSMcZtWvlZJHJn/ei4Ea8lk/1WBHlP7v egDXTwpAIHja8mZ5VPmOAo3MZzMzAdssxGOwqjrXhW8u2aPTp1jS6Nwt1LJNtZElKEhU8tt/3B/E pxkZGcra8NLqkl0LnUXvQn2KEJHN8q72eQuSDzuwIxz09OTWRpcPiG4l0+G4k1OKJmt/7RYswP2j ypzcBS3SIt5ABj+Tn5CDkgA7G5skuryyuWd1a0laVVHRiUZMH2+cn8KwB4Jt0u7q5jv7hLi4aJvM WKPdmOYSqWJXLnIwS2eOmOtYUUOtgXVxt1L7S1vYx3zSJKPnDzmYRMg3FcspHlkgAjbgcV0eh2+q PdsdSuLxo/7PgjAY+WpkZpN7cHO/AjGScj2JNAEE3gezmRmecySsI2zLGsiF1edyxQ8HJuH47YXH SppPB9u1s0CToISkCLFJaRPGvlIUB27cDgjgYwV44yK57w1b65aaZpNqkWpRXMNrHGscwcRLELTB Dbvk3i5Hf5sYx8lOig1NbO9kt7fV5XmmgUmQyQuWERyN3yuU8zAzuAG7lvLBAAPQLZFtraKASSSC JFTfK252wMZY9ye57mp68+sotc1ForbULgu1o9lcyAhid7yQysjhRgMhSXAAAVXjzwSR6DQAVHP/ AKiT/dP8qkqOf/USf7p/lQBW0z/j0H+8au1S0z/j0H+8au03uIKYXHTIBPTmn1xur+GpNb8V3ksi W8ds2n28QuJLXzJVPmTlvJk3Dy3AZTuwcEqcccoZuanpJ1OW333jpBHKsjRBFO5lbcCG6qeMHHbN Q6foS6dcyzx3bsdjxwBkGIVdt5z/AHvm9a5lodcszbJa2t6D/adxJ8hbZse+csSq4B/dNu+ckYI2 jOamuhrJ08kjU8/bv9Oz5mNmJdvleV+9xnyM+X8v/kWgDobPQxp2lyWFrfTqCVeOWQLIysNuScjB yy7j3yx5B5qknhGFBHi9mwzl7n5F/fMZ2n4/u/vHbp2OKr6h/bS6boEP21kvrtFsrwnCNllVpZVV chZFCPtIJVS3Qg8VbWTW4kaaQaiRG1u94rK7ZkEh80RrzuTZt4jyp7c5oA15PCttLavbm6mw8EsB Py5xJJ5hPTseBUGkaBfWniOe+uJIkso/ta20KS+aT58yyuzfIu07k6Zf72ARtyyeGxq0+pyXOoPf Lb/ZI/KjmBVd7Tzkkg87gghGD0BHGay9Nh8QXAtoZ5NUiVjai/Ysynz9s32kIW6Rk+UAY/kGf3ZB 5AB0d14ehuYNUi85h/aFwlw+UDLlY449pXoykRDIPXJHSs608E21k8CR39y1vGLcNCUQb/JneeM5 VRgh35xgELjAzWJ5Otb7udV1H7X5Ful20iSgD98xlETKNxG05xGSBxtxk1vaBb6s+os2pT3jW40+ FUVsopdpJtx67t4QRDk55BPzdABtn4IsLKezmR1ka2to7dXkgjaQ7I/LBDkZXjqBjn8RVjTvC0en 3lndfa2ke2t0hDCFEdwqbAGdQCV/i2nI3AEdABz3hu21izstFtFj1KOWC3giCS+Z5axrDiUNu+Xd 5o4zzjG35aZbW+reTcSCDV5pJhaRzlzJCwkCyl1VgFkKeYy4KsAC/wB4RKVAB6KHA4p9ecWcfiDV Yra01GYmW2bTry4VlYkO0sEjIwUYDKYpzgABVeIk4Jx6PQAUyT/Vt9D/ACp9Mk/1bfQ/yoAqaX/x 6f8AAj/Kr1UdL/49P+BH+VXqHuJBTC46ZAJ6ZNPrjta8NPrviS5aVbeO2awii8+S18yVTvl3eTJu HluAQd2G5KnHHIM29V0k6r5KNePHArgvGEU7sHIIY8qeMZB9frUVjoSWN/LdpdO/E/koyDEPnSCR 8/3vmAIz0HFc1eRa3aRRrY2t75n2+5lURlghDXTHLKMA/uyW+c7SOgLYqe8GtGzusDUc/wBoMLn7 +3yd0uzyvL/e/d8jPl8fj5tAHSaTpEekW0lslxNKjkP+9bJDbQGOfcjcfdie9Z7+FIGs7G1W7mWK 2tI7N/lUmaNNpH+6cqORVTUP7XXR9CQ3ksd7chbG7zhGPmKC8iAZxKuwlTkhQWyD2rRtrcYnlxqP 7uSJ7sFXbkXKlhEpzuXyQ3EeQenLUAa1x4Vtrm1ngN1MBNBewEjbkC5kEjHp/CRgfrUGlaBfWniW a+mkiSxiF2ttCkvmFjcTJK7N8i7TuQ8Zb72ARtyzPDo1a41i5ur979LTyt1vFMCiktc3OCQQG3CP yRg9ARxnGKFpDrtxGsLyapGXe2W9csykS7n8/wAstwE27BmP5R/CQeQAdDc6BFcW+rRee6/2jOlw /wAoIBVI02kfxIRENwPUMw6VmWfge2sZI1jv7kwK0JaHZGA/lXElwnRRjDydsDC4xzkY80Otme8n jXUPtghVLhpEk2qpuVLiJlG45hB4jJxgbQGJzteHYNWbUWfUbi9NstlEIlfKKWaWfrn5yyx+UPmO 7kFhu6AD7XwZY2l/Y3iskj2kUcStLBG7nywQpDkEp945x1p+leE49Ln0+UXryGytUt1byUR3VU2A O6jJXHzbTkbgD2AGH4fttUs4tItFTVE8lIY1WbzCgUFhOH3fLnONu7nGNnFVbS31nbNPNDq0s8tv ZQ3bt5kREy/aDKqsoV2j8x1IKHA8z7wiUqAD0kOBwafXnFrH4h1aOxtNQm/e2/8AZ1/eIytuErSQ MYyFBA2mKdiOAu6M5wWx6PQAU1vumnU1vumgDBT7i/SihPuL9KK2INXT/wDj0H+838zVuqmn/wDH oP8Aeb+Zq3WL3KWwUUUUDCimswUZOAAMkk9Kym8UaKtrJctqEKwR7CztkDazbVYZHKk8Bhx70Aa9 FZ8Wt6dPqLafFco10rOjRgHIKBCw/ASJ/wB9Cli1rT5ltjHdI32mRoohzlnXO4Y6jG05z0oAvZGc UuRXC6Z4x1TV/E1za2unWptLacwSwvPsuVAbBkweMf7PWprTxrJf+LW0q1isfs8dy9q6yXG2clB8 zquMFc5AGcnaT2oA7PIoyK4fSPHkupa9bW8llHHYX089vaSCQmTdFgkuMYwQeMGr3inxRc6LfWen 6fawz3dxFLPmdyqKkalm6AnJxgUAdVkUuQa4LVfiB5VjodxZGxhOpwtMWv5WWOJVA4JUEk7jjp2r uIHLxI5KtuUHKHKnjt7UAS4FFFFABUc/+ok/3T/KpKjn/wBRJ/un+VAFbTP+PQf7xq7VLTP+PQf7 xq7Te4gooopDCikJxWQ3inREtZbltRhWCIKzO2QNrNtVhx8yluNwyM96ANiis9Nb06TUjp6XSNdh mXyxnOVVWb8hIh/4EKWPWtPlSBkuUIuJmgjGDlpFzuXHUEbTnPpQBeyM4oyK4ey8Y6pqfim5s7PT rU21pO9vLDJPsuMKVHmAHjHzcDqcHmpIPG0l54tbSbSKyMEd01q4luNk7FfvOq4wVByMZycHFAHa ZFGRXD6b48lvvEENu9lHHp91dzWVvIJD5vmRgElhjGDnjBrR8T+JbnR73T9O0+1invb1ZpEM7lUV IkLtnAJyQMCgDp8ijINcFqXxBCaToN5Z/YoDqsbyE38jLHCFA3AlRknccDjtXcWsjS28cjMjF0Vi 0ZypyOoPp6UATYH50UUUAFMk/wBW30P8qfTJP9W30P8AKgCppf8Ax6f8CP8AKr1UdL/49P8AgR/l V6h7iQUUUUDCiqd7qlnpwQ3Uwj8wkIoBZmwMkgAE4A5J6AdarP4k0eMzBtQg/cpHI5DZAWQgI3HU EkYI9aANXFITiqEet6dLb206XUZiuZjBC/OHkBI25xwcqR9RWX4i8WRaVo8t5ZxrdMl0tmzElYon JwS7Y4UdyO5AoA6PIoyPWuR03xRqEfhaPUtT03zZZFj+zjT28wXBZd3TjZjnOeBjrVeHxtcSeCNL 1kWcJvtTuhaQQ7yIw7SMq5PXGFyaAO2yKWuDHjy5n0yzS3sYP7XuNQfTjHJIfJSRD8zbgMlcEY47 +3PQ+G/ECa94ci1XyvKJ3iSMHO1lJBA/KgDayKXiuH8N+O5Na1G2iurSG3tr+CWezdJCWCxuVYOC MZ4J47CrHgrxdN4o8+WR9NVAodIIJHMyAk43gjHTHQnrQB2GKKKKACmt9006mt900AYKfcX6UUJ9 xfpRWxBq6f8A8eg/3m/mat1U0/8A49R/vN/M1brF7lLYKKKM0DKeq2Q1PSruwaRoxdQSQlwOV3KV z+tcdqXg/UdXht0u/sYEFtBaGJZWKyxrPHI7E7RjKx4A56nmu9yKOKAPP9F8J63oetfbhJa3ypJc hTJOyOyOtuqFjsI3AQnNb+n6ALbxZqWrvHCI54o1hVWJMcnPnHGMDdiLkddvPv0PFGRQB51e+Edb 1HxhBc3NxamGC4W5ivkTZMEUnEJ2qAfc56D8KmTwNer4mWcT2w0xNWbVgwz5/mMoHl4xjbkZzn8K 7/ijIoA4Kw8E3Efi9dYni0+CKCeaeP7I0m6ZnGBuRiVTAznaeSe1Sa14f1/X9H07+0bbQ5dRiMvn lXmRE3ZCmNhz025VgQfpXc5FGRQBxF74W1aDw5BoelNpclubBrKea6R1lXd1ZGXIxznaR1A5rqtJ shpuk2dgrs62sCQh26ttULn9Ku5FGRQAUUZooAKjn/1En+6f5VJUU/8AqJP90/yoAr6Z/wAeg/3j V2qWmf8AHoP941dpvcQUUUZpDK2oWq3+n3FmzsgnieIsvUbgRn9a4jUfB2p6ppttbXBsh9mtIbNV ErFZlWaJ3Zvl4+WLAHPLHmvQMijigDz7SvCOtaNrqX6Pa3kUM1yIxJOyOYnjgjj3HYRuAhwfz74H QWWgCHxde6y8cKpNbxqiq5JSXnzWxjAyBEMjk7fz6HijIoA861PwhrWq+LYJp7i1NvFP9oivkTZP HGCuIflUAnrgk5wT9KlbwLeHxIJkntl0z+1xq5bnz/MxzHjGNpbnOc+1egcUZFAHB23gmc+MV1ee LT4LeG5kuUa0aTfMSMDcjEqpHJJU/NxwKk1fQfEGvaPp41K10KbUYZJDLteeNFBBCmNxz6ZBBB6V 3GRRkUAcPceFdXtPDFtoektpksX2KS0uJbpGWQb/ALzIy54ySdpHYc11Oi2A0rRrLTlcyC1gSLef 4toxmr+aMigAoozRQAUyT/Vt9D/Kn0yQ/u3+h/lQBU0v/j0/4Ef5Veqjpf8Ax6f8CNXqHuJBSHoa WjNAzD1LTrw65aavY+RLLDbS2zQzuUUhyjbgQDyCgHToTXGP8NtRiidbe9gMgjtIldnYeYiMWlDD HHzBSvX7vOK9P4ozQBx1p4f1FfB93oNzDZ7ik7W863DECVpGeMkbAVwWByM9KvXGiX8fhK10zTZb WC5iVN6zRiSKY9XVsgnDHJ3Yz3ro+KOKAOI8EeGbzRdGvGuTHFLfxxt9lQnbCRHgk5H3mJy3v61X t/BepQ+AtF0oy2h1LSrxbyP5mMTusjsFJxnBDYzjg13+RRxQBwH/AAhV7H4ZFq0Wm3l7LqLahcJM 8qRhmPSN0wykDHODnnitPQNC1bw5YaTpto9jJZgzPqLSK2/c3KiIDjAOQc9uldZkUZFAHBaF4Iub DXm1OeLTbZoopkgS0Mro7OfvMrn5QBxsU4OScjNXtD8P6rH4mbW9XOnxSR2IsYodP3CNlDlt5DD5 fQDn611+RRkUAIvSloyKKACmt9006msflP0oAwU+4v0ooT7i/SitiDH1Se8Gp21vb3c0CNCWIRyB ne/OB7CnImo451S5P/A2/wAaZqZ2azZu3CGJlDE8ZDPkf+PL+Yqys0YH31/76FZPcpbDNl/j/kJ3 H/fbf407bf8A/QSuP++2/wAalE0ePvr+Yp3mx/31/MUhkGy//wCglcf99N/jRsv/APoJXH/fTf41 P50f99fzFHnR/wB9fzFAFSeW5toWmuNYkhiXG6SSUqoycDJLYHJFQi/zEJR4gQxlPM3/AGkY2527 s7um7jPTPHWk1+yGsaJcWEdxHE8jRsHY8DbIr9v93Gfeufl8HvIlz/xMYAbtJUnJUsVV7gTZBzl2 G3GW5P6UAdLHcTTOqQ62ZGYMVVJ9xIU7WIAbseD6Hg0kl1JFAJ5dd8uEoJBI8+FKnADZLYxlgM+4 9ai0/S7ew1zUtQVoMXTq0SL/AMsRjLgem58uccZ61ip4SFsmm/ZtRQCy8mRIZOUEqMpcg5yqtjOO xJI6kUAbn2/MXmjxChj2eZv+0jG0NtLZ3dN3GfXip0a7lLiPVpXMblHCyE7WHUHngjI49xXPyeEo rko9zdxFpLu5mu1TKrLHMdxjz97hlQg59fWtnQ7IaVpUdtNdLcXLM8txPwPMkdizH8zgegAHagC1 sv8A/oJXH/fbf40bL/8A6CVx/wB9N/jU/nR/31/MUedH/fX8xQBBsv8A/oJXH/fTf40my/8A+glc f99t/jVjzo/76/mKTzo8ffX8xQBUZdQ/6ClyP+Bt/jUMU9/FqtpFLqFxJHI3zKZDgj0IzV1pY8f6 xf8AvoVSLCTWrERkMQxJwc4AGc/oaAJdTnvFvbWC2u5YVeMkhHKjO5uePpSouo4/5Clyf+Bt/jTN SbZqli7cIY2UMTxkE5H6j8xVlZowPvr/AN9Cm9xLYZsv8f8AITuP++2/xp22/wD+glcf99t/jUom jx99fzFO82P++v5ikMg2X/8A0Erj/vpv8aNl/wD9BK4/76b/ABqfzo/76/mKPOj/AL6/mKAKs0l1 bwtNPrEkUS/eeSUqq9uSWwKgGoZhEw8QoYthk3/aRt2A7S2d2MA8E9AeKTX7Iaxod1p8dxHE8wXD tyBhw3b6Vz0/g9547sf2jAGvYriGYkFiqyypJkNnLsPLxluufagDpo7iaWRY4tbMjtu2qk+Sdpw2 Bu7Hg+hxnFElzLFAJ5Nd2QmPzBI8+FKcfNktjb8y8/7Q9RUNjpdvZa/qOpBoMXJQxIP+WXXzP++m +Y4645rGHhIQpp32fUkAs/KlEUnKecskTuwOcqHKZI7E5HU0AbY1DMPnL4hQxbDJv+0jbsB2ls7s bQ3BPrVhGu5TII9WlcxvscLITsbg4PPBwQce4rn5fCcN2Q93dRM017PNdohKrJDKAGiz97qqEHPr 7Vr6HZf2VpghuLtLi6kkea4nwB5kjnJOOw6ADsAB2oAt7L//AKCVx/323+NGy/8A+glcf99N/jU/ nR/31/MUedH/AH1/MUAQbL//AKCVx/303+NJsv8A/oJXH/fbf41Y86P++v5ik86P++v5igCoy6h/ 0FLkf8Db/GoY59Qh1Wyik1C4kjklAZTIcEZ5BGautLH/AM9F/wC+hVJmEms6esZDESbjg5wBzn9D +VAEupz3aXVpDbXUsIdCTscqCc9eKEXUf+gpcn/gbf403U22X9i7cJtYZJ4z3/mPzqyksY/jX/vo U3uJbDNl/j/kJ3H/AH23+NO23/8A0Erj/vtv8alE0ePvr+Yp3mx/31/MUhkGy/8A+glcf99N/jRs v/8AoJXH/fTf41P50f8AfX8xR50f99fzFAFWV7q3iaWbV5IolGWeSUqq/Uk4FQDUN0ImHiFDEUaQ OLkbSqnDNndjAOAT0BPNGvWS6xoN5pyXEcbXCbQ7cgcg8j8K5+48ISTpdn+0YA94lzFKWBbasrRn IYnLsPLHLdc+woA6RLiaWRY49bMjsWVVSfJJUgMAN3UE8+nGcUPcyxw+dJrhSLYZPMafC7RjLZ3d Msoz7j1FV7HSbaz16+1LfCRcLGIkA5iPPmH6udpOOu3nNZD+ElVLX7PqSqINsnlPynnCWKRnHOVD eXyOmTnqTQBtjUN0Xmr4hQx7GfeLkbdqnDNndjAOAT2zU8b3UrOseryO0bBXCyElSQDg4PBwQceh FYE3hWO8LSXd3EXnvpZ7pY8hXhlRUeLPXoq4PY89hWtodgNK09op7pLi6mleeebgb3Y54HYAYAHb GO1AFzbf/wDQSuP++2/xo2X/AP0Erj/vpv8AGp/Oj/vr+Yo86P8Avr+YoAg2X/8A0Erj/vpv8aTZ f/8AQSuP++2/xqx50f8AfX8xSedH/fX8xQBUZdQ/6ClyP+Bt/jUCT6hDqlhG+o3Ekck6BgZDgjcA QeferzSx/wDPRf8AvoVSkYSaxpgjYMROGODnABU5/Q0AbifcX6UUJ9xfpRWxBFPYm6RhtRo85IkA Kg8cgnoenQ1ANHQdEtP0/wDiq2reDz7ZTkAbjx+NS/YfcVm3qUkYP9lD+5afp/8AFUf2UP7tp+n/ AMVW99hHqKPsI9RSv5BYwf7KH920/T/4qj+yh/dtP0/+KrdNjjuKT7GKL+QWMP8Asof3bT9P/iqP 7KH920/T/wCKrc+xij7GKd/ILGH/AGUP7tp+n/xVH9lD+7afp/8AFVufYxR9jFK/kFjD/sof3bT9 P/iqP7KH920/T/4qtz7GKPsYov5BYw/7KH920/T/AOKo/sof3bT9P/iq3PsYo+xii/kFjD/sof3b T9P/AIqj+yh/ctP0/wDiq3PsYo+xii/kFjCOkKeqWn6f41LBpv2fcUWJVPDmJQSR6E9hWx9jFBtt is2Oinr9DRcLGVPZm6RhhGTOSsigqD65PQ/Q1XGjoOiWn6f41s2sHn2ynIGGPFS/YfcU29QSML+y h/ctP0/+Ko/sof3bT9P/AIqt37EPUUgs1JwHQn60r+QWMP8Asof3bT9P/iqP7KH920/T/wCKrd+w j1FBscDqKL+QWML+yh/dtP0/+Ko/sof3bT9P/iq3PsYo+xii/kFjD/sof3bT9P8A4qj+yh/dtP0/ +Krc+xij7GKL+QWMP+yh/dtP0/8AiqP7KH920/T/AOKrc+xij7GKL+QWMP8Asof3bT9P/iqP7KH9 20/T/wCKrc+xij7GKL+QWMP+yh/dtP0/+Ko/sof3LT9P/iq3PsYo+xii/kFjC/shT1S0/T/GpYNN +z72RYlU8OYlBOPQnqBWx9jFAttmWx0B6/Si4WMqazN0jLhGTOWWRQVz65PQ/Q1XGjoOiWg/L/Gt i0hM9sCSBhjxU/2H3FNvUEjB/skf3LT9P/iqP7KH920/T/4qtp7ZE6stNEcR/iFK/kFjH/sof3bT 9P8A4qj+yh/dtP0/+KrcWzV1DBlIPcUv2H3FF/ILGF/ZQ/u2n6f/ABVH9lD+7afp/wDFVufYxR9j FF/ILGH/AGUP7tp+n/xVH9lD+7afp/8AFVufYxR9jFF/ILGH/ZQ/u2n6f/FUf2UP7tp+n/xVbn2M UfYxRfyCxh/2UP7tp+n/AMVR/ZQ/u2n6f/FVufYxR9jFF/ILGH/ZQ/u2n6f/ABVH9lD+7afp/wDF VufYxR9jFF/ILGF/ZCnqlp+n+NSQaZ5G9o1iUEfOYlBOOeM5yBWz9jFKtrtbOOxz9KLhYz/88UUi nKg+1FakmpYcWY/3m/mas7h6isWS6+zWcI/vO3Hrg5pn9rye9eZXx9OjUcJnTToTnG6NqSeKLHmS omem5gM/nTDe2oBP2mH/AL+CvPfG/jW+0KCwa2hMhnkdW5xjC5riJfir4kbPlW9ug/22LfyxXRQq qtDnjsROm4OzPfo3WRA6MGRgCrKcgj1zT680+FnibVNdm1SHUI41ijKyRiPOFZidw56euO3NdvqE GryXcJsLuKK3b5Zg8QZk77l9z0weOc1qQWri9t7NQ1zcRQqxwDI4XP500ajZm3+0C7t/IJx5vmDb n0znFcL8U4Hu18P28UMU8kt/sWKYkI5IwASOcc9q5nWPDN/oPgjVpb6O1txeXlsY7S2ctHDtJBIz nrkd+1YSrSjJpLRHrYfLqdWlCUqlpSei+du9/PY9qHIp1eV6j4l17Qn8WWa3r3r6fHbyQzSxruTz ANxwABgZ6c9Kq3HiXxDZ+HvEO69l32sVvLBNJLA80ZaRQQVjJGCCcZHTvQ8Ql0/r+kTHKasrNSVm 0lrve3l/eR63I4RckgADJJ7UqMHQMpBBGQR3FeOeJL/Vhba5pN5qk11AdKhvRuRFIYugK8D7p3dO vTmrV9rGtWKaXpVjf3RiGlfaxcK0Ks7/AN1mfC7E4BA5xj3NH1hdi1lE5JWmtfW1rJ3v8z1ukNea 2Wr65rPinQ7J9TezS40kXU623luruHYEhsEYbA6dulZNrr3iJ9N02+/tybdda0dOKNEhVUb+Lpkk duaPbrszNZXUf21+PW/l5M9ZnuYbfBnmjjViFUuwXLHoBnv7VYrx3VNY1IxXFhd3YvRY+IYIY5ri GNn2kP1+XAPHUAHk1LP4i1+G21HU11iUraa+1klsUXY0eehOM+w/HrS+sLsWsoqO3vLX162t08z1 2o5/9RJ/un+VeU6n4q8RJ4h1R7eR44bC+S3S2eSCOJ0zj5i5DFnHII45r1OXIhkH+yf5VpCop3t0 OPE4SeHUXJp8yvp02ev3kOm/8eg/3jTdQ1FLJAMjzG5Gew9adpv/AB6D/eNcj4ulePVAGJCsny4O K6aUFOpys4pO0bmg+oCfDPLv3njJ4J/yKi+1Q4LBkwvLYPTn/wDXXHtPFAi4UgIRtAcgLkjpz6gf 5NOF+iT+UEDb8FsnqRuP485/SvQWHXQw5zt4NWkgfYriTv5bHqPb0/lXRW88dxbpNE2UcZBry4X8 aMHxtKrt3Fjwvp9O9d34VaSTQopJFKl2Z1B9CeK5cRRUFc1pyvobdQy3EUUscTyoskmQiswBbHoO 9ULu31d7+FrS7hitG/1ytGGdcf3T3z056deelYvxBSJdBgn3MuoxXUZ04x8uZyflUdMgjOfbPpXF OXLFs66FL2tWNPvodOlzFLI8SSo0keN6qwJXPqO1WK8wsdSh0vwFPfLezW+qXF+UvnWJXmNwW5jG TtQ4AAJyAOcHNZtv4m8QT2FpbnVJI5v+EiXTzMAjkxnsSBhsE9QBmsXiIq1+p3rKqknLleidtfz9 D2GivLB4m1K00/WbO61i4aW21ZbK3nWFDNLnOFBOEU8Z3EEAA8cio7LxLrR8F3upzar/AKbp2qGC NMK4ul+T90do5J3HBUDp6U/rERf2VWeqa3S69duh6vRXMeCby61HQE1G8v8A7VPdSM7IFAW3OceU BjPy45zXSrWsZcyUkefWpulUdN7rQdRRRVGYUyT/AFbfQ/yp9Mk/1bfQ/wAqAKmmf8en/AjUt3cC CPJOCai0v/j0/wCBGqHiF2Cqozypxzih7iQhnDsSWyaN4rngsnlhcDkEL8+Nh4+Y+/0/rShZ0dmW QDltuX6bj1P0wPzNAzoob37NeRKx/dzNsPs3Y/j0rbHSvPbi6dJLG1DBnaYYwckqDwfWvQl+4PpQ AtRTzRwRmSWRI415ZnOAPxrPvbfV5LyE2V3DDbNxMHjDMuOcqe+enPTOa5j4mWsFxp2nfab6C3C3 WViut/kTnH3XZfu8dCcd6icnGLaN8NRVarGm3a/zO3hniuIhLDIkkbdGRgQfxFS14zpeujR/CWty aPapZ3CXcMUskE/n2yb8jfGTxwOoyf4as6v4n1vTtI8RWsGqvcnTri3EGoBV3MHwWU4G046Vl9YV rtf1/SPQeT1XNxi1vbX5a6XX2l1ueu0V5Tqeo+IbO+8T2a+ILkrpVul3G5ij3OSoO08cLyeOvvUH iPxjqiafaXFlqckV0um293LDFGiRqX25LFsl87hhVxgc803XSTbWxMMpqTlFRknf16pNX08z12iq 9lM09hbTPjfJErNj1IBqxW55bVnYKKKKBBTW+6adTW+6aAMBPuL9KKVPuL9KK2ILDWKX+lCB+AXJ DDqDntWb/wAItKOl9Lj6Ct/T/wDj0H+8386tVx1KEJyvJG0KkoqyZwmr+BF1JIVuLmWQRsSOnGRW YPhhaf35v0r06lrSEFBcsRSk5O7MHwzosOh2htYYVQDHzYwT9fWt7tRgUVRJUudNtLx4HubeKZ7e QSQs6AmN/wC8PQ0Xmm2mo2/2e+t4bmHIby5UDLkdDg1bopWRSlJWs9iidJsftNxcfZLfzrlQs8nl jMqgYAY9xioI/DejRWE1hHpdmtnMQZYFhUI5ByMjvyB+VatFHKuw/azWnM/v7bfcUH0XTpJZJXsb ZpJYfs7uYgS0f9w+q+1QyeGtGls4bSTSrJ7aAkxRNApWMk5OBjjk1q0UcqGqtRbSf3lMaXZLfR3o tYBdRxeSkwjG5U/ug9h7VCvh/SUhihXTrQRxT/aI0EQwkv8AfA/ve9aVFFl2F7SfdmbJ4f0iVpGk 020ZpJhO5MQO6QZw5/2hk8+9I/h/SXglhbTrQxSz/aHQwjDS/wB8ju3vWnRRyoPaz/mZnS6Hptxq CX89hayXqY23DRAuMdMHrVuZcQSf7p/lU1Rz/wCok/3T/KhKxLk5WTd7FbTf+PQf7xqn4h0yz1Gy 23LbHXmN1+8D7Vc03/jzH+8afcWonfLdulWnaRPQ8ku9J1SzkIWAzxA8MuAfy6VUWDUWYKlhLvOe pA69a9g/s5DjOKP7OjzkgZrsWLkla5l7JXPPNE8ONcXCyawxjhByIlHB+pr0+GNI4lSMAIBxiqn2 BB2GKtQR+VEEHQdK5qtTnd2zSKtoS1WudPtLueCee3ikltyWhd1BMZPUqe1WaKyLTad0ZsmhaZLH dJJp9q63TBrhWiBEpHQtnqRTE8N6PEUKaXZqUkSZcQqNsijCsPcDoa1aKXKuxftalrcz+8zX0DSZ Y7mOTTbR0upPMnVoQRK/95vU+9Nj8OaPEyNHpdmpSUTLthUbZAMBh74AGa1KKOVB7Wpa3M/vKlrp 1pYmY2tvFAZpDLL5aBd7nqxx1NWgMUtFMhtt3YUUUUCCmSf6tvof5U+mSf6tvof5UAVNM/49P+BH +VM1exa9tMR4EycpnofY0/S/+PT/AIEf5VYuM+UQvU8UPcSPOZNRggmaG4kEEinBWTj8j0NVrnX7 O2U4mEr/ANxOa7i50q0vFxPCsn1HSq8PhzTLd90dqgP0oGYvhLS7jUr4azejCD/VJ6V39ZdtD9ln DRcIxw6jp9a1KACq97Y2uo2zW95bxXELdY5UDKfwNWKKGr7jTad0UINF062sXsYLK3jtXyGhWMBG +o71EPDukDTzp402z+xFtxtxCuwnOc4xjNalFTyx7F+1qfzPvuUJdF06eW6llsrd5LtBHcM0YJlU dA3qKhm8OaPcCETaXZSCGLyI90CnZHjG0egxxitWim4p9BKrUW0n95HFBHBFHFEqpHGAqoowAB0A qSiimQFFFFABTW+6adTW+6aAMFPuL9KKE+4v0orYg1dP/wCPQf7zfzNW6qaf/wAeg/3m/mat1i9y lsFBOBRSN900DK0+pWNtdQWtxe28VxcEiGKSVVeUjrtBOT+FLbajY3ss8VreW88kDbJkilDmNvRg DwfrWPr1pe3l1ZQW9oxi+1W88k6sgXbFKHKyA4fH8SbM5fhsLndS0XSr2zMovbBmjgsfsnl70b7S dzMdnzfdIOPn2nPUAc0AdRcXVvaW73FzPHBBGNzyysFVR6kngVB/bOl7rRf7Ss83gzajz1/fj/Y5 +bqOmaxdHstU03w7LFeQG81BXVmInDmYhU+ZWcDLADA3hcsgyQDkY1l4f1WBkElpn7XNbSyS+YmY vLvpbljNzjeyyD/Vhl37gNqYNAHf5FI8iRoXdgqgZLE4AHrXCReFb+GNJFif7UsKvuNyT++87Jbl sZEfyg/wr8owDipfDkdw3i68c286pEtys07s4SZ2nVkIVhjhAF3Dk7MH5VQsAdPYa/o2qzvDp2r2 F5Kg3NHbXKSMo45IUnA5H5irq3ELzvAsqNMihnjDAsoOQCR2B2nH0PpXM3+lXz2WsKtqlwLq/WZY iwO+Pyo1PyllUnKn5WIHGfQVlWPh7W4r7T5rq3DXSQ2kb3aXWViMcsjSjBwSGjYICASc4IUZNAHc x3dtNaJdxTxPbPGJVmVgUZCMhg3TGOc+lSJIkkaujBkYAqwOQQe4Neb6f4T1qOG0truIFF01LdiG Qqqi08poS27cR5hLbQu3o27Py1raLpF7ZavZy/2e0EK2sas7yIfLAhC+Uu1snDAfIQU6sGLYFAHa A5FFIvSloAKjn/1En+6f5VJUc/8AqJP90/yoAraZ/wAeg/3jV2qWmf8AHoP941dpvcQUUUUhkc88 NtC808qRRIpZ3kYKqgdSSegqp/bek7LV/wC1LLZdnbbN9oTEx9E5+b8Kmvi62rNFbi4kXDLCWC7s HPBPGfTOBnHI6jiW0HV/sOw2skkl3DPC7SSRB4zJMHDzbSF6Dny8jPQYoA77IqtDqVjcXk9nDeW8 t1b486BJVZ489Nyg5H41kT2F43itL5UxYgIGXzcbnCyDzNnTgMq+p9MKM5mpadfarqN5/wAS26tk jUQ2s6XEcasjTRvMwKSb1Z9oI4BATOQzEUAdnkVXvdQstNtzcX93BawAhfMnkEa5PQZPFcXdaBe2 FtezWytApjvFJSRjtiLL5KqoyQAA2FUYBJ4yxrT8LxTPoWoFbSa1jnnla1glckpGUUKvzfdAII2j 5VxhSVCkgHQWGp2Gq232jTr22vIM7fNt5VkXPXGVJHcfnTjfWggWc3UHktIIhJ5g2ly2wLnpksQu PXjrXH6ho2sPbaFHa28ZltIbdXlMgzEysvmclvlyoYAqCW5B2jmq0PhvVEYqtr5GL2OaUm5DCcC+ SYMOeNsauMEDGcLkc0Ad7JPFEUEkiIZG2JuYDc3oPU8GpK8403wtq0aWrahameSC8tXf54wHlQSC S5X5jkkyKS7Ydgn3AQAej8I6fd6fb3KXNqYAWG3c4LOQDljtYqc8Hd8rN/EowKAOkooooAKZJ/q2 +h/lT6ZJ/q2+h/lQBU0v/j0/4Ef5VdKhutUtL/49P+BH+VXqHuJDPLX0pPLUc4/WpKRvumgZR/tP SxPcW/8AaFp51qvmTx+cu6FcZy4zlRjuasWt5a31slzaXEVxA+SssLh1b6EcGuV1fStT1PULgx2R iiitZIo90kZSVmlSTMePmDMEO/eAAwXbkbmMj6Zqc+i3Ahha1vrrUPtMReVQ1spYElihIztDLhd2 dwBIBJAB0d3qVjp/lfbb23tvOcRxedKqb2/urk8n2FRnWdLW8uLM6lZi6tk8yeAzrviTAO5lzlRh lOT6j1rB1vTb678KR6Za6efNntDauPNT91uUArIW5MRwQ5Q78AbQTytS70C/e51SOzguoorhZZJT NeeZFcSNIjIY1J+QhQwPyoMkct96gDsLS8tb+2S5s7iK4gflZYXDq30I4qbNcFfeHdT1CK7uRayw zSwX0tvGbgK8U7+T5JOxtu4bGIYE7eOQaz/FelX9nBfW1tazzW0yXUenW0Ej5jleGDZJlfu/OtwO uSZf7rMQAd5qHiHRdJnWDUdY0+zmZd6x3NykbFeeQGIOPlP5H0q7LcwQRrJNMkaMyoGdgAWZgqgZ 7kkAepIrO1SznutR0WaEAx2t600xJAwht5kyPX5nUVx+o+HdeutSvnis4hbSTo5C3RjM5W7hkVi+ S3EauA3BU7lUBQhYA9CE8JuGtxKhmVQ5j3DcFJIBx1xkHn2NAniad4BKhmRVdow3zKrEgEjrglWw e+D6VwL+HdZNhNtt8B0TbbFkdhCLmaQQbSwQ7Y3jTG7bxgMQATFL4Y1CN5Jf7PkuWa1tVlw8LNKy NPlGRmVX2iSI4LBRtBDMUAYA9Hoqrpkc0Ol2kVyEFwkKLKEkaRQwUA4ZvmYZ7tye/NWqACmt9006 mt900AYKfcX6UUJ9xfpRWxBq6f8A8eg/3m/mat1U0/8A49B/vN/M1brF7lLYK47V73XZPF0tlpr3 pjisreVUjW2+zh3kmBMxk/ebcRrxHzgHua7GoFtoluJLgQoJnRUaQAbmVSSoJ6kAsxA7bj6mgZxy +MZbaSCKcRzmTUpLV8K5dFa9e3iztXag+UYLkbtrAZINWLjxbcQ6bZ3Iso2e/uBFbLH5kxVSkj5d EUt0iYfKCOfQGugbRtNkeGR9Ns2khdpImaFSY3Zw7MpxwS4DEjqQD1ps2h6XcW09tNpdlLb3EnnT RPboVkk/vMCMFuByeeKAMy48STxWWlXC2B3alAhijZjlJnMYVGwOg3ksR0CEgGq+neLJrt7NXs4l W7W1ni2yEkRTiUru4+8PKOccc9a6KawhnntJpFJa0cyRAHADFCmcf7rMPxNQf2HpXkXUH9l2Riu3 8y5j+zptnfrucY+Y57nNAFDQ9dutYvGja0iigW1jnZxKWbe7uoXGMYAjJznv0rMsfGV7fvp8Uenw ebqCW88OZyFSGeOd13ccuogbIHByMGuotNOtbBAlpaQW6LGsQEMaoAq52rgAcDJwO2fem2+kafaO WttPtISZjcExwqpMpBUvwPvEEjd1wSKAOSXxhfgNdtaqbe5tbOWzhjV5SPOablgiFydqLkKGHGRx mtnSNbvNVuniFkkCLZRXBMjsH8x2cBSpXgDyySTzyBir3/CPaPtvF/siwxekG6H2ZP35BJBfj5jk k855Jq3DZwW7Zgt4ovkWP92gX5VztXgdBk4HbNAHG6F4wvptH0y4voIZA8Ecc8iNhmmNoLkkLjAX bx25PpT28V39pDeXF5Hax5eHyU/eSDY0TSEgIhcnCnPGAATnAxXTW2h6XZzQTW2l2UEsEXkwvFbo rRx5zsUgcLkk4HHJpkfh3RoYHhi0fT44nlWZo0tUCmRfuuRjlhgYPUUAYEPi681NbdLOzaFvNtnm OC2IpZISuOOcxytuPG0qwBOM12lZ8OkWcEskiW6fOsShCo2xrH/q1UdAFJJHoSfw0KACo5/9RJ/u n+VSVHP/AKiT/dP8qAK2mf8AHoP941dqlpn/AB6D/eNXab3EFcbrV7r7+KJrLSXvSIbKCaNIlt/I EjyTDM5k/ebP3a5EXzYDY5IrsqgW3iW4kuBCgmkRUaQAbmVSSAT1IBZiB23H1NIZyH/CYT2scPnh Jy2ozW74VyyJ9seCP7q7VHAALkbsHqc1Nc+LZ4LSGUWcTPc3ZgtlTzJmAAlJZ0RS/SFsbQevopNd A+jabIYmk02zdoneSMtCpKOzb2YccEt8xI6nnrSTaJplxb3NvNplnLBdSebcRPboVlfj5mBGGbgc nngelAGTc+JbmHS9Ju0087tSgURRu5zHO+zy0fA4X5m3MOQFyFPaK18VTTtDvs4wly1u8OJDkRyy FBu4+8MZwOOetdBNp8M72rOpxav5kSrwA20qOPYMcCov7E0vyruP+y7IpeNvuU+zpidvV+PmP1zQ Bm6Lr9zq2qzWptIooYbdZWfzSW3NNNGAFx0xDknP8WKzrTxje3qWgj0+3Mt7HaXFuGmICxXAlK7u D8y+UcgcHPBFdPZ6ZZ6eoWzs7e2URrEBBEqAIpJVeAOAWYgdsn1NJDpGn20jvBp1pE0kxuHaOFVL SnOXOBy3J+bryaAOUfxhfxmS8a0U20tvA1rFGHkbMkzJlgqlsgBchQfatXR9du9V1B7f7CkCx2Uc 7NIzK295JUC7CoIH7nPOCM4IBrRPh/Rybw/2RYZvcfaj9mT9/wA5+fj5uSTzmrMFjb2r5t7aGHEa Qjy0C/Iudq8DoNzYHQZOOpoA5HQfFl/c6ZpUl9DBIZYbdbiVGwzSyQ+aCoxgDHXpyeOKani/UIkl uLmO1iWaO2e2jJkk+WRZXJARC7HanIxgBWbIAIrqLfQ9LtJoJrbS7KGW3QxwvHborRoSSVUgcAkk 4HqaZH4d0aGKWOLR9PjSWRZpEW1QB5FOVcjHLA8g9qAOdj8Z3mqW1mbGzeGSWW0lc4L7YJZLc/3e cpMwJ4AKPg/Lmu3rOg0axt5XkjtYxuSGNU2jbGkWTGqjoApJYehP0xo0AFMk/wBW30P8qfTJP9W3 0P8AKgCppf8Ax6f8CP8AKr1UdL/49P8AgR/lV6h7iQVx+vXmvNr8tppDXjNFZxSxpELfyPMZ5Bmc yfvPL+Rc+V82A3crXYVALeMXDziJBK6hGkAG4qCSAT1wCzce59aBnI3Hi6XTbdWnEc26+nhYbXLh BctEn3VKr2G5yAT6mrFx4rnht3dbSNme9a1gVDJM+FaVSzxxqW/5YNjaD17bSa3ZNH06cxmbTbOQ xu8iF4VO1nOWYccEnknv3ol0XTZ4LqCbTbOSG7ffcRvAhWZuMM4Iwx4HJz0HpQBkXXiK6g0rS7xN Oy+oxBI4ncgx3DgGNG44T7wZuowMKc8RR+KpmZS9nEI55YhDiQ52PcLAS3H3huzxx2roJtOgnFqr JiO2kEkaL8qggELwOwzwPYVF/YumbLtTplmVvTm6HkJic+r8fN+OaAM3R9futW1m7svscUcFsjM8 nmksT9onhAC4x/ywznPGcc9aoxeLb6aGIxWFuZLoW0lsGmYARzsyjecH5l2EnGQe1dJZaXZaaoWy sra1QIIwIIlQBQWIXgDgF2OPVie5pItI0+CSWSHTrSNpZRPIyQqC8v8AfJA5b360AcpceL76F5Lt rRDaNEv2eNNzszNcrCCwVS2RkHC5yDxzWponiC71i/a3+wpAsVqk0jSMysWaWaMAIVBAPk5+bDAN ggGtI6BpBe7kOk2Be8XbcsbZMzjOcPx8345qzb2FtaMPs1rBABGkI8qMLhFztXgfdG5sDoMnHU0A cpovifUZ7XTft8FtIzpbrcyxsQS82dhUYxgADOcdeKgg8ZX7qbmaK2jjubOzntIcvISJvPY/KiF2 bbGMgAgBGbIGa6qDQ9LtpoJ4NLsopYAwheO3RWjDElgpAyMkknHUk+tMTw7o0cdwkej6eiXDrJMq 2qASOp3KzcckHkE9DzQBzaeNLvU7XTzYWbxPdPZ3BIBfbbyPb5z8vUrMw7AbHOflruazodGsbeV5 I7SMbo4YlQKNiJCSY1VegCliRxwT9MaNABTW+6adTW+6aAMFPuL9KKE+4v0orYg1dP8A+PQf7zfz NW6qaf8A8eg/3m/mat1i9ylsFFFFAxCcUm72/GqmrG7GkXh08Kb3yJPs+7p5m07f1xXnOp/2jcae kOlXWoxxyW1ql1MTJvjuTcRDPJyCFMm4DjAGaAPUd3t9KN4zivMtA1TUY/FL3GuNPap596kiOzmE MEtQNueNpIcr9T710Gl2l4fFVzZyXlw+m6cFurYMWzI0275WfPzqm1sD/bGc4FAF3/hONB/tkaZ9 rPmmTyRLsPkmX/nnv6bvarD+K9HTW00hro/ank8oYjbZ5mM7N+Nu7HbOa4GCS+0rxw8Og2d9bTTX g+1WM8e+FoSSXmR8fKOh65yfQYpNOtNY07xw0Ft9vWeXW5p5k+YW72TqDuP8Jbggc5yAKAPQLTxV o9/q8ml211vukLDBRgrlfvBWIwxHfB4qTWfEemaAkR1CZkMpOxEjZ2IAyThQTgDknoK850bRriLx rY21n9pNnpt7dzuJrVo2iVwBgvkrJkgY29hk9au+KLyLWbbR/ENnFqNtI0Vzbostg0nDKUKsqnKs edp5HIzwDQB2uoeKNM06GzlkeaZb0FrcW0DzNIoAJIVATjBFa0cgkQOAQCMjIwfyryjUdLGmeFNH ivYtaTWbfTJEs2swxjWdjkIxT5g2Qo5wuAa9M0f7YNHsv7Q/4/fs8fn/APXTaN365oAvUUUUAFRz /wCok/3T/KpKjn/1En+6f5UAVtM/49B/vGrtUtM/49B/vGrtN7iCiiikMKTPOKWuP8SvOuszfaHu ksv7NP2M25cE3W45+71bGzaD/tUAddu9qXd7V5I0viePUVe5a7dJ9UsIrhULgQuscLOVwcbGLSA4 4yo962I9Ruk+HOnalZ3E0usaVZxSyQNvYykptaORepzz7gj65AO31PVbTR7CS9v5fKgjIBbBYkkg AADkkkgYqgfF2jDRhqv2lvsxk8lR5beYZM42bMbt2e2KxfFWiCHwQkEtzeTz2k8dz9pEZmcyhsl2 QHJXk8L0HTpXMR6Vcp4am1W7NzHIfEP9p20qWbsOv33hzvCE5OPvAEd6APUdO1O11bT4r6ylEtvJ na2COQSCCDyCCCCKpaf4q0jVNTl0+zuvMuI93BRgr7ThtrEYbB4OCa5rwXcTaBpNra6hbXZm1a/n khKwkBASMM4z8gPJAPr+FYXhnR7qDxTpVvam7aw0Zr3Ky2hheISAgKXJKyEscjb2UE4zQB6LpfiP T9ZvJ7ay+0P5BZWla3dYiVbaQrkbWOfQ1rV5t4Oie38Vpb6ONXTSY7RxeR6irDZNvOAAflzj+5xj 8cek0AFFFFABTJP9W30P8qfTJP8AVt9D/KgCppf/AB6f8CP8qvVR0v8A49P+BH+VXqHuJBRRRQMQ nFJu44GaivPPFnN9m2+f5beXu6bscfrivL9TfU38PxLYz6ktw1hGNSYtJujuTNCBjPRv9bkDjaB2 xQB6ru9uKN4zivMdL1HVIvGSS6zJcQRR3M8Uu4v5JK28KBgOm1mDMPdvXNdBZ2t23i1rI3tw+kwR rqUGWbLPIWXyy+fmRSrMF/2hngAUAXp/HGg2+sf2ZJdkS+YYml2HykkyBsL9A3zD6d8ZGbjeI7Bd dOjAXEl4u3eI7d3SPcMjc4G1cj1Irz27e+0rxzJ/YFnfW99PdSGa1mj8yC4Rmi3Sq2PkBGS3OQVH Tob2oxPF44ifRl1mPVJtTje+EwYW72wTDMCPkIwFAyd1AHYweKtHudabSIrrdeKzJjY2wsoyyh8b SwHbOam1jxBp2gxRSX8rJ5zFY0SNndyBk4VQScDkntXnFro1yPHMFpY/aTb2+sy38qzWrIYwyjcf MyVZTgAAc9citPxHqMWsQaJ4gtE1C0ltZriGMzWDShQy7WDop3cgfKRnnrQB1t54q0qysrK7aWWa G9OLb7NC8rS/LuyFUE9PataCZbiFJVV1V1DAOpU4IzyDyD7GvKJdIXS/BGhw6pDrMWo29pcm1a0V iscshZlVynzBvuj045r0fw79v/4R7T/7Uz9v8hPPz13Y7+/rQBqUUUUAFNb7pp1Nb7poAwU+4v0o oT7i/SitiDV0/wD49R/vN/M1brlbvXrjTZ4rWC2Sbehk5Jzkswx+lKviPUj10+Mf8CNYvcpbHU0V zI8Q6gf+XCP/AL6NL/b+o/8AQPT/AL6NAzpaK5r+39R/6B6f99Gj+39R/wCgen/fRoA6Wiua/t/U f+gen/fRo/4SDUP+fGP/AL6NAHQmJfOMgRd+3buxzj0zUlcz/wAJBqH/AD4J/wB9Gl/t/UP+fBP+ +jQB0tFcz/wkGof8+Mf/AH0aX+39QIz9gT/vo0AdLRXNf2/qP/QPT/vo0f2/qP8A0D0/76NAHS0V zX9v6j/0D0/76NJ/wkGof8+Ef/fRoA6ao5/9RJ/un+Vc2fEeojpp8f8A30ajj8S3k15Fay2ccYmO 0tuPSgDf0z/j0H+8au1ytzrtxpkkFtBbJN5il+Sc5yR/SlXxHqR66fGP+BGm9xLY6miuZHiHUD/y 4R/99Gl/t/Uf+gen/fRpDOlormv7f1H/AKB6f99Gj+39R/6B6f8AfRoA6Wiua/t/Uf8AoHp/30aP +Eg1D/nwj/76NAHS0VzX/CQah/z4R/8AfRo/t/UP+fBP++jQB0tFc1/wkGof8+MfP+0aB4g1Aj/j wT/vo0AdLRXNf2/qP/QPT/vo0f2/qP8A0D0/76NAHS0VzX9v6j/0D0/76NJ/wkGof8+Ef/fRoA6a mSf6tvof5VzR8R6iOlhH/wB9GmR+JryS9htZbONBMwTduPAPGaAN3S/+PT/gRq9XKXGuT6WYIIbd JvMBb5ic5zinL4j1I9dOjH/AjTe4lsdTRXMjxDqB/wCXCP8A76NL/b+o/wDQPT/vo0hnS0VzX9v6 j/0D0/76NH9v6j/0D0/76NAHS0VzX9v6j/0D0/M0f8JBqH/PhH/30aAOhaJTMsuxS6qVDY5AOMjP pwPyHpUlcz/wkGof8+Ef4MaX+39Q/wCfBP8Avo0AdLRXNf8ACQah/wA+Mf8A30aBr+oHpYJ/30aA Olormv7f1H/oHp+Zo/t/Uf8AoHp/30aAOlormv7f1H/oHp/30aT/AISDUP8Anwj/AO+jQB01Nb7p rmT4j1EdLCP/AL6NMTxPete29vLZRoJ5Fj3bjwCQM/rQBaT7i/SilT7i/SitiDG1H/kO2f8A1wP/ AKFJVtKTULQTMjkukkedksYUkA9VIOMjrjkYJNVhBKP+X24P/bun/wAXWbTKRfHSlwPQflVLy5f+ fyf/AMB0/wDi6XZL/wA/c/8A34T/AOLpWY7lzA9B+VGB6D8qp+XL/wA/c/8A34T/AOLo8uX/AJ+5 /wDvwn/xdFmFyt4l+3L4eujpgl+2botnkqS+PMXdjAJ+7u6ds1zMsvigQXAjGoEzQypaHYTh/tC7 CxIyn7vPzSbeOtdf5cv/AD9z/wDfhP8A4ujy5f8An7n/APAdP/i6LMLlPSoNRTX9QS7up5LG3YJb eYuBMsmJCzH+Ip/qxgDA6gnkYnmeKEtdNjuVuGjCQNdT26ne0bMm8MgywkUZB28kZI/ix0/ly/8A P3P/AN+E/wDi6PLl/wCfuf8A78J/8XRZhc5iSPxLLGgtp7xIrm4ubdHlU7oYt4aGUjG4HCspLc4Z eK39Ba+m0v7VqSyR3NzK8xgfrAhb5I8HkYUDI5+YntVjy5f+fuf/AL8J/wDF0eXL/wA/c/8A34T/ AOLoswuXMD0H5UYHoPyqn5cv/P3P/wB+E/8Ai6PLl/5+5/8Avwn/AMXRZhcuYHoPypO1VPLl/wCf uf8A78J/8XSeVL/z+T/+A6f/ABdFmFyy1UJD/wATmw/36kMMp/5fJ/8AwHT/AOLp1rZYulmeSWaR chDIqqqZ74BOTyfTt1xRysVyPUf+QvY/9cj/ADaraik1C0WcxsS6PHny5YwCRnsQcbh+Ixk1WEEo /wCX24P/AG7p/wDF02mBfHSlwPQflVLy5f8An8n/APAdP/i6XZL/AM/c/wD34T/4ulZjuXMD0H5U YHoPyqn5cv8Az9z/APfhP/i6PLl/5+5/+/Cf/F0WYXK3iX7avh28OmCX7aAvleSpL/fXOMDPTNcx PL4oFtd+SNQPm29zHZ4QkiTzk8snI3L8m/DSBeM9sV2Hly/8/c//AH4T/wCLo8uX/n7n/wDAdP8A 4uizC5T06DUV8R363N1O+n27f6NvXAlEh3nJ6NsxtXAGAec1iPJ4oS202OZZ2j2RPczwLiQo0kJd WUZYSIu8ZXkgkgZBx0/ly/8AP3P/AN+E/wDi6PLl/wCfuf8A78J/8XRZhc5iWLxLNEFtLm8jiubm 4tI5JlO6GE4MUzKRuBBVgS3OGHHII39Ae+uNNe71JJIp7mZ5Vt5OtvGThEx2wACRzyT2qx5cv/P3 P/34T/4ujy5f+fuf/wAB0/8Ai6LMLlzA9B+VGB6D8qp7Jf8An7uP+/Cf/F0bJf8An7uP+/Cf/F0W YXLmB6D8qTtVTZL/AM/dx/34T/4uk8uX/n7n/wDAdP8A4uizC5ZaqEv/ACGNO/67D+YqQwyn/l8n /wDAdP8A4unW1li6WZ5ZZ5E+55iqqpx1wCcn06YwOuKOViuM1L/kJWH+438zVpOlGoWaz+WSWRoy THLGAWXPYg43Dj1GKqiCUf8AL7cH/t3T/wCLptMC+OlLgeg/KqXly/8AP5cf+A6f/F0uyX/n7n/7 8J/8XSsx3LmB6D8qMD0H5VT2S/8AP3cf9+E/+Lo2S/8AP3cf9+E/+LoswuV/En21fDl+dMEv24R/ ufJXL5yOgHtmuZuJfE6292YRqJWSG7jtMRsT5m6PyicjcvHmYaQLxntgnrtkv/P3cf8AfhP/AIuj y5f+fuf/AMB0/wDi6LMLlHTYNSHiK8W6urhrC3AaDcuBKZTlgW6MI9oC4AwG5zWPK/ihLe0jdZmj 8sPLPCuJNhmi3Iyj5t6p5mCvJGcDINdNsl/5+5/+/Cf/ABdGyX/n7n/78J/8XRZhc5iWPxHLGwtL i9SGe7ntYnmU74oXVfLmKkbhtdW5b+E9OQRu6A1/PYS3WpLJFNcTu6QSdYI/uquOxwMnryeMDirX ly/8/c//AH4T/wCLo2S/8/c//fhP/i6LMLlzA9B+VGB6D8qp7Jf+fu4/78J/8XRsl/5+7j/vwn/x dFmFy5geg/Kk7VU2S/8AP3cf9+E/+LpPLl/5+5//AAHT/wCLoswuWWqhN/yFtL/6+V/9CWpDDKf+ Xyf/AMB0/wDi6dbWZ+1JM8ss8kf+r3oqKh/vYy2T0x0xgdcUcrFc1U+4v0opRwAKK1JP/9k= ------=_NextPart_000_0060_01C54309.B6F98660-- From eap-admin@frascone.com Sun Apr 17 08:59:11 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA16940 for ; Sun, 17 Apr 2005 08:59:10 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 9CA8820350; Sun, 17 Apr 2005 08:59:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3AEAE2027F; Sun, 17 Apr 2005 08:59:05 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 7DC192027F for ; Sun, 17 Apr 2005 08:58:26 -0400 (EDT) Received: from orsfmr005.jf.intel.com (fmr20.intel.com [134.134.136.19]) by mail.frascone.com (Postfix) with ESMTP id 2F5AF1FFF2 for ; Sun, 17 Apr 2005 08:58:23 -0400 (EDT) Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr005.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j3HCwKCh018205; Sun, 17 Apr 2005 12:58:20 GMT Received: from orsmsxvs040.jf.intel.com (orsmsxvs040.jf.intel.com [192.168.65.206]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j3HCw42J021831; Sun, 17 Apr 2005 12:58:13 GMT Received: from orsmsx332.amr.corp.intel.com ([192.168.65.60]) by orsmsxvs040.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005041705580920399 ; Sun, 17 Apr 2005 05:58:09 -0700 Received: from orsmsx401.amr.corp.intel.com ([192.168.65.207]) by orsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Sun, 17 Apr 2005 05:58:09 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] Re: EAP Key Binding Message-ID: Thread-Topic: [eap] Re: EAP Key Binding Thread-Index: AcVCyoc6L5fQqE8GRDqBVQ2GvGsB8gAd6PgQ From: "Walker, Jesse" To: "Bernard Aboba" , Cc: "Paul Funk" , "Henry Ptasinski" , "Steve Emeott" , "Russ Housley" , "Nancy Winget" , X-OriginalArrivalTime: 17 Apr 2005 12:58:09.0055 (UTC) FILETIME=[1AC46AF0:01C5434D] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 17 Apr 2005 05:58:08 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Hi Bernard, > -----Original Message----- > From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On Behalf Of > Bernard Aboba > Sent: Saturday, April 16, 2005 2:22 PM > To: eap@frascone.com > Subject: [eap] Re: EAP Key Binding >=20 > > I think everyone agrees this issue is solved for the NAS, as mechanisms > > exist to allow the EAP Server to attest to the binding. It could, for > > instance, deliver the EAP Peer's authenticated identity Peer-ID to the > > NAS with the AAA-Key along with the EAP Success message; abstractly: > > > > EAP Server --> NAS: EAP-Success || AAA-Key || Peer-ID > > > > The NAS can then check whether it is talking with the right EAP Peer > > using a protocol that would require the EAP Peer to assert its identity: > > > > NAS --> EAP Peer: Challenge > > > > EAP Peer --> NAS: f(AAA-Key, Challenge || Peer-ID) >=20 > Presumably, the verification would include the entire key context, which > would include key-lifetime, Peer-ID, NAS-ID and restrictions on key usage: >=20 > NAS --> EAP Peer: Challenge, NAS-Id, Peer-ID, Lifetime, Authorizations > EAP Peer --> NAS: f(AAA-Key, Challenge || Peer-ID || NAS-ID, > Lifetime, Authorizations) >=20 > If restrictions are placed on the use of the key (e.g. key lifetime, > Called-Station-Id/Calling-Station-Id restrictions, etc.) then all parties > need to be aware of the restrictions or the key has not been properly > bound to its context. [Walker, Jesse] Yes; of course. We must include all of the relevant parameters. That is not the point I am trying to make, however. The point I am trying to make is we have a channel from the EAP Server to the NAS for delivering whatever parameter we might need, and using it is merely mechanical, it is merely a matter of communal will to insert whatever we can all agree we need. The point is to focus on as aspect of the algorithm that is important for key usage correctness. From a key usage correctness perspective, what the EAP Server must tell (some function of) the authenticated identity of the EAP Peer. The EAP Server must tell the NAS (some function of) the authenticated identity of the EAP Peer, because that is what the EAP Server has verified during authentication. It is the EAP Server that must make the assertion that this identity goes with this key because (a) it is the entity that performed the authentication and (b) it is the only entity involved in the transaction that the NAS could trust to make such an assertion. > Note that in the above, the Peer-ID may not necessarily be the same as > what was provided by the EAP peer in the EAP-Response/Identity (e.g. in > the case where privacy is supported), or even the peer-ID used within the > EAP method (in the case where privacy is asserted and the AAA server does > not provide a User-Name attribute within the Access-Accept). [Walker, Jesse] The Peer-ID that the EAP Server delivers with the key to the NAS has to be (some function of) the identity the EAP Server authenticates, because that is the only identity the EAP Server has validated. The point of language like "some function of the authenticated identity" is we may not want to report the authenticated identity directly in some scenarios, such as when the EAP Peer is a subscriber of an organization that controls the EAP Server and the NAS is controlled by a competitor of the organization. Fine. To honor this requirement, the identity delivered to the NAS is not necessarily the authenticated identity directly, but rather a function of the authenticated identity, something derived from the authenticated identity that can be made public without violating the EAP Peer's privacy. >=20 > > The function f used in this protocol would be selected so that it would > > be computationally infeasible for the EAP Peer to produce the right > > response without knowing the AAA-Key, the Challenge value, and the > > Peer-ID value. And if exposure of the Peer-ID to the NAS is deemed > > onerous, then we can certainly replace it in the above with another > > session specific function of Peer-ID, e.g., > > > > g(TMS, Peer-ID) >=20 > The issue is one of synchronizing the key context between the > parties. Where the EAP peer supports privacy (e.g. it does not place its > userid within the NAI), then the peer-ID is provided to the NAS > in the Access-Accept, either via the User-Name or CUI attribute. However, > the CUI is typically not provided to the peer so that in this case the > peer-ID may not be synchronized between the parties unless the Secure > Association Protocol handles this. [Walker, Jesse] Again, the requirement is the identifier of the peer that is required for key usage correctness is (some function of) the identity that the EAP Peer asserted when it authenticated, because this is the only identity the EAP Server knows for the EAP Peer and is the only one it has authenticated during this session. You may respond that some sort of multi-factor authentication may be used, and that several identities will be asserted during authentication. Fine. Let's define some standard way to concatenate them and compute a function of them. And that is the right thing to do, too, because all of the identities collectively are what the Server verified by EAP authentication. =20 A further requirement on what identifier gets returned to the NAS is it must be something the EAP Peer can reassert to the NAS during any subsequent handshakes that put the key in place. It is the job of things like 802.11r to structure their protocols so that the Peer will reassert its identity to the NAS, so the NAS knows the key is being used in the context asserted to by the EAP Server. -- snip -- > > The issue we have never been able to resolve successfully has been how > > to provide the same attestation by the EAP Server of the correct NAS to > > the EAP Peer, i.e., how does the EAP Server assert to the EAP Peer the > > correct NAS to which the session key AAA-Key is bound? There is no > > obvious channel within EAP itself for delivering this assertion. >=20 > While EAP itself cannot deliver this information, the AAA protocol and > Secure Association Protocol can together deliver it. For example, in > addition to the authorizations and AAA-Key the AAA server can provide one > or more Peer-tokens to the NAS. This token could be transmitted to the > peer via the Secure Association Protocol, and could be encrypted and > authenticated using keys known only to the EAP server and peer, so that > it cannot be decrypted by the NAS or proxies. >=20 > This could provide an additional vehicle for synchronization of key state > and/or verification of channel bindings without requiring changes to EAP > methods. [Walker, Jesse] The motivation for my original posting was the realization that we do not need a single new protocol message between the Peer and the Server to provide the Peer with the Server's assertion of the proper NAS. We can obtain this assertion through the session key construction. We can obtain the assertion by requiring the EAP Server to derive the session key used from an identity the NAS will advertise to the Peer. We might need new protocol messages for some other function, but not for asserting the NAS identity to the Peer. This realization is an important step forward in the conversation, and I don't remember it being made before. The identity of the NAS the Server (and the Peer) would be required to use has to be the one the Server uses to name the NAS. This is the NAS ID. This says that if 802.11r or some other link discipline wants its key usage to be properly bound, it will have to arrange for its NASes to advertise their NAS IDs to their EAP Peers, so that the Peers can verify the Server's assertion of the NAS indirectly through key derivation. -- snip -- > > Of course life is never that simple, because the key hierarchy above is > > already in place, and doesn't include the derivation AAA-Key > > kdf(MSK, NAS-ID). Therefore, we would have to do something else, in > > order to avoid breaking already deployed equipment. >=20 > Which "equipment" are you talking about? Presumably the NAS and peer need > to change in order to support 802.11r anyway. So presumably we are > talking about changes to the AAA-Server, correct? Since this is > a new application, there is no backward compatibility issue - have the NAS > send an attribute requesting a different AAA-Key derivation, and if the > AAA-Server supports it, it will respond with the attribute in an > Access-Challenge, otherwise not. You can therefore know before starting > the handshake whether the new scheme is supported by the AAA server. If > not, you can use a backward compatible handshake instead (e.g. WPA2). [Walker, Jesse] We are already using keys constructed in a different way in 802.11i, in L2TP tunnels, PPP, etc. The keys constructed for this usage do not include the NAS ID in their derivation. We will always have keys constructed in the old way, because old instantiations of old protocols never go away in the real world. >=20 > > A candidate might be > > the EMSK, which is currently unused. We could define something like > > > > Bound-AAA-Key =3D kdf(EMSK, "bound EAP session key || SID || NAS-ID) > > > > where SID is the EAP session identifier, and deliver the Bound-AAA-Key > > to the NAS along with the AAA-Key. We could deliver this with a session > > specific EAP Peer identity > > > > Peer-Session-ID :=3D hash(SID || Peer-ID) > > > > And we could fix kdf and hash for all EAP methods, e.g., take hash to be > > the first 96 bits of SHA-256, and kdf as TLS-PRF. The Bound-AAA-Key id > > would then be NAS-ID || Peer-Session-ID. We don't, of course, have to > > use the EMSK for this function, but I have used it for concreteness. > > > > =3D20 > > > > This mechanism requires that a NAS find some way to advertise its NAS-ID > > to EAP peers, and it requires a few new attributes exchanged between the > > NAS and EAP Server. It leaves the existing key hierarchies intact, but > > provides a bound key for new applications that desire a bound key. It > > seems to put to rest the security issues with the existing key > > hierarchy, by giving the EAP Server some way to attest to the EAP Peer > > the NAS which should possess the key. > > > > What do people thing? Would this be a productive addition to the EAP > > keying draft? >=20 > The original keying draft has now been split into two parts. The first > part (the EAP Key Management Framework) is now only focussed on > documenting and analyzing existing uses (e.g. IEEE 802.11i). The second > part (EAP Key Management extensions) will document additional uses. >=20 > While solutions to the key binding problem are appropriate for inclusion > in the extensions document, the goal there is to describe and analyze > complete proposals, including the EAP Key management and AAA extensions > that are required. >=20 > A key step toward that goal is for groups such as 802.11r to provide a set > of requirements. Key binding seems like one of those requirements, but > there are presumably others, such as extensions to provide faster handoff. [Walker, Jesse] If you recall, I prepared a requirements document 11-04-1498 that we discussed at the November 2004 IEEE 802 meeting in San Antonio. At the time you indicated you did not think it was necessary for IEEE to forward such a document to IETF. For the record, now are you asking 802.11 to update and adopt this or some similar document as requirements and then forward the result to IETF? -- Jesse _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From meqfxifxmcfsue@alltel.net Sun Apr 17 10:30:53 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA26008; Sun, 17 Apr 2005 10:30:53 -0400 (EDT) Received: from [220.88.208.5] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DNAv5-00040j-6s; Sun, 17 Apr 2005 10:38:45 -0400 X-Message-Info: BeSW460zGTbxBUNNSCcaEojPMk4 Received: from conflict-dns.snet.net (97.240.212.141) by j77-gp388.snet.net with Microsoft SMTPSVC(5.0.2195.6824); Sun, 17 Apr 2005 14:23:35 -0100 Date: Sun, 17 Apr 2005 16:18:35 +0100 (CST) Message-Id: <17417122.f01GHPcsH578@blackwell0.backspace80snet.net> To: ldap-dir@ietf.org Subject: The new Carttier repliccas gen has come antique From: Dana Thomason MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--WCGSDNMXU68441NCRGHYPPE" X-Spam-Score: 5.6 (+++++) X-Spam-Flag: YES X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464 ----WCGSDNMXU68441NCRGHYPPE Content-Type: text/plain; Content-Transfer-Encoding: 7Bit our site presents: what you've allways wanted - watchees, elegent repliccas, of the bast brand s in the world! Impress you're lady with carttier, roleex, braitling and more... You naame it - We got it! mmmmm show me more :-) http://crematory.ifuh.com/r/erika/cabot.htm the natural muskellunge is more common in our area although there is also a good population of tigers in our waters too. macromedia powerapplets allow non-technical graphic artists and web designers to easily enhance their sites with customizable dynamic multimedia. i love daddy yankee he is sooo fine reggaeton music is the best music ever i hope daddy yankee comes here to laredo. all the dogs are treated with dhlpp bordetella and wormed upon arrival at the shelter take a look at the website and then e-mail. hi jennie sorry you won t be there but hoist a cone wherever you are in honor of cruisin days gone by. blue great danes blue great dane puppies i am the proud owner of two beautiful blue great danes their names are will amp grace. yes our free hosting is really free it has all the basic tools amp features needed to get started it s really easy to use we are one of the largest most reliable shared web hosters. we are interested in getting into deer farming we curently raise beef but markets are to up and down. a prototype of the genome map applet we are developing to present biologists with a flexible interface to genomic databases check back often-we are constantly updating! hey melanie! i checked out all your babies! they are soooooo adorable!!! i love the pomchis first time i ve seen any!!! so cute!!!! its a very refreshing look !!! can t stand it any longer!! i think i m addicted to this web site!! god help!!!! aaaarrrrghhh!!!! a configurable led sign a great example of a really powerful applet it has an entire scripting language to control the led display. romakome bo-jay ze is niet alleen mooi maar zoooooo lief mooie website lekker muziekie. clark etc but thanks for all the time and effort you do put into this page i am glad that our school has the teachers students and the equipment to keep up with the times! take care. all we ask is that you forward it intact with all the subscription. brooke is our little nature nut nbsp she just loves being in the outdoors along side her g pa trapping or sorting minnows or along side her mom and dad running bear hounds nbsp. message to pauline spencer matthew! talk about being sensitive and quick to respond in a negative manner back off girl! take a deep breath a glass of wine or something calm down already! hi i do not know if i got the right place but if i do everyone hi and tell michael i said hi. ----WCGSDNMXU68441NCRGHYPPE-- From eap-admin@frascone.com Sun Apr 17 11:20:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29654 for ; Sun, 17 Apr 2005 11:20:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C008C20350; Sun, 17 Apr 2005 11:20:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 4F72520239; Sun, 17 Apr 2005 11:20:05 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 15A1B1FE1E for ; Sun, 17 Apr 2005 11:19:44 -0400 (EDT) Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171]) by mail.frascone.com (Postfix) with ESMTP id 438D11FE14 for ; Sun, 17 Apr 2005 11:19:42 -0400 (EDT) Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.44) id 1DNBYf-0006Pm-Bd; Sun, 17 Apr 2005 11:19:37 -0400 Received: from localhost (aboba@localhost) by internaut.com (8.10.2/8.10.2) with ESMTP id j3HFJY418968; Sun, 17 Apr 2005 08:19:34 -0700 From: Bernard Aboba To: "Walker, Jesse" Cc: eap@frascone.com, Paul Funk , Henry Ptasinski , Steve Emeott , Russ Housley , Nancy Winget , dstanley@agere.com Subject: RE: [eap] Re: EAP Key Binding In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mail-Handler: MailHop Outbound by DynDNS.org X-Originating-IP: 67.182.139.247 X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information) X-MHO-User: aboba X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 17 Apr 2005 08:19:34 -0700 (PDT) X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) > To honor this requirement, the identity > delivered to the NAS is not necessarily the authenticated identity > directly, but rather a function of the authenticated identity, something > derived from the authenticated identity that can be made public without > violating the EAP Peer's privacy. The key management framework defines the Peer and Server identities utilized by existing methods. We can mention that this information needs to be passed up along with the Key Name and exported keys. On the peer side this information can be passed down to the lower layer to do the required computation. On the AAA server side, the required computation can be sent to the NAS in an attribute. The question in my mind is whether this is an existing attribute (e.g. User-Name), a proposed attribute (CUI), or something new altogether. If the function of the peerID includes the Challenge it could qualify for inclusion in the CUI attribute which is supposed to not allow tracking. I don't think User-Name will work since some AAA servers might just send the peer-ID with no hiding. However, I'm not sure if the content of CUI can be constrained this way. > You may respond that some sort of multi-factor authentication may be > used, and that several identities will be asserted during > authentication. Fine. Let's define some standard way to concatenate them > and compute a function of them. And that is the right thing to do, too, > because all of the identities collectively are what the Server verified > by EAP authentication. I think that it is sufficient to require the EAP method to define and pass up the peer-ID. Whatever the method passes up is what is included in the computation. > A further requirement on what identifier gets returned to the NAS is it > must be something the EAP Peer can reassert to the NAS during any > subsequent handshakes that put the key in place. It is the job of things > like 802.11r to structure their protocols so that the Peer will reassert > its identity to the NAS, so the NAS knows the key is being used in the > context asserted to by the EAP Server. Right. > This realization is > an important step forward in the conversation, and I don't remember it > being made before. Actually, it was discussed in the EAP WG 18 months ago as part of the channel binding issue. However at the time there was no request from IEEE 802.11 for that functionality. > The identity of the NAS the Server (and the Peer) would be required to > use has to be the one the Server uses to name the NAS. This is the NAS > ID. This says that if 802.11r or some other link discipline wants its > key usage to be properly bound, it will have to arrange for its NASes to > advertise their NAS IDs to their EAP Peers, so that the Peers can verify > the Server's assertion of the NAS indirectly through key derivation. This is also required so that the peer can understand the scope of the key that it has derived. Including it in the AAA-Key calculation would ensure that the key was not used outside its scope (e.g. the NAS to which the AAA server sent the key). > [Walker, Jesse] If you recall, I prepared a requirements document > 11-04-1498 that we discussed at the November 2004 IEEE 802 meeting in > San Antonio. At the time you indicated you did not think it was > necessary for IEEE to forward such a document to IETF. My understanding was that IEEE 802.11 did not vote to approve the requirements document, so that it had no official status. > For the record, > now are you asking 802.11 to update and adopt this or some similar > document as requirements and then forward the result to IETF? Yes, if there is consensus on such a set of requirements that would be helpful. Note that I'm not just talking about requirements for the 802.11 handshake; I'm talking about 802.11 requirements for the system (which would include any functionality required from EAP or AAA). _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Sun Apr 17 14:11:09 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10678 for ; Sun, 17 Apr 2005 14:11:09 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id F1B5A2027E; Sun, 17 Apr 2005 14:11:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id C854A201F1; Sun, 17 Apr 2005 14:11:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id B6E1020252 for ; Sun, 17 Apr 2005 14:10:09 -0400 (EDT) Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by mail.frascone.com (Postfix) with ESMTP id D5E261FE1E for ; Sun, 17 Apr 2005 14:10:07 -0400 (EDT) Received: from sj-core-4.cisco.com (171.68.223.138) by sj-iport-5.cisco.com with ESMTP; 17 Apr 2005 11:10:07 -0700 Received: from gwzw2k01 (sjc-vpn5-809.cisco.com [10.21.91.41]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id j3HI9spR022495; Sun, 17 Apr 2005 11:09:55 -0700 (PDT) Message-Id: <200504171809.j3HI9spR022495@sj-core-4.cisco.com> Reply-To: From: "Glen Zorn (gwz)" To: "'Tschofenig Hannes'" , "'Sam Hartman'" , "'Martin Soukup'" Cc: , , MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300 Thread-Index: AcVDQB38XlEUMWIdSW+oZx+4HW0FIAAM+0kg In-Reply-To: X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] RE: [Isms] RADIUS is not a trusted third party Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 17 Apr 2005 11:09:54 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Tschofenig Hannes <> supposedly scribbled: > hi sam, >=20 > you have intentionally chosen a provocative title for your mail. >=20 > you write: >=20 > " >> Remember that RADIUS is a callout service; it is not a trusted third >> party. In other words, in a particular SNMP authentication, only one >> of the parties will know that RADIUS is being used. " >=20 > what is a "callout service"? > what is radius for you? (you write that it is not a trusted third > party.)=20 It's not. From the point of view of authentication protocols (PAP, CHAP, EAP, etc.), both RADIUS and Diameter are just "wires": the operation of the auth protocols should be exactly the same as if they terminated in the AAA client, instead of elsewhere. Basically, the purpose of AAA (again, from the POV of an authentication protocol) is simply scaling. BTW, a lot of misery has been caused by the erroneous belief that EAP is (or can be) a three-party authentication protocol: it isn't, and can't be. It could _carry_ a three-party protocol (like Kerberos), but EAP in itself is a two-party protocol. > why do you care that only one party knows that radius is > used? it could also be diameter. =20 >=20 > i would like to better understand why some people dislike the aaa > architecture (radius, diameter).=20 I think that the misunderstanding mentioned above might have something to do with it... >=20 > ciao > hannes >=20 >=20 >> -----Urspr=FCngliche Nachricht----- >> Von: isms-bounces@lists.ietf.org >> [mailto:isms-bounces@lists.ietf.org] Im Auftrag von Sam Hartman >> Gesendet: Freitag, 15. April 2005 19:34 >> An: Martin Soukup >> Cc: isms@ietf.org >> Betreff: [Isms] RADIUS is not a trusted third party >>=20 >>=20 >>>>>>> "Martin" =3D=3D Martin Soukup writes: >>=20 >> Martin> RADIUS "Access-Accept" indicates a successful >> Martin> authenthentication response for a user. >>=20 >> Martin> The Access-Accept already returns a "Session-Timeout", >> Martin> defined as "Sets the maximum number of seconds of service >> Martin> to be provided to the user before the session >> Martin> terminates. This attribute value becomes the per-user >> Martin> "absolute timeout."". >>=20 >> This only tells the SNMP engine talking to the RADIUS server the >> timeout. You need to tell the other side of the exchange the >> timeout too.=20 >>=20 >> Remember that RADIUS is a callout service; it is not a trusted third >> party. In other words, in a particular SNMP authentication, only one >> of the parties will know that RADIUS is being used. >>=20 >>=20 >> _______________________________________________ >> Isms mailing list >> Isms@lists.ietf.org >> https://www1.ietf.org/mailman/listinfo/isms >>=20 >=20 > _______________________________________________ > Isms mailing list > Isms@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/isms Hope this helps, ~gwz Why is it that most of the world's problems can't be solved by simply listening to John Coltrane? -- Henry Gabriel _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From Etta@sina.com Sun Apr 17 16:02:21 2005 Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA17703 for ; Sun, 17 Apr 2005 16:02:17 -0400 (EDT) Message-Id: <200504172002.QAA17703@ietf.org> Received: from 61-230-108-153.dynamic.hinet.net ([61.230.108.153] helo=sina.com) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1DNG8t-0005jt-NU for eap-archive@ietf.org; Sun, 17 Apr 2005 16:13:21 -0400 From: "Viljem Mcneill" To: "Ron Rossi" Subject: Re: VALlUM CIALlS Wiagra Date: Sun, 17 Apr 2005 16:02:09 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0008_01C5433D.4262C0C1" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Score: 6.1 (++++++) X-Spam-Flag: YES X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8 This is a multi-part message in MIME format. ------=_NextPart_000_0008_01C5433D.4262C0C1 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, and your future assured, this is your chance. And you are not to little gesture of helplessness. in exasperation. This pirate was too infernally skillful a fence And what should you do, puppy, if your hands were unbound? He buccaneers to seek new hunting-grounds in the South Sea. Julian, the representative of the Secretary of State, say whether ravages all over again. was held to his quivering lips. He drank greedily, noisily, nor What a plague do it matter if it is an English settlement? It's So weary me no more with your coward counsels. I make no terms beheld there, beside the main hatch, the four treasure-chests, th Blood were both guilty of treason, the first for having harboured upon that instant. Far from that, however, the Spaniard freely Have a nice day. ------=_NextPart_000_0008_01C5433D.4262C0C1 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hello,
 
VA U AG  C LIS
LI M VI RA IA
And Many other.
 
Visit = PharmacyByMAlL SSTORE and save OVER = 7 0 %
 
Have a nice = day.
----- Original Message -----
Try us and you will NOT BE DlSAPPOlNTED!
------=_NextPart_000_0008_01C5433D.4262C0C1-- From eap-admin@frascone.com Sun Apr 17 16:42:07 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA20333 for ; Sun, 17 Apr 2005 16:42:07 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id F296820319; Sun, 17 Apr 2005 16:42:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 5FFDA2027D; Sun, 17 Apr 2005 16:42:05 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 51EC02027D for ; Sun, 17 Apr 2005 16:41:07 -0400 (EDT) Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by mail.frascone.com (Postfix) with ESMTP id 5890D201F1 for ; Sun, 17 Apr 2005 16:41:04 -0400 (EDT) Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130]) by p130.piuha.net (Postfix) with ESMTP id E540289843; Sun, 17 Apr 2005 23:41:02 +0300 (EEST) Message-ID: <4262C9E3.1000107@piuha.net> From: Jari Arkko User-Agent: Mozilla Thunderbird 1.0 (X11/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Charles Clancy Cc: eap@frascone.com Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Subject: [eap] eap pax expert review Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Sun, 17 Apr 2005 23:41:07 +0300 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: 7bit This an expert review of EAP PAX, draft-clancy-eap-pax-02.txt, based on RFC 3748 requirements and the review template at http://www.drizzle.com/%7Eaboba/EAP/template.txt Note that an expert review is a not an analysis to find out if the method is suitable for any specific purpose; we just make sure that the method does not break EAP and that its sufficiently well documented. Also, I didn't review compliance to IEEE method requirements. (Any takers?) Overall, the verdict is "pass", although a couple of editorial clarifications might be useful. Inline: > 1. Does the method document its security properties > in sufficient manner, as required by Section 7.2 > of RFC 3748? > > 1a. Mechanism. Is the mechanism explained? Yes. See Sections 2 and 3. > 1b. Security claims. Are the claimed and not claimed > properties listed? Yes. See Section 4.3. Note: The claim for "cryptographic binding" (RFC 3748, Section 7.2.1) is not documented for PAX, as this claim is relevant for tunnel methods only. But for completeness sake it would be desirable to mention why its not being listed. > 1c. Justifications for the claims? Is an explanation or > reference provided to each of the claims? Yes. > 1d. Key strength. Is the key strength documented? Yes. > 1e. Description of key hierarchy. Is the key hierarchy > documented? Yes. See Section 2.3 and 2.1. > [Optional, at least for now: does it conform to EAP > keying framework?] Yes. Note: the keying framework is still being worked on. > 1f. Indication of vulnerabilities. Are the known vulnerabilities > documented? Yes. See Sections 2.2 and 4. > [Note: it seems unreasonable to require the documentation > of unknown vulnerabilities :-) The "known" may of course be > "known to reviewer" or "known to author" or "known to the > community", but that appears to be best we can do.] > > 2. Compliance with EAP packet formats > > 2a. Does the method comply with the packet formats > defined in Section 4 of RFC 3748? Yes. > 3. Compliance with EAP behaviour > > 3a. Does the method comply with Success/Failure usage > as defined in Sections 2, 2.2, and 4.2? Yes. (Editorial note: the document talks explicitly about the conditions upon which an EAP Failure needs to be sent. However, while it can be understood and implied, it doesn't actually say that an EAP Success should be sent otherwise.) > 3b. Does the method comply with sequence usage as defined > in Section 2.1 of RFC 3748? Yes. No sequences are used. > 3c. Does the method comply with request/response processing > rules as defined in Section 4.1 of RFC 3748? Yes. > 3d. Does the method comply with retransmission rules > as defined in Section 4.3 of RFC 3748? Yes. > 3e. Does the method comply with the usage defined for > Identity, as defined in Section 5.1 of RFC 3748? Yes. > 3f. Does the method comply with the usage defined for > Notification, as defined in Section 5.2 of RFC 3748? Yes. No Notifications are used. > 3g. Does the method comply with the usage defined for > Nak and Expanded-Nak as defined in Section 5.3 of RFC 3748? Yes. > 3h. Does the method comply with the MIC usage requirements > from Sections 3.1, 7.5, and 7.8 of RFC 3748? Yes. See Section 2.4, for instance. Note: Regarding RFC 3748 Section 7.8 (optional) behaviour for detecting bidding down attacks using Naks, EAP PAX does not do this. Might be useful to note this. > 4. Compliance with IANA requirements > > 4a. Does the method comply with EAP-based IANA requirements > defined in Section 6 of RFC 3748? That is, if it requests > the allocation of new numbers in the EAP namespace [not > applicable if the numbers have already been allocated], > is the type of the document and process appropriate for the > desired action? Yes. > 4b. Does the method comply with other IANA requirements in > the IETF standards track RFCs? For instance, does the > method attempt to allocate TLS extensions (which would > only be possible for standards track RFCs)? Yes, the document complies with the IANA requirements, as there are no other number spaces used than those in EAP. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Apr 18 10:07:13 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA21629 for ; Mon, 18 Apr 2005 10:07:12 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id E7CC42041F; Mon, 18 Apr 2005 10:07:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 31C1320384; Mon, 18 Apr 2005 10:07:05 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id F3CDF20384 for ; Mon, 18 Apr 2005 10:06:10 -0400 (EDT) Received: from orsfmr005.jf.intel.com (fmr20.intel.com [134.134.136.19]) by mail.frascone.com (Postfix) with ESMTP id 6E54B20373 for ; Mon, 18 Apr 2005 10:06:07 -0400 (EDT) Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17]) by orsfmr005.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j3IE625K029818; Mon, 18 Apr 2005 14:06:02 GMT Received: from orsmsxvs041.jf.intel.com (orsmsxvs041.jf.intel.com [192.168.65.54]) by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j3IE5omC000881; Mon, 18 Apr 2005 14:05:58 GMT Received: from orsmsx331.amr.corp.intel.com ([192.168.65.56]) by orsmsxvs041.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005041807055828300 ; Mon, 18 Apr 2005 07:05:58 -0700 Received: from orsmsx401.amr.corp.intel.com ([192.168.65.207]) by orsmsx331.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 18 Apr 2005 07:05:58 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [eap] Re: EAP Key Binding Message-ID: Thread-Topic: [eap] Re: EAP Key Binding Thread-Index: AcVDYOLeivHO2labTv6Ym8uqr+rxVwAvlaTQ From: "Walker, Jesse" To: "Bernard Aboba" Cc: , "Paul Funk" , "Henry Ptasinski" , "Steve Emeott" , "Russ Housley" , "Nancy Winget" , X-OriginalArrivalTime: 18 Apr 2005 14:05:58.0237 (UTC) FILETIME=[BE9A10D0:01C5441F] X-Scanned-By: MIMEDefang 2.44 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 18 Apr 2005 07:05:57 -0700 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Content-Transfer-Encoding: quoted-printable Hi Bernard, > -----Original Message----- > From: Bernard Aboba [mailto:aboba@internaut.com] > Sent: Sunday, April 17, 2005 8:20 AM > To: Walker, Jesse > Cc: eap@frascone.com; Paul Funk; Henry Ptasinski; Steve Emeott; Russ > Housley; Nancy Winget; dstanley@agere.com > Subject: RE: [eap] Re: EAP Key Binding >=20 > > To honor this requirement, the identity > > delivered to the NAS is not necessarily the authenticated identity > > directly, but rather a function of the authenticated identity, something > > derived from the authenticated identity that can be made public without > > violating the EAP Peer's privacy. >=20 > The key management framework defines the Peer and Server identities > utilized by existing methods. We can mention that this information needs > to be passed up along with the Key Name and exported keys. On the peer > side this information can be passed down to the lower layer to > do the required computation. On the AAA server side, the required > computation can be sent to the NAS in an attribute. >=20 > The question in my mind is whether this is an existing attribute (e.g. > User-Name), a proposed attribute (CUI), or something new altogether. > If the function of the peerID includes the Challenge it could qualify > for inclusion in the CUI attribute which is supposed to not allow > tracking. I don't think User-Name will work since some AAA servers > might just send the peer-ID with no hiding. However, I'm not sure if > the content of CUI can be constrained this way. >=20 > > You may respond that some sort of multi-factor authentication may be > > used, and that several identities will be asserted during > > authentication. Fine. Let's define some standard way to concatenate them > > and compute a function of them. And that is the right thing to do, too, > > because all of the identities collectively are what the Server verified > > by EAP authentication. >=20 > I think that it is sufficient to require the EAP method to define and pass > up the peer-ID. Whatever the method passes up is what is included in the > computation. [Walker, Jesse] This is fine. >=20 > > This realization is > > an important step forward in the conversation, and I don't remember it > > being made before. >=20 > Actually, it was discussed in the EAP WG 18 months ago as part of the > channel binding issue. However at the time there was no request from IEEE > 802.11 for that functionality. [Walker, Jesse] Thanks for this information. I think we don't care how the binding happens, as long as it happens. > > [Walker, Jesse] If you recall, I prepared a requirements document > > 11-04-1498 that we discussed at the November 2004 IEEE 802 meeting in > > San Antonio. At the time you indicated you did not think it was > > necessary for IEEE to forward such a document to IETF. >=20 > My understanding was that IEEE 802.11 did not vote to approve the > requirements document, so that it had no official status. [Walker, Jesse] Right. How I recollect the discussion was that you did not think we needed to create an official response, so I did not ask for a vote. > > For the record, > > now are you asking 802.11 to update and adopt this or some similar > > document as requirements and then forward the result to IETF? >=20 > Yes, if there is consensus on such a set of requirements that would be > helpful. Note that I'm not just talking about requirements for the 802.11 > handshake; I'm talking about 802.11 requirements for the system (which > would include any functionality required from EAP or AAA). [Walker, Jesse] Thank you. With this direction I will work with my colleagues in 802.11 to reach a consensus on requirements and have it forwarded to IETF. _______________________________________________ eap mailing list eap@frascone.com http://mail.frascone.com/mailman/listinfo/eap From eap-admin@frascone.com Mon Apr 18 11:03:09 2005 Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA26875 for ; Mon, 18 Apr 2005 11:03:08 -0400 (EDT) Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 67AF720420; Mon, 18 Apr 2005 11:03:07 -0400 (EDT) Received: from xavier (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id E39C32038F; Mon, 18 Apr 2005 11:03:04 -0400 (EDT) X-Original-To: eap@frascone.com Delivered-To: eap@frascone.com Received: from localhost (xavier [127.0.0.1]) by mail.frascone.com (Postfix) with ESMTP id 3C95E2038F for ; Mon, 18 Apr 2005 11:02:27 -0400 (EDT) Received: from alageremail1.agere.com (alageremail1.agere.com [192.19.193.106]) by mail.frascone.com (Postfix) with ESMTP id 7FEE120384 for ; Mon, 18 Apr 2005 11:02:24 -0400 (EDT) Received: from alerelay.agere.com (alerelay.agere.com [135.14.190.33]) by alageremail1.agere.com (8.13.4/8.10.2) with ESMTP id j3IF1MpC017341; Mon, 18 Apr 2005 11:01:22 -0400 (EDT) Received: from palex2kf01.ags.agere.com (palex2kf01.agere.com [128.94.210.80]) by alerelay.agere.com (8.11.6+Sun/8.11.6) with ESMTP id j3IF1LE00656; Mon, 18 Apr 2005 11:01:21 -0400 (EDT) Received: from PAUEX2KF01.ags.agere.com ([135.14.186.42]) by palex2kf01.ags.agere.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 18 Apr 2005 11:01:21 -0400 Received: from agere.com ([135.149.86.132]) by PAUEX2KF01.ags.agere.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 18 Apr 2005 11:01:21 -0400 Message-ID: <4263CBBE.5080509@agere.com> From: Dorothy Stanley User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Walker, Jesse" Cc: Bernard Aboba , eap@frascone.com, Paul Funk , Henry Ptasinski , Steve Emeott , Russ Housley , Nancy Winget Subject: Re: [eap] Re: EAP Key Binding References: Content-Type: multipart/alternative; boundary="------------030109080408080606070800" X-OriginalArrivalTime: 18 Apr 2005 15:01:21.0269 (UTC) FILETIME=[7B488250:01C54427] X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) Sender: eap-admin@frascone.com Errors-To: eap-admin@frascone.com X-BeenThere: eap@frascone.com X-Mailman-Version: 2.0.13 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Discussion list for EAP List-Unsubscribe: , List-Archive: Date: Mon, 18 Apr 2005 10:01:18 -0500 X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com) --------------030109080408080606070800 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit In November, TGr was not ready to approve 04/1498. I think tgr as a whole had not spent enough time with the doc, and wasn't comfortable with the content. A draft 04/1498 was enough for the EAP WG to start with, as a rather large "comment" on the Keying Framework document. I agree it's time to discuss 04/1498 in TGr again. A (final) 04/1498-compliant TGr solution will also address an outstanding liaison action item, the "authenticator identity issue", that was raised in CAPWAP discussions: The centralized model encourages AC implementations to use one PMK for many different WTPs. This practice facilitates speedy transition by a station from one WTP to another WTP that is connected to the same AC without establishing a separate PMK. However, this leaves the station in a difficult position. The station cannot distinguish between a compromised PMK and one that is intentionally being shared. This issue must be resolved, but the resolution is beyond the scope of the CAPWAP working group. Dorothy Walker, Jesse wrote: [Walker, Jesse] If you recall, I prepared a requirements document >>>11-04-1498 that we discussed at the November 2004 IEEE 802 meeting >>> >>> >in > > >>>San Antonio. At the time you indicated you did not think it was >>>necessary for IEEE to forward such a document to IETF. >>> >>> >>My understanding was that IEEE 802.11 did not vote to approve the >>requirements document, so that it had no official status. >> >> >[Walker, Jesse] Right. How I recollect the discussion was that you did >not think we needed to create an official response, so I did not ask for >a vote. > > -- ---------------- Dorothy Stanley Agere Systems 2000 North Naperville Rd. Naperville, IL 60566 630-979-1572 (Phone, Fax) 630-222-6753 (Cell) --------------030109080408080606070800 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit In November, TGr was not ready to approve 04/1498.  I think tgr as a whole
had not spent enough time with  the doc,  and wasn't comfortable with the
content. A draft 04/1498 was enough for the EAP WG to start with, as a rather large "comment" on the
Keying Framework document. I agree it's time to discuss 04/1498 in TGr again.

A (final) 04/1498-compliant TGr solution will also address an outstanding liaison action item,  the
"authenticator identity issue", that was raised in CAPWAP discussions:

The centralized model encourages AC implementations to use one PMK for many different WTPs. 
This practice facilitates speedy transition by a station from one WTP to another
WTP that is connected to the same AC without establishing a separate PMK. 
However, this leaves the station in a difficult position.  The station cannot
distinguish between a compromised PMK and one that is intentionally being shared.
This issue must be resolved, but the resolution is beyond the scope of the CAPWAP working group.

Dorothy

Walker, Jesse wrote:
[Walker, Jesse] If you recall, I prepared a requirements document

  

    

      
11-04-1498 that we discussed at the November 2004 IEEE 802 meeting
      

    

  

  
in
  

  

    

      
San Antonio. At the time you indicated you did not think it was
necessary for IEEE to forward such a document to IETF.
      

    

    
My understanding was that IEEE 802.11 did not vote to approve the
requirements document, so that it had no official status.
    

  

  
[Walker, Jesse] Right. How I recollect the discussion was that you did
not think we needed to create an official response, so I did not ask for
a vote.
  




-- 
----------------
Dorothy Stanley
Agere Systems
2000 North Naperville Rd. 
Naperville, IL 60566
630-979-1572 (Phone, Fax)
630-222-6753 (Cell)






--------------030109080408080606070800--

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 18 11:20:14 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA28422
	for ; Mon, 18 Apr 2005 11:20:13 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 83D552044A;
	Mon, 18 Apr 2005 11:20:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A42502041C;
	Mon, 18 Apr 2005 11:20:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 398A42041C
	for ; Mon, 18 Apr 2005 11:19:31 -0400 (EDT)
Received: from orsfmr003.jf.intel.com (fmr18.intel.com [134.134.136.17])
	by mail.frascone.com (Postfix) with ESMTP id E836820384
	for ; Mon, 18 Apr 2005 11:19:29 -0400 (EDT)
Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17])
	by orsfmr003.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j3IFJQBn006343;
	Mon, 18 Apr 2005 15:19:26 GMT
Received: from orsmsxvs041.jf.intel.com (orsmsxvs041.jf.intel.com [192.168.65.54])
	by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j3IFJ3mH025653;
	Mon, 18 Apr 2005 15:19:26 GMT
Received: from orsmsx331.amr.corp.intel.com ([192.168.65.56])
 by orsmsxvs041.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005041808192604229
 ; Mon, 18 Apr 2005 08:19:26 -0700
Received: from orsmsx401.amr.corp.intel.com ([192.168.65.207]) by orsmsx331.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211);
	 Mon, 18 Apr 2005 08:19:26 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5442A.01883036"
Subject: RE: [eap] Re: EAP Key Binding
Message-ID: 
Thread-Topic: [eap] Re: EAP Key Binding
Thread-Index: AcVEJ6bUZEXfvtNSTQWwrCRgD+5UIAAALa4Q
From: "Walker, Jesse" 
To: "Dorothy Stanley" 
Cc: "Bernard Aboba" , ,
        "Paul Funk" , "Henry Ptasinski" ,
        "Steve Emeott" ,
        "Russ Housley" ,
        "Nancy Winget" 
X-OriginalArrivalTime: 18 Apr 2005 15:19:26.0115 (UTC) FILETIME=[01E6DF30:01C5442A]
X-Scanned-By: MIMEDefang 2.44
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 18 Apr 2005 08:19:24 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

This is a multi-part message in MIME format.

------_=_NextPart_001_01C5442A.01883036
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Dorothy,

=20

In November, TGr was not ready to approve 04/1498.  I think tgr as a
whole
had not spent enough time with  the doc,  and wasn't comfortable with
the
content. A draft 04/1498 was enough for the EAP WG to start with, as a
rather large "comment" on the
Keying Framework document. I agree it's time to discuss 04/1498 in TGr
again.

[Walker, Jesse] Whether or no my recollection of the events in San
Antonio is correct, I am glad that you now agree that we should indeed
complete our requirements for EAP Keying and forward them to the IETF
for their consideration.

=20

-- Jesse




------_=_NextPart_001_01C5442A.01883036
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

















Dorothy,



=
 






In November, =
TGr was not
ready to approve 04/1498.  I think tgr as a whole

had not spent enough time with  the doc,  and wasn't =
comfortable with
the

content. A draft 04/1498 was enough for the EAP WG to start with, =
as a
rather large "comment" on the

Keying Framework document. I agree it's time to discuss 04/1498 in TGr =
again.



[Walker, Jesse] Whether or no my recollection of the =
events
in San Antonio is correct, I am glad that you now agree that we should =
indeed
complete our requirements for EAP Keying and forward them to the IETF =
for their
consideration.



 



-- =
Jesse
















------_=_NextPart_001_01C5442A.01883036--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From totpghta@qualitylighting.com  Mon Apr 18 11:23:09 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA28727;
	Mon, 18 Apr 2005 11:23:08 -0400 (EDT)
Received: from c9066c74.virtua.com.br ([201.6.108.116])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DNYGS-0005UF-Ol; Mon, 18 Apr 2005 11:34:22 -0400
Received: from (132.151.6.1) (port=1587 helo=cKjBeGeW)
	by mx2.follette.com with smtp 
	id 711261c4d3c0$2180fea0$248aa7
	for bmwg-archive@ietf.org; Mon, 18 Apr 2005 08:22:45 -0800
Message-ID: <711261c4d3c0$2180fea0$248aa7>
From: "Jimmie Kirby" 
To: bmwg-archive@ietf.org
Subject: dovetail toothpick backlog fling locutor desorption 
Date: Mon, 18 Apr 2005 08:22:45 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative; 
     boundary="--0" 
X-Spam-Score: 6.1 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: 6640e3bbe8a4d70c4469bcdcbbf0921d

----0
Content-Type: text/html; 
Content-Transfer-Encoding: 7Bit







 





  
  

      
Sa
     
    p 
    To 70
     
     OF
     
     Reta 
    
     
    il Pri 
    
    ces With Online-R 
      
     
  

    ve U
    %
    F
     
    X!  






  
  

    
      
   VI

     
    RA,  CI
     
    S,  VA
     
    UM,   AM
     
    EN
        SO
     
  

    AG
    ALI
    Ll
    Bl
    MA      





  
  

    
      
    $69.

     
        $89.
     
       $69.95
     
        $109.
     
      
       $59.95
     
  

    95
    95
     
    95
         
  





  
  

       To
     
     Spe
     
    : Cia
     
     16x20m
     
    ls on
    ly $89.
     
  

    day
    cial
    lis
    g pil
    95      



  


            
  Press Here To See Our Selecton


----0--




From eap-admin@frascone.com  Mon Apr 18 12:00:15 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01564
	for ; Mon, 18 Apr 2005 12:00:12 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 0354F203E9;
	Mon, 18 Apr 2005 12:00:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 9729D20447;
	Mon, 18 Apr 2005 12:00:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 48F422041F
	for ; Mon, 18 Apr 2005 11:59:13 -0400 (EDT)
Received: from sj-iport-1.cisco.com (sj-iport-1-in.cisco.com [171.71.176.70])
	by mail.frascone.com (Postfix) with ESMTP id 81089203E9
	for ; Mon, 18 Apr 2005 11:58:54 -0400 (EDT)
Received: from sj-core-5.cisco.com (171.71.177.238)
  by sj-iport-1.cisco.com with ESMTP; 18 Apr 2005 08:58:31 -0700
X-IronPort-AV: i="3.92,110,1112598000"; 
   d="scan'208"; a="629918289:sNHT32030616"
Received: from E2K-SEA-XCH2.sea-alpha.cisco.com (e2k-sea-xch2.cisco.com [10.93.132.68])
	by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id j3IFwQhu019334;
	Mon, 18 Apr 2005 08:58:27 -0700 (PDT)
content-class: urn:content-classes:message
Subject: RE: [eap] EAP Key Binding Discussion
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Message-ID: <7210B31550AC934A8637D6619739CE6905013897@e2k-sea-xch2.sea-alpha.cisco.com>
Thread-Topic: [eap] EAP Key Binding Discussion
Thread-Index: AcVCeRtWOI4ciDmNRQCm37df40BsZQBrzzeg
From: "Salowey, Joe" 
To: "Walker, Jesse" , 
Cc: "Paul Funk" , "Henry Ptasinski" ,
        "Steve Emeott" ,
        "Russ Housley" ,
        "Nancy Winget" 
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 18 Apr 2005 09:01:58 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

> -----Original Message-----
> 	From: Walker, Jesse [mailto:jesse.walker@intel.com]=20
> 	Sent: Saturday, April 16, 2005 4:41 AM
> 	To: eap@frascone.com
> 	Cc: Paul Funk; Henry Ptasinski; Steve Emeott; Russ=20
> Housley; Nancy Winget
> 	Subject: [eap] EAP Key Binding Discussion
> =09



>=20
> 	            TMS
>=20
> 	             |
>=20
> 	        +----+----+
>=20
> 	        |         |
>=20
> 	       MSK       EMSK
>=20
> 	        |
>=20
> 	        |
>=20
> 	     AAA-Key
>=20
> 	=20
>=20
> 	The TMS is an EAP method specific "session key"=20
> constructed between the EAP Peer and the EAP Server. From=20
> this the MSK and EMSK are derived, again in an EAP method=20
> specific manner. The AAA-Key is derived from the MSK and=20
> delivered to the NAS. The AAA-Key is then used as the session=20
> key between the EAP Peer and the NAS.
>=20
> 	=20
>=20
> 	The issue has always been how to bind the AAA-Key to=20
> this NAS and this EAP Peer for this session. The NAS needs to=20
> know that this AAA-Key is for this  pair for=20
> this session, and the EAP Peer likewise needs to know the=20
> same thing. The only party that is in a position to inform=20
> both parties of this binding is the EAP Server. The EAP Peer=20
> can trust the EAP Server to make this assertion, because it=20
> has authenticated the EAP Server (at least in the case where=20
> the EAP method provides mutual authentication), and the NAS=20
> can trust the EAP server to make this assertion, because it=20
> has some channel with the EAP server presumed to be secure.
>=20
>

[Joe] We need to be a little careful here so we don't load too much
application specific knowledge into EAP methods.  In this description
there should be an application independent portion of the EAP server and
an application aware portion of the EAP server (may be the AAA logic). =20
 	=20
>=20
> 	I think everyone agrees this issue is solved for the=20
> NAS, as mechanisms exist to allow the EAP Server to attest to=20
> the binding. It could, for instance, deliver the EAP Peer's=20
> authenticated identity Peer-ID to the NAS with the AAA-Key=20
> along with the EAP Success message; abstractly:
>=20
> 	=20
>=20
> 	      EAP Server --> NAS:  EAP-Success || AAA-Key || Peer-ID
>=20
>

[Joe] In this scheme what is the Peer-ID?  I'm not sure that the Peer-ID
in this protocol is the same as the Peer-ID that is the authenticated
name.  If it is not then this mechanisms may run into problems.   Also
is it the identity that is important?  Perhaps it would be possible to
use a scoping or an authorization attribute instead.
 	=20
>=20
> 	The NAS can then check whether it is talking with the=20
> right EAP Peer using a protocol that would require the EAP Peer to
assert its identity:
>=20
> 	=20
>=20
> 	      NAS --> EAP Peer:  Challenge
>=20
> 	      EAP Peer --> NAS:  f(AAA-Key, Challenge || Peer-ID)
>=20
> 	      etc.
>=20
> 	=20
>=20
> 	The function f used in this protocol would be selected=20
> so that it would becomputationally infeasible for the EAP Peer to
produce=20
> the right response without knowing the AAA-Key, the Challenge=20
> value, and the Peer-ID value. And if exposure of the Peer-ID=20
> to the NAS is deemed onerous, then we can certainly replace=20
> it in the above with another session specific function of=20
> Peer-ID, e.g.,
>=20
> 	=20
>=20
> 	     g(TMS, Peer-ID)
>
> 	=20
>=20
> 	for some suitable function g. The EAP keying draft=20
> could specify that delivery of (a function of) the Peer-ID=20
> with the session key is a requirement, and we would be done=20
> with the key binding for the NAS.
>=20

[Joe] This type of value is not exported by EAP right now and I'm not
sure it should be.  If the Peer-ID is the identity authenticated by EAP
then it may be possible.  IF not then I don't think this is a good
construct since it requires application specific knowledge in the EAP
method better to use a key derived from the EMSK hierarchy. =20



> 	=20
>=20
> 	Of course life is never that simple, because the key=20
> hierarchy above is already in place, and doesn't include the=20
> derivation AAA-Key :=3D kdf(MSK, NAS-ID). Therefore, we would=20
> have to do something else, in order to avoid breaking already=20
> deployed equipment. A candidate might be the EMSK, which is=20
> currently unused. We could define something like
>=20
> 	=20
>=20
> 	     Bound-AAA-Key :=3D kdf(EMSK, "bound EAP session key=20
> || SID || NAS-ID)
>=20
> 	=20
>=20
> 	where SID is the EAP session identifier, and deliver=20
> the Bound-AAA-Key to the NAS along with the AAA-Key.=20

[Joe] Its not currently clear to me that you need to include the binding
in the key derivation. Why can't the server just send the NAS-ID to the
peer? I need to think about it more. =20
 =20

> We could=20
> deliver this with a session specific EAP Peer identity
>=20
> 	=20
>=20
> 	     Peer-Session-ID :=3D hash(SID || Peer-ID)
>=20
> 	=20
>=20
> 	And we could fix kdf and hash for all EAP methods,=20
> e.g., take hash to be the first 96 bits of SHA-256, and kdf=20
> as TLS-PRF. The Bound-AAA-Key id would then be NAS-ID ||=20
> Peer-Session-ID. We don't, of course, have to use the EMSK=20
> for this function, but I have used it for concreteness.
>=20

[Joe] I had a proposal for a KDF for EAP EMSK derivation that was merged
into the EAP keying framework and then removed.  I expect we could issue
a new companion draft (EAP-keying extensions) soon if that would help
add clarity to this issue.  I think the the peer-session-ID is an
application specific thing (802.11). =20
	=20
>=20
> 	This mechanism requires that a NAS find some way to=20
> advertise its NAS-ID to EAP peers, and it requires a few new=20
> attributes exchanged between the NAS and EAP Server. It=20
> leaves the existing key hierarchies intact, but provides a=20
> bound key for new applications that desire a bound key. It=20
> seems to put to rest the security issues with the existing=20
> key hierarchy, by giving the EAP Server some way to attest to=20
> the EAP Peer the NAS which should possess the key.
> 	=20
>=20
> 	What do people thing? Would this be a productive=20
> addition to the EAP keying draft?
>=20
[Joe] I expect that some of this would go into the EAP-Keying extensions
draft.=20

> 	=20
>=20
> 	-- Jesse
>=20
> =20


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 18 12:15:48 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA02853
	for ; Mon, 18 Apr 2005 12:15:17 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id D6B6D20457;
	Mon, 18 Apr 2005 12:15:07 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6508B2044A;
	Mon, 18 Apr 2005 12:15:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 310D32041F
	for ; Mon, 18 Apr 2005 12:14:56 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id AE6E4203E9
	for ; Mon, 18 Apr 2005 12:14:36 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DNYtJ-000883-1E
	for eap@frascone.com; Mon, 18 Apr 2005 12:14:29 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3IGERP12656
	for ; Mon, 18 Apr 2005 09:14:28 -0700
From: Bernard Aboba 
To: eap@frascone.com
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] [Issue 297] Review of Identity Selection -12
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 18 Apr 2005 09:14:27 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Issue 297: Review of Identity Selection -12
Submitter name: Bernard Aboba
Submitter email address: aboba@internaut.com
Date first submitted: 4/18/2005
Reference:
Document: IDSEL-12
Comment type: E
Priority: S
Section: Various
Rationale/Explanation of issue:

Abstract

"The purpose is to
assist the EAP peer in selecting an appropriate Network Access
Identifier (NAI) when there is no direct roaming relationship between
the access network and the peer's home network.  In this case,
authentication is typically accomplished via a mediating network such
as a roaming consortium or broker.

The mechanism defined in this document is limited in its scalability.
It is intended for access networks that have a small to moderate
number of direct roaming partners."

The hint can be useful in other cases too, no? For example, when
EAP is used on Ethernet, the client receives no indication of what
network it is connected to.

Suggest rewriting to:

"The purpose is to assist the EAP peer in selecting an
appropriate Network Access Identifier (NAI).  This is useful
in situations where the peer does not receive a lower layer
indication of what network it is connecting to, or when a
mediating network (such as a roaming consortium or broker)
is present, so that there is no direct roaming relationship
between the access network and the peer's home network.

Since the mechanism in this document requires the authenticator
to provide a complete network list (rather than allowing the
peer to indicate which networks it is interested in), it
has limited scalability.  The mechanism is therefore intended
for access networks that have a small to moderate number of
direct roaming partners."

Section 1

"   An EAP peer (hereafter, also referred to as the peer) can have
   several sets of credentials, and its home network may have roaming
   relationships with several mediating networks.  In some cases, the
   peer may be uncertain which Network Access Identity (NAI) to include
   in an EAP-Response/Identity.

   The Extensible Authentication Protocol (EAP) is defined in [RFC3748].
   This document defines a mechanism that allows the access network to
   provide an EAP peer with identity selection hints, including
   information about its roaming relationships.  This information is
   sent to the peer in an EAP-Request/Identity message by appending it
   after the displayable message and a NUL character.

   One possible application for this mechanism is to help an EAP peer
   perform NAI decoration [rfc2486bis] to facilitate routing of AAA
   messages to the home AAA server.  If there are several possible
   mediating networks, the peer can use this method to influence which
   one is used."

Again, there are other situations in which the peer may be uncertain about
which NAI to include.  Suggest rewriting to:

"  The Extensible Authentication Protocol (EAP) is defined in [RFC3748].
   An EAP peer (hereafter, also referred to as the peer) may have
   multiple credentials.  Where the lower layer does not provide
   an indication of which network it is connecting to, or where its
   home network may have roaming relationships with several
   mediating networks, the peer may be uncertain which Network
   Access Identity (NAI) to include in an EAP-Response/Identity.

   This document defines a mechanism that allows the access network to
   provide an EAP peer with identity selection hints, including
   information about its roaming relationships.  This information is
   sent to the peer in an EAP-Request/Identity message by appending it
   after the displayable message and a NUL character.

   This mechanism may assist the peer in selecting a credential and
   associated NAI, or in formating the NAI [RFC2486bis] to facilitate
   routing of AAA messages to the home AAA server.  If there are
   several mediating networks available, the peer can influence which
   one is used."

"  Section 2 describes the required behavior of implementations of this
   Specification, including the packet format for structuring and
   presenting identity hint information to an EAP peer."

Suggest rewriting to:

"  Section 2 describes the required behavior of implementations,
   including the format for identity hints."

Section 1.1

"  The identity hints are typically useful only when there's too much
   ambiguity for an access network to determine how to route the AAA
   packet.  This can happen, for instance, when  access networks have
   contracts with multiple roaming consortiums but do not have a full
   list of home networks reachable through them.

   In such scenarios, a limited number of identity hints (e.g., a list
   of roaming partners of the access network) can be provided by the
   mechanism to enable the EAP peer to influence routing of AAA packets.
   The immediate application of the proposed mechanism is in 3GPP
   systems interworking with WLANs [TS 23.234] and [TS 24.234].

   The roaming partner information provided via this mechanism is
   limited by the link layer MTU size.  For example, assuming an average
   of 20 octets per roaming partner / home network information and the
   link layer MTU size of 1096, the approximate number of roaming
   partners that can be advertised would be 50.  The scalability
   limitation imposed by the link layer MTU size should be taken into
   consideration when deploying this solution.

   This document is also related to the general network discovery and
   selection problem described in [netsel-problem].  The proposed
   mechanism described in this document solves only a part of the
   problem in [netsel-problem].  IEEE 802.11 is also looking into more
   comprehensive and long-term solutions for network discovery and
   selection."

I think you also need to mention the implications for handoff latency.
Suggest rewriting to:

"  Identity hints are useful in situations where the peer cannot
   determine which credentials to use, or where there may be multiple
   alternative routes by which an access network can reach a home
   network.  This can occur when access networks support
   multiple roaming consortiums but do not have a full
   list of the home networks reachable through them.

   In such scenarios, identity hints (e.g., a list of roaming
   partners of the access network) can be provided to enable
   the EAP peer to influence route selection, using the NAI
   [RFC2486bis] to specify the desired source route. The
   immediate application of the proposed mechanism is in 3GPP
   systems interworking with WLANs [TS 23.234] and [TS 24.234].

   The number of hints that can be provided by this mechanism is
   limited by the EAP MTU.  For example, assuming 20 octets per
   hint and an EAP MTU of 1096, a maximum of 50 roaming partners
   can be advertised.  Scaling limitations imposed by the EAP MTU
   should be taken into account when deploying this solution.

   Since this mechanism relies on information provided in the
   EAP-Request/Identity packet, it is necessary for the peer to
   select a point of attachment prior to obtaining identity
   hints.  Where there are multiple point of attachment available,
   the mechanism defined in this specification does not allow
   the peer to utilize the identity hints in making a decision
   about which point of attachment to select.  This can require
   the peer to try multiple points of attachment before it finds
   a compatible one, increasing handoff latency.

   This document is related to the general network discovery and
   selection problem described in [netsel-problem].  The proposed
   mechanism described in this document solves only a part of the
   problem in [netsel-problem].  IEEE 802.11 is also looking into more
   comprehensive and long-term solutions for network discovery and
   selection."

Section 1.2

"   Decorated NAI   An NAI with additional information for influencing
                   AAA routing.  Please refer to section 2.7 of
                   [rfc2486bis] for its construction."

Suggest rewriting to:

"   Decorated NAI  An NAI specifying a source route.  See [RFC2486bis]
                   section 2.7 for more information."

Section 2

"  The EAP authenticator MAY send an identity hint to the peer in the
   initial EAP-Request/Identity.  If the identity hint is not sent
   initially (such as when the authenticator does not support this
   specification), then if the local EAP-aware AAA proxy/server
   implementing this specification receives an AAA Request packet with
   an unknown realm, it SHOULD reply with an EAP-Request/Identity
   containing an identity hint.  For example, in case of RADIUS, if the
   EAP-aware RADIUS proxy/server [RFC3579] receives an Access-Request
   packet with an unknown realm in the UserName(1) attribute, then it
   can reply with an EAP-Request/Identity containing an identity hint
   within an Access-Challenge packet.  See "option 3" in the appendix
   for the message flow diagram.

   If the peer responds with an EAP-Response/Identity containing an
   unknown realm after the local AAA proxy/server sends an identity
   hint, then the local AAA proxy/server MUST respond with an EAP
   Failure packet.  The local AAA proxy/server MAY also send an EAP-
   Notification message providing the reason for the failure prior to
   the EAP Failure packet.

   When an Identity hint is sent by a AAA proxy/server, the AAA proxy/
   server MUST be able to determine if an identity hint had previously
   been sent by it to the EAP peer.  When RADIUS is used, the State(24)
   attribute can be used to achieve this.

   As noted in [RFC3748], Section 3.1, the minimum EAP MTU size is 1020
   octets.  EAP does not support fragmentation of EAP-Request/Identity
   messages, so the maximum length of the identity hint information is
   limited by the link MTU."

Existing RADIUS proxies do not look at the contents of EAP packets,
nor are they required to be aware of all the realms that they need
to support.  Typically the realm list configured on the proxy includes
a default route that will be used if the realm is not recognized.
The paragraph above appears to imply that such a default route cannot
be configured, or that RADIUS proxies implementing this specification
need to parse EAP packets.  Suggest rewriting to:


"  The EAP authenticator MAY send an identity hint to the peer in the
   initial EAP-Request/Identity.  If the identity hint is not sent
   initially (such as when the authenticator does not support this
   specification), then the EAP peer may select the wrong NAI.  If
   the local AAA proxy does not have a default route configured,
   then it may find that the User-Name attribute in the request
   contains a realm for which there is no corresponding route.

   As noted in [RFC2607], Section 5.1:

    Proxies are frequently used to implement policy in roaming
    situations.  Proxies implementing policy MAY reply directly to
    Access-Requests without forwarding the request. When replying
    directly to an Access-Request, the proxy MUST reply either with an
    Access-Reject or an Access-Challenge packet. A proxy MUST NOT reply
    directly with an Access-Accept."

   Where no route is found, existing AAA proxies will typically send
   an Access-Reject.   However, where the request contains an EAP-Message
   attribute, AAA proxies implementing this specification should instead
   reply with a Challenge including an identity hint.

   For example, if a RADIUS proxy receives an Access-Request
   with an EAP-Message attribute and a User-Name(1) attribute
   containing an unknown realm, it SHOULD reply with an Access-Challenge
   with an EAP-Message attribute encapsulating an EAP-Request/Identity
   packet containing an identity hint, rather than an Access-Reject.
   See "option 3" in the appendix for the message flow diagram.

   If the peer responds with an EAP-Response/Identity containing an
   unknown realm after the local AAA proxy sends an identity
   hint, then a local AAA proxy/server implementing this specification
   MUST eventually send an Access-Reject containing an EAP-Failure.
   Prior to doing so it MAY send an Access-Challenge containing an
   EAP-Notification, in order to provide an explanation for the failure.
   In order to determine whether an identity hint had been previously
   sent, the State(24) attribute defined in [RFC2865] can be used.

   As noted in [RFC3748], Section 3.1, the minimum EAP MTU size is 1020
   octets.  EAP does not support fragmentation of EAP-Request/Identity
   messages, so the maximum length of the identity hint information is
   limited by the link MTU."

Given that this specification changes AAA proxy behavior, I believe
that it should include "Updates: 2607" in the header.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 18 13:20:25 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07560
	for ; Mon, 18 Apr 2005 13:20:15 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 76A4A2044B;
	Mon, 18 Apr 2005 13:20:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id EF4E62044C;
	Mon, 18 Apr 2005 13:20:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id E0D0520434
	for ; Mon, 18 Apr 2005 13:19:21 -0400 (EDT)
Received: from orsfmr003.jf.intel.com (fmr18.intel.com [134.134.136.17])
	by mail.frascone.com (Postfix) with ESMTP id 836922041F
	for ; Mon, 18 Apr 2005 13:19:18 -0400 (EDT)
Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17])
	by orsfmr003.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j3IHJHBn014587;
	Mon, 18 Apr 2005 17:19:17 GMT
Received: from orsmsxvs041.jf.intel.com (orsmsxvs041.jf.intel.com [192.168.65.54])
	by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j3IHIfmW022687;
	Mon, 18 Apr 2005 17:19:17 GMT
Received: from orsmsx332.amr.corp.intel.com ([192.168.65.60])
 by orsmsxvs041.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005041810191723806
 ; Mon, 18 Apr 2005 10:19:17 -0700
Received: from orsmsx408.amr.corp.intel.com ([192.168.65.52]) by orsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211);
	 Mon, 18 Apr 2005 10:19:17 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
Message-ID: 
Thread-Topic: [eap] [Issue 297] Review of Identity Selection -12
Thread-Index: AcVEMd/MZRpOYhUuQo+NLH0oOiaFbAACHK6w
From: "Adrangi, Farid" 
To: "Bernard Aboba" , 
X-OriginalArrivalTime: 18 Apr 2005 17:19:17.0026 (UTC) FILETIME=[C004D020:01C5443A]
X-Scanned-By: MIMEDefang 2.44
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 18 Apr 2005 10:19:16 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

Looks reasonable to me.  Though I don't quite understand the last
comment:

"Given that this specification changes AAA proxy behavior, I believe
that it should include "Updates: 2607" in the header."

Could you please elaborate?

BR,
Farid

> -----Original Message-----
> From: eap-admin@frascone.com [mailto:eap-admin@frascone.com]=20
> On Behalf Of Bernard Aboba
> Sent: Monday, April 18, 2005 9:14 AM
> To: eap@frascone.com
> Subject: [eap] [Issue 297] Review of Identity Selection -12
>=20
>=20
> Issue 297: Review of Identity Selection -12
> Submitter name: Bernard Aboba
> Submitter email address: aboba@internaut.com
> Date first submitted: 4/18/2005
> Reference:
> Document: IDSEL-12
> Comment type: E
> Priority: S
> Section: Various
> Rationale/Explanation of issue:
>=20
> Abstract
>=20
> "The purpose is to
> assist the EAP peer in selecting an appropriate Network Access
> Identifier (NAI) when there is no direct roaming relationship between
> the access network and the peer's home network.  In this case,
> authentication is typically accomplished via a mediating network such
> as a roaming consortium or broker.
>=20
> The mechanism defined in this document is limited in its scalability.
> It is intended for access networks that have a small to moderate
> number of direct roaming partners."
>=20
> The hint can be useful in other cases too, no? For example, when
> EAP is used on Ethernet, the client receives no indication of what
> network it is connected to.
>=20
> Suggest rewriting to:
>=20
> "The purpose is to assist the EAP peer in selecting an
> appropriate Network Access Identifier (NAI).  This is useful
> in situations where the peer does not receive a lower layer
> indication of what network it is connecting to, or when a
> mediating network (such as a roaming consortium or broker)
> is present, so that there is no direct roaming relationship
> between the access network and the peer's home network.
>=20
> Since the mechanism in this document requires the authenticator
> to provide a complete network list (rather than allowing the
> peer to indicate which networks it is interested in), it
> has limited scalability.  The mechanism is therefore intended
> for access networks that have a small to moderate number of
> direct roaming partners."
>=20
> Section 1
>=20
> "   An EAP peer (hereafter, also referred to as the peer) can have
>    several sets of credentials, and its home network may have roaming
>    relationships with several mediating networks.  In some cases, the
>    peer may be uncertain which Network Access Identity (NAI)=20
> to include
>    in an EAP-Response/Identity.
>=20
>    The Extensible Authentication Protocol (EAP) is defined in=20
> [RFC3748].
>    This document defines a mechanism that allows the access network to
>    provide an EAP peer with identity selection hints, including
>    information about its roaming relationships.  This information is
>    sent to the peer in an EAP-Request/Identity message by appending it
>    after the displayable message and a NUL character.
>=20
>    One possible application for this mechanism is to help an EAP peer
>    perform NAI decoration [rfc2486bis] to facilitate routing of AAA
>    messages to the home AAA server.  If there are several possible
>    mediating networks, the peer can use this method to influence which
>    one is used."
>=20
> Again, there are other situations in which the peer may be=20
> uncertain about
> which NAI to include.  Suggest rewriting to:
>=20
> "  The Extensible Authentication Protocol (EAP) is defined in=20
> [RFC3748].
>    An EAP peer (hereafter, also referred to as the peer) may have
>    multiple credentials.  Where the lower layer does not provide
>    an indication of which network it is connecting to, or where its
>    home network may have roaming relationships with several
>    mediating networks, the peer may be uncertain which Network
>    Access Identity (NAI) to include in an EAP-Response/Identity.
>=20
>    This document defines a mechanism that allows the access network to
>    provide an EAP peer with identity selection hints, including
>    information about its roaming relationships.  This information is
>    sent to the peer in an EAP-Request/Identity message by appending it
>    after the displayable message and a NUL character.
>=20
>    This mechanism may assist the peer in selecting a credential and
>    associated NAI, or in formating the NAI [RFC2486bis] to facilitate
>    routing of AAA messages to the home AAA server.  If there are
>    several mediating networks available, the peer can influence which
>    one is used."
>=20
> "  Section 2 describes the required behavior of=20
> implementations of this
>    Specification, including the packet format for structuring and
>    presenting identity hint information to an EAP peer."
>=20
> Suggest rewriting to:
>=20
> "  Section 2 describes the required behavior of implementations,
>    including the format for identity hints."
>=20
> Section 1.1
>=20
> "  The identity hints are typically useful only when there's too much
>    ambiguity for an access network to determine how to route the AAA
>    packet.  This can happen, for instance, when  access networks have
>    contracts with multiple roaming consortiums but do not have a full
>    list of home networks reachable through them.
>=20
>    In such scenarios, a limited number of identity hints (e.g., a list
>    of roaming partners of the access network) can be provided by the
>    mechanism to enable the EAP peer to influence routing of=20
> AAA packets.
>    The immediate application of the proposed mechanism is in 3GPP
>    systems interworking with WLANs [TS 23.234] and [TS 24.234].
>=20
>    The roaming partner information provided via this mechanism is
>    limited by the link layer MTU size.  For example, assuming=20
> an average
>    of 20 octets per roaming partner / home network information and the
>    link layer MTU size of 1096, the approximate number of roaming
>    partners that can be advertised would be 50.  The scalability
>    limitation imposed by the link layer MTU size should be taken into
>    consideration when deploying this solution.
>=20
>    This document is also related to the general network discovery and
>    selection problem described in [netsel-problem].  The proposed
>    mechanism described in this document solves only a part of the
>    problem in [netsel-problem].  IEEE 802.11 is also looking into more
>    comprehensive and long-term solutions for network discovery and
>    selection."
>=20
> I think you also need to mention the implications for handoff latency.
> Suggest rewriting to:
>=20
> "  Identity hints are useful in situations where the peer cannot
>    determine which credentials to use, or where there may be multiple
>    alternative routes by which an access network can reach a home
>    network.  This can occur when access networks support
>    multiple roaming consortiums but do not have a full
>    list of the home networks reachable through them.
>=20
>    In such scenarios, identity hints (e.g., a list of roaming
>    partners of the access network) can be provided to enable
>    the EAP peer to influence route selection, using the NAI
>    [RFC2486bis] to specify the desired source route. The
>    immediate application of the proposed mechanism is in 3GPP
>    systems interworking with WLANs [TS 23.234] and [TS 24.234].
>=20
>    The number of hints that can be provided by this mechanism is
>    limited by the EAP MTU.  For example, assuming 20 octets per
>    hint and an EAP MTU of 1096, a maximum of 50 roaming partners
>    can be advertised.  Scaling limitations imposed by the EAP MTU
>    should be taken into account when deploying this solution.
>=20
>    Since this mechanism relies on information provided in the
>    EAP-Request/Identity packet, it is necessary for the peer to
>    select a point of attachment prior to obtaining identity
>    hints.  Where there are multiple point of attachment available,
>    the mechanism defined in this specification does not allow
>    the peer to utilize the identity hints in making a decision
>    about which point of attachment to select.  This can require
>    the peer to try multiple points of attachment before it finds
>    a compatible one, increasing handoff latency.
>=20
>    This document is related to the general network discovery and
>    selection problem described in [netsel-problem].  The proposed
>    mechanism described in this document solves only a part of the
>    problem in [netsel-problem].  IEEE 802.11 is also looking into more
>    comprehensive and long-term solutions for network discovery and
>    selection."
>=20
> Section 1.2
>=20
> "   Decorated NAI   An NAI with additional information for influencing
>                    AAA routing.  Please refer to section 2.7 of
>                    [rfc2486bis] for its construction."
>=20
> Suggest rewriting to:
>=20
> "   Decorated NAI  An NAI specifying a source route.  See [RFC2486bis]
>                    section 2.7 for more information."
>=20
> Section 2
>=20
> "  The EAP authenticator MAY send an identity hint to the peer in the
>    initial EAP-Request/Identity.  If the identity hint is not sent
>    initially (such as when the authenticator does not support this
>    specification), then if the local EAP-aware AAA proxy/server
>    implementing this specification receives an AAA Request packet with
>    an unknown realm, it SHOULD reply with an EAP-Request/Identity
>    containing an identity hint.  For example, in case of=20
> RADIUS, if the
>    EAP-aware RADIUS proxy/server [RFC3579] receives an Access-Request
>    packet with an unknown realm in the UserName(1) attribute, then it
>    can reply with an EAP-Request/Identity containing an identity hint
>    within an Access-Challenge packet.  See "option 3" in the appendix
>    for the message flow diagram.
>=20
>    If the peer responds with an EAP-Response/Identity containing an
>    unknown realm after the local AAA proxy/server sends an identity
>    hint, then the local AAA proxy/server MUST respond with an EAP
>    Failure packet.  The local AAA proxy/server MAY also send an EAP-
>    Notification message providing the reason for the failure prior to
>    the EAP Failure packet.
>=20
>    When an Identity hint is sent by a AAA proxy/server, the AAA proxy/
>    server MUST be able to determine if an identity hint had previously
>    been sent by it to the EAP peer.  When RADIUS is used, the=20
> State(24)
>    attribute can be used to achieve this.
>=20
>    As noted in [RFC3748], Section 3.1, the minimum EAP MTU=20
> size is 1020
>    octets.  EAP does not support fragmentation of EAP-Request/Identity
>    messages, so the maximum length of the identity hint information is
>    limited by the link MTU."
>=20
> Existing RADIUS proxies do not look at the contents of EAP packets,
> nor are they required to be aware of all the realms that they need
> to support.  Typically the realm list configured on the proxy includes
> a default route that will be used if the realm is not recognized.
> The paragraph above appears to imply that such a default route cannot
> be configured, or that RADIUS proxies implementing this specification
> need to parse EAP packets.  Suggest rewriting to:
>=20
>=20
> "  The EAP authenticator MAY send an identity hint to the peer in the
>    initial EAP-Request/Identity.  If the identity hint is not sent
>    initially (such as when the authenticator does not support this
>    specification), then the EAP peer may select the wrong NAI.  If
>    the local AAA proxy does not have a default route configured,
>    then it may find that the User-Name attribute in the request
>    contains a realm for which there is no corresponding route.
>=20
>    As noted in [RFC2607], Section 5.1:
>=20
>     Proxies are frequently used to implement policy in roaming
>     situations.  Proxies implementing policy MAY reply directly to
>     Access-Requests without forwarding the request. When replying
>     directly to an Access-Request, the proxy MUST reply either with an
>     Access-Reject or an Access-Challenge packet. A proxy MUST=20
> NOT reply
>     directly with an Access-Accept."
>=20
>    Where no route is found, existing AAA proxies will typically send
>    an Access-Reject.   However, where the request contains an=20
> EAP-Message
>    attribute, AAA proxies implementing this specification=20
> should instead
>    reply with a Challenge including an identity hint.
>=20
>    For example, if a RADIUS proxy receives an Access-Request
>    with an EAP-Message attribute and a User-Name(1) attribute
>    containing an unknown realm, it SHOULD reply with an=20
> Access-Challenge
>    with an EAP-Message attribute encapsulating an EAP-Request/Identity
>    packet containing an identity hint, rather than an Access-Reject.
>    See "option 3" in the appendix for the message flow diagram.
>=20
>    If the peer responds with an EAP-Response/Identity containing an
>    unknown realm after the local AAA proxy sends an identity
>    hint, then a local AAA proxy/server implementing this specification
>    MUST eventually send an Access-Reject containing an EAP-Failure.
>    Prior to doing so it MAY send an Access-Challenge containing an
>    EAP-Notification, in order to provide an explanation for=20
> the failure.
>    In order to determine whether an identity hint had been previously
>    sent, the State(24) attribute defined in [RFC2865] can be used.
>=20
>    As noted in [RFC3748], Section 3.1, the minimum EAP MTU=20
> size is 1020
>    octets.  EAP does not support fragmentation of EAP-Request/Identity
>    messages, so the maximum length of the identity hint information is
>    limited by the link MTU."
>=20
> Given that this specification changes AAA proxy behavior, I believe
> that it should include "Updates: 2607" in the header.
> _______________________________________________
> eap mailing list
> eap@frascone.com
> http://mail.frascone.com/mailman/listinfo/eap
>=20
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From NEDSIR@indigodesigngroup.com  Mon Apr 18 15:04:24 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA18259
	for ; Mon, 18 Apr 2005 15:04:23 -0400 (EDT)
Message-Id: <200504181904.PAA18259@ietf.org>
Received: from [200.96.203.160] (helo=132.151.6.1)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DNbiX-0003Hd-JV
	for eap-archive@ietf.org; Mon, 18 Apr 2005 15:15:39 -0400
Received: from FFYUI-TJ12 (182.184.208.76) by 200.96.203.160; Tue, 19 Apr 2005 04:01:56 -0800
From: "Kathryn Quintana" 
To: eamoby@ietf.org
Subject: We cannot cancel your payment N5771317
Date: Tue, 19 Apr 2005 04:01:56 -0800
MIME-Version: 1.0
Content-Type: multipart/related;
        boundary="----=_NextPart_000_00IE_08L9293IK_04C.986L38B0"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-message-flag: Authentic Sender, Hash: QeIlSbQm
X-Spam-Score: 12.2 (++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 325b777e1a3a618c889460b612a65510

This is a multi-part message in MIME format.

------=_NextPart_000_00IE_08L9293IK_04C.986L38B0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_00RZ_00R6710ZZ_05I.594K29D0"

------=_NextPart_000_00RZ_00R6710ZZ_05I.594K29D0
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: 7bit

Get a capable html e-mailer


------=_NextPart_000_00RZ_00R6710ZZ_05I.594K29D0
Content-Type: text/html;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

















<=
font color=3Dblack>









-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBSI5pmqjQ0CJFipgRAlxGAKCpPrt7/HB5YroIdx5J84y6E5opeQCg49dn
NHBQlfivIH+fWpgnCv9/jVY=
=ui8Y
-----END PGP SIGNATURE-----


------=_NextPart_000_00RZ_00R6710ZZ_05I.594K29D0--

------=_NextPart_000_00IE_08L9293IK_04C.986L38B0
Content-Type: image/gif;
        name="image001.gif"
Content-Transfer-Encoding: base64
Content-ID: 
Content-Transfer-Encoding: base64

R0lGODlhNAEgAbMAAAAAAMz//2m19gtcqvGvYnQAAAMK/woEXfzXqpAy////zLlzEp3Y9kgAAP//
/5xIACH5BAQUAP8ALAAAAAA0ASABAAT/0MlJq7046827/2AojmRpnmiqrmzrvnAspwRg38ARTEhj
H4xJDQcQZHq/oGSBGziGRctC+WxOFA+cAIrTFW5AJsBpQeaoXJvRofgmxWSHeUwQYLVinaStlqKt
GEM6dRRmQDw+RGMBaT8BbkWQdl8DOxRTQoprDmJEhyNYTjWVBJVsX0Ztn1U6fJtXqKdREjWrCnoV
BKusVBNMrQ+ii6UBd2RYr3uxqn86SGvGew9rSKZPn7+WQ5ttvbS7td4Uo8UFuK6ntlnQ06FVpJU9
h88SCNZC4DkB9LT635YiFKRaxyZVrH7WRrHJEkfZrHeWmDREkIzXuDEW7qQaGEUgwh2E/yqg+7gE
40iIT9Zso6CAwA6NQhha8pjrzMWGIgk+MXWSnLJVdTzC9ChvhzwlLmvukihrk8I9SU0wu8Lwkr+h
B6VhzKTn5BNvCA40wLXwIaJdUwuNZXRPa8NsTeX42FSUmCycaj8J5BeSh1iyMDFEK1j2rT9WIJOl
7aenVuIKYdfCisIvcNQTjjM9NGZ0LAPOF81K7Az4MpsERc+K88kVoEMBZDVzkykXCJ+GrnCFy8Ca
IqdFT1wrQC25nmcNK2VTBf7bSVhvmTPFy+JMMXGyR2+r3qmCqVbAlPoBWg5+69M9rxQsYHQYJcuq
VvH+NvsdoPYqYFyXnAX6wuCvchVB0/8e60XnXgZisNPefXzc0FZzNQ0w3CjDCVdge1zElkZFoGR1
H2NBBOZfeFyFqFM9vWASnYiImOWVL1uJRCKIZW3BXHzLxdGJM3NBFREdr6h4GIsI9vGhRYilJCN9
o7g0ynoVCHnOOqzVeIo4Ixh40mCLZeQhfEeNA1AauISplGsGTsbhlmB6ZqaaOErHmCW+GXcjmXQe
hwECSnDGZoze9TVnlH0kp1l+xgHxppmmlXCelSQlKdiJrBlYp5KDHoiJd3KWoWdOD1W6CJFvSjoS
pwSkGGNf0VWJiS9OjUopcy/eJMUsTCTD6mHkiFjlgCS86NOK8PEG3K8H2aNNQ5kN1kP/PD3Ceat8
JBGLa3sQEmpKZpXF1oNKzF7V5j1D6TQshjaNSJ87S+BUykVd6QSXiLma0EmM4vWR740XQLGLQzaY
gsQhd/zQiBr3kpFwaEkEosWhGAkSRIbQEeFEwhJfwsDAJoJxsFm+dfIKF7M9TKiDLEWlHkAcl/XD
woJ8HNsMwQZD880456zzzjy/wIU1C3DY89BEF2300SFoQ4TQSDft9NNQRy311FRXbfXVWGet9dZc
d+3112CHLfbYZJdt9tlE/3yBIX1KIslt94KBlCOEHKyhJpAlko8+IQnCiB1Z3CBA3MypDaMi/zai
Et4u64ufPgkEQHi6fguKdpbpsrSM/zlKhMmPspLqAtKo5hRjMzl2wVsOf5t/0mvpEKnyo26kr5p5
a/9Y4NhIjvHzW5nRtrG4bo2RPvPlITz6mnSkkYaU0nG0ZPosxAhFELAIFRbXR5ZV0v1LOpUbKr6d
stHoO9pDOJJljmN6nvTfI1/zusX+PnrxjSmo0kzwAdvlex1BxX/sxyWOHIMaepoKp4gEqfNZCR3o
+NxxqjEp6vFvK9iT3wdKhZ+SbWsRCKDOPuhynHcpR3fYystnZGIo0BhKPLoqnMm2k7dDmNBTtqFN
dmbkk19gqTYTCxd9NJg8ft2hPGSgUAKUOKalnawinEKhFY5onxkl6Ik5gpERdhMphv+1z4u2Q5Rb
CqMfiNHnikQMyIkcEi7X0YE9A4CSVgwiDjQuzz9rvAu8VHVGfVXmID5hIFawJEgq3YgetZrjlW41
xDRugIN/0lGh2scoOvWJNpny0r8iKYdLgtCTH6QdLkYDRBw+b0T/AuKbmpWVGp6yk24poyONdY8p
+OpG9fpNDMllhKAxr3wonNktTeHLjxQTJajCIIlcNbEbZTBN3DuRdwa4sgN55JhVmqUGnNWAD4bS
PjZrF6g2kSvxcaOVAJTPueLVkXWYM0DQWAZ1OkaGZ02PnPQjH6Tg4rs/dgyfgGtnI7VZE0WMT3Ai
UZkc99WFEc7nIQsraMDKSDIe9BL/oSFDKMYM+kGD2sigd3NQE1EmiEQEbDmOeJwnHCoygrr0pTCN
qUxnStOa2vSmOM2pTnfK05769KdADapQh0rUohr1qEhNqlKXytSmOvWpUI2qVKdK1apa9apYzapW
t8rVrnr1q2ANq1jHStaymvWsaE2rWtfK1ra69a1wjWvXClaRIUioAExbgR21cobAUcYHd82rcQQr
gh2tbgx+PSkAx+OBvXZAeFLB6wcgC4u8JohPBUMZwAgrgmxihbP26uWDOIGNVSiLssYaqAlSsxCk
2JBf12jmaDHgywXMNgOoDQg6tynZO17AtqNTyWu9B6UagPYDBMglLQbQW5pBFhme/0KgU44rF+pu
sAEqcUppobPdxzaXZ99SoxHCOyK6uFYJC1DUJanlKAEEAyBT+K4MwptbaRzjvbSQ5RGwCwNdMEBQ
/u2HrtzIWfL2zMCTlSyC33O8AFchGbZtQR0cbI/nSrZgzsFu6TCsNHFN1G76EV06QhTPSbgXUA/j
MBW/AATUpTQj9YutgHNB4G9tOHCkkBtdxVM8fTwXxy/BK3ygkOGSeeEMFMKrGw7wrRh3kMZzS880
JDyJJJrYFdCtQR7AN5B4bMt0Xd4Hfxc82JRIlhCuYPF/DwFcXUI3FGBeyP5A58BTuGse3Qwxngfg
NzkvBFoDCcK36LyPLwtwyqHgQ/+LFcVf/yL4zVMODirCexQHq8VxAbZnIW7b3tjeohzjxa6IESHc
PAngWfgwNaX5+1tSSM7Vg6W0oj7xrVGHt3o2I0o3t7kA43pxtD/rTKlj3eilodo4cag18E49ZqCc
YcG4doKumR3q8aYShvt60KtYgOYC8Nkg1U5dma8xEwUDltzKoHZ1AwGELbab1KvewrJHDdnn1KEA
/+3cuX8bhPSO6dr4AAur6Y3XWz+IggEqMsHVfesiPGfB9hYAvlNV3Xiv+wqzaQzALaeCvh2AYOaW
dy/I6+tTxMpGJbY4KkPEOXiPWdS0FjXr1mBbl9i2LSUfRzzjYOl+/YvkM7/18R7/nAlql1x48Rbx
w1l9CT6/WmDYtfijFyringuBGj8kQUiOXW/ssosi5MVCY+KBXsCNXczVRlBC7jHol09CD98SO0gS
EoWS82kJugqXcLMuY7Ww4+z0xW8d7s6JU5c97g8AvNsD7GimF53oFXf7xaURrySmMkP6VeNEC/84
sZyhQXfVF4cDhEEgE5mKa6PCpRqUBB/YBhJqGP0eugI8xfI1iQ7yq3wyGz03KGgYKAM96TMcMEWv
cKLGdz0DcGzSTdI+yH3tAgOUj3Hh8x6M7JWr9rfP/e57//vgD7/4x0/+8pv//Dyzut/35PgNZFax
9U1B/DEnNyla9/vKLSiHfOcB/8aPIZGRpVoJ1gR6BmrolxEHgF9r036kljzbRWYwdlwQGAIIMCaK
EWnidoApoX7jFl0OGGUTqDkSyIAnsG31QGsAR35Y8BnydS8cARxNli47BmUCFoP3hXxLNj0ypA82
eHvCNk+4FTk0Vm73p30m5G++QEwCgmjvFSb+toKT9w2ClmeVlkNhFnhX+GVVuEJdljFI2C91dQ7y
dX7FZHcxJ2+qxmrCsyESBYPNtmZp6G5pmGxvaGtRx2oTaIK5E4XnNweKZYdomG5hh1cZSIPrp2xE
KHREmHDrhoiCqIZjeBpl9BwnyHfhJyhISGEyl3J4uGiZZ3VJF3TFVmJFF4qcSP+KurMmGMhp4RcW
rkFfsIN4itdlf/YY4/Bzbid3O4F2CwF4h5eLiTd3YqYws6WHQuA9kTh+LTN8hyU4sgcF52R7jdN7
Z6B8o0dFo2cGoQcE1ghkcpEIs1UhVEF3AqiBNRWC5ghV6JiOTWUGRciO8BiP8jiP9FiP9niPQMWB
HZg3x/V+yvSOvAWQUjQMP+Jwlkh++Rca+xctyDVcAFgCDxkC6aVvetBmOWeOt6CAHriA1uVgE7mO
fuYBINkBF/lpqEV46ThhADeBI3mLIEiCMjKCAqkMD+ISuiiPK1hfLugyUHdiehE4YfiSJ3aDteNj
3ogfPDKUPlhdQLh+DlOO5Xf/hGTRZuXEhNDCZsAwhQM2hVe5ZlxYi1gIllroGf4FaXzWMF84Y/v1
RQdYhrNAidUFiIP4UQj1a8ImB55IbHJIbHRobXCol/t4kU85k27lh+Yxb2KobiZXiC7Jj3GZmIqY
boyYdJAJienhbYKRcZknfpiocfqGco9IDXnJbgIXbqK4RTNXiot3mpJ5CYljB1Q3dMroLfwlO9Wl
i8QQeNImeFvpmLIojIHni3gXb7gJLcSoH/QyEJWngcuojc0Ye0cJjZOBL9fnENz4ed6Ijd6ojcmH
nZvXA+CoXxVVEMKHjzLVkub5U+iZnjzljuz5nvAZn/I5n/RZn/bJATMYGoFF/zOOdWlflCAtJZH5
AXqJRT7+mH2XaETXk4x6JVqyNJHIBiu6NKEiwFpQKGPZhKGwRX7JZRalwKAt8GNBuX4WRpgkp13o
lTjdhX51oJHxRZgiWZvy1QZtIXcqhxktNjIEZoiCyaEiVw/7+WMnZWPAsHlICT4fBlIsw4C6MDlA
cGE4xldCM0B9J5gOZlxEqoOsyFZBgZkpITxYNmVallJmWWggEWdwdqNqeREM53WHhpqAo5WC4aUB
Jxc1uWd9VqbcVze20QohN2rjJpe7todtl3ZO6ZJSB3No4kQZ0WseSoAD6YbDxodw1W3fZnJx2RYk
l5iMuHBqamf64W+JugU4t/+lm0IW+iiFjolumLp9Hgdy4bYLQIeKD3Z0BSd5hlhmo9pzgAqGNFmn
vIGLi0OrcrV1g9p1gFNPilmc+1B2zPqpSxBz9SR5iKescIYpx8imqhqspUl5wqh9o+dL/mKNbhB6
/LGd4OiDpydCA+lGisBcn1eu0EedUfo4A6B7eKRZsnCuRnqf/vqvABuwAjuwBFuwBnuwCAuf+akZ
+zkDjlUwQOBXofZ/ILqPKtAgI9M+L/RCjSONHdCf7lexIQujTeNZC0qyCOKgUrCicoCMgsWxKFBN
JSc6lEWzvWWzI5qhKcsJWxqTELlbYNOhI8NcKDuyIemUBsZxGrCeHUB47gD/XbsItbgGLnqWogfZ
qgcGk17TorXEACKrArBYEexyrcEBAkwrkc6BghujtnAJl8DaoxxJNGdLNSrZOUEKpUOqYUW6g+wE
fIhTgCNGGCYnPMWykyomQmrmYilEFXu5mIm5cDzqcHqrpeyRBDPYZ34jpMBBuOaBMnM7NV1qZWD6
plWwZX6Wpl9WptC6bve2RQYRCUjGZkoIOGEGaXP2ZXuyLY+7u4vYmM+Sp1bJi1A4aFpoaEvYZcbX
eO62MVrbNXz6GX4aq684cMt2bKxaqJTaLozwatsLmA93hoAYtbkWagj6KoB4vsvWhj1JqHeImlpg
vfCrqN7rbIxWtEZjqd0W/26aSr2LSEGeiqu6827+RUJtGoiP2b85OnH6pk+0QBds+8Cdo6LdyqpI
12gHt28U5IgmZ3FYWr9m86osF6sjN3CpKWC2WsBzCnKm1b6P+Zkn3C42NwA4N0Rb95XiS7VSe6cT
fMKRiUInV2us6YhLZ79FY6zHEHJft6zBuIuEFzTPCsBSsHZLWsC2+Zu7OGN2V3ZteHY167LLZYC5
Om5PHGYp0cSGN5xet8S5uXg25MFjE67umwPkWny+t5TaqK4OgnploHrRKDdzrAWyxwbPZyfkkwY8
p7GInE+2h7F4fFLCd8fcqWYqpmbKx3z1l7CYnMmavMmc3Mme/MmgHMrmmf+qLNm8oMJYmkfD/VpZ
JkAx9qeBCXlCeQOVNKizIGCyjcRAAyhSQzh/4ZeRt1XKHcmyWZJ/Hyo0nysHFpgTVHt+dct+yGzK
ARxlrexeXZuMyRwlYKG25peTLZhi6OqTnkTDO0pk+7K32UVhDWvO4QUHLlNtsJMRQniLvcuhCjOV
s6u6x/GEDyCnvkuFjfZ6W+Q9/cy6VdbAyBpb7XxJU2i6gRCG9Tx+bimaLly9lsmGdrlHlOiKbPi8
Jvld4WBjsfK+zWuM4Ut+hml5pva/JcaYwMqmz5Fl8BBiBnGpNetwjIZp+8s04ggZ3OyjrgkS4Mua
ePmXpDmERX2krHp13wD/q+g2xFdKm0yjtDm8mdrniiQai2k8i39Wi9i6rXValrFxrXWDQEe8vArN
X0hI1orJb4HgxcpIfczIetBppNIJMLiBryg1AHMBe6/7f94oriJlyUmQueXKyPIMTuRIxAE7IFgt
ysiTOkoL2WSTWYxN2Zid2Zq92Zzd2fFIyjC5niIzupddMzNMy/EYy9jmKagdcGnW2s5FCf8GxukJ
zPolzBSIZ229TZHmfr3dWdZQ1ez5zHFb3Buk2yPpyz6rddbQtikYj94MYeD8ndjVlAtbiZGXICvh
N0uWpaeXg9k4ubqTEJw6yvcMX/kcvE6YlXy40e0bb4QGxP4gdMw7EF34/2LjrQ3ljY8Tjd0HDJiL
yah+oZXY23Z9yYchHdBxyBvkbWrmmdLsa8AV3NKc5t7UlqgYcaMdXN8UfKtT3dw/fY+dKdQuTNT2
JptJXagaLrmGqnQezMNamzrCfY+PXWZVvNXAWZu5xps0WKiQhaW/2OJtzOFjrHZjAtf22JzhSddL
aNd1ua840QnwKjdwMBZ37I8vyNdFIEKTzJYN4myw7dliPuZkXuZmfuZonuZqvuZcA9rRTF2jjVfK
PTRE1r3zccb8PVAwC08f+NqlPQIQWhs7YJFhXn62Dc2IbrbILc1Hy9tFWJLRywNXe4DEvZGWLpKL
zllzzsohQKMhZjoojv+T/ayT0y2p1g2UZbDo2j1J+tDdk/vdjhDeEocdMc6W9CiV6D3oxwuW+8ze
EJfp8D2WHwV3AU3kVtln2rqWhY6Qw+rfGoy9AT5D2K3ibhe/hloiPQztyY4cts6OEH698rvBF13h
wE6t57bip/bilSm2dCoSmlmPI953QHyKldirPk3gLJy0LH5xLs7hMM4hgX511bSH8ljj63bjZpfj
tMjWPd6+P26QaCzkE+PBRQ5jEKWc4IOgfSjXzsnkAbWDm1GuJzMGsBcGAWPl6YrlPDkXXA5kiB2p
0DAJHsvmNF/zNn/zOJ/zOr/zPA+wdV5n+NlcTM7AHSc4k+1dl1mEl/X/Q5sOYzWqkVMV6KzV6eg0
atAUs0tMobrlIl8bJR80pV3PRlW0oU8F6Va9XwPWRD17y+AAkNncmrDk6MhVk2t/VJ6eC2ef6Knm
mpPuXRpvtozu26G+3CRJ93l/VCEo6zfWB9B2N9RWOuva6kh2JwPl3Z5b3TbRg5qLeylkKNuwDcID
3qjeL4ZPVXB7usEAvPie9vCSUvRtu/m17YZJ7O7mhTyyaF6761iKu7P8lm43aTruz7lQ+lN1+oK6
OCTN+qoZQzZE0NIWQ1JWZErB4ZHnlxocodz+V9WGvRg9/CFW90ZFo+yWiAO300jtC278YBudwPmW
N+RiM/qe7tQ/4dVf/4gIh3FUkZTVb3BWXYgu7VQQsA5ztRJBgKiqCKThHOIILCccrfK8gCEVLzOd
qmUggnxw0cXGonjEVLQTYnJ0eEAzlapEQb1WzcWvdYyKjq1qmOCrjn9hdFq9Zrfdb3h8+BDiOMSa
mUkkY5isGhKAGqYpkhtBDo2roYI6PpkRw6mQGIecAC4vEcgUEKqFK7wTSKfErruiEww0zCpXuVjZ
WdpaNg2A3BWiXB8P3Q5HmF/E39zjEePU3gYhhZrns7JjmADlJjqYZoGG5mpiBu/cCWOfkN4qBYFy
iyDt4wk6E/Z04WJ7Klv9ff5+/3+Aa/4EJFjQ4EGECRXyG7jQ4UOIEf8lTgxzrg5FjBk1buTY0eNH
kCFFjiRZ0uRJlClVrmTZ0uVLmDFlzqRZ0+ZNnDl17uTZ0+dPoEGFDiVa1OhRpEmVLmXa1OlTqFGl
TqVa1epVrFm1buXa1etXsGHFjiVb1uxZtGnVruWKi9oGU28q9YvLxh2jhHWbfOh3N6Ren6yUUBjj
CK9AMvp+HX7FAdZCvYBphbqUuONioTtsUFDXMAyRFQjy2fJcj7FD0P8keyztc7CF1o1O14pdobbC
1bRnjLyt87VtEXQsuR1gLBCLcdJ4VdsrQHgkedYKBHJLLtu66I4maLCsQh6V5YlxzftgLwDf8KQ+
PBc0SAu8cAKmW8v/1ifeMPYo0uPKoEvFfBTGyyQ4GDqoLwkCEYHpNxm2W2IGSnZDAYE+zkiND3Ai
xG6EBUY7gggKVLjwAUneG4QCCehLxZwKDRPRsBGL044BSiqcUAQBsVnxnO1ONGSOFQfkIAR3jrOt
whAcZCDG8VA0siUGuVBQgwfxmkuMQFDZ7AtfEjjji7cU8aWIJhhhQoosN7EkEk0ySPOJIR9c88Yh
dwODTSigUPAQF7TUsoorI9nszj97KynKPBXZYLDSzpmTz2DgxDOVDMyE0DLbtpOPxtEEbe5OUxyd
NBJQP2hThgLp9LRUSU8FxAUn2my0GSMSZXUPvhZUsE0wGJVQjIsS/4lUVjsHwFTQO4HQgQdjpcG1
v2RyPWWTOqEdNlHkrnB1kWur9dSKbkdNYxFeHzF1t9xSQrTaSaqsCBRRHsjDnERxfVRQPlaRRAhu
AW3AEkxGIcEceP3kRN5V6K1WNDtU3QPhgYUUdCCBzTCF3F9tKzjRiukF+NiV3Lpjxmbue8c5925E
J50DwRHnxAs6JW6vlZuA5kkZvEksPVSHmTGbcZZsmeQTdQ7wmAGESWZoXbzhBuY5enHBnQFetrQX
l0/kOQSdpUFLAS8JMvSrscdiReyMzyobLO4Ksmg2sN5ma26667b7brzz1ntvvsUy4G8DTmCAgb85
SMCATi0ofI3Fa/8C3GsHCifcAEYWPzxxWh4n6XI1GndDc80BOjzwCjg/3HDE0zh9jdUJgjugvzkP
Y/XWLaA9dTVeV9wA2UXqfXbK34gd8eEx1+fv0RKgoHY1mAded1kSgN6fv1kP3nnnVZ++epmyT4P7
yA0oaPQwlg+eDe9tPx+g9RcCH43bGUm/ivbZeP+l+ekXv4L7qa9ffQFMbgSjI93t6nc65oWucIdz
QehQALjUERByEHzg387gwN1Vb4EWdED8qnA6AfIPcCJE3gcVOEITcjB8AhjdCTYoDQqOTgCeCx/p
Sve4ADQOgi7IngRJKD4KkrCBlGNgDlHIuP/dEHWoG9z1zqc84BH/z4ZOPMHoCBeAHKJOGq0znQ0V
N8AGapF/YtSfEsNXRSfKL42RA2MH/9fFIQLPfGjkAAet6EU2lo6ObqQCFflIuCWekXxuVOMcRbi7
L7oRjcTLoh7tl0RCRlKFZgzb886oyDFG8oZhNOEI7HjA9jEwk6LMYxklWcA1osCDzMveJz25vwru
cXWuhF8oI+jHPE5Sk4jcpQj3GD5ekjKVvbQeLDt5yjMcToa1rCPpIGi59T0TlK/8pSp1+MxmQhAv
tKQl9lK5TGJesnW6FOcaaVnLJ94SiNi8JADVxz3nnVOFHJRmIN/5uhZWQZbBK+E7V2jJT3aqdr87
ZjkZ00WB4u57/6hs5j7VaM8bmm+bDPWl/hxqUOuZT6J81F/ynNjE/cWTou0MaEGtaTxr2lB6lHTi
/lC3v36685M2hGg+HfBQJmJSlQ00H03d6FOLEnJyF7VmICt5SwEUUqfkhKNQz/lBnkayiz4dZCAt
OEhvGpKkqKTq+o6KUv15DnCT42rgjEjEsVaQd40j4Cu92FY09NOHVZih5+B6Qxr+UIQyJCtZL4i8
x9U1mgp95xSPWNgfDI+f5Lwp4AZIObs6FrFnPWtdA4jBnxpWgyi8a+gEO72+wYSgoSWtG0a7E2mm
VrWrZW1rXfta2MZWtrOlbW1te1vc5la3ry1tb337W+AGV7jDJQhucY173I1EAAA7

------=_NextPart_000_00IE_08L9293IK_04C.986L38B0--


From eap-admin@frascone.com  Mon Apr 18 15:10:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA19252
	for ; Mon, 18 Apr 2005 15:10:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 575A52046C;
	Mon, 18 Apr 2005 15:10:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A90F920466;
	Mon, 18 Apr 2005 15:10:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id D9C492045C
	for ; Mon, 18 Apr 2005 15:09:41 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 0C32420457
	for ; Mon, 18 Apr 2005 15:09:39 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DNbco-0005D1-E2; Mon, 18 Apr 2005 15:09:38 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3IJ9bP23330;
	Mon, 18 Apr 2005 12:09:37 -0700
From: Bernard Aboba 
To: "Adrangi, Farid" 
Cc: eap@frascone.com
Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 18 Apr 2005 12:09:36 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> Looks reasonable to me.  Though I don't quite understand the last
> comment:
>
> "Given that this specification changes AAA proxy behavior, I believe
> that it should include "Updates: 2607" in the header."
>
> Could you please elaborate?

RFC 2607 is the document that specifies RADIUS proxy behavior in roaming
environments.  This document appears compatible with RFC 2607, but it does
specify additional proxy behavior (e.g. sending a Challenge with a hint
instead of Access-Reject).

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 18 15:25:15 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA21193
	for ; Mon, 18 Apr 2005 15:25:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 612BC20470;
	Mon, 18 Apr 2005 15:25:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6592520467;
	Mon, 18 Apr 2005 15:25:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 7AC7920460
	for ; Mon, 18 Apr 2005 15:24:37 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id E48DE20457
	for ; Mon, 18 Apr 2005 15:24:35 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DNbrF-0007RA-Ux
	for eap@frascone.com; Mon, 18 Apr 2005 15:24:34 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3IJOWD24174
	for ; Mon, 18 Apr 2005 12:24:33 -0700
From: Bernard Aboba 
To: eap@frascone.com
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Issue 294: Security Considerations & Requirements
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 18 Apr 2005 12:24:32 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

We have received a liaison request from 802.16e for a review of compliance
with RFC 3748 as well as the EAP Key Management framework.

In order to provide this review,  we need to come up with the
criteria,  much as we did for the RFC 3748 review required for EAP
methods.

Please take a look at these criteria and let me know what you think.

Assuming we think they make some sense, I'd like to propose we incorporate
them into a potential resolution of Issue 294.

--------------------------------------------------------------------------
Lower Layer Review

RFC 3748 Compatibility

Section 2.4: Does the lower layer enable peer to peer operation?
  a. Support for bi-directional session key derivation?
  b. Support for tie breaking?
  c. Support for peer and authenticator roles?

Section 3.1: Lower Layer Requirements
  a. Does the lower layer support error detection?
  b. Does the lower layer provide an EAP MTU of 1020 octets or greater?
  c. Does the lower layer support fragmentation and reassembly?
  d. Does the lower layer provide ordering guarantees?
  e. Does the lower layer provide non-duplication?

Housley Criteria (EAP Key management framework, Section 6.2)

   Algorithm independence
      Requirement: "Wherever cryptographic algorithms are chosen, the
      algorithms must be negotiable, in order to provide resilience
      against compromise of a particular cryptographic algorithm."

Does the lower layer negotiate cryptographic algorithms?

Does the lower layer suggest use of a AAA protocol that negotiates
cryptographic algorithms? (e.g. Diameter or RADIUS/IPsec?)

Does the lower layer require use of EAP methods
that support the "Protected Ciphersuite" claim in RFC 3748,
Section 7.2.1?

   Strong, fresh session keys
      Requirement: "Session keys must be demonstrated to be strong and
      fresh in all circumstances, while at the same time retaining
      algorithm independence."

Does the lower layer suggest use of a AAA protocol that generates
strong, fresh session keys to protect messages? (Diameter or
RADIUS/IPsec)?

Does the lower layer define the mechanisms by which session keys
are derived?

Do the mechanisms guarantee the freshness of transient session keys
in all circumstances?
  1. Does the lower layer determine the key lifetimes of the exported
     EAP keys and transient session keys so as to ensure they do not
     become stale?
  2. If the EAP exported keys are reused, does the lower layer
     guarantee freshness of transient session keys even where
     the peer or authenticator  cannot generate high entropy
     random numbers?

Does the lower layer require use of EAP methods that support
the "Key Derivation", "Key Strength", "Dictionary Attack
Resistance" and "Session Independence" security claims
defined in RFC 3748, Section 7.2.1?

Does the lower layer specify a minimum required key strength for
EAP methods?

   Replay protection
      Requirement: "All protocol exchanges must be replay protected."

Does the lower layer support integrity and replay protection?

Does the lower layer require use of EAP methods that support
the "Replay protection" and "Integrity protection" claims of
RFC 3748, Section 7.2.1?

   Authentication
      Requirements: "All parties need to be authenticated.  The
      confidentiality of the authenticator must be maintained.  No
      plaintext passwords are allowed."

Does the lower layer suggest use of a AAA protocol that
enables mutual authentication between the authenticator and
AAA server even where a proxy is present? (Diameter EAP w/redirect)

Does the lower layer provide for mutual authentication
between the EAP peer and authenticator?

Does the lower layer provide for the confidentiality
of the authenticator?

Does the lower layer prohibit cleartext passwords?

Does the lower layer require use of EAP methods that support
the "Mutual Authentication" security claim of RFC 3748,
Section 7.2.1.

   Authorization
      Requirement: "EAP peer and authenticator authorization must be
      performed."

Does the lower layer address the authorization and correctness issues
detailed in the EAP Key Framework Section 5?

Does the lower layer synchronize authorization state between the
peer and authenticator?

   Session keys
      Requirement: "Confidentiality of session keys must be maintained."

Does the lower layer suggest use of a AAA protocol that maintains
confidentiality of the AAA-Key even where a proxy is present?
(Diameter EAP w/redirect)

Does the lower layer maintain confidentiality of session keys?
   1. Does the lower layer disclose the AAA-Key to parties
      other than the EAP peer, authenticator and AAA server?
   2. Does the lower layer disclose session keys to parties
      other than the EAP peer and authenticator?
   3. Does the lower layer refer to or require EAP Key Management
      extensions? (e.g. things not in the EAP key mgmt framework)
   4.  Does the lower layer refer to or require AAA extensions?

   Ciphersuite negotiation
      Requirement: "The selection of the "best" ciphersuite must be
      securely confirmed."

Does the lower layer securely confirm the selection of the "best"
ciphersuite?

Does the lower layer require use of an EAP method that supports the
"Protected ciphersuite negotiation" security claim of RFC 3748,
Section 7.2.1?

   Unique naming
      Requirement: "Session keys must be uniquely named."

Does the lower layer support key caching?
  If so, does the lower layer enable determination of
  which of multiple AAA-Keys to use for a given session?

Does the lower layer provide for unique naming of keys?

Does the lower layer support use of AAA Key-Naming attributes if
present? (defined in Diameter EAP)

   Domino effect
      Requirement: "Compromise of a single authenticator cannot
      compromise any other part of the system, including session keys
      and long-term secrets."

Does the lower layer enable the peer to securely determine the identity
of the authenticator?

Does the lower layer ensure that exported EAP keys are used to
derive keys used by only one authenticator?

Does compromise of a single authenticator result in compromise of
other authenticators?

Does the lower layer require use of EAP methods that support the
"Session independence" claim of RFC 3748, Section 7.2.1?

   Key binding
      Requirement: "The key must be bound to the appropriate context."

Does the lower layer enable the peer and authenticator
to securely confirm EAP and session key context,  including:
    a. Key lifetimes
    b. NAS and peer identities
    c. Restrictions on key usage, where applicable

Does the lower layer enable the use of EAP methods that support the
"Channel Binding" claim of RFC 3748, Section 7.2.1?
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From godrgosk@channelbuilding.com  Mon Apr 18 17:25:27 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA14254;
	Mon, 18 Apr 2005 17:25:27 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DNdv7-0004HW-Kc; Mon, 18 Apr 2005 17:36:44 -0400
Received: from c-67-172-133-31.hsd1.co.comcast.net ([67.172.133.31])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DNdkB-0008AK-3C; Mon, 18 Apr 2005 17:25:24 -0400
Received:  from mail.lagerkvist.net (67.172.133.31)
	  by e52-p.lagerkvist.net with Microsoft SMTPSVC(7.703.7935.18907);Tue, 19 Apr 2005 00:18:24 +0200
Message-ID: <58766.SDAX@lagerkvist.net>
Reply-To: "devonne hattar" 
From: "devonne hattar" 
To: drafts@ietf.org
Subject: Find out what's best for you! 
Date: Mon, 18 Apr 2005 21:17:24 -0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--222111_785921.ZvL31"
X-Spam-Score: 3.6 (+++)
X-Scan-Signature: 93238566e09e6e262849b4f805833007

----222111_785921.ZvL31
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: text/html

Dear Homeowner,


You have been pre-approved for $380,000 with a low fixed rate.


This offer is being extended to you unconditionally and your credit is in no way a factor.


Just answer only a few questions at our site and we can give you an approval in under 30 
seconds - it’s that simple!


http://www.refi-gazette.com/s5/jwex.php?l4d=63


Regards,


devonne hattar


-------------

r-m-v yourself - http://www.refi-gazette.com/r1/

----222111_785921.ZvL31--


From eap-admin@frascone.com  Mon Apr 18 17:28:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA14491
	for ; Mon, 18 Apr 2005 17:28:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 4DAD620482;
	Mon, 18 Apr 2005 17:28:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B02312047C;
	Mon, 18 Apr 2005 17:28:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 637462047C
	for ; Mon, 18 Apr 2005 17:27:10 -0400 (EDT)
Received: from motgate2.mot.com (motgate2.mot.com [144.189.100.101])
	by mail.frascone.com (Postfix) with ESMTP id 7EFB920479
	for ; Mon, 18 Apr 2005 17:27:03 -0400 (EDT)
Received: from il06exr04.mot.com (il06exr04.mot.com [129.188.137.134])
	by motgate2.mot.com (8.12.11/Motgate2) with ESMTP id j3ILZlGb021871
	for ; Mon, 18 Apr 2005 14:35:47 -0700 (MST)
Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4])
	by il06exr04.mot.com (8.13.1/8.13.0) with ESMTP id j3ILT0G5018295
	for ; Mon, 18 Apr 2005 16:29:00 -0500 (CDT)
Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72)
	id ; Mon, 18 Apr 2005 16:27:01 -0500
Message-ID: 
From: Nakhjiri Madjid-MNAKHJI1 
To: "'Walker, Jesse'" , eap@frascone.com
Cc: Paul Funk , Henry Ptasinski ,
        Steve Emeott ,
        Russ Housley , Nancy Winget ,
        Nakhjiri Madjid-MNAKHJI1 
Subject: RE: [eap] EAP Key Binding Discussion
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C5445D.597E4DE6"
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 18 Apr 2005 16:26:57 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C5445D.597E4DE6
Content-Type: text/plain

Hi Jesse,

 

Very timely email!

 I am running into similar issues with 802.16e. The problem of assertion of the NAS ID by the EAP server has a partly practical resolution through the fact that the AAA key has to be sent in a secure manner to the NAS and not over EAP but over a AAA protocol between the EAP/AAA server and NAS. I am hoping that nobody sends the AAA key to the NAS unencrypted, which means you are either using the RADIUS shared secret (bound to NAS IP address) or Diameter over an IPsec/ TLS with the NAS.

However, I have another problem with sending an unbound AAA key to the NAS and that is "handover". Say you are dealing with multiple Base stations/ AP/ what have you. You would want to do the EAP authentication only once, derive the EAP master key and then not have to do the full EAP-XXX (e.g. EAP-TLS) every time you move. If you push your "golden chip" (AAA key) to the first NAS (AP), then you are out of luck, especially if you did not mean to have each AP know about the session keys the peer shares with other APs. Since practically all it takes is for the previous AP to listen to the nonce exchanges that the peer is doing with the new AP and based the AAA-key that it still has, find the session keys between peer and new AP.

 

I came up with same resolution as you did. You called it bound-AAA key, I called it AAA-BS key (I think I saw this under a handover section in one the EAP key managment drafts). So the point is the AAA-key is not pushed to the NAS. Instead both the peer and EAP/ AAA server calculate a AAA-BS key that is bound to that base station. The EAP server only pushes the AAA-BS key to that BS (NAS). The AAA key to AAA-BS key is straightforward if you know the BS ID, peer ID and other things, as long as you know AAA key, of course, so the peer and AAA server both can do it. The handshakes happen based AAA-BS rather than AAA-key. But now, the BSs cannot derive the session keys for other BSs.

 

BR,

 

Madjid

 

-----Original Message-----
From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On Behalf Of Walker, Jesse
Sent: Saturday, April 16, 2005 6:41 AM
To: eap@frascone.com
Cc: Paul Funk; Henry Ptasinski; EMEOTT STEVE-CSE005; Russ Housley; Nancy Winget
Subject: [eap] EAP Key Binding Discussion

 

On Friday we had a conference call to discuss 802.11r keying that included Tony Braskich, Nancy Cam-Winget, Steve Emmeot, Paul Funk, Russ Housley, Henry Ptasinski, Kapil Sood, and myself. An issue came up on the call regarding the EAP keying draft which should be discussed here. I don't know if everyone from the 802.11r group is on the EAP mailing list, so please reply to all.

 

The core problem has been discussed many times before. Let us begin by setting the context. One of the goals of the EAP keying draft is to deliver a session key that an EAP Peer and a NAS can use to secure a session between them. The EAP keying draft defines a key hierarchy expressly for this purpose. The details of the hierarchy are method specific, but for EAP-TLS it appears thusly:

 

            TMS

             |

        +----+----+

        |         |

       MSK       EMSK

        |

        |

     AAA-Key

 

The TMS is an EAP method specific "session key" constructed between the EAP Peer and the EAP Server. From this the MSK and EMSK are derived, again in an EAP method specific manner. The AAA-Key is derived from the MSK and delivered to the NAS. The AAA-Key is then used as the session key between the EAP Peer and the NAS.

 

The issue has always been how to bind the AAA-Key to this NAS and this EAP Peer for this session. The NAS needs to know that this AAA-Key is for this  pair for this session, and the EAP Peer likewise needs to know the same thing. The only party that is in a position to inform both parties of this binding is the EAP Server. The EAP Peer can trust the EAP Server to make this assertion, because it has authenticated the EAP Server (at least in the case where the EAP method provides mutual authentication), and the NAS can trust the EAP server to make this assertion, because it has some channel with the EAP server presumed to be secure.

 

I think everyone agrees this issue is solved for the NAS, as mechanisms exist to allow the EAP Server to attest to the binding. It could, for instance, deliver the EAP Peer's authenticated identity Peer-ID to the NAS with the AAA-Key along with the EAP Success message; abstractly:

 

      EAP Server --> NAS:  EAP-Success || AAA-Key || Peer-ID

 

The NAS can then check whether it is talking with the right EAP Peer using a 

protocol that would require the EAP Peer to assert its identity:

 

      NAS --> EAP Peer:  Challenge

      EAP Peer --> NAS:  f(AAA-Key, Challenge || Peer-ID)

      etc.

 

The function f used in this protocol would be selected so that it would be 

computationally infeasible for the EAP Peer to produce the right response without knowing the AAA-Key, the Challenge value, and the Peer-ID value. And if exposure of the Peer-ID to the NAS is deemed onerous, then we can certainly replace it in the above with another session specific function of Peer-ID, e.g.,

 

     g(TMS, Peer-ID)

 

for some suitable function g. The EAP keying draft could specify that delivery of (a function of) the Peer-ID with the session key is a requirement, and we would be done with the key binding for the NAS.

 

The issue we have never been able to resolve successfully has been how to provide the same attestation by the EAP Server of the correct NAS to the EAP Peer, i.e., how does the EAP Server assert to the EAP Peer the correct NAS to which the session key AAA-Key is bound? There is no obvious channel within EAP itself for delivering this assertion.

 

The question from our conference call is whether that the assertion could come from the key derivation. In 802.11r, for instance, we could require the NAS to advertise its NAS-ID to the EAP Peer as part of the 802.11 discovery protocol:

 

     NAS --> *:  NAS-ID

 

Then the EAP Peer would know the NAS-ID being asserted by the NAS. The EAP Server also knows the NAS-ID associated with an EAP transaction through the normal instantiations of the EAP transport between the NAS and the EAP Server. The EAP Server could then make the assertion of NAS identity through the AAA-Key derivation:

 

     AAA-Key := kdf(MSK, NAS-ID)

 

where kdf is a suitable key derivation function. The EAP Peer would perform the same key derivation. If the EAP Server delivered the AAA-Key to some other NAS other than the one that advertised NAS-ID, then the EAP Peer could detect this, because its session would fail, as the EAP Server would have used the identifier NAS-ID' for that NAS instead.

 

On first blush it appears that this kind of mechanism would finally close the binding issues with EAP keying.

 

Of course life is never that simple, because the key hierarchy above is already in place, and doesn't include the derivation AAA-Key := kdf(MSK, NAS-ID). Therefore, we would have to do something else, in order to avoid breaking already deployed equipment. A candidate might be the EMSK, which is currently unused. We could define something like

 

     Bound-AAA-Key := kdf(EMSK, "bound EAP session key || SID || NAS-ID)

 

where SID is the EAP session identifier, and deliver the Bound-AAA-Key to the NAS along with the AAA-Key. We could deliver this with a session specific EAP Peer identity

 

     Peer-Session-ID := hash(SID || Peer-ID)

 

And we could fix kdf and hash for all EAP methods, e.g., take hash to be the first 96 bits of SHA-256, and kdf as TLS-PRF. The Bound-AAA-Key id would then be NAS-ID || Peer-Session-ID. We don't, of course, have to use the EMSK for this function, but I have used it for concreteness.

 

This mechanism requires that a NAS find some way to advertise its NAS-ID to EAP peers, and it requires a few new attributes exchanged between the NAS and EAP Server. It leaves the existing key hierarchies intact, but provides a bound key for new applications that desire a bound key. It seems to put to rest the security issues with the existing key hierarchy, by giving the EAP Server some way to attest to the EAP Peer the NAS which should possess the key.

 

What do people thing? Would this be a productive addition to the EAP keying draft?

 

-- Jesse


------_=_NextPart_001_01C5445D.597E4DE6
Content-Type: text/html
Content-Transfer-Encoding: base64

PGh0bWw+DQoNCjxoZWFkPg0KPE1FVEEgSFRUUC1FUVVJVj0iQ29udGVudC1UeXBlIiBDT05URU5U
PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXMtYXNjaWkiPg0KDQoNCjxtZXRhIG5hbWU9R2VuZXJhdG9y
IGNvbnRlbnQ9Ik1pY3Jvc29mdCBXb3JkIDEwIChmaWx0ZXJlZCkiPg0KDQo8c3R5bGU+DQo8IS0t
DQogLyogRm9udCBEZWZpbml0aW9ucyAqLw0KIEBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6VGFo
b21hOw0KCXBhbm9zZS0xOjIgMTEgNiA0IDMgNSA0IDQgMiA0O30NCiAvKiBTdHlsZSBEZWZpbml0
aW9ucyAqLw0KIHAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFy
Z2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglm
b250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5r
DQoJe2NvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQs
IHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7Y29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3Jh
dGlvbjp1bmRlcmxpbmU7fQ0Kc3Bhbi5lbWFpbHN0eWxlMTcNCgl7Zm9udC1mYW1pbHk6QXJpYWw7
DQoJY29sb3I6d2luZG93dGV4dDt9DQpzcGFuLkVtYWlsU3R5bGUxOA0KCXtmb250LWZhbWlseTpB
cmlhbDsNCgljb2xvcjpuYXZ5O30NCkBwYWdlIFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGlu
Ow0KCW1hcmdpbjoxLjBpbiAxLjI1aW4gMS4waW4gMS4yNWluO30NCmRpdi5TZWN0aW9uMQ0KCXtw
YWdlOlNlY3Rpb24xO30NCi0tPg0KPC9zdHlsZT4NCg0KPC9oZWFkPg0KDQo8Ym9keSBsYW5nPUVO
LVVTIGxpbms9Ymx1ZSB2bGluaz1wdXJwbGU+DQoNCjxkaXYgY2xhc3M9U2VjdGlvbjE+DQoNCjxw
IGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFu
IHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+
SGkgSmVzc2UsPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBz
aXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4w
cHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+
DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFs
PjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6
bmF2eSc+VmVyeSB0aW1lbHkgZW1haWwhPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1z
b05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdm
b250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7SSBh
bSBydW5uaW5nIGludG8gc2ltaWxhciBpc3N1ZXMNCndpdGggODAyLjE2ZS4gVGhlIHByb2JsZW0g
b2YgYXNzZXJ0aW9uIG9mIHRoZSBOQVMgSUQgYnkgdGhlIEVBUCBzZXJ2ZXIgaGFzIGENCnBhcnRs
eSBwcmFjdGljYWwgcmVzb2x1dGlvbiB0aHJvdWdoIHRoZSBmYWN0IHRoYXQgdGhlIEFBQSBrZXkg
aGFzIHRvIGJlIHNlbnQgaW4NCmEgc2VjdXJlIG1hbm5lciB0byB0aGUgTkFTIGFuZCBub3Qgb3Zl
ciBFQVAgYnV0IG92ZXIgYSBBQUEgcHJvdG9jb2wgYmV0d2VlbiB0aGUNCkVBUC9BQUEgc2VydmVy
IGFuZCBOQVMuIEkgYW0gaG9waW5nIHRoYXQgbm9ib2R5IHNlbmRzIHRoZSBBQUEga2V5IHRvIHRo
ZSBOQVMNCnVuZW5jcnlwdGVkLCB3aGljaCBtZWFucyB5b3UgYXJlIGVpdGhlciB1c2luZyB0aGUg
UkFESVVTIHNoYXJlZCBzZWNyZXQgKGJvdW5kDQp0byBOQVMgSVAgYWRkcmVzcykgb3IgRGlhbWV0
ZXIgb3ZlciBhbiBJUHNlYy8gVExTIHdpdGggdGhlIE5BUy48L3NwYW4+PC9mb250PjwvcD4NCg0K
PHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBjb2xvcj1uYXZ5IGZhY2U9QXJpYWw+PHNw
YW4gc3R5bGU9J2ZvbnQtc2l6ZToNCjEwLjBwdDtmb250LWZhbWlseTpBcmlhbDtjb2xvcjpuYXZ5
Jz5Ib3dldmVyLCBJIGhhdmUgYW5vdGhlciBwcm9ibGVtIHdpdGgNCnNlbmRpbmcgYW4gdW5ib3Vu
ZCBBQUEga2V5IHRvIHRoZSBOQVMgYW5kIHRoYXQgaXMgImhhbmRvdmVyIi4gU2F5DQp5b3UgYXJl
IGRlYWxpbmcgd2l0aCBtdWx0aXBsZSBCYXNlIHN0YXRpb25zLyBBUC8gd2hhdCBoYXZlIHlvdS4g
WW91IHdvdWxkIHdhbnQNCnRvIGRvIHRoZSBFQVAgYXV0aGVudGljYXRpb24gb25seSBvbmNlLCBk
ZXJpdmUgdGhlIEVBUCBtYXN0ZXIga2V5IGFuZCB0aGVuIG5vdA0KaGF2ZSB0byBkbyB0aGUgZnVs
bCBFQVAtWFhYIChlLmcuIEVBUC1UTFMpIGV2ZXJ5IHRpbWUgeW91IG1vdmUuIElmIHlvdSBwdXNo
DQp5b3VyICJnb2xkZW4gY2hpcCIgKEFBQSBrZXkpIHRvIHRoZSBmaXJzdCBOQVMgKEFQKSwgdGhl
biB5b3UgYXJlDQpvdXQgb2YgbHVjaywgZXNwZWNpYWxseSBpZiB5b3UgZGlkIG5vdCBtZWFuIHRv
IGhhdmUgZWFjaCBBUCBrbm93IGFib3V0IHRoZQ0Kc2Vzc2lvbiBrZXlzIHRoZSBwZWVyIHNoYXJl
cyB3aXRoIG90aGVyIEFQcy4gU2luY2UgcHJhY3RpY2FsbHkgYWxsIGl0IHRha2VzIGlzDQpmb3Ig
dGhlIHByZXZpb3VzIEFQIHRvIGxpc3RlbiB0byB0aGUgbm9uY2UgZXhjaGFuZ2VzIHRoYXQgdGhl
IHBlZXIgaXMgZG9pbmcNCndpdGggdGhlIG5ldyBBUCBhbmQgYmFzZWQgdGhlIEFBQS1rZXkgdGhh
dCBpdCBzdGlsbCBoYXMsIGZpbmQgdGhlIHNlc3Npb24ga2V5cw0KYmV0d2VlbiBwZWVyIGFuZCBu
ZXcgQVAuPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXpl
PTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxzcGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7
Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2eSc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoN
CjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgY29sb3I9bmF2eSBmYWNlPUFyaWFsPjxz
cGFuIHN0eWxlPSdmb250LXNpemU6DQoxMC4wcHQ7Zm9udC1mYW1pbHk6QXJpYWw7Y29sb3I6bmF2
eSc+SSBjYW1lIHVwIHdpdGggc2FtZSByZXNvbHV0aW9uIGFzIHlvdSBkaWQuDQpZb3UgY2FsbGVk
IGl0IGJvdW5kLUFBQSBrZXksIEkgY2FsbGVkIGl0IEFBQS1CUyBrZXkgKEkgdGhpbmsgSSBzYXcg
dGhpcyB1bmRlciBhDQpoYW5kb3ZlciBzZWN0aW9uIGluIG9uZSB0aGUgRUFQIGtleSBtYW5hZ21l
bnQgZHJhZnRzKS4gU28gdGhlIHBvaW50IGlzIHRoZQ0KQUFBLWtleSBpcyBub3QgcHVzaGVkIHRv
IHRoZSBOQVMuIEluc3RlYWQgYm90aCB0aGUgcGVlciBhbmQgRUFQLyBBQUEgc2VydmVyDQpjYWxj
dWxhdGUgYSBBQUEtQlMga2V5IHRoYXQgaXMgYm91bmQgdG8gdGhhdCBiYXNlIHN0YXRpb24uIFRo
ZSBFQVAgc2VydmVyIG9ubHkNCnB1c2hlcyB0aGUgQUFBLUJTIGtleSB0byB0aGF0IEJTIChOQVMp
LiBUaGUgQUFBIGtleSB0byBBQUEtQlMga2V5IGlzDQpzdHJhaWdodGZvcndhcmQgaWYgeW91IGtu
b3cgdGhlIEJTIElELCBwZWVyIElEIGFuZCBvdGhlciB0aGluZ3MsIGFzIGxvbmcgYXMgeW91DQpr
bm93IEFBQSBrZXksIG9mIGNvdXJzZSwgc28gdGhlIHBlZXIgYW5kIEFBQSBzZXJ2ZXIgYm90aCBj
YW4gZG8gaXQuIFRoZQ0KaGFuZHNoYWtlcyBoYXBwZW4gYmFzZWQgQUFBLUJTIHJhdGhlciB0aGFu
IEFBQS1rZXkuIEJ1dCBub3csIHRoZSBCU3MgY2Fubm90DQpkZXJpdmUgdGhlIHNlc3Npb24ga2V5
cyBmb3Igb3RoZXIgQlNzLjwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+
PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXpl
Og0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48L2Zv
bnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFj
ZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFs
O2NvbG9yOm5hdnknPkJSLDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+
PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXpl
Og0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48L2Zv
bnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFj
ZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1zaXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFs
O2NvbG9yOm5hdnknPk1hZGppZDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3Jt
YWw+PGZvbnQgc2l6ZT0yIGNvbG9yPW5hdnkgZmFjZT1BcmlhbD48c3BhbiBzdHlsZT0nZm9udC1z
aXplOg0KMTAuMHB0O2ZvbnQtZmFtaWx5OkFyaWFsO2NvbG9yOm5hdnknPiZuYnNwOzwvc3Bhbj48
L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9VGFob21h
PjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6VGFob21hJz4tLS0t
LU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxicj4NCjxiPjxzcGFuIHN0eWxlPSdmb250LXdlaWdodDpi
b2xkJz5Gcm9tOjwvc3Bhbj48L2I+IGVhcC1hZG1pbkBmcmFzY29uZS5jb20NClttYWlsdG86ZWFw
LWFkbWluQGZyYXNjb25lLmNvbV0gPGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2VpZ2h0OmJvbGQnPk9u
IEJlaGFsZiBPZiA8L3NwYW4+PC9iPldhbGtlciwNCkplc3NlPGJyPg0KPGI+PHNwYW4gc3R5bGU9
J2ZvbnQtd2VpZ2h0OmJvbGQnPlNlbnQ6PC9zcGFuPjwvYj4gU2F0dXJkYXksIEFwcmlsIDE2LCAy
MDA1IDY6NDENCkFNPGJyPg0KPGI+PHNwYW4gc3R5bGU9J2ZvbnQtd2VpZ2h0OmJvbGQnPlRvOjwv
c3Bhbj48L2I+IGVhcEBmcmFzY29uZS5jb208YnI+DQo8Yj48c3BhbiBzdHlsZT0nZm9udC13ZWln
aHQ6Ym9sZCc+Q2M6PC9zcGFuPjwvYj4gUGF1bCBGdW5rOyBIZW5yeSBQdGFzaW5za2k7DQpFTUVP
VFQgU1RFVkUtQ1NFMDA1OyBSdXNzIEhvdXNsZXk7IE5hbmN5IFdpbmdldDxicj4NCjxiPjxzcGFu
IHN0eWxlPSdmb250LXdlaWdodDpib2xkJz5TdWJqZWN0Ojwvc3Bhbj48L2I+IFtlYXBdIEVBUCBL
ZXkgQmluZGluZw0KRGlzY3Vzc2lvbjwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29O
b3JtYWw+PGZvbnQgc2l6ZT0zIGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+PHNwYW4gc3R5bGU9J2Zv
bnQtc2l6ZToNCjEyLjBwdCc+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1z
b05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250
LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+T24gRnJpZGF5IHdlIGhh
ZCBhIGNvbmZlcmVuY2UgY2FsbCB0byBkaXNjdXNzDQo4MDIuMTFyIGtleWluZyB0aGF0IGluY2x1
ZGVkIFRvbnkgQnJhc2tpY2gsIE5hbmN5IENhbS1XaW5nZXQsIFN0ZXZlIEVtbWVvdCwNClBhdWwg
RnVuaywgUnVzcyBIb3VzbGV5LCBIZW5yeSBQdGFzaW5za2ksIEthcGlsIFNvb2QsIGFuZCBteXNl
bGYuIEFuIGlzc3VlIGNhbWUNCnVwIG9uIHRoZSBjYWxsIHJlZ2FyZGluZyB0aGUgRUFQIGtleWlu
ZyBkcmFmdCB3aGljaCBzaG91bGQgYmUgZGlzY3Vzc2VkIGhlcmUuIEkNCmRvbid0IGtub3cgaWYg
ZXZlcnlvbmUgZnJvbSB0aGUgODAyLjExciBncm91cCBpcyBvbiB0aGUgRUFQIG1haWxpbmcgbGlz
dCwgc28NCnBsZWFzZSByZXBseSB0byBhbGwuPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNz
PU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdm
b250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Jm5ic3A7PC9zcGFu
PjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291
cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNv
dXJpZXIgTmV3Iic+VGhlIGNvcmUgcHJvYmxlbSBoYXMgYmVlbiBkaXNjdXNzZWQgbWFueSB0aW1l
cw0KYmVmb3JlLiBMZXQgdXMgYmVnaW4gYnkgc2V0dGluZyB0aGUgY29udGV4dC4gT25lIG9mIHRo
ZSBnb2FscyBvZiB0aGUgRUFQIGtleWluZw0KZHJhZnQgaXMgdG8gZGVsaXZlciBhIHNlc3Npb24g
a2V5IHRoYXQgYW4gRUFQIFBlZXIgYW5kIGEgTkFTIGNhbiB1c2UgdG8gc2VjdXJlDQphIHNlc3Np
b24gYmV0d2VlbiB0aGVtLiBUaGUgRUFQIGtleWluZyBkcmFmdCBkZWZpbmVzIGEga2V5IGhpZXJh
cmNoeSBleHByZXNzbHkNCmZvciB0aGlzIHB1cnBvc2UuIFRoZSBkZXRhaWxzIG9mIHRoZSBoaWVy
YXJjaHkgYXJlIG1ldGhvZCBzcGVjaWZpYywgYnV0IGZvcg0KRUFQLVRMUyBpdCBhcHBlYXJzIHRo
dXNseTo8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9
MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250
LWZhbWlseToiQ291cmllciBOZXciJz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xh
c3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9
J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz4mbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsN
ClRNUzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0y
IGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQt
ZmFtaWx5OiJDb3VyaWVyIE5ldyInPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KfDwvc3Bhbj48L2ZvbnQ+PC9w
Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48
c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyIn
PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KKy0tLS0rLS0tLSs8
L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNl
PSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWls
eToiQ291cmllciBOZXciJz4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsNCnwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfDwv
c3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9
IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5
OiJDb3VyaWVyIE5ldyInPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KTVNL
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IEVNU0s8L3NwYW4+PC9mb250Pjwv
cD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+
PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXci
Jz4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfDwvc3Bhbj48L2Zv
bnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIg
TmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVy
IE5ldyInPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8PC9zcGFu
PjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291
cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNv
dXJpZXIgTmV3Iic+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IEFBQS1LZXk8L3NwYW4+PC9mb250
PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5l
dyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBO
ZXciJz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250
IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7
DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz5UaGUgVE1TIGlzIGFuIEVBUCBtZXRob2Qgc3Bl
Y2lmaWMgJnF1b3Q7c2Vzc2lvbg0Ka2V5JnF1b3Q7IGNvbnN0cnVjdGVkIGJldHdlZW4gdGhlIEVB
UCBQZWVyIGFuZCB0aGUgRUFQIFNlcnZlci4gRnJvbSB0aGlzIHRoZQ0KTVNLIGFuZCBFTVNLIGFy
ZSBkZXJpdmVkLCBhZ2FpbiBpbiBhbiBFQVAgbWV0aG9kIHNwZWNpZmljIG1hbm5lci4gVGhlIEFB
QS1LZXkNCmlzIGRlcml2ZWQgZnJvbSB0aGUgTVNLIGFuZCBkZWxpdmVyZWQgdG8gdGhlIE5BUy4g
VGhlIEFBQS1LZXkgaXMgdGhlbiB1c2VkIGFzDQp0aGUgc2Vzc2lvbiBrZXkgYmV0d2VlbiB0aGUg
RUFQIFBlZXIgYW5kIHRoZSBOQVMuPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05v
cm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNp
emU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Jm5ic3A7PC9zcGFuPjwvZm9u
dD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBO
ZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIg
TmV3Iic+VGhlIGlzc3VlIGhhcyBhbHdheXMgYmVlbiBob3cgdG8gYmluZCB0aGUgQUFBLUtleSB0
bw0KdGhpcyBOQVMgYW5kIHRoaXMgRUFQIFBlZXIgZm9yIHRoaXMgc2Vzc2lvbi4gVGhlIE5BUyBu
ZWVkcyB0byBrbm93IHRoYXQgdGhpcw0KQUFBLUtleSBpcyBmb3IgdGhpcyAmbHQ7TkFTLCBFQVAg
UGVlciZndDsgcGFpciBmb3IgdGhpcyBzZXNzaW9uLCBhbmQgdGhlIEVBUA0KUGVlciBsaWtld2lz
ZSBuZWVkcyB0byBrbm93IHRoZSBzYW1lIHRoaW5nLiBUaGUgb25seSBwYXJ0eSB0aGF0IGlzIGlu
IGENCnBvc2l0aW9uIHRvIGluZm9ybSBib3RoIHBhcnRpZXMgb2YgdGhpcyBiaW5kaW5nIGlzIHRo
ZSBFQVAgU2VydmVyLiBUaGUgRUFQIFBlZXINCmNhbiB0cnVzdCB0aGUgRUFQIFNlcnZlciB0byBt
YWtlIHRoaXMgYXNzZXJ0aW9uLCBiZWNhdXNlIGl0IGhhcyBhdXRoZW50aWNhdGVkDQp0aGUgRUFQ
IFNlcnZlciAoYXQgbGVhc3QgaW4gdGhlIGNhc2Ugd2hlcmUgdGhlIEVBUCBtZXRob2QgcHJvdmlk
ZXMgbXV0dWFsDQphdXRoZW50aWNhdGlvbiksIGFuZCB0aGUgTkFTIGNhbiB0cnVzdCB0aGUgRUFQ
IHNlcnZlciB0byBtYWtlIHRoaXMgYXNzZXJ0aW9uLA0KYmVjYXVzZSBpdCBoYXMgc29tZSBjaGFu
bmVsIHdpdGggdGhlIEVBUCBzZXJ2ZXIgcHJlc3VtZWQgdG8gYmUgc2VjdXJlLjwvc3Bhbj48L2Zv
bnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIg
TmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVy
IE5ldyInPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZv
bnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBw
dDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPkkgdGhpbmsgZXZlcnlvbmUgYWdyZWVzIHRo
aXMgaXNzdWUgaXMgc29sdmVkIGZvciB0aGUNCk5BUywgYXMgbWVjaGFuaXNtcyBleGlzdCB0byBh
bGxvdyB0aGUgRUFQIFNlcnZlciB0byBhdHRlc3QgdG8gdGhlIGJpbmRpbmcuIEl0DQpjb3VsZCwg
Zm9yIGluc3RhbmNlLCBkZWxpdmVyIHRoZSBFQVAgUGVlcidzIGF1dGhlbnRpY2F0ZWQgaWRlbnRp
dHkgUGVlci1JRCB0bw0KdGhlIE5BUyB3aXRoIHRoZSBBQUEtS2V5IGFsb25nIHdpdGggdGhlIEVB
UCBTdWNjZXNzIG1lc3NhZ2U7IGFic3RyYWN0bHk6PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNs
YXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxl
PSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Jm5ic3A7PC9z
cGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0i
Q291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6
IkNvdXJpZXIgTmV3Iic+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IEVBUCBTZXJ2ZXIg
LS0mZ3Q7DQpOQVM6Jm5ic3A7IEVBUC1TdWNjZXNzIHx8IEFBQS1LZXkgfHwgUGVlci1JRDwvc3Bh
bj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNv
dXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJD
b3VyaWVyIE5ldyInPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3Jt
YWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXpl
OjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPlRoZSBOQVMgY2FuIHRoZW4gY2hl
Y2sgd2hldGhlciBpdCBpcyB0YWxraW5nIHdpdGgNCnRoZSByaWdodCBFQVAgUGVlciB1c2luZyBh
IDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZh
Y2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFt
aWx5OiJDb3VyaWVyIE5ldyInPnByb3RvY29sIHRoYXQgd291bGQgcmVxdWlyZSB0aGUgRUFQIFBl
ZXIgdG8gYXNzZXJ0DQppdHMgaWRlbnRpdHk6PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNz
PU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdm
b250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Jm5ic3A7PC9zcGFu
PjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291
cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNv
dXJpZXIgTmV3Iic+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IE5BUyAtLSZndDsgRUFQ
IFBlZXI6Jm5ic3A7DQpDaGFsbGVuZ2U8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNv
Tm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQt
c2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz4mbmJzcDsmbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsgRUFQIFBlZXIgLS0mZ3Q7DQpOQVM6Jm5ic3A7IGYoQUFBLUtleSwgQ2hh
bGxlbmdlIHx8IFBlZXItSUQpPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1h
bD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6
MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7IGV0Yy48L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxm
b250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4w
cHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4N
Cg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNw
YW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz5U
aGUgZnVuY3Rpb24gZiB1c2VkIGluIHRoaXMgcHJvdG9jb2wgd291bGQgYmUNCnNlbGVjdGVkIHNv
IHRoYXQgaXQgd291bGQgYmUgPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1h
bD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6
MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Y29tcHV0YXRpb25hbGx5IGluZmVh
c2libGUgZm9yIHRoZSBFQVAgUGVlciB0bw0KcHJvZHVjZSB0aGUgcmlnaHQgcmVzcG9uc2Ugd2l0
aG91dCBrbm93aW5nIHRoZSBBQUEtS2V5LCB0aGUgQ2hhbGxlbmdlIHZhbHVlLA0KYW5kIHRoZSBQ
ZWVyLUlEIHZhbHVlLiBBbmQgaWYgZXhwb3N1cmUgb2YgdGhlIFBlZXItSUQgdG8gdGhlIE5BUyBp
cyBkZWVtZWQNCm9uZXJvdXMsIHRoZW4gd2UgY2FuIGNlcnRhaW5seSByZXBsYWNlIGl0IGluIHRo
ZSBhYm92ZSB3aXRoIGFub3RoZXIgc2Vzc2lvbg0Kc3BlY2lmaWMgZnVuY3Rpb24gb2YgUGVlci1J
RCwgZS5nLiw8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNp
emU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpm
b250LWZhbWlseToiQ291cmllciBOZXciJz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAg
Y2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5
bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz4mbmJzcDsm
bmJzcDsmbmJzcDsmbmJzcDsgZyhUTVMsIFBlZXItSUQpPC9zcGFuPjwvZm9udD48L3A+DQoNCjxw
IGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0
eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Jm5ic3A7
PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFj
ZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1p
bHk6IkNvdXJpZXIgTmV3Iic+Zm9yIHNvbWUgc3VpdGFibGUgZnVuY3Rpb24gZy4gVGhlIEVBUCBr
ZXlpbmcgZHJhZnQNCmNvdWxkIHNwZWNpZnkgdGhhdCBkZWxpdmVyeSBvZiAoYSBmdW5jdGlvbiBv
ZikgdGhlIFBlZXItSUQgd2l0aCB0aGUgc2Vzc2lvbiBrZXkNCmlzIGEgcmVxdWlyZW1lbnQsIGFu
ZCB3ZSB3b3VsZCBiZSBkb25lIHdpdGggdGhlIGtleSBiaW5kaW5nIGZvciB0aGUgTkFTLjwvc3Bh
bj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNv
dXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJD
b3VyaWVyIE5ldyInPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3Jt
YWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXpl
OjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPlRoZSBpc3N1ZSB3ZSBoYXZlIG5l
dmVyIGJlZW4gYWJsZSB0byByZXNvbHZlDQpzdWNjZXNzZnVsbHkgaGFzIGJlZW4gaG93IHRvIHBy
b3ZpZGUgdGhlIHNhbWUgYXR0ZXN0YXRpb24gYnkgdGhlIEVBUCBTZXJ2ZXIgb2YNCnRoZSBjb3Jy
ZWN0IE5BUyB0byB0aGUgRUFQIFBlZXIsIGkuZS4sIGhvdyBkb2VzIHRoZSBFQVAgU2VydmVyIGFz
c2VydCB0byB0aGUNCkVBUCBQZWVyIHRoZSBjb3JyZWN0IE5BUyB0byB3aGljaCB0aGUgc2Vzc2lv
biBrZXkgQUFBLUtleSBpcyBib3VuZD8gVGhlcmUgaXMgbm8NCm9idmlvdXMgY2hhbm5lbCB3aXRo
aW4gRUFQIGl0c2VsZiBmb3IgZGVsaXZlcmluZyB0aGlzIGFzc2VydGlvbi48L3NwYW4+PC9mb250
PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5l
dyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBO
ZXciJz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250
IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7
DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz5UaGUgcXVlc3Rpb24gZnJvbSBvdXIgY29uZmVy
ZW5jZSBjYWxsIGlzIHdoZXRoZXINCnRoYXQgdGhlIGFzc2VydGlvbiBjb3VsZCBjb21lIGZyb20g
dGhlIGtleSBkZXJpdmF0aW9uLiBJbiA4MDIuMTFyLCBmb3INCmluc3RhbmNlLCB3ZSBjb3VsZCBy
ZXF1aXJlIHRoZSBOQVMgdG8gYWR2ZXJ0aXNlIGl0cyBOQVMtSUQgdG8gdGhlIEVBUCBQZWVyIGFz
DQpwYXJ0IG9mIHRoZSA4MDIuMTEgZGlzY292ZXJ5IHByb3RvY29sOjwvc3Bhbj48L2ZvbnQ+PC9w
Pg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48
c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyIn
PiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6
ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZv
bnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBOQVMgLS0m
Z3Q7ICo6Jm5ic3A7IE5BUy1JRDwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3Jt
YWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXpl
OjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+
PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3
Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5l
dyInPlRoZW4gdGhlIEVBUCBQZWVyIHdvdWxkIGtub3cgdGhlIE5BUy1JRCBiZWluZw0KYXNzZXJ0
ZWQgYnkgdGhlIE5BUy4gVGhlIEVBUCBTZXJ2ZXIgYWxzbyBrbm93cyB0aGUgTkFTLUlEIGFzc29j
aWF0ZWQgd2l0aCBhbg0KRUFQIHRyYW5zYWN0aW9uIHRocm91Z2ggdGhlIG5vcm1hbCBpbnN0YW50
aWF0aW9ucyBvZiB0aGUgRUFQIHRyYW5zcG9ydCBiZXR3ZWVuDQp0aGUgTkFTIGFuZCB0aGUgRUFQ
IFNlcnZlci4gVGhlIEVBUCBTZXJ2ZXIgY291bGQgdGhlbiBtYWtlIHRoZSBhc3NlcnRpb24gb2Yg
TkFTDQppZGVudGl0eSB0aHJvdWdoIHRoZSBBQUEtS2V5IGRlcml2YXRpb246PC9zcGFuPjwvZm9u
dD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBO
ZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIg
TmV3Iic+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9u
dCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0
Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IEFB
QS1LZXkgOj0ga2RmKE1TSywgTkFTLUlEKTwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1N
c29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9u
dC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPiZuYnNwOzwvc3Bhbj48
L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJp
ZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3Vy
aWVyIE5ldyInPndoZXJlIGtkZiBpcyBhIHN1aXRhYmxlIGtleSBkZXJpdmF0aW9uIGZ1bmN0aW9u
LiBUaGUNCkVBUCBQZWVyIHdvdWxkIHBlcmZvcm0gdGhlIHNhbWUga2V5IGRlcml2YXRpb24uIElm
IHRoZSBFQVAgU2VydmVyIGRlbGl2ZXJlZCB0aGUNCkFBQS1LZXkgdG8gc29tZSBvdGhlciBOQVMg
b3RoZXIgdGhhbiB0aGUgb25lIHRoYXQgYWR2ZXJ0aXNlZCBOQVMtSUQsIHRoZW4gdGhlDQpFQVAg
UGVlciBjb3VsZCBkZXRlY3QgdGhpcywgYmVjYXVzZSBpdHMgc2Vzc2lvbiB3b3VsZCBmYWlsLCBh
cyB0aGUgRUFQIFNlcnZlcg0Kd291bGQgaGF2ZSB1c2VkIHRoZSBpZGVudGlmaWVyIE5BUy1JRCcg
Zm9yIHRoYXQgTkFTIGluc3RlYWQuPC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05v
cm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNp
emU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+Jm5ic3A7PC9zcGFuPjwvZm9u
dD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBO
ZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIg
TmV3Iic+T24gZmlyc3QgYmx1c2ggaXQgYXBwZWFycyB0aGF0IHRoaXMga2luZCBvZg0KbWVjaGFu
aXNtIHdvdWxkIGZpbmFsbHkgY2xvc2UgdGhlIGJpbmRpbmcgaXNzdWVzIHdpdGggRUFQIGtleWlu
Zy48L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBm
YWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZh
bWlseToiQ291cmllciBOZXciJz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9
TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2Zv
bnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz5PZiBjb3Vyc2UgbGlm
ZSBpcyBuZXZlciB0aGF0IHNpbXBsZSwgYmVjYXVzZSB0aGUga2V5DQpoaWVyYXJjaHkgYWJvdmUg
aXMgYWxyZWFkeSBpbiBwbGFjZSwgYW5kIGRvZXNuJ3QgaW5jbHVkZSB0aGUgZGVyaXZhdGlvbiBB
QUEtS2V5DQo6PSBrZGYoTVNLLCBOQVMtSUQpLiBUaGVyZWZvcmUsIHdlIHdvdWxkIGhhdmUgdG8g
ZG8gc29tZXRoaW5nIGVsc2UsIGluIG9yZGVyIHRvDQphdm9pZCBicmVha2luZyBhbHJlYWR5IGRl
cGxveWVkIGVxdWlwbWVudC4gQSBjYW5kaWRhdGUgbWlnaHQgYmUgdGhlIEVNU0ssIHdoaWNoDQpp
cyBjdXJyZW50bHkgdW51c2VkLiBXZSBjb3VsZCBkZWZpbmUgc29tZXRoaW5nIGxpa2U8L3NwYW4+
PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3Vy
aWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291
cmllciBOZXciJz4mbmJzcDs8L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFs
Pjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZTox
MC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsgQm91bmQtQUFBLUtleSA6PSBrZGYoRU1TSywNCiZxdW90O2JvdW5kIEVBUCBzZXNzaW9uIGtl
eSB8fCBTSUQgfHwgTkFTLUlEKTwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3Jt
YWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXpl
OjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+
PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3
Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5l
dyInPndoZXJlIFNJRCBpcyB0aGUgRUFQIHNlc3Npb24gaWRlbnRpZmllciwgYW5kIGRlbGl2ZXIN
CnRoZSBCb3VuZC1BQUEtS2V5IHRvIHRoZSBOQVMgYWxvbmcgd2l0aCB0aGUgQUFBLUtleS4gV2Ug
Y291bGQgZGVsaXZlciB0aGlzIHdpdGgNCmEgc2Vzc2lvbiBzcGVjaWZpYyBFQVAgUGVlciBpZGVu
dGl0eTwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0y
IGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQt
ZmFtaWx5OiJDb3VyaWVyIE5ldyInPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFz
cz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0n
Zm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPiZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyBQZWVyLVNlc3Npb24tSUQgOj0gaGFzaChTSUQNCnx8IFBlZXItSUQpPC9z
cGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0i
Q291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6
IkNvdXJpZXIgTmV3Iic+Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05v
cm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNp
emU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+QW5kIHdlIGNvdWxkIGZpeCBr
ZGYgYW5kIGhhc2ggZm9yIGFsbCBFQVAgbWV0aG9kcywNCmUuZy4sIHRha2UgaGFzaCB0byBiZSB0
aGUgZmlyc3QgOTYgYml0cyBvZiBTSEEtMjU2LCBhbmQga2RmIGFzIFRMUy1QUkYuIFRoZQ0KQm91
bmQtQUFBLUtleSBpZCB3b3VsZCB0aGVuIGJlIE5BUy1JRCB8fCBQZWVyLVNlc3Npb24tSUQuIFdl
IGRvbid0LCBvZiBjb3Vyc2UsDQpoYXZlIHRvIHVzZSB0aGUgRU1TSyBmb3IgdGhpcyBmdW5jdGlv
biwgYnV0IEkgaGF2ZSB1c2VkIGl0IGZvciBjb25jcmV0ZW5lc3MuPC9zcGFuPjwvZm9udD48L3A+
DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXplPTIgZmFjZT0iQ291cmllciBOZXciPjxz
cGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+
Jm5ic3A7PC9zcGFuPjwvZm9udD48L3A+DQoNCjxwIGNsYXNzPU1zb05vcm1hbD48Zm9udCBzaXpl
PTIgZmFjZT0iQ291cmllciBOZXciPjxzcGFuIHN0eWxlPSdmb250LXNpemU6MTAuMHB0Ow0KZm9u
dC1mYW1pbHk6IkNvdXJpZXIgTmV3Iic+VGhpcyBtZWNoYW5pc20gcmVxdWlyZXMgdGhhdCBhIE5B
UyBmaW5kIHNvbWUgd2F5IHRvDQphZHZlcnRpc2UgaXRzIE5BUy1JRCB0byBFQVAgcGVlcnMsIGFu
ZCBpdCByZXF1aXJlcyBhIGZldyBuZXcgYXR0cmlidXRlcw0KZXhjaGFuZ2VkIGJldHdlZW4gdGhl
IE5BUyBhbmQgRUFQIFNlcnZlci4gSXQgbGVhdmVzIHRoZSBleGlzdGluZyBrZXkgaGllcmFyY2hp
ZXMNCmludGFjdCwgYnV0IHByb3ZpZGVzIGEgYm91bmQga2V5IGZvciBuZXcgYXBwbGljYXRpb25z
IHRoYXQgZGVzaXJlIGEgYm91bmQga2V5Lg0KSXQgc2VlbXMgdG8gcHV0IHRvIHJlc3QgdGhlIHNl
Y3VyaXR5IGlzc3VlcyB3aXRoIHRoZSBleGlzdGluZyBrZXkgaGllcmFyY2h5LCBieQ0KZ2l2aW5n
IHRoZSBFQVAgU2VydmVyIHNvbWUgd2F5IHRvIGF0dGVzdCB0byB0aGUgRUFQIFBlZXIgdGhlIE5B
UyB3aGljaCBzaG91bGQNCnBvc3Nlc3MgdGhlIGtleS48L3NwYW4+PC9mb250PjwvcD4NCg0KPHAg
Y2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNlPSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5
bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWlseToiQ291cmllciBOZXciJz4mbmJzcDs8
L3NwYW4+PC9mb250PjwvcD4NCg0KPHAgY2xhc3M9TXNvTm9ybWFsPjxmb250IHNpemU9MiBmYWNl
PSJDb3VyaWVyIE5ldyI+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZToxMC4wcHQ7DQpmb250LWZhbWls
eToiQ291cmllciBOZXciJz5XaGF0IGRvIHBlb3BsZSB0aGluZz8gV291bGQgdGhpcyBiZSBhIHBy
b2R1Y3RpdmUNCmFkZGl0aW9uIHRvIHRoZSBFQVAga2V5aW5nIGRyYWZ0Pzwvc3Bhbj48L2ZvbnQ+
PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQgc2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3
Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsNCmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5l
dyInPiZuYnNwOzwvc3Bhbj48L2ZvbnQ+PC9wPg0KDQo8cCBjbGFzcz1Nc29Ob3JtYWw+PGZvbnQg
c2l6ZT0yIGZhY2U9IkNvdXJpZXIgTmV3Ij48c3BhbiBzdHlsZT0nZm9udC1zaXplOjEwLjBwdDsN
CmZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyInPi0tIEplc3NlPC9zcGFuPjwvZm9udD48L3A+DQoN
CjwvZGl2Pg0KDQo8L2JvZHk+DQoNCjwvaHRtbD4NCg==

------_=_NextPart_001_01C5445D.597E4DE6--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 18 17:56:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA16107
	for ; Mon, 18 Apr 2005 17:56:07 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 581A020486;
	Mon, 18 Apr 2005 17:56:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 0D0CE2047E;
	Mon, 18 Apr 2005 17:56:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id CC4FF2047E
	for ; Mon, 18 Apr 2005 17:55:56 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 10EC72047C
	for ; Mon, 18 Apr 2005 17:55:54 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DNeDh-000OYv-Lm
	for eap@frascone.com; Mon, 18 Apr 2005 17:55:53 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3ILtqE01085
	for ; Mon, 18 Apr 2005 14:55:52 -0700
From: Bernard Aboba 
To: eap@frascone.com
In-Reply-To: <20050418212801.4164.43163.Mailman@xavier>
Message-ID: 
References: <20050418212801.4164.43163.Mailman@xavier>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Re: EAP key binding discussion
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 18 Apr 2005 14:55:52 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

>  I am running into similar issues with 802.16e. The problem of assertion of the NAS ID by the EAP server has a partly
> practical resolution through the fact that the AAA key has to be sent in
> a secure manner to the NAS and not over EAP but over a AAA protocol
> between the EAP/AAA server and NAS. I am hoping that nobody sends the
> AAA key to the NAS unencrypted, which means you are either using the
> RADIUS shared secret (bound to NAS IP address) or Diameter over an
> IPsec/ TLS with the NAS.

The RADIUS shared secret is not bound to the NAS IP address.  It is bound
to the RADIUS client IP address.  That means that there is no
cryptographic binding between the key and the NAS-ID in the case where a
proxy is present.

The problem is fixed in Diameter w/redirect since the NAS and AAA server
can communicate directly.

> However, I have another problem with sending an unbound AAA key to the NAS
> and that is "handover". Say you are dealing with multiple Base stations/
> AP/ what have you. You would want to do the EAP authentication only
> once,  derive the EAP master key and then not have to do the full
> EAP-XXX (e.g. EAP-TLS) every time you move. If you push your "golden
> chip" (AAA key) to the first NAS (AP), then you are out of luck,

Remember that a NAS may have multiple "ports" so that a NAS and an AP are
not the same thing.  The AAA-Key is provided to the NAS, and the EAP peer
authenticates with the NAS, not with a particular AP (port of the NAS).
As a result, assuming that the peer, NAS and AAA server are all in sync
about the definition of the NAS boundary, then it is possible to avoid
EAP re-authentication when moving between ports on a single NAS.

> especially if you did not mean to have each AP know about the session
> keys the peer shares with other APs.

Where the NAS has multiple ports, the APs (ports) of that NAS share a key
cache.  As a result, a AAA-Key sent to the NAS can be used by the peer to
attach to any port on that NAS.

As a result, re-authentication is only required when moving between NASes.
There are multiple ways this can be accomplished without excessive handoff
latency.  Some of the mechanisms that have been proposed include:

   1. EAP pre-authentication (already supported in 802.11i)
   2. Pre-emptive handoff
   3. Key Request

>Since practically all it takes is for the previous AP to listen to the
>nonce exchanges that the peer is doing with the new AP and based the
>AAA-key that it still has, find the session keys between peer and new AP.

If the old and new APs are both attached to the same NAS, why would it
need to do this?  If they are not attached to the same NAS, then they
can't be sharing a AAA-Key.

> I came up with same resolution as you did. You called it bound-AAA key,
> I called it AAA-BS key (I think I saw this under a handover section in
> one the EAP key managment drafts). So the point is the AAA-key is not
> pushed to the NAS.

In existing implementations, as well as in the pre-emptive handoff
proposal, the AAA-Key is pushed to the NAS.  In the Key-Request
proposal, my understanding is that it is pulled by the NAS from the AAA
server.

>Instead both the peer and EAP/ AAA server calculate a
>AAA-BS key that is bound to that base station. The EAP server only pushes
>the AAA-BS key to that BS (NAS). The AAA key to AAA-BS key is
>straightforward if you know the BS ID, peer ID and other things, as long
>as you know AAA key, of course, so the peer and AAA server both can do
>it. The handshakes happen based AAA-BS rather than AAA-key. But now, the
>BSs cannot derive the session keys for other BSs.

You are describing something which I don't believe is included in any of
the existing proposals.  If this is something that you're interested in
pursuing, the best way to go about it is to write a complete proposal for
how it would work, and then analyze it to see if conforms to the security
criteria in RFC 4017.  This would make it possible for the proposal to be
included in the EAP Key Management Extensions draft.

However, please understand that this is not something that is likely to be
completed in the 802.16e timeframe.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From Oakes4345@jpfolks.com  Tue Apr 19 15:33:17 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA12511
	for ; Tue, 19 Apr 2005 15:33:17 -0400 (EDT)
Message-Id: <200504191933.PAA12511@ietf.org>
Received: from [69.15.29.209] (helo=jpfolks.com)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DNyeL-0002sr-Ai
	for eap-archive@ietf.org; Tue, 19 Apr 2005 15:44:46 -0400
From: "Volodya Oakes" 
To: "Tiffiny Langley" 
Subject: Re: VALLlUM C1ALlS Viagrra
Date: Tue, 19 Apr 2005 15:33:22 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0008_01C5433D.42655D02"
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 4.3 (++++)
X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C5433D.42655D02
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello, 

Bishop just issuing from the shed.  He doffed his hat and stood
Colonel Bishop mastered himself, and rose.  A merciless despot, w
all; the second, that his trial took place on the date named, and

thing it had planned.  But to correct the sentiment he evoked a

the livid gleam of that sword which Mr. Blood had quickly unsheat
I see, said Blood.  Now we come to it.  And it's yourself as

direction that he took.  Then he plunged into the enclosure, to

of it by the time he was indicted.  Those two months of inhuman,
Esteban, uneasy on the score of his father, and remembering that




Have a nice day.
------=_NextPart_000_0008_01C5433D.42655D02
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable









Hello,


 





  
  

    VA
    
    U
    
    AG
    
     C
    
    LIS
    
  

    LI
    M VI
    RA
    IA
    



And Many other.


 


Visit =
PharmaccyByMail STORE and save OVER =
7 0 %


 


Have a nice =
day.



  
----- Original Message ----- 

  
Try us and you will NOOT BE DlSAPPOlNTED!





------=_NextPart_000_0008_01C5433D.42655D02--



From ohksmadxoqok@axsia-serckbaker.co.uk  Tue Apr 19 16:05:26 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA19539;
	Tue, 19 Apr 2005 16:05:25 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DNz9S-0005Y8-ER; Tue, 19 Apr 2005 16:16:55 -0400
Received: from guy78-1-82-235-116-100.fbx.proxad.net ([82.235.116.100])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DNyyH-00007e-NE; Tue, 19 Apr 2005 16:05:22 -0400
Received: from 82.235.116.100 by mx.discern.com; Tue, 19 Apr 2005 13:05:15 -0800
Message-ID: <000801c54342$71fa51a0$0301a8c0@kwkcd>
From: "Dixie Gunn" 
Reply-To: "Dixie Gunn" 
To: rserpool@ietf.org, disman@ietf.org, rps-archive@ietf.org,
        eap-archive@ietf.org, ietf-archive@ietf.org
Subject: Not only we are the cheapest, but we are the fastest because of direct donw loads.
Date: Tue, 19 Apr 2005 13:05:15 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--01C540DB.2D898590"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.224
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
X-Spam-Score: 24.7 (++++++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 30ac594df0e66ffa5a93eb4c48bcb014

----01C540DB.2D898590
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit

ALL Microsoft Software just for $75!
http://byhsjkuwanqahe6vzutuls9bva.reefyaenhi.com/

----01C540DB.2D898590--



From eap-admin@frascone.com  Tue Apr 19 20:30:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA10742
	for ; Tue, 19 Apr 2005 20:30:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 139C31FE41;
	Tue, 19 Apr 2005 20:30:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 74EBE1FE14;
	Tue, 19 Apr 2005 20:30:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 637051FE11
	for ; Tue, 19 Apr 2005 20:29:22 -0400 (EDT)
Received: from mailout1.samsung.com (mailout1.samsung.com [203.254.224.24])
	by mail.frascone.com (Postfix) with ESMTP id 6DCD41FE0F
	for ; Tue, 19 Apr 2005 20:29:19 -0400 (EDT)
Received: from custom-daemon.mailout1.samsung.com by mailout1.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 id <0IF700B12YOU9F@mailout1.samsung.com> for eap@frascone.com; Wed,
 20 Apr 2005 09:29:18 +0900 (KST)
Received: from ep_mmp1 (mailout1.samsung.com [203.254.224.24])
 by mailout1.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0IF700MZIYONDU@mailout1.samsung.com> for eap@frascone.com; Wed,
 20 Apr 2005 09:29:11 +0900 (KST)
Received: from Alperyegin ([105.144.29.41])
 by mmp1.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTPA id <0IF700G64YOK9B@mmp1.samsung.com> for eap@frascone.com; Wed,
 20 Apr 2005 09:29:11 +0900 (KST)
From: Alper Yegin 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-reply-to: <200504171809.j3HI9spR022495@sj-core-4.cisco.com>
To: gwz@cisco.com, "'Tschofenig Hannes'" ,
        "'Sam Hartman'" ,
        "'Martin Soukup'" 
Cc: isms@ietf.org, radiusext@ops.ietf.org, eap@frascone.com
Message-id: <037201c5453f$ef6fe0b0$079da8c0@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 19 Apr 2005 17:28:52 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

Glen,

> > what is radius for you? (you write that it is not a trusted third
> > party.)
>=20
> It's not.  From the point of view of authentication protocols (PAP,
> CHAP, EAP, etc.), both RADIUS and Diameter are just "wires":=20

What happens when we look at this picture from the "authorization"
perspective? "Host-to-NAS authorization for the network access service"
is dynamically generated from "host-to-AAA server" authorization and
"AAA server to client (NAS)" authorization. Wouldn't this constitute a
3-party model?

Alper


> the
> operation of the auth protocols should be exactly the same as if
> they terminated in the AAA client, instead of elsewhere.  Basically,
> the purpose of AAA (again, from the POV of an authentication
> protocol) is simply scaling.  BTW, a lot of misery has been caused
> by the erroneous belief that EAP is (or can be) a three-party
> authentication protocol: it isn't, and can't be.  It could _carry_ a
> three-party protocol (like Kerberos), but EAP in itself is a
> two-party protocol.
>=20
> > why do you care that only one party knows that radius is
> > used? it could also be diameter.
> >
> > i would like to better understand why some people dislike the aaa
> > architecture (radius, diameter).
>=20
> I think that the misunderstanding mentioned above might have
> something to do with it...
>=20
> >
> > ciao
> > hannes
> >
> >
> >> -----Urspr=FCngliche Nachricht-----
> >> Von: isms-bounces@lists.ietf.org
> >> [mailto:isms-bounces@lists.ietf.org] Im Auftrag von Sam Hartman
> >> Gesendet: Freitag, 15. April 2005 19:34
> >> An: Martin Soukup
> >> Cc: isms@ietf.org
> >> Betreff: [Isms] RADIUS is not a trusted third party
> >>
> >>
> >>>>>>> "Martin" =3D=3D Martin Soukup  writes:
> >>
> >>     Martin> RADIUS "Access-Accept" indicates a successful
> >>     Martin> authenthentication response for a user.
> >>
> >>     Martin> The Access-Accept already returns a
> "Session-Timeout",
> >>     Martin> defined as "Sets the maximum number of seconds of
> service
> >>     Martin> to be provided to the user before the session
> >>     Martin> terminates. This attribute value becomes the per-user
> >>     Martin> "absolute timeout."".
> >>
> >> This only tells the SNMP engine talking to the RADIUS server the
> >> timeout.  You need to tell the other side of the exchange the
> >> timeout too.
> >>
> >> Remember that RADIUS is a callout service; it is not a trusted
> third
> >> party.  In other words, in a particular SNMP authentication, only
> one
> >> of the parties will know that RADIUS is being used.
> >>
> >>
> >> _______________________________________________
> >> Isms mailing list
> >> Isms@lists.ietf.org
> >> https://www1.ietf.org/mailman/listinfo/isms
> >>
> >
> > _______________________________________________
> > Isms mailing list
> > Isms@lists.ietf.org
> > https://www1.ietf.org/mailman/listinfo/isms
>=20
> Hope this helps,
>=20
> ~gwz
>=20
> Why is it that most of the world's problems can't be solved by
> simply
>   listening to John Coltrane? -- Henry Gabriel
> _______________________________________________
> eap mailing list
> eap@frascone.com
> http://mail.frascone.com/mailman/listinfo/eap


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Tue Apr 19 20:59:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12823
	for ; Tue, 19 Apr 2005 20:59:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A36CC1FFF2;
	Tue, 19 Apr 2005 20:59:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 473CB1FE14;
	Tue, 19 Apr 2005 20:59:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B43091FE14
	for ; Tue, 19 Apr 2005 20:58:04 -0400 (EDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86])
	by mail.frascone.com (Postfix) with ESMTP id C0DDE1FE11
	for ; Tue, 19 Apr 2005 20:58:02 -0400 (EDT)
Received: from sj-core-4.cisco.com (171.68.223.138)
  by sj-iport-4.cisco.com with ESMTP; 19 Apr 2005 17:57:47 -0700
Received: from gwzw2k01 (dhcp-128-107-165-105.cisco.com [128.107.165.105])
	by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id j3K0vhpR011434;
	Tue, 19 Apr 2005 17:57:44 -0700 (PDT)
Message-Id: <200504200057.j3K0vhpR011434@sj-core-4.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: "'Alper Yegin'" ,
        "'Tschofenig Hannes'" ,
        "'Sam Hartman'" ,
        "'Martin Soukup'" 
Cc: , , 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <037201c5453f$ef6fe0b0$079da8c0@sisa.samsung.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVFQDWipq6remVqRn2sribJZkhV9wAAud7g
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 19 Apr 2005 17:57:42 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

Alper Yegin <> supposedly scribbled:

> Glen,
>=20
>>> what is radius for you? (you write that it is not a trusted
third
>>> party.)
>>=20
>> It's not.  From the point of view of authentication protocols
(PAP,
>> CHAP, EAP, etc.), both RADIUS and Diameter are just "wires":
>=20
> What happens when we look at this picture from the "authorization"
> perspective? "Host-to-NAS authorization for the network access
> service"=20
> is dynamically generated from "host-to-AAA server" authorization
and
> "AAA server to client (NAS)" authorization. Wouldn't this
constitute
> a 3-party model?=20

I'm pretty sure that both Sam & I were just talking about
authentication.  In any case, could you expound a bit?  I don't
actually know what you're talking about.  What do "Host-to-NAS
authorization for the network access service", "host-to-AAA server
authorization" and "AAA server to client (NAS) authorization" mean?
Are you saying that somehow the host authorizes the NAS to provide
it network access?

>=20
> Alper
>=20
>=20
>> the
>> operation of the auth protocols should be exactly the same as if
they
>> terminated in the AAA client, instead of elsewhere.  Basically,
the
>> purpose of AAA (again, from the POV of an authentication
>> protocol) is simply scaling.  BTW, a lot of misery has been
caused by
>> the erroneous belief that EAP is (or can be) a three-party
>> authentication protocol: it isn't, and can't be.  It could
_carry_ a
>> three-party protocol (like Kerberos), but EAP in itself is a
>> two-party protocol.=20
>>=20
>>> why do you care that only one party knows that radius is used?
it
>>> could also be diameter.=20
>>>=20
>>> i would like to better understand why some people dislike the
aaa
>>> architecture (radius, diameter).
>>=20
>> I think that the misunderstanding mentioned above might have
>> something to do with it...=20
>>=20
>>>=20
>>> ciao
>>> hannes
>>>=20
>>>=20
>>>> -----Urspr=FCngliche Nachricht-----
>>>> Von: isms-bounces@lists.ietf.org
>>>> [mailto:isms-bounces@lists.ietf.org] Im Auftrag von Sam Hartman
>>>> Gesendet: Freitag, 15. April 2005 19:34
>>>> An: Martin Soukup
>>>> Cc: isms@ietf.org
>>>> Betreff: [Isms] RADIUS is not a trusted third party
>>>>=20
>>>>=20
>>>>>>>>> "Martin" =3D=3D Martin Soukup  writes:
>>>>=20
>>>>     Martin> RADIUS "Access-Accept" indicates a successful
>>>>     Martin> authenthentication response for a user.
>>>>=20
>>>>     Martin> The Access-Accept already returns a
"Session-Timeout",
>>>>     Martin> defined as "Sets the maximum number of seconds of
>>>>     service Martin> to be provided to the user before the
session
>>>>     Martin> terminates. This attribute value becomes the
per-user
>>>>     Martin> "absolute timeout."".
>>>>=20
>>>> This only tells the SNMP engine talking to the RADIUS server
the
>>>> timeout.  You need to tell the other side of the exchange the
>>>> timeout too.=20
>>>>=20
>>>> Remember that RADIUS is a callout service; it is not a trusted
>>>> third party.  In other words, in a particular SNMP
authentication,
>>>> only one of the parties will know that RADIUS is being used.
>>>>=20
>>>>=20
>>>> _______________________________________________
>>>> Isms mailing list
>>>> Isms@lists.ietf.org
>>>> https://www1.ietf.org/mailman/listinfo/isms
>>>>=20
>>>=20
>>> _______________________________________________
>>> Isms mailing list
>>> Isms@lists.ietf.org
>>> https://www1.ietf.org/mailman/listinfo/isms
>>=20
>> Hope this helps,
>>=20
>> ~gwz
>>=20
>> Why is it that most of the world's problems can't be solved by
simply
>>   listening to John Coltrane? -- Henry Gabriel
>> _______________________________________________
>> eap mailing list
>> eap@frascone.com
>> http://mail.frascone.com/mailman/listinfo/eap
>=20
>=20
> _______________________________________________
> eap mailing list
> eap@frascone.com
> http://mail.frascone.com/mailman/listinfo/eap

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Tue Apr 19 21:06:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA13473
	for ; Tue, 19 Apr 2005 21:06:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id ACAAC1FE14;
	Tue, 19 Apr 2005 21:06:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 9A6351FE1E;
	Tue, 19 Apr 2005 21:06:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 2C6BE1FE3C
	for ; Tue, 19 Apr 2005 21:05:15 -0400 (EDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87])
	by mail.frascone.com (Postfix) with ESMTP id 09BFB1FE14
	for ; Tue, 19 Apr 2005 21:05:12 -0400 (EDT)
Received: from sj-core-3.cisco.com (171.68.223.137)
  by sj-iport-5.cisco.com with ESMTP; 19 Apr 2005 18:05:12 -0700
Received: from gwzw2k01 (dhcp-128-107-165-105.cisco.com [128.107.165.105])
	by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j3K158b4026188;
	Tue, 19 Apr 2005 18:05:09 -0700 (PDT)
Message-Id: <200504200105.j3K158b4026188@sj-core-3.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: "'Martin Soukup'" ,
        "'Alper Yegin'" ,
        "'Tschofenig Hannes'" ,
        "'Sam Hartman'" 
Cc: , , 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0105_01C5450A.536B7D30"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <0BDFFF51DC89434FA33F8B37FCE363D5030B9B74@zcarhxm2.corp.nortel.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVFQf0DNcDTzu21TECheNQntFb3/QAAj+3w
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 19 Apr 2005 18:05:08 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

This is a multi-part message in MIME format.

------=_NextPart_000_0105_01C5450A.536B7D30
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I definitely look at RADIUS as a trusted third party:=20

Parties involved:=20

- authenticating entity (user/application)=20
- authenticator/policy enforcement point (device)=20
- authoritative authentication source/policy decision point (RADIUS)


In order for a "trusted third party" in the technical sense to
exist, the other two parties need to a) know about its existence and
b) trust it.  Does the "authenticating entity" know about the RADIUS
server? =20

Martin.=20

> -----Original Message-----=20
> From: Alper Yegin [mailto:alper.yegin@samsung.com]=20
> Sent: April 19, 2005 8:29 PM=20
> To: gwz@cisco.com; 'Tschofenig Hannes'; 'Sam Hartman';=20
> Soukup, Martin [CAR:5K50:EXCH]=20
> Cc: isms@ietf.org; radiusext@ops.ietf.org; eap@frascone.com=20
> Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party=20
>=20
>=20
> Glen,=20
>=20
> > > what is radius for you? (you write that it is not a trusted
third=20
> > > party.)=20
> >=20
> > It's not.  From the point of view of authentication protocols
(PAP,=20
> > CHAP, EAP, etc.), both RADIUS and Diameter are just "wires":=20
>=20
> What happens when we look at this picture from the=20
> "authorization" perspective? "Host-to-NAS authorization for=20
> the network access service" is dynamically generated from=20
> "host-to-AAA server" authorization and "AAA server to client=20
> (NAS)" authorization. Wouldn't this constitute a 3-party model?=20
>=20
> Alper=20
>=20
>=20
> > the=20
> > operation of the auth protocols should be exactly the same=20
> as if they=20
> > terminated in the AAA client, instead of elsewhere.  Basically,
the=20
> > purpose of AAA (again, from the POV of an authentication=20
> > protocol) is simply scaling.  BTW, a lot of misery has been=20
> caused by=20
> > the erroneous belief that EAP is (or can be) a three-party=20
> > authentication protocol: it isn't, and can't be.  It could=20
> _carry_ a=20
> > three-party protocol (like Kerberos), but EAP in itself is=20
> a two-party=20
> > protocol.=20
> >=20
> > > why do you care that only one party knows that radius is used?
it=20
> > > could also be diameter.=20
> > >=20
> > > i would like to better understand why some people dislike the
aaa=20
> > > architecture (radius, diameter).=20
> >=20
> > I think that the misunderstanding mentioned above might=20
> have something=20
> > to do with it...=20
> >=20
> > >=20
> > > ciao=20
> > > hannes=20
> > >=20
> > >=20
> > >> -----Urspr=FCngliche Nachricht-----=20
> > >> Von: isms-bounces@lists.ietf.org=20
> > >> [mailto:isms-bounces@lists.ietf.org] Im Auftrag von Sam
Hartman=20
> > >> Gesendet: Freitag, 15. April 2005 19:34=20
> > >> An: Martin Soukup=20
> > >> Cc: isms@ietf.org=20
> > >> Betreff: [Isms] RADIUS is not a trusted third party=20
> > >>=20
> > >>=20
> > >>>>>>> "Martin" =3D=3D Martin Soukup  writes:=20
> > >>=20
> > >>     Martin> RADIUS "Access-Accept" indicates a successful=20
> > >>     Martin> authenthentication response for a user.=20
> > >>=20
> > >>     Martin> The Access-Accept already returns a=20
> > "Session-Timeout",=20
> > >>     Martin> defined as "Sets the maximum number of seconds of

> > service=20
> > >>     Martin> to be provided to the user before the session=20
> > >>     Martin> terminates. This attribute value becomes the
per-user=20
> > >>     Martin> "absolute timeout."".=20
> > >>=20
> > >> This only tells the SNMP engine talking to the RADIUS server
the=20
> > >> timeout.  You need to tell the other side of the exchange the

> > >> timeout too.=20
> > >>=20
> > >> Remember that RADIUS is a callout service; it is not a
trusted=20
> > third=20
> > >> party.  In other words, in a particular SNMP authentication,
only=20
> > one=20
> > >> of the parties will know that RADIUS is being used.=20
> > >>=20
> > >>=20
> > >> _______________________________________________=20
> > >> Isms mailing list=20
> > >> Isms@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms=20
> > >>=20
> > >=20
> > > _______________________________________________=20
> > > Isms mailing list=20
> > > Isms@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms=20
> >=20
> > Hope this helps,=20
> >=20
> > ~gwz=20
> >=20
> > Why is it that most of the world's problems can't be solved=20
> by simply=20
> >   listening to John Coltrane? -- Henry Gabriel=20
> > _______________________________________________=20
> > eap mailing list=20
> > eap@frascone.com=20
> > http://mail.frascone.com/mailman/listinfo/eap=20
>=20
>=20
>=20
>=20


------=_NextPart_000_0105_01C5450A.536B7D30
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


RE: [eap] RE: [Isms] RADIUS is not a trusted third =
party




I definitely look at RADIUS =
as a trusted=20
third party: 


Parties involved: 


- authenticating entity (user/application) =

- authenticator/policy enforcement point (device) =

- authoritative authentication source/policy decision point=20
(RADIUS)  


In order=20
for a "trusted third party" in the technical sense to exist, the other =
two=20
parties need to a) know about its existence and b) trust it.  =
Does the=20
"authenticating entity" know=20
about the RADIUS server?  


Martin. 


> -----Original Message----- 
>=20
From: Alper Yegin [mailto:alper.yegin@samsung.com]=20

> Sent: April 19, 2005 8:29 PM =

> To: gwz@cisco.com; 'Tschofenig Hannes'; 'Sam Hartman';=20

> Soukup, Martin [CAR:5K50:EXCH] =

> Cc: isms@ietf.org; radiusext@ops.ietf.org; =
eap@frascone.com=20

> Subject: RE: [eap] RE: [Isms] RADIUS is not a =
trusted=20
third party 
> 
>=20

> Glen, 
> =

> > > what is radius for you? (you write that it is =
not a=20
trusted third 
> > > party.) =

> > 
> > It's not.  =
From the=20
point of view of authentication protocols (PAP, 
>=20
> CHAP, EAP, etc.), both RADIUS and Diameter are just "wires": =


> 
> What happens when =
we look at=20
this picture from the 
> "authorization" =
perspective?=20
"Host-to-NAS authorization for 
> the =
network access=20
service" is dynamically generated from 
> =
"host-to-AAA=20
server" authorization and "AAA server to client 
>=20
(NAS)" authorization. Wouldn't this constitute a 3-party model? =

> 
> Alper 
>=20

> 
> > =
the=20

> > operation of the auth protocols should be =
exactly the=20
same 
> as if they 
> >=20
terminated in the AAA client, instead of elsewhere.  Basically, the =


> > purpose of AAA (again, from the POV =
of an=20
authentication 
> > protocol) is simply=20
scaling.  BTW, a lot of misery has been 
> caused=20
by 
> > the erroneous belief that EAP is =
(or can=20
be) a three-party 
> > authentication =
protocol: it=20
isn't, and can't be.  It could 
> =
_carry_ a=20

> > three-party protocol (like =
Kerberos), but EAP=20
in itself is 
> a two-party 
> > protocol. 
> > =

> > > why do you care that only one party knows that =
radius is=20
used? it 
> > > could also be =
diameter.=20

> > > 
> > =
> i would=20
like to better understand why some people dislike the aaa =

> > > architecture (radius, diameter). =

> > 
> > I think that the=20
misunderstanding mentioned above might 
> =
have=20
something 
> > to do with it... =

> > 
> > > =

> > > ciao 
> > > =
hannes=20

> > > 
> > =
>=20

> > >> -----Urspr=FCngliche =
Nachricht-----=20

> > >> Von: isms-bounces@lists.ietf.org=20

> > >> [mailto:isms-bounces@lists.iet=
f.org]=20
Im Auftrag von Sam Hartman 
> > >> =
Gesendet:=20
Freitag, 15. April 2005 19:34 
> > =
>> An:=20
Martin Soukup 
> > >> Cc:=20
isms@ietf.org 
> > >> Betreff: =
[Isms] RADIUS=20
is not a trusted third party 
> > =
>>=20

> > >> 
> =
>=20
>>>>>>> "Martin" =3D=3D Martin Soukup=20
<msoukup@nortel.com> writes: 
> >=20
>> 
> > =
>>    =20
Martin> RADIUS "Access-Accept" indicates a successful =

> > >>     Martin> =
authenthentication=20
response for a user. 
> > >> =

> > >>     Martin> The =
Access-Accept=20
already returns a 
> > =
"Session-Timeout",=20

> > >>     Martin> =
defined=20
as "Sets the maximum number of seconds of 
> =
>=20
service 
> > =
>>    =20
Martin> to be provided to the user before the session =

> > >>     Martin> =
terminates. This=20
attribute value becomes the per-user 
> > =

>>     Martin> "absolute timeout."". =


> > >> 
> =
> >>=20
This only tells the SNMP engine talking to the RADIUS server the=20

> > >> timeout.  You need to =
tell the=20
other side of the exchange the 
> > =
>>=20
timeout too. 
> > >> =

> > >> Remember that RADIUS is a callout service; =
it is not a=20
trusted 
> > third 
>=20
> >> party.  In other words, in a particular SNMP =
authentication,=20
only 
> > one 
> >=20
>> of the parties will know that RADIUS is being used. =

> > >> 
> > =
>>=20

> > >>=20
_______________________________________________ 
>=20
> >> Isms mailing list 
> > =
>>=20
Isms@lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms =

> > >> 
> > =
>=20

> > >=20
_______________________________________________ 
>=20
> > Isms mailing list 
> > >=20
Isms@lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms =

> > 
> > Hope this =
helps,=20

> > 
> > =
~gwz=20

> > 
> > Why is =
it that most=20
of the world's problems can't be solved 
> =
by=20
simply 
> >   listening to John =
Coltrane?=20
-- Henry Gabriel 
> >=20
_______________________________________________ 
>=20
> eap mailing list 
> > =
eap@frascone.com=20

> > http://mail.frascone.com/mailman/listinfo/eap =

> 
> 
>=20

> 


------=_NextPart_000_0105_01C5450A.536B7D30--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From GiselleHanks@ncbluebirdme.com  Tue Apr 19 21:07:50 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA13620
	for ; Tue, 19 Apr 2005 21:07:49 -0400 (EDT)
Received: from c-24-62-137-210.hsd1.ma.comcast.net ([24.62.137.210])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DO3s6-00070q-FP
	for eap-archive@ietf.org; Tue, 19 Apr 2005 21:19:21 -0400
Received: from xLV@localhost by LUKJ.int (8.11.6/8.11.6); Wed, 20 Apr 2005 08:01:12 +0600
Message-ID: 
From: "Terri Samuels" 
Reply-To: "Terri Samuels" 
To: e3@ietf.org
Subject: 0nline software, Download Symantec, Win XP & others Instantly
Date: Tue, 19 Apr 2005 22:58:12 -0300
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2
X-Sender: GiselleHanks@ncbluebirdme.com
Content-Type: multipart/mixed;  boundary="--NXD7vqn5MeqvHC831S"
X-Spam-Score: 7.2 (+++++++)
X-Spam-Flag: YES
X-Scan-Signature: 07d4bcb4600b627a0786c2557bc62e06

2RG 

----NXD7vqn5MeqvHC831S
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable








5366849






  

    
    
    
    Browse
    
    
    Search
    
    
    Shop
    
    
    My eSoft
    
    
    Community
  





  

    
    
    Back to Software =
Overview
    
    

    Home >
    All Categories >
    Computers >
    Software >
    Operating Systems > =

    Windows

    		
  





  

    
    
    
    

      

        
      

      

        
      

      

        
      

      

        
      

      

        
      

      

        
        All Items
      

    

    		
    
    
    
    

      

        
      

      

        
      

      

        
      

      

        
      

      

        
      

      

        
        
        Auctions
      

      

        
      

      

        
        

          

            
          

          

            
          

        

        		
      

    

    		
    
    
    
    

      

        
      

      

        
      

      

        
      

      

        
      

      

        
      

      

        
        
        Bu=
y 
        It Now
      

      

        
      

      

        
        

          

            
          

          

            
          

        

        		
      

    

    		
    
    
  





  

    
    
    
    

      

           
        
         
        
        
        Refine Search=

      

    

    		
  





  

    
    

      

         Top 
        Sellers
      

      

        1  
           
        Office 2003 Pro      

        6  
        Macromedia

     Dream Weaver

     MX 2004

        7
         
        
        CorelDraw

     Graphics Suite 12.0

        11
        
        Alias Wavefront
        6.0

        13
        
        
        
        Adobe 
        
        Encore DVD		
      

    

    
 

    
 

    		
    
    

      

        
        
Featured It=
em

        		
        PRlCE
        Bids
        Time Left
      

    

    		
  

  

    
    

    

    		
    
    

    3D"New"
     Microsoft=
 Windows 
    XP PRO

    -Current Edition-

    

    
    
    3D"Gift 
    from Our eStore

    		
    
    
$49.95
    USD

    		
    
    
4

    3D"Gift

    		
    
    
=
0h 19m

    		
  

  

    
    

      

        
        

          

            
            
Nevv It=
ems

            		
            PRlCE
            Bids
            Time Left
          

        

        		
      

    

    		
  

  

    
    

      

        
        

        

        		
        
        

        3D"New"
         Micro=
soft 
        Office 2003 PRO or

        Microsoft Office XP PRO

        

        
        
        3D"Gift 
        from Our eStore

        		
        
        
$49.95
        USD

        		
        
        
5

        3D"Gift

        		
        0h 11m
      

    

    		
  

  

    
    

      

        
        
        
        

        3D"New"
         Adobe=
 Photoshop 
        CS 8.0 or Adobe Acrobat PRO 7.0

        

        
        
        3D"Gift 
        from Our eStore

        		
        
        
$59.95
        USD

        		
        9
        3D"Gift
        
        0h 17m
      

    

    		
  

  

    
    

      

        
        
        
        

        3D"New"
         Macro=
media 
        FlashMX Pro 2004 or Macromedia Dreamweaver MX Pro 2004

        

        
        
        3D"Gift 
        from Our eStore

        		
        
        $39.95 USD
        1
        3D"Gift
        
        0h 13m
      

    

    		
  








----NXD7vqn5MeqvHC831S--


From cikpzkhodo@yahoo.com  Tue Apr 19 23:53:24 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA23028
	for ; Tue, 19 Apr 2005 23:53:24 -0400 (EDT)
Received: from modemcable235.254-81-70.mc.videotron.ca ([70.81.254.235])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DO6SL-0002xz-VB
	for eap-archive@ietf.org; Wed, 20 Apr 2005 00:04:59 -0400
X-Message-Info: cn/K+23/M/zj+88/48994660922
Received: from 334..cikpzkhodo@yahoo.com (262.cikpzkhodo@yahoo.com [70.81.254.235])
	by smtp-..cikpzkhodo@yahoo.com (Postfix) with SMTP id 727LJY5Q5R
	for ; Wed, 20 Apr 2005 02:51:54 -0200
Received: from smtp-..cikpzkhodo@yahoo.com ([70.81.254.235]) by p233-tgy9.cikpzkhodo@yahoo.com with Microsoft SMTPSVC(5.0.2155.1559);
	 Wed, 20 Apr 2005 01:54:54 -0300
Received: from smtp-..cikpzkhodo@yahoo.com ([70.81.254.235]) by wyf43-mct87.cikpzkhodo@yahoo.com with Microsoft SMTPSVC(5.0.7485.4327);
	 Wed, 20 Apr 2005 01:49:54 -0300
X-Message-Info: AIYMM+%ND_LC_CHAR[1-3]34+is+Q+88/0187728161
Received: from .cikpzkhodo@yahoo.com ([165.190.166.0]) by .cikpzkhodo@yahoo.com with MailEnable ESMTP; Wed, 20 Apr 2005 00:48:54 -0400
Date: Wed, 20 Apr 2005 02:47:54 -0200
Message-Id: <07819614638.43402@cikpzkhodo@yahoo.com>
From: Tara Cochran 
To: Eap-archive 
Subject: EXTRA-TIME - last 5-10 times longer!!!
MIME-Version: 1.0 (produced by  6.6)
Content-Type: multipart/alternative;
	boundary="--4553053621616829"
X-Spam-Score: 6.0 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22

----4553053621616829
Content-Type: text/plain;
	charset="iso-9838-9"
Content-Description:   
Content-Transfer-Encoding: 7Bit

EXTRA-TIME - last 5-10 times longer!!!

- Non-hormonal herbal therapy.
- Acts locally on the sex organs.
- Regulates process of ejaculation.
- Acts through neuro-endocrine pathway.
- Acts on the high centres of emotion in the brain.

http://sheenier.net/et/?1663800

This new doctor developed, herbal supplements,
allow users more control over ejaculation,
completely curing "Premature Ejaculation"
and other sexual dysfunction problems.





                                                                         

----4553053621616829--


From eap-admin@frascone.com  Wed Apr 20 08:30:12 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA03138
	for ; Wed, 20 Apr 2005 08:30:12 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BA148202B7;
	Wed, 20 Apr 2005 08:30:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id AF97C20295;
	Wed, 20 Apr 2005 08:30:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 9B04420280
	for ; Wed, 20 Apr 2005 08:29:57 -0400 (EDT)
Received: from mtaout2.012.net.il (mtaout2.012.net.il [84.95.2.4])
	by mail.frascone.com (Postfix) with ESMTP id 87C992027E
	for ; Wed, 20 Apr 2005 08:29:55 -0400 (EDT)
Received: from [127.0.0.1] ([192.114.180.130])
 by i_mtaout2.012.net.il (HyperSendmail v2004.12)
 with ESMTPA id <0IF8009VAW6NT930@i_mtaout2.012.net.il> for eap@frascone.com;
 Wed, 20 Apr 2005 15:32:56 +0300 (IDT)
From: Jeff Mandin 
Subject: Re: [eap] RE: [Isms] RADIUS is not a trusted third party
X-012-Sender: ----.----@012.net.il
To: eap@frascone.com, isms@ietf.org
Message-id: <42665A04.2060503@streetwaves-networks.com>
MIME-version: 1.0
Content-type: multipart/alternative;
 boundary="Boundary_(ID_kZZAfKeYGKDvtJIgAS098A)"
X-Accept-Language: en-us, en
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 15:32:52 +0200
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

This is a multi-part message in MIME format.

--Boundary_(ID_kZZAfKeYGKDvtJIgAS098A)
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7BIT

On 4/20/05, *Glen Zorn (gwz)* > wrote:

    In order for a "trusted third party" in the technical sense to
    exist, the other two parties need to a) know about its existence and
    b) trust it.  Does the "authenticating entity" know about the RADIUS
    server?


In an EAP scenario the peer does in fact know about the AAA Server (or 
rather it always assumes that the AAA might be there).  Consequently the 
AAA-Server does resemble a TTP in the EAP case  - as Jesse Walker wrote 
at length in 
http://mail.frascone.com/pipermail/eap/2004-October/002895.html 


There are scenarios (eg. mobile wireless) where the peer is _not at all_ 
interested in the identity of the NAS - but only that the NAS is trusted 
by the larger entity (ie. operator) that uses the AAA-Server for access 
enforcement.   That would amount to an inversion of what seems to be the 
standard trust model for RADIUS etc.

- Jeff Mandin

--Boundary_(ID_kZZAfKeYGKDvtJIgAS098A)
Content-type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7BIT




  
  


On 4/20/05, Glen
Zorn (gwz) <gwz@cisco.com>
wrote:






  In order
for a "trusted third party" in the technical sense to exist, the other
two parties need to a) know about its existence and b) trust it.  Does
the "authenticating entity" know about the RADIUS server?






In an EAP scenario the peer does in fact know about the AAA Server (or
rather it always assumes that the AAA might be there). 
Consequently the AAA-Server does resemble a TTP in the EAP case  -
as Jesse Walker wrote at length in
http://mail.frascone.com/pipermail/eap/2004-October/002895.html





There are scenarios (eg. mobile wireless) where the peer is _not at
all_ interested in the identity of the NAS - but only that the NAS is
trusted by the larger entity (ie. operator) that uses the AAA-Server
for access enforcement.   That would amount to an inversion of
what seems to be the standard trust model for RADIUS etc.



- Jeff Mandin



--Boundary_(ID_kZZAfKeYGKDvtJIgAS098A)--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 20 11:32:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA19980
	for ; Wed, 20 Apr 2005 11:32:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 47349202D2;
	Wed, 20 Apr 2005 11:32:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A15D6202BD;
	Wed, 20 Apr 2005 11:32:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5BA5A202BD
	for ; Wed, 20 Apr 2005 11:31:20 -0400 (EDT)
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35])
	by mail.frascone.com (Postfix) with ESMTP id 74FB4202A2
	for ; Wed, 20 Apr 2005 11:31:17 -0400 (EDT)
Received: from 204.127.197.113 ([204.127.197.113])
          by comcast.net (rwcrmhc11) with SMTP
          id <200504201531170130011qupe>; Wed, 20 Apr 2005 15:31:17 +0000
Received: from [65.119.52.228] by 204.127.197.113;
	Wed, 20 Apr 2005 15:31:17 +0000
From: c.kalbfleisch@comcast.net
To: eap@frascone.com
Message-Id: <042020051531.13451.426675C4000E5F230000348B2200745672080C9C070A04000D040E05D20C@comcast.net>
X-Mailer: AT&T Message Center Version 1 (Dec 17 2004)
X-Authenticated-Sender: Yy5rYWxiZmxlaXNjaEBjb21jYXN0Lm5ldA==
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="NextPart_Webmail_9m3u9jl4l_13451_1114011077_0"
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Is there an EAP MIB?
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 15:31:17 +0000
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)


--NextPart_Webmail_9m3u9jl4l_13451_1114011077_0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

Hi,

Has there been any work or consideration given to a MIB for EAP? If so, what is the status of this work?

Thanks,
Carl
--NextPart_Webmail_9m3u9jl4l_13451_1114011077_0
Content-Type: text/html
Content-Transfer-Encoding: 8bit



Hi,


 


Has there been any work or consideration given to a MIB for EAP? If so, what is the status of this work?


 


Thanks,


Carl


 


--NextPart_Webmail_9m3u9jl4l_13451_1114011077_0--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 20 12:15:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23711
	for ; Wed, 20 Apr 2005 12:15:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5BC49202FC;
	Wed, 20 Apr 2005 12:15:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B2686202C1;
	Wed, 20 Apr 2005 12:15:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 01C8C202C0
	for ; Wed, 20 Apr 2005 12:14:19 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 638C0202BD
	for ; Wed, 20 Apr 2005 12:14:17 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DOHqD-000HIl-4G
	for eap@frascone.com; Wed, 20 Apr 2005 12:14:17 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3KGEFn29383
	for ; Wed, 20 Apr 2005 09:14:15 -0700
From: Bernard Aboba 
To: eap@frascone.com
In-Reply-To: <20050420160002.1793.71238.Mailman@xavier>
Message-ID: 
References: <20050420160002.1793.71238.Mailman@xavier>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Re: EAP MIB
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 09:14:15 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> Has there been any work or consideration given to a MIB for EAP? If so, what is the status of this work?
>
> Thanks,
> Carl

IEEE 802.1X-2001 originally included EAP objects in the MIB, but when
802.1X was disentangled from EAP in IEEE 802.1X-2004 those objects were
removed. At the time, it was suggested that an EAP MIB be developed.
However, there was insufficient interest to proceed.

Proposed Standards are supposed to have a MIB, so if there is interest
(and volunteers to work on it) this is something the WG could probably
take up.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 20 13:11:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA28510
	for ; Wed, 20 Apr 2005 13:11:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 82C5D202FC;
	Wed, 20 Apr 2005 13:11:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id AD008202C1;
	Wed, 20 Apr 2005 13:11:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5F17D202C1
	for ; Wed, 20 Apr 2005 13:10:36 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id BEBDC202C0
	for ; Wed, 20 Apr 2005 13:10:34 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DOIif-000Oq8-Re
	for eap@frascone.com; Wed, 20 Apr 2005 13:10:33 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3KHAWA32657
	for ; Wed, 20 Apr 2005 10:10:33 -0700
From: Bernard Aboba 
To: eap@frascone.com
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Re:  EAP PAX Expert Review
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 10:10:32 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Jari Arkko stated:

 > [Optional, at least for now: does it conform to EAP
 > keying framework?]

Yes. Note: the keying framework is still being worked
on.

[BA] It would be useful to have PAX document the key name and scope, as in
Appendix E in the Key Management framework.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From rocdcbk@doneasy.com  Wed Apr 20 13:42:29 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA01319;
	Wed, 20 Apr 2005 13:42:29 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DOJOo-0002Zg-Rc; Wed, 20 Apr 2005 13:54:10 -0400
Received: from 201008106055.user.veloxzone.com.br ([201.8.106.55])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DOJDE-0004br-92; Wed, 20 Apr 2005 13:42:13 -0400
Received: from qtl9.yapost.com (210.204.126.8) by zrl064-nf.yapost.com with Microsoft SMTPSVC(5.0.2195.6824);
	 Wed, 20 Apr 2005 21:32:34 +0300
Received: from grandparentaileronm4 (sweepstake136.152.42.48)
          by yapost.com (bk603) with SMTP
          id <8257018b44470i>
          (Authid: BrianBird);
          Wed, 20 Apr 2005 21:36:34 +0300
From: "Laverne Bledsoe" 
To: "'Ietf-archive'" 
Subject: The mighty cucumber lives again!-ir 9 uplf
Date: Wed, 20 Apr 2005 23:34:34 +0500
Message-ID: <347jh130mx42$14rjj02a6$420xlk9v@acquaintancecompulsoryassuagesa3810>
MIME-Version: 1.0
Content-Type: multipart/related;
	boundary="q23crqeqcr"
X-Spam-Score: 4.9 (++++)
X-Scan-Signature: d4a1871e876bd836d4c351e861e8720d

This is a multi-part message in MIME format.

--q23crqeqcr
Content-Type: multipart/alternative;
        boundary="q23cthger"

--q23cthger
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: 7bit

Get a capable html e-mailer
Larger Firmer Erections 
Longer more intense orgasms 
results in the same night 
an overall Improvement in your Sexual health and Sexual performance 
And Much Much More!
--q23cthger
Content-Type: text/html;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable





















=









NeroAmplifico will give you: 



Larger Firmer Erections 

Longer more intense orgasms 

Results in the same night 


An overall Improvement in your 
 




Sexual health and Sexual perf=
ormance 














It's ok, it's not what I'm looking for.  OFF Here

















--q23cthger--

--q23crqeqcr
Content-Type: image/gif;
        name="image001.gif"
Content-Transfer-Encoding: base64
Content-ID: 
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDACAWGBwYFCAcGhwkIiAmMFA0MCwsMGJGSjpQdGZ6eHJm
cG6AkLicgIiuim5woNqirr7EztDOfJri8uDI8LjKzsb/2wBDASIkJDAqMF40NF7GhHCExsbGxsbG
xsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsb/wAARCAGQAlgDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwC3Z2ls
1nAzW8RJjUklBzxUv2K1/wCfaH/v2Kr2d0q2kKkdI1HX2qytyp7GouiuVifYrX/n2h/79il+xWv/
AD7Q/wDfsUv2hO+R+FH2iP1/Si4rMb9itf8An2h/79ij7Fa/8+0P/fsU/wA+P+8KcJUP8Y/Oi4WI
/sVr/wA+0P8A37FH2O1/59of+/YqUMp6EUuRTuFiH7Fa/wDPtD/37FH2K1/59of+/YqaigRD9itf
+faH/v2KPsVr/wA+0P8A37FT0UAQfYrX/n2h/wC/Yo+xWv8Az7Q/9+xU9FAEH2K1/wCfaH/v2KPs
Vr/z7Q/9+xU9FAEH2K1/59of+/Yo+xWv/PtD/wB+xU9FAEH2K1/59of+/Yo+xWv/AD7Q/wDfsVPR
QBB9itf+faH/AL9ij7Fa/wDPtD/37FT0UAQfYrX/AJ9of+/Yo+xWv/PtD/37FT0UAQfYrX/n2h/7
9ij7Fa/8+0P/AH7FT0UAQfYrX/n2h/79ij7Fa/8APtD/AN+xU9FAEH2K1/59of8Av2KPsVr/AM+0
P/fsVPRQBB9itf8An2h/79ij7Fa/8+0P/fsVPRQBB9itf+faH/v2KPsVr/z6w/8AfsVPRQBB9itf
+faH/v2KPsVr/wA+0P8A37FT0UAQfYrX/n2h/wC/Yo+xWv8Az6w/9+xU9FAEP2K1/wCfWH/v2KPs
Vr/z6w/9+xU25d23cN3XGeaWgCD7Fa/8+sP/AH7FJ9itP+faH/v2KsUYoAg+xWv/AD6w/wDfsUfY
rX/n1h/79ip6KAIPsVp/z7Q/9+xR9itP+faH/v2KnooAg+xWv/PrD/37FH2K1/59Yf8Av2KnooAg
+xWv/PrD/wB+xR9itf8An1h/79ip6KAIPsVp/wA+0P8A37FH2K0/59of+/YqeigCD7Faf8+0P/fs
UfYrT/n1h/79ip6KAIPsVp/z7Qf9+xR9itf+fWH/AL9ip6KAIPsVr/z7Q/8AfsUfYrX/AJ9Yf+/Y
qeigCD7Fa/8APtD/AN+xR9itf+fWH/v2KnpCQoyxA+tAEP2K1/59Yf8Av2KPsVr/AM+sP/fsVPij
FAEH2K0/59Yf+/Yo+xWv/PrD/wB+xU+KCQoySB9aAIPsVr/z6w/9+xSfYrX/AJ9Yf+/YqxiigCv9
itf+faH/AL9ij7Fa/wDPtD/37FWMUYoAr/YrX/n1h/79ij7Fa/8APtD/AN+xU+KKAIPsVr/z7Q/9
+xR9itf+faH/AL9ip6KAIPsVr/z7Q/8AfsUfYrX/AJ9of+/YqeigCleWlstlOy28QIjYghBxxRU1
9/x4XH/XJv5UU0BnW8cbW0RMgB2Dg/SpPIXtIv50tpYeZaxMJsbkU4x7VL/Zj9plP4Vk4s2Ul3IP
JOeH/WjyZezH86mOnTjo6n8aabC5HTafoaVmPmXcj8ucdyaQrMP/ANVSG0ux0XP0NNMN4v8Ayzai
w7jD5o7fpQHkHalIul6xv+VJ5lwPvRn8VpWAXzpB/wDrpwuHHdvzpnnt/FH+lL9oXvGPyo1CxILt
/VqUXj+v6VD58feOjzYT/Bj8aLsLLsWPtp9R+VOF6e+2qm6H3H40ZhPc0XYcqLovR6D86UXi+n61
RxEf4qNidjRzMXIjQF2h7GlF1GfWs7y17NSFPQ/rT52HIjUFxEf4v0pRPF/fFZW09j+tJhh3p87F
7NGuJUP8a/nS71PRh+dY/wA/rSbnFHOHszayPWjNY3mPR5zjv+tHOHszaorG+1SD+M/nSreyj+On
zi9mzYorKF9J/ep4vpPUflT5kL2bNKis8X7dwDSi/wD9kUcyFyMv0VTF+P7v60v25P7v60cyDkZb
oqqL2P0NOF3H70cyFyssUVCLqI/xUouIj/FTuhWZLS1GJYz/ABCneYuMhhTuFjOb/kY0/wCuP+NX
4biKd5Eifc0Z2sMHg/5FZxfPiFTx/qaXSWxd6h/12P8AM0xF5LuCSKSRJMpFnecHjHWom1WyQqDO
PmGRwePr6VQsT/xLNR+r/wDoNOgjT/hHG+VeULHjqc0AXpdSs4pRE8w3e3IH41NNPFAE81wodtqn
1NZYjT/hGyNo5Td+OetR3/7zSdPDc5Kg/lRYDTg1C1nlMUUwZ/TB5+lWsVk6yqwrazIoVo5QBgdv
T9K0ZMvGyA43AjPpQBCupWjziFZdzE4GAcE+maqz6vHHqSxGQCBQRIdpyG54/l0pumXItgthcR+X
Ip+Uno/NOmP/ABUVuf8Apif/AGagC5Nf20McbvJxINy4UkkVJb3EV1H5kLh1zj6VFdXyW8ipsaSZ
h8qIMnH+FUtIdvt16DH5eSCU9DzRYC6uoWj+UFlBMpwoweapjWYv7QdXlAtgnBCnJbj/AOvUegQR
/ZmmZFaTfgEjpj0qWFv+KhnP/TEf+y0AaTyJHE0rHCKNxOO1NW4ia2+0B8xbd27Half50ZGGVYYN
YaysmiTWv8ay+UB9Tn/GgDZa7t0tluGkxE3QkHn8KW2uoLpSYX3beoxgis6VB/a1jbHlIo8ge/P+
Ap7nyvEERUY86IhvfGf8BRYC/DcRTvIkT7mjO1hg8H/IpqXlu8UkqyZSIkOcHjFUtIJF3qH/AF2P
8zVW0P8AxK9R92b+VFgNaO9t5ZVijk3Oy7gAO3Wq2spC0UXnSMg3cYXOaTR4I4rKKRUUyOMliOai
14kwRf7x/lTS1KjuX57yC08tZWYbhwcZ/OmQalbXEvlozbj0yMZqlrI3mzU98j+VGpRpFfWZjUJy
Ogx0IqrIdkO1DUmiukiicqqN+8496dqMttd2UchldE34BC5yfpUerAf2ha8DkjPHXmpNeAW0jCgA
b+w9qLbDSWhclu4LVIRIzYcfKcfTr+dRJq1o7ld5XHcjg1S1n5o7IH0I/wDQaNYhiSe2VEVQeDgY
4yKLIEkX7fUra4l8pGYMemRjNOu76C0YLKW3EZwB2rP1JEi1G0MaqnI6DHerd7ewwTKvk+dORgAD
kClYVixbXMV0heFs46g9RUd1f29q2yRiX/uqM4rP0ZiL64G3ZkElfTnpS6Oi3E09xKoZieM84zRY
OVIvHUbcCIksBL90498U+4u4rd0SQnc/QAVT1qEfY0dFCiNuw6A//XxUQf7bq1ueyRhj7HGf6iiy
Cy3Nc0lONNqCCG+/48Lj/rk38qKS+/48bj/rk38qKaAr2hIsocdfLX+VTxswHJ5qvaIv2SEnvGv8
qm3KvFR1LHNKwOASTThK/rTM0UBYl81/Wl85qizSH260CsTCZqXzz6VDS0wsS+cD1WgvGeqA/hUN
GaAsSEW7dYl/KmmK04zGozTAwb2NLjPXmkMDa2h/g/Wk+w2x6Aj8adiko0C7GnT4D0dx+NMOmIek
zVLj3pOfWiyHd9yA6X6TfmKT+y37Sj8qtAnHU0Bj60rIOZlP+zJh0dT+NJ9gn/2T+NXt7CjzDRZD
5pGebS4X+DP40gtpj1AX6mrrTqPvNUX2pDwGB/ClZD5mMW14ALj8KVrUDoxP4UGcdelKtwDxnkUW
C7K0kUiZOMioWkx1FaYkBG4daUTDIBVT+FFkPmZk+aPanCUHtWwFhcZMaH8KQw2x6xJ+VOwucyQ6
ntTsrWl9ltT/AMs1FH2K2P8ADj6E0uUftEZvy+tLwe9XzYW57sPxpp06LtI4pco/aIpj60uPQ1aG
nr2mb8aPsDDpNn6ijlYc6Kw3exoz7VZ+xy9pF/Kj7LOOhjNHKxcyK4JpzSmOMttJwOi96lFvcL/D
Gac6Sx28sjRqCiFvyFNRByRQti8t6bl0KKF2qD1NEUr2l3cfuXkWU7lKjv8A5NXpUdDxFmmZb/nk
1WRYqWqyJZXaOrB23cY68dqfHvGjmIht2wjbjmrBYd42FJuXPRhRcdkQ/P8A2N5WDu2Y245qG8Zx
p1mmMMrDg9jiroZexP41Wvo2mWIRjdtcE89qExNBPNLfywxmJ40Rtz7h3q89y6qSPmwOg71CxX1q
JgM8NSbKUUMuJ3vnhVYXQo4Yuy4xTrqV49ShuvLZ1VNpCjOOv+NOGfWl3MKOYXIhrTtDqf2sxO6P
HtwBkqaWwkdb26lkjZBJgjNAk55p26jmDkE0dzBZlJFZTvJwRimPMYNWa48t3jdNvyjODx/hTiaU
Zo5g5C+LhCcZxWW0YbXNoYeWSJj7ED/GpGJ2kqMkDIHrUVtE6FpZT+8fr7D0pqQnAtX4KXcF5EDJ
5eVdV6kH/wDWaSAm61L7WytHHGm1A/BJ9cfnTSWpMmjmHyCRSvY31yPIeVZm3IUHf/JplrHImm3q
SIRIzNgY68dvWpctSZb1o5g5C1p52WEKv8rBcEHtVbWvnhiC/N8x6U35qMsO9CmNQsO1TLvZ7QTg
nOO3Sl1TL3doVGQG5x25FN3t60m96rnDlHawGE0E6DcEPOPrmm6lN9rsInVGGX+73HWl8x6XzGo5
wsN1UF0s9oJwDnHbpT9Xy9zbFQSAecduRSb2pQ7elHOFg1MFr61KgkAjOO3NMnZrTVzcNGzow4I+
mKlDN6UoZ/SjnCxFpRc388kiFC4LYI9TUcTyaXcyqYi8T9CP0qyWf0pN7elHOFixIwu9OYsuwuh4
Paqegx482Zv9wf1/pTLszyKI4l4fgmpYY2giWNRnHX3ocrIVtLGoWHrSbh61mkSH+CmneOqVnzC5
C7fEfYbjn/lm38qKzrhj9nlG3+A/yoq4u4nGxatB/ocOP+ea/wAqkcAjOPyqOz/484P+ua/yqXAX
pUsEIMgU4HikzSE4ODQMdn0pabgdqGOB60CEZj2oJcdwaSPnJNPxQMFOVyetJwBxSfdb60pNACMu
4A5ww708HIpBQKAFoJpM0UCFo60maBQAtJSE4pCe9K4xScd8VBNKSdiCnklvpTcAHpzSGMjgJ5c8
VI3lKuME/SjOcEnC9h60H5zjvTArSrECflK/jUDAggqSaumLjjGaqzbVJ53GgBsdwyZDVajdWGVO
azXG7pzSxNhsPkinYDTEgU/eP4VPHKsnAz+NZ4kBHA6VPBIT9aQFvmjrSIcjDc/SnHigkKDSA0Zz
TAQKckk1Jk+tNBooAdk+tAZvWm5ozQIfuJpl0T9guP8Ark38qX3plwSbG4/65N/KmgJJW+am59qd
IOaoxO6avJEzsUdNygngf55pgXR9KbOzpC5iTc4Hyg96pWNw8mpTKzExvnZk8cHHFMWSV7O/uPMf
G4hPmPygen50wuXWuBDaCa5XYcDcAM4NR6hLs055ovlbCkHHTJFVL5DJosUzSSFgq5G7hs45PrT7
uDydGlPmyyblQ/O2ccjpQIuwqj28bMoJKAk468UGKI/wCs2eKe3sYroXDlwFyuflx6Y/KtRMOqt2
IzSGmMFvEf4aDbR54HH1qoA99eTR+a8cUPA2HBJpYJ5WsbyORiZYAw3dzwcH9KLDuWvskWc8/nSG
zj9Wqssj/wBhebvbfsJ3Z56+tR3c0sek2squ28suTk88HrRYOZlw2a9nNJ9j9JP0pbOCWJWaeUyO
+CR2X2FVrszPqscEczRq8fOD05P68UWDmZOLM5Pz/pTvsZ/56fpVe2MltqX2VpHkjddyFjkj/PNQ
wrc3d1cxCd0ijlJJySevA+nFFkHMy6bNuz0n2OT++KhAkv7udfNkjihO1dhxk+tRiaeXTLhTIwmg
bBZTgkD/ACaOVBzMs/Y5P7wo+yS/3lqK7uHksbbynKvOyjKnBHr+tK7Nd3skHnPHDCADtbBY/Wjl
Q+dj/skvqv50htZvb86ijnlFnexNIzPBkB88kduaiKXDaaLs3UokVQQobjHT8TRyoOdk5tp/T9aY
be47L+tXIJmlt45DwWUE0/J7UrIfOzP8m5/ufrSiK5/55n860QGpslxFD95st/dHJp8tw5mU1gnP
8LVIUeNd0h2j3pXurmXiFPLX1PWrBjWa0Cy4aQDrnvRKPLuHMytG4kYKrgn0pZ5DBhcZc9qzpWBb
5cjFaVpOlxbKkuDJ69/rVSioa9AuV/tpDYdAB7U92kHKgkHkECq9xbSRsS/c8Y71pwZitY0YcgUS
UXqgvYrW8js2CMfhR9okFvE55LICTj2q9E4LdKS0ZRYW2Rn90v8AKotoLm1M77Y/tSG6J6gGtbfH
3X9KTdD3X9Knl8x8/kZE9yTbyrgcoR+lFaF6YTZT4UA+W2OPairirEuV+hDanFnB/wBc1/lUwOet
Q2mPskGf7i/yqbAqQDgUHkUEUn0oGDEgcUm4EUvNI3UAUgF+6falJGM0lNxnqeKAFcFipU8g07Ga
QcAU4HimAmaM+lJSEigB1FJRmgBfekzjJpM00mlcBWbHaonkzxSO3emdDk81JViUNgU1Dk5PSoQ5
dsA8VIz7RgUwsPZiWwKVfbpUIOOOrHk0/OBjtigVhzMWHHA7VTuQOAvWrRYKhJ4+tQxqS288seAB
TQEccRAx3P6VFOoHI5INX9oVCAck9TVeXaqnC4+tO4EMM2Rg8n6VNvKnO4L7CqYXLYUgfWp1jY+h
96YF1JtwBBwKnil3ZU81TSJsYyPwq3EgUcmpAkH60oqMNyfWn5oELwaKQGkBbc2enagB2aKa/OPr
TqYC9vrTbn/jwuOP+WTfypaS4ObC4/65N/KhEsfKTu46Vn6i/wBnnt7ofw7lP4jj+taEx+aoJoo7
hNkq7lznGaoCi4+x21lP3QEN/wACGamMflaAVPUx7j+PNWpoo54/LkUMnp0pXRZIzG4yhGCKdwsU
Lo58PoPRV/mKm1Bg2iHByNqfzFWfKj8jyduY8Y2n0qJLK3SB4VT925yRuPNAEGoH/iSL/up/Sr0J
HkR/7o/lUbwRSQeS65jGBjJ7U/hVAHQDgUrhYp2BEV/exscMW3j6HP8AiKjtAZYdSlXkSbgvvwf8
atT20FxhpkyR3BwaniCRIEjUKo6AU7hYzklT/hHSNwztK/jmmXn/ACBrP/eT+Rq4NPtA7N5I+YEH
k9/T0p8ltC8KRMmUQjaMnjFAWLOazZ3VNdgLHAMeOfxq9k554rOuo0l1iJJF3KYuR+dICRiJddj2
8iKM7sduv+IpdLP+lX3/AF1P8zU9vbxWykQoFz1Pc0scUcLO0a7S5y3J5NMLFfTSIrq8iY4O/cM9
x/nFJpiiUXch+5NIce4/yamntYLhg0seSO4JFSoqxoFQBVHQClcLGZp+6S5ghbn7Lvz9c0+K3gfV
LmO5QMzHemT+f+far0cUccjyIuHf7xz1ptxbxXBHmoGx0PQincLDLi3gt7C58lAm5DnB9v8A69Q/
8wD/ALZ1ZS3hjgeJV+R/vDJ5pfKi8jyNv7vGNuT0pXCwliM2UP8AuCnyTrEwRV3ydcDtTogsaKiD
CqMAVQkla2v3cjOeR9KuKuxlspPKMyyeWv8AdFKIooQMJz/ePaqh1B+qgb+fmpi753yQ0je1XawF
tpwxxEC/v2ohKxSs0jjLn7o6Cqref53kIAGHXHapxAkSlpW4AySe/wBKmSTVhEN2qNIzJgJ3PvRb
qF2yOMbeFHc00NvbOOM8KB1P+NX4YfLAeTl+w/u0fCrASAMQHlA3dh6VG784odyT7UzIrLRbFImg
PzU23P8AoNt/1yX+VOg+9ikth/oFv/1yX+VPoJ7jiaTmkx6UZPpUgR3n/HnP/wBc2/lRTbvm0m/6
5t/KiqiJiWeDaQ5/55r/ACqbGOnNV7UEWsJ/2B/Kpxk1JQ7FApKXigAJFBxjpikIo6UAHagc+1LS
ZpAIc0Z9aU02mA5m9BVC6djLjOBirv0qnON7nI5HpQCJLOQkMGOcVYyDwKggiKrkd6nCkY7CkMXi
opG6gdaexxwKjYDOetIEMAPfpTHIGefwFOkfCmq6Hk5P1oKJU456ZoJOeBQB3Ip4IA4oAQDbwOp6
mmvIB06CkZsDioWYngfhQhAX3tk9BVmL5Vyep4+lQRrk46DqamJ+amFidOnqx7+lQzRADLHFPjcZ
47d6JACCzsB+uKQFCRBkEfrU0TKBhjn6CmSGPOAp+tPXb/CcVQFhXB+6PzqTeegxioAyjnPPvUqA
NwTnmkIcjZODj8KmqEYydoLUobqO9ICXIHU8U3eDwDVd2wcnpTROBiqEXAQRxSgVWSdQMk4pxuEI
O1smgCwMUlz/AMeNx/1yb+VRLIcZ706ZybG4B4/dN/KmhMlm+9UWTUk4yajANMEKDThmkAqGe6EE
yxeWWLDIwep9KLXAsDrikSaN2dVbLR/eA7VDb3RkmaKSIxyAZxnORS28iSS3SrEEZDywP3uv+FOw
WEW7RrRrgK20du9Sxt5kauOAwB/Os+L/AJAcn1/rWhaj/RYf+ua/yptDegk0iQJukOATgY6k02Ga
OfO3IKnlSMEVFfHZcW0rf6tWIPtmi1Hm3U1woIjbCrnvjvRbQOhZIx0oFONVPtMju4gg8xUOC27H
PtUpXEWQcnGDSeWhcOUUuBgNjkVH52bz7OyY+XcGz1/zzR9pUXEsZXCxLuZs07MLEo5FBBqK3nlm
KMLfbE3Ri39KqrLcf2k+ICzBMeX5g4HHNPlHYvYNLio5pykqxRR+ZKRuIzgAfWkS6DW8shjIeLO5
CehpWAlxSHI+lVjfP5QmW2YxfxNnp9KJL4qvmrAzQZxvz/SjlYWLFN70/AZQVOQRxTcEUgBTg0Sx
R3CgP1HQjqKQj0o5oTsBHHYwocszP7dKtxuqDCAKPQVCxIFCEkUXuKxWujJbXbTJ92TvVUvJMyry
3PArWBBGCMj3oUIhykaqfYYrTn0AjtoBbrubBlP6U92JpHJzTTnsKzbuAmaKXFJg0hk0B+aktv8A
jxt/+uS/ypYAc0y3OLG3/wCuS/yo6C6j+O1FJnPANABHU5zSAivB/okx/wCmbfyopLw5tJv+ubfy
oqoiYWn/AB6Q/wDXNf5VLUNr/wAekH/XNf5VNmpKFFKaZmg8sDmgB1J3zRTGVm6nA9qAHAhhkUVG
EZPutx704E96QDsig9KTHFN/GmA4DtTWXuKXJAJHNGc4PSkAJ8oI5oJJGe9LnimnkUMYhNRu3fNO
yAPeoJWycDikNEUj5OD+VOjjP9adDF5jZ7dzUkpCrxxQMZuGcN+lDOoGT+VRAgCh/mwaAA4c4qMg
DOOTTgeD9adEu5s9hTAkRfLQA9aaCWJPaiR8tgUxSScCkBMCcYHFBG7gk/lSqvc08nAPrQIgdAuN
o/GmbB15z61YIz1pgGSfSncY1AN3zH3qwHzwo61EuADgc0byOc80rhYtRjnBOTT2TPKDJFURcBD1
xThch325JPvQKzHSBt+GGDUTQrnpk+1SSPgLzk9s0oViOOOKpMLFSSP5sKacsXr+hqwLbkU2SyJ5
BxRcLDN3l8r/ACp4m8yGSPOC6FRngDIqq4ngyGGVqMTZ9R+OKpEtGx9olJz5UP8A39P/AMTUqGdx
kQw4/wCup/8AiawjI3UN+dXdOu23eWx69KBWNRRKSA8car6iQn+gqlMv/E4tx/sH+Rq8GNZ94HfV
IBEwV9hwT0704u4IdcKV1a3x12n8uaWxH+k3/wDvD+tSQW8puTcXLKZMbVVegFLbW7xTXLsVIlOR
jt16/nTuO5Si/wCQFJ9f6itC1B+yQ/8AXNf5VXSzkXTWtiybyc5ycdatwKY4I0Y5KqFOPYUNgylJ
H9tvJYXYiOJeAPU96had0tZLR8+epCpj+IZq3Nbyrc/aLZlDMMMrdDUMtpcSuJ2kjWZSNoA+UD3o
uhlxIyqKpOcDFU5Fl0+RpF+e3dssO65q6CSAWwD3xVWWK7uFMMjRLGTywznFJMSFuwEuLS4U5Bba
T7H/ACaLOITrdO3SVyo+gpdS2Jp5XpjAT61NBG0NisaYDheM9M076B0K1u81nMltPho24jcfyp0Q
/wCJ3MP+mX+FL5NxPPG9yYwsZ3AJnk0SwTre/abcpkrtYP8A5+lFwIUE7alc+S0YYYB356U97WaG
C8klZCZE/h9qkmt5Rc/abZlDkYZW6EVIUuJrWWObywzjC7c4H1ouFyvj/iR/9s6SUf8AEkB/2BU/
2d/7N+zZXft257Uj27HThbgrv2hc9qLhcfbBvscJRVY7F+82O30NOxcf88Yf+/p/+JogUxwIhPKq
AcfSnbjUtksbi4/54wf9/j/8TRi4/wCeMH/f0/8AxNOLHNJuOaVwsRu06dYof+/p/wDiaFeZjgRQ
/wDf0/8AxNMuVZ1yp5FRQCQODmi47Fr/AEgf8sYf+/p/+Jozcf8APGH/AL+n/wCJpcnuaUZ9aLis
J/pH/PGD/v6f/iaMXH/PGD/v6f8A4mnE00uQOOTmi4Bi4/54wf8Af4//ABNGLj/njB/39P8A8TTs
k800lvWi4Cq1wvIhg/7/AB/+JpiqY4IYjglECkj2FOBNITk0m7jsJS5pCM8YoAxQMhvGH2WYd/Lb
+VFFyu20n7nY38qKqImFp/x6Q/8AXNf5VLUVqf8AQ4f9xf5VLUsYtB6ZpM0tADc56ZpCT3FOP60Y
pAA5FAFMPB9KAxHvQBIelR4JPtQxJoBz1oAcOKOtNySfajOKAHFTjNJ25496CflODVYsWbGck0mN
DpHGdq8+9QYy/P0p8nyyfLjgYpYh8wLcnrQUT4EceKpyNuODVmQ5FVc/NQCGkECmqcHrzUjEY56U
0dyAQaAERTg5+tT8KmBUadRnvUhHyg0DIiCWwKnjTHYmoQwXc/oM1D9qJ45oEaBkVemR9aZuzzni
qglLdc5+tSL69TTBIlyOcGkBxTacKRVhSaaQDTqQ0hkTpkVFH/reOvSrDVAh2E565xTBl0Y4749a
mTnrVJJKsxSdjQFiyFFLnFNDUEimTYHVWBBGaozWKk5T8qubqTNK47GNNC8XuPemwNh8npitiRFc
EMM1l3EJgk45U9KpMhrsa1nOJECZ+YDvUj2+68juN+NgI2469f8AGseGQowIOK21bdGG9RmnsSOZ
qQNmmck09QM0hDsmkJp3SmM1AC5pKQZooANxHFKCaQ9aSkMjkthLcrK7kqo+VOwPrU+SFwTmkoJp
3ELmjNNNKOBQAobNLnPFMJpDkDI5oCxJmkJphJBA7Ud6AsKDzzSY54op1ACE0hOaUgGjGKAEAoAx
Sk4pFYHNAxeKM0hopAKTmjNJjNIR+FADyeOKb2oyKM0ALmkozQD6UwCjpS0e9AiG7H+hz/8AXNv5
UUXn/HpP/wBc2/lRVITGWo/0SH/cX+VS1Han/Q4f9xf5VL2qWUHWjPpQKQ0AKKafagetLQA0+9Jm
nEc00gelACU7FJjHNLmkAYNIAaXFAIFMAIwKrLxJmrJOahdMtleKTGiDPzE9aeh+ao24Y9qWI8kH
vSLJpMlDj0qsB2NWc8CmIIyc96QiNh0AwBSdsKBVkxp2NMKqAcH8qYEQGOakHPy+opoU5y3AHSlH
3gaBlOaTYdlQjg5qxcJmanJCuORTuK1yKPOasqOKAoHQUuaRaVh1Lmm0uKBi5pCaXFNcgCgBGIAJ
NVS+Rn1NNuJi3yrwOtMXnaKdib6lqM1aiGTVRB61ZhbB6GkUWwpxRg4oV/c/jQTQSJmm7qd2phxS
GISaiuVDwnPUU89aaxypHtTQMoxjPNbERzAnbis+OMbc++K0Ih+6UdOKpmTH5pwxjrTKKQh7P2oU
Z5puKeDgUCFxxxTSPQ07NI2DTAQDI96ToaUHigEE0DAGkJzTvekIHHOKBC0UgPFBPGcUgDHelpDw
KWmA1hmkyQMGloNIYgIHWnE56c00EdOlLQIOlGSfeloFMBDTAD5v4c08kJ+NFAxwApp60vUY7U0i
gBTx0pM468U5V70jLmkA3rSd6eq4HJzRtFAABQKTke9HXpTAXNLSHA/lS0CIbz/jzm/3G/lRSXhB
tZv9xv5UVSExlsSLSHH9xf5VMpPfrUNtn7LD/wBc1/lUgPNSykO70Y4ozRz0oAXimk5bilox6UAJ
zSGlzxTScDOaAFzxRj04pBzS4pAFGM0vTrRmgBMYFMyelPb2puKBlacAE+9RLkH3qe5X5c1XDcik
UiXf09KYn3selMLcGnW/zsRQMsfKo3PTBI7HCLgVLKPnxjOKQAY64+lIRGQQPmOSacowuT1pxI7f
rUcj4oGQOQZDT1xiou+aeDTLHmkPWlFBB7UCAH2pGfaM9KjkMg+7imqjucuaYXHiRz0Ax70k5Ijy
TUgqG75gPsaED0RU++5J4FO345HWo1JP09KnQKOSapkIaolPIp4kmjPIJpwd8/KmRTxN2ZCKQ7Es
V0zDBqdZCRVJnXIK1bgRmQnvSZaJDJj3pRJVaQ4471AxlzlelJIG7F8800jg1SW6kThh+dWvMDwb
xTtYm9xYACpHvV9B8gqlbj93mry9BTMmApSB60UUhABSheKTpS7uOKAAdOlJQCTSd6BgBxSYwafm
kzQAnShjgClNNbkigBF9acCKaOlGTQA8jNIc0vaigApKWkpiEIGelJ9KXFB56Uhhz2OaXikxinCg
BOM579KUUHOR6UUxCUYOaXPOKDyKAHA01jxRmkPXmgA7UoopO9AC4pBgUZ59qYSAxJ6UASD3oqIn
aflPFSDkZ60AQXg/0WY/7Dfyopbv/jzm/wCubfyoqoiY21/49If9xf5VLjvUVr/x6w/7i/yqTPOK
llC4zScUtLikAlJ+lOpCKYDdvOc0Y9eaXODgmigBMUo4oGRRQAuM8UEY4pFyzYA6d6lER7mgCKkB
BGRU/lCmOgxxRYEVpipGG6VRkIBIU96sXYK8jpVHJ3ZpGiJgjFeAD9algXy5Ae/ekVgyj5iacOOl
ICaZhnPGfeoxIcep9qRnB4xmo3kCrwKQD3lIGe3tUG4scnmmFt3J5NNzzTGiYUqio1PNPzigokBp
Qai30vmAd6AHnHWmlxuxTPNDZx29aSRTtJJA/GiwXJsDtUcwzEw9qqCR1PBP0pZJnYYPFVYV0MRc
mrCj1qKOplFJhFEijjK0hDMeakU4FIXHQUi7DVhyctVyFsAgdKrgtxkVZiAEZPfpQLYqXeSxK1Ag
mzkHI9Kuso5zUfkHqpx9KaYmrkOfMG2RSPfFKiMsDr1GeKm8tsfMc07blCKLktE1qN0KjvirSNyV
PUUyFVVRgYqXjOe9MyYdqQ0tBGaBDe/NKvNKRikzikMXoc00mnZ4po5oAUHimtnaaeBxTX+6fpSY
IiVmI4NMeZlUlcZoDEDg008is7l2HrKzDnrUwOVqsBgU+M4+lWhMnGcjHSlzQo44pMVRIuaKO1HT
rQAmOaWj6Uh9R1pgLxSjgUmaMZoAXiijtTcnOe1Ah2B3o4qFiWdVPXP6VLkHhaBi0jKGGDzQR+dI
27bhTg+9ACj2GKWkHv1o9qBCjFNcBlI9aUdKWgCuo2rg9RUqODgdOKJE3jI4NMHzdRhhQMS8H+iT
f9c2/lRTblt1pN/1zb+VFVElkdqx+zxDtsX+VTZ5qG2/49ov9xf5VLmpZQ/Jpc03ntRk0gHZ9Bml
AyM0nbNKDzimAhAPWk24ORT8UAZNIBvXpT0i5y1OC4+tKxIHFOwh4AHSg0zdShqq4rCmo3ORTiaj
ZuDSuUkVboAqQe4rLbKkitOY5zVGROam5okRK2KlEtRFKOnWgZL5npTGbueaQGhhmkAbqTPNKMdK
a1MB2e9PBBqDdil8wfSiwXJs8U3FR+YPWnhwaAuIR+P1phz3p5YComO45poGxX5ORTOc0uaB2pkk
qDip09ahTtUvPl8VLNEKWB+lNJxgjtSMVXGTQGU96AuTLOrADoferCzDaBVAoCcipAHAHpRYfqWm
w/0qBHKPjNJlsYzTX6ZpBcs780E4BIqKM5AqwiBiAec0Ay5GfkX6U6m9MAdKXIpnOxcelKBSLzTs
4FMQh6U3Bpwo4pAM2mlA5pSQByaXjtQO4dBTMbuO1PP60xg/8JANDQIqsuGIPrQq5IFTSRMfnxn1
oRWB4rOxVxnlsqnI70IORVnHyetQgfNVIVyVelBJoHSiqENJwaUEmlwDS4AAx1oAQGlxRzS0xDSc
UYGc9KVsUmM0DD60tGKQjsKAGupLKy9RT1OR0waMUUCFpMUtJQAmTRzS0UAJn2oyDS0hAoAOtQyq
xb5TipcYoI5oGVpkKWc27/nm38qKfdjNpNn+438qKqJLIrbm1i/3B/KpFHNRWzD7NF/uD+VSA5NS
y0PzinqMjNRg/jTgaQg9qUYzjuKUYpcUAGTipEGBTB15p+4DvxVIQ7IxUbt3NKWpAKGNDA2eKd83
rQVAOTQT6VJQ0kimOxPSnGo2qbjSI2yelVZhzxVh84qBxnmhFkY9DQVBoAopgRMmDxSZPQ1MeRTC
OaAGUjcCnUjDimIjC5pChFSLStTuKxCFOalAwKAKDRcCOSmZp71GaaJYpNPFR08UMIkqdKnjOVxV
eM4apFOGIqTRCuobg0RgKQG/Onjk0uMUDsWEt4yqn25oFvx1xUK8cqSv0NLukxhZKQrMZOWi5HzC
kD5XJGOKd5ZJy53H3oC5amMWFSqjNX7aPA3H8KqrV5DhQPakRJj80u3NIByKkFUjIaEA6UEY4p4p
cA07CuQ85xS0rDaaQH2qRjZMZUe9OWmn5pf90U5aYxXOOe9LSEcD60dqBDc5OORStJtTaBz0pqj5
jTZetJjHbxtxTU5OaZinoKSQx4z07UEUuO9AHY0xACKWjApMY6UxBSk0hHejGaQDT155pQTQelKo
oGLwcUEUAgUhPemIMUY/A0Zz0oKg9aAFHvQaRQR3yKBzQAoGaCAOtLnHFGKAEIzScinUYoASkwc0
uOeKTmgCtdsPs0wPB8tv5UU+8H+hzE8/I38qKqImVrcf6NEf9gfyqQY71Hbf8e0X+4P5VL2qWWhR
xTol8w8cD1pqZfAxzV2OPaoFCQmxohHc0vkr6mpKKqxFyJo0VSd3QVQec7sL1q9dNtjx61SjQElv
SpZpHuyWMkygVZAxVWH/AF+enFWu3SmhMY1MPFLjBppqGUhDjFManE000iiJ/eoCuelWGFRstBRD
jHWmmpCjE8DNO+zyHqMU7BexAaYaufZPUmmPa46H86dmTzIqmkqR0ZeCKYFJ6jAosO4lGKk20Yp2
JuREU01PtzTSv5U7BcgYcVGasMnFQMMGhCG09aYOTT6bBDgeRUr8EGohUo5TFSyySPk1NtzVWNsH
Bq0rZHFIpB5dAXFOBooGJSUpxTc55pCJIgWcCrqADtzVS36k1aU1SRnImBpwNRKTTwaZmyQUopgN
OBpiBwSMimDmphSBFznpSaBFdOS598VIo4qOE5JJ9asDHpSGxmDmjBp4xSOQO9MRGo60yRTxUqOr
NillXIzStcexWAqVV4pViOc1JsIpWC4wUhOKfsxzikIpgNBJAIoOcc0UE9KQCY4pRz0oNJjmgBcU
UY70uKYEQJVtrdOxp9OwDSUAFNzjluBmnUhoAU9KB04puCOQaUH1oAUe9LR16UZoATpxRzS0hOOt
ABQRnvilFFAEF3kWc/P/ACzb+VFF6CbSbnA8tuPwoqkJlW2H+jRf7g/lUuM1Ha/8e0X+4P5Vagj3
Nk9KnqUSQRbRk9asYpAMU6qIbG0tLTSwFMCnfH94g7YzUSEYqS7IZgR6VW9RWT3NlsWYQPNz2xVn
HFVImBkHpirXarREhrVC3WpXqJuamRURpppNLSVBQhpUUHkjik6nFTRJ61UdRN2HqgIzjil2AVKo
AFBANaoybIStROnFWmFROKB3KboMc1CUxVpxULKx6A0ikQEUmKsLbuevFSiEA8CldIZUEbHkKTSi
Bz/DV8L2HNKIz3pcwzP+zSN/CBTJNPkYZUrn61p7OadsHrSuw0OfELRuQ64IpCMGtyaFZBhhn39K
zprR0yR8y07jRTxinxtil29jTWQjkcigY8jJyKcshXrUSt2NSLg0homWUGl3jtUW1aUcUhkmc0Zp
m6gHJApgXIBhM+tTqahXgU9WqjF6k4xTxUAanB6BWJwBTwKiQ1KppkseKD90n2oFDfdP0oYiIEAD
jmgkegpg4x9KGJAH1rBl2Bjn86huDgVKOcVXujSRS3FsFL3AJ6DmtTbVDTVIVn/AVdzW6WhE9xdm
KXFJk0oJpkCY9qTHtT9x9BSbvagBhRT2pDEp47VLkelGVosFyHyuMUnlkVPx2NGB6iiw7lcq3pSY
OOas7DSFTSsFyt9KDU5QelIYx6UWHcrnJyOlAGKm8oe9N8o54NKwXIXLY4pQxK571KYiRzSCPaMY
osO5EhCjJPWnhgwyKYw2OuRUmOuKAFpDSDIGDS/rQAUUA8elFAiG9/485/8Arm38qKLz/jzn/wCu
bfyoqkDK9opa3hH+wP5VpRoFAFVtPTNrCx/55rj8quYoBsKKKaxoJEZ8VA4dqlxk0/HFBWxSkTjH
eoSpHUVclHNQuOKho0ixkH3/AMKsjPPNRW8fJb8KmIAFNCluIelROMVISajY5FDBEZ60hp5FKq5P
rUWLuMSMs3SrqKFFEcYQYqTFaJWMpO43FGKeBSEqCASAT0FUSMIprDtjNSMRnk4ppwBycUDRF5ZP
pQYRUmRnGeaFIYHaQfpU2KuR+UAfWgpipDg8Z5pmA3IOR04pWHcbj0p2M80LyPlYHHHFDHAyTj60
WAQjFIRxTl+tJnJIBBx1xQCALx7UwqOhGRTIo5FvHcy5QjhPSpzgg89KdgM+5tB95Rj6VU8sjjvW
znjjBFV54V6nA+tKxSZltED2wabsZavGLt0phjPIFBVyrmgnNW7eyd0+Yjr1NTCwQEFnBFOwuYzR
+ZqaBSWye1aa2sSdEFP2KMdBSFcphWI4BP0qRInPbA96uKu0cninlRg9qZJWEIHXmkKAH5eKmIAG
T09aAm8ZBBHtU6jIgWU88irCcjNNEanvn6U/IHA600S9Rwpe1R+YM4yM+lKJPxp3FZjABkUxzk08
YboaNnJ5yaycShgGPyqrOcuBVxsLwSAT2qGGLzLjc33Ryc01EadtS3bx+XCq+2TUtLgYz2pRgjI5
FbGLEApHdEGXZVHqTin4rN1tlawG0g/OOh+tNIaV2aNJihcBFyccUuQSQCCR19qQhuKMUuV3bcjP
pmlIA5PSgBlFKpDDKkEexpeM4zzQAlGT60Ahs7SDjrg0AgkgEEjqM9KAF3GjdRikUqwypBHtQA7d
7U3zI9+wsA393PNDEKMsQB71nP8A8h6P/rn/AI00rjSuafy0mB60mKQkL94gfWkIdszTJGiiwJHR
M9NxAzT+AMk4rJsoor25uZbgBzv2qCeg/wA4ppDSNQxg00xj3qhpw26lekf3v6mtPd7UmrA9CExe
9Hlntipdw9KMilYLlO9VhZT5HHlt/Kipr7H2C4/65N/KimguNsB/oNv/ANc1/lVioLH/AI8Lf/rk
v8qnoEIaYaeaaRSGIo5p2KFFOxTAhcc1Ft3nFTuKRVxz3pDuIqhRgUMKfTTQBXkpnUVJIKj6CoZo
g61NCnc1D0+tWkGFAoihSY8UuabmgGtDMS4l8i3kl7quR9ay0t7eWxaWaVTcuC24vyD2q9fgvYzK
Ou3P5VVsoLWa0jYxIWxhvrVJ6FrYawe90lZCcyx8g9zj/wCtTTL/AGjLbx/wgb5Pr0/z9atyvHZW
rlFCgdAPWqNjutLlEfgTqD9D6UX0GPvIzLqkUasVDR4JHpzStELC/gMRIjlO0gn/AD60+dgutW5J
wNmP50uo4e8tIl+9u3H2HH+BoGR3yPJqkUaNtLx4JHpk5p14i20cFpE5RZG+ZiegpZj/AMTu3P8A
0zP/ALNSalsN1bPIMx52tmjsIjuFgtJoZbV1+9tdQ2cinThJdV8q5/1YX5ATgE/5zVv7HajnyVFF
3BFcx4k4YdG7ilcLkN2n2awdbcbRnt2BNLZW1ttimiGWA65745pmnTGW1Ky/NtJXJ7ioSBZ36CI/
JJ1Wi3QZNCAdanH+wP8A2Woo4Bcajco5Plg5Kg9T2/rSxSgatMx4ymP5UtpIP7QuTnrRsAton2fU
pYFP7vbkA9un+NNjiW+u5mlyY4ztUA0+Jh/bLn/pn/hS6ZhZ7mE/e35HuP8AOKYEVpCF1OWIklVT
jPpx/jV9oo1BIHOKqQYbWZ8HICY49sCr7J8jfSpe4mzO0/8A5Bc3/Av5U2yslubMPKWY8hefu1Jp
o/4lUx/3v5VY0jH9np9T/OqYNkOks8tpg87WKj/P40atEwtllHWNgf8AP6UuhnFm/wD10P8AIVcu
0861lTqSvH1pfaFfUo6ofMt4o05MmW+oAzRdzb9IjI5aTav4/wCRTdPb7RPETyIYdv45x/KorcFp
oLU8+TKxP0HT+tOwzRe0haCNJhlYxjrgVStzFDqojtnBikXkA5APP+FSXn+kajDbSEiLG4j1PP8A
hTWSOLWoFiVVAQ5AHfBpIB1qPJ1W4i6BxvH+fxNNg3Pc3s6jLLlU98f/AKhTtQbyLyC57cqf8/ia
k01SlmpP3nJY0dLjKthBBcQiR/mmDZYk8jmr5GKo6hGtqy3UHyPuwQOhrRyOtTLuBQsP3V5cQ9Bn
cPp/kim20mxby768kL/n8RS3zfZrxJ16NGV/HH/6qcsWNGKDqU3H+dV5gNhsUnszLJuadxuDZ6el
OSTzdAmc8uPlJ/EVNZzKNPR88KvP4VXtkI8P3HH3ju/Dj/CmhMvJ/wAgP/t3P/oNLo//ACDIfx/9
CNMR1/sHOePJI/HGKk0f/kGQ/j/6EaHsQ9iLWJHKw20ZwZ2wSPT/ACaqarp8dpaq8JYAsAwJ6+9W
dWPl3VnMfuq+CfTkf/XpdfcCyRc8lxj8qa6DXQZrJZYrQp98OCv1ouIhpdhI8bsZpSAXJ7+v86XV
/uWf++Kk11C9hkfwOCf5f1o7B2KlzbW0FkJYZl+0phtwfJJ71omOK+tInnGVIDkZwOlNisrKWJJF
gQhhkVW1BQ13a2X3ID1A7+36Ug3Ik8m21aJbRwY5Bh1VsjNPvozLrUMQYqHjwxHpkk/youIYodWs
0iRUHUgCpJx/xUNt/wBcz/7NTGVrq0W1voEtmaITDa2D+dPu7aPT7i2lt8rltrDOc1NqQ/4mVj/v
f1FGtD/j2/66UAnsJqTiS7gtGfZEw3SHOMj0/Soj5NnqUBtXHlynayq2R/nmn30af2zAZ1BjkXbz
68/4irq2FqjhlgUMpyD6GjYV7FF4/wC0NUkjkJ8mEY2g9T/nNMigFtraRqSU2Hbk9Bg8fzqayIj1
e7jbgv8AMPf/ADmkdg3iBADnamD+RoA0iQASeg5rKsrZNQWW5uQWLMQoz90e1akg3Iy+oIqhojD7
GyHhkcgikthLYbpwE0VxZXHzrE2OT1Gf/rVFpNpBI8rumWik+U5PGKm0r57q8mH3GfAPr1/+tSaN
/wAvP/XSmN9Q08H+0b3/AHv6mtA1BBFHHcXDpKGZyNy5+7U5qWS9RKKKKQiC+/48bj/rm38qKW+/
48bj/rk38qKYDrH/AI8Lf/rkv8qnqvY/8eFv/wBcl/lVikAlIRTqSkALS0mMdKUHNMBrDNJinGko
GNNNanGo2PekNEb8mmN1pWPPNNJzUM0Qsa7nA7VaFQwDAJqUmqiiJasDSFgBTWaonbtTbsCVxxkJ
+lVGs4w5MUkkYbqEbAqbJxmkJ9KnmZdrDZLZJEjRmcqhyOev1p8tutwE3FlKnIK9aEyx9qmBwcU0
2IoXUay6rDG/KmPn/wAeq1b2cUDl8u74+8xzgUrW6tcrOS25RtHPHf8AxqwAP/11TYXITao90k5Z
tyDaMdMc/wCNSTQJPGY5BlT+lP8A5Uucd6VySpHp6xspE0zBTkKW4pJrFZZGcyyru6hW4q5mmluc
UXHdlY2Uf2fylLKoP8J5zUIsfLfflnbHVjnFaANGKLsLmUYvLnaVg25hj2/zxTUVUlZ1Jy3rWs0a
sMEZqM2iH2paj5kU4YwbnzRksRg1PPZQzMJG3K3qpxmpVhMZBXHFQy2KzSvIZZFJ6hT1pphcgsER
dSnMQwiqF/Hj/A1pk7gR0GKrwwR2ybY+B1JPU0ryE8LwKHITVxsUMVvbtAhYq2ck9eaW3RbeIRIW
Kj1ppNOHNTdsdrCWtutshRCxBOeanzSAEDPekJwMGqEQW0EdsX8vPznJzSLDGl08653uMH0/zxUj
nAqLdzSbZSFuIEuCrMWVl6Mp5FJHaRRypKGcuueSc5z60u+k30rsCHUnEojtl5dmz9BVhgPJ8vJC
428elQJEkczSDlmPU9qkZs02+iHYhW0QMrM7uF6BjkCrQaouTTqlu4Fa+Inlit15Ocn2FXOBwOB6
VXhhSJnYDLMc5NTZOKpvoIg+wxFiAzqjHJQN8prSgRPJ8oqNhGNvtVZOe1Wo6aZMiumk26kgvKyd
QhbgGrdtAttAsKFiq5xnr1p2aM07tkXY24gjuYTFKMqf0qoNIgMRRnlYkYDFuQParuaXNF2F2Q3N
pHciMOWHlnIwetTuqupVgCpGCD3pM0ZouK5RGlRrkJPOkZ/gV+KnurOO6VQ5YMn3WB5FT5ozRdju
yommwpLHLvkaRDnczZLfWpXtY3vEuiW8xF2gA8d/8amoouF2RT2sc88UrFg0RyMHg0XVql15fmFh
sbcMVLRmi4rkd1bRXUeyUZHYjqKigsRDKr+fPJt6K7ZAqzmjNFx3K93Yw3TrIxdJF4DocGki0+CG
ZJUL7kBHJznPc1ZzRRcLsXA9apy6ZHJK0iySRl/veW2Aat5ozRcV7EcMCW8QjjXCio7a1jtd+wsd
53HNWDSZouFytBZxwTyyoWLSHnJ6VPS0lABRRRQBBff8eNx/1yb+VFF9/wAeNx/1yb+VFMBbH/jw
t/8Arkv8qsVBYj/QLf8A65L/ACqbBpALRSUUgFpMUZpaAGnNBp1GBTAiJpjnipWT0qJ1PcYpMpFd
s55oHXinMpzkULGe9RbU0uPR+B/SlLU3AUVG7GqvYm1xWbPSmdyTQDjqKa59KhstICwHQ01SWNNJ
p8fAzQtRvQlzgDAp6knpxUa8kYqZVx71RA8A4paAKXHemSIc9qO3NGaKBiUdTx0p22nBaLCuNC04
ClxSimTcTBopaTNMAxTZNoGTSSShB71UeQuxJNS3YqMbjmbnNMLE09Ii4z0p/wBn96mzZd0iJeeT
Uyrg0ixFeMZqQCqSJbAEimse3enEUwimJEbnrUBJNTOOaiNQy0IPSiggkjFOCkjjrQMaPejGDUhQ
DJ5xTSVAznNUoNhcQU/kimblAHenZAIGcn2o5GguKQCKFBH0pVpwXPB6UhXHoKnTpUSCnltpGelM
h6koopAcilzVEBS0lFAC0tJRQAUUUUAGaUGkpKAH5pM03NGTQA/IpOKbRzQA6lxSAVXmv4IOC29v
7q80JBYs4oxVWeSWa0EkLbM8++KzRe3FvICJC47gnOacVzbFcptSSJEm6Rgo9TUcd1BK+1JQW9Kq
SKL+FZwx4H3O3/66ynzvJUEYP5U4pSQcp0xFGBjpzUVpI0tpG7/eI5qTNSSGKMUUZoAgvx/oFx/1
yb+VFF8f9AuP+uTfyooAZYt/oNv/ANc1/lVgNWfZvi0hH+wv8qsCSgdizupeDUAenB6BWJcUYNMD
UoagB1FG6lyKAEoIz1FLiigCMxg9KjdGA4FWKKQ7lBmx1BB+lRls9etaLIrdRmq8lmrfd4NS0WpI
qE+/NRs351NJayIOBuqBkYfeGKmxomhU5NSdajBH0qWIZOapIlskjXHNTgUxRxUqCmS2KBxRzT/a
kxTJuMI4pM4NSECk20h3EFOFGKUCmSwoopCQBzTADUE04XheT/KmzTHGF6VAeetS2aRj3AnJyf1o
jBdsU0+hqezXLE1K1LeiLKLgAU8CgClrQwbExTStSUYoEREUwrU5FNK0DuVmT1qMx5q4UB5puwVN
ilIqCMihnEbbduakuGRUIDYf2qJUbJAbawGXkP8AyzH+NWkoq7Hcbgg7GLFjz5aDJ/H0p4t5D/yz
jT/fYk/pViAQqrpFldoBYsCCfc5pfMiJ5LDPGShAP41jOpUb0FdEH2WTGQYSPcH/ABqN42QZeJlH
9+M7h+XWrryRD5SXJU87VJwab5kagESZzz8iknFSp1EF0U1Oz5871PRgeKswnzEDYxTJViUiVHUG
TqoBKv8AX0PvURGyRSHIjz+WOxrpTU1ruF7lwCh4y5BzihD5nKspGakAxUWFexXkmitSFlkwSMjg
1LDIk0e+Jty5xWbrX+vj/wBz+tFpIbC+aCQ/u2OM/wAjWnIraDtdGhJdQxSiJ2Ic9sUs9xFbbfOb
bu6cZrN1L/kKL/wGptd/5Yf8C/pT5VoFif8AtK0/56H/AL5NTR3EUsLSo2UXOTjpgVRgj00wRmUr
5m0bssetWgsC6fP9mx5ZRjwSecUmkJpDDqdoP42P/Aalhu7edtscnzehGKztIhilaXzlVsAYzUV9
HHHehbQ56cKc4b2/Snyq9h2RufpVaTULVDgybj/sjNV9ZuGULApxuG5sd6ltNPhSFTKgd2GTnt7U
rJK7FbqyeG6gnOI5AW9DwalrI1K0W2KTQ5VScYz0PtWlZzG4tUkb72MH6ihx0uga6olZlRdzsFHq
arPfAnbBGZD6ngVVllWTUXWY4ROAKl+1QIvB2rnGB1NNRsFhHSef/Xy7V/urSeTFCASoA9TUL3TS
N+7UKo6E9ajMsaNliZH96Yy9bytIzpj5P4TjGazrq38qUqDk9vpVlGmkKn7ncAf1qJ2LsVDZOeW9
PaoSandBcWyLqyqjZQD5gaum3ju2DLwmfmYd6itbfzVAHywjqe7Vo8KoVRgDgAVMkr3RNwAVFCqM
ADAFJk0UUCDJooooAgvv+PG4/wCuTfyopb7/AI8bj/rk38qKAM61bFtF/uD+VThzVa3/AOPaL/cH
8qlzUmhMHpwkqDNLmncLFgSU8SVVDU4NRcVi0HpweqoenB6BWLQanBqqiSnh6YrFgNS5FQB6cGoF
YlxRg0wNShqAFpjRo/3gDUgNHBoAqPZIcleKYlu0fHWr2KQikPmZXUY61IKcR7UYoC9wzSE0YooA
QHijOadtNAWgAozQQccVXlWQ+uPaga1HvMBwvJqB3Ynk0mCo6YppqWzRIQ+9NNDHnFARnbCjNSUM
BycetaUEfloB371HBbBOW5NWatKxnOV9EFFFFUZhRRRQAtJiiigAxTXO1SxBOBninU2RiqEqMmjY
DPeRWlebb8qjOD3PapJIpUtwyshdAXffk5PXI/lVa4vFt38vyixxuIVRwPWnm/XZPuVmREBbtkN/
+uolJyaa2FzJkxTbdyr2Pl5/76P/ANaodmz7WXznBLZ/T9KRLmFbtoMSSNMo3GRs9s49qjW5gknW
JhcuN5CiRspkfzo0FoTCNmazbkgqMf72Rn9M0027yLO67GRZcnc2MYpFuYZppo1aeMoCWCPhT64p
EvovsyJGjhHBKhACQRyc+tGgaCxZWVXfadjZYEnG89B+AqaQKzsV4EhII9HH+Iqot5AYGZVuI1Qj
LYB3nPfPfNPN4sUKYglA34AYfMW65p3tsO9i3YzKAIQhzySR/WruKz7Wc5UrAQ0nG3GDj3rRPXFV
zc2o73MfW/8Aj4j/ANz+tWNVtfNgWZB80Y59xUl7YfbJFfzdm0Yxtz/WrY6Y6jGKvmtaxVznTMZp
4Gb7wAUn1wf/ANVX9d/5Yf8AAv6U46Qom3rNtXdkLt6frVi+s/tmz95s2Z/hznP4+1VzK6HdXK1v
pttJbxu7NuZQT8wq00McGnzRxklQjdTntVT+xR/z8/8Ajn/16s29j5FvND5u7zARnbjHH1pNruJs
y9Ps1uzIGcrtA6CnQZsNR2OFYZxnHY9xWlZWX2MufM37sfw4x+tNvNPF3KJPM2HGD8uc/rT5lcfN
qVNbjInSTsVx+IrQtZluYFdDk4ww9DUkkSyw+XMN4xgn39az20cBsxzlR7ipumrMWjQmsTJsSBTl
gdxx2/zmrWnoYrKMMME8n8ajt9LihYO5MhHTIwKuEZobVrIG9LFC/sWmfzYeW/iX1qpFYXDtgpt9
2ra5oyaXMxXKsGnQpgyEyH8hVOUxx6lJ5y/KOFAHStbmoLqzjugC2VcdGFCeuoIzZb0spWMbc/eI
PUVLY2hmG98iP/0L/wCtU8WlRo4Z5C4HbGM1dJ4wOBTcuiG2HAACjAHAAopMGioELRSUuDQIKKKW
gCC+/wCPC4/65N/Kii+/48Lj/rk38qKYGbbf8e0X+4P5VJimWw/0WL/cH8qlxUGg2ilxRQAUZooo
AXNLmm0UAPDUoao6XNAEoeniSoM0oNMViwJKeHqqGpwagVi0HpwaqoenCSgLFkNTg1Vg9OD0xWLG
QaMA1CGpwagVh+2kxQGpwYUANzSg0vBowKQBRik20cimAjRq3UUxrdD1FSbvWlyDSC7K/wBkj9DU
yoq8AYp9FFgu2JiilopgMooPBpKAFopKM0ALS03NLQAtIxIHyjNFI2SpCnaccH0oAyr+2uFuJHgj
dxKgGUOCpH9Khls7tBJH5JkaeNFL5+6R1zV0tOspia4bJGARjGe3alSSVolcSyDBxICw4I69qmXu
7hylD7FeC488R8LKPl/iIHGfpTo7K4iuFmMTuomY7PQdmFaQ3EZWeU5Hykkfl0qujXsjYDSL6liP
8Kjniw5WU7eyvIpEkePIcOCB1XPrUlnp80F3bPtbyymWB/hbHNaSRSgfPcSE+2P8KTDDJaaUD6jn
9KTqxHyMzns5zpMkfkt5hlyF7kZqOW0ka2jVLKYKsuWQtkkY9a028zGBNLuz6jj9KieWQOwE0m1F
+bkcse3SqjJPRC5WPsxJFFGqQNGR2c5wM1dJ5zVS0E74lkmLLz8pFW60tbQLWCqep3JggCxnDueC
Owq4BWDdSNeXh8sFuygelXBXZUVc2raYXFsko6kc+xqQVk6PPtlaBuj8j2NarHYrMeigmlJWYmtS
jHekam8Tt+7Y7R7GtDHOK5hmLMWPUnNaj6lnThz+/Pyn/GqlDsU4j1vvM1RY1P7rlfqfWptSkeG1
LxttbcBkVhRuY5VcdVINberkGx3DoSDTas0DVmZy3l6ylldyF6kLwKvadfG4fypsb8ZDDvVOwu47
aGYOCS+MAfQ0mkoz3ysBwgJP5U2kNokW7n+3iMynb5mMe2a12GDWEv8AyFf+239a3n+9UzRMjK1K
6nhudschVdoOBTr+4migtWRypdcsfXpVfWP+Psf7gp+p/wDHtZ/7h/pTS2KtsRpPqEi7kMrD1C5/
pVtZblNMmkl3rIG4LDBxxVK31Ca3iEaBSoPcVca5e60qZ5AAQwHH4U2hMXSriW4kkErlgF4zUV5q
LiQx25wAcFvWo9MYqtyy9RHkUzS0WS+XeMgAtz60WV2x2HBtRC+Z++x7ir+nzTXMLGVQADgN61MZ
tzHmmXEhW0lK8YU4xUc19BMpXeosHMdvwBxv9fpULSahGvmMZQvqRxS6RGr3uW52KWH1raJJOD0q
m1HQHoUbC/Fw3lSgCTsR0NSy3DQySAqGC7cAdTn/APUayJB5F+RH/BJx+ddC4GenNTJJaiehSmmE
+m3TAYwjjn0xRUt9/wAeFx/1yb+VFSSZ1t/x6xf7g/lUtR23/HrF/uD+VS1BoJijFLRSATFJinUU
ANxSU/FJigBtLRiimAUUUUAGaXNJRQA7NLmm0UAPDU4PUWaXNAiYPTg9QZoBphYsh6cHqsGpwegV
iyGpweqwenB6BWLIel3Cq4enBqYrE3Bo2iow1KGoAdgijJFAalyKAANRnNGAaNtACN0pF6UpBpOl
AC4ppGKdmjigBlLQRikoAWlpBS0AU7uFEVpSzBie54qJH3EyINxI/eIP4x6j3rRIB6iqc1tK07PH
tC9uef5U2lNWZSYiHcC8Tb0bt6fhUm8qVXdgkZ2nnFVBIjPuJKSd3TqfqO9SiST1hk9z8prlqUZp
lpknn5GQ6kdOAaNzNgpktzyexqMOw+7FCO/MlNeUkHzJgB3WIY/U1KotvRBcez7WKRYaXqWPSP6/
4VBmMskIcqmcZ7knv9adGrzfu4QioBnGeP8A65q7awmKEK4Xdknj611wgqer3JbJIYUhXahYjOeT
mpKSiggq6nP5NqQDhpOB9O9ZNvBdMPMt0f03KcVuyQxSkGSNWI6ZqRAqIERQqjsKtSsik7I5x457
aVWkVkfO4Z71r3lyr6YZV48wAfQ9/wCtWZI45seaivjpkUhgg8vy/KXYDnbjjNDkmF7mVpVstwJ9
4+Xbt+mf/wBVV1tJGu/s2MNnBPoPWt+OOOJSIkVATzilCqJC+0byMZ9qfPqHMY2rW6wSxhBhdmPy
qa4k83RIm7ggH8K0ZIo5ceaitjpkUnkw+X5flLsznbjjNHMHMZWmWkV0shl3fKRjBrWgjigXZEgU
d6EjjiBEcapnrjvS4qZSuJu5z7v5V80mM7ZCcfjV/wDtgMwHkdT/AHv/AK1XDbW5JLQoSTknFH2a
2B/1CflVOSe47pmZrP8Ax+f8BFO1P/j2s/8AcP8AStSSGGVt0kSsenIokihkCh41YKOAR0o5tguQ
aWB/Z6nAJyaXUD/oEoxjp/Op1CIgRFCr6CkdVdSrjcp6g1N9bivqZmjKGkmVuhXn86rSJLYXQI6q
cqexFbaRxxZMUaqSOcCmuocYdQw9CKfPqVczm1JD8whIb68VasJ/tcDrInI4JA4INSJZ2wOfIXPv
VjIC7VAUDoBSvHoDZhMs2n3QYduh7MKtvrGU+SHD+54FaLKrrtdQw9CKiFnaht3kLmq5k9xXXUzN
OtXuLgTOD5ancWPc1tscmkzgAAAAdhSVMncTdyC+/wCPC4/65N/Kii+/48Lj/rk38qKQjOtiRbRZ
HGwfyqUMDUlooNnBn/nmv8qeYFPTioNLkVFOMJH3TTcMO1IBaKTNLQAUlLRQAlGKWkoATFGKWjFA
CUUuKMUAJRRRQAUUUUwCloooAKXNJRQAuaUNTaKBEgalD1FmlzQBOHpweq+aUNTFYsh6cGqsGpwe
gLFgNTg1Vg9PD0xWJw1OyKrhqcGoETYBpNtMDUoagBSDSYpwalyKAGYpcU7AoxQA3FFOpKAIXt0M
LRoqoD0wOhqvJY4iHlHL55LHrV7FJzTUmgKL2BG0JJkE/MT2+lSrZIsyupO1f4TzzVjNLT5mF2MW
NFZmVQGbqQOtPooqQCgnAyeKK5/VdQa4kaCI4hU4Yj+M/wCFNK4JXLt1rUUTFIF85h1IOFH496z5
NXvXPyskY9FXP86ogY6VLBE08yxJ1Y9+1VZJXZqoLqTf2nf/APPz/wCOL/hR/ad//wA/P/ji/wCF
SJZQyXIhjuCxwdx29MVBbW4nSZi23y0LdOtSpQHyxH/2pf8A/Pz/AOOL/hR/ad//AM/P/ji/4UG1
SO3WSabY7ruRAuc1K+nCNGdpCEWMNnHUntRzwDliRf2nf/8APz/44v8AhR/ad/8A8/P/AI4v+FMg
txLBPJux5QBxjrmp108NPFH5hG+PfnHShzgtGHKiP+07/wD5+f8Axxf8KP7Tv/8An5/8cX/CnRWk
M0rhJ2KIm4ttp66cpmC+d+7MfmBgvb6UvaQW4csSL+07/wD5+f8Axxf8KP7Svv8An4/8cX/CoZUj
EoWKQuvqRirM9lHHMII5i0pIG0rgDNU5QVrhyoZ/aV9/z8f+OL/hSf2lff8APx/44v8AhUlxZIkZ
eKXfsfY+RjBp1xp6xJKUl3NFgspXHBqfaUw5UQ/2lff8/H/ji/4Uf2lff8/H/ji/4UWtp9ohmcNg
xjIGOvX/AApzWTC1hlBy0rbQuOmelNzgnZhyob/aV9/z8f8Aji/4Uf2lff8APx/44v8AhUlxYpHF
I0cu9oiA4x6+lOuNOWNJNk25owGZSuOKXtKYcqIf7Svv+fj/AMcX/Cl/tK+/5+P/ABxf8KW6tYre
MZmJkZQwXb6+/wCdMitRJa+duwfMCYx9P8aalC1w5UO/tO//AOfj/wAcX/Cj+07/AP5+P/HF/wAK
kl04xPMC5wibwcdabLaRRQI7TNvkQMq7etJVIPYOWIz+0r//AJ+P/HF/wo/tK+/5+P8Axxf8Klk0
9UjcCXM0a7mXHGKgubcQJCwbd5iBunSnGcJbByoJNQvHjZHnyrAgjYOR+VFV2+6aKtpEySR0dn/x
5wf9c1/lU2M1UtLq3W0hVp4gQigguOOKm+123/PxF/32KxJJQuBQRUX2y2/5+Iv++xR9rtv+fmL/
AL7FFgHNEpphhx0o+123/PxF/wB9il+123/PxF/32KLDuR4YdRRmn/a7Y9biH/vsU1p7Q/8ALxF/
32KVguJmimGe2zxPF/32KYbiD/nvF/32KBk1FQ/aYP8AntH/AN9Cl+0wf89o/wDvoUwJaMVF9pg/
57R/99Cl+02//PeL/voUASYoxUf2m3/57xf99ij7Tb/894v++xQIkxRio/tNv/z3i/77FH2m3/57
xf8AfYoAkxSUz7Tb/wDPeL/vsUfabf8A57xf99igB9FM+02//PeL/vsUn2mD/nvF/wB9igCTFFR/
aYP+e8f/AH0KPtMH/PeP/voUASUVH9pg/wCe8X/fQpPtMH/PeP8A76FAEwoqL7TB/wA94/8AvoUo
uYO88f8A30KAJKXNQ/abf/nvH/30KPtMH/PeP/voUAThqUNVf7TB/wA94/8AvoUv2qD/AJ7x/wDf
QoAshqcHqp9qg/57x/8AfQpftUH/AD3i/wC+xTAuB6UNVMXcH/PeL/vsUou7f/nvF/32KBF0NTg1
UReW/wDz3i/77FOF7b/8/EX/AH2KBF0PTg1Uhe23/PxF/wB9ilF7bf8APxF/32KYi9miqYvrb/n5
i/77FKL+2/5+Yf8AvsUAW8UYqsL+1/5+Yf8Av4KX7daf8/UP/fwUAT0YFQ/brT/n6g/7+Cj7baf8
/UH/AH8FICbFJiofttp/z9Qf9/BR9ttP+fqD/v4KYEOrXBt7FyvDOdi/j/k1zQGBitXXbmKUW6xS
o4ySdrA49P61lbh6j86uBpAWremSLHeoXOAcjJ7VT3D1H50ZHqPzqpJSi0aXRq2NrLbagokGAQ2D
nrTLOGSGO6EqlSYSeazt/wDtfrRv/wBr9axdNvdiujRvYXuYobiEbkWLDYP3cVauwJ7UwD76RrIP
frWHuAGN3X3pd/fd+tL2O2uwGhpz+Xa3b7VbAU4YZB61cVt2oW5wBmDOB0FYW7HG79aXf33frROj
zNu+4aGtaiRJ5jNCkZ8knaowCKnTLXgkUZV7fKr2HI4rC3/7X60b/wDa/Wk6F9bhoT3CyLcjzY1j
Y4+VRgVoXE6pqyKyIAGHz455Hc+nNZBfPJbP40hYHkt+tW6fNa7C6NaaM29tcCTjzZht9xnOamvz
vhukUbWTaSR/EPesQvnGWzjpk0b+vzdfeo9hqncDU0pxFAzHo0iqfxqeaRERQPuQTqPoAKw9wxjd
x9aNwxjdx9aboJy5rhoa9whgivnfpKw2e/8AnNTXx3x3SINrKqsSP4hWGXyAC2QOmT0o3/7X60vY
dWwNXUllMKFYlMYjXL4GR+NRW3/ILP8A13H9Kz9+Rjd+tG7jG7j61Spe7y3Hob08gkivFP3o1I/A
jP8AjVO8mEcFoPLRsxqdxHI6dKzd/X5uvvSFgerfrUxoKPUWhtyr5ct3cnHlvEAp9ciqF8zmO2Dp
txEMc9aqb8gKW4HbNBfOMtnHHWqhS5XdsNBG+6aKRiNp5orVkyP/2Q==
--q23crqeqcr--


From eap-admin@frascone.com  Wed Apr 20 14:21:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA04803
	for ; Wed, 20 Apr 2005 14:21:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A40352035A;
	Wed, 20 Apr 2005 14:21:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 409EB20313;
	Wed, 20 Apr 2005 14:21:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6C3AA20313
	for ; Wed, 20 Apr 2005 14:20:46 -0400 (EDT)
Received: from mailout2.samsung.com (mailout2.samsung.com [203.254.224.25])
	by mail.frascone.com (Postfix) with ESMTP id 4700F202CA
	for ; Wed, 20 Apr 2005 14:20:43 -0400 (EDT)
Received: from custom-daemon.mailout2.samsung.com by mailout2.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 id <0IF900B04CAIHF@mailout2.samsung.com> for eap@frascone.com; Thu,
 21 Apr 2005 03:20:42 +0900 (KST)
Received: from ep_mmp2 (mailout2.samsung.com [203.254.224.25])
 by mailout2.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0IF900M6CCAIJ7@mailout2.samsung.com> for eap@frascone.com; Thu,
 21 Apr 2005 03:20:42 +0900 (KST)
Received: from Alperyegin ([105.144.29.41])
 by mmp2.samsung.com (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23
 2003)) with ESMTPA id <0IF90028WCAFNT@mmp2.samsung.com> for eap@frascone.com;
 Thu, 21 Apr 2005 03:20:42 +0900 (KST)
From: Alper Yegin 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-reply-to: <200504200057.j3K0vhpR011434@sj-core-4.cisco.com>
To: gwz@cisco.com, "'Tschofenig Hannes'" ,
        "'Sam Hartman'" ,
        "'Martin Soukup'" 
Cc: isms@ietf.org, radiusext@ops.ietf.org, eap@frascone.com
Message-id: <03ab01c545d5$9f1b8a60$079da8c0@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 11:20:21 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

> >>> what is radius for you? (you write that it is not a trusted
> third
> >>> party.)
> >>
> >> It's not.  From the point of view of authentication protocols
> (PAP,
> >> CHAP, EAP, etc.), both RADIUS and Diameter are just "wires":
> >
> > What happens when we look at this picture from the "authorization"
> > perspective? "Host-to-NAS authorization for the network access
> > service"
> > is dynamically generated from "host-to-AAA server" authorization
> and
> > "AAA server to client (NAS)" authorization. Wouldn't this
> constitute
> > a 3-party model?
>=20
> I'm pretty sure that both Sam & I were just talking about
> authentication. =20

I understand that.


> In any case, could you expound a bit?  I don't
> actually know what you're talking about.  What do "Host-to-NAS
> authorization for the network access service", "host-to-AAA server
> authorization" and "AAA server to client (NAS) authorization" mean?
> Are you saying that somehow the host authorizes the NAS to provide
> it network access?

The host (or the user on the host) is authorized to access the Internet
by relying on its subscription with an operator that runs the AAA
server. SLAs, credentials are used to encode this relation. [1]

A bunch of NASes are also authorized by the same AAA server to provide
access service to subscribers of that operator. This comes in the form
of roaming agreements (list of NAS identifiers, credentials, etc.) [2]

Now, if host1 wants to access the Internet via NAS1, the required
dynamic authorization (that host1 is allowed to access the Internet, and
NAS1 is allowed to provide this service) can be generated by relying on
[1] and [2].

I guess the AAA protocol that runs between the NAS and AAA server is a
"wire" as you said, but the AAA server is the trusted third party. Does
this make sense?

Alper







>=20
> >
> > Alper
> >
> >
> >> the
> >> operation of the auth protocols should be exactly the same as if
> they
> >> terminated in the AAA client, instead of elsewhere.  Basically,
> the
> >> purpose of AAA (again, from the POV of an authentication
> >> protocol) is simply scaling.  BTW, a lot of misery has been
> caused by
> >> the erroneous belief that EAP is (or can be) a three-party
> >> authentication protocol: it isn't, and can't be.  It could
> _carry_ a
> >> three-party protocol (like Kerberos), but EAP in itself is a
> >> two-party protocol.
> >>
> >>> why do you care that only one party knows that radius is used?
> it
> >>> could also be diameter.
> >>>
> >>> i would like to better understand why some people dislike the
> aaa
> >>> architecture (radius, diameter).
> >>
> >> I think that the misunderstanding mentioned above might have
> >> something to do with it...
> >>
> >>>
> >>> ciao
> >>> hannes
> >>>
> >>>
> >>>> -----Urspr=FCngliche Nachricht-----
> >>>> Von: isms-bounces@lists.ietf.org
> >>>> [mailto:isms-bounces@lists.ietf.org] Im Auftrag von Sam Hartman
> >>>> Gesendet: Freitag, 15. April 2005 19:34
> >>>> An: Martin Soukup
> >>>> Cc: isms@ietf.org
> >>>> Betreff: [Isms] RADIUS is not a trusted third party
> >>>>
> >>>>
> >>>>>>>>> "Martin" =3D=3D Martin Soukup  writes:
> >>>>
> >>>>     Martin> RADIUS "Access-Accept" indicates a successful
> >>>>     Martin> authenthentication response for a user.
> >>>>
> >>>>     Martin> The Access-Accept already returns a
> "Session-Timeout",
> >>>>     Martin> defined as "Sets the maximum number of seconds of
> >>>>     service Martin> to be provided to the user before the
> session
> >>>>     Martin> terminates. This attribute value becomes the
> per-user
> >>>>     Martin> "absolute timeout."".
> >>>>
> >>>> This only tells the SNMP engine talking to the RADIUS server
> the
> >>>> timeout.  You need to tell the other side of the exchange the
> >>>> timeout too.
> >>>>
> >>>> Remember that RADIUS is a callout service; it is not a trusted
> >>>> third party.  In other words, in a particular SNMP
> authentication,
> >>>> only one of the parties will know that RADIUS is being used.
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Isms mailing list
> >>>> Isms@lists.ietf.org
> >>>> https://www1.ietf.org/mailman/listinfo/isms
> >>>>
> >>>
> >>> _______________________________________________
> >>> Isms mailing list
> >>> Isms@lists.ietf.org
> >>> https://www1.ietf.org/mailman/listinfo/isms
> >>
> >> Hope this helps,
> >>
> >> ~gwz
> >>
> >> Why is it that most of the world's problems can't be solved by
> simply
> >>   listening to John Coltrane? -- Henry Gabriel
> >> _______________________________________________
> >> eap mailing list
> >> eap@frascone.com
> >> http://mail.frascone.com/mailman/listinfo/eap
> >
> >
> > _______________________________________________
> > eap mailing list
> > eap@frascone.com
> > http://mail.frascone.com/mailman/listinfo/eap
>=20
> Hope this helps,
>=20
> ~gwz
>=20
> Why is it that most of the world's problems can't be solved by
> simply
>   listening to John Coltrane? -- Henry Gabriel


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 20 14:24:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA05216
	for ; Wed, 20 Apr 2005 14:24:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A094A20361;
	Wed, 20 Apr 2005 14:24:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 9C0182034B;
	Wed, 20 Apr 2005 14:24:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 361762034C
	for ; Wed, 20 Apr 2005 14:23:17 -0400 (EDT)
Received: from sj-iport-3.cisco.com (sj-iport-3-in.cisco.com [171.71.176.72])
	by mail.frascone.com (Postfix) with ESMTP id 2976F2034B
	for ; Wed, 20 Apr 2005 14:23:14 -0400 (EDT)
Received: from sj-core-2.cisco.com (171.71.177.254)
  by sj-iport-3.cisco.com with ESMTP; 20 Apr 2005 11:23:14 -0700
X-IronPort-AV: i="3.92,117,1112598000"; 
   d="scan'208,217"; a="252354462:sNHT63050800"
Received: from gwzw2k01 (dhcp-128-107-165-105.cisco.com [128.107.165.105])
	by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id j3KIN0L1007721;
	Wed, 20 Apr 2005 11:23:05 -0700 (PDT)
Message-Id: <200504201823.j3KIN0L1007721@sj-core-2.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: "'Jeff Mandin'" , ,
        
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0080_01C5459B.56DF9D70"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <42665A04.2060503@streetwaves-networks.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVFpaYvBy9Ph8iDSzKSt/g0/GxgsQAKw4TQ
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 11:23:02 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

This is a multi-part message in MIME format.

------=_NextPart_000_0080_01C5459B.56DF9D70
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

In order for a "trusted third party" in the technical sense to
exist, the other two parties need to a) know about its existence and
b) trust it.  Does the "authenticating entity" know about the RADIUS
server?
 
In an EAP scenario the peer does in fact know about the AAA Server
(or rather it always assumes that the AAA might be there).   

 
Which EAP are _you_ talking about?  I'm talking about the one
defined in RFC 3748.
 
Consequently the AAA-Server does resemble a TTP in the EAP case  -
as Jesse Walker wrote at length in http://mail.frascone.com

/pipermail/eap/2004-October/002895.html 
 
To quote from the referenced email (emphasis added): "People have
pointed out before that EAP is a two-party protocol, and that we
can't change the EAP model, and I am sure they will again. However,
the reality is we don't have to change EAP authentication one whit
to address this problem, because it has nothing to do with
authentication; it is about what to do with the results of
authentication and the resulting authorization decision. All we need
is one three-party scheme to deliver keys (properly bound to the
authenticated identities of the NAS and Peer) to the NAS and to the
Peer; we don't want some indeterminate number or 15 or 5 or even 2;
just 1 proper key delivery that will allow applications to meet the
SP 800-56 requirements. Even if EAP is itself two-party, the key
distribution scheme can very well be three-party. And there are
ready-made algorithms we can pick up and use (e.g.,
Needham-Schroeder, Otway-Rees, Bellare-Rogaway) if only we want to.
To reach a solution that will be acceptable to NIST and to the
802.11 community, I beleive we need to define a 3-party protocol
that involves the Peer, the NAS, and the AAA server; we would need
to define how this consumes the EAP keys, and we would have to
define a migration strategy to get from the current practice to the
new mechanism. The document has not done this. I am willing to
create time in my schedule to work with people to remedy this if
there is any will in the group to take on the problem. If we need a
different document to accomplish these ends, then that is ok, too.

I don't see any claims in the above that RADIUS, Diameter or EAP are
three-party protocols, nor that the AAA server is a trusted
third-party; it appears that Jesse might like it to be so, but that
is a different issue.
 
There are scenarios (eg. mobile wireless) where the peer is _not at
all_ interested in the identity of the NAS - but only that the NAS
is trusted by the larger entity (ie. operator) that uses the
AAA-Server for access enforcement.   That would amount to an
inversion of what seems to be the standard trust model for RADIUS
etc.
 
No, that _is the standards trust model for RADIUS, etc. -- or more
precisely, for the access control _system_ which may or may not
include  AAA.  From the user's POV, the system is a black box that
proves it trustworthiness by showing knowledge of a shared secret;
it doesn't matter if the secret is stored in local NVRAM or on a AAA
server 6000 miles away. 


------=_NextPart_000_0080_01C5459B.56DF9D70
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








  

  
  In =
order for a=20
  "trusted third party" in the technical sense to exist, the other two =
parties=20
  need to a) know about its existence and b) trust it.  Does =
the=20
  "authenticating entity" know=20
  about the RADIUS server?

  
 

  
In an EAP scenario the peer =
does in=20
  fact know about the AAA Server (or rather it always assumes that the =
AAA might=20
  be there).   


 


Which=20
EAP are _you_ talking about?  I'm talking about the one defined in =
RFC=20
3748.


 


Consequently the AAA-Server does resemble a TTP in the EAP =
case  - as=20
Jesse Walker wrote at length in http://mail.frascone.com/pipermail/eap/2004-October<=
WBR>/002895.html 


 


To quote from the referenced email (emphasis added): "People have pointed out before that EAP is a =
two-party=20
protocol, and that we can't change the EAP model, and I am sure they =
will again.=20
However, the reality is we don't have to change EAP authentication one =
whit to=20
address this problem, because it has nothing to do with authentication; =
it is=20
about what to do with the results of authentication and the resulting=20
authorization decision. All we need is one three-party scheme =
to=20
deliver keys (properly bound to the authenticated identities of the NAS =
and=20
Peer) to the NAS and to the Peer; we don't want some indeterminate =
number or 15=20
or 5 or even 2; just 1 proper key delivery that will allow applications =
to meet=20
the SP 800-56 requirements. Even if EAP is itself two-party, the key=20
distribution scheme can very well be three-party. And there are =
ready-made=20
algorithms we can pick up and use (e.g., Needham-Schroeder, Otway-Rees,=20
Bellare-Rogaway) if only we want to. To reach a solution that will be =
acceptable to NIST=20
and to the 802.11 community, I beleive we need to define a =
3-party=20
protocol that involves the Peer, the NAS, and the AAA server; =
we would=20
need to define how this consumes the EAP keys, and we would have to =
define a=20
migration strategy to get from the current practice to the new =
mechanism. The=20
document has not done this. I am willing to create time in my schedule =
to work=20
with people to remedy this if there is any will in the group to take on =
the=20
problem. If we need a different document to accomplish these ends, then =
that is=20
ok, too.


I don't see any claims in the above that RADIUS, Diameter =
or EAP are=20
three-party protocols, nor that the AAA server is a trusted third-party; =
it=20
appears that Jesse might like it to be so, but that is =

a different issue.
 


There are scenarios (eg. mobile wireless) where the peer is _not at =
all_=20
interested in the identity of the NAS - but only that the NAS is trusted =
by the=20
larger entity (ie. operator) that uses the AAA-Server for access =
enforcement.=20
  That would amount to an inversion of what seems to be the =
standard trust=20
model for RADIUS etc.


 


No, that =
_is the=20
standards trust model for RADIUS, etc. -- or more precisely, for the =
access=20
control _system_ which may or may not include  AAA.  From the user's POV, =
the system=20
is a black box that proves it trustworthiness by showing knowledge of a =
shared=20
secret; it doesn't matter if the secret is stored in local NVRAM or on a =
AAA=20
server 6000 miles=20
away. 


------=_NextPart_000_0080_01C5459B.56DF9D70--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 20 16:13:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA14452
	for ; Wed, 20 Apr 2005 16:13:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C630E20365;
	Wed, 20 Apr 2005 16:13:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 3FEA82034C;
	Wed, 20 Apr 2005 16:13:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B42D72034C
	for ; Wed, 20 Apr 2005 16:12:19 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 0417F202DB
	for ; Wed, 20 Apr 2005 16:12:17 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DOLYW-0006Rr-VA
	for eap@frascone.com; Wed, 20 Apr 2005 16:12:17 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3KKCF410949
	for ; Wed, 20 Apr 2005 13:12:15 -0700
From: Bernard Aboba 
To: eap@frascone.com
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Key caching discussion at IETF 62
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 13:12:15 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

At IETF 62, we had a discussion relating to EAP key caching behavior.
This is an attempt to summarize that discussion so as to expose it to
review within the EAP WG.  Once we have consensus on this, a summary will
be put forward for inclusion in the EAP Key Management framework.

According to RFC 3748, EAP methods deriving keys must export the MSK and
EMSK and may optionally provide an IV.  Each of these fields is at least
64 octets in length.

In addition, the key management framework defines other quantities that
may be exported.  This includes the EAP session-ID, the peer-ID and the
server-ID.

Currently, EAP lower layers such as 802.11i implement a key cache on the
EAP peer and authenticator.  No current AAA server implementation includes
support for a key cache.

At IETF 62 we discussed some of the implications of this.  In particular,
was it a good thing for EAP lowers to maintain their own key caches, or
should a cache also exist within the EAP layer?

During the meeting, Sam Hartman suggested that there were significant
security advantages to the existing architecture.  In today's
implementations, there is no key cache in the EAP layer.  Once the EAP
method completes and passes up exported keys, they are provided to the
lower layer and are no longer available to the EAP layer.

Some of the implications of this include the following:

a. EAP does not support sharing of keys between lower layers.  In the
existing architecture once keys are passed down to the lower layer they
cannot be retrieved.  This implies that keys are provided to the lower
layer over which EAP runs, and no other application can obtain them. This
prevents compromise of one lower layer from compromising other
applications using EAP keying material.

b. The cache structure is defined by the lower layer.  As has been
discussed, EAP itself does not negotiate a key lifetime and EAP methods
also may not negotiate this.  As a result, the key lifetime and key
caching behavior will typically be handled solely within the lower layer.
While keys derived between the EAP peer and server are not inherently
bound to a particular interface, the lower layer may impose additional
usage restrictions on keys.  For example, it may state that a peer may
only use derived keys on the interface over which EAP was run.

One additional issue to think through is the implication for EAP key
naming.  If only the lower layer obtaining the keys can use them, then
there may be no reason why the lower layer can't implement its
own key naming scheme.

The only issue that might arise is if the AAA server needs to maintain its
own key cache in a future extension.  In terms of key management, AAA
functions like another EAP lower layer, so that it can maintain its own
cache.  However, AAA may be used by multiple applications so that the peer
might have lower layer specific caches and key names while the server
would have a single unified cache and therefore might require a unified
key name.  This seems like it could become a problem.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 20 16:23:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15526
	for ; Wed, 20 Apr 2005 16:23:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 904CE20369;
	Wed, 20 Apr 2005 16:23:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 2FB8420353;
	Wed, 20 Apr 2005 16:23:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 00A7920353
	for ; Wed, 20 Apr 2005 16:22:09 -0400 (EDT)
Received: from mailout2.samsung.com (mailout2.samsung.com [203.254.224.25])
	by mail.frascone.com (Postfix) with ESMTP id 661002034C
	for ; Wed, 20 Apr 2005 16:22:03 -0400 (EDT)
Received: from custom-daemon.mailout2.samsung.com by mailout2.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 id <0IF90030BHWPNO@mailout2.samsung.com> for eap@frascone.com; Thu,
 21 Apr 2005 05:22:01 +0900 (KST)
Received: from ep_mmp2 (mailout2.samsung.com [203.254.224.25])
 by mailout2.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0IF900LLTHWOCL@mailout2.samsung.com> for eap@frascone.com; Thu,
 21 Apr 2005 05:22:00 +0900 (KST)
Received: from Alperyegin ([105.144.29.41])
 by mmp2.samsung.com (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23
 2003)) with ESMTPA id <0IF9007FTHUCFT@mmp2.samsung.com> for eap@frascone.com;
 Thu, 21 Apr 2005 05:22:00 +0900 (KST)
From: Alper Yegin 
Subject: RE: [eap] Re: EAP Key Binding
In-reply-to: <4263CBBE.5080509@agere.com>
To: "'Dorothy Stanley'" ,
        "'Walker, Jesse'" 
Cc: "'Bernard Aboba'" , eap@frascone.com,
        "'Paul Funk'" ,
        "'Henry Ptasinski'" ,
        "'Steve Emeott'" ,
        "'Russ Housley'" ,
        "'Nancy Winget'" 
Message-id: <03bc01c545e6$9137b930$079da8c0@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 13:20:19 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7BIT

	The centralized model encourages AC implementations to use one
PMK 
	for many different WTPs. This practice facilitates speedy
transition 
	by a station from one WTP to another WTP that is connected to
the same 
	AC without establishing a separate PMK.  However, this leaves
the station 
	in a difficult position.  The station cannot distinguish between
a 
	compromised PMK and one that is intentionally being shared. This
issue must 
	be resolved, but the resolution is beyond the scope of the
CAPWAP working group.

So, the issue is about binding PMK to NAS ports (WTPs in this case).
Unless the NAS explicitly informs the host about the list of ports, how
can this be handled? I think this is an issue for the EAP lower layer to
handle.

Alper


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 20 18:47:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA02258
	for ; Wed, 20 Apr 2005 18:47:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id ECAE820370;
	Wed, 20 Apr 2005 18:47:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 718BF20368;
	Wed, 20 Apr 2005 18:47:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 41A3520368
	for ; Wed, 20 Apr 2005 18:46:33 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 0425320353
	for ; Wed, 20 Apr 2005 18:46:31 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DONxL-000MRt-QD; Wed, 20 Apr 2005 18:46:03 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3KMjuV20567;
	Wed, 20 Apr 2005 15:45:56 -0700
From: Bernard Aboba 
To: Alper Yegin 
Cc: "'Dorothy Stanley'" ,
        "'Walker, Jesse'" , eap@frascone.com,
        "'Paul Funk'" ,
        "'Henry Ptasinski'" ,
        "'Steve Emeott'" ,
        "'Russ Housley'" ,
        "'Nancy Winget'" 
Subject: RE: [eap] Re: EAP Key Binding
In-Reply-To: <03bc01c545e6$9137b930$079da8c0@sisa.samsung.com>
Message-ID: 
References: <03bc01c545e6$9137b930$079da8c0@sisa.samsung.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 15:45:56 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> The centralized model encourages AC implementations to use one PMK
>for many different WTPs. This practice facilitates speedy transition
>by a station from one WTP to another WTP that is connected to the same
>AC without establishing a separate PMK.  However, this leaves the station
>in a difficult position.  The station cannot distinguish between
>a compromised PMK and one that is intentionally being shared. This
> issue must be resolved, but the resolution is beyond the scope of the
> CAPWAP working group.

Not only is it beyond the scope of the CAPWAP WG, but it's beyond the EAP
WG scope, too.  For the purposes of EAP and AAA, the key is provided to a
given NAS, no matter how many ports it has.  The way to fix this is to
have the authenticator advertise the NAS-ID and confirm this securely
between the peer and authenticator in the Secure Association Protocol (and
perhaps between the EAP peer and server too, via channel bindings).  EAP
and AAA already enable this, so it's up to the lower layer to implement it
correctly.

> So, the issue is about binding PMK to NAS ports (WTPs in this case).
> Unless the NAS explicitly informs the host about the list of ports, how
> can this be handled? I think this is an issue for the EAP lower layer to
> handle.

The NAS doesn't have to inform the host of the list of ports, it just has
to provide the host with the same NAS-ID that it provides to the AAA
server.  You are correct that it is a lower layer issue.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 20 21:08:14 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA16349
	for ; Wed, 20 Apr 2005 21:08:13 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 956E42037A;
	Wed, 20 Apr 2005 21:08:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id DD4E720372;
	Wed, 20 Apr 2005 21:08:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id D1BAD20372
	for ; Wed, 20 Apr 2005 21:07:26 -0400 (EDT)
Received: from mailout3.samsung.com (mailout3.samsung.com [203.254.224.33])
	by mail.frascone.com (Postfix) with ESMTP id C7AD82036C
	for ; Wed, 20 Apr 2005 21:07:24 -0400 (EDT)
Received: from custom-daemon.mailout3.samsung.com by mailout3.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 id <0IF90081RV4ATG@mailout3.samsung.com> for eap@frascone.com; Thu,
 21 Apr 2005 10:07:22 +0900 (KST)
Received: from ep_mmp2 (mailout3.samsung.com [203.254.224.33])
 by mailout3.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0IF9007KWV43JL@mailout3.samsung.com> for eap@frascone.com; Thu,
 21 Apr 2005 10:07:15 +0900 (KST)
Received: from Alperyegin ([105.144.29.41])
 by mmp2.samsung.com (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23
 2003)) with ESMTPA id <0IF9005TVV3V1I@mmp2.samsung.com> for eap@frascone.com;
 Thu, 21 Apr 2005 10:07:15 +0900 (KST)
From: Alper Yegin 
Subject: RE: [eap] Re: EAP Key Binding
In-reply-to: 
To: "'Bernard Aboba'" 
Cc: "'Dorothy Stanley'" ,
        "'Walker, Jesse'" , eap@frascone.com,
        "'Paul Funk'" ,
        "'Henry Ptasinski'" ,
        "'Steve Emeott'" ,
        "'Russ Housley'" ,
        "'Nancy Winget'" 
Message-id: <03ee01c5460e$6a67a130$079da8c0@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 20 Apr 2005 18:06:50 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7BIT

> > So, the issue is about binding PMK to NAS ports (WTPs in this case).
> > Unless the NAS explicitly informs the host about the list of ports,
how
> > can this be handled? I think this is an issue for the EAP lower
layer to
> > handle.
> 
> The NAS doesn't have to inform the host of the list of ports, it just
has
> to provide the host with the same NAS-ID that it provides to the AAA
> server.  You are correct that it is a lower layer issue.

Dorothy can correct me if I'm wrong, but shared knowledge of NAS-ID does
not seem to solve the problem she is describing. Unless both the host
and the NAS agree on the list of ports (WTPs) associated/bound to the
PMK (or, its derivatives), host cannot distinguish between a legitimate
WTP and one that's using a compromised PMK (or, a derivative). In fact,
what I'm talking about is further binding that not only includes the NAS
ID but also the port IDs.

Alper



_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 21 00:52:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA00423
	for ; Thu, 21 Apr 2005 00:52:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C37071FE3C;
	Thu, 21 Apr 2005 00:52:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 094CC1FE02;
	Thu, 21 Apr 2005 00:52:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6AAE91FE02
	for ; Thu, 21 Apr 2005 00:51:20 -0400 (EDT)
Received: from ringding.cs.umd.edu (ringding.cs.umd.edu [128.8.129.2])
	by mail.frascone.com (Postfix) with ESMTP id 94A931FD6C
	for ; Thu, 21 Apr 2005 00:51:17 -0400 (EDT)
Received: from toblerone.cs.umd.edu (toblerone.cs.umd.edu [128.8.129.39])
	by ringding.cs.umd.edu (8.12.10/8.12.5) with ESMTP id j3L4pH1q029528
	for ; Thu, 21 Apr 2005 00:51:17 -0400 (EDT)
From: "T. Charles Clancy" 
To: eap@frascone.com
Subject: Re: [eap] eap pax expert review
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 21 Apr 2005 00:51:17 -0400 (EDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

[Sorry if this gets posted twice -- the first time I sent it from the 
wrong email address, so it's in the moderator's queue.]

Jari, thanks for your time and your review.  I've put together -03 to 
address your comments and updates some of the references.  I will be 
submitting it shortly.  Meanwhile, a copy can be found here:

http://www.cs.umd.edu/~clancy/eap-pax/draft-clancy-eap-pax-03.txt

> [JA] Also, I didn't review compliance to IEEE method requirements.
> (Any takers?)

For anyone interested in this, it's outlined in the last paragraph of the 
introduction.

> [JA] The claim for "cryptographic binding" (RFC 3748, Section 7.2.1)
> is not documented for PAX, as this claim is relevant for tunnel
> methods only. But for completeness sake it would be desirable to
> mention why its not being listed.

Ah... I have channel binding but not cryptographic binding.  I've added it 
to section 4.3.

> [JA] (Editorial note: the document talks explicitly about
> the conditions upon which an EAP Failure needs to be sent.
> However, while it can be understood and implied, it doesn't
> actually say that an EAP Success should be sent otherwise.)

I've added the following to section 2.4:

   If PAX-ACK is received in response to a message fragment, the receiver
   continues the protocol execution.  If PAX-ACK is received in response
   to PAX_STD-3 or PAX_SEC-5, then the server MUST send an EAP-Success
   message.  This indicates a successful execution of PAX.

> [JA] Regarding RFC 3748 Section 7.8 (optional) behaviour for
> detecting bidding down attacks using Naks, EAP PAX does not do this.
> Might be useful to note this.

I've added the following to section 4.3:

   EAP is susceptible to an attack where an attacker uses NAKs to
   convince an EAP client and server to use a less secure method, and can
   be prevented using method-specific integrity protection on NAK
   messages.  Since EAP-PAX does not have suitable keys derived for this
   integrity protection at the begining of a PAX conversation, this is
   not included.

> [BA] It would be useful to have PAX document the key name and scope,
> as in Appendix E in the Key Management framework.

I've added the following to section 2.3:

    The EAP Key Managment Framework [I-D.ietf-eap-keying] recommends
    specification of key names and scope.  The EAP-PAX Method-ID is the
    MID value computed as described above.  The EAP peer name is the CID
    value exchanged in PAX_STD-2 and PAX_SEC-2.  The EAP server name is
    an empty string.

[ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ]
[ computer science ]-----[ university of maryland | college park ]
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From xmn@hd4info.com  Thu Apr 21 03:26:32 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA00839;
	Thu, 21 Apr 2005 03:26:32 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DOWGM-00061m-GV; Thu, 21 Apr 2005 03:38:19 -0400
Received: from [211.245.244.108] (helo=65.246.255.50)
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DOW4r-0001Hw-3H; Thu, 21 Apr 2005 03:26:22 -0400
Received: from xnvbdnjflo.westolympian.com (bqklegtodo.westolympian.com [104.240.210.34]) by 211.245.244.108 Microsoft SMTPSVC(5.0.2195.5600);
	 Thu, 21 Apr 2005 10:21:26 +0300
Message-ID: 
Date: Thu, 21 Apr 2005 10:21:26 +0300
From: Monique.Brandt
Reply-To: "xmn@hd4info.com"
To: ips-bounces@ietf.org
Subject: Congratulations
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="54301380514"
X-Spam-Score: 4.5 (++++)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22

--54301380514
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit



Hello ips-bounces@ietf.org,

We tried to contact you earlier about flnanclng your home at a lower rate. 
I would like to let you know that we have gone ahead and started the preapproval process, 
Here are the results:

Name: Ips-bounces
Negotiable Amount: $267,000 to $824,000
Rate: 4.53% - 7.30%

For more information or to have a broker contact you please visit:
http://g.msn.com/0MNBUS00/1?http://ok-ref-now.com

No future contact:
http://g.msn.com/0MNBUS00/1?http://ok-ref-now.com/gone.asp

Best Regards,

Monique Brandt, 
Account Manager

--54301380514--


From eap-admin@frascone.com  Thu Apr 21 04:40:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA06009
	for ; Thu, 21 Apr 2005 04:40:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BD507204FC;
	Thu, 21 Apr 2005 04:40:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 1C113204F4;
	Thu, 21 Apr 2005 04:40:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id E7159204F3
	for ; Thu, 21 Apr 2005 04:39:41 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id F31F4204F1
	for ; Thu, 21 Apr 2005 04:39:39 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DOXDm-000KIg-Ql
	for eap@frascone.com; Thu, 21 Apr 2005 04:39:38 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3L8dbl25218
	for ; Thu, 21 Apr 2005 01:39:38 -0700
From: Bernard Aboba 
To: eap@frascone.com
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Reminder to draft authors and editors: new boilerplate
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 21 Apr 2005 01:39:37 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Dear WG,

Just as a reminder, there's new boilerplate available for the
updated BCP 78 and 79 about IETF rights in contributions and
IPR considerations

Please make sure that you're familiar with the new versions,
and start to use the new boilerplate.

The new format will be mandatory next month sometime, so please
start preparing for the changes now, as you get ready to submit
new drafts of documents.

If you're using xml2rfc, there's a new version of the tool which
provides this now (1.29).

http://xml.resource.org/


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From ellasar@doneasy.com  Thu Apr 21 04:41:57 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA06338;
	Thu, 21 Apr 2005 04:41:55 -0400 (EDT)
Received: from [211.237.222.104] (helo=132.151.6.1)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DOXRO-0007cE-7u; Thu, 21 Apr 2005 04:53:43 -0400
Received: from brazen-jcoppens.com (EHLO coset.jcoppens.com) 
  by boswell.jcoppens.com with SMTP; Thu, 21 Apr 2005 02:34:27 -0700
Date: Thu, 21 Apr 2005 08:38:27 -0100
From: "Ahmed Thornton" 
To: drums-archive@ietf.org
Cc: dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org,
        e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org,
        eb-archive@ietf.org, eccmtmagma-admin@ietf.org,
        ediint-archive@ietf.org, edu-discuss@ietf.org,
        edu-discuss-admin@ietf.org
Subject: Become a homeowner with low rates
Message-ID: 
X-SpamTest-Info: Profile: SysLog
X-SpamTest-Status: Not detected
X-SpamTest-Version: SMTP-Filter Version 2.0.0 [768], SpamtestISP/Release
X-Mailer: MIME-tools 5.41 (Entity 5.404)
X-Spam-Score: 6.0 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.cra3y.com/sign.asp



 Best Regards,

 Deanne Mcmanus
 
 to be remov(ed:	http://www.cra3y.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From faiqfady776903@tlchoices.com  Thu Apr 21 09:07:31 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA24215;
	Thu, 21 Apr 2005 09:07:31 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DObaS-0005xO-MB; Thu, 21 Apr 2005 09:19:21 -0400
Received: from [211.106.245.74] (helo=65.246.255.50)
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DObOy-0001EQ-CF; Thu, 21 Apr 2005 09:07:28 -0400
Received: from jeannor.sterenmgt.com (211.106.245.74)
          by 211.106.245.74 with Microsoft SMTP690(96.8.050.03);
	 Thu, 21 Apr 2005 11:06:06 -0300
Received: from 211.106.245.74 (kilohm[211.106.245.74])
          by frape.sterenmgt.com (gyix25) with SMTP
          id <88aayr3zv>;Thu, 21 Apr 2005 09:03:06 -0500
Message-ID: 
Reply-To: "humberto clites" 
From: "humberto clites" 
To: routing-discussion-request@ietf.org, l2tpext-admin@ietf.org, dmin@ietf.org,
        owner-ietf-outbound@ietf.org, meeting-scheduling@ietf.org,
        iptel-request@ietf.org, ran@ietf.org, eap-archive@ietf.org,
        maddogs@ietf.org, workshop@ietf.org, seamoby-admin@ietf.org,
        ipoverib-admin@ietf.org, dccp-request@ietf.org, manet@ietf.org
Subject: FWD: Information Update Number - 942
Date: Thu, 21 Apr 2005 19:59:06 +0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--0592897_60184088.hz842"
X-Spam-Score: 17.1 (+++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab

----0592897_60184088.hz842
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit

Dear Homeowner,


You have been pre-approved for a $300,000 loan at a low fixed rate.

This offer is being extended to you unconditionally and your credit is in no way a factor.


To take advantage of this limited time opportunity, we ask you to visit our website and complete

the post approval form.


Approval Form


humberto clites

Chase Financial Group


loralie gunner machine lorien lovebird

not interested


----0592897_60184088.hz842--


From eap-admin@frascone.com  Thu Apr 21 11:10:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA08092
	for ; Thu, 21 Apr 2005 11:10:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 54E0D20516;
	Thu, 21 Apr 2005 11:10:11 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id AC8282051E;
	Thu, 21 Apr 2005 11:10:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 8B8842051C
	for ; Thu, 21 Apr 2005 11:09:20 -0400 (EDT)
Received: from huawei.com (szxga02-in.huawei.com [61.144.161.54])
	by mail.frascone.com (Postfix) with ESMTP id 68EAD20516
	for ; Thu, 21 Apr 2005 11:09:16 -0400 (EDT)
Received: from huawei.com (szxga02-in [172.24.2.6])
 by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar
 3 2004)) with ESMTP id <0IFA002PTXYX3T@szxga02-in.huawei.com> for
 eap@frascone.com; Thu, 21 Apr 2005 23:06:33 +0800 (CST)
Received: from szxml01-in ([172.24.1.3])
 by szxga02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar
 3 2004)) with ESMTP id <0IFA00G8GXYX7H@szxga02-in.huawei.com> for
 eap@frascone.com; Thu, 21 Apr 2005 23:06:33 +0800 (CST)
Received: from l25684b (72-254-192-125.client.stsn.net [72.254.192.125])
 by szxml01-in.huawei.com
 (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3 2004))
 with ESMTPA id <0IFA00I5OY3EMS@szxml01-in.huawei.com> for eap@frascone.com;
 Thu, 21 Apr 2005 23:09:23 +0800 (CST)
From: Li zhiming 
To: eap@frascone.com
Message-id: <003301c54683$89246110$a8f50a0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
Content-type: multipart/alternative;
 boundary="Boundary_(ID_rtVgvxXNyleK0MR+VGRvbg)"
X-Priority: 3
X-MSMail-priority: Normal
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] unsubscribe
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 21 Apr 2005 22:32:59 +0800
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

This is a multi-part message in MIME format.

--Boundary_(ID_rtVgvxXNyleK0MR+VGRvbg)
Content-type: text/plain; charset=gb2312
Content-Transfer-Encoding: 7BIT

unsubsribe
**************************************************************************************************
This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
**************************************************************************************************

--Boundary_(ID_rtVgvxXNyleK0MR+VGRvbg)
Content-type: text/html; charset=gb2312
Content-Transfer-Encoding: 7BIT









unsubsribe


**************************************************************************************************
This 
e-mail and its attachments contain confidential information from HUAWEI, which 
is intended only for the person or entity whose address is listed above. Any use 
of the information contained herein in any way (including, but not limited to, 
total or partial disclosure, reproduction, or dissemination) by persons other 
than the intended recipient(s) is prohibited. If you receive this e-mail in 
error, please notify the sender by phone or email immediately and delete 
it!
**************************************************************************************************


--Boundary_(ID_rtVgvxXNyleK0MR+VGRvbg)--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From jeankonde@mixmail.com  Thu Apr 21 11:34:59 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09768
	for ; Thu, 21 Apr 2005 11:34:58 -0400 (EDT)
Received: from relay01.mixmail.com ([62.151.8.30] helo=relay.mixmail.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DOdtC-0002Tu-V2
	for eap-archive@ietf.org; Thu, 21 Apr 2005 11:46:51 -0400
Received: from [172.30.8.71] (helo=web01)
	by relay.mixmail.com with smtp id 1DOdfr-0008AK-00; Thu, 21 Apr 2005 17:33:03 +0200
Date: Thu, 21 Apr 2005 16:33:03 +0100
From: "Jean Konde " 
Reply-To: jeankonde@mixmail.com
To: "jeankonde@mixmail.com" 
Subject: Please help me before they kill me!
Xmailer: Mixmail Server 3.0
X-Priority: 3
MIME-Version: 1.0
Content-type: text/html;charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Message-Id: 
X-Spam-Score: 5.3 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: 79899194edc4f33a41f49410777972f8
Content-Transfer-Encoding: quoted-printable



From:Jean Konde
Ave, 22 Christiane Cresent,
deux plateaux Abidjan
C=F4te d'Ivoire.


I am Jean Konde from Republic of cote d'ivoire W.Africa, I am 23years of age, my father owned a lot of plantation farms here in C=F4te d'Ivoire, my father was poisoned by his business partners after they returned from their business trip to switzerland, my mother died several years ago during her cancer operation.


Before my father died in the hospital bed, he disclosed to me that he deposited
$9,000,000.00 Million US Dollars in a bank in C=F4te d'Ivoire, the money was meant for his investment in abroad. He single handed me over, all the deposit document
and instructed me to seek for a reliable investment partner abroad hence,this place is not safe for me to live because of the that killed him might equally kill me.


Please I want you to provide me the details of the account where the bank
can transfer this money so that I will submit them to the bank and introduce you to them so that they can transfer the money. After the transfer, you will deduct your percentage and invest the rest for me in your country while I will come there and continue my education. I am waiting to hear from you .


Thanks for your kind attention.


Best regards
Jean Konde





=BFPor qu=E9 son infieles? =BFExiste el pr=EDncipe azul? =BFC=F3mo adelgaza=
r en verano? Todas las respuestas y m=E1s, en astronoticias.


Ya.com ADSL + Llamadas 24 horas: desde 28,95 =80/mes + IVA. Navega y habla =
de forma ilimitada. Sin compromiso de permanencia. http://acceso.ya.com/ADSLllamadas/=






From eap-admin@frascone.com  Thu Apr 21 11:38:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09943
	for ; Thu, 21 Apr 2005 11:38:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 1A7F320527;
	Thu, 21 Apr 2005 11:38:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 757A42051C;
	Thu, 21 Apr 2005 11:38:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C08E22051C
	for ; Thu, 21 Apr 2005 11:37:53 -0400 (EDT)
Received: from gtfw2.enterasys.com (gtfw2.enterasys.com [12.25.1.128])
	by mail.frascone.com (Postfix) with ESMTP id 7AC6120516
	for ; Thu, 21 Apr 2005 11:37:50 -0400 (EDT)
Received: from NHROCAVG2.ets.enterasys.com ([134.141.79.124])
	by gtfw2.enterasys.com (0.25.1/8.12.6) with ESMTP id j3LFbmZC021637
	for ; Thu, 21 Apr 2005 11:37:49 -0400 (EDT)
Received: from psmtp.com ([134.141.79.124]) by 134.141.79.124 with InterScan Messaging Security Suite; Thu, 21 Apr 2005 11:37:49 -0400
Received: from source ([134.141.79.122]) by host ([134.141.79.124]) with SMTP;
	Thu, 21 Apr 2005 11:37:48 -0400
Received: from maandmbx2 ([134.141.93.31]) by NHROCCNC2.ets.enterasys.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Thu, 21 Apr 2005 11:37:32 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Message-ID: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322D6@MAANDMBX2.ets.enterasys.com>
Thread-Topic: [eap] RE: [Isms] RADIUS is not a trusted third party
Thread-Index: AcVGeu4LuIyGq08NS52QCNwpTEVr1wAC1QGw
From: "Nelson, David" 
To: , , 
X-OriginalArrivalTime: 21 Apr 2005 15:37:32.0116 (UTC) FILETIME=[0872B940:01C54688]
X-pstn-version: pmps:sps_win32_1_1_0c1 pase:2.8
X-pstn-levels:     (C:81.6251 M:98.8113 P:95.9108 R:95.9108 S:28.3843 )
X-pstn-settings: 4 (0.2500:0.7500) p:13 m:13 C:14 r:13
X-pstn-addresses: from  forward (org good) 
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 21 Apr 2005 11:37:31 -0400
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

Apler Yegin writes...

> I guess the AAA protocol that runs between the NAS and AAA server is a
> "wire" as you said, but the AAA server is the trusted third party.
Does
> this make sense?

I think there is a subtle difference between a "trusted third party" and
a RADIUS server which may have bi-lateral trust relationships with
various parties.  The RADIUS server will always have a trust
relationship with its enrolled Radius clients, via the shared secret.
Those clients may be NASes or they may be RADIUS proxy servers.  RADIUS
trust is always hop-by-hop.

Strictly speaking, the RADIUS server has a trust relationship with the
human user only when the native RADIUS password database is used as the
source of authentication credentials.  Most often, the RADIUS server
relies on some other authentication service (e.g. Active Directory,
LDAP, NIS, etc.).  One tends to think of this as a single entity, and
for certain purposes this is fine.  For other purposes, we need to
retain the distinction.

The host (e.g. via a machine certificate) may also have a trust
relationship, but once again this relationship is typically with an EAP
server "attached" to the Radius server, which may in turn rely on other
authentication services.

A more typical example of a "trusted third party" is a Kerberos KDC
which does in fact directly share credentials with all enrolled
principals (human users, hosts or applications).

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 21 14:32:15 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24825
	for ; Thu, 21 Apr 2005 14:32:14 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id AC9D12053F;
	Thu, 21 Apr 2005 14:32:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 0ACDC2053B;
	Thu, 21 Apr 2005 14:32:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 3D2A82053B
	for ; Thu, 21 Apr 2005 14:31:23 -0400 (EDT)
Received: from intolerance.mr.itd.umich.edu (intolerance.mr.itd.umich.edu [141.211.14.78])
	by mail.frascone.com (Postfix) with ESMTP id 67ED820538
	for ; Thu, 21 Apr 2005 14:31:20 -0400 (EDT)
Received: from [10.0.1.2] (pm454-05.dialip.mich.net [204.39.226.207])
	by intolerance.mr.itd.umich.edu (smtp) with ESMTP id j3LIVBoh018290;
	Thu, 21 Apr 2005 14:31:12 -0400
In-Reply-To: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322D6@MAANDMBX2.ets.enterasys.com>
References: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322D6@MAANDMBX2.ets.enterasys.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: 
Content-Transfer-Encoding: 7bit
Cc: , , ,
        John Vollbrecht 
From: John Vollbrecht 
Subject: Re: [eap] RE: [Isms] RADIUS is not a trusted third party
To: "Nelson, David" 
X-Mailer: Apple Mail (2.619.2)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 21 Apr 2005 14:31:31 -0400
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Nice explanation David.  I have clarifying question below -

On Apr 21, 2005, at 11:37 AM, Nelson, David wrote:

> Apler Yegin writes...
>
>> I guess the AAA protocol that runs between the NAS and AAA server is a
>> "wire" as you said, but the AAA server is the trusted third party.
> Does
>> this make sense?
>
> I think there is a subtle difference between a "trusted third party" 
> and
> a RADIUS server which may have bi-lateral trust relationships with
> various parties.  The RADIUS server will always have a trust
> relationship with its enrolled Radius clients, via the shared secret.
> Those clients may be NASes or they may be RADIUS proxy servers.  RADIUS
> trust is always hop-by-hop.
>
> Strictly speaking, the RADIUS server has a trust relationship with the
> human user only when the native RADIUS password database is used as the
> source of authentication credentials.  Most often, the RADIUS server
> relies on some other authentication service (e.g. Active Directory,
> LDAP, NIS, etc.).  One tends to think of this as a single entity, and
> for certain purposes this is fine.  For other purposes, we need to
> retain the distinction.
>
> The host (e.g. via a machine certificate) may also have a trust
> relationship, but once again this relationship is typically with an EAP
> server "attached" to the Radius server, which may in turn rely on other
> authentication services.
The question I am wondering about is whether the RADIUS server could be 
a  trusted third party if it is directly connected to the NAS.  In that 
case it has credentials with all parties.  However the credentials are 
of quite different form - I am wondering if the form of credentials or 
the relationship between the credentials makes a difference in whether 
it can act effectively as a trusted third party.  My first guess  is 
that it could (especially if RADIUS had stronger hashing) but I am not 
sure.
What is your thought?

> A more typical example of a "trusted third party" is a Kerberos KDC
> which does in fact directly share credentials with all enrolled
> principals (human users, hosts or applications).
>
> _______________________________________________
> eap mailing list
> eap@frascone.com
> http://mail.frascone.com/mailman/listinfo/eap
>
>

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From justustwqyucuseabrook@medsgc1.ssw.jnj.com  Thu Apr 21 16:58:11 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15285;
	Thu, 21 Apr 2005 16:58:11 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DOiw2-00052a-An; Thu, 21 Apr 2005 17:10:06 -0400
Received: from c-24-130-81-57.hsd1.ca.comcast.net ([24.130.81.57])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DOikT-0004hN-RT; Thu, 21 Apr 2005 16:58:10 -0400
Received:  from mail.wolfehollow.com (24.130.81.57)
	  by h002-gc.wolfehollow.com with Microsoft SMTPSVC(29.40.6073.4500);Thu, 21 Apr 2005 20:49:26 -0100
Message-ID: <97864.TOE@wolfehollow.com>
Reply-To: "graig palme" 
From: "graig palme" 
To: disman-admin@ietf.org
Cc: disman-request@ietf.org, dmin@ietf.org, dn@ietf.org, drafts@ietf.org,
        e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, edu-team@ietf.org,
        edu-team-web-archive@ietf.org, entmib@ietf.org, entmib-admin@ietf.org,
        entmib-request@ietf.org, enum@ietf.org, enum-admin@ietf.org
Subject: Homeówner? Poor Credit? NO Problem!  
Date: Fri, 22 Apr 2005 02:52:26 +0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--9886913_38511139.13r24"
X-Spam-Score: 4.1 (++++)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab

----9886913_38511139.13r24
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: text/html

Hello,


You have qualified for the lowest rate in years.

You could get over $400,000 for as little as $500 a month.

Low rates are fixed no matter what.


Please visit the link below to verify your information:

http://olivedrab.refi-extra.com/p3/jj.php?cyb=63


Best Regards,

graig palme, Account Manager

Reynolds Associates, LLC



--------------------

if you received this in error: re-m0-ve

----9886913_38511139.13r24--


From casa@doneasy.com  Thu Apr 21 19:09:39 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA29191;
	Thu, 21 Apr 2005 19:09:39 -0400 (EDT)
Received: from modemcable190.181-81-70.mc.videotron.ca ([70.81.181.190])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DOkzG-0008T3-CG; Thu, 21 Apr 2005 19:21:36 -0400
Authentication-Results: carryover.es
  from=premium.smattering.es; domainkeys=neutral (no sig)
X-Originating-IP: [240.8.200.180]
Received: from premium.function.es  (EHLO premium.debate.es) 
  by premium.regulate.es with SMTP; Fri, 22 Apr 2005 01:05:20 +0100
Date: Thu, 21 Apr 2005 23:03:20 -0100
From: "Renee Lundy" 
To: donny.gifford@ietf.org
Cc: dorthy.bruno@ietf.org, doyle.crouch@ietf.org, dp@ietf.org, drafts@ietf.org,
        drums-archive@ietf.org, dvsqhmanet@ietf.org,
        dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org,
        eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org,
        eccmtmagma-admin@ietf.org, ediint-archive@ietf.org
Subject: High rates? Not with us! low fixed rate
Message-ID: <119441.3148.casa@doneasy.com>
X-Mailer: Kana Connect 6
X-Spam-Score: 0.2 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.cra3y.com/sign.asp



 Best Regards,

 Diann Pritchett
 
 to be remov(ed:	http://www.cra3y.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From viscous@siemens.at  Thu Apr 21 19:28:50 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA01385
	for ; Thu, 21 Apr 2005 19:28:50 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DOlHq-0000iz-Jj
	for eap-archive@ietf.org; Thu, 21 Apr 2005 19:40:47 -0400
Received: from [200.61.189.21] (helo=customer189-21.iplannetworks.net)
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DOl6J-0001PA-1a
	for eap-archive@ietf.org; Thu, 21 Apr 2005 19:28:51 -0400
Received: from actuateAcaimansporty (34.63.F14.D2) by mail0E9.viscous@siemens.at (Bluewin AG B.F.A96)
        id 2205WBZSQU3520FKBBA for eap-archive@ietf.org; Thu, 21 Apr 2005 22:24:15 -0200
Message-ID: <790142B39F5DC79.6FEE8@viscous@siemens.at>
Reply-To: "Arnold clannish" 
From: "Arnold clannish" 
To: "Eap-archive" 
Subject: no lousy piece of paper on your wall stopping you from a good job?
Date: Fri, 22 Apr 2005 05:30:15 +0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--60BB4E8CD0D7E8AC21B"
X-Spam-Score: 22.6 (++++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25

----60BB4E8CD0D7E8AC21B
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Missing letters after your name holding you back from the better position?=
 We can help you with that...

http://bBb999.BiZ

to subtract your address from our databa#se look here : http://bbb999.biz/=
re

To live without loving is to not really live. - Moliere

----60BB4E8CD0D7E8AC21B--


From wkuueap-archive@ietf.org  Thu Apr 21 20:08:47 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA03844
	for ; Thu, 21 Apr 2005 20:08:47 -0400 (EDT)
Received: from cpe-69-203-200-215.nyc.res.rr.com ([69.203.200.215])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DOluU-0001cD-U9
	for eap-archive@ietf.org; Thu, 21 Apr 2005 20:20:44 -0400
Received: from 69.203.200.215
        (SquirrelMail authenticated user wkuueap-archive@ietf.org);
        by 132.151.6.1 with HTTP;
        Thu, 21 Apr 2005 17:08:44 -0800
Message-Id: <3dlgKbmSaGggN.squirrel@69.203.200.215>
Date: Thu, 21 Apr 2005 17:08:44 -0800
Subject: Solid Financing hassle f!ree
From: "Mason Danika" 
To: eap-archive@ietf.org
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7Bit
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Score: 2.2 (++)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Content-Transfer-Encoding: 7Bit

guess what!

Homeowner

You have been pre-approved for a $400,000 Home Loan at a 3.25% Fixed Rate.
This offer is being extended to you unconditionally and your credit is in no way a factor.

To take Advantage of this Limited Time opportunity

All we ask is that you visit our Website and complete
The 1 minute post Approval Form

http://simple-refinances.com/1/index/ryn/t9vHwuL4WB6SCr

Chow,

Mason Danika


From eap-admin@frascone.com  Thu Apr 21 23:00:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA13406
	for ; Thu, 21 Apr 2005 23:00:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B21F52039F;
	Thu, 21 Apr 2005 23:00:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C54BB2038B;
	Thu, 21 Apr 2005 23:00:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B5C2420383
	for ; Thu, 21 Apr 2005 22:59:51 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id CA0C420368
	for ; Thu, 21 Apr 2005 22:59:49 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DOoOS-0005x7-DZ; Thu, 21 Apr 2005 22:59:48 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3M2xkK29216;
	Thu, 21 Apr 2005 19:59:46 -0700
From: Bernard Aboba 
To: "Nelson, David" 
Cc: isms@ietf.org, eap@frascone.com, radiusext@ops.ietf.org
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322D6@MAANDMBX2.ets.enterasys.com>
Message-ID: 
References: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322D6@MAANDMBX2.ets.enterasys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 21 Apr 2005 19:59:46 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> I think there is a subtle difference between a "trusted third party" and
> a RADIUS server which may have bi-lateral trust relationships with
> various parties.

Yes.  Where RADIUS proxies are present there is no trust relationship
between the NAS and RADIUS server.  This is in contrast to Diameter, where
such a relationship can be established via re-direct.

The distinction is important in a number of cases.  In Kerberos, the KDC
is able to provide a ticket to any principal because it has a shared
secret that it shares with that principle.

Within RADIUS this is not possible.  A RADIUS server cannot
provide the user with a ticket to a NAS because it may not have a trust
relationship with that NAS.

Note that at one point, there was a proposal for integration of RADIUS
with Kerberos.  That proposal did in fact enable RADIUS to become a true
trusted third party.  The proposal seemed practical. However, the AAA WG
went with another proposal (Diameter CMS) which it turned out that noone
wanted to implement. Among other things, the proposal enabled a RADIUS
server to send a key to a NAS that could not be viewed by intervening
proxies.  In retrospect, the IETF may have missed an important
opportunity.

For a trip down memory lane, look here:
http://www.watersprings.org/pub/id/draft-kaushik-radius-sec-ext-06.txt

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 22 00:52:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA20132
	for ; Fri, 22 Apr 2005 00:52:07 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 82A23203A9;
	Fri, 22 Apr 2005 00:52:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 26CA820396;
	Fri, 22 Apr 2005 00:52:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B935B20396
	for ; Fri, 22 Apr 2005 00:51:34 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 908EB2038B
	for ; Fri, 22 Apr 2005 00:51:31 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DOq8Z-000Ih3-9P; Fri, 22 Apr 2005 00:51:31 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3M4pTp04568;
	Thu, 21 Apr 2005 21:51:29 -0700
From: Bernard Aboba 
To: "Blumenthal, Uri" 
Cc: "Nelson, David" , isms@ietf.org, eap@frascone.com,
        radiusext@ops.ietf.org
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <3DEC199BD7489643817ECA151F7C59290103F301@pysmsx401.amr.corp.intel.com>
Message-ID: 
References: <3DEC199BD7489643817ECA151F7C59290103F301@pysmsx401.amr.corp.intel.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 21 Apr 2005 21:51:29 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> Yet NAS takes "go/no-go" decision from RADIUS, and takes the keys to
> talk to the client... If this is not trust - what is it?

There is no IETF standard defining how keys are provided within
RADIUS for exactly that reason -- there is no trust relationship defined
when a proxy is present.  The "Housley Criteria" described in RFC 4017 do
not allow disclosure of keys to additional parties.

The problem does not exist in Diameter EAP, which enables keys to
be provided directly without access by proxies.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From thistle@bgnet.bg  Fri Apr 22 03:41:56 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA21967
	for ; Fri, 22 Apr 2005 03:41:56 -0400 (EDT)
Received: from 12-205-184-197.client.mchsi.com ([12.205.184.197])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DOsz5-0002xm-5i
	for eap-archive@ietf.org; Fri, 22 Apr 2005 03:53:56 -0400
Received: from chanceBducatblackstone (04.93.9DA.BC) by mailBE.thistle@bgnet.bg (Bluewin AG 7.E.82F)
        id 4BAEFO3ZBWQ6817BGQG28 for eap-archive@ietf.org; Sat, 01 Feb 2003 17:26:52 -0200
Message-ID: <4783893DB8B0B.75428@thistle@bgnet.bg>
Reply-To: "Boyle gagging" 
From: "Boyle gagging" 
To: "Eap-archive" 
Subject: graduation for sale
Date: Sat, 01 Feb 2003 13:20:52 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--278F8804BE59F6453377"
X-Spam-Score: 27.4 (+++++++++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25

----278F8804BE59F6453377
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable

Good News! Now it's possible to get a dddiploma in just a few days!

http://BBb999.biZ

to cancel yourself from our mailing look here : HTTP://Kathryn.bbB999.biz/=
re

Only strong characters can resist the temptation of superficial analysis. =
- Albert Einstein

----278F8804BE59F6453377--


From famousaarika_aud@soaporient.com  Fri Apr 22 08:22:59 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA12599;
	Fri, 22 Apr 2005 08:22:58 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DOxN6-00018S-AO; Fri, 22 Apr 2005 08:35:00 -0400
Received: from yahoobb219206228029.bbtec.net ([219.206.228.29])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DOxBM-00084s-5E; Fri, 22 Apr 2005 08:22:52 -0400
Received: from server5.limbach.net (219.206.228.29)
          by 219.206.228.29 (Sun Java System Messaging Server 2.9 HotFix 0.98) with SMTP
          id ; Fri, 22 Apr 2005 09:14:08 -0400
Reply-To: "hadleigh maycock" 
From: "hadleigh maycock" 
To: iptel-request@ietf.org
Cc: ran@ietf.org, eap-archive@ietf.org, maddogs@ietf.org, workshop@ietf.org,
        seamoby-admin@ietf.org, ipoverib-admin@ietf.org, dccp-request@ietf.org,
        manet@ietf.org, vrrp@ietf.org, subip-area@ietf.org, dinaras@ietf.org,
        urn-nid-admin@ietf.org, ieprep@ietf.org, gaco@ietf.org
Subject: Here is your new Password
Date: Fri, 22 Apr 2005 11:19:08 -0200
MIME-Version: 1.0
X-Scanned: Symantec Scan Engine v2.3
Content-Type: multipart/alternative;
	boundary="--138105_93117604.fO978"
Message-Id: 
X-Spam-Score: 3.6 (+++)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab

----138105_93117604.fO978
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit

Dear Homeowner,


You have been pre-approved for a $300,000 loan at a low fixed rate.

This offer is being extended to you unconditionally and your credit is in no way a factor.


To take advantage of this limited time opportunity, we ask you to visit our website and complete

the post approval form.


http://www.n1c3.com/mrg.asp


hadleigh maycock

Rikon Financial Group


huelshe caruk hinman diatom endpoint

not interested


----138105_93117604.fO978--


From nxxtb@dbzmail.com  Fri Apr 22 09:23:09 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17199;
	Fri, 22 Apr 2005 09:23:09 -0400 (EDT)
Received: from c-24-129-23-204.hsd1.fl.comcast.net ([24.129.23.204])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DOyJL-0002Xy-DQ; Fri, 22 Apr 2005 09:35:12 -0400
X-Message-Info: LsvBMX03LPUcbw884496RJLEFw+779833
Received: from vobmg06.s.nxxtb@dbzmail.com ([28.23.44.38]) by rzsm478-dcyns.24.129.23.204 with Microsoft SMTPSVC(5.0.2195.6824);
	 Fri, 22 Apr 2005 18:12:33 +0400
Received: from nxxtb@dbzmail.com (34.118.128.242)
  by z248.p.pnxxtb@dbzmail.com with QMQP; Fri, 22 Apr 2005 07:17:33 -0700
Message-Id: <3931v$52282eoqma@lowpm4498..nxxtb@dbzmail.com>
Date: Fri, 22 Apr 2005 07:12:33 -0700
Message-ID: <9216759456.0350518.qmail@..nxxtb@dbzmail.com>
From: "Darin " <-nxxtb@dbzmail.com>
Subject: database covers all countries in north and south america including canada.special price of $197.00 (Reg. $845.00).
To: dhcwg-web-archive@ietf.org, diffserv-interest-admin@ietf.org,
        disman@ietf.org, diffserv-interest@ietf.org, eap-archive@ietf.org,
        disman-admin@ietf.org, dhcwg-request@ietf.org,
        diffserv-interest-request@ietf.org, dinaras@ietf.org, dhcwg@ietf.org
MIME-Version: 1.0    .55566
Content-Type: multipart/alternative;
	boundary="--19088431185955551"
X-Mailer:    (383.02.64)
X-Spam-Score: 28.3 (++++++++++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: f60d0f7806b0c40781eee6b9cd0b2135

----19088431185955551
Content-Type: text/plain;
	charset="iso-2109-6"
Content-Transfer-Encoding: quoted-printable


The United States Health Care DATABASE

PROMOTION CODE !442.  THE MOST POPULAR PUBLICATION ON THE MARKET.

" The information contained in this product is nothing short of 
remarkable considering the cost."  Jefferey Sleeman,  
Chicago, IL.

The United States Healthcare Database is a comprehensive product 
that is offered exclusively on a limited-time basis.  This 
complete database includes all hospitals, nursing homes, HMOs 
and physicians in the country.

In a rapidly-changing industry, current healthcare information is 
an invaluable resource to businesses and organizations.  The 
United States Healthcare Database includes comprehensive 
information on more than 7,000 hospitals, 25,000 nursing homes 
and 400,000 doctors.  It is the most extensive and reliable 
database of key decision makers in the health care market. 

Imagine the increase in marketing and sales effectiveness made 
possible by targeting the key contacts by name. If reaching the 
right decision maker is critical to the success of your direct 
marketing campaigns, then this is the product.

The database is available in Excel format on CD Rom.  It is 
designed for mailing lists and merges.  The data can be selected 
by state or other criteria.  Best of all, it can be used on an 
unlimited basis.

During this promotional offer, the cost of this database 
is $197.00 (reg. $845.00). Promotion Code 1442.

To order The United States Health Care Database(c), please 
complete the information below and 

fax it to 905-751-0199 (Tel: 905-751-0919).



NAME:

TITLE:

ORGANIZATION:

ADDRESS:

CITY:

POSTAL:

TEL:

FAX:

E-MAIL:




----19088431185955551--


From vqzlp@mail2world.com  Fri Apr 22 10:30:45 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23354;
	Fri, 22 Apr 2005 10:30:44 -0400 (EDT)
Received: from adsl-218-139-154.jax.bellsouth.net ([68.218.139.154])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DOzMj-00047b-VI; Fri, 22 Apr 2005 10:42:49 -0400
Received: from chajaily.toadis.tortis ([230.252.242.198]) by gt1.optu.br
          (InterMail vG.4.00.05.48 208-2132-468-20040331) with ESMTP
          id <99541101151738.QLSU3331.gx2.fuse.net@optu.br>
          for ;
          Fri, 22 Apr 2005 11:28:07 -0400
Message-Id: 
Date: Fri, 22 Apr 2005 09:29:07 -0600
From: "Want 37,500 hits" 
To: pilc@ietf.org
Subject:  Website traffic solved for life -limited spots left,hurry-iv 5 bn
X-Mailer: InterMail vG.9.61.31.07
X-Spam-Score: 2.3 (++)
X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca

Hey I just found an super deal for you to put your
website promotion on autopilot, you won’t have to worry
about it ever again.

Here's all the details:
http://www.masswebsitehits.com

Every site needs a Massive Marketing Program in order to be a
success.  The most essential part of any campaign is traffic
and sales.  It’s easy to get exposure to hundreds of
thousands every month.

Imagine - your traffic and sales problem solved forever.
What will you do with all the extra time on your hands?

Spots in this program are limited, so hurry on over:
http://www.masswebsitehits.com



-------------------------------------------------------------




No more?:
http://www.masswebsitehits.com/opts.html


braggart gorge azerbaijan synchrony impromptu.
parlay cyrillic academic adventurous reciprocate.
tridiagonal acquisition billionth poisonous surround.

riverfront bethel convect convolute jovian.
capitulate storehouse absenteeism urgent koenig.
secure snail sommerfeld yang checkout.

adler attitude uniprocessor arcadia nevins.
stoic asocial join big burke.
tum rheology chanson crackpot missy.
everybody camelot rune persia dungeon.

etude tassel prostheses grope chrome.
minus vie elisabeth wattle humpty.
a grudge carbohydrate eigenvector omnibus.

kurt dewdrop fanout booky browne.
piccolo bartholomew synod pilfer prolix.
frambesia lorenz almighty mobile cahill.





From eap-admin@frascone.com  Fri Apr 22 10:36:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23889
	for ; Fri, 22 Apr 2005 10:36:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id CCC5720396;
	Fri, 22 Apr 2005 10:36:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id AD22C2027F;
	Fri, 22 Apr 2005 10:36:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 380D52027F
	for ; Fri, 22 Apr 2005 10:35:39 -0400 (EDT)
Received: from ctron-dnm.enterasys.com (ctron-dnm.enterasys.com [12.25.1.120])
	by mail.frascone.com (Postfix) with ESMTP id 4462520269
	for ; Fri, 22 Apr 2005 10:35:36 -0400 (EDT)
Received: (from uucp@localhost)
	by ctron-dnm.enterasys.com (8.8.7/8.8.7) id KAA17764
	for ; Fri, 22 Apr 2005 10:36:35 -0400 (EDT)
Received: from nhrocavg2(134.141.79.124) by ctron-dnm.enterasys.com via smap (4.1)
	id xma017151; Fri, 22 Apr 05 10:34:09 -0400
Received: from NHROCCNC2.ets.enterasys.com ([134.141.79.124]) by 134.141.79.124 with InterScan Messaging Security Suite; Fri, 22 Apr 2005 10:33:05 -0400
Received: from source ([134.141.79.122]) by host ([134.141.79.124]) with SMTP;
	Fri, 22 Apr 2005 10:33:05 -0400
Received: from maandmbx2 ([134.141.93.31]) by NHROCCNC2.ets.enterasys.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Fri, 22 Apr 2005 10:33:05 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Message-ID: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322DC@MAANDMBX2.ets.enterasys.com>
Thread-Topic: [eap] RE: [Isms] RADIUS is not a trusted third party
Thread-Index: AcVGoE72do1f9de2Q8WQrAZhTXLhGgApmOJg
From: "Nelson, David" 
To: "John Vollbrecht" 
Cc: , , 
X-OriginalArrivalTime: 22 Apr 2005 14:33:05.0342 (UTC) FILETIME=[321595E0:01C54748]
X-pstn-version: pmps:sps_win32_1_1_0c1 pase:2.8
X-pstn-levels:     (C:90.6772 M:94.5022 P:95.9108 R:95.9108 S:41.0858 )
X-pstn-settings: 4 (0.2500:0.2500) p:13 m:13 c:14 r:13
X-pstn-addresses: from  forward (org good) 
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 22 Apr 2005 10:33:02 -0400
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable


John Vollbrecht writes ... [mailto:jrv@umich.edu]
> The question I am wondering about is whether the RADIUS server could
be
> a trusted third party if it is directly connected to the NAS.  In that
> case it has credentials with all parties.  However the credentials are
> of quite different form - I am wondering if the form of credentials or
> the relationship between the credentials makes a difference in whether
> it can act effectively as a trusted third party.  My first guess  is
> that it could (especially if RADIUS had stronger hashing) but I am not
> sure.
> What is your thought?

I suspect there are cases in which a single (non-proxy) RADIUS server
could act as a trusted third party, but that would depend on the extent
to which the RADIUS server and the EAP server were considered a single
entity.  I think the issue is whether all parties can [directly]
validate the bindings of authenticated identity to keys. When one set of
bindings is created via the EAP session between the EAP peer and EAP
server and another set of bindings is created via the RADIUS
authentication and authorization exchanges between the RADIUS server and
the NAS, there is certainly the opportunity for the parties to have
disjoint sets of key bindings.

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 22 10:48:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA24657
	for ; Fri, 22 Apr 2005 10:48:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 8AF4E20443;
	Fri, 22 Apr 2005 10:48:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5CE8A20415;
	Fri, 22 Apr 2005 10:48:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5F13420415
	for ; Fri, 22 Apr 2005 10:47:47 -0400 (EDT)
Received: from smtp2.int-evry.fr (smtp2.int-evry.fr [157.159.10.45])
	by mail.frascone.com (Postfix) with ESMTP id 797AB203A5
	for ; Fri, 22 Apr 2005 10:47:44 -0400 (EDT)
Received: from ipv6-3.int-evry.fr (ipv6-3.int-evry.fr [157.159.100.76])
	by smtp2.int-evry.fr (Postfix) with ESMTP id 066168037;
	Fri, 22 Apr 2005 16:47:42 +0200 (CEST)
Received: from jb by ipv6-3.int-evry.fr with local (Exim 4.50)
	id 1DOzPh-0004ki-UA; Fri, 22 Apr 2005 16:45:49 +0200
From: Julien Bournelle 
To: Bernard Aboba 
Cc: "Nelson, David" , isms@ietf.org, eap@frascone.com,
        radiusext@ops.ietf.org
Subject: Re: [eap] RE: [Isms] RADIUS is not a trusted third party
Message-ID: <20050422144549.GD18053@ipv6-3.int-evry.fr>
References: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322D6@MAANDMBX2.ets.enterasys.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
User-Agent: Mutt/1.5.6+20040907i
X-INT-MailScanner-Information: Please contact the ISP for more information
X-INT-MailScanner: Found to be clean
X-MailScanner-From: jb@int-evry.fr
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 22 Apr 2005 16:45:49 +0200
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Hi,

On Thu, Apr 21, 2005 at 07:59:46PM -0700, Bernard Aboba wrote:
> > I think there is a subtle difference between a "trusted third party" and
> > a RADIUS server which may have bi-lateral trust relationships with
> > various parties.
> 
> Yes.  Where RADIUS proxies are present there is no trust relationship
> between the NAS and RADIUS server.  This is in contrast to Diameter, where
> such a relationship can be established via re-direct.

 I'm wondering if an operator will let its EAP authenticator directly
 contact EAP server from other operators using redirect functionality of
 Diameter. 
 
 regards,


> 
> The distinction is important in a number of cases.  In Kerberos, the KDC
> is able to provide a ticket to any principal because it has a shared
> secret that it shares with that principle.
> 
> Within RADIUS this is not possible.  A RADIUS server cannot
> provide the user with a ticket to a NAS because it may not have a trust
> relationship with that NAS.
> 
> Note that at one point, there was a proposal for integration of RADIUS
> with Kerberos.  That proposal did in fact enable RADIUS to become a true
> trusted third party.  The proposal seemed practical. However, the AAA WG
> went with another proposal (Diameter CMS) which it turned out that noone
> wanted to implement. Among other things, the proposal enabled a RADIUS
> server to send a key to a NAS that could not be viewed by intervening
> proxies.  In retrospect, the IETF may have missed an important
> opportunity.
> 
> For a trip down memory lane, look here:
> http://www.watersprings.org/pub/id/draft-kaushik-radius-sec-ext-06.txt
> 
> _______________________________________________
> eap mailing list
> eap@frascone.com
> http://mail.frascone.com/mailman/listinfo/eap

-- 
julien.bournelle at int-evry.fr
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 22 10:54:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25197
	for ; Fri, 22 Apr 2005 10:54:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A80D520443;
	Fri, 22 Apr 2005 10:54:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id D8A1F20415;
	Fri, 22 Apr 2005 10:54:05 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 3941820418
	for ; Fri, 22 Apr 2005 10:53:04 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 76668203A3
	for ; Fri, 22 Apr 2005 10:53:01 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DOzWe-0004Ak-E7; Fri, 22 Apr 2005 10:53:00 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3MEqwW09718;
	Fri, 22 Apr 2005 07:52:58 -0700
From: Bernard Aboba 
To: Thierry Moreau 
Cc: "Blumenthal, Uri" , isms@ietf.org,
        eap@frascone.com, radiusext@ops.ietf.org
Subject: Re: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <4268EB2B.7050808@connotech.com>
Message-ID: 
References: <3DEC199BD7489643817ECA151F7C59290103F301@pysmsx401.amr.corp.intel.com>
  <4268EB2B.7050808@connotech.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 22 Apr 2005 07:52:58 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> Is it concievable to design end-to-end security (i.e. from NAS to RADIUS
> server through any intermediate RADIUS proxies) with an
> implementation-specific attribute to the RADIUS Access-Accept packet?

Diameter CMS enabled the creation of attributes that could be sent between
the RADIUS server and NAS without being revealed to an intermediate proxy.
Therefore it could be said that it enabled "end-to-end" trust, something
that was already possible within Diameter in other ways (re-direct).
Since re-direct needed to be supported anyway and also solved the
problem, that was the direction that was taken once it became clear
that there was not enough interest in Diameter CMS to continue the
work.

Note that Re-direct-based trust is built on the following elements:

    1. Support for DNS discovery of RADIUS servers within a domain.
       This allows the RADIUS client to discover which RADIUS server
       it needs to talk to.

    2. Support for certificate-based authentication.  For inter-domain
       purposes, this is handled via TLS within Diameter.  This
       allows a Diameter client to contact an arbitrary Diameter server
       and mutually authenticate to it, provided that the certificate
       chain can be validated.  With TLS it is possible to create
       application-specific trust chains, something that is much more
       difficult within IKE, so that the trust anchor for Diameter
       (e.g. certificates signed by a roaming consortium CA) need
       not be the same as for other applications (e.g. Verisign
       certificate for a Web server).

It is conceivable to add support for both of these elements to RADIUS, but
of these, element #2 is more difficult. RADIUS over IPsec is defined in
RFC 3579, but it is not deployed for inter-domain usage. To address the
limitations, RADIUS over TLS (RADSEC) has now been defined and is shipping.
My understanding is that it is being considered for deployment within large
inter-continental roaming networks (e.g. TERENA).  More info on RADSEC is
available here:

http://www.terena.nl/mail-archives/mobility/msg01225.html
http://www.open.com.au/radiator/radsec-whitepaper.pdf

> This requires a pre-shared secret key between the RADIUS server (or more
> precisely an implementation-specific server co-located with the RADIUS
> server) and the application-specific component co-located with the
> RADIUS NAS.

Are you proposing creating a new RADIUS security model that would only be
used by ISMS?  That seems like a lot of work for little overall benefit
to the RADIUS community.

> The security implication of RADIUS proxies has been noticed in isms
> mailing list early on. Perhaps it has been overlooked at some point in
> the discussion.

Rather than designing a new version of RADIUS to meet its needs, it seems
more profitable for ISMS to either figure out how to use the protocol as
it exists today, or to summarize its requirements for new work and ask
that it be chartered outside of ISMS.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 22 11:26:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27491
	for ; Fri, 22 Apr 2005 11:26:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C633D2045E;
	Fri, 22 Apr 2005 11:26:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 7ED0820448;
	Fri, 22 Apr 2005 11:26:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 35F2320450
	for ; Fri, 22 Apr 2005 11:25:09 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 3C44720448
	for ; Fri, 22 Apr 2005 11:25:07 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DP01j-0009Pa-0k; Fri, 22 Apr 2005 11:25:07 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3MFP5L11675;
	Fri, 22 Apr 2005 08:25:05 -0700
From: Bernard Aboba 
To: Julien Bournelle 
Cc: "Nelson, David" , isms@ietf.org, eap@frascone.com,
        radiusext@ops.ietf.org
Subject: Re: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <20050422144549.GD18053@ipv6-3.int-evry.fr>
Message-ID: 
References: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322D6@MAANDMBX2.ets.enterasys.com>
  <20050422144549.GD18053@ipv6-3.int-evry.fr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 22 Apr 2005 08:25:05 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

>  I'm wondering if an operator will let its EAP authenticator directly
>  contact EAP server from other operators using redirect functionality of
>  Diameter.

As I understand it, proxy bypass is being considered by TERENA primarily
to eliminate excessive latency in trans-continental roaming.  More info on
the "trust fabric" of EduRoam NG is available here:

http://www.terena.nl/tech/task-forces/tf-mobility/
http://www.eduroam.org/docs/eduroam-article.pdf
http://www.eduroam.org/wiki/NextGeneration?v=ina
http://www.lab.telin.nl/~arjan/pub/tnc05-ea-eertink.pdf
http://www.es.net/raf/ESnet-RAF-WP.html
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From ujymlse@mailpanda.com  Fri Apr 22 11:37:28 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA28239;
	Fri, 22 Apr 2005 11:37:27 -0400 (EDT)
Received: from vchatillon-2-82-228-213-182.fbx.proxad.net ([82.228.213.182])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DP0PL-0005iR-8F; Fri, 22 Apr 2005 11:49:33 -0400
Received: from canfield.wi1.bucksch.org (pD725D2D1.dip.t-dialin.net [14.156.118.0])
	by plucky.beonex.com with ESMTP id 288B9C0353B
	for ; Fri, 22 Apr 2005 12:29:17 -0400
Message-Id: <9325541508.2359687@atheism.function.uri.edu>
Date: Fri, 22 Apr 2005 12:37:17 -0400
From: "SOFTWARE NEWSLETTER" 
To: eap-archive@ietf.org, iesg-secretary@ietf.org, trigtran@ietf.org
Subject:  Microsoft- Adobe software and plugins. Cheapest prices - Eap-archive lykb
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f4c2cf0bccc868e4cc88dace71fb3f44

Hey,

we have just launched our annual clearance sale for computer software.
http://euphrates.seggaramblk.com/?n6VsVEnoYrug9TTmortem

our prices are incredibly lower, 
about 200 to 400 percent off on retail prices

please take a look at some of our software titles

available and ready to ship to your doorstep, 
we also offer you Easy Downloadable delivery Spftware

windows xp professional 2002, 50 dollars
adobe photoshop 7.0, 60 dollars
microsoft office XP Professional 2002, 60 dollars
corel draw graphics suite 11, 60 dollars


http://euphrates.seggaramblk.com/?n6VsVEnoYrug9TTmortem

looking forward to hear from you
sincerely
Delmar Paulson


















Thanks but no thanks:
http://crag.dlsingledb.com/papyrus?1P3Vz9y26BEf011

--------------------------
effectuate septuagenarian boo breeze effete barter flit blackburn friable point morphine countryman transpacific spew aylesbury marrow nanking profundity defeat frame crossword planet alphameric approbation pitt animadvert bankruptcy bosch dielectric vend del 
maladjust mendel commingle relieve triangular piecemeal tung chattel blip acquire partake rubicund sophie teheran costello veridic 

illustrate audition velar bereave tucson growl squishy brokerage pearlite remainder prototype cavernous bronchiolar triplett metropolitan diagnosable hotrod pacific tamp schlitz jaime clammy mat abutting sigmund davies oust daytime axiom oceania illogic cardiff lee against housework anarchic buttock arrow populate nasty auctioneer counteract cheyenne maldive domesticate imperceptible han jiggle 

dogtrot multi
 seq resorcinol clot bodied cannel 
dosimeter kenyon haste nagy matinal metamorphosis team cavemen e.g bryn clank abo badminton automata wolcott seaport industry fiddlestick grecian 
hellgrammite lackadaisic reykjavik wilfred angelo saucepan manometer misogynist applicant inspector ethan quahog brisbane conspire coronary
bakhtiari aquarius afghanistan eugenia carport bourbon basidiomycetes cauldron tub shipbuild excelling abrasive archery bona hardtack row impudent blastula allah adjacent roundtable prince thick decommission jonquil propitious royalty boggy wile columbia dielectric cull germany pyrophosphate demolition nereid melville firecracker mezzanine 
corrugate bittersweet crosswalk fission arcsine goggle drib fishy crust helmut goldenrod biharmonic bilinear atrophic midweek capstan abram baronial suggestive tag righteous sovkhoz compulsive parisian punic procreate centrifugal celebes bob tomatoes blissful circe impelling highland ring whee arousal seedling canyon seductive arab combustion smuggle talismanic spay tactic honeybee tornado obsolescent showpiece 
mollycoddle winy ltv detector desegregate claim spirit toroid crumple davidson eocene you'll linotype dinah batch countrify hinduism bottommost consternate bertie knifelike allele gamesman decant credulous lysergic lawrencium trichloroacetic pedal acclimate regimentation chevron 


From fsantos@yebox.com  Fri Apr 22 21:14:54 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA21266;
	Fri, 22 Apr 2005 21:14:54 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DP9QG-0006bD-2e; Fri, 22 Apr 2005 21:27:04 -0400
Received: from co647183-a.almel1.ov.home.nl ([82.72.176.53])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DP9ER-00059r-4R; Fri, 22 Apr 2005 21:14:53 -0400
Received: from patient-jcoppens.com (EHLO confidant.jcoppens.com) 
  by hoof.jcoppens.com with SMTP; Fri, 22 Apr 2005 22:05:03 -0400
Date: Sat, 23 Apr 2005 03:14:03 +0100
From: "Marian Brantley" 
To: dp@ietf.org
Cc: drafts@ietf.org, drums-archive@ietf.org, dvsqhmanet@ietf.org,
        dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org,
        eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org,
        eccmtmagma-admin@ietf.org, ediint-archive@ietf.org
Subject: Lowest rate approval
Message-ID: 
X-SpamTest-Info: Profile: SysLog
X-SpamTest-Status: Not detected
X-SpamTest-Version: SMTP-Filter Version 2.0.0 [787], SpamtestISP/Release
X-Mailer: MIME-tools 5.41 (Entity 5.404)
X-Spam-Score: 5.8 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.n1c3.com/sign.asp



 Best Regards,

 Mary Goldsmith
 
 to be remov(ed:	http://www.n1c3.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From Leste@jspv.com  Fri Apr 22 21:57:08 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA23559
	for ; Fri, 22 Apr 2005 21:57:08 -0400 (EDT)
Message-Id: <200504230157.VAA23559@ietf.org>
Received: from 61-229-169-118.dynamic.hinet.net ([61.229.169.118] helo=jspv.com)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPA58-0007Xr-2e
	for eap-archive@ietf.org; Fri, 22 Apr 2005 22:09:18 -0400
From: "Lester Avery" 
To: "Jochem Cockrell" 
Subject: Re: WALIUM C1ALlS VVlAGRA
Date: Fri, 22 Apr 2005 21:56:59 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0008_01C545A2.4269B97B"
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 3.9 (+++)
X-Scan-Signature: 2beba50d0fcdeee5f091c59f204d4365

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C545A2.4269B97B
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello, 


Barbados and ourselves as possible.  But now, almost out of sight
There was never, never anybody but you, Peter.
followers were being driven back aboard their own ship for the

He turned now upon the slave a countenance that was inflamed by h
trial so summary as to be no trial at all.  They required human
quarter of an hour.  M. de Cussy, in fact, deserves your sympathy
little rebel, till I've done with these rogues.
dislike my conduct we can dissolve the association.

jeopardy, and all for what?
explanation.  D'Ogeron is avaricious for himself and for his chil

Captain Blood took the pipe-stem from between his lips.


Have a nice day.
------=_NextPart_000_0008_01C545A2.4269B97B
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable









 


      

  
  

    Hello, =
WWould you like to spend less on your MEDlCATl0NS?

  

    

        
        

          V
          
          gr
          

        

          ia
          a as low as $200.00=20
            (120 piIIs)

      

        
        

          Ci
          
          li
          

        

          a
          s as low as $180.00=20
            (80 piIIs)

      

        
        

          Va
          
          iu
          

        

          l
          m as low as $250.00=20
            (220 piIIs)

      

        
        

          Le
          
          t
          

        

          vi
          ra as low as $300.00=20
            (50 piIIs)

      

        
        

          X
          
          a
          

        

          an
          x as low as $270.00=20
            (200 piIIs) and many =
other

      
 

      
Have a nice day.

      
P.S. 
	 You wwill be pleasantly surprised with our prices! =
	


------=_NextPart_000_0008_01C545A2.4269B97B--



From cgi-mailer-bounces-109341875@kundenserver.de  Fri Apr 22 23:26:30 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA00395
	for ; Fri, 22 Apr 2005 23:26:30 -0400 (EDT)
Received: from blitz-krieg.de ([212.227.22.193])
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DPBTd-0000y9-AM
	for eap-archive@ietf.org; Fri, 22 Apr 2005 23:38:41 -0400
Received: from [127.0.0.1] (helo=infongd5452)
	by blitz-krieg.de with smtp (Exim 3.35 #1)
	id 1DPBA4-0005FR-00; Sat, 23 Apr 2005 05:18:28 +0200
Received: from user (see sender-info)
	by infongd5452.rtr.kundenserver.de with local; Sat, 23 Apr 2005 05:18:28 +0200
X-Sender-Info: 109341875@infongd5452
Date: Sat, 23 Apr 2005 05:18:28 +0200
Precedence: bulk
Subject: IN GOOD FAITH
From: Michael Ramsey 
X-Priority: 3 (Normal)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: RLSP Mailer
Message-Id: 
X-Spam-Score: 6.5 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Content-Transfer-Encoding: 7bit


Dear Friend,

Good day to you. I may have to trouble your sense of personal achievement and reward for an opportunity properly taken advantage of.

I am Mr. Michael Ramsey, a representative and attorney to Kenneth Lay, the former chairman & CEO, Enron Corp. Industry: Energy &Natural Resources Home, presently in jail and facing trial on charges of corruption and embezzlement of funds while in Power. He deposited ($21,000,000.00) with me when he was in power as the chairman. 

I am contacting you because I want you to deal with the Finance house and claim the money on my behalf since I have declared that the Funds belong to my foreign business partner. You shall also be required to assist me in investment in your country. I hope to trust you as a God fearing person who will not sit on this money when you claim it, rather assist me properly, share in this percentage, 60% to me and 40% to you. When I receive your positive response I will give you viable information relating to this project i.e. the Finance institution where the money was deposited and the required documentation that will enable you lay claims to the funds, which is very important. What I need is for you to indicate your interest that you will assist us by receiving the money on my behalf in Europe. For this, you shall be considered to be the beneficiary to the funds. The project in brief, is that the funds with which we intend to carry out our proposed investments in your country, is presently in the custody of a bank in Europe. I do not want the government of my Country to know about the money because they will believe I got the money from the sales of Enron stock when he was the Chairman & C.E.O.of Enron 

Once I have your details in full, the finance institution will contact you for Release of the funds to your account. As soon as payment is effected, and the amount mentioned above is successfully transferred into your account, I intend to use my own share in acquiring some estates abroad. For this too you shall also be the overseas manager of all our properties and you will be paid based on a certain percentage agreed on by both parties. I guarantee you that this will be executed under a legitimate arrangement that will protect you from any breach of the law. Please get in touch with me urgently by E-mail:mr2000@faithmail.com. I am presently in LONDON. 

Please, provide me the following:
1. Full Name
2. Your Telephone Number and Fax Number
3. Your Contact Address.
 
Best Regards. 

Michael Ramsey.



___________________________________________________________________________
Mail sent from WebMail service at PHP-Nuke Powered Site
- http://www.keinVW.de



From cquhq@linuxmail.org  Sat Apr 23 04:12:22 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA06324;
	Sat, 23 Apr 2005 04:12:21 -0400 (EDT)
Received: from user-0vvda8d.cable.mindspring.com ([63.246.169.13])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPFwJ-0006pt-2k; Sat, 23 Apr 2005 04:24:35 -0400
Received: from assert-out0.flje.net ([214.0.208.160] helo=smtp6.flje.net)
	by antebellum.cranelike.cl with esmtp (Exim 4.30 #1 (Mandrake))
	id 5COdx9-8875lR-Q6 for ; Sat, 23 Apr 2005 04:06:51 -0500
Message-Id: 
Date: Sat, 23 Apr 2005 02:12:51 -0700
From: "BEST PRICES--ORIGINAL SOFTWARE" 
To: entmib@ietf.org
Subject:  Dis.counted Autodesk, Corel, XP, Adobe,  software for sale - nz 336 dhc
X-BeenThere: cquhq@linuxmail.org
X-Spam-Score: 3.7 (+++)
X-Scan-Signature: f4c2cf0bccc868e4cc88dace71fb3f44

Hey,

we have just launched our annual clearance sale for computer software.
http://kidnapped.anointefbha.com/?cXehKZcJNMjBuccanyone

our prices are incredibly lower, 
about 200 to 400 percent off on retail prices

please take a look at some of our software titles

available and ready to ship to your doorstep, 
we also offer you Easy Downloadable delivery Spftware

windows xp professional 2002, 50 dollars
adobe photoshop 7.0, 60 dollars
microsoft office XP Professional 2002, 60 dollars
corel draw graphics suite 11, 60 dollars


http://kidnapped.anointefbha.com/?cXehKZcJNMjBuccanyone

looking forward to hear from you
sincerely
Jan Abraham


















Thanks but no thanks:
http://arctic.cjstrownmg.com/elsevier?m8oKU.nTXqZAlmS

--------------------------
endomorphism sclerosis stairway embower denmark durango triplett clan compilation substitute colicky primordial bonaparte quasiorder illimitable armstrong danny capital knapp fret brainwash dicotyledon lac fiddle flinch accompany deuterate detector dame wrinkle oxygenate 
memory mockery ensemble amman archae itch cocky pm collier limit befall ankle amtrak collude abreast barton 

compulsion trapezoidal wholesome iberia greenfield hyacinth dakar oracular secrete dramatist werther cryptology cripple nair wavy averse boxwood cornmeal bangui indecision chrysolite ahmedabad conference bear consternate annapolis beer metamorphose fist bulblet text gorilla perpetuity plug batavia eastbound ahead puke irreplaceable country bryophyte cambrian hotbox anastasia someone'll botany blast exclude 

conifer banshee
 d blvd ancestor pluggable just 
feature humble conservatory lord mayor desultory beijing precursor apathy coliform betroth coop bernoulli marathon springy improbable noreen mutilate holcomb 
dinah misnomer quadrilateral rayleigh disposable loathe divorce bayonne twitch fujitsu instinctual billfold moorish cytology showpiece
topology kaiser hydrolysis accident divorcee liturgic inattentive splotch renault bloodbath bulky chicken leatherwork dinnerware beetle barrette vouchsafe servile wiremen tetrafluoride mousy personnel liken betide wiseacre respectful aquatic source hologram regulate hornet poseur scutum broomcorn upset ellison alpha dragoon ingot 
skat arena blush augustan colette editorial artery cranium bashaw eddy dairy crummy cavort toothbrush thrall creamy brainchildren kit communique atlantica crotch regression sidereal indeterminable antioch trimester towhee numb heron curriculum den breadroot cusp mailman lent portulaca kahn cocaine powder jitterbugging hatchet cerulean lancashire obtrusive denominate anyway lingo wreak liberal bugle 
practice tariff danbury theory regretting cogitate cloakroom rebellion pier newsstand centrifuge pate worldwide capacitive arid laughingstock beatitude zounds bullfrog cannister buffoon switchman associable gabardine off anisotropy dependent like drink bergman american dutchess 


From kerk-dur@cleverconcepts.net  Sat Apr 23 06:47:38 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA15073;
	Sat, 23 Apr 2005 06:47:37 -0400 (EDT)
Message-Id: <200504231047.GAA15073@ietf.org>
Received: from [222.99.153.119] (helo=132.151.6.1)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPIMW-0001SN-WE; Sat, 23 Apr 2005 06:59:53 -0400
Received: from mail.storing.com (222.99.153.119)
          by 222.99.153.119 (matteauv.9) with SMTP
          id <5620314t07r>
          (Authid: 659928); Sat, 23 Apr 2005 05:39:21 -0600
Reply-To: "pincas andric" 
From: "pincas andric" 
To: disman@ietf.org
Cc: disman-admin@ietf.org, disman-request@ietf.org, dmin@ietf.org, dn@ietf.org,
        drafts@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org,
        edu-team@ietf.org, edu-team-web-archive@ietf.org, entmib@ietf.org,
        entmib-admin@ietf.org, entmib-request@ietf.org
Subject: I Have Great News. You're Approved
Date: Sat, 23 Apr 2005 05:45:21 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--87638_082339.qK95"
X-Spam-Score: 6.1 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: 93238566e09e6e262849b4f805833007

----87638_082339.qK95
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit

Dear Homeowner,


You have been pre-approved for $370,000 with a low fixed rate.


This offer is being extended to you unconditionally and your credit is in no way a factor.


Take Advantage of this Limited Time opportunity.  Just answer only a few questions at 

our site and we can give you an approval in under 30 seconds - it’s that simple!


http://brown.refi-market.com/p3/li.php?n5n=63


Regards,


pincas andric


-------------

r-m-v yourself - here

----87638_082339.qK95--


From MDIDBVTVROTUY@industrialac.com  Sat Apr 23 08:31:20 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA23596;
	Sat, 23 Apr 2005 08:31:19 -0400 (EDT)
Received: from cmtspoola-27.monroeaccess.net ([72.14.66.27])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPJyD-0003WQ-00; Sat, 23 Apr 2005 08:42:49 -0400
Received: from 93.128.216.38 by 72.14.66.27; Sat, 23 Apr 2005 14:27:47 +0100
Message-ID: 
From: "Grady Levine" 
Reply-To: "Grady Levine" 
To: 2003-5-30152148.i-d@ietf.org, l2vpn@ietf.org, yodhcwg-request@ietf.org,
        19990611065208.i-d@ietf.org, eap-archive@ietf.org
Subject: rExttender is here! Dont waise your time hydrothermal
Date: Sat, 23 Apr 2005 08:21:47 -0500
X-Mailer: AOL 1.0 for Windows US sub 113
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--vpbumvtwr384110854ozqtq"
X-Priority: 3
X-MSMail-Priority: Normal
X-IP: 25.254.248.63
X-Spam-Score: 5.6 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464

----vpbumvtwr384110854ozqtq
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit

exxtand your tool now!
what hasn't been already said,
safe, simple and effective : 10 minutes and you've got yourself an enormous tool, 
and be sure reasults are permenent and no surgary is needed.
you'll get tired of banggin', for sure :)
come try now!

The new, bast Exttender :
http://altar.klih.com/pe/erika/indignation.htm  


so while europe was off chasing utopia canada became sort of an americanized europe or european america for the canadians who felt very strongly about asserting their differences from america we see.
i recently received sunday noon by deneille spohn moes -a signed numbered seriliothograph do you have any idea what is would be worth???
- sergio luiz zacarias serginho - o ginho dentista jornalista odontologia muitas fotos e detalhes curitiba parana brasil.
there can be no other truth to take o ff from than this i think therefore i exist there we have the absolute truth of consciousness becoming aware of itself.
- site sobre a primeira e segunda temporada do anime jogos on-line filme digimon jogos do playstation gifs animados downloads nbsp.
thank you alex for your words your work is very beautiful salute to a long and prosperous art career! the very best wishes branko reic.
forgive me if i just can t bring myself to give even one half of rat s ass if the only suggestion i hear for the future is a bitch about the past.
it was a good story --- a little romance a little mystery and the outer banks of north carolina i liked it!
dear alex! you my favorit painter i very love you and your art i will come to israel next year and i d like to meet you very mach see you soon christina.
she writes the amanda cross mysteries this is about life after sixty and contains more wisdom that i have found in one book.
i lay it down as a fact that if all men knew what others say of them there would not be four friends in the world.
subject re techs for spring summer autumn winter dargaon summer wizard.
i absolutley adore your artwork the colours and detail are amazing your work has inspired me to focus on masks for my gcse exam again absolutley amazing.


----vpbumvtwr384110854ozqtq--



From Cos3772@jobclips.com  Sat Apr 23 18:19:41 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA29938
	for ; Sat, 23 Apr 2005 18:19:38 -0400 (EDT)
Message-Id: <200504232219.SAA29938@ietf.org>
Received: from amarseille-251-1-16-44.w83-113.abo.wanadoo.fr ([83.113.137.44] helo=jobclips.com)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPTAN-0002nt-7K
	for eap-archive@ietf.org; Sat, 23 Apr 2005 18:32:00 -0400
From: "Cosmina Burkhart" 
To: "Ziv Blum" 
Subject: Re: VALLlUM CIALlS V'lAGRA
Date: Sat, 23 Apr 2005 18:19:27 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0008_01C545A2.426AD7FF"
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 2.1 (++)
X-Scan-Signature: 2beba50d0fcdeee5f091c59f204d4365

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C545A2.426AD7FF
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello, 

Your lordship, I think, promised me immunity from this.
had been unheard.
this ship.  More than that, she is none so well found in water an
last of the daylight was fading from the sky, Jeremy Pitt came fo
hostility.
Damme if ever I met a man I liked better, or even a man I liked
be divided among our crews.  So that you do that, it is conceivab
His lordship's pale eyes opened a little wider.  Languidly he rai
lately as yesterday would have turned pale under his frown, faces

or of Satan.
eyes that regarded him out of a tawny, sardonic face set in a
And at last one of the Spanish officers ventured an explanation:

of my own.  You'll be wishing me to land you at Port Royal.


Have a nice day.
------=_NextPart_000_0008_01C545A2.426AD7FF
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable









 


      

  
  

    Hello, =
Would you like  to spend less on your MEDlCATl0NS?

  

    

        
        

          V
          
          gr
          

        

          ia
          a as low as $200.00=20
            (120 piIIs)

      

        
        

          Ci
          
          li
          

        

          a
          s as low as $180.00=20
            (80 piIIs)

      

        
        

          Va
          
          iu
          

        

          l
          m as low as $250.00=20
            (220 piIIs)

      

        
        

          Le
          
          t
          

        

          vi
          ra as low as $300.00=20
            (50 piIIs)

      

        
        

          X
          
          a
          

        

          an
          x as low as $270.00=20
            (200 piIIs) and many =
other

      
 

      
Have a nice day.

      
P.S. 
	 You will be pleasantly surprised with ouur prices! =
	


------=_NextPart_000_0008_01C545A2.426AD7FF--



From EKXGT@sra.co.jp  Sat Apr 23 19:13:37 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA02752
	for ; Sat, 23 Apr 2005 19:13:36 -0400 (EDT)
Message-Id: <200504232313.TAA02752@ietf.org>
Received: from [210.187.94.17] (helo=132.151.6.1)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPU0b-0004Md-2y
	for eap-archive@ietf.org; Sat, 23 Apr 2005 19:25:59 -0400
Received: from 214.164.240.24 by ip-DE-F8-B-0B5.jh.EKXGT@sra.co.jp (AppleMailServer 7C.7.0.8) id 96E70AC95 via NDR; Sat, 23 Apr 2005 19:06:44 -0500
Reply-To: "Marsha C Gonzalez" 
From: "Marsha C Gonzalez" 
To: "Eap-archive" 
Subject: get more out of life
Date: Sat, 23 Apr 2005 21:10:44 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--CF9AEB85587BB013494"
X-Spam-Score: 20.2 (++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f

----CF9AEB85587BB013494
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable

That little piece of paper in a frame hanging on the wall showing that you=
 have a proper education is so important these days if you plan on getting=
 decent work. Now you can get a real one in just a few days and there is n=
o need to even read a book!

HTTP://Carol.BBB999.biz

kill the ssp*m by going here : http://BBB999.biz/re

Life can only be understood backwards, but it must be lived forwards. - So=
ren Kierkegaard=20

----CF9AEB85587BB013494--


From DIAYCNM@excite.com  Sat Apr 23 23:08:14 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA17173
	for ; Sat, 23 Apr 2005 23:08:13 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DPXfc-000306-M6
	for eap-archive@ietf.org; Sat, 23 Apr 2005 23:20:33 -0400
Received: from [201.135.81.207] (helo=dsl-201-135-81-207.prod-infinitum.com.mx)
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DPXTE-0001FT-GU; Sat, 23 Apr 2005 23:07:44 -0400
X-Message-Info: FQUQuY254acdGKUfhFuh515qe622CP3DJVyxwSXy
Received: from w3.mindspring.com (7.96.176.129) by xhd924-y.mindspring.com with Microsoft SMTPSVC(5.0.2195.6824);
	 Sun, 24 Apr 2005 07:03:06 +0300
Received: from ruinousjbl061 (alhambra84.88.52.138)
          by mindspring.com (pzvw7) with SMTP
          id <512529173094128xdy947j>
          (Authid: JorgeTalbot);
          Sat, 23 Apr 2005 22:06:06 -0600
From: "Quincy Daniels" 
To: "'Yodhcwg-request'" 
Subject: Acquire any drag you need: viaggra, propesia and more terror
Date: Sun, 24 Apr 2005 07:03:06 +0300
Message-ID: <277hgc6mw00$031h29j86$14k38v@smalltimeforeignwo522562>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--hbqod0547772tvdpjqijd"
X-Spam-Score: 17.7 (+++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4

----hbqod0547772tvdpjqijd
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit

neew and improoved drags on our website!
try us, you wont be dissappointed...
for sure :)

our main page:
http://leaflet.c5t.net/ph/erika/breast.htm

and also directly:

loosing hair? stop it now! look good again with Proppesia, recomended! :
http://leaflet.c5t.net/ph/erika/12/feature.htm

bed problems? solve it now! you wont stop scrrewing with viaggra, enjoy!:
http://leaflet.c5t.net/ph/erika/20/mercurial.htm


also:
men's haelth
mucsle relexers
pajn reliev

so the dealer managed to fix most of the problems i took it in for today however they somehow managed to screw up the suspension.
when the ig is aiming up the gun looks much shorter than when he s standing straight with the gun extented.
my all time favorite series is the jan karon mitford series the characters have just become like family! i hate waiting so long for the next last book to come out though.
hey guys i don t think i ll be able to attend the southern volks fest with all of you at least not in my car i have some very unfortunate news to post as well so here it goes.
the first thing i did wen i came back to holland was sleeping after that i went to the travel agancy to book a new trip to tenerife that s how much i enjoyed it.
i get really bad blackheads too and it s not because i eat meat or have a hormonal imbalance or whatever!
take a large bowl check the cuervo again to be sure it is of the highest quality pour one level cup and drink.
i was completely absorbed in your story about your trip to henderson and pitcairn islands a fantastic use of the web!
riquelme is a player the likes of which all the italian teams crave for so let van gal keep on playing games.
you betcha bitch! i am the most of the most clit lickin cunt you ever heard of!!!!! llllllooooooooooooooolllllllll my black ass can whooop and hollar when i let loose!!!!!!!
third year-came with a few friends-same dives-same fun! same faces well almost! thanks again!!
heading to sav this weekend due to storm some one call me easilyamused so we can check out each others gli s.
great site easy to get around load of saves to download thanks p s any chance of any chat rooms related to consoles.
thats what i was thinking about and as soon as we get a website we can post it on there too speaking of websites what up wit dat?

----hbqod0547772tvdpjqijd--



From gustave@acquilano.com  Sun Apr 24 04:21:32 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA26994
	for ; Sun, 24 Apr 2005 04:21:29 -0400 (EDT)
Received: from [206.114.29.38] (helo=ip70-181-48-36.ri.ri.cox.net)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPcYp-00054h-6M
	for eap-archive@ietf.org; Sun, 24 Apr 2005 04:33:56 -0400
Message-ID: <416d01c548d0$b8f75c68$b941eb7a@acquilano.com>
From: "Susan M. Taylor" 
To: eap-archive@ietf.org
Subject: =?iso-8859-1?B?U3dpc3Mgd2F0Y2hlcyAtIGNvcGllcw==?=
Date: Sun, 24 Apr 2005 13:22:54 +0000
MIME-Version: 1.0
Content-Type: multipart/related;
    type="multipart/alternative";
    boundary="----=_NextPart_000_0000_6B65A189.F3B103A1"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam-Score: 4.9 (++++)
X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d

This is a multi-part message in MIME format.

------=_NextPart_000_0000_6B65A189.F3B103A1
Content-Type: multipart/alternative;
    boundary="----=_NextPart_001_0001_FDD34C1D.BBFB5807"


------=_NextPart_001_0001_FDD34C1D.BBFB5807
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

TRUE COPIES OF SWISS WATCHES

- exact copies of the original watches
- perfect as a gift for your colleagues and friends
- free gift box

Rolex, Patek Philippe, Omega
Cartier, Gucci, Franck Muller

.. and 25 other most famous manufacturers.

http://www.excellentwatches.biz

All copies are for only $249.99!


_________________________________________________________________________
To change your mail preferences, go here: http://www.signoffcorp.biz/uns.htm
_________________________________________________________________________


------=_NextPart_001_0001_FDD34C1D.BBFB5807
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit







  
  

    
      



REPLICA WATCH MODELS



- exact copies of the original watches

- perfect as a gift for your colleagues and friends

- free gift box



Rolex, Patek Philippe, Omega

Cartier, Gucci, Franck Muller



.. and 25 other most famous manufacturers.



http://www.excellentwatches.biz



All copies are for only $249.99!




_________________________________________________________________________

To change your mail preferences, go here

_________________________________________________________________________






------=_NextPart_001_0001_FDD34C1D.BBFB5807--



------=_NextPart_000_0000_6B65A189.F3B103A1--



From qunli1628@163.com  Sun Apr 24 06:01:08 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA03500
	for ; Sun, 24 Apr 2005 06:01:08 -0400 (EDT)
Message-Id: <200504241001.GAA03500@ietf.org>
Received: from [218.18.135.86] (helo=163.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DPe7K-0001CG-0c
	for eap-archive@ietf.org; Sun, 24 Apr 2005 06:13:36 -0400
From: =?GB2312?B?ye7b2si6waa/xry8?= 
Subject: =?GB2312?B?v+zL2deo0rXJz8PFzqzQ3rXnxNQ=?=
To: eap-archive@ietf.org
Content-Type: text/html;charset="GB2312"
Date: Sun, 24 Apr 2005 18:01:48 +0800
X-Priority: 2
X-Mailer: Foxmail 4.2 [cn]
X-Spam-Score: 11.7 (+++++++++++)
X-Spam-Flag: YES
X-NONENGLISH: Subject contains non-English characters
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5


ÎÞ±êÌâÎĵµ









  
  


        

        

          
            
     ³¬µÍ¼Û**Ç©Ô¼°üÔÂ**¿ìËÙרҵÉÏÃÅάÐÞµçÄÔ

                       ÉÁµç°²×°ÐÂϵͳ  30·ÖÖÓ¾ÍOK  ÉúÒâÈ˵ÄÊ×Ñ¡


                   (1)µçÄÔ×é×°¼°Ó²¼þÏúÊÛÓëά»¤
       (2)¿ìËÙ°²×°¸÷ÖÖ·±¡¢¼òÌå²Ù×÷ϵͳ(Win98(ME)¡¢WinXP¡¢Win2000) 
            
       (3)Åųý¸÷ÖÖ³£¼ûµÄ¹ÊÕÏ¡¢Ó²ÅÌÊý¾Ý»Ö¸´
       (4)°²×°¸÷ÖÖ³£Óð칫¡¢¹¤¾ß
Èí¼þ(°²×°ÐÂϵ
ͳÃâ·Ñ)
       (5)ÏúÊÛÕý°æɱ¶¾Èí¼þ¡¢ËÑË÷¡¢Èº·¢EmailÈí¼þ
       (6)¾ÖÓòÍø¡¢¹ã
ÓòÍø¹²Ïí

       (7)ÍøÂçϵͳ²¼ÏßÉè¼Æ¼°Ó¦ÓÃ
       (8)¼ÆËã»ú²¡¶¾·ÀÖμ°·À»ðǽÉèÖÃ

       (9)¿ìËÙ½â¾öADSL¡¢ÌìÍþ¡¢Íøͨһ¸öÕʺŶà»úͬʱÉÏÍø
       (10)רҵ×齨ÓÐÅÌ¡¢ÎÞÅÌÍø
°É¹¤³Ì
            
       * ×¨Òµ×齨ÓÐÅÌÍø°É¹¤³Ì£º

           

1¡¢µçÄÔ×é×° 
2¡¢°²×°²Ù×÷ϵͳ 
3¡¢°²×°¸÷ÖÖ×îÐÂÍøÂç¡¢±¾µØÓÎÏ·

           
4¡¢×îо«²ÊµçÓ°´óƬ¡¢MP3ÒôÀÖ  
5¡¢ÍòÏó¡¢ÃÀƼÖÇÄÜ»¯ÊÕ·Ñϵͳ
           
6¡¢°²×°ÖÇÄÜ»¯»¹Ô­¾«Áé  
7¡¢ÍøÂç²¼Ïß¡¢ÍøÂç×ÊÔ´¹²Ïí

                   ** µçÄÔά»¤¡¢µçÄÔ×é×°¡¢ÍøÂ繤³Ì **

                     * ÈÈÁÒ»¶Ó­µ¥Î»»ò¸öÈËÇ©Ô¼°üÔ *

                   ** ÈȳϵķþÎñ£¬È«ÐÄÈ«ÒâȫΪÁËÄú **
            
       ÉîÛÚȺÁ¦¿Æ¼¼ÓÐÏÞ¹«Ë¾
       ÁªÏµÈË£ºÕÅ  ·æ

       ÁªÏµµç»°£º13714661862»ò0755-88363633
       QQ£º282079259   
            2441630
       E-mail:168it@126.com       


      



From nlnlmnuhschjf@theage.com.au  Sun Apr 24 11:05:23 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA23532;
	Sun, 24 Apr 2005 11:05:22 -0400 (EDT)
Received: from c-24-63-200-141.hsd1.ma.comcast.net ([24.63.200.141])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPirn-0006fX-Pl; Sun, 24 Apr 2005 11:17:53 -0400
Received: from 24.63.200.141
        (SquirrelMail authenticated user nlnlmnuhschjf@theage.com.au);
        by wipo.org with HTTP;
        Fri, 22 Apr 2005 14:24:47 +0000
Message-Id: <41835559208807.5074QBMOZB1.squirrel@24.63.200.141>
Date: Sun, 24 Apr 2005 08:05:11 -0800
Subject: An erection is like the Theory of Relativity: the more you think about it, the harder it gets.
From: "Charley Villarreal" 
To: rserpool@ietf.org, disman@ietf.org, rps-archive@ietf.org,
        eap-archive@ietf.org, ietf-archive@ietf.org, iporpr-admin@ietf.org,
        amyk@ietf.org
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--729661717.67301530PVUOI"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Score: 16.9 (++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 93238566e09e6e262849b4f805833007

----729661717.67301530PVUOI
Content-Type: text/plain; charset="US-ASCII"

Soft Tabs: perfect feeling of being men again.
Starts working within just 15 minutes.
You take a candy and get hard rock erection.
This is not miracle. This is just Soft Tabs.
Copy & Paste this link into your browser.
Info Site: www.voocbzi.ixlb41i12t08hal.tanachklgmj.com

----729661717.67301530PVUOI
Content-Type: text/html; charset=iso-8859-1


Soft Tabs: perfect feeling of being men again.

Starts working within just 15 minutes.

You take a candy and get hard rock erection.

This is not miracle. This is just Soft Tabs.

Copy & Paste this link into your browser.

Info Site: www.voocbzi.ixlb41i12t08hal.tanachklgmj.com





----729661717.67301530PVUOI--


From josef_pilch@megsinet.net  Sun Apr 24 11:32:47 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA26700;
	Sun, 24 Apr 2005 11:32:47 -0400 (EDT)
From: josef_pilch@megsinet.net
Message-Id: <200504241532.LAA26700@ietf.org>
Received: from c-24-125-158-210.hsd1.va.comcast.net ([24.125.158.210])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPjIL-00082I-0B; Sun, 24 Apr 2005 11:45:18 -0400
To: dhcwg@ietf.org
Subject: Re: Enjoy
Date: Sun, 24 Apr 2005 15:30:38 -0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 24.9 (++++++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Content-Transfer-Encoding: quoted-printable

*****
Premature Ejaculation
*
Did you ejaculate before or within a few minutes of penetration? 
http://frapped.net/et/?koz852
*****
#
#
#
#
#
#
#
#
http://frapped.net/rm.php?koz852 ooutt        
The Abraham Lincoln kept up half-steam, and advanced cautiously so as not =
to awake its adversary! He believed in it, as certain good women believe i=
n the leviathan -- by faith, not by reason. That there really was somethin=
g could not be doubted, and the incredulous were invited to put their fing=
er on the wound of the Scotia!!! He was quiet by nature, regular from prin=
ciple, zealous from habit, evincing little disturbance at the different su=
rprises of life, very quick with his hands, and apt at any service require=
d of him; and, despite his name, never giving advice -- even when asked fo=
r it?=20


From greenman@fadmail.com  Sun Apr 24 13:39:22 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06963;
	Sun, 24 Apr 2005 13:39:22 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DPlGr-0005lS-00; Sun, 24 Apr 2005 13:51:55 -0400
Received: from c-67-167-84-137.hsd1.il.comcast.net ([67.167.84.137])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DPl4j-0001yl-Ln; Sun, 24 Apr 2005 13:39:22 -0400
Authentication-Results: dimple.es
  from=premium.az.es; domainkeys=neutral (no sig)
X-Originating-IP: [158.125.188.141]
Received: from premium.transmitted.es  (EHLO premium.cherry.es) 
  by premium.chromosome.es with SMTP; Sun, 24 Apr 2005 17:30:14 -0100
Date: Sun, 24 Apr 2005 11:39:14 -0700
From: "Darnell Blackmon" 
To: dnssec-archive@ietf.org
Cc: donny.gifford@ietf.org, dorthy.bruno@ietf.org, doyle.crouch@ietf.org,
        dp@ietf.org, drafts@ietf.org, drums-archive@ietf.org,
        dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org,
        e@ietf.org, e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org
Subject: Notification: We offer low rates
Message-ID: <114941.0082.greenman@fadmail.com>
X-Mailer: Kana Connect 6
X-Spam-Score: 16.4 (++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.n1c3.com/sign.asp



 Best Regards,

 Elijah Shook
 
 to be remov(ed:	http://www.n1c3.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From nobody@penrod.cyberpixels.com  Sun Apr 24 23:58:25 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA16981
	for ; Sun, 24 Apr 2005 23:58:25 -0400 (EDT)
Received: from penrod.cyberpixels.com ([64.62.137.203])
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DPuw2-0000QW-IF
	for eap-archive@ietf.org; Mon, 25 Apr 2005 00:11:03 -0400
Received: from nobody by penrod.cyberpixels.com with local (Exim 4.50)
	id 1DPujn-0003Pi-EE
	for eap-archive@ietf.org; Sun, 24 Apr 2005 20:58:23 -0700
To: eap-archive@ietf.org
Subject: Voce recebeu uma Piada Animada
FROM: mensageiro@humortadela.com.br
content-type: text/html
X-priority: 1
Received: from inter.net
Received: from dot.net
Message-Id: 
Date: Sun, 24 Apr 2005 20:58:23 -0700
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - penrod.cyberpixels.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [99 32258] / [47 12]
X-AntiAbuse: Sender Address Domain - penrod.cyberpixels.com
X-Source: /usr/bin/php
X-Source-Args: php -q enviar.txt arg.txt humor.htm 
X-Source-Dir: /tmp/.lol
X-Spam-Score: 5.4 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69








Alguém lembrou de você.




 
Olá, 

Alguém que não tinha nada para fazer (Rafael), numa de suas 
visitas ao Humor Tadela não sei por que cargas d'água, lhe recomendou a seguinte 
página:


"Piada Animada: Será que é você?" 


Comentários:


É dificil eu recomendar alguma coisa, porque foi muito engraçado 
quando eu vi, logo lembrei de você e decide mandar, concerteza você também irá 
gostar como eu gostei!


Abraços Rafael.



  
  

    
      
Ver Piada 
      Animada.

      
Não se desespere! Temos um 
      segundo link ativo abaixo:

      
http://humortadela.uol.com.br/piada_animada/index_336.html

      
Ou Acesse 
      http://www.humortadela.com.br

      
Ainda não funcionou? 

      
Bem, então chegou a hora de 
      começar a se desesperar...



Turma do Humor Tadela




O maior site de humor da América 
Latina!
http://www.humortadela.com.br


1



From polito@emailaccount.com  Mon Apr 25 05:20:49 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA27824;
	Mon, 25 Apr 2005 05:20:48 -0400 (EDT)
Received: from [217.129.11.205] (helo=mo-217-129-11-205.netvisao.pt)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DPzy3-0006he-Sn; Mon, 25 Apr 2005 05:33:29 -0400
Received: from vacuolate.bottle-orb.com (HELO zoroastrian.com 66.8.199.53)
  by stevens.com with EMQP; Mon, 25 Apr 2005 07:18:23 -0300
Date: Mon, 25 Apr 2005 11:12:23 +0100
From: "Matt Morales" 
Message-Id: 
To: drafts@ietf.org
Cc: drums-archive@ietf.org, dvsqhmanet@ietf.org,
        dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org,
        eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org,
        eccmtmagma-admin@ietf.org, ediint-archive@ietf.org,
        edu-discuss@ietf.org, edu-discuss-admin@ietf.org,
        edu-discuss-web-archive@ietf.org
Subject: Save hundreds every month on low rates
X-Mailer: CompuServe 7.0
X-Spam-Score: 2.6 (++)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22


Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.n1c3.com/sign.asp



 Best Regards,

 Berta Childers
 
 to be remov(ed:	http://www.n1c3.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.



From eap-admin@frascone.com  Mon Apr 25 07:25:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06828
	for ; Mon, 25 Apr 2005 07:25:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id D59D92046B;
	Mon, 25 Apr 2005 07:25:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id AA9BC20460;
	Mon, 25 Apr 2005 07:25:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 0A0122045D
	for ; Mon, 25 Apr 2005 07:24:33 -0400 (EDT)
Received: from tholian.rsasecurity.com (tholian.rsasecurity.com [216.162.240.129])
	by mail.frascone.com (Postfix) with ESMTP id 0B54B2045B
	for ; Mon, 25 Apr 2005 07:24:31 -0400 (EDT)
Received: from no.name.available by tholian.rsasecurity.com
          via smtpd (for frascone.com [204.49.99.9]) with ESMTP; Mon, 25 Apr 2005 07:24:28 -0400
Received: from sdtihq24.securid.com (localhost [127.0.0.1])
	by ebola.securitydynamics.com (8.12.10/NULL) with ESMTP id j3PBMPJX010673
	for ; Mon, 25 Apr 2005 07:22:25 -0400 (EDT)
Received: from rsana-ex-hq0.NA.RSA.NET (exna00.securitydynamics.com [10.100.8.49])
	by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id j3PBORV5016829
	for ; Mon, 25 Apr 2005 07:24:27 -0400 (EDT)
Received: from rsana-ex-sm1.NA.RSA.NET ([10.80.211.17]) by rsana-ex-hq0.NA.RSA.NET with Microsoft SMTPSVC(6.0.3790.211);
	 Mon, 25 Apr 2005 07:24:26 -0400
Received: from localhost ([10.129.13.17]) by rsana-ex-sm1.NA.RSA.NET with Microsoft SMTPSVC(6.0.3790.211);
	 Mon, 25 Apr 2005 04:24:25 -0700
From: Magnus Nystrom 
Reply-To: magnus@rsasecurity.com
To: eap@frascone.com
Message-ID: 
X-X-Sender: mnystrom@[10.80.211.17]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-OriginalArrivalTime: 25 Apr 2005 11:24:25.0461 (UTC) FILETIME=[56261250:01C54989]
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] I-D ACTION:draft-nystrom-eap-potp-01.txt (fwd)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 25 Apr 2005 13:24:19 +0200 (W. Europe Daylight Time)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Dear All,

Internet-Drafts@ietf.org wrote:

> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.


> 	Title		: The Protected One-Time Password Protocol 
>                         (EAP-POTP)
>	Author(s)	: M. Nystrom
>	Filename	: draft-nystrom-eap-potp-01.txt
>	Pages		: 71
>	Date		: 2005-4-21

>  This document describes a general EAP method suitable for use with
>  One-Time Password (OTP) tokens, in particular tokens with direct
>  electronic interfaces to their associated clients.  The method can be
>  used to provide unilateral or mutual authentication, and key
>  material, in protocols utilizing EAP, such as PPP, IEEE 802.1X and
>  IKEv2.

> A URL for this Internet-Draft is: 
> http://www.ietf.org/internet-drafts/draft-nystrom-eap-potp-01.txt

Changes compared to version -00 include:

-Introduction of a "Keep-Alive" TLV
-Description of PIN padding before encryption
-Increased length of session identifier from 4 to 8 bytes
-New IPR statement
-Updated examples

Feedback and comments on this EAP method is welcome and solicited, please 
use the OTPS mailing list (see 
http://www.rsasecurity.com/rsalabs/node.asp?id=2829)

Thanks to those who provided feedback on the previous version,
-- Magnus

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From Willou@gavia.com  Mon Apr 25 08:11:56 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA09875
	for ; Mon, 25 Apr 2005 08:11:46 -0400 (EDT)
Message-Id: <200504251211.IAA09875@ietf.org>
Received: from [217.219.147.157] (helo=gavia.com)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQ2dU-0006LV-Jf
	for eap-archive@ietf.org; Mon, 25 Apr 2005 08:24:27 -0400
From: "Clodagh Willoughby" 
To: "Savino Ennis" 
Subject: Re: VlAGRRA VALLlUM CIALLlS
Date: Mon, 25 Apr 2005 08:11:30 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0008_01C545A2.426CEC82"
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 4.7 (++++)
X-Scan-Signature: 2beba50d0fcdeee5f091c59f204d4365

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C545A2.426CEC82
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello, 

so reduced our fleet from three ships to two, we should even now 
gun-tackles upon which they were labouring, had come to crowd abo
in which a man had thought to spend his life.
for no other sin but that he had practised mercy.
considering the adventurous spirit that once already had sent him

You're hanging men without trial?  Faith, then, it's mistaken I 
and sat down at the table.  In an unsteady hand he wrote that
at last, and was venting his fury in unprintable abuse.  Captain
I knew.
eh?  His business, let me tell you, M. de Cussy, is to obey my
a torment still more unspeakable.  Flies, the cruel flies of the
the tap we gave you.  For it means that you'll be put to the trou
swell if he added that this girl had that day informed him that s
danger from their own artillery.


Have a nice day.
------=_NextPart_000_0008_01C545A2.426CEC82
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable









 


      

  
  

    Hello, =
Would you like to spend less on  your MEDlCATlONS?

  

    

        
        

          V
          
          gr
          

        

          ia
          a $200=20
            (120 piIls)

      

        
        

          Ci
          
          li
          

        

          a
          s $180=20
            (80 pilIs)

      

        
        

          Va
          
          iu
          

        

          l
          m $250=20
            (220 piIls)

      

        
        

          Le
          
          t
          

        

          vi
          ra $300=20
            (50 pilIs)

      

        
        

          X
          
          a
          

        

          an
          x $270=20
            (200 piIIs) and many =
other

      
 

      
Have a nice day.

      
P.S. 
	 You will be  pleasantly surprised with our prices! =
	


------=_NextPart_000_0008_01C545A2.426CEC82--



From eap-admin@frascone.com  Mon Apr 25 10:20:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA19235
	for ; Mon, 25 Apr 2005 10:20:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 097E220480;
	Mon, 25 Apr 2005 10:20:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id E1FF620479;
	Mon, 25 Apr 2005 10:20:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B456720477
	for ; Mon, 25 Apr 2005 10:19:12 -0400 (EDT)
Received: from orsfmr002.jf.intel.com (fmr17.intel.com [134.134.136.16])
	by mail.frascone.com (Postfix) with ESMTP id C34C820471
	for ; Mon, 25 Apr 2005 10:19:10 -0400 (EDT)
Received: from orsfmr101.jf.intel.com (orsfmr101.jf.intel.com [10.7.209.17])
	by orsfmr002.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j3PEJ52e002885;
	Mon, 25 Apr 2005 14:19:05 GMT
Received: from orsmsxvs041.jf.intel.com (orsmsxvs041.jf.intel.com [192.168.65.54])
	by orsfmr101.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j3PEIsXS006079;
	Mon, 25 Apr 2005 14:19:02 GMT
Received: from orsmsx332.amr.corp.intel.com ([192.168.65.60])
 by orsmsxvs041.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005042507190211916
 ; Mon, 25 Apr 2005 07:19:02 -0700
Received: from orsmsx408.amr.corp.intel.com ([192.168.65.52]) by orsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211);
	 Mon, 25 Apr 2005 07:19:02 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
Message-ID: 
Thread-Topic: [eap] [Issue 297] Review of Identity Selection -12
Thread-Index: AcVESivJH71HxgXLRO2UB0jw2daZOAFVnNdg
From: "Adrangi, Farid" 
To: "Bernard Aboba" 
Cc: 
X-OriginalArrivalTime: 25 Apr 2005 14:19:02.0592 (UTC) FILETIME=[BB016400:01C549A1]
X-Scanned-By: MIMEDefang 2.44
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 25 Apr 2005 07:19:01 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

section 5.1 says that proxy must reply with Access-Reject or
Access-Challenge -- so why do you consider that additional proxy
behavior? =20
Thanks,
Farid

> -----Original Message-----
> From: Bernard Aboba [mailto:aboba@internaut.com]=20
> Sent: Monday, April 18, 2005 12:10 PM
> To: Adrangi, Farid
> Cc: eap@frascone.com
> Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
>=20
>=20
> > Looks reasonable to me.  Though I don't quite understand the last
> > comment:
> >
> > "Given that this specification changes AAA proxy behavior, I believe
> > that it should include "Updates: 2607" in the header."
> >
> > Could you please elaborate?
>=20
> RFC 2607 is the document that specifies RADIUS proxy behavior=20
> in roaming
> environments.  This document appears compatible with RFC=20
> 2607, but it does
> specify additional proxy behavior (e.g. sending a Challenge=20
> with a hint
> instead of Access-Reject).
>=20
>=20
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 25 11:47:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA26503
	for ; Mon, 25 Apr 2005 11:47:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 079CF2049A;
	Mon, 25 Apr 2005 11:47:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 897412048B;
	Mon, 25 Apr 2005 11:47:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 259642048B
	for ; Mon, 25 Apr 2005 11:46:30 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 4A85020483
	for ; Mon, 25 Apr 2005 11:46:28 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DQ5n1-000DHq-99
	for eap@frascone.com; Mon, 25 Apr 2005 11:46:27 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3PFkQ023552
	for ; Mon, 25 Apr 2005 08:46:26 -0700
From: Bernard Aboba 
To: eap@frascone.com
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Implementation Survey:  How does your EAP peer/RADIUS proxy handle
 internationalization?
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 25 Apr 2005 08:46:25 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

RFC 2486bis specifies how the NAI is internationalized.  In the
development of this document, some questions have arisen about the
behavior of existing EAP peers and RADIUS proxies.  In order to understand
how existing implementations function, we need implementers to volunteer
the answer to several questions:

1. How is internationalization supported on your EAP peer implementation?

Does your EAP peer implementation support formating of the realm
portion in IDN, or does it enable entering of UTF-8, or perhaps just plain
ASCII?

2. How is internationalization supported on your RADIUS proxy
implementation?.

How does your implementation support internationalization within the realm
table?  Are realm table entries stored in IDN, UTF-8, or something else?
How are comparisons done between the realm in the NAI and the realm stored
in the realm table?

Please respond by May 2, 2005.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 25 12:01:28 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA27510
	for ; Mon, 25 Apr 2005 12:01:27 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 1EC7A204AA;
	Mon, 25 Apr 2005 12:01:26 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A7D33204B3;
	Mon, 25 Apr 2005 12:01:21 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 657BB204A5
	for ; Mon, 25 Apr 2005 12:00:24 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 986FC20498
	for ; Mon, 25 Apr 2005 12:00:22 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DQ60S-000FmE-QZ; Mon, 25 Apr 2005 12:00:20 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3PG0I124477;
	Mon, 25 Apr 2005 09:00:18 -0700
From: Bernard Aboba 
To: Martin Soukup 
Cc: "'Thierry Moreau'" , radiusext@ops.ietf.org,
        isms@ietf.org, eap@frascone.com
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <0BDFFF51DC89434FA33F8B37FCE363D5030B9BBA@zcarhxm2.corp.nortel.com>
Message-ID: 
References: <0BDFFF51DC89434FA33F8B37FCE363D5030B9BBA@zcarhxm2.corp.nortel.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 25 Apr 2005 09:00:18 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> The use of RADIUS itself without a defined extension such as EAP-TLS or
> EAP-PEAP over RADIUS cannot securely pass attributes between entities. Note
> that the defined EAP-TLS (or other EAP mechanisms) over RADIUS provides for
> secure attribute passing between entities even through proxies.

EAP does not affect how RADIUS attributes are passed, nor does it enable
the passing of RADIUS attributes between the EAP peer and server.  So as
far as RADIUS attributes are concerned, what EAP method is used, or
whether EAP is used does not affect RADIUS security, except that an
EAP-Message attribute is included in the messages.

Also, EAP-TLS does not permit passing of TLVs between the peer and server;
this is only allowed in tunneled mechanisms such as EAP-TTLS and PEAP.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 25 12:08:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA28024
	for ; Mon, 25 Apr 2005 12:08:07 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 38D43204BB;
	Mon, 25 Apr 2005 12:08:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 97DEE204AA;
	Mon, 25 Apr 2005 12:08:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 22CB8204AA
	for ; Mon, 25 Apr 2005 12:07:36 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 209032049A
	for ; Mon, 25 Apr 2005 12:07:34 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DQ67R-000Gm2-TG; Mon, 25 Apr 2005 12:07:34 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3PG7Sd24940;
	Mon, 25 Apr 2005 09:07:29 -0700
From: Bernard Aboba 
To: "Adrangi, Farid" 
Cc: eap@frascone.com
Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 25 Apr 2005 09:07:28 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> section 5.1 says that proxy must reply with Access-Reject or
> Access-Challenge -- so why do you consider that additional proxy
> behavior?
> Thanks,
> Farid

RFC 2607 doesn't say what is contained in the Access-Reject (probably
because it was written before use of EAP became popular).  Back in those
days, an Access-Reject would probably just contain a Reply-Message
attribute with an error message, or maybe nothing at all.  However,
Reply-Message was deprecated in RFC 3579, so that won't work with EAP.

Therefore the portion of the document that refers to acceptable
proxy behavior in response to an unknown realm in an Access-Request
containing EAP-Message attributes probably should be followed by all
RADIUS proxies.  It's a clarification of RFC 2607 for use with EAP.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From daryl@abum.com  Mon Apr 25 12:57:12 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01463
	for ; Mon, 25 Apr 2005 12:57:10 -0400 (EDT)
Received: from [193.220.52.6] (helo=193.220.52.6)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQ75g-0008HZ-Pr
	for eap-archive@ietf.org; Mon, 25 Apr 2005 13:09:55 -0400
Message-ID: <286101c549b7$4ecb95e2$739aaf7f@abum.com>
From: "Vanessa J. Smith" 
To: eap-archive@ietf.org
Subject: =?iso-8859-1?B?UG9wdWxhciBzb2Z0IC0gd2hvbGVzYWxlIHByaWNl?=
Date: Mon, 25 Apr 2005 16:56:43 +0000
MIME-Version: 1.0
Content-Type: multipart/related;
    type="multipart/alternative";
    boundary="----=_NextPart_000_0000_1E8A4D39.128A0AFA"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam-Score: 3.5 (+++)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024

This is a multi-part message in MIME format.

------=_NextPart_000_0000_1E8A4D39.128A0AFA
Content-Type: multipart/alternative;
    boundary="----=_NextPart_001_0001_C69E6152.DD9231D5"


------=_NextPart_001_0001_C69E6152.DD9231D5
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

Access all the software you ever imagined for prices substantially lower than in stores!
Our software is 2-10 times cheaper than sold by our competitors.

A few examples:
$79.95 Windows XP Professional (Including: Service Pack 2)
$89.95 Microsoft Office 2003 Professional / $79.95 Office XP Professional
$99.95 Adobe Photoshop 8.0/CS (Including: ImageReady CS)
$179.95 Macromedia Studio MX 2004 (Including: Dreamweaver MX + Flash MX + Fireworks MX)
$79.95 Adobe Acrobat 6.0 Professional
$69.95 MS Visio 2003 Professional

Special Offers:
$89.95 Windows XP Professional + Office XP Professional
$149.95 Adobe Creative Suite Premium (5 CD)
$129.95 Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator 10

All main products from Microsoft, Adobe, Macromedia, Corel, etc.
And many other... For full list of products go:

http://www.cheapsoft.biz

Best,
Vanessa Smith


_____________________________________________________ 
To be taken out, go here: http://www.cheapsoft.biz/uns.htm
_____________________________________________________ 


------=_NextPart_001_0001_C69E6152.DD9231D5
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit










  
  

    Get access to all the popular 
      software imaginable for 
      unbelievably low prices!
Our software is 2-10 times cheaper than sold by 
      our competitors.

Examples:
$79.95 Windows XP Professional (Including: Service Pack 
      2)
$89.95 Microsoft Office 2003 Professional / $79.95 Office 
      XP Professional
$99.95 Adobe Photoshop 8.0/CS (Including: ImageReady 
      CS)
$179.95 Macromedia Studio MX 2004 (Including: Dreamweaver MX + 
      Flash MX + Fireworks MX)
$79.95 Adobe Acrobat 6.0 
      Professional
$69.95 MS Visio 2003 Professional

Special Offers:
$89.95 Windows 
      XP Professional + Office XP Professional
$149.95 Adobe Creative Suite Premium (5 CD)
$129.95 Adobe Photoshop 7 + Adobe 
      Premiere 7 + Adobe Illustrator 10

All main products from Microsoft, 
      Adobe, Macromedia, Corel, etc.
And many more... Enter here:

http://www.cheapsoft.biz

Best,
Vanessa 
      Smith


_____________________________________________________ 
      
To change your mail preferences, go here: http://www.cheapsoft.biz/uns.htm
_____________________________________________________ 

      



------=_NextPart_001_0001_C69E6152.DD9231D5--



------=_NextPart_000_0000_1E8A4D39.128A0AFA--



From eap-admin@frascone.com  Mon Apr 25 13:30:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA03794
	for ; Mon, 25 Apr 2005 13:30:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 99107204FE;
	Mon, 25 Apr 2005 13:30:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B57E7204C5;
	Mon, 25 Apr 2005 13:30:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 18971204BB
	for ; Mon, 25 Apr 2005 13:29:13 -0400 (EDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140])
	by mail.frascone.com (Postfix) with ESMTP id CEF19202BD
	for ; Mon, 25 Apr 2005 13:29:11 -0400 (EDT)
Received: from ams-core-1.cisco.com (144.254.224.150)
  by ams-iport-1.cisco.com with ESMTP; 25 Apr 2005 19:29:08 +0200
Received: from gwzw2k01 (rtp-vpn2-904.cisco.com [10.82.243.136])
	by ams-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j3PHT254017150;
	Mon, 25 Apr 2005 19:29:03 +0200 (MEST)
Message-Id: <200504251729.j3PHT254017150@ams-core-1.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: "'Martin Soukup'" ,
        "'Thierry Moreau'" ,
        "'Bernard Aboba'" 
Cc: , , 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0087_01C54981.9B1F8470"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <0BDFFF51DC89434FA33F8B37FCE363D5030B9BBA@zcarhxm2.corp.nortel.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVJlvONKqR4Qo7bQGet8WrhlnyAXQAJFy3g
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 25 Apr 2005 10:28:56 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

This is a multi-part message in MIME format.

------=_NextPart_000_0087_01C54981.9B1F8470
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

The use of RADIUS itself without a defined extension such as EAP-TLS
or EAP-PEAP over RADIUS cannot securely pass attributes between
entities. Note that the defined EAP-TLS (or other EAP mechanisms)
over RADIUS provides for secure attribute passing between entities
even through proxies. 
 
I thought that I was passing familiar w/EAP-TLS (and even more so
w/PEAP), but I am completely unaware of such capabilities.  Would
you mind explaining how this is achieved, given that RADIUS & EAP
are completely different protocols?

Martin. 

> -----Original Message----- 
> From: isms-bounces@lists.ietf.org 
> [mailto:isms-bounces@lists.ietf.org] On Behalf Of Thierry Moreau 
> Sent: April 22, 2005 1:56 PM 
> To: Bernard Aboba 
> Cc: radiusext@ops.ietf.org; isms@ietf.org; eap@frascone.com 
> Subject: Re: [eap] RE: [Isms] RADIUS is not a trusted third party 
> 
> 
> Thanks for these explanations. 
> 
> See comments in-line below. 
> 
> 
> 
> Bernard Aboba wrote: 
> 
> [... explanations about end-to-end (NAS to server) and current
RADIUS 
> protocols ...] 
> 
> > 
> > Are you proposing creating a new RADIUS security model that 
> would only 
> > be used by ISMS?  That seems like a lot of work for little
overall 
> > benefit to the RADIUS community. 
> > 
> 
> I did assume that an implementation-specific attribute to the
RADIUS 
> Access-Accept packet would pass unmodified through a RADIUS 
> proxy, which 
> in fact is a matter of proxy policy (RFC2865 , section 2.3). 
> With this 
> erroneous assumption, I thought I was proposing an 
> implementation-specific use of existing RADIUS protocol 
> facility. I did 
> not expect any "benefit to the RADIUS community". 
> 
> > 
> > 
> > Rather than designing a new version of RADIUS to meet its needs,
it 
> > seems more profitable for ISMS to either figure out how to use
the 
> > protocol as it exists today, or to summarize its 
> requirements for new 
> > work and ask that it be chartered outside of ISMS. 
> > 
> 
> Point well taken. I just looked at RFC3576, abstract reproduced
below 
> 
>     "This document describes a currently deployed extension 
> to the Remote 
>     Authentication Dial In User Service (RADIUS) protocol,
allowing 
>     dynamic changes to a user session, as implemented by 
> network access 
>     server products.  This includes support for disconnecting 
> users and 
>     changing authorizations applicable to a user session." 
> 
> Unfortunately, the security section of RFC3576 raises a number of 
> concerns. E.g. the following sentence: "It is RECOMMENDED 
> that IPsec be 
> employed to afford better security." 
> 
> Again, thanks for your comments. 
> 
> -- 
> 
> - Thierry Moreau 
> 
> CONNOTECH Experts-conseils inc. 
> 9130 Place de Montgolfier 
> Montreal, Qc 
> Canada   H2M 2A1 
> 
> Tel.: (514)385-5691 
> Fax:  (514)385-5900 
> 
> web site: http://www.connotech.com 
> e-mail: thierry.moreau@connotech.com 
> 
> 
> _______________________________________________ 
> Isms mailing list 
> Isms@lists.ietf.org 
> https://www1.ietf.org/mailman/listinfo/isms 
> 
> 


------=_NextPart_000_0087_01C54981.9B1F8470
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


RE: [eap] RE: [Isms] RADIUS is not a trusted third =
party




The use of RADIUS itself =
without a defined=20
extension such as EAP-TLS or EAP-PEAP over RADIUS cannot securely pass=20
attributes between entities. Note that the defined EAP-TLS (or other EAP =

mechanisms) over RADIUS provides for secure attribute passing between =
entities=20
even through proxies. 


 


I thought that I was passing familiar =
w/EAP-TLS (and=20
even more so w/PEAP), but I am completely unaware of such =
capabilities. =20
Would you mind explaining how this is achieved, given that RADIUS & =
EAP are=20
completely different protocols?


Martin. 


> -----Original Message----- 
>=20
From: isms-bounces@lists.ietf.org 
> [mailto:isms-bounces@lists.iet=
f.org]=20
On Behalf Of Thierry Moreau 
> Sent: April =
22, 2005=20
1:56 PM 
> To: Bernard Aboba =

> Cc: radiusext@ops.ietf.org; isms@ietf.org; =
eap@frascone.com=20

> Subject: Re: [eap] RE: [Isms] RADIUS is not a =
trusted=20
third party 
> 
>=20

> Thanks for these explanations. =

> 
> See comments in-line =
below.=20

> 
> 
>=20

> Bernard Aboba wrote: 
>=20

> [... explanations about end-to-end (NAS =
to server)=20
and current RADIUS 
> protocols ...] =

> 
> > 
> >=20
Are you proposing creating a new RADIUS security model that =

> would only 
> > be used by =
ISMS? =20
That seems like a lot of work for little overall 
>=20
> benefit to the RADIUS community. 
> =
>=20

> 
> I did =
assume that an=20
implementation-specific attribute to the RADIUS 
>=20
Access-Accept packet would pass unmodified through a RADIUS =

> proxy, which 
> in fact is a =
matter of=20
proxy policy (RFC2865 , section 2.3). 
> =
With this=20

> erroneous assumption, I thought I was =
proposing an=20

> implementation-specific use of existing =
RADIUS=20
protocol 
> facility. I did 
> not expect any "benefit to the RADIUS community". =

> 
> > 
> >=20

> > Rather than designing a new version =
of RADIUS=20
to meet its needs, it 
> > seems more =
profitable=20
for ISMS to either figure out how to use the 
> >=20
protocol as it exists today, or to summarize its 
>=20
requirements for new 
> > work and ask =
that it be=20
chartered outside of ISMS. 
> > =

> 
> Point well taken. I just =
looked at=20
RFC3576, abstract reproduced below 
> =

>     "This document describes a =
currently=20
deployed extension 
> to the Remote =

>     Authentication Dial In User =
Service (RADIUS)=20
protocol, allowing 
>     dynamic=20
changes to a user session, as implemented by 
>=20
network access 
>     =
server=20
products.  This includes support for disconnecting 
> users and 
>    =20
changing authorizations applicable to a user session." 
> 
> Unfortunately, the security =
section of=20
RFC3576 raises a number of 
> concerns. E.g. =
the=20
following sentence: "It is RECOMMENDED 
> =
that IPsec=20
be 
> employed to afford better =
security."=20

> 
> Again, thanks for =
your=20
comments. 
> 
> =
--=20

> 
> - Thierry=20
Moreau 
> 
> =
CONNOTECH=20
Experts-conseils inc. 
> 9130 Place de=20
Montgolfier 
> Montreal, Qc 
> Canada   H2M 2A1 
>=20

> Tel.: (514)385-5691 
>=20
Fax:  (514)385-5900 
> 
> web site: http://www.connotech.com 
> e-mail:=20
thierry.moreau@connotech.com 
> =

> 
>=20
_______________________________________________ 
>=20
Isms mailing list 
> =
Isms@lists.ietf.org=20

> https://www1.ietf.org/mailman/listinfo/isms =

> 
> 


------=_NextPart_000_0087_01C54981.9B1F8470--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Mon Apr 25 22:02:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA21421
	for ; Mon, 25 Apr 2005 22:02:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6B8B8204AE;
	Mon, 25 Apr 2005 22:02:11 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 2F30E20456;
	Mon, 25 Apr 2005 22:02:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 8E25320456
	for ; Mon, 25 Apr 2005 22:01:36 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 9AA2020452
	for ; Mon, 25 Apr 2005 22:01:34 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DQFOH-0003tW-8M; Mon, 25 Apr 2005 22:01:33 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3Q21VP30227;
	Mon, 25 Apr 2005 19:01:31 -0700
From: Bernard Aboba 
To: "Glen Zorn (gwz)" 
Cc: radiusext@ops.ietf.org, eap@frascone.com, isms@ietf.org
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <200504251729.j3PHT254017150@ams-core-1.cisco.com>
Message-ID: 
References: <200504251729.j3PHT254017150@ams-core-1.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Mon, 25 Apr 2005 19:01:31 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Martin Soukup said:

> The use of RADIUS itself without a defined extension such as EAP-TLS
> or EAP-PEAP over RADIUS cannot securely pass attributes between
> entities. Note that the defined EAP-TLS (or other EAP mechanisms)
> over RADIUS provides for secure attribute passing between entities
> even through proxies.

In response to which, Glen Zorn spake thusly:

> I thought that I was passing familiar w/EAP-TLS (and even more so
> w/PEAP), but I am completely unaware of such capabilities.  Would
> you mind explaining how this is achieved, given that RADIUS & EAP
> are completely different protocols?

I also was unaware of the ability of EAP-TLS to transmit RADIUS attributes
between the EAP peer and server.  I had always thought RADIUS was a
protocol only spoken between a NAS and a RADIUS server, and that EAP-TLS
didn't support transmission of TLVs.  But I guess this is a somewhat old
fashioned point of view.

Perhaps this is referring to EAP-TLS "extended" via the following?
http://www.ietf.org/internet-drafts/draft-funk-tls-inner-application-extension-01.txt


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From richid@yebox.com  Tue Apr 26 00:14:46 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA01988;
	Tue, 26 Apr 2005 00:14:46 -0400 (EDT)
Received: from [24.176.99.124] (helo=132.151.6.1)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQHfZ-0008Sm-Fn; Tue, 26 Apr 2005 00:27:37 -0400
X-Apparently-To: e3@ietf.org
X-Sieve: CMU Sieve 2.2
Received: from sandal.repository.pochta.ru ([unix socket])
         by actress.matrimonial.pochta.ru (Cyrus v2.2.3) with LMTPA;
         Tue, 26 Apr 2005 00:14:24 -0500
Date: Tue, 26 Apr 2005 07:14:24 +0200
From: "Bridgette Smith" 
Message-Id: 
X-Accept-Language: en,zh-TW,zh-CN,zh,ja,ko,tr,ru
To: e3@ietf.org
Cc: eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org,
        eccmtmagma-admin@ietf.org, ediint-archive@ietf.org,
        edu-discuss@ietf.org, edu-discuss-admin@ietf.org,
        edu-discuss-web-archive@ietf.org, edu-team@ietf.org,
        edu-team-admin@ietf.org, edu-team-bounces@ietf.org
Subject: Instant low rates
X-Mailer: Forte Agent 1.91/32.564
X-Spam-Score: 19.4 (+++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a


Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.cr3at3.com/sign.asp



 Best Regards,

 Jennie Murdock
 
 to be remov(ed:	http://www.cr3at3.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From pabpou@graffiti.net  Tue Apr 26 02:51:00 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA06800;
	Tue, 26 Apr 2005 02:50:59 -0400 (EDT)
Received: from s0106000476cc46a7.vn.shawcable.net ([24.85.181.31])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQK6m-0003H1-IN; Tue, 26 Apr 2005 03:03:49 -0400
Received: from piznmfkgd74.didamail.com (120.120.34.174) by r9-fg.didamail.com with Microsoft SMTPSVC(5.0.2195.6824);
	 Tue, 26 Apr 2005 00:44:39 -0700
Received: from acceptbeadlel17 (macarthur152.121.119.254)
          by didamail.com (fo9) with SMTP
          id <87069287595c5650kr>
          (Authid: AnnetteMccullough);
          Tue, 26 Apr 2005 03:46:39 -0400
From: "Armand Downs" 
To: "'Asrg'" 
Subject: Rock hard Ready to go-y 6074 g
Date: Tue, 26 Apr 2005 12:48:39 +0500
Message-ID: <037jr895nl5$1vz00y913$96l160womv@blufffairweatherstrippingzcx03333>
MIME-Version: 1.0
Content-Type: multipart/related;
	boundary="q23crqeqcr"
X-Spam-Score: 24.0 (++++++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: d4a1871e876bd836d4c351e861e8720d

This is a multi-part message in MIME format.

--q23crqeqcr
Content-Type: multipart/alternative;
        boundary="q23cthger"

--q23cthger
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: 7bit

Get a capable html e-mailer
Larger Firmer Erections 
Longer more intense orgasms 
results in the same night 
an overall Improvement in your Sexual health and Sexual performance 
And Much Much More!
--q23cthger
Content-Type: text/html;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable





















=









NeroAmplifico will give you: 



Larger Firmer Erections 

Longer more intense orgasms 

Results in the same night 


An overall Improvement in your 
 




Sexual health and Sexual perf=
ormance 














It's ok, it's not what I'm looking for.  OFF Here

















--q23cthger--

--q23crqeqcr
Content-Type: image/gif;
        name="image001.gif"
Content-Transfer-Encoding: base64
Content-ID: 
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDACAWGBwYFCAcGhwkIiAmMFA0MCwsMGJGSjpQdGZ6eHJm
cG6AkLicgIiuim5woNqirr7EztDOfJri8uDI8LjKzsb/2wBDASIkJDAqMF40NF7GhHCExsbGxsbG
xsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsb/wAARCAGQAlgDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwC3Z2ls
1nAzW8RJjUklBzxUv2K1/wCfaH/v2Kr2d0q2kKkdI1HX2qytyp7GouiuVifYrX/n2h/79il+xWv/
AD7Q/wDfsUv2hO+R+FH2iP1/Si4rMb9itf8An2h/79ij7Fa/8+0P/fsU/wA+P+8KcJUP8Y/Oi4WI
/sVr/wA+0P8A37FH2O1/59of+/YqUMp6EUuRTuFiH7Fa/wDPtD/37FH2K1/59of+/YqaigRD9itf
+faH/v2KPsVr/wA+0P8A37FT0UAQfYrX/n2h/wC/Yo+xWv8Az7Q/9+xU9FAEH2K1/wCfaH/v2KPs
Vr/z7Q/9+xU9FAEH2K1/59of+/Yo+xWv/PtD/wB+xU9FAEH2K1/59of+/Yo+xWv/AD7Q/wDfsVPR
QBB9itf+faH/AL9ij7Fa/wDPtD/37FT0UAQfYrX/AJ9of+/Yo+xWv/PtD/37FT0UAQfYrX/n2h/7
9ij7Fa/8+0P/AH7FT0UAQfYrX/n2h/79ij7Fa/8APtD/AN+xU9FAEH2K1/59of8Av2KPsVr/AM+0
P/fsVPRQBB9itf8An2h/79ij7Fa/8+0P/fsVPRQBB9itf+faH/v2KPsVr/z6w/8AfsVPRQBB9itf
+faH/v2KPsVr/wA+0P8A37FT0UAQfYrX/n2h/wC/Yo+xWv8Az6w/9+xU9FAEP2K1/wCfWH/v2KPs
Vr/z6w/9+xU25d23cN3XGeaWgCD7Fa/8+sP/AH7FJ9itP+faH/v2KsUYoAg+xWv/AD6w/wDfsUfY
rX/n1h/79ip6KAIPsVp/z7Q/9+xR9itP+faH/v2KnooAg+xWv/PrD/37FH2K1/59Yf8Av2KnooAg
+xWv/PrD/wB+xR9itf8An1h/79ip6KAIPsVp/wA+0P8A37FH2K0/59of+/YqeigCD7Faf8+0P/fs
UfYrT/n1h/79ip6KAIPsVp/z7Qf9+xR9itf+fWH/AL9ip6KAIPsVr/z7Q/8AfsUfYrX/AJ9Yf+/Y
qeigCD7Fa/8APtD/AN+xR9itf+fWH/v2KnpCQoyxA+tAEP2K1/59Yf8Av2KPsVr/AM+sP/fsVPij
FAEH2K0/59Yf+/Yo+xWv/PrD/wB+xU+KCQoySB9aAIPsVr/z6w/9+xSfYrX/AJ9Yf+/YqxiigCv9
itf+faH/AL9ij7Fa/wDPtD/37FWMUYoAr/YrX/n1h/79ij7Fa/8APtD/AN+xU+KKAIPsVr/z7Q/9
+xR9itf+faH/AL9ip6KAIPsVr/z7Q/8AfsUfYrX/AJ9of+/YqeigCleWlstlOy28QIjYghBxxRU1
9/x4XH/XJv5UU0BnW8cbW0RMgB2Dg/SpPIXtIv50tpYeZaxMJsbkU4x7VL/Zj9plP4Vk4s2Ul3IP
JOeH/WjyZezH86mOnTjo6n8aabC5HTafoaVmPmXcj8ucdyaQrMP/ANVSG0ux0XP0NNMN4v8Ayzai
w7jD5o7fpQHkHalIul6xv+VJ5lwPvRn8VpWAXzpB/wDrpwuHHdvzpnnt/FH+lL9oXvGPyo1CxILt
/VqUXj+v6VD58feOjzYT/Bj8aLsLLsWPtp9R+VOF6e+2qm6H3H40ZhPc0XYcqLovR6D86UXi+n61
RxEf4qNidjRzMXIjQF2h7GlF1GfWs7y17NSFPQ/rT52HIjUFxEf4v0pRPF/fFZW09j+tJhh3p87F
7NGuJUP8a/nS71PRh+dY/wA/rSbnFHOHszayPWjNY3mPR5zjv+tHOHszaorG+1SD+M/nSreyj+On
zi9mzYorKF9J/ep4vpPUflT5kL2bNKis8X7dwDSi/wD9kUcyFyMv0VTF+P7v60v25P7v60cyDkZb
oqqL2P0NOF3H70cyFyssUVCLqI/xUouIj/FTuhWZLS1GJYz/ABCneYuMhhTuFjOb/kY0/wCuP+NX
4biKd5Eifc0Z2sMHg/5FZxfPiFTx/qaXSWxd6h/12P8AM0xF5LuCSKSRJMpFnecHjHWom1WyQqDO
PmGRwePr6VQsT/xLNR+r/wDoNOgjT/hHG+VeULHjqc0AXpdSs4pRE8w3e3IH41NNPFAE81wodtqn
1NZYjT/hGyNo5Td+OetR3/7zSdPDc5Kg/lRYDTg1C1nlMUUwZ/TB5+lWsVk6yqwrazIoVo5QBgdv
T9K0ZMvGyA43AjPpQBCupWjziFZdzE4GAcE+maqz6vHHqSxGQCBQRIdpyG54/l0pumXItgthcR+X
Ip+Uno/NOmP/ABUVuf8Apif/AGagC5Nf20McbvJxINy4UkkVJb3EV1H5kLh1zj6VFdXyW8ipsaSZ
h8qIMnH+FUtIdvt16DH5eSCU9DzRYC6uoWj+UFlBMpwoweapjWYv7QdXlAtgnBCnJbj/AOvUegQR
/ZmmZFaTfgEjpj0qWFv+KhnP/TEf+y0AaTyJHE0rHCKNxOO1NW4ia2+0B8xbd27Half50ZGGVYYN
YaysmiTWv8ay+UB9Tn/GgDZa7t0tluGkxE3QkHn8KW2uoLpSYX3beoxgis6VB/a1jbHlIo8ge/P+
Ap7nyvEERUY86IhvfGf8BRYC/DcRTvIkT7mjO1hg8H/IpqXlu8UkqyZSIkOcHjFUtIJF3qH/AF2P
8zVW0P8AxK9R92b+VFgNaO9t5ZVijk3Oy7gAO3Wq2spC0UXnSMg3cYXOaTR4I4rKKRUUyOMliOai
14kwRf7x/lTS1KjuX57yC08tZWYbhwcZ/OmQalbXEvlozbj0yMZqlrI3mzU98j+VGpRpFfWZjUJy
Ogx0IqrIdkO1DUmiukiicqqN+8496dqMttd2UchldE34BC5yfpUerAf2ha8DkjPHXmpNeAW0jCgA
b+w9qLbDSWhclu4LVIRIzYcfKcfTr+dRJq1o7ld5XHcjg1S1n5o7IH0I/wDQaNYhiSe2VEVQeDgY
4yKLIEkX7fUra4l8pGYMemRjNOu76C0YLKW3EZwB2rP1JEi1G0MaqnI6DHerd7ewwTKvk+dORgAD
kClYVixbXMV0heFs46g9RUd1f29q2yRiX/uqM4rP0ZiL64G3ZkElfTnpS6Oi3E09xKoZieM84zRY
OVIvHUbcCIksBL90498U+4u4rd0SQnc/QAVT1qEfY0dFCiNuw6A//XxUQf7bq1ueyRhj7HGf6iiy
Cy3Nc0lONNqCCG+/48Lj/rk38qKS+/48bj/rk38qKaAr2hIsocdfLX+VTxswHJ5qvaIv2SEnvGv8
qm3KvFR1LHNKwOASTThK/rTM0UBYl81/Wl85qizSH260CsTCZqXzz6VDS0wsS+cD1WgvGeqA/hUN
GaAsSEW7dYl/KmmK04zGozTAwb2NLjPXmkMDa2h/g/Wk+w2x6Aj8adiko0C7GnT4D0dx+NMOmIek
zVLj3pOfWiyHd9yA6X6TfmKT+y37Sj8qtAnHU0Bj60rIOZlP+zJh0dT+NJ9gn/2T+NXt7CjzDRZD
5pGebS4X+DP40gtpj1AX6mrrTqPvNUX2pDwGB/ClZD5mMW14ALj8KVrUDoxP4UGcdelKtwDxnkUW
C7K0kUiZOMioWkx1FaYkBG4daUTDIBVT+FFkPmZk+aPanCUHtWwFhcZMaH8KQw2x6xJ+VOwucyQ6
ntTsrWl9ltT/AMs1FH2K2P8ADj6E0uUftEZvy+tLwe9XzYW57sPxpp06LtI4pco/aIpj60uPQ1aG
nr2mb8aPsDDpNn6ijlYc6Kw3exoz7VZ+xy9pF/Kj7LOOhjNHKxcyK4JpzSmOMttJwOi96lFvcL/D
Gac6Sx28sjRqCiFvyFNRByRQti8t6bl0KKF2qD1NEUr2l3cfuXkWU7lKjv8A5NXpUdDxFmmZb/nk
1WRYqWqyJZXaOrB23cY68dqfHvGjmIht2wjbjmrBYd42FJuXPRhRcdkQ/P8A2N5WDu2Y245qG8Zx
p1mmMMrDg9jiroZexP41Wvo2mWIRjdtcE89qExNBPNLfywxmJ40Rtz7h3q89y6qSPmwOg71CxX1q
JgM8NSbKUUMuJ3vnhVYXQo4Yuy4xTrqV49ShuvLZ1VNpCjOOv+NOGfWl3MKOYXIhrTtDqf2sxO6P
HtwBkqaWwkdb26lkjZBJgjNAk55p26jmDkE0dzBZlJFZTvJwRimPMYNWa48t3jdNvyjODx/hTiaU
Zo5g5C+LhCcZxWW0YbXNoYeWSJj7ED/GpGJ2kqMkDIHrUVtE6FpZT+8fr7D0pqQnAtX4KXcF5EDJ
5eVdV6kH/wDWaSAm61L7WytHHGm1A/BJ9cfnTSWpMmjmHyCRSvY31yPIeVZm3IUHf/JplrHImm3q
SIRIzNgY68dvWpctSZb1o5g5C1p52WEKv8rBcEHtVbWvnhiC/N8x6U35qMsO9CmNQsO1TLvZ7QTg
nOO3Sl1TL3doVGQG5x25FN3t60m96rnDlHawGE0E6DcEPOPrmm6lN9rsInVGGX+73HWl8x6XzGo5
wsN1UF0s9oJwDnHbpT9Xy9zbFQSAecduRSb2pQ7elHOFg1MFr61KgkAjOO3NMnZrTVzcNGzow4I+
mKlDN6UoZ/SjnCxFpRc388kiFC4LYI9TUcTyaXcyqYi8T9CP0qyWf0pN7elHOFixIwu9OYsuwuh4
Paqegx482Zv9wf1/pTLszyKI4l4fgmpYY2giWNRnHX3ocrIVtLGoWHrSbh61mkSH+CmneOqVnzC5
C7fEfYbjn/lm38qKzrhj9nlG3+A/yoq4u4nGxatB/ocOP+ea/wAqkcAjOPyqOz/484P+ua/yqXAX
pUsEIMgU4HikzSE4ODQMdn0pabgdqGOB60CEZj2oJcdwaSPnJNPxQMFOVyetJwBxSfdb60pNACMu
4A5ww708HIpBQKAFoJpM0UCFo60maBQAtJSE4pCe9K4xScd8VBNKSdiCnklvpTcAHpzSGMjgJ5c8
VI3lKuME/SjOcEnC9h60H5zjvTArSrECflK/jUDAggqSaumLjjGaqzbVJ53GgBsdwyZDVajdWGVO
azXG7pzSxNhsPkinYDTEgU/eP4VPHKsnAz+NZ4kBHA6VPBIT9aQFvmjrSIcjDc/SnHigkKDSA0Zz
TAQKckk1Jk+tNBooAdk+tAZvWm5ozQIfuJpl0T9guP8Ark38qX3plwSbG4/65N/KmgJJW+am59qd
IOaoxO6avJEzsUdNygngf55pgXR9KbOzpC5iTc4Hyg96pWNw8mpTKzExvnZk8cHHFMWSV7O/uPMf
G4hPmPygen50wuXWuBDaCa5XYcDcAM4NR6hLs055ovlbCkHHTJFVL5DJosUzSSFgq5G7hs45PrT7
uDydGlPmyyblQ/O2ccjpQIuwqj28bMoJKAk468UGKI/wCs2eKe3sYroXDlwFyuflx6Y/KtRMOqt2
IzSGmMFvEf4aDbR54HH1qoA99eTR+a8cUPA2HBJpYJ5WsbyORiZYAw3dzwcH9KLDuWvskWc8/nSG
zj9Wqssj/wBhebvbfsJ3Z56+tR3c0sek2squ28suTk88HrRYOZlw2a9nNJ9j9JP0pbOCWJWaeUyO
+CR2X2FVrszPqscEczRq8fOD05P68UWDmZOLM5Pz/pTvsZ/56fpVe2MltqX2VpHkjddyFjkj/PNQ
wrc3d1cxCd0ijlJJySevA+nFFkHMy6bNuz0n2OT++KhAkv7udfNkjihO1dhxk+tRiaeXTLhTIwmg
bBZTgkD/ACaOVBzMs/Y5P7wo+yS/3lqK7uHksbbynKvOyjKnBHr+tK7Nd3skHnPHDCADtbBY/Wjl
Q+dj/skvqv50htZvb86ijnlFnexNIzPBkB88kduaiKXDaaLs3UokVQQobjHT8TRyoOdk5tp/T9aY
be47L+tXIJmlt45DwWUE0/J7UrIfOzP8m5/ufrSiK5/55n860QGpslxFD95st/dHJp8tw5mU1gnP
8LVIUeNd0h2j3pXurmXiFPLX1PWrBjWa0Cy4aQDrnvRKPLuHMytG4kYKrgn0pZ5DBhcZc9qzpWBb
5cjFaVpOlxbKkuDJ69/rVSioa9AuV/tpDYdAB7U92kHKgkHkECq9xbSRsS/c8Y71pwZitY0YcgUS
UXqgvYrW8js2CMfhR9okFvE55LICTj2q9E4LdKS0ZRYW2Rn90v8AKotoLm1M77Y/tSG6J6gGtbfH
3X9KTdD3X9Knl8x8/kZE9yTbyrgcoR+lFaF6YTZT4UA+W2OPairirEuV+hDanFnB/wBc1/lUwOet
Q2mPskGf7i/yqbAqQDgUHkUEUn0oGDEgcUm4EUvNI3UAUgF+6falJGM0lNxnqeKAFcFipU8g07Ga
QcAU4HimAmaM+lJSEigB1FJRmgBfekzjJpM00mlcBWbHaonkzxSO3emdDk81JViUNgU1Dk5PSoQ5
dsA8VIz7RgUwsPZiWwKVfbpUIOOOrHk0/OBjtigVhzMWHHA7VTuQOAvWrRYKhJ4+tQxqS288seAB
TQEccRAx3P6VFOoHI5INX9oVCAck9TVeXaqnC4+tO4EMM2Rg8n6VNvKnO4L7CqYXLYUgfWp1jY+h
96YF1JtwBBwKnil3ZU81TSJsYyPwq3EgUcmpAkH60oqMNyfWn5oELwaKQGkBbc2enagB2aKa/OPr
TqYC9vrTbn/jwuOP+WTfypaS4ObC4/65N/KhEsfKTu46Vn6i/wBnnt7ofw7lP4jj+taEx+aoJoo7
hNkq7lznGaoCi4+x21lP3QEN/wACGamMflaAVPUx7j+PNWpoo54/LkUMnp0pXRZIzG4yhGCKdwsU
Lo58PoPRV/mKm1Bg2iHByNqfzFWfKj8jyduY8Y2n0qJLK3SB4VT925yRuPNAEGoH/iSL/up/Sr0J
HkR/7o/lUbwRSQeS65jGBjJ7U/hVAHQDgUrhYp2BEV/exscMW3j6HP8AiKjtAZYdSlXkSbgvvwf8
atT20FxhpkyR3BwaniCRIEjUKo6AU7hYzklT/hHSNwztK/jmmXn/ACBrP/eT+Rq4NPtA7N5I+YEH
k9/T0p8ltC8KRMmUQjaMnjFAWLOazZ3VNdgLHAMeOfxq9k554rOuo0l1iJJF3KYuR+dICRiJddj2
8iKM7sduv+IpdLP+lX3/AF1P8zU9vbxWykQoFz1Pc0scUcLO0a7S5y3J5NMLFfTSIrq8iY4O/cM9
x/nFJpiiUXch+5NIce4/yamntYLhg0seSO4JFSoqxoFQBVHQClcLGZp+6S5ghbn7Lvz9c0+K3gfV
LmO5QMzHemT+f+far0cUccjyIuHf7xz1ptxbxXBHmoGx0PQincLDLi3gt7C58lAm5DnB9v8A69Q/
8wD/ALZ1ZS3hjgeJV+R/vDJ5pfKi8jyNv7vGNuT0pXCwliM2UP8AuCnyTrEwRV3ydcDtTogsaKiD
CqMAVQkla2v3cjOeR9KuKuxlspPKMyyeWv8AdFKIooQMJz/ePaqh1B+qgb+fmpi753yQ0je1XawF
tpwxxEC/v2ohKxSs0jjLn7o6Cqref53kIAGHXHapxAkSlpW4AySe/wBKmSTVhEN2qNIzJgJ3PvRb
qF2yOMbeFHc00NvbOOM8KB1P+NX4YfLAeTl+w/u0fCrASAMQHlA3dh6VG784odyT7UzIrLRbFImg
PzU23P8AoNt/1yX+VOg+9ikth/oFv/1yX+VPoJ7jiaTmkx6UZPpUgR3n/HnP/wBc2/lRTbvm0m/6
5t/KiqiJiWeDaQ5/55r/ACqbGOnNV7UEWsJ/2B/Kpxk1JQ7FApKXigAJFBxjpikIo6UAHagc+1LS
ZpAIc0Z9aU02mA5m9BVC6djLjOBirv0qnON7nI5HpQCJLOQkMGOcVYyDwKggiKrkd6nCkY7CkMXi
opG6gdaexxwKjYDOetIEMAPfpTHIGefwFOkfCmq6Hk5P1oKJU456ZoJOeBQB3Ip4IA4oAQDbwOp6
mmvIB06CkZsDioWYngfhQhAX3tk9BVmL5Vyep4+lQRrk46DqamJ+amFidOnqx7+lQzRADLHFPjcZ
47d6JACCzsB+uKQFCRBkEfrU0TKBhjn6CmSGPOAp+tPXb/CcVQFhXB+6PzqTeegxioAyjnPPvUqA
NwTnmkIcjZODj8KmqEYydoLUobqO9ICXIHU8U3eDwDVd2wcnpTROBiqEXAQRxSgVWSdQMk4pxuEI
O1smgCwMUlz/AMeNx/1yb+VRLIcZ706ZybG4B4/dN/KmhMlm+9UWTUk4yajANMEKDThmkAqGe6EE
yxeWWLDIwep9KLXAsDrikSaN2dVbLR/eA7VDb3RkmaKSIxyAZxnORS28iSS3SrEEZDywP3uv+FOw
WEW7RrRrgK20du9Sxt5kauOAwB/Os+L/AJAcn1/rWhaj/RYf+ua/yptDegk0iQJukOATgY6k02Ga
OfO3IKnlSMEVFfHZcW0rf6tWIPtmi1Hm3U1woIjbCrnvjvRbQOhZIx0oFONVPtMju4gg8xUOC27H
PtUpXEWQcnGDSeWhcOUUuBgNjkVH52bz7OyY+XcGz1/zzR9pUXEsZXCxLuZs07MLEo5FBBqK3nlm
KMLfbE3Ri39KqrLcf2k+ICzBMeX5g4HHNPlHYvYNLio5pykqxRR+ZKRuIzgAfWkS6DW8shjIeLO5
CehpWAlxSHI+lVjfP5QmW2YxfxNnp9KJL4qvmrAzQZxvz/SjlYWLFN70/AZQVOQRxTcEUgBTg0Sx
R3CgP1HQjqKQj0o5oTsBHHYwocszP7dKtxuqDCAKPQVCxIFCEkUXuKxWujJbXbTJ92TvVUvJMyry
3PArWBBGCMj3oUIhykaqfYYrTn0AjtoBbrubBlP6U92JpHJzTTnsKzbuAmaKXFJg0hk0B+aktv8A
jxt/+uS/ypYAc0y3OLG3/wCuS/yo6C6j+O1FJnPANABHU5zSAivB/okx/wCmbfyopLw5tJv+ubfy
oqoiYWn/AB6Q/wDXNf5VLUNr/wAekH/XNf5VNmpKFFKaZmg8sDmgB1J3zRTGVm6nA9qAHAhhkUVG
EZPutx704E96QDsig9KTHFN/GmA4DtTWXuKXJAJHNGc4PSkAJ8oI5oJJGe9LnimnkUMYhNRu3fNO
yAPeoJWycDikNEUj5OD+VOjjP9adDF5jZ7dzUkpCrxxQMZuGcN+lDOoGT+VRAgCh/mwaAA4c4qMg
DOOTTgeD9adEu5s9hTAkRfLQA9aaCWJPaiR8tgUxSScCkBMCcYHFBG7gk/lSqvc08nAPrQIgdAuN
o/GmbB15z61YIz1pgGSfSncY1AN3zH3qwHzwo61EuADgc0byOc80rhYtRjnBOTT2TPKDJFURcBD1
xThch325JPvQKzHSBt+GGDUTQrnpk+1SSPgLzk9s0oViOOOKpMLFSSP5sKacsXr+hqwLbkU2SyJ5
BxRcLDN3l8r/ACp4m8yGSPOC6FRngDIqq4ngyGGVqMTZ9R+OKpEtGx9olJz5UP8A39P/AMTUqGdx
kQw4/wCup/8AiawjI3UN+dXdOu23eWx69KBWNRRKSA8car6iQn+gqlMv/E4tx/sH+Rq8GNZ94HfV
IBEwV9hwT0704u4IdcKV1a3x12n8uaWxH+k3/wDvD+tSQW8puTcXLKZMbVVegFLbW7xTXLsVIlOR
jt16/nTuO5Si/wCQFJ9f6itC1B+yQ/8AXNf5VXSzkXTWtiybyc5ycdatwKY4I0Y5KqFOPYUNgylJ
H9tvJYXYiOJeAPU96had0tZLR8+epCpj+IZq3Nbyrc/aLZlDMMMrdDUMtpcSuJ2kjWZSNoA+UD3o
uhlxIyqKpOcDFU5Fl0+RpF+e3dssO65q6CSAWwD3xVWWK7uFMMjRLGTywznFJMSFuwEuLS4U5Bba
T7H/ACaLOITrdO3SVyo+gpdS2Jp5XpjAT61NBG0NisaYDheM9M076B0K1u81nMltPho24jcfyp0Q
/wCJ3MP+mX+FL5NxPPG9yYwsZ3AJnk0SwTre/abcpkrtYP8A5+lFwIUE7alc+S0YYYB356U97WaG
C8klZCZE/h9qkmt5Rc/abZlDkYZW6EVIUuJrWWObywzjC7c4H1ouFyvj/iR/9s6SUf8AEkB/2BU/
2d/7N+zZXft257Uj27HThbgrv2hc9qLhcfbBvscJRVY7F+82O30NOxcf88Yf+/p/+JogUxwIhPKq
AcfSnbjUtksbi4/54wf9/j/8TRi4/wCeMH/f0/8AxNOLHNJuOaVwsRu06dYof+/p/wDiaFeZjgRQ
/wDf0/8AxNMuVZ1yp5FRQCQODmi47Fr/AEgf8sYf+/p/+Jozcf8APGH/AL+n/wCJpcnuaUZ9aLis
J/pH/PGD/v6f/iaMXH/PGD/v6f8A4mnE00uQOOTmi4Bi4/54wf8Af4//ABNGLj/njB/39P8A8TTs
k800lvWi4Cq1wvIhg/7/AB/+JpiqY4IYjglECkj2FOBNITk0m7jsJS5pCM8YoAxQMhvGH2WYd/Lb
+VFFyu20n7nY38qKqImFp/x6Q/8AXNf5VLUVqf8AQ4f9xf5VLUsYtB6ZpM0tADc56ZpCT3FOP60Y
pAA5FAFMPB9KAxHvQBIelR4JPtQxJoBz1oAcOKOtNySfajOKAHFTjNJ25496CflODVYsWbGck0mN
DpHGdq8+9QYy/P0p8nyyfLjgYpYh8wLcnrQUT4EceKpyNuODVmQ5FVc/NQCGkECmqcHrzUjEY56U
0dyAQaAERTg5+tT8KmBUadRnvUhHyg0DIiCWwKnjTHYmoQwXc/oM1D9qJ45oEaBkVemR9aZuzzni
qglLdc5+tSL69TTBIlyOcGkBxTacKRVhSaaQDTqQ0hkTpkVFH/reOvSrDVAh2E565xTBl0Y4749a
mTnrVJJKsxSdjQFiyFFLnFNDUEimTYHVWBBGaozWKk5T8qubqTNK47GNNC8XuPemwNh8npitiRFc
EMM1l3EJgk45U9KpMhrsa1nOJECZ+YDvUj2+68juN+NgI2469f8AGseGQowIOK21bdGG9RmnsSOZ
qQNmmck09QM0hDsmkJp3SmM1AC5pKQZooANxHFKCaQ9aSkMjkthLcrK7kqo+VOwPrU+SFwTmkoJp
3ELmjNNNKOBQAobNLnPFMJpDkDI5oCxJmkJphJBA7Ud6AsKDzzSY54op1ACE0hOaUgGjGKAEAoAx
Sk4pFYHNAxeKM0hopAKTmjNJjNIR+FADyeOKb2oyKM0ALmkozQD6UwCjpS0e9AiG7H+hz/8AXNv5
UUXn/HpP/wBc2/lRVITGWo/0SH/cX+VS1Han/Q4f9xf5VL2qWUHWjPpQKQ0AKKafagetLQA0+9Jm
nEc00gelACU7FJjHNLmkAYNIAaXFAIFMAIwKrLxJmrJOahdMtleKTGiDPzE9aeh+ao24Y9qWI8kH
vSLJpMlDj0qsB2NWc8CmIIyc96QiNh0AwBSdsKBVkxp2NMKqAcH8qYEQGOakHPy+opoU5y3AHSlH
3gaBlOaTYdlQjg5qxcJmanJCuORTuK1yKPOasqOKAoHQUuaRaVh1Lmm0uKBi5pCaXFNcgCgBGIAJ
NVS+Rn1NNuJi3yrwOtMXnaKdib6lqM1aiGTVRB61ZhbB6GkUWwpxRg4oV/c/jQTQSJmm7qd2phxS
GISaiuVDwnPUU89aaxypHtTQMoxjPNbERzAnbis+OMbc++K0Ih+6UdOKpmTH5pwxjrTKKQh7P2oU
Z5puKeDgUCFxxxTSPQ07NI2DTAQDI96ToaUHigEE0DAGkJzTvekIHHOKBC0UgPFBPGcUgDHelpDw
KWmA1hmkyQMGloNIYgIHWnE56c00EdOlLQIOlGSfeloFMBDTAD5v4c08kJ+NFAxwApp60vUY7U0i
gBTx0pM468U5V70jLmkA3rSd6eq4HJzRtFAABQKTke9HXpTAXNLSHA/lS0CIbz/jzm/3G/lRSXhB
tZv9xv5UVSExlsSLSHH9xf5VMpPfrUNtn7LD/wBc1/lUgPNSykO70Y4ozRz0oAXimk5bilox6UAJ
zSGlzxTScDOaAFzxRj04pBzS4pAFGM0vTrRmgBMYFMyelPb2puKBlacAE+9RLkH3qe5X5c1XDcik
UiXf09KYn3selMLcGnW/zsRQMsfKo3PTBI7HCLgVLKPnxjOKQAY64+lIRGQQPmOSacowuT1pxI7f
rUcj4oGQOQZDT1xiou+aeDTLHmkPWlFBB7UCAH2pGfaM9KjkMg+7imqjucuaYXHiRz0Ax70k5Ijy
TUgqG75gPsaED0RU++5J4FO345HWo1JP09KnQKOSapkIaolPIp4kmjPIJpwd8/KmRTxN2ZCKQ7Es
V0zDBqdZCRVJnXIK1bgRmQnvSZaJDJj3pRJVaQ4471AxlzlelJIG7F8800jg1SW6kThh+dWvMDwb
xTtYm9xYACpHvV9B8gqlbj93mry9BTMmApSB60UUhABSheKTpS7uOKAAdOlJQCTSd6BgBxSYwafm
kzQAnShjgClNNbkigBF9acCKaOlGTQA8jNIc0vaigApKWkpiEIGelJ9KXFB56Uhhz2OaXikxinCg
BOM579KUUHOR6UUxCUYOaXPOKDyKAHA01jxRmkPXmgA7UoopO9AC4pBgUZ59qYSAxJ6UASD3oqIn
aflPFSDkZ60AQXg/0WY/7Dfyopbv/jzm/wCubfyoqoiY21/49If9xf5VLjvUVr/x6w/7i/yqTPOK
llC4zScUtLikAlJ+lOpCKYDdvOc0Y9eaXODgmigBMUo4oGRRQAuM8UEY4pFyzYA6d6lER7mgCKkB
BGRU/lCmOgxxRYEVpipGG6VRkIBIU96sXYK8jpVHJ3ZpGiJgjFeAD9algXy5Ae/ekVgyj5iacOOl
ICaZhnPGfeoxIcep9qRnB4xmo3kCrwKQD3lIGe3tUG4scnmmFt3J5NNzzTGiYUqio1PNPzigokBp
Qai30vmAd6AHnHWmlxuxTPNDZx29aSRTtJJA/GiwXJsDtUcwzEw9qqCR1PBP0pZJnYYPFVYV0MRc
mrCj1qKOplFJhFEijjK0hDMeakU4FIXHQUi7DVhyctVyFsAgdKrgtxkVZiAEZPfpQLYqXeSxK1Ag
mzkHI9Kuso5zUfkHqpx9KaYmrkOfMG2RSPfFKiMsDr1GeKm8tsfMc07blCKLktE1qN0KjvirSNyV
PUUyFVVRgYqXjOe9MyYdqQ0tBGaBDe/NKvNKRikzikMXoc00mnZ4po5oAUHimtnaaeBxTX+6fpSY
IiVmI4NMeZlUlcZoDEDg008is7l2HrKzDnrUwOVqsBgU+M4+lWhMnGcjHSlzQo44pMVRIuaKO1HT
rQAmOaWj6Uh9R1pgLxSjgUmaMZoAXiijtTcnOe1Ah2B3o4qFiWdVPXP6VLkHhaBi0jKGGDzQR+dI
27bhTg+9ACj2GKWkHv1o9qBCjFNcBlI9aUdKWgCuo2rg9RUqODgdOKJE3jI4NMHzdRhhQMS8H+iT
f9c2/lRTblt1pN/1zb+VFVElkdqx+zxDtsX+VTZ5qG2/49ov9xf5VLmpZQ/Jpc03ntRk0gHZ9Bml
AyM0nbNKDzimAhAPWk24ORT8UAZNIBvXpT0i5y1OC4+tKxIHFOwh4AHSg0zdShqq4rCmo3ORTiaj
ZuDSuUkVboAqQe4rLbKkitOY5zVGROam5okRK2KlEtRFKOnWgZL5npTGbueaQGhhmkAbqTPNKMdK
a1MB2e9PBBqDdil8wfSiwXJs8U3FR+YPWnhwaAuIR+P1phz3p5YComO45poGxX5ORTOc0uaB2pkk
qDip09ahTtUvPl8VLNEKWB+lNJxgjtSMVXGTQGU96AuTLOrADoferCzDaBVAoCcipAHAHpRYfqWm
w/0qBHKPjNJlsYzTX6ZpBcs780E4BIqKM5AqwiBiAec0Ay5GfkX6U6m9MAdKXIpnOxcelKBSLzTs
4FMQh6U3Bpwo4pAM2mlA5pSQByaXjtQO4dBTMbuO1PP60xg/8JANDQIqsuGIPrQq5IFTSRMfnxn1
oRWB4rOxVxnlsqnI70IORVnHyetQgfNVIVyVelBJoHSiqENJwaUEmlwDS4AAx1oAQGlxRzS0xDSc
UYGc9KVsUmM0DD60tGKQjsKAGupLKy9RT1OR0waMUUCFpMUtJQAmTRzS0UAJn2oyDS0hAoAOtQyq
xb5TipcYoI5oGVpkKWc27/nm38qKfdjNpNn+438qKqJLIrbm1i/3B/KpFHNRWzD7NF/uD+VSA5NS
y0PzinqMjNRg/jTgaQg9qUYzjuKUYpcUAGTipEGBTB15p+4DvxVIQ7IxUbt3NKWpAKGNDA2eKd83
rQVAOTQT6VJQ0kimOxPSnGo2qbjSI2yelVZhzxVh84qBxnmhFkY9DQVBoAopgRMmDxSZPQ1MeRTC
OaAGUjcCnUjDimIjC5pChFSLStTuKxCFOalAwKAKDRcCOSmZp71GaaJYpNPFR08UMIkqdKnjOVxV
eM4apFOGIqTRCuobg0RgKQG/Onjk0uMUDsWEt4yqn25oFvx1xUK8cqSv0NLukxhZKQrMZOWi5HzC
kD5XJGOKd5ZJy53H3oC5amMWFSqjNX7aPA3H8KqrV5DhQPakRJj80u3NIByKkFUjIaEA6UEY4p4p
cA07CuQ85xS0rDaaQH2qRjZMZUe9OWmn5pf90U5aYxXOOe9LSEcD60dqBDc5OORStJtTaBz0pqj5
jTZetJjHbxtxTU5OaZinoKSQx4z07UEUuO9AHY0xACKWjApMY6UxBSk0hHejGaQDT155pQTQelKo
oGLwcUEUAgUhPemIMUY/A0Zz0oKg9aAFHvQaRQR3yKBzQAoGaCAOtLnHFGKAEIzScinUYoASkwc0
uOeKTmgCtdsPs0wPB8tv5UU+8H+hzE8/I38qKqImVrcf6NEf9gfyqQY71Hbf8e0X+4P5VL2qWWhR
xTol8w8cD1pqZfAxzV2OPaoFCQmxohHc0vkr6mpKKqxFyJo0VSd3QVQec7sL1q9dNtjx61SjQElv
SpZpHuyWMkygVZAxVWH/AF+enFWu3SmhMY1MPFLjBppqGUhDjFManE000iiJ/eoCuelWGFRstBRD
jHWmmpCjE8DNO+zyHqMU7BexAaYaufZPUmmPa46H86dmTzIqmkqR0ZeCKYFJ6jAosO4lGKk20Yp2
JuREU01PtzTSv5U7BcgYcVGasMnFQMMGhCG09aYOTT6bBDgeRUr8EGohUo5TFSyySPk1NtzVWNsH
Bq0rZHFIpB5dAXFOBooGJSUpxTc55pCJIgWcCrqADtzVS36k1aU1SRnImBpwNRKTTwaZmyQUopgN
OBpiBwSMimDmphSBFznpSaBFdOS598VIo4qOE5JJ9asDHpSGxmDmjBp4xSOQO9MRGo60yRTxUqOr
NillXIzStcexWAqVV4pViOc1JsIpWC4wUhOKfsxzikIpgNBJAIoOcc0UE9KQCY4pRz0oNJjmgBcU
UY70uKYEQJVtrdOxp9OwDSUAFNzjluBmnUhoAU9KB04puCOQaUH1oAUe9LR16UZoATpxRzS0hOOt
ABQRnvilFFAEF3kWc/P/ACzb+VFF6CbSbnA8tuPwoqkJlW2H+jRf7g/lUuM1Ha/8e0X+4P5Vagj3
Nk9KnqUSQRbRk9asYpAMU6qIbG0tLTSwFMCnfH94g7YzUSEYqS7IZgR6VW9RWT3NlsWYQPNz2xVn
HFVImBkHpirXarREhrVC3WpXqJuamRURpppNLSVBQhpUUHkjik6nFTRJ61UdRN2HqgIzjil2AVKo
AFBANaoybIStROnFWmFROKB3KboMc1CUxVpxULKx6A0ikQEUmKsLbuevFSiEA8CldIZUEbHkKTSi
Bz/DV8L2HNKIz3pcwzP+zSN/CBTJNPkYZUrn61p7OadsHrSuw0OfELRuQ64IpCMGtyaFZBhhn39K
zprR0yR8y07jRTxinxtil29jTWQjkcigY8jJyKcshXrUSt2NSLg0homWUGl3jtUW1aUcUhkmc0Zp
m6gHJApgXIBhM+tTqahXgU9WqjF6k4xTxUAanB6BWJwBTwKiQ1KppkseKD90n2oFDfdP0oYiIEAD
jmgkegpg4x9KGJAH1rBl2Bjn86huDgVKOcVXujSRS3FsFL3AJ6DmtTbVDTVIVn/AVdzW6WhE9xdm
KXFJk0oJpkCY9qTHtT9x9BSbvagBhRT2pDEp47VLkelGVosFyHyuMUnlkVPx2NGB6iiw7lcq3pSY
OOas7DSFTSsFyt9KDU5QelIYx6UWHcrnJyOlAGKm8oe9N8o54NKwXIXLY4pQxK571KYiRzSCPaMY
osO5EhCjJPWnhgwyKYw2OuRUmOuKAFpDSDIGDS/rQAUUA8elFAiG9/485/8Arm38qKLz/jzn/wCu
bfyoqkDK9opa3hH+wP5VpRoFAFVtPTNrCx/55rj8quYoBsKKKaxoJEZ8VA4dqlxk0/HFBWxSkTjH
eoSpHUVclHNQuOKho0ixkH3/AMKsjPPNRW8fJb8KmIAFNCluIelROMVISajY5FDBEZ60hp5FKq5P
rUWLuMSMs3SrqKFFEcYQYqTFaJWMpO43FGKeBSEqCASAT0FUSMIprDtjNSMRnk4ppwBycUDRF5ZP
pQYRUmRnGeaFIYHaQfpU2KuR+UAfWgpipDg8Z5pmA3IOR04pWHcbj0p2M80LyPlYHHHFDHAyTj60
WAQjFIRxTl+tJnJIBBx1xQCALx7UwqOhGRTIo5FvHcy5QjhPSpzgg89KdgM+5tB95Rj6VU8sjjvW
znjjBFV54V6nA+tKxSZltED2wabsZavGLt0phjPIFBVyrmgnNW7eyd0+Yjr1NTCwQEFnBFOwuYzR
+ZqaBSWye1aa2sSdEFP2KMdBSFcphWI4BP0qRInPbA96uKu0cninlRg9qZJWEIHXmkKAH5eKmIAG
T09aAm8ZBBHtU6jIgWU88irCcjNNEanvn6U/IHA600S9Rwpe1R+YM4yM+lKJPxp3FZjABkUxzk08
YboaNnJ5yaycShgGPyqrOcuBVxsLwSAT2qGGLzLjc33Ryc01EadtS3bx+XCq+2TUtLgYz2pRgjI5
FbGLEApHdEGXZVHqTin4rN1tlawG0g/OOh+tNIaV2aNJihcBFyccUuQSQCCR19qQhuKMUuV3bcjP
pmlIA5PSgBlFKpDDKkEexpeM4zzQAlGT60Ahs7SDjrg0AgkgEEjqM9KAF3GjdRikUqwypBHtQA7d
7U3zI9+wsA393PNDEKMsQB71nP8A8h6P/rn/AI00rjSuafy0mB60mKQkL94gfWkIdszTJGiiwJHR
M9NxAzT+AMk4rJsoor25uZbgBzv2qCeg/wA4ppDSNQxg00xj3qhpw26lekf3v6mtPd7UmrA9CExe
9Hlntipdw9KMilYLlO9VhZT5HHlt/Kipr7H2C4/65N/KimguNsB/oNv/ANc1/lVioLH/AI8Lf/rk
v8qnoEIaYaeaaRSGIo5p2KFFOxTAhcc1Ft3nFTuKRVxz3pDuIqhRgUMKfTTQBXkpnUVJIKj6CoZo
g61NCnc1D0+tWkGFAoihSY8UuabmgGtDMS4l8i3kl7quR9ay0t7eWxaWaVTcuC24vyD2q9fgvYzK
Ou3P5VVsoLWa0jYxIWxhvrVJ6FrYawe90lZCcyx8g9zj/wCtTTL/AGjLbx/wgb5Pr0/z9atyvHZW
rlFCgdAPWqNjutLlEfgTqD9D6UX0GPvIzLqkUasVDR4JHpzStELC/gMRIjlO0gn/AD60+dgutW5J
wNmP50uo4e8tIl+9u3H2HH+BoGR3yPJqkUaNtLx4JHpk5p14i20cFpE5RZG+ZiegpZj/AMTu3P8A
0zP/ALNSalsN1bPIMx52tmjsIjuFgtJoZbV1+9tdQ2cinThJdV8q5/1YX5ATgE/5zVv7HajnyVFF
3BFcx4k4YdG7ilcLkN2n2awdbcbRnt2BNLZW1ttimiGWA65745pmnTGW1Ky/NtJXJ7ioSBZ36CI/
JJ1Wi3QZNCAdanH+wP8A2Woo4Bcajco5Plg5Kg9T2/rSxSgatMx4ymP5UtpIP7QuTnrRsAton2fU
pYFP7vbkA9un+NNjiW+u5mlyY4ztUA0+Jh/bLn/pn/hS6ZhZ7mE/e35HuP8AOKYEVpCF1OWIklVT
jPpx/jV9oo1BIHOKqQYbWZ8HICY49sCr7J8jfSpe4mzO0/8A5Bc3/Av5U2yslubMPKWY8hefu1Jp
o/4lUx/3v5VY0jH9np9T/OqYNkOks8tpg87WKj/P40atEwtllHWNgf8AP6UuhnFm/wD10P8AIVcu
0861lTqSvH1pfaFfUo6ofMt4o05MmW+oAzRdzb9IjI5aTav4/wCRTdPb7RPETyIYdv45x/KorcFp
oLU8+TKxP0HT+tOwzRe0haCNJhlYxjrgVStzFDqojtnBikXkA5APP+FSXn+kajDbSEiLG4j1PP8A
hTWSOLWoFiVVAQ5AHfBpIB1qPJ1W4i6BxvH+fxNNg3Pc3s6jLLlU98f/AKhTtQbyLyC57cqf8/ia
k01SlmpP3nJY0dLjKthBBcQiR/mmDZYk8jmr5GKo6hGtqy3UHyPuwQOhrRyOtTLuBQsP3V5cQ9Bn
cPp/kim20mxby768kL/n8RS3zfZrxJ16NGV/HH/6qcsWNGKDqU3H+dV5gNhsUnszLJuadxuDZ6el
OSTzdAmc8uPlJ/EVNZzKNPR88KvP4VXtkI8P3HH3ju/Dj/CmhMvJ/wAgP/t3P/oNLo//ACDIfx/9
CNMR1/sHOePJI/HGKk0f/kGQ/j/6EaHsQ9iLWJHKw20ZwZ2wSPT/ACaqarp8dpaq8JYAsAwJ6+9W
dWPl3VnMfuq+CfTkf/XpdfcCyRc8lxj8qa6DXQZrJZYrQp98OCv1ouIhpdhI8bsZpSAXJ7+v86XV
/uWf++Kk11C9hkfwOCf5f1o7B2KlzbW0FkJYZl+0phtwfJJ71omOK+tInnGVIDkZwOlNisrKWJJF
gQhhkVW1BQ13a2X3ID1A7+36Ug3Ik8m21aJbRwY5Bh1VsjNPvozLrUMQYqHjwxHpkk/youIYodWs
0iRUHUgCpJx/xUNt/wBcz/7NTGVrq0W1voEtmaITDa2D+dPu7aPT7i2lt8rltrDOc1NqQ/4mVj/v
f1FGtD/j2/66UAnsJqTiS7gtGfZEw3SHOMj0/Soj5NnqUBtXHlynayq2R/nmn30af2zAZ1BjkXbz
68/4irq2FqjhlgUMpyD6GjYV7FF4/wC0NUkjkJ8mEY2g9T/nNMigFtraRqSU2Hbk9Bg8fzqayIj1
e7jbgv8AMPf/ADmkdg3iBADnamD+RoA0iQASeg5rKsrZNQWW5uQWLMQoz90e1akg3Iy+oIqhojD7
GyHhkcgikthLYbpwE0VxZXHzrE2OT1Gf/rVFpNpBI8rumWik+U5PGKm0r57q8mH3GfAPr1/+tSaN
/wAvP/XSmN9Q08H+0b3/AHv6mtA1BBFHHcXDpKGZyNy5+7U5qWS9RKKKKQiC+/48bj/rm38qKW+/
48bj/rk38qKYDrH/AI8Lf/rkv8qnqvY/8eFv/wBcl/lVikAlIRTqSkALS0mMdKUHNMBrDNJinGko
GNNNanGo2PekNEb8mmN1pWPPNNJzUM0Qsa7nA7VaFQwDAJqUmqiiJasDSFgBTWaonbtTbsCVxxkJ
+lVGs4w5MUkkYbqEbAqbJxmkJ9KnmZdrDZLZJEjRmcqhyOev1p8tutwE3FlKnIK9aEyx9qmBwcU0
2IoXUay6rDG/KmPn/wAeq1b2cUDl8u74+8xzgUrW6tcrOS25RtHPHf8AxqwAP/11TYXITao90k5Z
tyDaMdMc/wCNSTQJPGY5BlT+lP8A5Uucd6VySpHp6xspE0zBTkKW4pJrFZZGcyyru6hW4q5mmluc
UXHdlY2Uf2fylLKoP8J5zUIsfLfflnbHVjnFaANGKLsLmUYvLnaVg25hj2/zxTUVUlZ1Jy3rWs0a
sMEZqM2iH2paj5kU4YwbnzRksRg1PPZQzMJG3K3qpxmpVhMZBXHFQy2KzSvIZZFJ6hT1pphcgsER
dSnMQwiqF/Hj/A1pk7gR0GKrwwR2ybY+B1JPU0ryE8LwKHITVxsUMVvbtAhYq2ck9eaW3RbeIRIW
Kj1ppNOHNTdsdrCWtutshRCxBOeanzSAEDPekJwMGqEQW0EdsX8vPznJzSLDGl08653uMH0/zxUj
nAqLdzSbZSFuIEuCrMWVl6Mp5FJHaRRypKGcuueSc5z60u+k30rsCHUnEojtl5dmz9BVhgPJ8vJC
428elQJEkczSDlmPU9qkZs02+iHYhW0QMrM7uF6BjkCrQaouTTqlu4Fa+Inlit15Ocn2FXOBwOB6
VXhhSJnYDLMc5NTZOKpvoIg+wxFiAzqjHJQN8prSgRPJ8oqNhGNvtVZOe1Wo6aZMiumk26kgvKyd
QhbgGrdtAttAsKFiq5xnr1p2aM07tkXY24gjuYTFKMqf0qoNIgMRRnlYkYDFuQParuaXNF2F2Q3N
pHciMOWHlnIwetTuqupVgCpGCD3pM0ZouK5RGlRrkJPOkZ/gV+KnurOO6VQ5YMn3WB5FT5ozRdju
yommwpLHLvkaRDnczZLfWpXtY3vEuiW8xF2gA8d/8amoouF2RT2sc88UrFg0RyMHg0XVql15fmFh
sbcMVLRmi4rkd1bRXUeyUZHYjqKigsRDKr+fPJt6K7ZAqzmjNFx3K93Yw3TrIxdJF4DocGki0+CG
ZJUL7kBHJznPc1ZzRRcLsXA9apy6ZHJK0iySRl/veW2Aat5ozRcV7EcMCW8QjjXCio7a1jtd+wsd
53HNWDSZouFytBZxwTyyoWLSHnJ6VPS0lABRRRQBBff8eNx/1yb+VFF9/wAeNx/1yb+VFMBbH/jw
t/8Arkv8qsVBYj/QLf8A65L/ACqbBpALRSUUgFpMUZpaAGnNBp1GBTAiJpjnipWT0qJ1PcYpMpFd
s55oHXinMpzkULGe9RbU0uPR+B/SlLU3AUVG7GqvYm1xWbPSmdyTQDjqKa59KhstICwHQ01SWNNJ
p8fAzQtRvQlzgDAp6knpxUa8kYqZVx71RA8A4paAKXHemSIc9qO3NGaKBiUdTx0p22nBaLCuNC04
ClxSimTcTBopaTNMAxTZNoGTSSShB71UeQuxJNS3YqMbjmbnNMLE09Ii4z0p/wBn96mzZd0iJeeT
Uyrg0ixFeMZqQCqSJbAEimse3enEUwimJEbnrUBJNTOOaiNQy0IPSiggkjFOCkjjrQMaPejGDUhQ
DJ5xTSVAznNUoNhcQU/kimblAHenZAIGcn2o5GguKQCKFBH0pVpwXPB6UhXHoKnTpUSCnltpGelM
h6koopAcilzVEBS0lFAC0tJRQAUUUUAGaUGkpKAH5pM03NGTQA/IpOKbRzQA6lxSAVXmv4IOC29v
7q80JBYs4oxVWeSWa0EkLbM8++KzRe3FvICJC47gnOacVzbFcptSSJEm6Rgo9TUcd1BK+1JQW9Kq
SKL+FZwx4H3O3/66ynzvJUEYP5U4pSQcp0xFGBjpzUVpI0tpG7/eI5qTNSSGKMUUZoAgvx/oFx/1
yb+VFF8f9AuP+uTfyooAZYt/oNv/ANc1/lVgNWfZvi0hH+wv8qsCSgdizupeDUAenB6BWJcUYNMD
UoagB1FG6lyKAEoIz1FLiigCMxg9KjdGA4FWKKQ7lBmx1BB+lRls9etaLIrdRmq8lmrfd4NS0WpI
qE+/NRs351NJayIOBuqBkYfeGKmxomhU5NSdajBH0qWIZOapIlskjXHNTgUxRxUqCmS2KBxRzT/a
kxTJuMI4pM4NSECk20h3EFOFGKUCmSwoopCQBzTADUE04XheT/KmzTHGF6VAeetS2aRj3AnJyf1o
jBdsU0+hqezXLE1K1LeiLKLgAU8CgClrQwbExTStSUYoEREUwrU5FNK0DuVmT1qMx5q4UB5puwVN
ilIqCMihnEbbduakuGRUIDYf2qJUbJAbawGXkP8AyzH+NWkoq7Hcbgg7GLFjz5aDJ/H0p4t5D/yz
jT/fYk/pViAQqrpFldoBYsCCfc5pfMiJ5LDPGShAP41jOpUb0FdEH2WTGQYSPcH/ABqN42QZeJlH
9+M7h+XWrryRD5SXJU87VJwab5kagESZzz8iknFSp1EF0U1Oz5871PRgeKswnzEDYxTJViUiVHUG
TqoBKv8AX0PvURGyRSHIjz+WOxrpTU1ruF7lwCh4y5BzihD5nKspGakAxUWFexXkmitSFlkwSMjg
1LDIk0e+Jty5xWbrX+vj/wBz+tFpIbC+aCQ/u2OM/wAjWnIraDtdGhJdQxSiJ2Ic9sUs9xFbbfOb
bu6cZrN1L/kKL/wGptd/5Yf8C/pT5VoFif8AtK0/56H/AL5NTR3EUsLSo2UXOTjpgVRgj00wRmUr
5m0bssetWgsC6fP9mx5ZRjwSecUmkJpDDqdoP42P/Aalhu7edtscnzehGKztIhilaXzlVsAYzUV9
HHHehbQ56cKc4b2/Snyq9h2RufpVaTULVDgybj/sjNV9ZuGULApxuG5sd6ltNPhSFTKgd2GTnt7U
rJK7FbqyeG6gnOI5AW9DwalrI1K0W2KTQ5VScYz0PtWlZzG4tUkb72MH6ihx0uga6olZlRdzsFHq
arPfAnbBGZD6ngVVllWTUXWY4ROAKl+1QIvB2rnGB1NNRsFhHSef/Xy7V/urSeTFCASoA9TUL3TS
N+7UKo6E9ajMsaNliZH96Yy9bytIzpj5P4TjGazrq38qUqDk9vpVlGmkKn7ncAf1qJ2LsVDZOeW9
PaoSandBcWyLqyqjZQD5gaum3ju2DLwmfmYd6itbfzVAHywjqe7Vo8KoVRgDgAVMkr3RNwAVFCqM
ADAFJk0UUCDJooooAgvv+PG4/wCuTfyopb7/AI8bj/rk38qKAM61bFtF/uD+VThzVa3/AOPaL/cH
8qlzUmhMHpwkqDNLmncLFgSU8SVVDU4NRcVi0HpweqoenB6BWLQanBqqiSnh6YrFgNS5FQB6cGoF
YlxRg0wNShqAFpjRo/3gDUgNHBoAqPZIcleKYlu0fHWr2KQikPmZXUY61IKcR7UYoC9wzSE0YooA
QHijOadtNAWgAozQQccVXlWQ+uPaga1HvMBwvJqB3Ynk0mCo6YppqWzRIQ+9NNDHnFARnbCjNSUM
BycetaUEfloB371HBbBOW5NWatKxnOV9EFFFFUZhRRRQAtJiiigAxTXO1SxBOBninU2RiqEqMmjY
DPeRWlebb8qjOD3PapJIpUtwyshdAXffk5PXI/lVa4vFt38vyixxuIVRwPWnm/XZPuVmREBbtkN/
+uolJyaa2FzJkxTbdyr2Pl5/76P/ANaodmz7WXznBLZ/T9KRLmFbtoMSSNMo3GRs9s49qjW5gknW
JhcuN5CiRspkfzo0FoTCNmazbkgqMf72Rn9M0027yLO67GRZcnc2MYpFuYZppo1aeMoCWCPhT64p
EvovsyJGjhHBKhACQRyc+tGgaCxZWVXfadjZYEnG89B+AqaQKzsV4EhII9HH+Iqot5AYGZVuI1Qj
LYB3nPfPfNPN4sUKYglA34AYfMW65p3tsO9i3YzKAIQhzySR/WruKz7Wc5UrAQ0nG3GDj3rRPXFV
zc2o73MfW/8Aj4j/ANz+tWNVtfNgWZB80Y59xUl7YfbJFfzdm0Yxtz/WrY6Y6jGKvmtaxVznTMZp
4Gb7wAUn1wf/ANVX9d/5Yf8AAv6U46Qom3rNtXdkLt6frVi+s/tmz95s2Z/hznP4+1VzK6HdXK1v
pttJbxu7NuZQT8wq00McGnzRxklQjdTntVT+xR/z8/8Ajn/16s29j5FvND5u7zARnbjHH1pNruJs
y9Ps1uzIGcrtA6CnQZsNR2OFYZxnHY9xWlZWX2MufM37sfw4x+tNvNPF3KJPM2HGD8uc/rT5lcfN
qVNbjInSTsVx+IrQtZluYFdDk4ww9DUkkSyw+XMN4xgn39az20cBsxzlR7ipumrMWjQmsTJsSBTl
gdxx2/zmrWnoYrKMMME8n8ajt9LihYO5MhHTIwKuEZobVrIG9LFC/sWmfzYeW/iX1qpFYXDtgpt9
2ra5oyaXMxXKsGnQpgyEyH8hVOUxx6lJ5y/KOFAHStbmoLqzjugC2VcdGFCeuoIzZb0spWMbc/eI
PUVLY2hmG98iP/0L/wCtU8WlRo4Z5C4HbGM1dJ4wOBTcuiG2HAACjAHAAopMGioELRSUuDQIKKKW
gCC+/wCPC4/65N/Kii+/48Lj/rk38qKYGbbf8e0X+4P5VJimWw/0WL/cH8qlxUGg2ilxRQAUZooo
AXNLmm0UAPDUoao6XNAEoeniSoM0oNMViwJKeHqqGpwagVi0HpwaqoenCSgLFkNTg1Vg9OD0xWLG
QaMA1CGpwagVh+2kxQGpwYUANzSg0vBowKQBRik20cimAjRq3UUxrdD1FSbvWlyDSC7K/wBkj9DU
yoq8AYp9FFgu2JiilopgMooPBpKAFopKM0ALS03NLQAtIxIHyjNFI2SpCnaccH0oAyr+2uFuJHgj
dxKgGUOCpH9Khls7tBJH5JkaeNFL5+6R1zV0tOspia4bJGARjGe3alSSVolcSyDBxICw4I69qmXu
7hylD7FeC488R8LKPl/iIHGfpTo7K4iuFmMTuomY7PQdmFaQ3EZWeU5Hykkfl0qujXsjYDSL6liP
8Kjniw5WU7eyvIpEkePIcOCB1XPrUlnp80F3bPtbyymWB/hbHNaSRSgfPcSE+2P8KTDDJaaUD6jn
9KTqxHyMzns5zpMkfkt5hlyF7kZqOW0ka2jVLKYKsuWQtkkY9a028zGBNLuz6jj9KieWQOwE0m1F
+bkcse3SqjJPRC5WPsxJFFGqQNGR2c5wM1dJ5zVS0E74lkmLLz8pFW60tbQLWCqep3JggCxnDueC
Owq4BWDdSNeXh8sFuygelXBXZUVc2raYXFsko6kc+xqQVk6PPtlaBuj8j2NarHYrMeigmlJWYmtS
jHekam8Tt+7Y7R7GtDHOK5hmLMWPUnNaj6lnThz+/Pyn/GqlDsU4j1vvM1RY1P7rlfqfWptSkeG1
LxttbcBkVhRuY5VcdVINberkGx3DoSDTas0DVmZy3l6ylldyF6kLwKvadfG4fypsb8ZDDvVOwu47
aGYOCS+MAfQ0mkoz3ysBwgJP5U2kNokW7n+3iMynb5mMe2a12GDWEv8AyFf+239a3n+9UzRMjK1K
6nhudschVdoOBTr+4migtWRypdcsfXpVfWP+Psf7gp+p/wDHtZ/7h/pTS2KtsRpPqEi7kMrD1C5/
pVtZblNMmkl3rIG4LDBxxVK31Ca3iEaBSoPcVca5e60qZ5AAQwHH4U2hMXSriW4kkErlgF4zUV5q
LiQx25wAcFvWo9MYqtyy9RHkUzS0WS+XeMgAtz60WV2x2HBtRC+Z++x7ir+nzTXMLGVQADgN61MZ
tzHmmXEhW0lK8YU4xUc19BMpXeosHMdvwBxv9fpULSahGvmMZQvqRxS6RGr3uW52KWH1raJJOD0q
m1HQHoUbC/Fw3lSgCTsR0NSy3DQySAqGC7cAdTn/APUayJB5F+RH/BJx+ddC4GenNTJJaiehSmmE
+m3TAYwjjn0xRUt9/wAeFx/1yb+VFSSZ1t/x6xf7g/lUtR23/HrF/uD+VS1BoJijFLRSATFJinUU
ANxSU/FJigBtLRiimAUUUUAGaXNJRQA7NLmm0UAPDU4PUWaXNAiYPTg9QZoBphYsh6cHqsGpwegV
iyGpweqwenB6BWLIel3Cq4enBqYrE3Bo2iow1KGoAdgijJFAalyKAANRnNGAaNtACN0pF6UpBpOl
AC4ppGKdmjigBlLQRikoAWlpBS0AU7uFEVpSzBie54qJH3EyINxI/eIP4x6j3rRIB6iqc1tK07PH
tC9uef5U2lNWZSYiHcC8Tb0bt6fhUm8qVXdgkZ2nnFVBIjPuJKSd3TqfqO9SiST1hk9z8prlqUZp
lpknn5GQ6kdOAaNzNgpktzyexqMOw+7FCO/MlNeUkHzJgB3WIY/U1KotvRBcez7WKRYaXqWPSP6/
4VBmMskIcqmcZ7knv9adGrzfu4QioBnGeP8A65q7awmKEK4Xdknj611wgqer3JbJIYUhXahYjOeT
mpKSiggq6nP5NqQDhpOB9O9ZNvBdMPMt0f03KcVuyQxSkGSNWI6ZqRAqIERQqjsKtSsik7I5x457
aVWkVkfO4Z71r3lyr6YZV48wAfQ9/wCtWZI45seaivjpkUhgg8vy/KXYDnbjjNDkmF7mVpVstwJ9
4+Xbt+mf/wBVV1tJGu/s2MNnBPoPWt+OOOJSIkVATzilCqJC+0byMZ9qfPqHMY2rW6wSxhBhdmPy
qa4k83RIm7ggH8K0ZIo5ceaitjpkUnkw+X5flLsznbjjNHMHMZWmWkV0shl3fKRjBrWgjigXZEgU
d6EjjiBEcapnrjvS4qZSuJu5z7v5V80mM7ZCcfjV/wDtgMwHkdT/AHv/AK1XDbW5JLQoSTknFH2a
2B/1CflVOSe47pmZrP8Ax+f8BFO1P/j2s/8AcP8AStSSGGVt0kSsenIokihkCh41YKOAR0o5tguQ
aWB/Z6nAJyaXUD/oEoxjp/Op1CIgRFCr6CkdVdSrjcp6g1N9bivqZmjKGkmVuhXn86rSJLYXQI6q
cqexFbaRxxZMUaqSOcCmuocYdQw9CKfPqVczm1JD8whIb68VasJ/tcDrInI4JA4INSJZ2wOfIXPv
VjIC7VAUDoBSvHoDZhMs2n3QYduh7MKtvrGU+SHD+54FaLKrrtdQw9CKiFnaht3kLmq5k9xXXUzN
OtXuLgTOD5ancWPc1tscmkzgAAAAdhSVMncTdyC+/wCPC4/65N/Kii+/48Lj/rk38qKQjOtiRbRZ
HGwfyqUMDUlooNnBn/nmv8qeYFPTioNLkVFOMJH3TTcMO1IBaKTNLQAUlLRQAlGKWkoATFGKWjFA
CUUuKMUAJRRRQAUUUUwCloooAKXNJRQAuaUNTaKBEgalD1FmlzQBOHpweq+aUNTFYsh6cGqsGpwe
gLFgNTg1Vg9PD0xWJw1OyKrhqcGoETYBpNtMDUoagBSDSYpwalyKAGYpcU7AoxQA3FFOpKAIXt0M
LRoqoD0wOhqvJY4iHlHL55LHrV7FJzTUmgKL2BG0JJkE/MT2+lSrZIsyupO1f4TzzVjNLT5mF2MW
NFZmVQGbqQOtPooqQCgnAyeKK5/VdQa4kaCI4hU4Yj+M/wCFNK4JXLt1rUUTFIF85h1IOFH496z5
NXvXPyskY9FXP86ogY6VLBE08yxJ1Y9+1VZJXZqoLqTf2nf/APPz/wCOL/hR/ad//wA/P/ji/wCF
SJZQyXIhjuCxwdx29MVBbW4nSZi23y0LdOtSpQHyxH/2pf8A/Pz/AOOL/hR/ad//AM/P/ji/4UG1
SO3WSabY7ruRAuc1K+nCNGdpCEWMNnHUntRzwDliRf2nf/8APz/44v8AhR/ad/8A8/P/AI4v+FMg
txLBPJux5QBxjrmp108NPFH5hG+PfnHShzgtGHKiP+07/wD5+f8Axxf8KP7Tv/8An5/8cX/CnRWk
M0rhJ2KIm4ttp66cpmC+d+7MfmBgvb6UvaQW4csSL+07/wD5+f8Axxf8KP7Svv8An4/8cX/CoZUj
EoWKQuvqRirM9lHHMII5i0pIG0rgDNU5QVrhyoZ/aV9/z8f+OL/hSf2lff8APx/44v8AhUlxZIkZ
eKXfsfY+RjBp1xp6xJKUl3NFgspXHBqfaUw5UQ/2lff8/H/ji/4Uf2lff8/H/ji/4UWtp9ohmcNg
xjIGOvX/AApzWTC1hlBy0rbQuOmelNzgnZhyob/aV9/z8f8Aji/4Uf2lff8APx/44v8AhUlxYpHF
I0cu9oiA4x6+lOuNOWNJNk25owGZSuOKXtKYcqIf7Svv+fj/AMcX/Cl/tK+/5+P/ABxf8KW6tYre
MZmJkZQwXb6+/wCdMitRJa+duwfMCYx9P8aalC1w5UO/tO//AOfj/wAcX/Cj+07/AP5+P/HF/wAK
kl04xPMC5wibwcdabLaRRQI7TNvkQMq7etJVIPYOWIz+0r//AJ+P/HF/wo/tK+/5+P8Axxf8Klk0
9UjcCXM0a7mXHGKgubcQJCwbd5iBunSnGcJbByoJNQvHjZHnyrAgjYOR+VFV2+6aKtpEySR0dn/x
5wf9c1/lU2M1UtLq3W0hVp4gQigguOOKm+123/PxF/32KxJJQuBQRUX2y2/5+Iv++xR9rtv+fmL/
AL7FFgHNEpphhx0o+123/PxF/wB9il+123/PxF/32KLDuR4YdRRmn/a7Y9biH/vsU1p7Q/8ALxF/
32KVguJmimGe2zxPF/32KYbiD/nvF/32KBk1FQ/aYP8AntH/AN9Cl+0wf89o/wDvoUwJaMVF9pg/
57R/99Cl+02//PeL/voUASYoxUf2m3/57xf99ij7Tb/894v++xQIkxRio/tNv/z3i/77FH2m3/57
xf8AfYoAkxSUz7Tb/wDPeL/vsUfabf8A57xf99igB9FM+02//PeL/vsUn2mD/nvF/wB9igCTFFR/
aYP+e8f/AH0KPtMH/PeP/voUASUVH9pg/wCe8X/fQpPtMH/PeP8A76FAEwoqL7TB/wA94/8AvoUo
uYO88f8A30KAJKXNQ/abf/nvH/30KPtMH/PeP/voUAThqUNVf7TB/wA94/8AvoUv2qD/AJ7x/wDf
QoAshqcHqp9qg/57x/8AfQpftUH/AD3i/wC+xTAuB6UNVMXcH/PeL/vsUou7f/nvF/32KBF0NTg1
UReW/wDz3i/77FOF7b/8/EX/AH2KBF0PTg1Uhe23/PxF/wB9ilF7bf8APxF/32KYi9miqYvrb/n5
i/77FKL+2/5+Yf8AvsUAW8UYqsL+1/5+Yf8Av4KX7daf8/UP/fwUAT0YFQ/brT/n6g/7+Cj7baf8
/UH/AH8FICbFJiofttp/z9Qf9/BR9ttP+fqD/v4KYEOrXBt7FyvDOdi/j/k1zQGBitXXbmKUW6xS
o4ySdrA49P61lbh6j86uBpAWremSLHeoXOAcjJ7VT3D1H50ZHqPzqpJSi0aXRq2NrLbagokGAQ2D
nrTLOGSGO6EqlSYSeazt/wDtfrRv/wBr9axdNvdiujRvYXuYobiEbkWLDYP3cVauwJ7UwD76RrIP
frWHuAGN3X3pd/fd+tL2O2uwGhpz+Xa3b7VbAU4YZB61cVt2oW5wBmDOB0FYW7HG79aXf33frROj
zNu+4aGtaiRJ5jNCkZ8knaowCKnTLXgkUZV7fKr2HI4rC3/7X60b/wDa/Wk6F9bhoT3CyLcjzY1j
Y4+VRgVoXE6pqyKyIAGHz455Hc+nNZBfPJbP40hYHkt+tW6fNa7C6NaaM29tcCTjzZht9xnOamvz
vhukUbWTaSR/EPesQvnGWzjpk0b+vzdfeo9hqncDU0pxFAzHo0iqfxqeaRERQPuQTqPoAKw9wxjd
x9aNwxjdx9aboJy5rhoa9whgivnfpKw2e/8AnNTXx3x3SINrKqsSP4hWGXyAC2QOmT0o3/7X60vY
dWwNXUllMKFYlMYjXL4GR+NRW3/ILP8A13H9Kz9+Rjd+tG7jG7j61Spe7y3Hob08gkivFP3o1I/A
jP8AjVO8mEcFoPLRsxqdxHI6dKzd/X5uvvSFgerfrUxoKPUWhtyr5ct3cnHlvEAp9ciqF8zmO2Dp
txEMc9aqb8gKW4HbNBfOMtnHHWqhS5XdsNBG+6aKRiNp5orVkyP/2Q==
--q23crqeqcr--


From fixcomputer@126.com  Tue Apr 26 04:28:50 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA13567
	for ; Tue, 26 Apr 2005 04:28:49 -0400 (EDT)
Message-Id: <200504260828.EAA13567@ietf.org>
Received: from [219.133.225.188] (helo=126.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DQLdR-0005FV-CU
	for eap-archive@ietf.org; Tue, 26 Apr 2005 04:41:41 -0400
From: =?GB2312?B?ye7b2si6waa/xry8?= 
Subject: =?GB2312?B?v+zL2deo0rXJz8PFzqzQ3rXnxNQ=?=
To: eap-archive@ietf.org
Content-Type: text/html;charset="GB2312"
Content-Transfer-Encoding: 8bit
Date: Tue, 26 Apr 2005 16:29:26 +0800
X-Priority: 2
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-Spam-Score: 9.7 (+++++++++)
X-Spam-Flag: YES
X-NONENGLISH: Subject contains non-English characters
X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da
Content-Transfer-Encoding: 8bit


ÎÞ±êÌâÎĵµ






 





  
  

    
      

        
        

          

      

        
        

          
                ³¬µÍ¼Û**Ç©Ô¼°üÔÂ**¿ìËÙרҵÉÏÃÅάÐÞµçÄÔ

                       ÉÁµç°²×°ÐÂϵͳ  30·ÖÖÓ¾ÍOK  ÉúÒâÈ˵ÄÊ×Ñ¡


                   (1)µçÄÔ×é×°¼°Ó²¼þÏúÊÛÓëά»¤
       (2)¿ìËÙ°²×°¸÷ÖÖ·±¡¢¼òÌå²Ù×÷ϵͳ(Win98(ME)¡¢WinXP¡¢Win2000) 
            
       (3)Åųý¸÷ÖÖ³£¼ûµÄ¹ÊÕÏ¡¢Ó²ÅÌÊý¾Ý»Ö¸´
       (4)°²×°¸÷ÖÖ³£Óð칫¡¢¹¤¾ß
Èí¼þ(°²×°ÐÂϵ
ͳÃâ·Ñ)
       (5)°²×°ÏúÊÛÕý°æɱ¶¾Èí¼þ¡¢ËÑË÷¡¢Èº·¢EmailÈí¼þ
       (6)¾ÖÓòÍø¡¢¹ã
ÓòÍø¹²Ïí

       (7)ÍøÂçϵͳ²¼ÏßÉè¼Æ¼°Ó¦ÓÃ
       (8)¼ÆËã»ú²¡¶¾·ÀÖμ°·À»ðǽÉèÖÃ

       (9)¿ìËÙ½â¾öADSL¡¢ÌìÍþ¡¢Íøͨһ¸öÕʺŶà»úͬʱÉÏÍø
       (10)רҵ×齨ÓÐÅÌ¡¢ÎÞÅÌÍø
°É¹¤³Ì
            
       * ×¨Òµ×齨ÓÐÅÌÍø°É¹¤³Ì£º

           

1¡¢µçÄÔ×é×° 
2¡¢°²×°²Ù×÷ϵͳ 
3¡¢°²×°¸÷ÖÖ×îÐÂÍøÂç¡¢±¾µØÓÎÏ·

           
4¡¢×îо«²ÊµçÓ°´óƬ¡¢MP3ÒôÀÖ  
5¡¢ÍòÏó¡¢ÃÀƼÖÇÄÜ»¯ÊÕ·Ñϵͳ
           
6¡¢°²×°ÖÇÄÜ»¯»¹Ô­¾«Áé  
7¡¢ÍøÂç²¼Ïß¡¢ÍøÂç×ÊÔ´¹²Ïí

            
       * µçÄÔά»¤¡¢µçÄÔ×é×°¡¢ÍøÂ繤³Ì *

            
       * ÈÈÁÒ»¶Ó­µ¥Î»»ò¸öÈËÇ©Ô¼°üÔ *

            
       * ÈȳϵķþÎñ£¬È«ÐÄÈ«ÒâȫΪÁËÄú *

            
       ÉîÛÚȺÁ¦¿Æ¼¼ÓÐÏÞ¹«Ë¾
       ÁªÏµÈË£ºÕÅ  ·æ

       ÁªÏµµç»°£º13714661862»ò0755-88363633
       QQ£º282079259   
            2441630
       E-mail:168it@126.com       


      

        
        

          



From eap-admin@frascone.com  Tue Apr 26 11:14:14 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA16789
	for ; Tue, 26 Apr 2005 11:14:13 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id AAAA5205C1;
	Tue, 26 Apr 2005 11:14:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 3A0612054F;
	Tue, 26 Apr 2005 11:14:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 921392054F
	for ; Tue, 26 Apr 2005 11:13:18 -0400 (EDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140])
	by mail.frascone.com (Postfix) with ESMTP id 7F5DF20544
	for ; Tue, 26 Apr 2005 11:13:15 -0400 (EDT)
Received: from ams-core-1.cisco.com (144.254.224.150)
  by ams-iport-1.cisco.com with ESMTP; 26 Apr 2005 17:13:14 +0200
Received: from gwzw2k01 (sjc-vpn2-220.cisco.com [10.21.112.220])
	by ams-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id j3QFD354016485;
	Tue, 26 Apr 2005 17:13:04 +0200 (MEST)
Message-Id: <200504261513.j3QFD354016485@ams-core-1.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: "'Blumenthal, Uri'" ,
        "'Bernard Aboba'" 
Cc: , , 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <3DEC199BD7489643817ECA151F7C59290107C0D9@pysmsx401.amr.corp.intel.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVKA/EutFC4CQPDTBibwgAvJMlsPQAZMRpQAAEf3ZA=
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 08:12:58 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Blumenthal, Uri  supposedly
scribbled:

> It was my understanding that while EAP is between the client
> (supplicant) and NAS, and RADIUS is between NAS and AAA, *EAP
method*
> that runs on top of EAP is between the client and RADIUS server. 

No.  Can we just _get it_ once and for all?  AAA & EAP are
_different_ and _separate_ things: there is no part of EAP that is
"between" the EAP peer and any AAA entity.

> 
> This tunnel created by EAP method can be considered as "trust
between
> the client and AAA", 

See above.

> and RADIUS between NAS and AAA (however it is 
> accomplished) is "trust between NAS and AAA".
> 
> And yes, many find convenient to connect authorization decision to
> some extra information about the supplicant - such as its posture
> evaluation (Cisco NAC, Microsoft NAP, etc). Such information would
> naturally be carried in TLVs as part of EAP inner method exchange.

Or more rationally (gasp!) in a subsequent _authorization_ protocol
exchange.

> Yes it seems to go way beyond the original purpose of EAP, but
then
> it does seem to address the today's need.  

If one has a sore toe, shooting oneself in the foot may seem to
satisfy "today's need"; in the long run, however, it will probably
turn out to be counterproductive.
   
> 
> -----Original Message-----
> From: isms-bounces@lists.ietf.org
[mailto:isms-bounces@lists.ietf.org]
> On Behalf Of Bernard Aboba
> Sent: Monday, April 25, 2005 10:02 PM
> To: Glen Zorn (gwz)
> Cc: radiusext@ops.ietf.org; eap@frascone.com; isms@ietf.org
> Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
> 
> Martin Soukup said:
> 
>> The use of RADIUS itself without a defined extension such as
EAP-TLS
>> or EAP-PEAP over RADIUS cannot securely pass attributes between
>> entities. Note that the defined EAP-TLS (or other EAP mechanisms)
>> over RADIUS provides for secure attribute passing between
entities
>> even through proxies.
> 
> In response to which, Glen Zorn spake thusly:
> 
>> I thought that I was passing familiar w/EAP-TLS (and even more so
>> w/PEAP), but I am completely unaware of such capabilities.  Would
you
>> mind explaining how this is achieved, given that RADIUS & EAP are
>> completely different protocols?
> 
> I also was unaware of the ability of EAP-TLS to transmit RADIUS
> attributes between the EAP peer and server.  I had always thought
> RADIUS was a protocol only spoken between a NAS and a RADIUS
server,
> and that EAP-TLS didn't support transmission of TLVs.  But I guess
> this is a somewhat old fashioned point of view.    
> 
> Perhaps this is referring to EAP-TLS "extended" via the following?
>
http://www.ietf.org/internet-drafts/draft-funk-tls-inner-application
-ext
> ension-01.txt
> 
> 
> 
> _______________________________________________
> Isms mailing list
> Isms@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/isms

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Tue Apr 26 13:39:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA29140
	for ; Tue, 26 Apr 2005 13:39:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6D3C020544;
	Tue, 26 Apr 2005 13:39:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id CC5CA20516;
	Tue, 26 Apr 2005 13:39:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 107F820516
	for ; Tue, 26 Apr 2005 13:38:59 -0400 (EDT)
Received: from orsfmr003.jf.intel.com (fmr18.intel.com [134.134.136.17])
	by mail.frascone.com (Postfix) with ESMTP id D2D60203A2
	for ; Tue, 26 Apr 2005 13:38:57 -0400 (EDT)
Received: from orsfmr100.jf.intel.com (orsfmr100.jf.intel.com [10.7.209.16])
	by orsfmr003.jf.intel.com (8.12.10/8.12.10/d: major-outer.mc,v 1.1 2004/09/17 17:50:56 root Exp $) with ESMTP id j3QHcuCD016384;
	Tue, 26 Apr 2005 17:38:56 GMT
Received: from orsmsxvs041.jf.intel.com (orsmsxvs041.jf.intel.com [192.168.65.54])
	by orsfmr100.jf.intel.com (8.12.10/8.12.10/d: major-inner.mc,v 1.2 2004/09/17 18:05:01 root Exp $) with SMTP id j3QHcnCJ018474;
	Tue, 26 Apr 2005 17:38:56 GMT
Received: from orsmsx332.amr.corp.intel.com ([192.168.65.60])
 by orsmsxvs041.jf.intel.com (SAVSMTP 3.1.7.47) with SMTP id M2005042610385508207
 ; Tue, 26 Apr 2005 10:38:55 -0700
Received: from orsmsx408.amr.corp.intel.com ([192.168.65.52]) by orsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.211);
	 Tue, 26 Apr 2005 10:38:55 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
Message-ID: 
Thread-Topic: [eap] [Issue 297] Review of Identity Selection -12
Thread-Index: AcVJsOhPUCVmhSViQxKjGgAeKwe0AgA1ITaQ
From: "Adrangi, Farid" 
To: "Bernard Aboba" 
Cc: 
X-OriginalArrivalTime: 26 Apr 2005 17:38:55.0902 (UTC) FILETIME=[D1FD03E0:01C54A86]
X-Scanned-By: MIMEDefang 2.44
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 10:38:55 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

Thanks! =20

Are you suggesting that RFC 2607 needs to be updated for use with EAP?
If so, are we making that as a dependency for our Identity selection
draft? =20

BR,
Farid

> -----Original Message-----
> From: Bernard Aboba [mailto:aboba@internaut.com]=20
> Sent: Monday, April 25, 2005 9:07 AM
> To: Adrangi, Farid
> Cc: eap@frascone.com
> Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
>=20
>=20
> > section 5.1 says that proxy must reply with Access-Reject or
> > Access-Challenge -- so why do you consider that additional proxy
> > behavior?
> > Thanks,
> > Farid
>=20
> RFC 2607 doesn't say what is contained in the Access-Reject (probably
> because it was written before use of EAP became popular). =20
> Back in those
> days, an Access-Reject would probably just contain a Reply-Message
> attribute with an error message, or maybe nothing at all.  However,
> Reply-Message was deprecated in RFC 3579, so that won't work with EAP.
>=20
> Therefore the portion of the document that refers to acceptable
> proxy behavior in response to an unknown realm in an Access-Request
> containing EAP-Message attributes probably should be followed by all
> RADIUS proxies.  It's a clarification of RFC 2607 for use with EAP.
>=20
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From gale_duncanvr@marcoisland-condorental.com  Tue Apr 26 14:59:27 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA05540
	for ; Tue, 26 Apr 2005 14:59:26 -0400 (EDT)
Received: from [65.210.111.70] (helo=localhost)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DQVTh-0004UM-BD
	for eap-archive@ietf.org; Tue, 26 Apr 2005 15:12:23 -0400
Received: from 70.4.159.254 by smtp.marcoisland-condorental.com;
	Fri, 17 Dec 2004 08:28:43
Message-ID: 
From: "Gale Duncan" 
To: eap-archive@ietf.org
Subject: =?ISO-8859-1?B?RGVidCBDb25zb2xpZGF0aW9uIC0gRnJlZSBRdW90ZXMgICAgM3A=?=
Date: Fri, 17 Dec 2004 08:28:40 +0000
MIME-Version: 1.0
X-Sender: 
Sender: 
Reply-To: "Gale Duncan" 
In-Reply-To: <388c01c4e237$d5d259a5$aafb5478@kynquw3>
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0ABD_FBEF41F7.985AD5B5"
X-Spam-Score: 31.1 (+++++++++++++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: fb6060cb60c0cea16e3f7219e40a0a81

This is a multi-part message in MIME format.

------=_NextPart_000_0ABD_FBEF41F7.985AD5B5
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 8bit

Lowest Mortgage Rates
http://mrlend123.com/x/loan2.php?id=comehere


Debt Consolidation
New Purchase
FHA/VA
Refinance Second Mortgages
Home Equity Line of  Credit
or  .. cash for something



no more
http://mrlend123.com/x/st.html

------=_NextPart_000_0ABD_FBEF41F7.985AD5B5
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: 8bit







LOWEST RATES IN







 


no thanks


 







------=_NextPart_000_0ABD_FBEF41F7.985AD5B5--



From eap-admin@frascone.com  Tue Apr 26 15:05:12 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA06099
	for ; Tue, 26 Apr 2005 15:05:12 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BEB472054F;
	Tue, 26 Apr 2005 15:05:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 7B8FB20529;
	Tue, 26 Apr 2005 15:05:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 7B04F20529
	for ; Tue, 26 Apr 2005 15:04:31 -0400 (EDT)
Received: from gtfw2.enterasys.com (gtfw2.enterasys.com [12.25.1.128])
	by mail.frascone.com (Postfix) with ESMTP id BA5E320516
	for ; Tue, 26 Apr 2005 15:04:26 -0400 (EDT)
Received: from NHROCAVG2.ets.enterasys.com ([134.141.79.124])
	by gtfw2.enterasys.com (0.25.1/8.12.6) with ESMTP id j3QJ4OZC023490
	for ; Tue, 26 Apr 2005 15:04:24 -0400 (EDT)
Received: from psmtp.com ([134.141.79.124]) by 134.141.79.124 with InterScan Messaging Security Suite; Tue, 26 Apr 2005 15:04:24 -0400
Received: from source ([134.141.79.122]) by host ([134.141.79.124]) with SMTP;
	Tue, 26 Apr 2005 15:04:24 -0400
Received: from maandmbx2 ([134.141.93.31]) by NHROCCNC2.ets.enterasys.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Tue, 26 Apr 2005 15:03:36 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Message-ID: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322FA@MAANDMBX2.ets.enterasys.com>
Thread-Topic: [eap] RE: [Isms] RADIUS is not a trusted third party
Thread-Index: AcVKA/EutFC4CQPDTBibwgAvJMlsPQAZMRpQAAEf3ZAABd9VwAADRxYA
From: "Nelson, David" 
To: "Blumenthal, Uri" , ,
        "Bernard Aboba" 
Cc: , , 
X-OriginalArrivalTime: 26 Apr 2005 19:03:36.0194 (UTC) FILETIME=[A6140E20:01C54A92]
X-pstn-version: pmps:sps_win32_1_1_0c1 pase:2.8
X-pstn-levels:     (C:90.6865 M:96.2375 P:95.9108 R:95.9108 S:38.2676 )
X-pstn-settings: 4 (0.2500:0.2500) p:13 m:13 c:14 r:13
X-pstn-addresses: from  forward (org good) 
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 15:03:33 -0400
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable


Uri Blumenthal writes...

> I consider EAP server running inside AAA server. If others
> (besides Glen and Bernard) on this list disagree with this perception
-
> I invite them to speak up please.

I agree that is most often the case, in practice.  The EAP server is
packaged as part of the RADIUS or Diameter server software distribution.


From a protocol definition perspective, however, the EAP server and AAA
server are distinct entities.  Any interaction (API) between these
entities is outside the scope of the EAP, RADIUS or Diameter RFCs. Any
security analysis of those protocols cannot take into account the AAA
server to EAP server API, as it is implementation specific.


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Tue Apr 26 15:09:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA06612
	for ; Tue, 26 Apr 2005 15:09:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B23F820544;
	Tue, 26 Apr 2005 15:09:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 071F420529;
	Tue, 26 Apr 2005 15:09:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 77E7520529
	for ; Tue, 26 Apr 2005 15:08:04 -0400 (EDT)
Received: from gtfw2.enterasys.com (gtfw2.enterasys.com [12.25.1.128])
	by mail.frascone.com (Postfix) with ESMTP id BC44520516
	for ; Tue, 26 Apr 2005 15:08:00 -0400 (EDT)
Received: from NHROCAVG2.ets.enterasys.com ([134.141.79.124])
	by gtfw2.enterasys.com (0.25.1/8.12.6) with ESMTP id j3QJ7wZC023623
	for ; Tue, 26 Apr 2005 15:07:58 -0400 (EDT)
Received: from NHROCCNC2.ets.enterasys.com ([134.141.79.124]) by 134.141.79.124 with InterScan Messaging Security Suite; Tue, 26 Apr 2005 15:07:57 -0400
Received: from source ([134.141.79.122]) by host ([134.141.79.124]) with SMTP;
	Tue, 26 Apr 2005 15:07:57 -0400
Received: from maandmbx2 ([134.141.93.31]) by NHROCCNC2.ets.enterasys.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Tue, 26 Apr 2005 15:07:16 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Message-ID: <2A5E4540D4D5934D9A1E7E0B0FDB2D69010322FB@MAANDMBX2.ets.enterasys.com>
Thread-Topic: [eap] RE: [Isms] RADIUS is not a trusted third party
Thread-Index: AcVKA/EutFC4CQPDTBibwgAvJMlsPQAZMRpQAAEf3ZAABd9VwAACLjdQAAFWx2A=
From: "Nelson, David" 
To: , "Blumenthal, Uri" ,
        , "Bernard Aboba" 
Cc: , , 
X-OriginalArrivalTime: 26 Apr 2005 19:07:16.0288 (UTC) FILETIME=[2943BC00:01C54A93]
X-pstn-version: pmps:sps_win32_1_1_0c1 pase:2.8
X-pstn-levels:     (C:92.2131 M:98.8113 P:95.9108 R:95.9108 S:21.1072 )
X-pstn-settings: 4 (0.2500:0.2500) p:13 m:13 c:14 r:13
X-pstn-addresses: from  forward (org good) 
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 15:07:14 -0400
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

Dave Harrington writes...

> Why are we spending so much time discussing EAP, if the AD has told
> the WG that EAP should not be used, and that the IESG is unlikely to
> approve a solution using EAP?

I don't know.  But I'll offer the somewhat pedantic clarification that
the AD told ISMS that EAP was out of scope because of the EAP
applicability statement.  There exists the finite possibility that the
EAP WG will decide to modify its applicability statement.


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From kr@westolympian.com  Tue Apr 26 16:46:00 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15732;
	Tue, 26 Apr 2005 16:45:59 -0400 (EDT)
Received: from pcp435487pcs.abrcrn01.ga.comcast.net ([68.51.199.145])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQX8u-00074R-Sw; Tue, 26 Apr 2005 16:58:58 -0400
Received: from ineixmxluq.amigo.net.gt (csucnlhidz.amigo.net.gt [128.155.210.180]) by 68.51.199.145 Microsoft SMTPSVC(5.0.2195.6824);
	 Tue, 26 Apr 2005 13:45:46 -0800
Message-ID: 
Date: Tue, 26 Apr 2005 13:45:46 -0800
From: Joan.Brandt
Reply-To: "kr@westolympian.com"
To: mailman@ietf.org
Subject: Congratulations
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="302473369"
X-Spam-Score: 3.8 (+++)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22

--302473369
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit



Hello mailman@ietf.org,

We tried to contact you earlier about flnanclng your home at a lower rate. 
I would like to let you know that we have gone ahead and started the preapproval process, 
Here are the results:

Name: Mailman
Negotiable Amount: $204,000 to $815,000
Rate: 4.00% - 7.10%

For more information or to have a broker contact you please visit:
http://g.msn.com/0MNBUS00/1?http://jettisonit.com

No future contact:
http://g.msn.com/0MNBUS00/1?http://jettisonit.com/gone.asp

Best Regards,

Joan Brandt, 
Account Manager

--302473369--


From mccauka@doneasy.com  Tue Apr 26 17:31:41 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19646;
	Tue, 26 Apr 2005 17:31:41 -0400 (EDT)
Received: from cm92080.red.mundo-r.com ([213.60.92.80])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQXrA-00083o-8p; Tue, 26 Apr 2005 17:44:40 -0400
Received: from saltwater-jcoppens.com (EHLO brink.jcoppens.com) 
  by circumstance.jcoppens.com with SMTP; Tue, 26 Apr 2005 23:28:32 +0100
Date: Wed, 27 Apr 2005 00:30:32 +0200
From: "Kerri Crump" 
To: drums-archive@ietf.org
Cc: dvsqhmanet@ietf.org, dxnvmrouting-discussion-admin@ietf.org, e@ietf.org,
        e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org,
        eb-archive@ietf.org, eccmtmagma-admin@ietf.org,
        ediint-archive@ietf.org, edu-discuss@ietf.org
Subject: Notification: We offer low rates
Message-ID: 
X-SpamTest-Info: Profile: SysLog
X-SpamTest-Status: Not detected
X-SpamTest-Version: SMTP-Filter Version 2.0.0 [110], SpamtestISP/Release
X-Mailer: MIME-tools 5.41 (Entity 5.404)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.cr3at3.com/sign.asp



 Best Regards,

 Adan Greer
 
 to be remov(ed:	http://www.cr3at3.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From eap-admin@frascone.com  Tue Apr 26 18:26:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA25296
	for ; Tue, 26 Apr 2005 18:26:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 0ACF4205DF;
	Tue, 26 Apr 2005 18:26:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 2184A20543;
	Tue, 26 Apr 2005 18:26:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A617720543
	for ; Tue, 26 Apr 2005 18:25:51 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id D9E8F204CE
	for ; Tue, 26 Apr 2005 18:25:49 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DQYV2-000HTb-9Z; Tue, 26 Apr 2005 18:25:48 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3QMPk109908;
	Tue, 26 Apr 2005 15:25:46 -0700
From: Bernard Aboba 
To: "Glen Zorn (gwz)" 
Cc: "'Blumenthal, Uri'" , radiusext@ops.ietf.org,
        eap@frascone.com, isms@ietf.org
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <200504261513.j3QFD354016485@ams-core-1.cisco.com>
Message-ID: 
References: <200504261513.j3QFD354016485@ams-core-1.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 15:25:46 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> If one has a sore toe, shooting oneself in the foot may seem to
> satisfy "today's need"; in the long run, however, it will probably
> turn out to be counterproductive.

"Probably".  I sense a window large enough for an elephant to walk through
:)
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Tue Apr 26 18:31:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA25618
	for ; Tue, 26 Apr 2005 18:31:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 62863205E7;
	Tue, 26 Apr 2005 18:31:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id EB09F20546;
	Tue, 26 Apr 2005 18:31:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 7B4DB20546
	for ; Tue, 26 Apr 2005 18:30:36 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id A3A3720543
	for ; Tue, 26 Apr 2005 18:30:34 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DQYZd-000IaB-W7; Tue, 26 Apr 2005 18:30:34 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3QMUWY10376;
	Tue, 26 Apr 2005 15:30:32 -0700
From: Bernard Aboba 
To: "Adrangi, Farid" 
Cc: eap@frascone.com
Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 15:30:32 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

No, RFC 2607 can stay as it is.  You could add RFC 2607 to the list of
normative references if you refer to it.

The Updates: header just indicates that the draft contains material that
updates the referred to RFC.  That RFC doesn't itself need to change.

On Tue, 26 Apr 2005, Adrangi, Farid wrote:

> Thanks!
>
> Are you suggesting that RFC 2607 needs to be updated for use with EAP?
> If so, are we making that as a dependency for our Identity selection
> draft?
>
> BR,
> Farid
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Tue Apr 26 18:34:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA25840
	for ; Tue, 26 Apr 2005 18:34:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 37C70205EE;
	Tue, 26 Apr 2005 18:34:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 97764205DF;
	Tue, 26 Apr 2005 18:34:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 32815205DF
	for ; Tue, 26 Apr 2005 18:33:28 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 949592054A
	for ; Tue, 26 Apr 2005 18:33:26 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DQYcP-000JSW-TR; Tue, 26 Apr 2005 18:33:26 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3QMXNG10513;
	Tue, 26 Apr 2005 15:33:23 -0700
From: Bernard Aboba 
To: David B Harrington 
Cc: "'Blumenthal, Uri'" , gwz@cisco.com,
        radiusext@ops.ietf.org, eap@frascone.com, isms@ietf.org
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <200504261827.j3QIRcS27781@internaut.com>
Message-ID: 
References: <200504261827.j3QIRcS27781@internaut.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 15:33:23 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> Why are we spending so much time discussing EAP, if the AD has told
> the WG that EAP should not be used, and that the IESG is unlikely to
> approve a solution using EAP?
>
> dbh

Perhaps because the ISMS WG charter talks about RADIUS support?

Just a thought :)
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From fengsarsh274@famthrift.com  Tue Apr 26 19:09:02 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA28558;
	Tue, 26 Apr 2005 19:09:02 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DQZNS-0001Zs-Lm; Tue, 26 Apr 2005 19:22:03 -0400
Received: from 69-160-23-42.kntnny.adelphia.net ([69.160.23.42])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DQZAq-0000Hp-Ik; Tue, 26 Apr 2005 19:09:02 -0400
Received: from bloody.btg.phxcoxmail.com (69.160.23.42)
          by 69.160.23.42 (chrisoph 2.5 HotFix 0.66) with SMTP
          id ; Wed, 27 Apr 2005 06:05:20 +0600
Reply-To: "abbie gordan" 
From: "abbie gordan" 
To: l2tpext-admin@ietf.org
Cc: dmin@ietf.org, owner-ietf-outbound@ietf.org, meeting-scheduling@ietf.org,
        iptel-request@ietf.org, ran@ietf.org, eap-archive@ietf.org,
        maddogs@ietf.org, workshop@ietf.org, seamoby-admin@ietf.org,
        ipoverib-admin@ietf.org, dccp-request@ietf.org, manet@ietf.org,
        vrrp@ietf.org, subip-area@ietf.org, dinaras@ietf.org,
        urn-nid-admin@ietf.org, ieprep@ietf.org, gaco@ietf.org
Subject: Updated Account Info
Date: Wed, 27 Apr 2005 01:06:20 +0100
MIME-Version: 1.0
X-Scanned: Symantec Scan Engine v8.0
Content-Type: multipart/alternative;
	boundary="--93546_99657338.oW782"
Message-Id: 
X-Spam-Score: 5.2 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906

----93546_99657338.oW782
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit

Dear Homeowner,


You have been pre-approved for a $500,000 loan at a low fixed rate.

This offer is being extended to you unconditionally and your credit is in no way a factor.


To take advantage of this limited time opportunity, we ask you to visit our website and complete

the post approval form.


Approval Form


abbie gordan

Sycila Financial Group


codoc explicit konno oralia govindan

--------------------------------------------------------

not interested


----93546_99657338.oW782--


From olageorge@eresmas.com  Tue Apr 26 23:08:01 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA18953;
	Tue, 26 Apr 2005 23:07:59 -0400 (EDT)
Received: from smtp14.eresmas.com ([62.81.235.114])
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DQd6h-0007gz-7D; Tue, 26 Apr 2005 23:21:01 -0400
Received: from [192.168.105.166] (helo=ma19.eresmas.com)
	by smtp14.eresmas.com with esmtp (Exim 4.10)
	id 1DQcsX-0003G7-00; Wed, 27 Apr 2005 05:06:21 +0200
From: mr ola george 
To: olageorge@eresmas.com
Reply-To: olageorge@ukrpost.net
Message-ID: <795556798858.798858795556@ma19.eresmas.com>
Date: Wed, 27 Apr 2005 03:06:21 GMT
X-Mailer: Netscape Webmail
MIME-Version: 1.0
Content-Language: en
Subject: IS ME YOUR FRIEND.
X-Accept-Language: en
Content-Type: text/html; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
X-Spam-Score: 7.6 (+++++++)
X-Spam-Flag: YES
X-Scan-Signature: 68c8cc8a64a9d0402e43b8eee9fc4199
Content-Transfer-Encoding: 7bit


 


From the Desk of: Ola George
{GM, Corporate and Investment 
Banking Division (South)} 
African Continental Bank Plc, Nigeria.
 
Dear Friend,


My name is Ola George,General Manager, Corporate and Investment Banking Division(South)with African Continental Bank Plc,Lagos-Nigeria.I came to know about you in my private search for a reliable person/company to handle a confidential transaction on behalf of myself.As a matter of fact, I got your information from the Nigerian Chamber of Commerce and Industry/Nigerian Export Promotion Council.


l write in respect of a foreign customer with our Bank,who unfortunately lost his life in the plane crash of Union Transport Africaines Flight Boeing 727  which crashed on December 25,2003.


Since the death of this our customer , I have kept a close monitoring of the deposit records and accounts since then. Nobody has come forward to claim the money in his A/C as next of kin to the late customer. The total amount in the account is US$12.5 million and it is a domiciliary escrow bank account. Also the funds can only be released to a foreigner. 


As it stands now, there is nobody in the position to produce the needed information other than my very self-considering my position in the bank.Based on the fact that all the family perished in the same flight accident, leaving no one to put claim of the deposit as the next of kin,so I am seeking for your co-operation to present you as the next of kin, and arrange for the release of the funds to your honour for our mutual benefit.



I am willing to share this money with you in the ratio of 70-30%.You shall have 30% of the funds and I shall have the rest (70%) .I hope this is a fair sharing?


I look forward to hearing from you urgently so that we can proceed accordingly.I wait for your urgent response.Send your further correspondent to this e-mail address(olageorge@ukrpost.net  )


Thanks and best Regards. 


Mr.Ola George


 




From vnsqcftsot@msn.com  Tue Apr 26 23:38:27 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA20463;
	Tue, 26 Apr 2005 23:38:27 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DQdaB-00087u-Jd; Tue, 26 Apr 2005 23:51:30 -0400
Received: from ip-69-30-148-11.valornet.com ([69.30.148.11])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DQdNX-0001XV-Pv; Tue, 26 Apr 2005 23:38:26 -0400
Received: from commendatory [216.120.132.237] (helo=b.cosec.dearriba.com)
	by smtp2.cistron.nl with esmtp (troop 3.35 #1 (theodore))
	id 124LFL-0067PT-07
Message-ID: <82205803144732.R37478@quality.noc.explicable.gr>
Sender: freeradius-devel-vnsqcftsot@msn.com
X-Mailman-Version: 2.0.1
Date: Wed, 27 Apr 2005 19:33:14 -0100
From: "Alana Tolbert" 
To: eap-archive@ietf.org
Subject:  King of Pharmacy %RANDOMCHAR
X-Spam-Score: 16.3 (++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 93238566e09e6e262849b4f805833007


Best medds of the month:

V-codin - 225.00 (90 pi lls) 
Valliuum - 153.00 (90 pi lls)
Vi graa - 270.00 (90 pi lls)
Cai llis - 348.00 (90 pi lls)
Codeinne - 126.00 (90 pi lls)
X|a naax - 171.00 (90 pi lls)

All orderrs are delivered by Fedex with full tracking 24/7.
Satisfactiionnss guaaranteeed...

http://tablpep.info/in.php?aid=56









foal caracas pliny hydrodynamic carload


From eap-admin@frascone.com  Tue Apr 26 23:44:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA20893
	for ; Tue, 26 Apr 2005 23:44:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B988A205F0;
	Tue, 26 Apr 2005 23:44:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 701EF205E9;
	Tue, 26 Apr 2005 23:44:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 468F5205E9
	for ; Tue, 26 Apr 2005 23:43:21 -0400 (EDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86])
	by mail.frascone.com (Postfix) with ESMTP id 5B2342051F
	for ; Tue, 26 Apr 2005 23:43:18 -0400 (EDT)
Received: from sj-core-3.cisco.com (171.68.223.137)
  by sj-iport-4.cisco.com with ESMTP; 26 Apr 2005 20:43:03 -0700
Received: from gwzw2k01 (sjc-vpn2-573.cisco.com [10.21.114.61])
	by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j3R3h0b4009558;
	Tue, 26 Apr 2005 20:43:00 -0700 (PDT)
Message-Id: <200504270343.j3R3h0b4009558@sj-core-3.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: "'Blumenthal, Uri'" ,
        "'Bernard Aboba'" 
Cc: , , 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <3DEC199BD7489643817ECA151F7C59290107C387@pysmsx401.amr.corp.intel.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVKA/EutFC4CQPDTBibwgAvJMlsPQAZMRpQAAEf3ZAABd9VwAANgA/A
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 20:42:54 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Blumenthal, Uri  supposedly
scribbled:

>>> It was my understanding that while EAP is between the client
>>> (supplicant) and NAS, and RADIUS is between NAS and AAA, *EAP
>>> method* that runs on top of EAP is between the client and RADIUS
>>> server.
>> 
>> No. Can we just _get it_ once and for all?  AAA & EAP are
_different_
>> and _separate_ things: there is no part of EAP that is "between"
the
>> EAP peer and any AAA entity.
> 
> What about EAP methods that run between the EAP client and EAP
server?
> Are you saying that EAP _method_ does not terminate in an EAP
server,
> or that EAP server is not usually [within and part of] a AAA
server?

No, but this is an implementation detail: it is by no means
necessary to have _any_ AAA infrastructure to deploy EAP.  AAA makes
it more convenient, scale better, etc., but it's not necessary, nor
is EAP "part of" AAA.

> "EAP server" is what "eap peer" and "aaa" share.  
> Oh and we _are_ talking EAPv2, right?

I don't know what that is.

> 
> 
>>> This tunnel created by EAP method can be considered as "trust
>>> between the client and AAA",
>> 
>> See above.
> 
> See above. I consider EAP server running inside AAA server. If
others
> (besides Glen and Bernard) on this list disagree with this
perception
> - I invite them to speak up please.  
> 
> 
>>> and RADIUS between NAS and AAA (however it is
>>> accomplished) is "trust between NAS and AAA".
>>> 
>>> And yes, many find convenient to connect authorization decision
to
>>> some extra information about the supplicant - such as its
posture
>>> evaluation (Cisco NAC, Microsoft NAP, etc). Such information
would
>>> naturally be carried in TLVs as part of EAP inner method
exchange.
>> 
>> Or more rationally (gasp!) in a subsequent _authorization_
protocol
>> exchange.
> 
> Kindly explain how "authorization" doesn't include trust of the
> authorizing entity. 

I may not trust the government of the United States, but it has
authorized me (through the issuance of a passport) to leave the
country and return.  

> Also, it may be news for you - but [at least
> some] people want authentication combined with authorization: i.e.
if
> I get a set of keys, it means that (a) the AAA authenticated me
OK,
> _and_ (b) that the server implicitly authorized me to communicate
> with the given NAS.  

It's not news to me at all -- it's the same old RADIUS story.  
   
> 
> That authorization is dependent on host posture evaluation. I
thought
> it was Cisco that proposed it in their NAC architecture? Perhaps
you
> can/should shed some light on this?  

I thought this was a standards discussion; if you want to talk about
NAC (or any other proprietary Cisco stuff), I suggest that you talk
to your account manager -- I'm sure that he or she would love to
extol its wonders.  

> 
> 
>>> Yes it seems to go way beyond the original purpose of EAP, but
then
>>> it does seem to address the today's need.
>> 
>> If one has a sore toe, shooting oneself in the foot may seem to
>> satisfy "today's need"; in the long run, however, it will
probably
>> turn out to be counterproductive.
> 
> I'm simply describing what I perceive as today's reality. You may
> intensely dislike it - it's your free choice. Looks like the
market
> is moving the above-described way.  

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From olageorge@eresmas.com  Tue Apr 26 23:57:30 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA18954;
	Tue, 26 Apr 2005 23:07:59 -0400 (EDT)
Received: from smtp14.eresmas.com ([62.81.235.114])
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DQd6h-0007h0-9G; Tue, 26 Apr 2005 23:21:01 -0400
Received: from [192.168.105.166] (helo=ma19.eresmas.com)
	by smtp14.eresmas.com with esmtp (Exim 4.10)
	id 1DQcsh-0003Jn-00; Wed, 27 Apr 2005 05:06:31 +0200
From: mr ola george 
To: olageorge@eresmas.com
Reply-To: olageorge@ukrpost.net
Message-ID: <79974b7997b5.7997b579974b@ma19.eresmas.com>
Date: Wed, 27 Apr 2005 03:06:31 GMT
X-Mailer: Netscape Webmail
MIME-Version: 1.0
Content-Language: en
Subject: IS ME YOUR FRIEND.
X-Accept-Language: en
Content-Type: text/html; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
X-Spam-Score: 7.6 (+++++++)
X-Spam-Flag: YES
X-Scan-Signature: 68c8cc8a64a9d0402e43b8eee9fc4199
Content-Transfer-Encoding: 7bit


 


From the Desk of: Ola George
{GM, Corporate and Investment 
Banking Division (South)} 
African Continental Bank Plc, Nigeria.
 
Dear Friend,


My name is Ola George,General Manager, Corporate and Investment Banking Division(South)with African Continental Bank Plc,Lagos-Nigeria.I came to know about you in my private search for a reliable person/company to handle a confidential transaction on behalf of myself.As a matter of fact, I got your information from the Nigerian Chamber of Commerce and Industry/Nigerian Export Promotion Council.


l write in respect of a foreign customer with our Bank,who unfortunately lost his life in the plane crash of Union Transport Africaines Flight Boeing 727  which crashed on December 25,2003.


Since the death of this our customer , I have kept a close monitoring of the deposit records and accounts since then. Nobody has come forward to claim the money in his A/C as next of kin to the late customer. The total amount in the account is US$12.5 million and it is a domiciliary escrow bank account. Also the funds can only be released to a foreigner. 


As it stands now, there is nobody in the position to produce the needed information other than my very self-considering my position in the bank.Based on the fact that all the family perished in the same flight accident, leaving no one to put claim of the deposit as the next of kin,so I am seeking for your co-operation to present you as the next of kin, and arrange for the release of the funds to your honour for our mutual benefit.



I am willing to share this money with you in the ratio of 70-30%.You shall have 30% of the funds and I shall have the rest (70%) .I hope this is a fair sharing?


I look forward to hearing from you urgently so that we can proceed accordingly.I wait for your urgent response.Send your further correspondent to this e-mail address(olageorge@ukrpost.net  )


Thanks and best Regards. 


Mr.Ola George


 


-----------------------------------------------------------------------
Deja de trabajar para beneficiar a tu jefe. TRABAJA PARA TI Y DESDE CASA.
http://ad.doubleclick.net/clk;15727880;7829128;w?http://www.trabajaportucuenta.com/?pub=56




From eap-admin@frascone.com  Wed Apr 27 01:44:18 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA27987
	for ; Wed, 27 Apr 2005 01:44:17 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id CF227204C7;
	Wed, 27 Apr 2005 01:44:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A01AE20492;
	Wed, 27 Apr 2005 01:44:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id F3F0E20492
	for ; Wed, 27 Apr 2005 01:43:10 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 3A8942038B
	for ; Wed, 27 Apr 2005 01:43:08 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DQfKF-000OPD-RQ; Wed, 27 Apr 2005 01:43:07 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3R5h5605097;
	Tue, 26 Apr 2005 22:43:06 -0700
From: Bernard Aboba 
To: "Glen Zorn (gwz)" 
Cc: "'Blumenthal, Uri'" , radiusext@ops.ietf.org,
        eap@frascone.com, isms@ietf.org
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
In-Reply-To: <200504270343.j3R3h0b4009558@sj-core-3.cisco.com>
Message-ID: 
References: <200504270343.j3R3h0b4009558@sj-core-3.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Tue, 26 Apr 2005 22:43:05 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> "EAP server" is what "eap peer" and "aaa" share.

An EAP server can exist on the authenticator when there is  no AAA
server present.  It is a distinct entity from the EAP peer.  It is not
"shared" between the EAP peer and AAA server.

> Oh and we _are_ talking EAPv2, right?

The only version of EAP that I'm familiar with is defined in RFC 3748.

Maybe this entire discussion has been about some *other* version of EAP?



_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 27 08:05:12 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA29674
	for ; Wed, 27 Apr 2005 08:05:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 08D292050D;
	Wed, 27 Apr 2005 08:05:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A312220502;
	Wed, 27 Apr 2005 08:05:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 1256220500
	for ; Wed, 27 Apr 2005 08:04:41 -0400 (EDT)
Received: from mgw-x1.nokia.com (mgw-x1.nokia.com [131.228.20.21])
	by mail.frascone.com (Postfix) with ESMTP id B92B8204FF
	for ; Wed, 27 Apr 2005 08:04:39 -0400 (EDT)
Received: from esdks001.ntc.nokia.com (esdks001.ntc.nokia.com [172.21.138.120])
	by mgw-x1.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3RC4U822435;
	Wed, 27 Apr 2005 15:04:32 +0300 (EET DST)
X-Scanned: Wed, 27 Apr 2005 15:17:57 +0300 Nokia Message Protector V1.3.34 2004121512 - RELEASE
Received: (from root@localhost)
	by esdks001.ntc.nokia.com (8.12.9/8.12.9) id j3RCHvZK004512;
	Wed, 27 Apr 2005 15:17:57 +0300
Received: from mgw-int1.ntc.nokia.com (172.21.143.96)
	by esdks001.ntc.nokia.com 00l8kXxW; Wed, 27 Apr 2005 15:16:26 EEST
Received: from esebh001.NOE.Nokia.com (esebh001.ntc.nokia.com [172.21.138.28])
	by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3RArkM12235;
	Wed, 27 Apr 2005 13:53:46 +0300 (EET DST)
Received: from esebe018.NOE.Nokia.com ([172.21.138.57]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881);
	 Wed, 27 Apr 2005 13:53:43 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebe018.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881);
	 Wed, 27 Apr 2005 13:53:20 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
Message-ID: 
Thread-Topic: [eap] [Issue 297] Review of Identity Selection -12
thread-index: AcVKr80+LSm1WOYqQIqFoF3wIdCCAQAZofLA
From: 
To: , 
Cc: 
X-OriginalArrivalTime: 27 Apr 2005 10:53:20.0635 (UTC) FILETIME=[5373B4B0:01C54B17]
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 13:53:19 +0300
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

Hi Bernard,

2223bis defines the "Updates" header as follows:

   Updates

   Specifies an earlier document whose contents are modified or
   augmented by the new document.  The new document cannot be
   used alone, it can only be used in conjunction with the
   earlier document.

Since draft-adrangi-eap-network-discovery-12 does not even have
a reference to RFC 2607, I don't think any "Updates" header
is needed...

Best regards,
Pasi

> -----Original Message-----
> From: Bernard Aboba
> Sent: Wednesday, April 27, 2005 1:31 AM
> To: Adrangi, Farid
> Cc: eap@frascone.com
> Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
>=20
>=20
> No, RFC 2607 can stay as it is.  You could add RFC 2607 to the list=20
> of normative references if you refer to it.
>=20
> The Updates: header just indicates that the draft contains=20
> material that updates the referred to RFC.  That RFC doesn't itself=20
> need to change.
>=20
> On Tue, 26 Apr 2005, Adrangi, Farid wrote:
>=20
> > Thanks!
> >
> > Are you suggesting that RFC 2607 needs to be updated for=20
> > use with EAP? If so, are we making that as a dependency for our=20
> > Identity selection draft?
> >
> > BR,
> > Farid
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From mariko@doramail.com  Wed Apr 27 08:28:49 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA03783;
	Wed, 27 Apr 2005 08:28:49 -0400 (EDT)
Received: from 12-210-29-225.client.insightbb.com ([12.210.29.225])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQlrR-0001g9-DT; Wed, 27 Apr 2005 08:41:55 -0400
Authentication-Results: concussion.es
  from=premium.crestview.es; domainkeys=neutral (no sig)
X-Originating-IP: [102.222.144.64]
Received: from premium.sylvania.es  (EHLO premium.caption.es) 
  by premium.distant.es with SMTP; Wed, 27 Apr 2005 18:21:36 +0500
Date: Wed, 27 Apr 2005 17:19:36 +0400
From: "Jeremy Roth" 
To: e@ietf.org
Cc: e3@ietf.org, eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org,
        eccmtmagma-admin@ietf.org, ediint-archive@ietf.org,
        edu-discuss@ietf.org
Subject: Your account #23M7541
Message-ID: <114241.0199.mariko@doramail.com>
X-Mailer: Kana Connect 6
X-Spam-Score: 16.0 (++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.h0uses.net/sign.asp



 Best Regards,

 Lane Eason
 
 to be remov(ed:	http://www.h0uses.net/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From eap-admin@frascone.com  Wed Apr 27 10:25:14 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA19572
	for ; Wed, 27 Apr 2005 10:25:13 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 1329520510;
	Wed, 27 Apr 2005 10:25:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BB92E20506;
	Wed, 27 Apr 2005 10:25:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id E8E7A20428
	for ; Wed, 27 Apr 2005 10:24:39 -0400 (EDT)
Received: from ctron-dnm.enterasys.com (ctron-dnm.enterasys.com [12.25.1.120])
	by mail.frascone.com (Postfix) with ESMTP id 9070920424
	for ; Wed, 27 Apr 2005 10:24:34 -0400 (EDT)
Received: (from uucp@localhost)
	by ctron-dnm.enterasys.com (8.8.7/8.8.7) id KAA28299
	for ; Wed, 27 Apr 2005 10:25:37 -0400 (EDT)
Received: from nhrocavg2(134.141.79.124) by ctron-dnm.enterasys.com via smap (4.1)
	id xma028233; Wed, 27 Apr 05 10:25:10 -0400
Received: from psmtp.com ([134.141.79.124]) by 134.141.79.124 with InterScan Messaging Security Suite; Wed, 27 Apr 2005 10:23:59 -0400
Received: from source ([134.141.79.122]) by host ([134.141.79.124]) with SMTP;
	Wed, 27 Apr 2005 10:23:58 -0400
Received: from maandmbx2 ([134.141.93.31]) by NHROCCNC2.ets.enterasys.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Wed, 27 Apr 2005 10:23:19 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Message-ID: <2A5E4540D4D5934D9A1E7E0B0FDB2D6901032300@MAANDMBX2.ets.enterasys.com>
Thread-Topic: [eap] RE: [Isms] RADIUS is not a trusted third party
Thread-Index: AcVKA/EutFC4CQPDTBibwgAvJMlsPQAZMRpQAAEf3ZAABd9VwAANgA/AAB4/mtA=
From: "Nelson, David" 
To: 
Cc: , , 
X-OriginalArrivalTime: 27 Apr 2005 14:23:19.0014 (UTC) FILETIME=[A8ABC860:01C54B34]
X-pstn-version: pmps:sps_win32_1_1_0c1 pase:2.8
X-pstn-levels:     (C:84.0661 M:98.6627 P:95.9108 R:95.9108 S:42.1923 )
X-pstn-settings: 4 (0.2500:0.7500) p:13 m:13 C:14 r:13
X-pstn-addresses: from  forward (org good) 
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 10:23:16 -0400
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable


Glen Zorn writes...

> I may not trust the government of the United States, but it has
> authorized me (through the issuance of a passport) to leave the
> country and return.

I'm not sure this is an apt example of your point.  I rather suspect
that your distrust of the Federal government extends to areas other than
whether or not the agency that issued you a passport has the authority
to do so. :-)

In terms of the trust needed for enforcement of authorization, in your
example it is the trust relationship that various customs agents have
with the US government (among others) that allows them to validate your
passport and grant you passage.

In general, I think that concept of authorization without any form of
trust relationship is pretty useless.


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 27 16:00:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA20980
	for ; Wed, 27 Apr 2005 16:00:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B356720510;
	Wed, 27 Apr 2005 16:00:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 7CBD72046C;
	Wed, 27 Apr 2005 16:00:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 4B84720448
	for ; Wed, 27 Apr 2005 15:59:53 -0400 (EDT)
Received: from motgate3.mot.com (motgate3.mot.com [144.189.100.103])
	by mail.frascone.com (Postfix) with ESMTP id 49CA820431
	for ; Wed, 27 Apr 2005 15:59:50 -0400 (EDT)
Received: from az33exr02.mot.com (az33exr02.mot.com [10.64.251.232])
	by motgate3.mot.com (8.12.11/Motgate3) with ESMTP id j3RK9HeH002489
	for ; Wed, 27 Apr 2005 13:09:17 -0700 (MST)
Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4])
	by az33exr02.mot.com (8.13.1/8.13.0) with ESMTP id j3RK1Kq5002992
	for ; Wed, 27 Apr 2005 15:01:21 -0500 (CDT)
Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72)
	id ; Wed, 27 Apr 2005 14:59:48 -0500
Message-ID: 
From: Nakhjiri Madjid-MNAKHJI1 
To: "'Bernard Aboba'" , eap@frascone.com
Subject: FW: [eap] Re: EAP key binding discussion
X-Message-Flag: Follow up
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 14:59:45 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Sorry for the late response to this. I have written something up. It is more a problem statement than a solution proposal. Basically because I was not sure whether sending the AAA key to some place other than an authenticator is against EAP key management principals.
I am sending this in the following email.

Regards,

Madjid


>Instead both the peer and EAP/ AAA server calculate a
>AAA-BS key that is bound to that base station. The EAP server only pushes
>the AAA-BS key to that BS (NAS). The AAA key to AAA-BS key is
>straightforward if you know the BS ID, peer ID and other things, as long
>as you know AAA key, of course, so the peer and AAA server both can do
>it. The handshakes happen based AAA-BS rather than AAA-key. But now, the
>BSs cannot derive the session keys for other BSs.

You are describing something which I don't believe is included in any of
the existing proposals.  If this is something that you're interested in
pursuing, the best way to go about it is to write a complete proposal for
how it would work, and then analyze it to see if conforms to the security
criteria in RFC 4017.  This would make it possible for the proposal to be
included in the EAP Key Management Extensions draft.

However, please understand that this is not something that is likely to be
completed in the 802.16e timeframe.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 27 16:13:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25395
	for ; Wed, 27 Apr 2005 16:13:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 4363420527;
	Wed, 27 Apr 2005 16:13:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 4C6692048F;
	Wed, 27 Apr 2005 16:13:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5AB142048F
	for ; Wed, 27 Apr 2005 16:12:36 -0400 (EDT)
Received: from motgate6.mot.com (motgate6.mot.com [144.189.100.106])
	by mail.frascone.com (Postfix) with ESMTP id 3FDEB20448
	for ; Wed, 27 Apr 2005 16:12:31 -0400 (EDT)
Received: from il06exr02.mot.com (il06exr02.mot.com [129.188.137.132])
	by motgate6.mot.com (Motorola/Motgate6) with ESMTP id j3RKCUrB013491
	for ; Wed, 27 Apr 2005 13:12:30 -0700 (MST)
Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4])
	by il06exr02.mot.com (8.13.1/8.13.0) with ESMTP id j3RKF6F8018994
	for ; Wed, 27 Apr 2005 15:15:07 -0500 (CDT)
Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72)
	id ; Wed, 27 Apr 2005 15:12:29 -0500
Message-ID: 
From: Nakhjiri Madjid-MNAKHJI1 
To: "'Bernard Aboba'" ,
        Alper Yegin 
Cc: "'Bakshi, Sanjay'" , eap@frascone.com
Subject: RE: clarification.... (was RE: [eap] Re: IEEE 802.16e EAP usage m
	odes)
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 15:12:19 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Question: Are these liaison letters public?

Thanks

Madjid

We have recently received a liaison letter from Roger Marks, chair of
802.16, requesting review of 802.16e compatibility with RFC 3748 and the
Key Management Framework.  So that request was motivating some of my
questions.

It would appear that Sanjay's model is somewhat different from the 802.16e
model described in the liaison letter.  So yes, we should keep these
proposals separate.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 27 17:27:09 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09795
	for ; Wed, 27 Apr 2005 17:27:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 13A822052E;
	Wed, 27 Apr 2005 17:27:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A003D20508;
	Wed, 27 Apr 2005 17:27:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id DB6A720508
	for ; Wed, 27 Apr 2005 17:26:06 -0400 (EDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86])
	by mail.frascone.com (Postfix) with ESMTP id CFCCD2048F
	for ; Wed, 27 Apr 2005 17:26:03 -0400 (EDT)
Received: from sj-core-3.cisco.com (171.68.223.137)
  by sj-iport-4.cisco.com with ESMTP; 27 Apr 2005 14:26:03 -0700
Received: from gwzw2k01 (rtp-vpn2-181.cisco.com [10.82.240.181])
	by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j3RLPxb4023713;
	Wed, 27 Apr 2005 14:26:00 -0700 (PDT)
Message-Id: <200504272126.j3RLPxb4023713@sj-core-3.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: "'Bernard Aboba'" 
Cc: "'Blumenthal, Uri'" , ,
        , 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVK7az+B8gHtO7zTr+ZdPa5n+Z1wAAAjLUQ
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 14:25:53 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Bernard Aboba  supposedly scribbled:

>> "EAP server" is what "eap peer" and "aaa" share.
> 
> An EAP server can exist on the authenticator when there is  no AAA
> server present.  

I'd actually go a bit further and claim that the distinction between
the authenticator and the EAP "server" is one of convenience & that
they are logically the same entity.

> It is a distinct entity from the EAP peer.  It is
> not "shared" between the EAP peer and AAA server.  
> 
>> Oh and we _are_ talking EAPv2, right?
> 
> The only version of EAP that I'm familiar with is defined in RFC
3748.
> 
> Maybe this entire discussion has been about some *other* version
of
> EAP? 

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Wed Apr 27 17:47:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10801
	for ; Wed, 27 Apr 2005 17:47:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5C9622027F;
	Wed, 27 Apr 2005 17:47:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 561261FE3C;
	Wed, 27 Apr 2005 17:47:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 644301FE3C
	for ; Wed, 27 Apr 2005 17:46:56 -0400 (EDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87])
	by mail.frascone.com (Postfix) with ESMTP id 49C551FDEB
	for ; Wed, 27 Apr 2005 17:46:53 -0400 (EDT)
Received: from sj-core-4.cisco.com (171.68.223.138)
  by sj-iport-5.cisco.com with ESMTP; 27 Apr 2005 14:46:53 -0700
Received: from gwzw2k01 (rtp-vpn2-181.cisco.com [10.82.240.181])
	by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id j3RLkipR011477;
	Wed, 27 Apr 2005 14:46:45 -0700 (PDT)
Message-Id: <200504272146.j3RLkipR011477@sj-core-4.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: "'Blumenthal, Uri'" ,
        "'Bernard Aboba'" 
Cc: , , 
Subject: RE: [eap] RE: [Isms] RADIUS is not a trusted third party
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <3DEC199BD7489643817ECA151F7C5929010C816A@pysmsx401.amr.corp.intel.com>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVK7ACUotYD3bjETgycjROMFLjGYQAVrEWgAAsaRnA=
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 14:46:38 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Blumenthal, Uri  supposedly
scribbled:

>>> "EAP server" is what "eap peer" and "aaa" share.
>> 
>> An EAP server can exist on the authenticator when there is  no
AAA
>> server present.  It is a distinct entity from the EAP peer.  It
is
>> not "shared" between the EAP peer and AAA server.
> 
> In theory EAP server is a distinct entity and can be anywhere, in
> practice it's a part of AAA most of the time. Why are we arguing
> about this?  

I thought we were talking about architecture; and further,
discussing components which might or might not be utilized in that
architecture.  Maybe it's just me, but I think that it's a good idea
to understand how those components actually work (as opposed to how
we might wish or imagine they work, or the direction in which
marketeers might be pushing them).  If a building architect thought
that a brick was part of a girder, he would design a pretty strange
building and  misconceptions in networking can easily lead to
similar results.  For example, there was a recent thread on a
different list in which someone was worried about security problems
if a 4th party (!) was introduced into an EAP conversation.  There
are not 3 or 4 or 17 parties in an EAP exchange, there are exactly
2; there are also (logically) 2 parties in a RADIUS exchange, and
those sets are disjoint.

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From nitaigouranga@aol.com  Wed Apr 27 17:51:52 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA11123
	for ; Wed, 27 Apr 2005 17:51:52 -0400 (EDT)
Received: from host-222-246-27-217.pobox.net.uk ([217.27.246.222])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQueV-0003a9-4x
	for eap-archive@ietf.org; Wed, 27 Apr 2005 18:05:05 -0400
From: "Neateye" 
To: "Eap-archive" 
Subject: Gouranga
Date: Wed, 27 Apr 2005 22:51:44 +0100
Reply-To: "Neateye" 
Message-ID: <78220352.20050427225144@aol.com>
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
X-Mailer: EM: 4.51.0.770
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 2.2 (++)
X-Scan-Signature: 6d62ab47271805379d7172ee693a45db
Content-Transfer-Encoding: quoted-printable

Call out Gouranga be happy!!!
Gouranga Gouranga Gouranga ....
That which brings the highest happiness!!




From Phipps@whale-mail.com  Wed Apr 27 18:36:26 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA15901;
	Wed, 27 Apr 2005 18:36:26 -0400 (EDT)
Received: from c-24-14-217-122.hsd1.il.comcast.net ([24.14.217.122])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQvLe-0004u1-3S; Wed, 27 Apr 2005 18:49:39 -0400
Received: from schnappsjobs.com (bertie)
        by abramson (5.12.11/3.12.10) with ESMTP id j0NFIAQ7002206
        for ; Thu, 28 Apr 2005 01:26:50 +0200
Message-Id: <0.240402322.00b76d2c@pop.paonline.com>
Date: Thu, 28 Apr 2005 02:35:50 +0300
From: "C Golden Corporation" 
To: edu-team-web-archive@ietf.org
Cc: edu-team@ietf.org, eap-archive@ietf.org
Subject: Receive 3.6%
X-Sender: Phipps@whale-mail.com
X-Mailer: Mulberry/2.1.2 (Win32)
X-Spam-Score: 6.0 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d



Hello,

We tried contacting you awhile ago about your low interest morta(ge rate.

You have qualified for the lowest rate in years...

You could get over $380,000 for as little as $500 a month!

Ba(d credit? Doesn't matter, low rates are fixed no matter what!


To get a free, no obli,gation consultation click below:

http://www.herhelp.com/x/loan.php?id=3Dddd



Best Regards,

Goss Chauncey

to be remov(ed:    http://www.herhelp.com/x/st.html

this process takes one week, so please be patient. we do our 
best to take your email/s off but you have to fill out a rem/ove
or else you will continue to recieve email/s.



From dorko@mailAccount.com  Wed Apr 27 19:04:51 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA17483;
	Wed, 27 Apr 2005 19:04:50 -0400 (EDT)
Received: from 82-41-205-4.cable.ubr11.edin.blueyonder.co.uk ([82.41.205.4])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQvn8-0005Xf-VJ; Wed, 27 Apr 2005 19:18:04 -0400
Authentication-Results: neglect.es
  from=premium.shareholder.es; domainkeys=neutral (no sig)
X-Originating-IP: [120.199.38.160]
Received: from premium.geyser.es  (EHLO premium.chrysler.es) 
  by premium.s's.es with SMTP; Thu, 28 Apr 2005 02:58:45 +0300
Date: Thu, 28 Apr 2005 01:02:45 +0100
From: "Virgie Bautista" 
To: eamoby@ietf.org
Cc: eap-archive@ietf.org, eb-archive@ietf.org, eccmtmagma-admin@ietf.org,
        ediint-archive@ietf.org, edu-discuss@ietf.org,
        edu-discuss-admin@ietf.org, edu-discuss-web-archive@ietf.org,
        edu-team@ietf.org
Subject: Become a homeowner with low rates
Message-ID: <118841.4590.dorko@mailAccount.com>
X-Mailer: Kana Connect 6
X-Antivirus: avast! (VPS 0517-1, 04/26/2005), Outbound message
X-Antivirus-Status: Clean
X-Spam-Score: 2.6 (++)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.crazy-biz.net/sign.asp



 Best Regards,

 Bart Messer
 
 to be remov(ed:	http://www.crazy-biz.net/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From UrsulaDouglas@mysticalangelz.com  Wed Apr 27 19:21:44 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA18653
	for ; Wed, 27 Apr 2005 19:21:44 -0400 (EDT)
Received: from d220-237-198-80.dsl.nsw.optusnet.com.au ([220.237.198.80])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DQw3Q-00061Q-KN
	for eap-archive@ietf.org; Wed, 27 Apr 2005 19:34:57 -0400
Received: from TlI@localhost by uZ9.int (8.11.6/8.11.6); Thu, 28 Apr 2005 04:14:09 +0400
Message-ID: <0gtiVuYh0c0gb9wRX6RA@222center.com>
From: "Linda Pollock" 
Reply-To: "Linda Pollock" 
To: e3@ietf.org
Subject: Photoshop CS 8.0 $59.95 Systemworks
Date: Wed, 27 Apr 2005 21:13:09 -0300
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2
X-Sender: UrsulaDouglas@mysticalangelz.com
Content-Type: multipart/mixed;  boundary="--Gvl2w5OHfqpVH0SpN"
X-Spam-Score: 2.6 (++)
X-Scan-Signature: b148ead9c6581b10314b24a9438d3a5f

fTbY 

----Gvl2w5OHfqpVH0SpN
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable





x













  



  

    Opt-=
in Email Special Offer     unsubscribe 
    me
    
    
  
















  

    
    

      

        
        

          

            
            
            
            

              

                
                
                SEARCH
              

            

            		
            
            
          

        

        		
      

      

        
        

          

            
            

              

                
                 
                
                
                
                
              

            

            		
          

        

        		
      

    

    

    

      

        
        

          

            
            
            
            

              

                
                

                TOP 
                10 NEW TITLES

                		
              

            

            		
            
            
          

        

        		
      

      

        
        

          

            
            

              

                
                

                  

                    
                    

                     ON 
                    SALE NOW!

                    		
                  

                  

                     
                    1
                    
                    
                    Office Pro Editio=
n 2003
                  

                  

                     
                    2
                    
                    Wind=
ows XP Pro
                  

                  

                     
                    3
                    
                    
                    Adobe Creative Su=
ite 
                    Premium
                  

                  

                     
                    4
                    
                    
                    Systemworks Pro 2=
004 
                    Edition
                  

                  

                     
                    5
                    
                    
                    Flash MX 2004=

                  

                  

                     
                    6
                    
                    
                    Corel Painter 8
                  

                  

                     
                    7
                    
                    Adob=
e Acrobat 
                    6.0
                  

                  

                     
                    8
                    
                    
                    Windows 2003 Serv=
er
                  

                  

                     
                    9
                    
                    
                    Alias Maya 6.0 Wa=
vefront
                  

                  

                     
                    10
                    
                    
                    Adobe Premiere
                  

                  

                     
                    =

                    See more by this man=
ufacturer
                  

                  

                     
                     
                    
                    
                    Microsoft
                  

                  

                     
                     
                    
                    
                    Apple 
                    Software
                  

                  

                     
                    =

                    Customers also bough=
t
                  

                  

                     
                     
                    
                    
                    these other items=
..
                  

                

                		
              

            

            		
          

        

        		
      

    

    

    

    


    

    

    

    		
    Micr=
osoft Office Professional 
    Edition *2003*

    Microsoft
    

    

      

        Choose:
        
        

          

            
             
          

        

        		
      

    

    
    
    
    

      

        
        List Price:
        
        $899.00
      

      

        
        Price:
        
        $69.99
      

      

        
        You Save:
        
        $830.01 (92%)
      

    

    

    
    

    

    Availability: Available for INSTANT download!

    Coupon Code: ISe229

    Media: CD-ROM / Download

    

    System requ=
irements  
    |  Accessories  |&n=
bsp;
    Other Versions

    
Features: 
    
    
      
  • Analyze and manage business inf=
ormation using 
      Access databases 
    • 
      
  • Exchange data with other system=
s using enhanced 
      XML technology 
    • 
      
  • Control information sharing rul=
es with enhanced 
      IRM technology 
    • 
      
  • Easy-to-use wizards to create e=
-mail newsletters 
      and printed marketing materials 
    • 
      
  • More than 20 preformatted busin=
ess reports
      
    • 
    

    Sales Rank: #1

    Shipping: International/US or via instant downlo=
ad

    Date Coupon Expires: May 30th, 2005

    Average Customer Review:
    3D"5 
    Based on 1,768 reviews. Write a r=
eview.
    

    

    

      

        Microsoft Wind=
ows XP Professional 
        or Longhorn Edition

        Microso=
ft
        
        

          

            Choose:
            
            

              

                
                 
              

            

            		
          

        

        

        =

        

        

          

            
            List Price:
            
            $279.00
          

          

            
            Price:
            
            $49.99
          

          

            
            You Save:
            
            $229.01 
            (85%)
          

        

        

        

        

        Availability: Available for INSTANT download!

        Coupon Code: ISe229

        Media: CD-ROM / Download

        

        System =
requirements  
        |  Accessories =
 | 
        Other Versions

        

        
Features: 

        
    
          
  • Designed for businesses of a=
ll sizes
          
    • 
          
  • Manage digital pictures, mu=
sic, video, 
          DVDs, and more 
    • 
          
  • More security with the abil=
ity to encrypt 
          files and folders 
    • 
          
  • Built-in voice, video, and =
instant messaging 
          support 
    • 
          
  • Integration with Windows se=
rvers and 
          management solutions 
    • 
        

        
Sales Rank: #2

        Shipping: International/US or via instant do=
wnload

        Date Coupon Expires: May 30th, 2005

        Average Customer Review:
        3D"5 
        Based on 868 reviews. Write a=
 review.

        

        

          

            Adobe Crea=
tive Suite Premium

            Ado=
be
            

            

              

                Choose:
                
                

                  

                    
                    
                     =

                  

                

                		
              

            

            

            
            

            

              

                
                List Price:
                
                
                $1149.00
              

              

                
                Price:
                
                $99.99
                
              

              

                
                You Save:
                
                $849.01 
                (90%)
              

            

            

            
            

            Availability: Available for INSTANT download!

            Coupon Code: ISe229

            Media: CD-ROM / Download

            

            Sys=
tem requirements  
            |  Accessories&n=
bsp; 
            |  Other Versions

            

            
Features: <=
/font>

            
    
              
  • An integrated design en=
vironment 
              featuring the industry's foremost design tools 
              
  • In-depth tips, expert t=
ricks, and 
              comprehensive design resources 
    • 
              
  • Intuitive file finding,=
 smooth workflow, 
              and common interface and toolset 
    • 
              
  • Single installer--contr=
ol what you 
              install and when you install it 
    • 
              
  • Cross-media publishing-=
-create content 
              for both print and the Web
    • 
            

            
            
Sales Rank: #3

            Shipping: International/US or via instan=
t download

            Date Coupon Expires: May 30th, 2005

            Average Customer Review:
            3D"5 
            Based on 498 reviews. Wri=
te a 
            review. 

            

             		
              

            

            		
          

        

        		
      

    

    
    
  








----Gvl2w5OHfqpVH0SpN--


From UrsulaDouglas@mysticalangelz.com  Wed Apr 27 19:23:48 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA18812
	for ; Wed, 27 Apr 2005 19:23:47 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DQw5U-00064q-59
	for eap-archive@ietf.org; Wed, 27 Apr 2005 19:37:01 -0400
Received: from cpe-70-114-227-116.houston.res.rr.com ([70.114.227.116])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DQvsh-0001C2-SN
	for eap-archive@ietf.org; Wed, 27 Apr 2005 19:23:48 -0400
Received: from TlI@localhost by uZ9.int (8.11.6/8.11.6); Thu, 28 Apr 2005 04:14:09 +0400
Message-ID: <0gtiVuYh0c0gb9wRX6RA@222center.com>
From: "Linda Pollock" 
Reply-To: "Linda Pollock" 
To: e3@ietf.org
Subject: Photoshop CS 8.0 $59.95 Systemworks
Date: Wed, 27 Apr 2005 21:13:09 -0300
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2
X-Sender: UrsulaDouglas@mysticalangelz.com
Content-Type: multipart/mixed;  boundary="--Gvl2w5OHfqpVH0SpN"
X-Spam-Score: 0.3 (/)
X-Scan-Signature: b148ead9c6581b10314b24a9438d3a5f

fTbY 

----Gvl2w5OHfqpVH0SpN
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable





x













  



  

    Opt-=
in Email Special Offer     unsubscribe 
    me
    
    
  













  

    
    

      

        
        

          

            
            
            
            

              

                
                
                SEARCH
              

            

            		
            
            
          

        

        		
      

      

        
        

          

            
            

              

                
                 
                
                
                
                
              

            

            		
          

        

        		
      

    

    

    

      

        
        

          

            
            
            
            

              

                
                

                TOP 
                10 NEW TITLES

                		
              

            

            		
            
            
          

        

        		
      

      

        
        

          

            
            

              

                
                

                  

                    
                    

                     ON 
                    SALE NOW!

                    		
                  

                  

                     
                    1
                    
                    
                    Office Pro Editio=
n 2003
                  

                  

                     
                    2
                    
                    Wind=
ows XP Pro
                  

                  

                     
                    3
                    
                    
                    Adobe Creative Su=
ite 
                    Premium
                  

                  

                     
                    4
                    
                    
                    Systemworks Pro 2=
004 
                    Edition
                  

                  

                     
                    5
                    
                    
                    Flash MX 2004=

                  

                  

                     
                    6
                    
                    
                    Corel Painter 8
                  

                  

                     
                    7
                    
                    Adob=
e Acrobat 
                    6.0
                  

                  

                     
                    8
                    
                    
                    Windows 2003 Serv=
er
                  

                  

                     
                    9
                    
                    
                    Alias Maya 6.0 Wa=
vefront
                  

                  

                     
                    10
                    
                    
                    Adobe Premiere
                  

                  

                     
                    =

                    See more by this man=
ufacturer
                  

                  

                     
                     
                    
                    
                    Microsoft
                  

                  

                     
                     
                    
                    
                    Apple 
                    Software
                  

                  

                     
                    =

                    Customers also bough=
t
                  

                  

                     
                     
                    
                    
                    these other items=
..
                  

                

                		
              

            

            		
          

        

        		
      

    

    

    

    


    

    

    

    		
    Micr=
osoft Office Professional 
    Edition *2003*

    Microsoft
    

    

      

        Choose:
        
        

          

            
             
          

        

        		
      

    

    
    
    
    

      

        
        List Price:
        
        $899.00
      

      

        
        Price:
        
        $69.99
      

      

        
        You Save:
        
        $830.01 (92%)
      

    

    

    
    

    

    Availability: Available for INSTANT download!

    Coupon Code: ISe229

    Media: CD-ROM / Download

    

    System requ=
irements  
    |  Accessories  |&n=
bsp;
    Other Versions

    
Features: 
    
    
      
  • Analyze and manage business inf=
ormation using 
      Access databases 
    • 
      
  • Exchange data with other system=
s using enhanced 
      XML technology 
    • 
      
  • Control information sharing rul=
es with enhanced 
      IRM technology 
    • 
      
  • Easy-to-use wizards to create e=
-mail newsletters 
      and printed marketing materials 
    • 
      
  • More than 20 preformatted busin=
ess reports
      
    • 
    

    Sales Rank: #1

    Shipping: International/US or via instant downlo=
ad

    Date Coupon Expires: May 30th, 2005

    Average Customer Review:
    3D"5 
    Based on 1,768 reviews. Write a r=
eview.
    

    

    

      

        Microsoft Wind=
ows XP Professional 
        or Longhorn Edition

        Microso=
ft
        
        

          

            Choose:
            
            

              

                
                 
              

            

            		
          

        

        

        =

        

        

          

            
            List Price:
            
            $279.00
          

          

            
            Price:
            
            $49.99
          

          

            
            You Save:
            
            $229.01 
            (85%)
          

        

        

        

        

        Availability: Available for INSTANT download!

        Coupon Code: ISe229

        Media: CD-ROM / Download

        

        System =
requirements  
        |  Accessories =
 | 
        Other Versions

        

        
Features: 

        
    
          
  • Designed for businesses of a=
ll sizes
          
    • 
          
  • Manage digital pictures, mu=
sic, video, 
          DVDs, and more 
    • 
          
  • More security with the abil=
ity to encrypt 
          files and folders 
    • 
          
  • Built-in voice, video, and =
instant messaging 
          support 
    • 
          
  • Integration with Windows se=
rvers and 
          management solutions 
    • 
        

        
Sales Rank: #2

        Shipping: International/US or via instant do=
wnload

        Date Coupon Expires: May 30th, 2005

        Average Customer Review:
        3D"5 
        Based on 868 reviews. Write a=
 review.

        

        

          

            Adobe Crea=
tive Suite Premium

            Ado=
be
            

            

              

                Choose:
                
                

                  

                    
                    
                     =

                  

                

                		
              

            

            

            
            

            

              

                
                List Price:
                
                
                $1149.00
              

              

                
                Price:
                
                $99.99
                
              

              

                
                You Save:
                
                $849.01 
                (90%)
              

            

            

            
            

            Availability: Available for INSTANT download!

            Coupon Code: ISe229

            Media: CD-ROM / Download

            

            Sys=
tem requirements  
            |  Accessories&n=
bsp; 
            |  Other Versions

            

            
Features: <=
/font>

            
    
              
  • An integrated design en=
vironment 
              featuring the industry's foremost design tools 
              
  • In-depth tips, expert t=
ricks, and 
              comprehensive design resources 
    • 
              
  • Intuitive file finding,=
 smooth workflow, 
              and common interface and toolset 
    • 
              
  • Single installer--contr=
ol what you 
              install and when you install it 
    • 
              
  • Cross-media publishing-=
-create content 
              for both print and the Web
    • 
            

            
            
Sales Rank: #3

            Shipping: International/US or via instan=
t download

            Date Coupon Expires: May 30th, 2005

            Average Customer Review:
            3D"5 
            Based on 498 reviews. Wri=
te a 
            review. 

            

             		
              

            

            		
          

        

        		
      

    

    
    
  








----Gvl2w5OHfqpVH0SpN--


From eap-admin@frascone.com  Wed Apr 27 21:44:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA28943
	for ; Wed, 27 Apr 2005 21:44:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 915AA20434;
	Wed, 27 Apr 2005 21:44:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 357182041D;
	Wed, 27 Apr 2005 21:44:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 4F0372041D
	for ; Wed, 27 Apr 2005 21:43:27 -0400 (EDT)
Received: from motgate4.mot.com (motgate4.mot.com [144.189.100.102])
	by mail.frascone.com (Postfix) with ESMTP id 3767D2027C
	for ; Wed, 27 Apr 2005 21:43:20 -0400 (EDT)
Received: from az33exr01.mot.com (az33exr01.mot.com [10.64.251.231])
	by motgate4.mot.com (8.12.11/Motgate4) with ESMTP id j3S1mgXb024060
	for ; Wed, 27 Apr 2005 18:48:46 -0700 (MST)
Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4])
	by az33exr01.mot.com (8.13.1/8.13.0) with ESMTP id j3S1jmug003113
	for ; Wed, 27 Apr 2005 20:45:48 -0500 (CDT)
Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72)
	id ; Wed, 27 Apr 2005 20:43:14 -0500
Message-ID: 
From: Nakhjiri Madjid-MNAKHJI1 
To: Nakhjiri Madjid-MNAKHJI1 ,
        "'Bernard Aboba'" , eap@frascone.com
Subject: RE: [eap] Re: EAP key binding discussion
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 20:43:03 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Ok, I did sent an email about this, but it was too long and got clogged for approval. Here is a short version.

Basically the problem is how to use EAP key management framework to support handovers. In the current spec, after EAP is done, a AAA key is established between the peer and the AAA server and is pushed from the AAA server to the authenticator, so that the peer and authenticator can do a secure association protocol (say a 4-way exchange) to establish short term session keys.
Now if you want to support handovers, this would mean the peer now has to establish session keys with a new authenticator. If you want to make handover fast, you should not require a full EAP authentication, but should be able to use the same AAA key to derive session keys between the peer and new authenticator. To prevent domino effects and other attacks, it would make sense to not send the same AAA key to each and every authenticator. 

EAP keying draft 05 had a section describing derivation of per-authenticator AAA keys (lets call them AAABS key, BS for wireless base station). Say for simplicity this is how you derive the key for BS A and BS B.

AAABS-Key-A = prf(AAA key,"Per BS key derivation", BS-A-Id, Peer-Id,length)
AAABS-Key-B = prf(AAA key,"Per BS key derivation", BS-B-Id, Peer-Id,length)

This would allow hiding of AAA key from the BS, but would mean now we are sending AAABS-key to each authenticator. This seems to violate the EAP key management assumption of sending the AAA key to authenticator. Furthermore, the problem is that each base station would still have to get its key from the AAA server (too slow for handover).

Several alternatives to solve this problem have been suggested, including an EAP proxy by Sanjay:  So that the authenticator is placed between the BS and the AAA server and receives the AAA key, generates the AAABS key for each BS. Given that folks think there may be a bunch of binding problems with the EAP proxy approach and you need to find a protocol to run EAP over between BS and Authenticator, I am wondering if the following is acceptable:

What if we keep the 3-party model with each BS still acting as NAS, but when the EAP authentication is done, the AAA server sends the AAA key to another entity (such as local key distribution center, LKDC) instead.
 EAP peer                   BS/Authen        AAA server       	     LKDC
   --------                -------------   ------------               ------ 
    |                           |                  |                       |
    |<------------------------->|<---------------->|                       |
    |   EAP auth (phase 1a)     | AAA pass-thru    | --------------------->|                      
    |                           |                  | AAA-Key transport     |
    |                           | ---------------------------------------->|
    |                           |                  | AAABS-Key A request   |
    |                           | <----------------------------------------|
    |<------------------------->|         AAABS-key-A trans                |
    |  Secure assoc. protocol   |                  |                       |
    | (including a nonce exch.) |                  |                       |
    |                           |                  |                       |

To deal with RADIUS problems: The NAS can send the address for the LKDC to the AAA server during the initial EAP signaling and once the EAP success is received sends a message to the LKDC. The LKDC sends a access request to AAA server to receive the AAA key. 
LKDC would then be responsible to distribute AAABS key during handover or proactively to all BSs with a neighbor set.

Does this sound crazy?

Thanks in advance for comments.

Madjid


-----Original Message-----
From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On Behalf Of Nakhjiri Madjid-MNAKHJI1
Sent: Wednesday, April 27, 2005 3:00 PM
To: 'Bernard Aboba'; eap@frascone.com
Subject: FW: [eap] Re: EAP key binding discussion

Sorry for the late response to this. I have written something up. It is more a problem statement than a solution proposal. Basically because I was not sure whether sending the AAA key to some place other than an authenticator is against EAP key management principals.
I am sending this in the following email.

Regards,

Madjid


>Instead both the peer and EAP/ AAA server calculate a
>AAA-BS key that is bound to that base station. The EAP server only pushes
>the AAA-BS key to that BS (NAS). The AAA key to AAA-BS key is
>straightforward if you know the BS ID, peer ID and other things, as long
>as you know AAA key, of course, so the peer and AAA server both can do
>it. The handshakes happen based AAA-BS rather than AAA-key. But now, the
>BSs cannot derive the session keys for other BSs.

You are describing something which I don't believe is included in any of
the existing proposals.  If this is something that you're interested in
pursuing, the best way to go about it is to write a complete proposal for
how it would work, and then analyze it to see if conforms to the security
criteria in RFC 4017.  This would make it possible for the proposal to be
included in the EAP Key Management Extensions draft.

However, please understand that this is not something that is likely to be
completed in the 802.16e timeframe.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From fixcomputer@126.com  Wed Apr 27 22:44:35 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA03099
	for ; Wed, 27 Apr 2005 22:44:35 -0400 (EDT)
Message-Id: <200504280244.WAA03099@ietf.org>
Received: from [219.133.225.188] (helo=126.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DQzDp-00031t-30
	for eap-archive@ietf.org; Wed, 27 Apr 2005 22:57:49 -0400
From: =?GB2312?B?ye7b2si6waa/xry8?= 
Subject: =?GB2312?B?v+zL2deo0rXJz8PFzqzQ3rXnxNQ=?=
To: eap-archive@ietf.org
Content-Type: text/html;charset="GB2312"
Content-Transfer-Encoding: 8bit
Date: Thu, 28 Apr 2005 10:44:34 +0800
X-Priority: 2
X-Mailer: Foxmail 4.2 [cn]
X-Spam-Score: 10.4 (++++++++++)
X-Spam-Flag: YES
X-NONENGLISH: Subject contains non-English characters
X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da
Content-Transfer-Encoding: 8bit


ÎÞ±êÌâÎĵµ






 





  
  

    
      

        
        

          

      

        
        

          
                ³¬µÍ¼Û**Ç©Ô¼°üÔÂ**¿ìËÙרҵÉÏÃÅάÐÞµçÄÔ

                       ÉÁµç°²×°ÐÂϵͳ  30·ÖÖÓ¾ÍOK  ÉúÒâÈ˵ÄÊ×Ñ¡


                   (1)µçÄÔ×é×°¼°Ó²¼þÏúÊÛÓëά»¤
       (2)¿ìËÙ°²×°¸÷ÖÖ·±¡¢¼òÌå²Ù×÷ϵͳ(Win98(ME)¡¢WinXP¡¢Win2000) 
            
       (3)Åųý¸÷ÖÖ³£¼ûµÄ¹ÊÕÏ¡¢Ó²ÅÌÊý¾Ý»Ö¸´
       (4)°²×°¸÷ÖÖ³£Óð칫¡¢¹¤¾ß
Èí¼þ(°²×°ÐÂϵ
ͳÃâ·Ñ)
       (5)°²×°ÏúÊÛÕý°æɱ¶¾Èí¼þ¡¢ËÑË÷¡¢Èº·¢EmailÈí¼þ
       (6)¾ÖÓòÍø¡¢¹ã
ÓòÍø¹²Ïí

       (7)ÍøÂçϵͳ²¼ÏßÉè¼Æ¼°Ó¦ÓÃ
       (8)¼ÆËã»ú²¡¶¾·ÀÖμ°·À»ðǽÉèÖÃ

       (9)¿ìËÙ½â¾öADSL¡¢ÌìÍþ¡¢Íøͨһ¸öÕʺŶà»úͬʱÉÏÍø
       (10)רҵ×齨ÓÐÅÌ¡¢ÎÞÅÌÍø
°É¹¤³Ì
            
       * ×¨Òµ×齨ÓÐÅÌÍø°É¹¤³Ì£º

           

1¡¢µçÄÔ×é×° 
2¡¢°²×°²Ù×÷ϵͳ 
3¡¢°²×°¸÷ÖÖ×îÐÂÍøÂç¡¢±¾µØÓÎÏ·

           
4¡¢×îо«²ÊµçÓ°´óƬ¡¢MP3ÒôÀÖ  
5¡¢ÍòÏó¡¢ÃÀƼÖÇÄÜ»¯ÊÕ·Ñϵͳ
           
6¡¢°²×°ÖÇÄÜ»¯»¹Ô­¾«Áé  
7¡¢ÍøÂç²¼Ïß¡¢ÍøÂç×ÊÔ´¹²Ïí

            
       * µçÄÔά»¤¡¢µçÄÔ×é×°¡¢ÍøÂ繤³Ì *

            
       * ÈÈÁÒ»¶Ó­µ¥Î»»ò¸öÈËÇ©Ô¼°üÔ *

            
       * ÈȳϵķþÎñ£¬È«ÐÄÈ«ÒâȫΪÁËÄú *

            
       ÉîÛÚȺÁ¦¿Æ¼¼ÓÐÏÞ¹«Ë¾
       ÁªÏµÈË£ºÕÅ  ·æ

       ÁªÏµµç»°£º13714661862»ò0755-88363633
       QQ£º282079259   
            2441630
       E-mail:168it@126.com       


      

        
        

          



From PIAFR@go.com  Thu Apr 28 00:36:32 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA12063;
	Thu, 28 Apr 2005 00:36:31 -0400 (EDT)
Received: from host-75-119-220-24.midco.net ([24.220.119.75])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DR0y6-0005sM-RO; Thu, 28 Apr 2005 00:49:43 -0400
X-Message-Info: XAILOeYE375emESStXze386KCXpys3+GSehdh0rtgGKTKOV
Received: from xnssg637.bright.net (86.76.12.232) by ev0-rmr187.bright.net with Microsoft SMTPSVC(5.0.2195.6824);
	 Wed, 27 Apr 2005 22:26:29 -0700
Received: from Armandey888va24zoj7mk (8.64.210.232) by smajhogmwpib25.bright.net
          (InterMail vM.5.01.06.05 321-799-857-877-799-90499) with SMTP
          id <480920187955.QNMV71.ohpsrh24931.bright.net@smithsoniansdv72ak422gjf4r>
          for <2003-5-30152148.i-d@ietf.org>; Wed, 27 Apr 2005 22:35:29 -0700
Message-ID: <0546dni1ya837$42935$b68k313@Armandn977x993nbs385ei>
From: "Fredric Werner" 
To: <2003-5-30152148.i-d@ietf.org>
Subject: The exttender-now in the net wistful
Date: Thu, 28 Apr 2005 07:27:29 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--uwzp5694544680gytfwjfhx"
X-Spam-Score: 12.0 (++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2

----uwzp5694544680gytfwjfhx
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit

Hello and welcome to our site :) 
Our site presents a non-surgical device that can and will help you
gain more inches to your willy. The device is maybe
one of the only devices in the world that are easy
to use, effective and do not require surgical nor p1lls.
You can enter now. 
A lot of men used it before, you can do it now also!

exxtand your tool now!
http://refrigerate.g3r.net/e/erika/embraceable.htm  


those in possession of absolute power can not only prophesy and make their prophecies come true but they can also lie and make their lies come true eric hoffer.
it is no longer good enough to cry peace we must act peace live peace and live in peace shenandoah.
an attractive single movement work requiring facile technique and a secure high register up to high d this looks like excellent recital materia - worth taking a serious look at aj.
a monumental granite fountain by jesus bautista moroles is on permanent display in the sculpture garden as well as limestone benches by sculptor michael manjarris.
jobelle heheheh apol masyadong babae tong blog mo ehehehe nakakatamad basahin eh next tym na lang papayat ka na ha.
diganme como puedo construir una antena para captar varios canales de tv tambien para captar canales codificados.
thank you for choosing.
the land of drought and storm death and fertility bleakness and blooming e mpire and ruin stories and diplomacy.
this sounds very interesting! we think it is important for self advocates to be in there at the beginning of projects.
that s like trying to overninja a ninja when you aren t a mammal can t be done - kassi on doublecrossing ljube-ljcvetko.
work titled quot methan quot it s absoulutly gorgous i happen to be a member of a.
but solorzano found a perfect fit when he placed the brow against a model of the old world s tautavel man - member of a species homo erectus that many believe was an ancestor of modern homo sapiens.
the peruvian government has presented ambitious plans to turn the stone fortress of kuelap a remote pre-inca site in northern peru into one of the country s main tourism attractions.


----uwzp5694544680gytfwjfhx--



From eap-admin@frascone.com  Thu Apr 28 00:50:12 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA14658
	for ; Thu, 28 Apr 2005 00:50:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 9F284205B4;
	Thu, 28 Apr 2005 00:50:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 3DF26204B9;
	Thu, 28 Apr 2005 00:50:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B04F520508
	for ; Thu, 28 Apr 2005 00:49:57 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id B2044204B9
	for ; Thu, 28 Apr 2005 00:49:53 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DR0yE-000LOy-IR; Thu, 28 Apr 2005 00:49:50 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3S4nmq26508;
	Wed, 27 Apr 2005 21:49:49 -0700
From: Bernard Aboba 
To: Nakhjiri Madjid-MNAKHJI1 
Cc: eap@frascone.com
Subject: Re: FW: [eap] Re: EAP key binding discussion
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 21:49:48 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> Sorry for the late response to this. I have written something up. It is
> more a problem statement than a solution proposal. Basically because I
> was not sure whether sending the AAA key to some place other than an
> authenticator is against EAP key management principals.

The Housley Criteria are described in RFC 4017 as well as the EAP Key
Management framework.

In particular, I would pay attention to the "Confidentiality" condition
(which prohibits disclosure of keys to parties outside the peer, server
and authenticator), the "mutual authentication" condition which requires
mutual authentication between all parties, and the "domino effect"
condition which prevents compromise of one party from affecting other
parties.

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 01:27:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA16602
	for ; Thu, 28 Apr 2005 01:27:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 82849205E9;
	Thu, 28 Apr 2005 01:27:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 372A220539;
	Thu, 28 Apr 2005 01:27:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id D775420539
	for ; Thu, 28 Apr 2005 01:26:07 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 11FC520508
	for ; Thu, 28 Apr 2005 01:26:05 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DR1XI-0003mc-TD; Thu, 28 Apr 2005 01:26:05 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3S5Q3E28688;
	Wed, 27 Apr 2005 22:26:03 -0700
From: Bernard Aboba 
To: Nakhjiri Madjid-MNAKHJI1 
Cc: eap@frascone.com
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Re: EAP key management support for handover??
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 22:26:03 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> To prevent the domino effect, prior EAP key management specifications [EAPKEY5] suggested
>a procedure by which the AAA-key can be bound to each of the
> authenticators:

The formula described here is quite different from what was in the -05
draft.  The formula in the -05 draft did not depend on the MSK, only on
AMSK derived from the EMSK, which is not transported from the AAA server.

Deriving keys from the AMSK formula not only enables cryptographic
separation, but it addresses the domino effect as well since the EMSK
never leaves the peer or server on which it is derived.

> *   Since only the EAP/AAA server is aware of MSK and EMSK,

The MSK and EMSK are derived on both the EAP peer and server.  In
conventional EAP authentication the MSK is sent to the authenticator in
the AAA-Key.  So wouldn't the MSK be known by the peer, server and
authenticator; and the EMSK by the peer and server?

>the AAABS-Key-X (the key to authenticator X) must be calculated by the
>AAA server and needs either be pushed to a number of authenticators
>(possibly a neighbor set) proactively or as part of a request/ response
>procedure in conjunction with each handover.

These two alternatives correspond to existing proposals - proactive keying
and key request.  As I understand it, both of these proposals can use the
existing AMSK derivation.  Why is an alternative formula required?

>The former is not practical with RADIUS implementations
>and possibly requires the AAA server to be aware of mobility patterns or
>network edge topology, while the latter inserts the AAABS-Key-X
>installation on the timing critical path for handover and requires
>a busy AAA server to be involved in every handover.

I'd suggest that more careful evaluation is required to justify these
conclusions.  The reality is that mobility patterns can vary considerably
depending on the scenario, and there are probably scenarios in which each
of the above techiques will work fine.  For example, it matters a lot if
the mobile station is revisiting the same group of authenticators (e.g.
personnel in a building) versus constantly encountering new authenticators
(wireless-enabled part on an assembly line, or car on a highway).
The implication is that evaluation of these techniques probably requires
detailed usage scenarios and simulations.

RFC 3576 is being implemented and will presumably be
deployed, so that RADIUS server initiated exchanges are feasible.
AAA server knowledge of mobility patterns is also probably feasible for
local authentication.  Where this approach becomes more suspect is when
roaming is involved.  It may not be reasonable for a RADIUS server to
have a-priori knowledge of the topology of the access networks of all
potential roaming partners.

I am not clear that AAA server involvement is really a showstopper for the
"Key Request" approach.  Today's AAA servers can handle enormous loads
at modest cost.  Think about how many authentications/second a box
with four 64-bit processors can handle.

The "Key Request" approach does seem feasible for use in
roaming situations, but in terms of scaling it has some of the same
potential drawbacks as pre-authentication: load will scale with the number
of potential roaming candidates and the key lifetime.

If the mobility patterns cause a station to revisit the same
authenticators, and the key lifetime is suitably long, a "Key Request"
will not be required for each attachment.  Whereas if a station is
constantly encountering new authenticators or key lifetime is short, it is
possible that more than one "Key Request" could be needed for each
successful handoff.

> *    In many deployments, access points or base stations are light weight and AAA-incapable

I think the point is not that light weight APs are incapable of handling
AAA (they generally are quite capable in that regard) but that there are
advantages to multi-port authenticators.  One of these advantages is
sharing of the key cache.  This enables the peer to change the point of
attachment without changing the authenticator.  Existing WLAN switches
take advantage of this (this is known as "optimistic PMK caching" within
WPA2).  The existing EAP key hierarchy already handles this, and Channel
Bindings (see RFC 3748, Section 7.15) can take care of ensuring that the
NAS-Identifier is synch'd between peer, server and authenticator,
providing that the authenticator advertises it and securely confirms it
with the peer in the Secure Association Protocol.

>Another main flaw is that the peer must first initiate contact the base
>station, to become aware of the authenticator identity and the AAA server
>is only aware of the authenticator identity rather than BS identity.

In 802.11, the NAS-ID can be advertised in the Beacon as well as sent
in a Probe-Response.  Does 802.16 not support Beaconing?

>The AAA server does not have any control over how the AAA key X is
>generated from the AAA key, or how AAABS-key-X is cached or used.

I don't think this is necessarily the case.  For example, the key
management framework talks about "key usage restrictions" that can be sent
along with the AAA-Key.

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 01:27:25 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA16636
	for ; Thu, 28 Apr 2005 01:27:25 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 1D058205FC;
	Thu, 28 Apr 2005 01:27:23 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 7B1EE205FA;
	Thu, 28 Apr 2005 01:27:19 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 08D6F20539
	for ; Thu, 28 Apr 2005 01:26:40 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 6D7EF20508
	for ; Thu, 28 Apr 2005 01:26:39 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DR1Xq-0003sp-Lc; Thu, 28 Apr 2005 01:26:38 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3S5Qaj28744;
	Wed, 27 Apr 2005 22:26:36 -0700
From: Bernard Aboba 
To: Nakhjiri Madjid-MNAKHJI1 
Cc: Alper Yegin ,
        "'Bakshi, Sanjay'" , eap@frascone.com
Subject: RE: clarification.... (was RE: [eap] Re: IEEE 802.16e EAP usage m
 odes)
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Wed, 27 Apr 2005 22:26:36 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> Question: Are these liaison letters public?

Yes.  See:
http://www.drizzle.com/~aboba/IEEE/#liaison


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From zenana@mailAccount.com  Thu Apr 28 04:08:17 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA20396;
	Thu, 28 Apr 2005 04:08:17 -0400 (EDT)
Received: from [84.90.7.69] (helo=132.151.6.1)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DR4H7-0006FC-2O; Thu, 28 Apr 2005 04:21:33 -0400
X-Apparently-To: dvsqhmanet@ietf.org
X-Sieve: CMU Sieve 2.2
Received: from silly.closeup.pochta.ru ([unix socket])
         by accent.celebrate.pochta.ru (Cyrus v2.2.7) with LMTPA;
         Thu, 28 Apr 2005 12:06:44 +0300
Date: Thu, 28 Apr 2005 13:01:44 +0400
From: "Donald Mcguire" 
Message-Id: 
X-Accept-Language: en,zh-TW,zh-CN,zh,ja,ko,tr,ru
To: dvsqhmanet@ietf.org
Cc: dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org,
        eamoby@ietf.org, eap-archive@ietf.org, eb-archive@ietf.org,
        eccmtmagma-admin@ietf.org, ediint-archive@ietf.org,
        edu-discuss@ietf.org, edu-discuss-admin@ietf.org,
        edu-discuss-web-archive@ietf.org, edu-team@ietf.org,
        edu-team-admin@ietf.org, edu-team-bounces@ietf.org,
        edu-team-web-archive@ietf.org
Subject: Become a homeowner with low rates
X-Mailer: Forte Agent 1.91/32.564
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a


Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.crazy-biz.net/sign.asp



 Best Regards,

 Vance Grubbs
 
 to be remov(ed:	http://www.crazy-biz.net/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From KeenaMikko@javaji.com  Thu Apr 28 05:15:24 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA26231
	for ; Thu, 28 Apr 2005 05:15:23 -0400 (EDT)
Message-Id: <200504280915.FAA26231@ietf.org>
Received: from [203.210.222.8] (helo=javaji.com)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DR5K1-0000i0-Ly
	for eap-archive@ietf.org; Thu, 28 Apr 2005 05:28:41 -0400
From: "Mikko Keenan" 
To: "Nicolette Milam" 
Subject: Re: Viagrra Va11ium CIALlS
Date: Thu, 28 Apr 2005 05:15:13 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0008_01C54A95.4270B7B1"
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 6.1 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C54A95.4270B7B1
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello, 

This joyous confidence of his was his first misfortune.  The next
he held, M. de Rivarol took over the responsibilities of that pos
themselves upon the chain of one of those grapnels, neglecting
before ordering him to the gallows.  The gentleman is my Lord Gil
present pass.
the sale at the Secretary's office, so that he might obtain the
such was the damage she, herself, sustained, that presently,
Upon this errand - Governor Steed's condition not permitting him 
M. de Cussy was distressed.  He had his instructions.  It was tak
those resolute, fierce-eyed fellows, then it came to rest again o

bear away to the west.  The Spaniards watched them, intrigued.
He cut short their greetings, and when they plagued him with ques
And meanwhile in the Caribbean, the Spanish Admiral Don Miguel de
Rivarol!


Have a nice day.
------=_NextPart_000_0008_01C54A95.4270B7B1
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable









 


Hello , =
Please Visit
PharmaccyByMAlL STORE =
and Save up T0   7 0 %.


 





  
  

    Vi
    
    ra Am
    
    en Ci
    
    is Le
    
    tra,
     And
    
  

    ag
    bi
    al
    vi
     many other!


 


Try us and you will NOOT BE DlSAPPOlNTED!


 


Have a nice =
day.


------=_NextPart_000_0008_01C54A95.4270B7B1--



From apache@dish11.net.ibizdns.com  Thu Apr 28 07:48:22 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06899
	for ; Thu, 28 Apr 2005 07:48:22 -0400 (EDT)
Received: from smtp02.aspadmin.com ([66.240.201.10])
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DR7i3-0006nS-9b
	for eap-archive@ietf.org; Thu, 28 Apr 2005 08:01:40 -0400
Received: from dish11.net.ibizdns.com (dish11.net.ibizdns.com [209.126.134.190])
	by smtp02.aspadmin.com (Postfix) with ESMTP
	id 21BF45DD30; Thu, 28 Apr 2005 04:46:06 -0700 (PDT)
Received: from dish11.net.ibizdns.com (localhost [127.0.0.1])
	by dish11.net.ibizdns.com (8.12.11/8.12.11) with ESMTP id j3SBjuQp019394
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 28 Apr 2005 04:45:57 -0700
Received: (from apache@localhost)
	by dish11.net.ibizdns.com (8.12.11/8.12.11/Submit) id j3SBjKd9019379;
	Thu, 28 Apr 2005 04:45:20 -0700
Date: Thu, 28 Apr 2005 04:45:20 -0700
Message-Id: <200504281145.j3SBjKd9019379@dish11.net.ibizdns.com>
Subject: >>PRIZE-AWARD-NOTIFICATION<<
From: MRS MARY JONES 
X-Priority: 1 (Highest)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: RLSP Mailer
X-Spam-Score: 6.7 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa
Content-Transfer-Encoding: 7bit


FROM: THE DESK OF THE E-MAIL PROMOTIONS MANAGER,
INTERNATIONAL PROMOTIONS/PRIZE AWARD DEPARTMENT
MICROSOFT WORD LOTTERY,UK
3b Olympic Way, Sefton Business Park,
Aintree, Liverpool , L30 1RD
 
REF NO: MSW-L/200-26937
BATCH: 2005MJL-01

ELECTRONIC MAIL AWARD WINNING NOTIFICATION

 We are pleased to inform you of the announcement today of winners of the MSW MEGA JACKPOT LOTTO WINNINGS PROGRAMS held on 11th March,2005.

 Your company or your personal e-mail address, is attached to winning number 20-28JAN-2005-02MSW, with serial number S/N-00168 drew the lucky numbers 887-13-865-37-10-83, and consequently won in the first lottery category. 

 You have therefore been approved for a lump sum pay out of GBP 1,400,000.00 POUNDS in cash credited to file REF NO: MSW-L/200-26937 This is from total prize money of GBP 7,000,000.00 POUNDS, shared among the Twenty (5) international winners in this category.

 All participants were selected through our microsoft computer ballot system drawn form 21,000 names,3,000 names from each continent, as part of International "E-MAIL" Promotions Program, which is conducted annually for our prominent MS WORD user all over the world, and for the continues use of E-mail. We are sorry to let you know that our site is still under construction, as we are updating our site.
 
 Your fund has been deposited in an escrow account and insured with your REF NO: MSW-L/200-26937 and your E-mail address, Please note that, you are to contact us via email and not phone as we are promoting the use of E-mail, any communications with this office should be by mail, You have the right to call the bank, as we will provide you with the necessary details on how to claim your prize. You are to keep your ref. number and batch number from the public, until you have been processed and your money remitted to your account.

 This is part of our security protocol to avoid double claiming and the act of scamming people of their ref number and prizes. We hope with a part of your prize, you will participate in our year high stakes US$1.3 billion International Lottery.

 To claim your winning prize, you must first contact the claims department by email for processing and remittance of your prize money to you. The claims officer contact email is:

Name: Kelvin Richmond
E-mail: maryjones_msalert@excite.com

 Remember, all prize money must be claimed not later than the 13th of MAY, 2005. All funds not claimed on or before the fixed date will be penalised accordingly.

 NOTE: In order to avoid unnecessary delays and complications, please remember to quote your reference and batch numbers in all correspondences with your claims officer. Any winner below the age of 18years is automatically disqualified 

Sincerely,

Mrs. Mary Jones
For MS WORD LOTTO UK;

NOTE: Do not reply this mail. You are to contact your claims officer immediately.

SPONSORS:
CHIEF SPONSOR;
 MICROSOFT CO-OPERATIONS UK, MICROSOFT CO-OPERATIONS ASIA MICROSOFT  CO-OPERATIONS USA 

___________________________________________________________________________



From eap-admin@frascone.com  Thu Apr 28 08:09:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA08522
	for ; Thu, 28 Apr 2005 08:09:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id D4D8B20716;
	Thu, 28 Apr 2005 08:09:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 4602D2070F;
	Thu, 28 Apr 2005 08:09:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id F18E42070F
	for ; Thu, 28 Apr 2005 08:08:13 -0400 (EDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130])
	by mail.frascone.com (Postfix) with ESMTP id F13A220709
	for ; Thu, 28 Apr 2005 08:08:11 -0400 (EDT)
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130])
	by p130.piuha.net (Postfix) with ESMTP id EE4698985D;
	Thu, 28 Apr 2005 15:08:09 +0300 (EEST)
Message-ID: <4270D22D.70802@piuha.net>
From: Jari Arkko 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: c.kalbfleisch@comcast.net
Cc: Bernard Aboba , eap@frascone.com
Subject: Re: [eap] Re: EAP MIB
References: <20050420160002.1793.71238.Mailman@xavier> 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 15:08:13 +0300
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

This would indeed be desirable. Perhaps a bit smaller priority
though than getting the key management document(s) completed,
or getting to a better situation with EAP methods. But I've
found that for some reason its typically slightly different set
of people who work on MIBs than who work on other things, so
it seems likely that we could progress on both, assuming there
is someone who is interested to work on the MIB. Are you Carl
volunteering?

--Jari

Bernard Aboba wrote:

>>Has there been any work or consideration given to a MIB for EAP? If so, what is the status of this work?
>>
>>Thanks,
>>Carl
>>    
>>
>
>IEEE 802.1X-2001 originally included EAP objects in the MIB, but when
>802.1X was disentangled from EAP in IEEE 802.1X-2004 those objects were
>removed. At the time, it was suggested that an EAP MIB be developed.
>However, there was insufficient interest to proceed.
>
>Proposed Standards are supposed to have a MIB, so if there is interest
>(and volunteers to work on it) this is something the WG could probably
>take up.
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>
>
>  
>

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 08:23:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA09273
	for ; Thu, 28 Apr 2005 08:23:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BA18E20715;
	Thu, 28 Apr 2005 08:23:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 497D92070F;
	Thu, 28 Apr 2005 08:23:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 559342070F
	for ; Thu, 28 Apr 2005 08:22:39 -0400 (EDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130])
	by mail.frascone.com (Postfix) with ESMTP id CFBD220709
	for ; Thu, 28 Apr 2005 08:22:37 -0400 (EDT)
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130])
	by p130.piuha.net (Postfix) with ESMTP id CE29C8985D;
	Thu, 28 Apr 2005 15:22:36 +0300 (EEST)
Message-ID: <4270D590.2080705@piuha.net>
From: Jari Arkko 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Nakhjiri Madjid-MNAKHJI1 
Cc: "'Bernard Aboba'" , eap@frascone.com
Subject: Re: [eap] Re: EAP key binding discussion
References: 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 15:22:40 +0300
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Thanks Madjid for describing the scenarios and possibilities!
Some comments below.

There appears to be multiple issues that we want to worry about
in the fast handoff case. We've discussed the domino effect; the
same key should not be usable more than in a single place.

Efficiency concerns might dictate that at least some lengthy authentication
procedure should not be repeated. Not sure if this fully applies
today, many EAP methods have support for fast reauthentication.

On the other, roundtrip concerns may still apply, particularly if
it is expected that the home AAA server is on the other side of
world.

Another issue is compatibility and deployment. The mechanisms
may require modifications at the access network, intermediate
AAA proxies or KDCs, or the home network. Changes to the home
network are in particular troublesome because you might need
to upgrade your AAA server just because someone is using a new
a roaming partner's new link layer with fast handoff support.

Protocol modifications are also an issue. Some things are easier
to add to RADIUS and Diameter than others. New AVPs are easy;
delivery to a new KDC might be harder. And how would we prevent
a NAS lying about being a KDC -- if we don't prevent this then we
are back to the domino effect. Or maybe not, but at the
moment I at least don't see all the impacts at the system level well
enough.

Some of these requirements may also be contradictory, so we
may need to select which ones we care most for...

--Jari

Nakhjiri Madjid-MNAKHJI1 wrote:

>Ok, I did sent an email about this, but it was too long and got clogged for approval. Here is a short version.
>
>Basically the problem is how to use EAP key management framework to support handovers. In the current spec, after EAP is done, a AAA key is established between the peer and the AAA server and is pushed from the AAA server to the authenticator, so that the peer and authenticator can do a secure association protocol (say a 4-way exchange) to establish short term session keys.
>Now if you want to support handovers, this would mean the peer now has to establish session keys with a new authenticator. If you want to make handover fast, you should not require a full EAP authentication, but should be able to use the same AAA key to derive session keys between the peer and new authenticator. To prevent domino effects and other attacks, it would make sense to not send the same AAA key to each and every authenticator. 
>
>EAP keying draft 05 had a section describing derivation of per-authenticator AAA keys (lets call them AAABS key, BS for wireless base station). Say for simplicity this is how you derive the key for BS A and BS B.
>
>AAABS-Key-A = prf(AAA key,"Per BS key derivation", BS-A-Id, Peer-Id,length)
>AAABS-Key-B = prf(AAA key,"Per BS key derivation", BS-B-Id, Peer-Id,length)
>
>This would allow hiding of AAA key from the BS, but would mean now we are sending AAABS-key to each authenticator. This seems to violate the EAP key management assumption of sending the AAA key to authenticator. Furthermore, the problem is that each base station would still have to get its key from the AAA server (too slow for handover).
>
>Several alternatives to solve this problem have been suggested, including an EAP proxy by Sanjay:  So that the authenticator is placed between the BS and the AAA server and receives the AAA key, generates the AAABS key for each BS. Given that folks think there may be a bunch of binding problems with the EAP proxy approach and you need to find a protocol to run EAP over between BS and Authenticator, I am wondering if the following is acceptable:
>
>What if we keep the 3-party model with each BS still acting as NAS, but when the EAP authentication is done, the AAA server sends the AAA key to another entity (such as local key distribution center, LKDC) instead.
> EAP peer                   BS/Authen        AAA server       	     LKDC
>   --------                -------------   ------------               ------ 
>    |                           |                  |                       |
>    |<------------------------->|<---------------->|                       |
>    |   EAP auth (phase 1a)     | AAA pass-thru    | --------------------->|                      
>    |                           |                  | AAA-Key transport     |
>    |                           | ---------------------------------------->|
>    |                           |                  | AAABS-Key A request   |
>    |                           | <----------------------------------------|
>    |<------------------------->|         AAABS-key-A trans                |
>    |  Secure assoc. protocol   |                  |                       |
>    | (including a nonce exch.) |                  |                       |
>    |                           |                  |                       |
>
>To deal with RADIUS problems: The NAS can send the address for the LKDC to the AAA server during the initial EAP signaling and once the EAP success is received sends a message to the LKDC. The LKDC sends a access request to AAA server to receive the AAA key. 
>LKDC would then be responsible to distribute AAABS key during handover or proactively to all BSs with a neighbor set.
>
>Does this sound crazy?
>
>Thanks in advance for comments.
>
>Madjid
>
>
>-----Original Message-----
>From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On Behalf Of Nakhjiri Madjid-MNAKHJI1
>Sent: Wednesday, April 27, 2005 3:00 PM
>To: 'Bernard Aboba'; eap@frascone.com
>Subject: FW: [eap] Re: EAP key binding discussion
>
>Sorry for the late response to this. I have written something up. It is more a problem statement than a solution proposal. Basically because I was not sure whether sending the AAA key to some place other than an authenticator is against EAP key management principals.
>I am sending this in the following email.
>
>Regards,
>
>Madjid
>
>
>  
>
>>Instead both the peer and EAP/ AAA server calculate a
>>AAA-BS key that is bound to that base station. The EAP server only pushes
>>the AAA-BS key to that BS (NAS). The AAA key to AAA-BS key is
>>straightforward if you know the BS ID, peer ID and other things, as long
>>as you know AAA key, of course, so the peer and AAA server both can do
>>it. The handshakes happen based AAA-BS rather than AAA-key. But now, the
>>BSs cannot derive the session keys for other BSs.
>>    
>>
>
>You are describing something which I don't believe is included in any of
>the existing proposals.  If this is something that you're interested in
>pursuing, the best way to go about it is to write a complete proposal for
>how it would work, and then analyze it to see if conforms to the security
>criteria in RFC 4017.  This would make it possible for the proposal to be
>included in the EAP Key Management Extensions draft.
>
>However, please understand that this is not something that is likely to be
>completed in the 802.16e timeframe.
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>
>
>  
>

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 09:56:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA16414
	for ; Thu, 28 Apr 2005 09:56:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C9ACE2071A;
	Thu, 28 Apr 2005 09:56:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 8E05C20712;
	Thu, 28 Apr 2005 09:56:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5781620712
	for ; Thu, 28 Apr 2005 09:55:16 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 4B3BD20710
	for ; Thu, 28 Apr 2005 09:55:14 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DR9U1-000EwV-Mi
	for eap@frascone.com; Thu, 28 Apr 2005 09:55:13 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3SDtCc28071
	for ; Thu, 28 Apr 2005 06:55:12 -0700
From: Bernard Aboba 
To: eap@frascone.com
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Basic facts about EAP
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 06:55:12 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

I have received a request that the following basic facts about EAP be
posted to the EAP WG mailing list.

a. EAP is a two party protocol, run between an EAP peer and server.
Saying EAP is an N-party protocol is like saying that TCP is a
N-party protocol because TCP packets pass through routers.  Forwarding
an EAP packet without modification does not cause an entity to become a
"participant" in an EAP conversation any more than forwarding an IP packet
turns a router into a host.

b. EAP can travel over any lower layer transport meeting the requirements
of RFC 3748 Section 3.1.

c. An EAP peer or authenticator can have multiple ports.  EAP
lower layers that confuse the authenticator (or peer) with its ports are
a bit like a person who shakes hands with both arms of someone they
meet because they don't look at the head attached to the hands they are
shaking.  EAP exchanges occur between the EAP peer and server, not between
ports of the EAP server and authenticator.  Similarly, the AAA-Key is
shared by all ports of an authenticator and peer.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From pjzfmpm@baldybastard.co.uk  Thu Apr 28 10:10:27 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA18212;
	Thu, 28 Apr 2005 10:10:24 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DR9vb-00041T-E7; Thu, 28 Apr 2005 10:23:44 -0400
Received: from res-24-158-69-119.spa.sc.charter.com ([24.158.69.119])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DR9id-0001aP-9l; Thu, 28 Apr 2005 10:10:20 -0400
Received: from jeinbfou (24.158.69.119) by mail.abridged.com (7.0.027) ; Thu, 28 Apr 2005 07:09:47 -0800
Message-ID: <000701c54b1b$c20c3fb0$0301a8c0@jeinbfou>
From: "Hans Lange" 
To: rserpool@ietf.org, disman@ietf.org, rps-archive@ietf.org,
        eap-archive@ietf.org, ietf-archive@ietf.org, iporpr-admin@ietf.org,
        amyk@ietf.org, idr-admin@ietf.org, policy@ietf.org,
        rmonmib-admin@ietf.org, meeting-planning@ietf.org
Subject: RE:Hello! - goal murmurer
Date: Thu, 28 Apr 2005 07:09:47 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.224
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.224
X-Spam-Score: 17.2 (+++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad
Content-Transfer-Encoding: 7bit

We tried contacting you awhile ago about your low interest mortgag_e rate.
You have qualified for the lowest rate in years...
You could get over $450,000 for as little as $450 a month!
Bad cred*it? Doesn't matter, low rates are fixed no matter what!

To get a free, no obli_gation consultation click below:

http://www.tjgrfpi.aeqtoutdrkyddls.1ndeed.com/sev.asp?e=2503


Best Regards,
   mort*gage Broker Specialist
   Hans Lange


From eap-admin@frascone.com  Thu Apr 28 10:11:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA18449
	for ; Thu, 28 Apr 2005 10:11:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BED8F205CE;
	Thu, 28 Apr 2005 10:11:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6C3BC2041B;
	Thu, 28 Apr 2005 10:11:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id E94B72041B
	for ; Thu, 28 Apr 2005 10:10:54 -0400 (EDT)
Received: from xenon1.telemat.um.es (mail.um.es [155.54.212.105])
	by mail.frascone.com (Postfix) with ESMTP id CF3E11FD61
	for ; Thu, 28 Apr 2005 10:10:50 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by xenon1.telemat.um.es (Postfix) with ESMTP id B3E861FA3FD;
	Thu, 28 Apr 2005 16:10:48 +0200 (CEST)
Received: from xenon1.telemat.um.es ([127.0.0.1])
	by localhost (xenon1 [127.0.0.1]) (amavisd-new, port 10024) with LMTP
	id 24951-01-8; Thu, 28 Apr 2005 16:10:48 +0200 (CEST)
Received: from [192.168.1.100] (dibulibu.um.es [155.54.1.250])
	by xenon1.telemat.um.es (Postfix) with ESMTP id 2F8751FA3F1;
	Thu, 28 Apr 2005 16:10:42 +0200 (CEST)
Message-ID: <4270EEDD.3070706@dif.um.es>
From: Rafa Marin Lopez 
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Nakhjiri Madjid-MNAKHJI1 
Cc: "'Bernard Aboba'" , eap@frascone.com
Subject: Re: [eap] Re: EAP key binding discussion
References: 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at telemat.um.es
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 16:10:37 +0200
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Hi Nakhjiri

After I read this, I think it seems to be similar to PANA when PAA is 
not colocated in the EP for example in the wireless LAN 
model(http://www.ietf.org/internet-drafts/draft-ietf-pana-framework-03.txt). 

         
In fact PaC/EAP peer can derive one PMK per each EP/AP controlled by 
PAA.  PAA can derive the same keys that would send to different EPs 
controlled by this PAA (how to derive PMKs per each EP/AP derived from 
AAA-key that PAA receives  from AAA is ongoing work). So PAA would be 
like your LKDC. However PAA is also acting as NAS that 
is a difference what you propose.

On the other hand , when a EAP peer moves to another EP/AP controlled by 
another LKDC then we are moving the problem to allow a fast handoff 
between LKDCs. In the case of PANA , it is being treated in 
http://www.ietf.org/internet-drafts/draft-bournelle-pana-ctp-02.txt and 
http://www.ietf.org/internet-drafts/draft-ietf-pana-mobopts-00.txt



Only FYI (extracted from draft-ietf-pana-framework-03.txt)

"1.  The PaC associates with the AP.

  2.  The PaC configures a PRPA by using DHCP (in the case of IPv4) or
      configures a link-local address (in the case of IPv6), and then
      runs PANA.

 ----> 3.  Upon successful authentication, the PaC obtains a separate 
PMK for each AP controlled by the PAA.<---------

  4.  The AP initiates IEEE 802.11i 4-way handshake to establish a PTK
      (Pair-wise Transient Key) with the PaC, by using the PMK.

  5.  The PaC obtains a POPA by using any method that the client
      normally uses."

Regards.

Nakhjiri Madjid-MNAKHJI1 wrote:

>Ok, I did sent an email about this, but it was too long and got clogged for approval. Here is a short version.
>
>Basically the problem is how to use EAP key management framework to support handovers. In the current spec, after EAP is done, a AAA key is established between the peer and the AAA server and is pushed from the AAA server to the authenticator, so that the peer and authenticator can do a secure association protocol (say a 4-way exchange) to establish short term session keys.
>Now if you want to support handovers, this would mean the peer now has to establish session keys with a new authenticator. If you want to make handover fast, you should not require a full EAP authentication, but should be able to use the same AAA key to derive session keys between the peer and new authenticator. To prevent domino effects and other attacks, it would make sense to not send the same AAA key to each and every authenticator. 
>
>EAP keying draft 05 had a section describing derivation of per-authenticator AAA keys (lets call them AAABS key, BS for wireless base station). Say for simplicity this is how you derive the key for BS A and BS B.
>
>AAABS-Key-A = prf(AAA key,"Per BS key derivation", BS-A-Id, Peer-Id,length)
>AAABS-Key-B = prf(AAA key,"Per BS key derivation", BS-B-Id, Peer-Id,length)
>
>This would allow hiding of AAA key from the BS, but would mean now we are sending AAABS-key to each authenticator. This seems to violate the EAP key management assumption of sending the AAA key to authenticator. Furthermore, the problem is that each base station would still have to get its key from the AAA server (too slow for handover).
>
>Several alternatives to solve this problem have been suggested, including an EAP proxy by Sanjay:  So that the authenticator is placed between the BS and the AAA server and receives the AAA key, generates the AAABS key for each BS. Given that folks think there may be a bunch of binding problems with the EAP proxy approach and you need to find a protocol to run EAP over between BS and Authenticator, I am wondering if the following is acceptable:
>
>What if we keep the 3-party model with each BS still acting as NAS, but when the EAP authentication is done, the AAA server sends the AAA key to another entity (such as local key distribution center, LKDC) instead.
> EAP peer                   BS/Authen        AAA server       	     LKDC
>   --------                -------------   ------------               ------ 
>    |                           |                  |                       |
>    |<------------------------->|<---------------->|                       |
>    |   EAP auth (phase 1a)     | AAA pass-thru    | --------------------->|                      
>    |                           |                  | AAA-Key transport     |
>    |                           | ---------------------------------------->|
>    |                           |                  | AAABS-Key A request   |
>    |                           | <----------------------------------------|
>    |<------------------------->|         AAABS-key-A trans                |
>    |  Secure assoc. protocol   |                  |                       |
>    | (including a nonce exch.) |                  |                       |
>    |                           |                  |                       |
>
>To deal with RADIUS problems: The NAS can send the address for the LKDC to the AAA server during the initial EAP signaling and once the EAP success is received sends a message to the LKDC. The LKDC sends a access request to AAA server to receive the AAA key. 
>LKDC would then be responsible to distribute AAABS key during handover or proactively to all BSs with a neighbor set.
>
>Does this sound crazy?
>
>Thanks in advance for comments.
>
>Madjid
>
>
>-----Original Message-----
>From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On Behalf Of Nakhjiri Madjid-MNAKHJI1
>Sent: Wednesday, April 27, 2005 3:00 PM
>To: 'Bernard Aboba'; eap@frascone.com
>Subject: FW: [eap] Re: EAP key binding discussion
>
>Sorry for the late response to this. I have written something up. It is more a problem statement than a solution proposal. Basically because I was not sure whether sending the AAA key to some place other than an authenticator is against EAP key management principals.
>I am sending this in the following email.
>
>Regards,
>
>Madjid
>
>
>  
>
>>Instead both the peer and EAP/ AAA server calculate a
>>AAA-BS key that is bound to that base station. The EAP server only pushes
>>the AAA-BS key to that BS (NAS). The AAA key to AAA-BS key is
>>straightforward if you know the BS ID, peer ID and other things, as long
>>as you know AAA key, of course, so the peer and AAA server both can do
>>it. The handshakes happen based AAA-BS rather than AAA-key. But now, the
>>BSs cannot derive the session keys for other BSs.
>>    
>>
>
>You are describing something which I don't believe is included in any of
>the existing proposals.  If this is something that you're interested in
>pursuing, the best way to go about it is to write a complete proposal for
>how it would work, and then analyze it to see if conforms to the security
>criteria in RFC 4017.  This would make it possible for the proposal to be
>included in the EAP Key Management Extensions draft.
>
>However, please understand that this is not something that is likely to be
>completed in the 802.16e timeframe.
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>
>
>
>  
>


-- 
------------------------------------------------------
Rafael Marin Lopez
Faculty of Computer Science-University of Murcia
30071 Murcia - Spain
Telf: +34968367645    e-mail: rafa@dif.um.es
------------------------------------------------------

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 10:54:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23527
	for ; Thu, 28 Apr 2005 10:54:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id EDD0A20722;
	Thu, 28 Apr 2005 10:54:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5133E205CE;
	Thu, 28 Apr 2005 10:54:08 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 850D620720
	for ; Thu, 28 Apr 2005 10:53:24 -0400 (EDT)
Received: from mgw-x2.nokia.com (mgw-x2.nokia.com [131.228.20.22])
	by mail.frascone.com (Postfix) with ESMTP id C35C1205C8
	for ; Thu, 28 Apr 2005 10:53:20 -0400 (EDT)
Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158])
	by mgw-x2.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3SErFM27939;
	Thu, 28 Apr 2005 17:53:15 +0300 (EET DST)
X-Scanned: Thu, 28 Apr 2005 17:50:24 +0300 Nokia Message Protector V1.3.34 2004121512 - RELEASE
Received: (from root@localhost)
	by esdks003.ntc.nokia.com (8.12.9/8.12.9) id j3SEoObu020884;
	Thu, 28 Apr 2005 17:50:24 +0300
Received: from mgw-int1.ntc.nokia.com (172.21.143.96)
	by esdks003.ntc.nokia.com 00hYsZQK; Thu, 28 Apr 2005 17:50:23 EEST
Received: from esebh001.NOE.Nokia.com (esebh001.ntc.nokia.com [172.21.138.28])
	by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id j3SEoDM20487;
	Thu, 28 Apr 2005 17:50:13 +0300 (EET DST)
Received: from esebe018.NOE.Nokia.com ([172.21.138.57]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881);
	 Thu, 28 Apr 2005 17:49:46 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebe018.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881);
	 Thu, 28 Apr 2005 17:49:10 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [eap] Basic facts about EAP
Message-ID: 
Thread-Topic: [eap] Basic facts about EAP
thread-index: AcVL/BFS3kHbAjXQQZmGHLvntpEDmgAA+5Xw
From: 
To: , 
X-OriginalArrivalTime: 28 Apr 2005 14:49:10.0695 (UTC) FILETIME=[6FF54370:01C54C01]
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 17:49:11 +0300
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: quoted-printable

Bernard Aboba wrote:
>
> I have received a request that the following basic facts about
> EAP be posted to the EAP WG mailing list.
>
> a. EAP is a two party protocol, run between an EAP peer and
> server.  Saying EAP is an N-party protocol is like saying that
> TCP is a N-party protocol because TCP packets pass through
> routers.  Forwarding an EAP packet without modification does
> not cause an entity to become a "participant" in an EAP
> conversation any more than forwarding an IP packet turns a
> router into a host.

I fully agree. EAP is a two-party protocol between two entities.

However, EAP is always used as a component or "sub-protocol" in
a system which includes several other (sub-)protocols and
usually more than two entities.

I think one reason for the recent confusing discussions is that=20
we do not have good _names_ for these systems and "mega-protocols". =20
We do have the systems, though: whenever we're talking about=20
N-party protocols or mentioning both EAP and RADIUS/Diameter/AAA=20
in the same sentence, we're talking about some particular system
(that uses EAP protocol somewhere in it, but includes much more).

And there's no single correct system, either. For instance, it's=20
perfectly OK to have a system where both EAP server and RADIUS server=20
are considered to be parts of a single logical entity. But nothing=20
in the components (EAP or RADIUS) implies or forces this: it is=20
this unnamed system that is making this definition. But since we=20
don't have good names for these systems, it's easy to get a=20
disagreement when two people are, in fact, talking of two different=20
systems that happen to use EAP (or are arguing that there is or=20
should be a single correct system, and no other systems are allowed
to use EAP).

Best regards,
Pasi
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From Oakes@hush.com  Thu Apr 28 11:04:53 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA24329;
	Thu, 28 Apr 2005 11:04:52 -0400 (EDT)
Received: from bzq-82-81-196-143.cablep.bezeqint.net ([82.81.196.143])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DRAmF-0006Pi-JL; Thu, 28 Apr 2005 11:18:14 -0400
Received: from pianissimo.sonny.org (HELO 58-25.delphinus.sonny.org [159.12.20.28])
 by soda.sonny.org (iPlanet Messaging Server 5.1 (built Apr 10 2001))
 with ESMTP id <0GVF00450Y5Oakes@hush.com> for
 jujube-Oakes@hush.com; Thu, 28 Apr 2005 19:51:23 +0400
Message-ID: <3B50CF08.B28065CA@usability.at>
Date: Thu, 28 Apr 2005 19:55:23 +0400
From: "P Wiggins Firm" 
To: edu-team-web-archive@ietf.org
Subject: Confirm here
X-Mailer: iPlanet Messaging Server 5.1 (built Apr 10 2001)
X-Spam-Score: 13.5 (+++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d



Hello,

We tried contacting you awhile ago about your low interest morta(ge rate.

You have qualified for the lowest rate in years...

You could get over $380,000 for as little as $500 a month!

Ba(d credit? Doesn't matter, low rates are fixed no matter what!


To get a free, no obli,gation consultation click below:

http://www.herhelp.com/x/loan.php?id=3Dddd



Best Regards,

Gilbert Elmo

to be remov(ed:    http://www.herhelp.com/x/st.html

this process takes one week, so please be patient. we do our 
best to take your email/s off but you have to fill out a rem/ove
or else you will continue to recieve email/s.



From eap-admin@frascone.com  Thu Apr 28 12:39:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA03109
	for ; Thu, 28 Apr 2005 12:39:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 98D1320529;
	Thu, 28 Apr 2005 12:39:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id F255120510;
	Thu, 28 Apr 2005 12:39:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id E37EE20510
	for ; Thu, 28 Apr 2005 12:38:30 -0400 (EDT)
Received: from motgate.mot.com (motgate.mot.com [129.188.136.100])
	by mail.frascone.com (Postfix) with ESMTP id 40B4920434
	for ; Thu, 28 Apr 2005 12:38:28 -0400 (EDT)
Received: from az33exr01.mot.com (az33exr01.mot.com [10.64.251.231])
	by motgate.mot.com (Motorola/Motgate) with ESMTP id j3SGcRnE023239
	for ; Thu, 28 Apr 2005 09:38:27 -0700 (MST)
Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4])
	by az33exr01.mot.com (8.13.1/8.13.0) with ESMTP id j3SGf34i013344
	for ; Thu, 28 Apr 2005 11:41:03 -0500 (CDT)
Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72)
	id ; Thu, 28 Apr 2005 11:38:26 -0500
Message-ID: 
From: Nakhjiri Madjid-MNAKHJI1 
To: "'Jari Arkko'" 
Cc: "'Bernard Aboba'" , eap@frascone.com,
        Nakhjiri Madjid-MNAKHJI1 
Subject: RE: [eap] Re: EAP key binding discussion
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 11:38:25 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Hi Jari,

Thank you for taking the time and responding. I agree with most of the things you said, but reading your last comments, I think I need to clarify myself. The NAS does not tell the AAA server that it is the LKDC. It simply informs the AAA server which LKDC it wants the key materials to be sent.
We need a midlevel in the hierarchy between AAA server and NAS to keep the AAA-key at, generate AAABS keys for each NAS, but keep the AAA-key from the NAS to prevent the domino effect.

			AAA server
			/	|   \
		  LKDC1   LKDC2  LKDC3
		  / |  \	/|\  /|\
	    NAS1 NAS2 NAS3
 
Please note that in the suggested approach the KDCs are out of the EAP auth-path, which means the AAA server does not know where the KDC for a NAS and its neighbors are. That is why the NAS1 needs to send an AVP to AAA server including KDC1 ID (so AAA server does not have to keep NAS-KDC state and the network architecture can be flexible with load balancing).
The AAA server will send the AAA-key to a KDC only if it has a AAAserver-KDC SA to protect the AAA key.
For RADIUS we need a request/ response signaling started from KDC to get the AAA-key, which in turn means the NAS must send a trigger to the KDC (after EAP success possibly).
This way the round trip to AAA server is reduced to roundtrip to LKDC which can be collocated with local mobility manager.

All we are changing here is that we are saying "send the AAA key" to the KDC rather than to NAS. It is unconventional but is it less secure? I am not sure? It is more secure than just sending the AAA key to the first NAS.
But I appreciate all the help we can get with the threat analysis.

Madjid
-----Original Message-----
From: Jari Arkko [mailto:jari.arkko@piuha.net] 
Sent: Thursday, April 28, 2005 7:23 AM
To: Nakhjiri Madjid-MNAKHJI1
Cc: 'Bernard Aboba'; eap@frascone.com
Subject: Re: [eap] Re: EAP key binding discussion

Thanks Madjid for describing the scenarios and possibilities!
Some comments below.

There appears to be multiple issues that we want to worry about
in the fast handoff case. We've discussed the domino effect; the
same key should not be usable more than in a single place.

Efficiency concerns might dictate that at least some lengthy authentication
procedure should not be repeated. Not sure if this fully applies
today, many EAP methods have support for fast reauthentication.

On the other, roundtrip concerns may still apply, particularly if
it is expected that the home AAA server is on the other side of
world.

Another issue is compatibility and deployment. The mechanisms
may require modifications at the access network, intermediate
AAA proxies or KDCs, or the home network. Changes to the home
network are in particular troublesome because you might need
to upgrade your AAA server just because someone is using a new
a roaming partner's new link layer with fast handoff support.

Protocol modifications are also an issue. Some things are easier
to add to RADIUS and Diameter than others. New AVPs are easy;
delivery to a new KDC might be harder. And how would we prevent
a NAS lying about being a KDC -- if we don't prevent this then we
are back to the domino effect. Or maybe not, but at the
moment I at least don't see all the impacts at the system level well
enough.

Some of these requirements may also be contradictory, so we
may need to select which ones we care most for...

--Jari

Nakhjiri Madjid-MNAKHJI1 wrote:

>Ok, I did sent an email about this, but it was too long and got clogged for approval. Here is a short version.
>
>Basically the problem is how to use EAP key management framework to support handovers. In the current spec, after EAP is done, a AAA key is established between the peer and the AAA server and is pushed from the AAA server to the authenticator, so that the peer and authenticator can do a secure association protocol (say a 4-way exchange) to establish short term session keys.
>Now if you want to support handovers, this would mean the peer now has to establish session keys with a new authenticator. If you want to make handover fast, you should not require a full EAP authentication, but should be able to use the same AAA key to derive session keys between the peer and new authenticator. To prevent domino effects and other attacks, it would make sense to not send the same AAA key to each and every authenticator. 
>
>EAP keying draft 05 had a section describing derivation of per-authenticator AAA keys (lets call them AAABS key, BS for wireless base station). Say for simplicity this is how you derive the key for BS A and BS B.
>
>AAABS-Key-A = prf(AAA key,"Per BS key derivation", BS-A-Id, Peer-Id,length)
>AAABS-Key-B = prf(AAA key,"Per BS key derivation", BS-B-Id, Peer-Id,length)
>
>This would allow hiding of AAA key from the BS, but would mean now we are sending AAABS-key to each authenticator. This seems to violate the EAP key management assumption of sending the AAA key to authenticator. Furthermore, the problem is that each base station would still have to get its key from the AAA server (too slow for handover).
>
>Several alternatives to solve this problem have been suggested, including an EAP proxy by Sanjay:  So that the authenticator is placed between the BS and the AAA server and receives the AAA key, generates the AAABS key for each BS. Given that folks think there may be a bunch of binding problems with the EAP proxy approach and you need to find a protocol to run EAP over between BS and Authenticator, I am wondering if the following is acceptable:
>
>What if we keep the 3-party model with each BS still acting as NAS, but when the EAP authentication is done, the AAA server sends the AAA key to another entity (such as local key distribution center, LKDC) instead.
> EAP peer                   BS/Authen        AAA server       	     LKDC
>   --------                -------------   ------------               ------ 
>    |                           |                  |                       |
>    |<------------------------->|<---------------->|                       |
>    |   EAP auth (phase 1a)     | AAA pass-thru    | --------------------->|                      
>    |                           |                  | AAA-Key transport     |
>    |                           | ---------------------------------------->|
>    |                           |                  | AAABS-Key A request   |
>    |                           | <----------------------------------------|
>    |<------------------------->|         AAABS-key-A trans                |
>    |  Secure assoc. protocol   |                  |                       |
>    | (including a nonce exch.) |                  |                       |
>    |                           |                  |                       |
>
>To deal with RADIUS problems: The NAS can send the address for the LKDC to the AAA server during the initial EAP signaling and once the EAP success is received sends a message to the LKDC. The LKDC sends a access request to AAA server to receive the AAA key. 
>LKDC would then be responsible to distribute AAABS key during handover or proactively to all BSs with a neighbor set.
>
>Does this sound crazy?
>
>Thanks in advance for comments.
>
>Madjid
>
>
>-----Original Message-----
>From: eap-admin@frascone.com [mailto:eap-admin@frascone.com] On Behalf Of Nakhjiri Madjid-MNAKHJI1
>Sent: Wednesday, April 27, 2005 3:00 PM
>To: 'Bernard Aboba'; eap@frascone.com
>Subject: FW: [eap] Re: EAP key binding discussion
>
>Sorry for the late response to this. I have written something up. It is more a problem statement than a solution proposal. Basically because I was not sure whether sending the AAA key to some place other than an authenticator is against EAP key management principals.
>I am sending this in the following email.
>
>Regards,
>
>Madjid
>
>
>  
>
>>Instead both the peer and EAP/ AAA server calculate a
>>AAA-BS key that is bound to that base station. The EAP server only pushes
>>the AAA-BS key to that BS (NAS). The AAA key to AAA-BS key is
>>straightforward if you know the BS ID, peer ID and other things, as long
>>as you know AAA key, of course, so the peer and AAA server both can do
>>it. The handshakes happen based AAA-BS rather than AAA-key. But now, the
>>BSs cannot derive the session keys for other BSs.
>>    
>>
>
>You are describing something which I don't believe is included in any of
>the existing proposals.  If this is something that you're interested in
>pursuing, the best way to go about it is to write a complete proposal for
>how it would work, and then analyze it to see if conforms to the security
>criteria in RFC 4017.  This would make it possible for the proposal to be
>included in the EAP Key Management Extensions draft.
>
>However, please understand that this is not something that is likely to be
>completed in the 802.16e timeframe.
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>_______________________________________________
>eap mailing list
>eap@frascone.com
>http://mail.frascone.com/mailman/listinfo/eap
>
>
>  
>
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 12:53:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA03932
	for ; Thu, 28 Apr 2005 12:53:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 250E72051C;
	Thu, 28 Apr 2005 12:53:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 73C2D20230;
	Thu, 28 Apr 2005 12:53:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 394F320230
	for ; Thu, 28 Apr 2005 12:52:22 -0400 (EDT)
Received: from motgate8.mot.com (motgate8.mot.com [129.188.136.8])
	by mail.frascone.com (Postfix) with ESMTP id 276D01FC75
	for ; Thu, 28 Apr 2005 12:52:20 -0400 (EDT)
Received: from az33exr03.mot.com (az33exr03.mot.com [10.64.251.233])
	by motgate8.mot.com (Motorola/Motgate8) with ESMTP id j3SGsm24011177
	for ; Thu, 28 Apr 2005 09:54:48 -0700 (MST)
Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4])
	by az33exr03.mot.com (8.13.1/8.13.0) with ESMTP id j3SGsD7o003465
	for ; Thu, 28 Apr 2005 11:54:14 -0500 (CDT)
Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72)
	id ; Thu, 28 Apr 2005 11:52:18 -0500
Message-ID: 
From: Nakhjiri Madjid-MNAKHJI1 
To: "'Bernard Aboba'" 
Cc: eap@frascone.com
Subject: RE: FW: [eap] Re: EAP key binding discussion
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 11:52:17 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Hi Bernard,

-----Original Message-----
From: Bernard Aboba [mailto:aboba@internaut.com] 
Sent: Wednesday, April 27, 2005 11:50 PM
To: Nakhjiri Madjid-MNAKHJI1
Cc: eap@frascone.com
Subject: Re: FW: [eap] Re: EAP key binding discussion

> Sorry for the late response to this. I have written something up. It is
> more a problem statement than a solution proposal. Basically because I
> was not sure whether sending the AAA key to some place other than an
> authenticator is against EAP key management principals.

The Housley Criteria are described in RFC 4017 as well as the EAP Key
Management framework.

In particular, I would pay attention to the "Confidentiality" condition
(which prohibits disclosure of keys to parties outside the peer, server
and authenticator), 

Madjid>>what about disclosure of the keys between the authenticators??
I think EAP and its key management framework has not positioned itself well with respect to handovers and that is why the door for interpretations is being opened over and over.

the "mutual authentication" condition which requires
mutual authentication between all parties, 

Madjid>> "all parties"? Where is the mutual authentication between the NAS and AAA server enforced? RADIUS shared secret (SS)? If that is the case then you can have 
			SS1
		LKDC----------AAA server
			     	 /	 /
		long term__/	/SS2
		secret  /       /
		       peer---- NAS



and the "domino effect"
condition which prevents compromise of one party from affecting other
parties.

Madjid>> Sending the AAA-key to each authenticator and reusing it by other authenticator as part of secure association generation with the peer causes "domino effect", no?
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 13:30:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06723
	for ; Thu, 28 Apr 2005 13:30:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 2C7702057F;
	Thu, 28 Apr 2005 13:30:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id CCD1420520;
	Thu, 28 Apr 2005 13:30:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 0E7842026A
	for ; Thu, 28 Apr 2005 13:29:52 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id F3E4420230
	for ; Thu, 28 Apr 2005 13:29:50 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DRCph-0007aq-LU; Thu, 28 Apr 2005 13:29:49 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3SHTmW09692;
	Thu, 28 Apr 2005 10:29:48 -0700
From: Bernard Aboba 
To: Pasi.Eronen@nokia.com
Cc: eap@frascone.com
Subject: RE: [eap] Basic facts about EAP
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 10:29:48 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> And there's no single correct system, either. For instance, it's
> perfectly OK to have a system where both EAP server and RADIUS server
> are considered to be parts of a single logical entity. But nothing
> in the components (EAP or RADIUS) implies or forces this: it is
> this unnamed system that is making this definition. But since we
> don't have good names for these systems, it's easy to get a
> disagreement when two people are, in fact, talking of two different
> systems that happen to use EAP (or are arguing that there is or
> should be a single correct system, and no other systems are allowed
> to use EAP).

Do you have a suggestion for how we might clarify the usage?
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 13:50:14 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA08003
	for ; Thu, 28 Apr 2005 13:50:13 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 636792059A;
	Thu, 28 Apr 2005 13:50:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C41BB20529;
	Thu, 28 Apr 2005 13:50:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 14F2F20520
	for ; Thu, 28 Apr 2005 13:49:43 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 380272026A
	for ; Thu, 28 Apr 2005 13:49:40 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DRD8s-000Bys-Bw; Thu, 28 Apr 2005 13:49:38 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3SHnbU11178;
	Thu, 28 Apr 2005 10:49:37 -0700
From: Bernard Aboba 
To: Nakhjiri Madjid-MNAKHJI1 
Cc: eap@frascone.com
Subject: RE: FW: [eap] Re: EAP key binding discussion
In-Reply-To: 
Message-ID: 
References: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 10:49:37 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> What about disclosure of the keys between the authenticators??

Here is the requirement (from RFC 4017):

      Requirement: "Compromise of a single authenticator cannot
      compromise any other part of the system, including session keys
      and long-term secrets."

"any other part of the system" would seem to include other authenticators.

> I think EAP and its key management framework has not positioned itself
> well with respect to handovers and that is why the door for interpretations
> is being opened over and over.

I'd be interested in any data that you have collected on this.  Having
recently done some tests on handover times in WLAN switches, I was
surprised by how well the equipment performs.  For example, we have
measured handoffs of 25ms or less on a consistent basis with a number of
WLAN switch products.  These measurements were made on equipment implementing
RFC 3579, RFC 3748, and WPA2 (including pre-authentication).

I have collected published material on handoff times at the following
location:
http://www.drizzle.com/~aboba/IEEE/

> the "mutual authentication" condition which requires mutual
> authentication between all parties,
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Thu Apr 28 14:22:10 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10800
	for ; Thu, 28 Apr 2005 14:22:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 53E7C205F1;
	Thu, 28 Apr 2005 14:22:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id EA7C92059A;
	Thu, 28 Apr 2005 14:22:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id E100A2059A
	for ; Thu, 28 Apr 2005 14:21:50 -0400 (EDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87])
	by mail.frascone.com (Postfix) with ESMTP id 261A62053E
	for ; Thu, 28 Apr 2005 14:21:48 -0400 (EDT)
Received: from sj-core-4.cisco.com (171.68.223.138)
  by sj-iport-5.cisco.com with ESMTP; 28 Apr 2005 11:21:33 -0700
Received: from gwzw2k01 (sjc-vpn7-645.cisco.com [10.21.146.133])
	by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id j3SILUpR012910;
	Thu, 28 Apr 2005 11:21:30 -0700 (PDT)
Message-Id: <200504281821.j3SILUpR012910@sj-core-4.cisco.com>
Reply-To: 
From: "Glen Zorn (gwz)" 
To: 
Cc: , 
Subject: RE: [eap] Basic facts about EAP
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4939.300
Thread-Index: AcVL/BFS3kHbAjXQQZmGHLvntpEDmgAA+5XwAAb+3cA=
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Thu, 28 Apr 2005 11:21:25 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Pasi.Eronen@nokia.com <> supposedly scribbled:

> Bernard Aboba wrote:
>> 
>> I have received a request that the following basic facts about
EAP be
>> posted to the EAP WG mailing list.
>> 
>> a. EAP is a two party protocol, run between an EAP peer and
server.
>> Saying EAP is an N-party protocol is like saying that TCP is a
>> N-party protocol because TCP packets pass through routers. 
>> Forwarding an EAP packet without modification does not cause an
>> entity to become a "participant" in an EAP conversation any more
>> than forwarding an IP packet turns a router into a host.
> 
> I fully agree. EAP is a two-party protocol between two entities.
> 
> However, EAP is always used as a component or "sub-protocol" in a
> system which includes several other (sub-)protocols and usually
more
> than two entities.  

I'm not sure how that is material: EAP is (or should be, IMHO) as
aware of things like RADIUS proxies or Diameter agents as HTTP is of
IP routers.

> 
> I think one reason for the recent confusing discussions is that we
do
> not have good _names_ for these systems and "mega-protocols". 
> We do have the systems, though: whenever we're talking about
N-party
> protocols or mentioning both EAP and RADIUS/Diameter/AAA in the
same
> sentence, we're talking about some particular system (that uses
EAP
> protocol somewhere in it, but includes much more).   

This whole discussion is one of layering, a concept which I would
hope anyone on this or any other IETF list would be at least
familiar; unfortunately, that familiarity is not apparent in these
discussions.

> 
> And there's no single correct system, either. For instance, it's
> perfectly OK to have a system where both EAP server and RADIUS
server
> are considered to be parts of a single logical entity. 

No, it's not; well actually, it's fine if you are seriously confused
about the meanings of "logical" and "physical".  The fact that a
particular implementation (or for that matter, all implementations)
of EAP server(s) happen to run on the same box(es) or are even
integrated into the same code base doesn't mean that they are the
same thing, logically or otherwise.

> But nothing in
> the components (EAP or RADIUS) implies or forces this: it is this
> unnamed system that is making this definition. But since we don't
> have good names for these systems, 
> it's easy to get a disagreement
> when two people are, in fact, talking of two different systems
that
> happen to use EAP (or are arguing that there is or should be a
single
> correct system, and no other systems are allowed to use EAP). 
> 
> Best regards,
> Pasi
> _______________________________________________
> eap mailing list
> eap@frascone.com
> http://mail.frascone.com/mailman/listinfo/eap

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by
simply
  listening to John Coltrane? -- Henry Gabriel
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From nobody@178660.ds.nac.net  Thu Apr 28 21:11:53 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA15169
	for ; Thu, 28 Apr 2005 21:11:52 -0400 (EDT)
Received: from 178660.ds.nac.net ([216.118.117.200])
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DRKFp-00079V-Mv
	for eap-archive@ietf.org; Thu, 28 Apr 2005 21:25:18 -0400
Received: from nobody by 178660.ds.nac.net with local (Exim 4.50)
	id 1DRK2t-0006l3-Qg
	for eap-archive@ietf.org; Fri, 29 Apr 2005 10:11:55 +0900
To: eap-archive@ietf.org
Subject: Voce recebeu uma Piada Animada
FROM: mensageiro@humortadela.com.br
content-type: text/html
X-priority: 1
Received: from inter.net
Received: from dot.net
Message-Id: 
Date: Fri, 29 Apr 2005 10:11:55 +0900
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - 178660.ds.nac.net
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [99 504] / [47 12]
X-AntiAbuse: Sender Address Domain - 178660.ds.nac.net
X-Source: /usr/bin/php
X-Source-Args: php -q enviar.txt arg.txt humor.htm 
X-Source-Dir: /tmp/.lol
X-Spam-Score: 5.5 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69







Alguém lembrou de você.




 
Olá, 

Alguém que não tinha nada para fazer (Rafael), numa de suas 
visitas ao Humor Tadela não sei por que cargas d'água, lhe recomendou a seguinte 
página:


"Piada Animada: Será que é você?" 


Comentários:



É dificil eu recomendar alguma coisa, porque foi muito engraçado 
quando eu vi, logo lembrei de você e decide mandar, concerteza você também irá 
gostar como eu gostei!


Abraços Rafael.



  
  

    
      
Ver Piada 
      Animada.

      
Não se desespere! Temos um 
      segundo link ativo abaixo:


      
http://humortadela.uol.com.br/piada_animada/index_336.html

      
Ou Acesse 
      http://www.humortadela.com.br

      
Ainda não funcionou? 

      
Bem, então chegou a hora de 
      começar a se desesperar...



Turma do Humor Tadela




O maior site de humor da América 
Latina!
http://www.humortadela.com.br





From Powers@dcemail.com  Thu Apr 28 23:34:10 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA23930;
	Thu, 28 Apr 2005 23:34:10 -0400 (EDT)
Received: from [220.185.210.235] (helo=132.151.6.1)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DRMTX-0004Bx-V8; Thu, 28 Apr 2005 23:47:38 -0400
Received: from musculature.sonny.org (HELO 58-25.siltation.sonny.org [50.90.16.118])
 by bacterial.sonny.org (iPlanet Messaging Server 5.1 (built Apr 10 2001))
 with ESMTP id <0GVF00930Y5Powers@dcemail.com> for
 casein-Powers@dcemail.com; Fri, 29 Apr 2005 08:27:02 +0400
Message-ID: <3B30CF31.B03315CA@usability.at>
Date: Fri, 29 Apr 2005 07:32:02 +0300
From: "E Gabriel Ltd." 
To: edu-team-web-archive@ietf.org, edu-team@ietf.org, eap-archive@ietf.org
Subject: Receive 3.6%
X-Mailer: iPlanet Messaging Server 5.1 (built Apr 10 2001)
X-Spam-Score: 6.0 (++++++)
X-Spam-Flag: YES
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d



Hello,

We tried contacting you awhile ago about your low interest morta(ge rate.

You have qualified for the lowest rate in years...

You could get over $380,000 for as little as $500 a month!

Ba(d credit? Doesn't matter, low rates are fixed no matter what!


To get a free, no obli,gation consultation click below:

http://www.herhelp.com/x/loan.php?id=3DG1



Best Regards,

Harrison Lola

to be remov(ed:    http://www.herhelp.com/x/st.html

this process takes one week, so please be patient. we do our 
best to take your email/s off but you have to fill out a rem/ove
or else you will continue to recieve email/s.



From chiding@mailAccount.com  Fri Apr 29 00:24:30 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA27480;
	Fri, 29 Apr 2005 00:24:30 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DRNGJ-0006Ni-9P; Fri, 29 Apr 2005 00:37:59 -0400
Received: from chello062178149227.6.14.vie.surfer.at ([62.178.149.227])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DRN3G-000823-DA; Fri, 29 Apr 2005 00:24:31 -0400
Received: from lipton-jcoppens.com (EHLO egyptian.jcoppens.com) 
  by lordosis.jcoppens.com with SMTP; Fri, 29 Apr 2005 02:22:20 -0300
Date: Fri, 29 Apr 2005 10:18:20 +0500
From: "Lottie Bourgeois" 
To: eap-archive@ietf.org
Cc: eb-archive@ietf.org, eccmtmagma-admin@ietf.org, ediint-archive@ietf.org,
        edu-discuss@ietf.org, edu-discuss-admin@ietf.org,
        edu-discuss-web-archive@ietf.org, edu-team@ietf.org
Subject: Pre-approved Application #JFWEKI395
Message-ID: 
X-SpamTest-Info: Profile: SysLog
X-SpamTest-Status: Not detected
X-SpamTest-Version: SMTP-Filter Version 2.0.0 [228], SpamtestISP/Release
X-Mailer: MIME-tools 5.41 (Entity 5.404)
X-Spam-Score: 5.8 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.h0us1ng.com/sign.asp



 Best Regards,

 Brad Gilbert
 
 to be remov(ed:	http://www.h0us1ng.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From aminoff@didamail.com  Fri Apr 29 03:48:15 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA01266;
	Fri, 29 Apr 2005 03:48:14 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DRQRT-0005yp-V6; Fri, 29 Apr 2005 04:01:44 -0400
Received: from [221.148.219.163] (helo=65.246.255.50)
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DRQEP-0005Jv-Bo; Fri, 29 Apr 2005 03:48:13 -0400
Received: from dillon-jcoppens.com (EHLO perth.jcoppens.com) 
  by mycology.jcoppens.com with SMTP; Fri, 29 Apr 2005 10:44:51 +0200
Date: Fri, 29 Apr 2005 04:38:51 -0400
From: "Wilson Langley" 
To: dnsind-archive@ietf.org
Cc: dnsop-archive@ietf.org, dnssec-archive@ietf.org, donny.gifford@ietf.org,
        dorthy.bruno@ietf.org, doyle.crouch@ietf.org, dp@ietf.org,
        drafts@ietf.org, drums-archive@ietf.org, dvsqhmanet@ietf.org,
        dxnvmrouting-discussion-admin@ietf.org, e@ietf.org, e3@ietf.org,
        eamoby@ietf.org, eap-archive@ietf.org
Subject: Approved mortage rate
Message-ID: 
X-SpamTest-Info: Profile: SysLog
X-SpamTest-Status: Not detected
X-SpamTest-Version: SMTP-Filter Version 2.0.0 [164], SpamtestISP/Release
X-Mailer: MIME-tools 5.41 (Entity 5.404)
X-Spam-Score: 5.6 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.h0us1ng.com/sign.asp



 Best Regards,

 Marta Cantu
 
 to be remov(ed:	http://www.h0us1ng.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From eap-admin@frascone.com  Fri Apr 29 07:07:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA12862
	for ; Fri, 29 Apr 2005 07:07:08 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BDC8220634;
	Fri, 29 Apr 2005 07:07:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BCAA92037A;
	Fri, 29 Apr 2005 07:07:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5F4D92037A
	for ; Fri, 29 Apr 2005 07:06:37 -0400 (EDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130])
	by mail.frascone.com (Postfix) with ESMTP id 37D1520372
	for ; Fri, 29 Apr 2005 07:06:34 -0400 (EDT)
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130])
	by p130.piuha.net (Postfix) with ESMTP id AC0578985D;
	Fri, 29 Apr 2005 14:06:33 +0300 (EEST)
Message-ID: <4272153D.7010503@piuha.net>
From: Jari Arkko 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: gwz@cisco.com
Cc: Pasi.Eronen@nokia.com, aboba@internaut.com, eap@frascone.com
Subject: Re: [eap] Basic facts about EAP
References: <200504281821.j3SILUpR012910@sj-core-4.cisco.com>
In-Reply-To: <200504281821.j3SILUpR012910@sj-core-4.cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 14:06:37 +0300
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Hi Glen,

>>I fully agree. EAP is a two-party protocol between two entities.
>>
>>However, EAP is always used as a component or "sub-protocol" in a
>>system which includes several other (sub-)protocols and usually more than two entities.  
>>    
>>
>
>I'm not sure how that is material: EAP is (or should be, IMHO) as
>aware of things like RADIUS proxies or Diameter agents as HTTP is of
>IP routers.
>  
>
I tend to agree with Pasi here. Even if EAP is a two-party
protocol, the complete system consisting of AAA and some
features of EAP have more than two entities. For instance,
EAP channel bindings specified in RFC 3748 help the system
to protect against compromise of individual NASes through
the system being aware of 3 entities, the information about
the NAS being in part communicated over EAP.

But yeah, Pasi's comment is more about the unnamed system
than it is about EAP protocol. The example above shows that
the layering is not as pure as might appear.

>>And there's no single correct system, either. For instance, it's
>>perfectly OK to have a system where both EAP server and RADIUS server
>>    
>>
>>are considered to be parts of a single logical entity. 
>>    
>>
>
>No, it's not; well actually, it's fine if you are seriously confused
>about the meanings of "logical" and "physical".  The fact that a
>particular implementation (or for that matter, all implementations)
>of EAP server(s) happen to run on the same box(es) or are even
>integrated into the same code base doesn't mean that they are the
>same thing, logically or otherwise.
>  
>
Here I agree with Glen.

--Jari

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 29 07:14:08 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA13276
	for ; Fri, 29 Apr 2005 07:14:07 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 1280820638;
	Fri, 29 Apr 2005 07:14:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id BB24F2062E;
	Fri, 29 Apr 2005 07:14:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 4DCAC2062E
	for ; Fri, 29 Apr 2005 07:13:09 -0400 (EDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130])
	by mail.frascone.com (Postfix) with ESMTP id 3746C20372
	for ; Fri, 29 Apr 2005 07:13:07 -0400 (EDT)
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130])
	by p130.piuha.net (Postfix) with ESMTP id 8B6EF8985D;
	Fri, 29 Apr 2005 14:13:06 +0300 (EEST)
Message-ID: <427216C6.6010908@piuha.net>
From: Jari Arkko 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Bernard Aboba 
Cc: Pasi.Eronen@nokia.com, eap@frascone.com
Subject: Re: [eap] Basic facts about EAP
References:  
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 14:13:10 +0300
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Bernard Aboba wrote:

>>And there's no single correct system, either. For instance, it's
>>perfectly OK to have a system where both EAP server and RADIUS server
>>are considered to be parts of a single logical entity. But nothing
>>in the components (EAP or RADIUS) implies or forces this: it is
>>this unnamed system that is making this definition. But since we
>>don't have good names for these systems, it's easy to get a
>>disagreement when two people are, in fact, talking of two different
>>systems that happen to use EAP (or are arguing that there is or
>>should be a single correct system, and no other systems are allowed
>>to use EAP).
>>    
>>
>
>Do you have a suggestion for how we might clarify the usage?
>  
>
I usually refer to the system as the "network access control
system", though this works only when EAP is used where
it was originally intended to be used. The system consists
of clients, NASes, proxies, and servers, and has three main
protocols:

- First hop, either on L2 (e.g. 802.11i) or L3 (e.g. PANA, IKEv2)
- AAA, running between NASes and servers in a fashion where
  the existence of the proxies is visible and known to the protocol
- EAP, running between the client and the servers, unaware
  of NASes unless channel bindings are being provided

--Jari

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 29 09:02:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA22454
	for ; Fri, 29 Apr 2005 09:02:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A70962063A;
	Fri, 29 Apr 2005 09:02:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C779B20633;
	Fri, 29 Apr 2005 09:02:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6811920633
	for ; Fri, 29 Apr 2005 09:01:39 -0400 (EDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130])
	by mail.frascone.com (Postfix) with ESMTP id 3977D2062E
	for ; Fri, 29 Apr 2005 09:01:36 -0400 (EDT)
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130])
	by p130.piuha.net (Postfix) with ESMTP id 373788985D;
	Fri, 29 Apr 2005 16:01:35 +0300 (EEST)
Message-ID: <42723033.9050403@piuha.net>
From: Jari Arkko 
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Nakhjiri Madjid-MNAKHJI1 
Cc: "'Bernard Aboba'" , eap@frascone.com
Subject: Re: FW: [eap] Re: EAP key binding discussion
References: 
In-Reply-To: 
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 16:01:39 +0300
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

Hi Madjid

>Madjid>>what about disclosure of the keys between the authenticators??
>I think EAP and its key management framework has not positioned itself well with respect to handovers and that is why the door for interpretations is being opened over and over.
>  
>
It is true that the key management framework does not do good
enough job for handovers. We have the security requirements for
overall operation which also need to be followed here, but
specific formulas etc on the handovers are not baked yet. Part
of the reason for this is that we are lacking a specific fast handover
architecture, given that there are so many proposals. That's why
we have also split the document so that we can get the "existing
stuff" (e.g. 802.11) document out as soon as possible, and have
more time to complete the fancier handover key scenarios.

>
>Madjid>> "all parties"? Where is the mutual authentication between the NAS and AAA server enforced? RADIUS shared secret (SS)? If that
>
Yes.

> is the case then you can have 
>			SS1
>		LKDC----------AAA server
>			     	 /	 /
>		long term__/	/SS2
>		secret  /       /
>		       peer---- NAS
>
>
>
>and the "domino effect"
>condition which prevents compromise of one party from affecting other
>parties.
>
>Madjid>> Sending the AAA-key to each authenticator and reusing it by other authenticator as part of secure association generation with the peer causes "domino effect", no
>  
>
Yes, if the AAA-Key is same for all authenticators.

--Jari

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 29 10:56:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA03132
	for ; Fri, 29 Apr 2005 10:56:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id A20A020719;
	Fri, 29 Apr 2005 10:56:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 0D89420637;
	Fri, 29 Apr 2005 10:56:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5A60720637
	for ; Fri, 29 Apr 2005 10:55:26 -0400 (EDT)
Received: from motgate8.mot.com (motgate8.mot.com [129.188.136.8])
	by mail.frascone.com (Postfix) with ESMTP id 757A220396
	for ; Fri, 29 Apr 2005 10:55:23 -0400 (EDT)
Received: from az33exr01.mot.com (az33exr01.mot.com [10.64.251.231])
	by motgate8.mot.com (Motorola/Motgate8) with ESMTP id j3TEvp24029762
	for ; Fri, 29 Apr 2005 07:57:52 -0700 (MST)
Received: from il02exm13.corp.mot.com (il02exm13.corp.mot.com [10.0.111.24])
	by az33exr01.mot.com (8.13.1/8.13.0) with ESMTP id j3TEw12F018887
	for ; Fri, 29 Apr 2005 09:58:01 -0500 (CDT)
Received: by il02exm13 with Internet Mail Service (5.5.2657.72)
	id ; Fri, 29 Apr 2005 09:55:21 -0500
Message-ID: <1B631E11D496D711BB2800065BFCB6A11B7A6F77@il02exm13>
From: Narayanan Vidya-CVN065 
To: eap@frascone.com
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C54CCB.707CCB4B"
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] EAP, AAA and Handovers
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 09:55:10 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C54CCB.707CCB4B
Content-Type: text/plain

All,
There has been discussion on handovers and EAP lately on the list, so I thought I'd post this question to the group. There is general agreement that handovers require faster re-authentication and that EAP doesn't necessarily provide that by default, as the roundtrip to the AAA server and the number of messages involved may take away from that. Pre-authentication helps, but not all that much if the AAA server is many, many hops away and is also dependent on how far in advance of the handover the client initiates the pre-authentication. 
 
In my mind, there seems to be two ways of addressing this handover problem: 
 
1. Modify EAP somehow or introduce a "local" node geographically closer to the NAS that can receive the AAA-key. There is always the question of whether this approach compromises security and whether this now becomes a greater than 3-party model that is not acceptable, etc. This topic is already under discussion and I don't want the discussion to be repeated here. 
 
2. Modify AAA to allow creation of multiple AAA-keys (for multiple NAS-es) and send them to the respective NAS-es. This is not a novel concept and has been talked about in university papers and such - but I am trying to understand if this is a viable method to discuss in the IETF. Basically, if the AAA server can create AAA-keys for neighbor NAS entities (and not just the current requesting NAS), it keeps the model of EAP intact - only the AS generates the AAA-key to be used between one NAS/client pair. However, the issue with this is the support for unsolicited messages in the AAA protocols - today, the AAA server cannot send an unsolicited message with a AAA-key to a NAS for a client that is yet to attach to it. Introducing such a model (wasn't there an IRTF draft at some point talking about RADIUS Notify messages or some such sort?) would allow the AAA-server to authenticate the client and derive one AAA-key for the current NAS and an arbitrary number of AAA-keys for pote!
 ntial handover target NAS-es and send them down in an unsolicited manner to the target NAS devices. 
 
Has this model been discussed before? If so, I'd appreciate if someone can point me to any documentation/ML thread on this. If not, I'd like to understand if that is a viable option or not. I understand that AAA protocols already have a widely deployed base - but, this doesn't necessarily have an impact on legacy devices. It places a new requirement on AAA (and possibly a minor one on EAP to carry the request for multiple AAA-keys) to support handovers - but would that not be acceptable? It seems to me that this would allow all the Housley criteria to be satisfied and the 3-party model to be preserved properly. 
 
Maybe I am missing something fundamental here. I'd like to hear any thoughts on it. 

Thanks,
Vidya

------_=_NextPart_001_01C54CCB.707CCB4B
Content-Type: text/html
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgSFRUUC1FUVVJVj0iQ29udGVudC1UeXBlIiBDT05U
RU5UPSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVMtQVNDSUkiPg0KPFRJVExFPk1lc3NhZ2U8L1RJVExF
Pg0KDQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4wMC4yODAwLjE0OTEiIG5hbWU9R0VORVJBVE9S
PjwvSEVBRD4NCjxCT0RZPg0KPERJVj48U1BBTiBjbGFzcz01MDkwNDA5MTMtMjkwNDIwMDU+PEZP
TlQgZmFjZT1BcmlhbCANCnNpemU9Mj5BbGwsPC9GT05UPjwvU1BBTj48L0RJVj4NCjxESVY+PFNQ
QU4gY2xhc3M9NTA5MDQwOTEzLTI5MDQyMDA1PjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPlRoZXJl
IGhhcyBiZWVuIA0KZGlzY3Vzc2lvbiBvbiBoYW5kb3ZlcnMgYW5kIEVBUCBsYXRlbHkgb24gdGhl
IGxpc3QsIHNvIEkgdGhvdWdodCBJJ2QgcG9zdCB0aGlzIA0KcXVlc3Rpb24gdG8gdGhlIGdyb3Vw
LiBUaGVyZSBpcyBnZW5lcmFsIGFncmVlbWVudCB0aGF0IGhhbmRvdmVycyByZXF1aXJlIGZhc3Rl
ciANCnJlLWF1dGhlbnRpY2F0aW9uIGFuZCB0aGF0IEVBUCBkb2Vzbid0IG5lY2Vzc2FyaWx5IHBy
b3ZpZGUgdGhhdCBieSBkZWZhdWx0LCBhcyANCnRoZSByb3VuZHRyaXAgdG8gdGhlIEFBQSBzZXJ2
ZXIgYW5kIHRoZSBudW1iZXIgb2YgbWVzc2FnZXMgaW52b2x2ZWQgbWF5IHRha2UgDQphd2F5IGZy
b20gdGhhdC4gUHJlLWF1dGhlbnRpY2F0aW9uIGhlbHBzLCBidXQgbm90IGFsbCB0aGF0IG11Y2gg
aWYgdGhlIEFBQSANCnNlcnZlciBpcyBtYW55LCBtYW55IGhvcHMgYXdheSBhbmQgaXMgYWxzbyBk
ZXBlbmRlbnQgb24gaG93IGZhciBpbiBhZHZhbmNlIG9mIA0KdGhlIGhhbmRvdmVyIHRoZSBjbGll
bnQgaW5pdGlhdGVzIHRoZSBwcmUtYXV0aGVudGljYXRpb24uIDwvRk9OVD48L1NQQU4+PC9ESVY+
DQo8RElWPjxTUEFOIGNsYXNzPTUwOTA0MDkxMy0yOTA0MjAwNT48Rk9OVCBmYWNlPUFyaWFsIA0K
c2l6ZT0yPjwvRk9OVD48L1NQQU4+Jm5ic3A7PC9ESVY+DQo8RElWPjxTUEFOIGNsYXNzPTUwOTA0
MDkxMy0yOTA0MjAwNT48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5JbiBteSBtaW5kLCB0aGVyZSAN
CnNlZW1zIHRvIGJlIHR3byB3YXlzIG9mIGFkZHJlc3NpbmcgdGhpcyBoYW5kb3ZlciBwcm9ibGVt
OiA8L0ZPTlQ+PC9TUEFOPjwvRElWPg0KPERJVj48U1BBTiBjbGFzcz01MDkwNDA5MTMtMjkwNDIw
MDU+PEZPTlQgZmFjZT1BcmlhbCANCnNpemU9Mj48L0ZPTlQ+PC9TUEFOPiZuYnNwOzwvRElWPg0K
PERJVj48U1BBTiBjbGFzcz01MDkwNDA5MTMtMjkwNDIwMDU+PEZPTlQgZmFjZT1BcmlhbCBzaXpl
PTI+MS4gTW9kaWZ5IEVBUCANCnNvbWVob3cgb3IgaW50cm9kdWNlIGEgImxvY2FsIiBub2RlIGdl
b2dyYXBoaWNhbGx5IGNsb3NlciB0byB0aGUgTkFTIHRoYXQgY2FuIA0KcmVjZWl2ZSB0aGUgQUFB
LWtleS4gVGhlcmUgaXMgYWx3YXlzIHRoZSBxdWVzdGlvbiBvZiB3aGV0aGVyIHRoaXMgYXBwcm9h
Y2ggDQpjb21wcm9taXNlcyBzZWN1cml0eSBhbmQgd2hldGhlciB0aGlzIG5vdyBiZWNvbWVzIGEg
Z3JlYXRlciB0aGFuIDMtcGFydHkgbW9kZWwgDQp0aGF0IGlzIG5vdCBhY2NlcHRhYmxlLCBldGMu
IFRoaXMgdG9waWMgaXMgYWxyZWFkeSB1bmRlciBkaXNjdXNzaW9uIGFuZCBJIGRvbid0IA0Kd2Fu
dCB0aGUgZGlzY3Vzc2lvbiB0byBiZSByZXBlYXRlZCBoZXJlLiA8L0ZPTlQ+PC9TUEFOPjwvRElW
Pg0KPERJVj48U1BBTiBjbGFzcz01MDkwNDA5MTMtMjkwNDIwMDU+PEZPTlQgZmFjZT1BcmlhbCAN
CnNpemU9Mj48L0ZPTlQ+PC9TUEFOPiZuYnNwOzwvRElWPg0KPERJVj48U1BBTiBjbGFzcz01MDkw
NDA5MTMtMjkwNDIwMDU+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+Mi4gTW9kaWZ5IEFBQSB0byAN
CmFsbG93IGNyZWF0aW9uIG9mIG11bHRpcGxlIEFBQS1rZXlzIChmb3IgbXVsdGlwbGUgTkFTLWVz
KSBhbmQgc2VuZCB0aGVtIHRvIHRoZSANCnJlc3BlY3RpdmUgTkFTLWVzLiBUaGlzIGlzIG5vdCBh
IG5vdmVsIGNvbmNlcHQgYW5kIGhhcyBiZWVuIHRhbGtlZCBhYm91dCBpbiANCnVuaXZlcnNpdHkg
cGFwZXJzIGFuZCBzdWNoIC0gYnV0IEkgYW0gdHJ5aW5nIHRvIHVuZGVyc3RhbmQgaWYgdGhpcyBp
cyBhIHZpYWJsZSANCm1ldGhvZCB0byBkaXNjdXNzIGluIHRoZSBJRVRGLiBCYXNpY2FsbHksIGlm
IHRoZSBBQUEgc2VydmVyIGNhbiBjcmVhdGUgQUFBLWtleXMgDQpmb3IgbmVpZ2hib3IgTkFTIGVu
dGl0aWVzIChhbmQgbm90IGp1c3QgdGhlIGN1cnJlbnQgcmVxdWVzdGluZyBOQVMpLCBpdCBrZWVw
cyANCnRoZSBtb2RlbCBvZiBFQVAgaW50YWN0IC0gb25seSB0aGUgQVMgZ2VuZXJhdGVzIHRoZSBB
QUEta2V5IHRvIGJlIHVzZWQgYmV0d2VlbiANCm9uZSBOQVMvY2xpZW50IHBhaXIuIEhvd2V2ZXIs
IHRoZSBpc3N1ZSB3aXRoIHRoaXMgaXMgdGhlIHN1cHBvcnQgZm9yIHVuc29saWNpdGVkIA0KbWVz
c2FnZXMgaW4gdGhlIEFBQSBwcm90b2NvbHMmbmJzcDstIHRvZGF5LCB0aGUgQUFBIHNlcnZlciBj
YW5ub3Qgc2VuZCBhbiANCnVuc29saWNpdGVkIG1lc3NhZ2Ugd2l0aCBhIEFBQS1rZXkgdG8gYSBO
QVMgZm9yIGEgY2xpZW50IHRoYXQgaXMgeWV0IHRvIGF0dGFjaCANCnRvIGl0LiBJbnRyb2R1Y2lu
ZyBzdWNoIGEgbW9kZWwgKHdhc24ndCB0aGVyZSBhbiBJUlRGIGRyYWZ0IGF0IHNvbWUgcG9pbnQg
DQp0YWxraW5nIGFib3V0IFJBRElVUyBOb3RpZnkgbWVzc2FnZXMgb3Igc29tZSBzdWNoIHNvcnQ/
KSB3b3VsZCBhbGxvdyB0aGUgDQpBQUEtc2VydmVyIHRvIGF1dGhlbnRpY2F0ZSB0aGUgY2xpZW50
IGFuZCBkZXJpdmUgb25lIEFBQS1rZXkgZm9yIHRoZSBjdXJyZW50IE5BUyANCmFuZCBhbiBhcmJp
dHJhcnkgbnVtYmVyIG9mIEFBQS1rZXlzIGZvciBwb3RlbnRpYWwgaGFuZG92ZXIgdGFyZ2V0IE5B
Uy1lcyBhbmQgDQpzZW5kIHRoZW0gZG93biBpbiBhbiB1bnNvbGljaXRlZCBtYW5uZXIgdG8gdGhl
IHRhcmdldCBOQVMgZGV2aWNlcy4gDQo8L0ZPTlQ+PC9TUEFOPjwvRElWPg0KPERJVj48U1BBTiBj
bGFzcz01MDkwNDA5MTMtMjkwNDIwMDU+PEZPTlQgZmFjZT1BcmlhbCANCnNpemU9Mj48L0ZPTlQ+
PC9TUEFOPiZuYnNwOzwvRElWPg0KPERJVj48U1BBTiBjbGFzcz01MDkwNDA5MTMtMjkwNDIwMDU+
PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+SGFzIHRoaXMgbW9kZWwgYmVlbiANCmRpc2N1c3NlZCBi
ZWZvcmU/IElmIHNvLCBJJ2QgYXBwcmVjaWF0ZSBpZiBzb21lb25lIGNhbiBwb2ludCBtZSB0byBh
bnkgDQpkb2N1bWVudGF0aW9uL01MIHRocmVhZCBvbiB0aGlzLiBJZiBub3QsIEknZCBsaWtlIHRv
IHVuZGVyc3RhbmQgaWYgdGhhdCBpcyBhIA0KdmlhYmxlIG9wdGlvbiBvciBub3QuIEkgdW5kZXJz
dGFuZCB0aGF0IEFBQSBwcm90b2NvbHMgYWxyZWFkeSBoYXZlIGEgd2lkZWx5IA0KZGVwbG95ZWQg
YmFzZSAtIGJ1dCwgdGhpcyBkb2Vzbid0IG5lY2Vzc2FyaWx5IGhhdmUgYW4gaW1wYWN0IG9uIGxl
Z2FjeSBkZXZpY2VzLiANCkl0IHBsYWNlcyBhIG5ldyByZXF1aXJlbWVudCBvbiBBQUEgKGFuZCBw
b3NzaWJseSBhIG1pbm9yIG9uZSBvbiBFQVAgdG8gY2FycnkgdGhlIA0KcmVxdWVzdCBmb3IgbXVs
dGlwbGUgQUFBLWtleXMpIHRvIHN1cHBvcnQgaGFuZG92ZXJzIC0gYnV0IHdvdWxkIHRoYXQgbm90
IGJlIA0KYWNjZXB0YWJsZT8gSXQgc2VlbXMgdG8gbWUgdGhhdCB0aGlzIHdvdWxkIGFsbG93IGFs
bCB0aGUgSG91c2xleSBjcml0ZXJpYSB0byBiZSANCnNhdGlzZmllZCBhbmQgdGhlIDMtcGFydHkg
bW9kZWwgdG8gYmUgcHJlc2VydmVkIHByb3Blcmx5LiA8L0ZPTlQ+PC9TUEFOPjwvRElWPg0KPERJ
Vj48U1BBTiBjbGFzcz01MDkwNDA5MTMtMjkwNDIwMDU+PEZPTlQgZmFjZT1BcmlhbCANCnNpemU9
Mj48L0ZPTlQ+PC9TUEFOPiZuYnNwOzwvRElWPg0KPERJVj48U1BBTiBjbGFzcz01MDkwNDA5MTMt
MjkwNDIwMDU+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+TWF5YmUgSSBhbSBtaXNzaW5nIA0Kc29t
ZXRoaW5nIGZ1bmRhbWVudGFsIGhlcmUuIEknZCBsaWtlIHRvIGhlYXIgYW55IHRob3VnaHRzIG9u
IGl0LiANCjwvRk9OVD48L1NQQU4+PC9ESVY+PFNQQU4gY2xhc3M9NTA5MDQwOTEzLTI5MDQyMDA1
Pg0KPERJVj48QlI+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+VGhhbmtzLDwvRk9OVD48L0RJVj4N
CjxESVY+PFNQQU4gY2xhc3M9NTA5MDQwOTEzLTI5MDQyMDA1PjxGT05UIGZhY2U9QXJpYWwgDQpz
aXplPTI+VmlkeWE8L0ZPTlQ+PC9TUEFOPjwvU1BBTj48L0RJVj48L0JPRFk+PC9IVE1MPg0K

------_=_NextPart_001_01C54CCB.707CCB4B--
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 29 11:27:12 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA05703
	for ; Fri, 29 Apr 2005 11:27:12 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 43FEF20637;
	Fri, 29 Apr 2005 11:27:11 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 309A820644;
	Fri, 29 Apr 2005 11:27:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6C64D20644
	for ; Fri, 29 Apr 2005 11:26:58 -0400 (EDT)
Received: from motgate8.mot.com (motgate8.mot.com [129.188.136.8])
	by mail.frascone.com (Postfix) with ESMTP id 9677E20637
	for ; Fri, 29 Apr 2005 11:26:56 -0400 (EDT)
Received: from il06exr01.mot.com (il06exr01.mot.com [129.188.137.131])
	by motgate8.mot.com (Motorola/Motgate8) with ESMTP id j3TFTO24011809
	for ; Fri, 29 Apr 2005 08:29:24 -0700 (MST)
Received: from il02exm13.corp.mot.com (il02exm13.corp.mot.com [10.0.111.24])
	by il06exr01.mot.com (8.13.1/8.13.0) with ESMTP id j3TFTvKY026720
	for ; Fri, 29 Apr 2005 10:29:57 -0500 (CDT)
Received: by il02exm13 with Internet Mail Service (5.5.2657.72)
	id ; Fri, 29 Apr 2005 10:26:54 -0500
Message-ID: <1B631E11D496D711BB2800065BFCB6A11B7A6F78@il02exm13>
From: Narayanan Vidya-CVN065 
To: "'ldondeti@qualcomm.com'" 
Cc: eap@frascone.com
Subject: RE: [eap] EAP, AAA and Handovers
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 10:26:46 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Hi Lakshminath,
Yes, I have read the key management framework - but I struggle with the text in that. It briefly touches on the AMSK derivation and how to derive AAA-keys for multiple authenticators - but how do those keys get transported to those authenticators ahead of time? It doesn't address any hooks in AAA protocols to allow that (nor should it - that is what the IRTF aaaarch-handoff draft was for). 

The issue I am having is the very fact that the aaa handoff architecture work still remains in IRTF, while we are designing handoff protocols assuming that such a aaa architecture is not available. 

BTW, with the new split of the EAP key management draft into two, the key derivation stuff I believe is out of the basic draft - it is intended to be part of the extended EAP keying draft. 

Regards,
Vidya

-----Original Message-----
From: Lakshminath Dondeti [mailto:ldondeti@qualcomm.com] 
Sent: Friday, April 29, 2005 10:09 AM
To: Narayanan Vidya-CVN065
Subject: Re: [eap] EAP, AAA and Handovers


Hi Vidya,

Have you seen the EAP keying I-D?  
http://ietfreport.isoc.org/all-ids/draft-ietf-eap-keying-05.txt  
(apologies if you already know about it).

Note: the 06 version removed the key derivation aspects.  I forget where 
it went in the reorganization of the text.

regards,
Lakshminath

Narayanan Vidya-CVN065 wrote:

> All,
> There has been discussion on handovers and EAP lately on the list, so
> I thought I'd post this question to the group. There is general 
> agreement that handovers require faster re-authentication and that EAP 
> doesn't necessarily provide that by default, as the roundtrip to the 
> AAA server and the number of messages involved may take away from 
> that. Pre-authentication helps, but not all that much if the AAA 
> server is many, many hops away and is also dependent on how far in 
> advance of the handover the client initiates the pre-authentication.
>  
> In my mind, there seems to be two ways of addressing this handover
> problem:
>  
> 1. Modify EAP somehow or introduce a "local" node geographically
> closer to the NAS that can receive the AAA-key. There is always the 
> question of whether this approach compromises security and whether 
> this now becomes a greater than 3-party model that is not acceptable, 
> etc. This topic is already under discussion and I don't want the 
> discussion to be repeated here.
>  
> 2. Modify AAA to allow creation of multiple AAA-keys (for multiple
> NAS-es) and send them to the respective NAS-es. This is not a novel 
> concept and has been talked about in university papers and such - but 
> I am trying to understand if this is a viable method to discuss in the 
> IETF. Basically, if the AAA server can create AAA-keys for neighbor 
> NAS entities (and not just the current requesting NAS), it keeps the 
> model of EAP intact - only the AS generates the AAA-key to be used 
> between one NAS/client pair. However, the issue with this is the 
> support for unsolicited messages in the AAA protocols - today, the AAA 
> server cannot send an unsolicited message with a AAA-key to a NAS for 
> a client that is yet to attach to it. Introducing such a model (wasn't 
> there an IRTF draft at some point talking about RADIUS Notify messages 
> or some such sort?) would allow the AAA-server to authenticate the 
> client and derive one AAA-key for the current NAS and an arbitrary 
> number of AAA-keys for potential handover target NAS-es and send them 
> down in an unsolicited manner to the target NAS devices.
>  
> Has this model been discussed before? If so, I'd appreciate if someone
> can point me to any documentation/ML thread on this. If not, I'd like 
> to understand if that is a viable option or not. I understand that AAA 
> protocols already have a widely deployed base - but, this doesn't 
> necessarily have an impact on legacy devices. It places a new 
> requirement on AAA (and possibly a minor one on EAP to carry the 
> request for multiple AAA-keys) to support handovers - but would that 
> not be acceptable? It seems to me that this would allow all the 
> Housley criteria to be satisfied and the 3-party model to be preserved 
> properly.
>  
> Maybe I am missing something fundamental here. I'd like to hear any
> thoughts on it.
>
> Thanks,
> Vidya
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 29 11:44:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA07911
	for ; Fri, 29 Apr 2005 11:44:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 21DC42071E;
	Fri, 29 Apr 2005 11:44:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id EF1E820644;
	Fri, 29 Apr 2005 11:44:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id D0C2420644
	for ; Fri, 29 Apr 2005 11:43:38 -0400 (EDT)
Received: from smtp2.enst.fr (revol2.enst.fr [137.194.2.14])
	by mail.frascone.com (Postfix) with ESMTP id E035720637
	for ; Fri, 29 Apr 2005 11:43:36 -0400 (EDT)
Received: from localhost (localhost.enst.fr [127.0.0.1])
	by smtp2.enst.fr (Postfix) with ESMTP id 178CC2181
	for ; Fri, 29 Apr 2005 17:43:35 +0200 (CEST)
Received: from smtp2.enst.fr ([127.0.0.1])
 by localhost (revol2.enst.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 43864-06 for ;
 Fri, 29 Apr 2005 17:43:34 +0200 (CEST)
Received: from infres.enst.fr (infres.enst.fr [137.194.192.1])
	by smtp2.enst.fr (Postfix) with ESMTP id 5FFA2210C
	for ; Fri, 29 Apr 2005 17:43:34 +0200 (CEST)
Received: from [127.0.0.1] (ares.enst.fr [137.194.34.9])
	by infres.enst.fr (Postfix) with ESMTP id F1A852F45
	for ; Fri, 29 Apr 2005 17:43:33 +0200 (MEST)
Message-ID: <4272561D.9080108@enst.fr>
From: Artur Hecker 
Organization: ENST Paris
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: eap@frascone.com
Subject: Re: [eap] Basic facts about EAP
References:   <427216C6.6010908@piuha.net>
In-Reply-To: <427216C6.6010908@piuha.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at enst.fr
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 17:43:25 +0200
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit

hi


just some (pretty evident) thoughts on it:

Jari Arkko wrote:
> I usually refer to the system as the "network access control
> system", though this works only when EAP is used where
> it was originally intended to be used. The system consists
> of clients, NASes, proxies, and servers, and has three main
> protocols:
> 
> - First hop, either on L2 (e.g. 802.11i) or L3 (e.g. PANA, IKEv2)
> - AAA, running between NASes and servers in a fashion where
>  the existence of the proxies is visible and known to the protocol
> - EAP, running between the client and the servers, unaware
>  of NASes unless channel bindings are being provided

I'd agree on (optional) AAA. However for the rest it might be better to 
use a higher abstraction level. For instance, I wouldn't restrict this 
"unnamed system" to network access issues only. I also don't really see 
why PANA would be strictly L3 and not e.g. L4 or higher :-) (since it 
uses EAP over UDP on the service link).

Perhaps we could talk about a "service access control system" instead. 
The service might be a network link with certain parameters (e.g. 802.11 
link with encryption, QoS, whatever else), an L3 service (e.g. IP 
obtained e.g. over PANA), an application layer service (there were some 
proposals for EAP in SIP or EAP in HTTP, etc., I think others might 
follow since it is a good idea to use established authentication 
protocols like the standard EAP methods), or anything else.

In this view, EAP appears as a pure user-service authentication 
protocol. Indeed, EAP does not specify any machine-bound identity, so 
e.g. "network access" appears to be too special or too low. "User" is an 
abstract name pointing to the "accessing entity", "supplicant" or 
"access requestor"; it can be  virtually anything, depending on the used 
service (which appears perfect). Note that in that particular context, 
"user" is also might better than the mentioned "client", because 
"client" is often confused with an NAS. (Btw, "NAS" is a particularly 
bad name: it is typically used in the context of AAA protocols where, 
strictly spoken, this entity is everything but a server; NAS is only a 
Network Access Server from the point of view of the _user_, who however 
is out of scope of the AAA protocol that itself is a two-party protocol).

So, EAP is used between the service requesting and the service providing 
entities (user and service provider?). Of course, the service providing 
entity may relay the requests to somebody else since EAP does not use 
any form of addressing. However, it is a service provider internal 
treatment; logically the service requestor is unaware of this 
difference. In that sense, I'd agree with Glen that, unless some special 
EAP method is used, the separation of the NAS and the AAA backend is 
completely transparent for the user.

Historically, AAA is just a convenient way to centralize the 
administration of the dispersed NASes :-)


-- 
___________________________________________________________
Artur Hecker
http://www.enst.fr/~hecker
ENST Paris ________________________________________________
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From ywspx@snail-mail.net  Fri Apr 29 11:51:26 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA08580;
	Fri, 29 Apr 2005 11:51:25 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DRXz8-0001zK-6K; Fri, 29 Apr 2005 12:05:00 -0400
Received: from 84-72-238-57.dclient.hispeed.ch ([84.72.238.57])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DRXlu-0002mG-O3; Fri, 29 Apr 2005 11:51:20 -0400
Received: from ny-tupperlake1b-279.albyny.adelphia.net (pD030D2D1.dip.t-dialin.net [16.24.93.16])
	by mathews.beonex.com with ESMTP id 288B9C0639B
	for ; Fri, 29 Apr 2005 09:45:27 -0700
Message-Id: <7834291120.0729081@bcc2.kofak.com>
Date: Fri, 29 Apr 2005 10:46:27 -0600
From: "Mari Pacheco" 
To: ietf-archive@ietf.org, ietf@ietf.org, dhcwg-request@ietf.org,
        manet-admin@ietf.org, eap-archive@ietf.org, action@ietf.org,
        asrg-announce-admin@ietf.org
Subject:  Promotion problem solved.-z 270 dumy
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793


Hey I just found an super deal for you to put your
website promotion on autopilot, you won’t have to worry
about it ever again.

Here's all the details:
http://www.37khitsnow.com

Every site needs a Massive Marketing Program in order to be a
success.  The most essential part of any campaign is traffic
and sales.  It’s easy to get exposure to hundreds of
thousands every month.

Imagine - your traffic and sales problem solved forever.
What will you do with all the extra time on your hands?

Spots in this program are limited, so hurry on over:
http://www.37khitsnow.com



-------------------------------------------------------------




No more?:
http://www.37khitsnow.com/opts.html


bolo ret brazilian bridge dire.
wheatstone furlough retrofitted beverage abdominal.
over bindery deacon hay marsh.

ellipsoidal plush raillery budd conferred.
dickens grimaldi insure spinach amalgamate.
inconsistent fafnir courier bacterium deuteron.

benz corey jeroboam capsule bite.
chord fairport courage as scene.
efficient pass curia swarthout knott.
alcoholic quell actor exhibition imperceivable.

aficionado sanitary antietam justiciable lacuna.
vanity m manzanita conjectural cruz.
bronx punitive spire drape shakespeare.

piano amherst charismatic add escritoire.
zoo stampede cross pathology declination.
consortium stereoscopy coil coulomb lusty.





From eap-admin@frascone.com  Fri Apr 29 13:12:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA16465
	for ; Fri, 29 Apr 2005 13:12:09 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 0BB0020723;
	Fri, 29 Apr 2005 13:12:08 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id B17D420712;
	Fri, 29 Apr 2005 13:12:06 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 101E220712
	for ; Fri, 29 Apr 2005 13:11:09 -0400 (EDT)
Received: from intolerance.mr.itd.umich.edu (intolerance.mr.itd.umich.edu [141.211.14.78])
	by mail.frascone.com (Postfix) with ESMTP id 241DC20638
	for ; Fri, 29 Apr 2005 13:11:07 -0400 (EDT)
Received: from [198.108.62.232] (dhcp62-232.merit.edu [198.108.62.232])
	by intolerance.mr.itd.umich.edu (smtp) with ESMTP id j3THB3oh012657;
	Fri, 29 Apr 2005 13:11:03 -0400
In-Reply-To: <4272561D.9080108@enst.fr>
References:   <427216C6.6010908@piuha.net> <4272561D.9080108@enst.fr>
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <68b7c7d8955c36ebf20eaad5e105acf7@umich.edu>
Content-Transfer-Encoding: 7bit
Cc: eap@frascone.com, John Vollbrecht 
From: John Vollbrecht 
Subject: Re: [eap] Basic facts about EAP
To: Artur Hecker 
X-Mailer: Apple Mail (2.622)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 13:11:10 -0400
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7bit


On Apr 29, 2005, at 11:43 AM, Artur Hecker wrote:

> hi
>
>
> just some (pretty evident) thoughts on it:
>
> Jari Arkko wrote:
>> I usually refer to the system as the "network access control
>> system", though this works only when EAP is used where
>> it was originally intended to be used. The system consists
>> of clients, NASes, proxies, and servers, and has three main
>> protocols:
>> - First hop, either on L2 (e.g. 802.11i) or L3 (e.g. PANA, IKEv2)
>> - AAA, running between NASes and servers in a fashion where
>>  the existence of the proxies is visible and known to the protocol
>> - EAP, running between the client and the servers, unaware
>>  of NASes unless channel bindings are being provided
>
> I'd agree on (optional) AAA. However for the rest it might be better 
> to use a higher abstraction level. For instance, I wouldn't restrict 
> this "unnamed system" to network access issues only. I also don't 
> really see why PANA would be strictly L3 and not e.g. L4 or higher :-) 
> (since it uses EAP over UDP on the service link).
>
> Perhaps we could talk about a "service access control system" instead. 
> The service might be a network link with certain parameters (e.g. 
> 802.11 link with encryption, QoS, whatever else), an L3 service (e.g. 
> IP obtained e.g. over PANA), an application layer service (there were 
> some proposals for EAP in SIP or EAP in HTTP, etc., I think others 
> might follow since it is a good idea to use established authentication 
> protocols like the standard EAP methods), or anything else.
>
> In this view, EAP appears as a pure user-service authentication 
> protocol. Indeed, EAP does not specify any machine-bound identity, so 
> e.g. "network access" appears to be too special or too low. "User" is 
> an abstract name pointing to the "accessing entity", "supplicant" or 
> "access requestor"; it can be  virtually anything, depending on the 
> used service (which appears perfect). Note that in that particular 
> context, "user" is also might better than the mentioned "client", 
> because "client" is often confused with an NAS. (Btw, "NAS" is a 
> particularly bad name: it is typically used in the context of AAA 
> protocols where, strictly spoken, this entity is everything but a 
> server; NAS is only a Network Access Server from the point of view of 
> the _user_, who however is out of scope of the AAA protocol that 
> itself is a two-party protocol).
>
> So, EAP is used between the service requesting and the service 
> providing entities (user and service provider?). Of course, the 
> service providing entity may relay the requests to somebody else since 
> EAP does not use any form of addressing. However, it is a service 
> provider internal treatment; logically the service requestor is 
> unaware of this difference. In that sense, I'd agree with Glen that, 
> unless some special EAP method is used, the separation of the NAS and 
> the AAA backend is completely transparent for the user.
>
> Historically, AAA is just a convenient way to centralize the 
> administration of the dispersed NASes :-)
>
>
I think this is a very useful discussion.  I agree that EAP is 
independent of NAS, AAA, etc.

In my view, EAP RFC  describes how EAP methods are controlled between a 
supplicant and an authenticator.  The supplicant and authenticator can 
be built into any processes that want to run EAP methods between each 
other.

The result of running EAP is represented by a success or fail which is 
passed to the processes running EAP between themselves.  It may also 
pass other information like key or state.  This does not depend in any 
way on the underlying protocol carrying EAP.

EAP runs EAP methods.  EAP methods implement different algorithms, most 
of the current ones are authentication, some of which provide tunnels 
in which other EAP Methods may be run.  Methods are run by EAP.  Each 
method is a set of messages.  The termination of an EAP method is a  
success or fail (at least in the authenticator), state (perhaps reason 
code), and (again perhaps) key.  Other things could be defined and 
perhaps should be, else EAP variables in methods will become part of 
the process calling them.

When EAP runs between processes it may be desirable to pass some info 
from the processes to EAP so that it can use that information when 
building keys so the keys are bound to the calling process.  One 
question in my mind is  whether the binding is done by having the EAP 
method pass a "unbound" key to EAP and having EAP do the binding, or to 
pass the information to the EAP method and have the method do the 
binding.

I am not sure if there are cryptographic reasons for doing binding one 
place  or the other.  I would be interested in understanding if those 
reasons exist and if so what they are.  From a structural design point 
of  view it seems that having EAP methods always produce the key and 
having the EAP process (or the process that calls EAP)  bind it might 
be simpler for EAP method implementers.  Then EAP methods could produce 
a key and callers could bind it to the process calling it in any way 
that seems appropriate for the particular application.

I am very interested in reactions to this way of thinking about EAP and 
interaction with other processes.  I don't think limiting EAP to use in 
AAA style systems is necessary or a good thing.  EAP use in IKEv2, 
PANA, and within PEAP, FAST, TTLS is making this important.   This 
seems a good topic to spend some time on at the next IETF.  It also 
seems to play into the Key Management issues.

John

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From bjbdrtizscye@de.kaercher.com  Fri Apr 29 13:23:20 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA17683;
	Fri, 29 Apr 2005 13:23:19 -0400 (EDT)
Received: from cpe00045a9a9c0b-cm001225023b5c.cpe.net.cable.rogers.com ([70.26.31.204])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DRZQ0-0006LG-7N; Fri, 29 Apr 2005 13:36:53 -0400
X-Message-Info: RLonrB27yRBYqcHWnv262ywi23PZN28WdrBXCpus
Received: from guroy45.bpsinet.com (222.186.73.108) by f391-opz.bpsinet.com with Microsoft SMTPSVC(5.0.2195.6824);
	 Fri, 29 Apr 2005 14:15:59 -0400
Received: from nonagenariandemurredgangliontik308 (bassi23.22.160.172)
          by bpsinet.com (knhg6) with SMTP
          id <056749qz18713gb>
          (Authid: BookerMajor);
          Fri, 29 Apr 2005 22:15:59 +0400
From: "Elvia Engle" 
To: "'L2vpn'" 
Subject: Looking for cheap high-quality soft.? come! above
Date: Fri, 29 Apr 2005 21:13:59 +0300
Message-ID: <587itz5n690$837uw136ywv7917$740br6uz@epigrammaticy6792>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--sgzdlvs1752059673cesaid"
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8

----sgzdlvs1752059673cesaid
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit

Tons of cool soft. at incredibly low pr1ces!
just try not to laugh when you see the funny pr1ces :)

just to show you:
Adobe - Photoshop 7, Premiere 7, Illustrator 10 - just 120 dolars!
Macromedia Dreamwaver MX 2004 + Flash MX 2004 - only 100 dolars!
Windows XP Professional+Microsoft Office XP Professional -  80 dolars!!

hmmm take me now!:
http://bali.taumldhfj.com/?yNA6AJzGi69N12yhospitable

p.s. ofers are valid till May, 15
Stock's limited.

Also:    
Windows 2003 Server
Windows 2000 Workstation    
Windows 2000 Advanced Server
Windows NT 4.0
Office XP Professional  
Office 2000  
MS Plus      
MS Visual Studio .NET Architect Edition 
MS Encarta Encyclopedia Delux 2004
MS Project 2003 Professional
MS Picture It Premium 9 
MS Exchange 2003 Enterprise Server
Adobe Photoshop
Adobe PageMaker   
Adobe Acrobat 6 Professional
Macromedia Dreamwaver MX 2004               
Macromedia Flash MX 2004                               
Macromedia Fireworks MX 2004                               
Macromedia Freehand MX 11            
Corel Draw (all ver's)                                        
Corel Photo Painter 8                                   
Corel Word Perfect Office 2002                                                        
Borland Delphi 7 Enterprise Edition                 
Quark Xpress 6 Passport Multilanguage 

and more...


don gael sam will beth and julia of bowling green ohio personal pages photos links and poetry.
and even our own intelligence agencies which still largely use the totally inadequate electrical engineering model in their em analyses.
what a awesom place you have there i m very interested in renting hanger space would you please e-mail me your rates thanks so much dave.
free download games download games online - wide collection of classic game remakes for windows pc order first person shooters pc games civil war computer games.
what basically exists in mass-free nonintegrated spacetime is the disintegrated and disordered virtual particle flux vpf of the vacuum all the energy is.
- poignant biography of the princess queen ankhesenpaaten ankhesenamun -wife of the pharaoh tutankhamun also features extensive amarna book and link study resources and a galleria of amarna art images.
sandrine corman vidcaps alexandra kabi candy apples tons of nudity xxx photographs naked linda evangelista mpegs susannah.
sincerely peter paige curator repository for archaeological and ethnographic collections university of california santa barbara.
leslie buell robert johns bulkley ernest francis burchard wilson martindale compton arthur gardiner coons morris albe rt copeland joseph david coppock.
lynne and i have a gay daughter so it s an issue that our family is very familiar with cheney said as he began to explain his view.
madison julius cawein adrienne rich matthew arnold michael stephens notefrom the designer home alberto rios teodoro luna s two kisses mr teodoro.
about the author and life in general includes articles and downloads like p l deshpande wallpaper.
is being generally coordinated from the old die-hard communist faction of the fsb kgb the dominant faction.
we had friends over tonight for dinner it was so nice to see them again last time we saw them was at the christening and we were too busy running around to really catch up!

----sgzdlvs1752059673cesaid--



From eap-admin@frascone.com  Fri Apr 29 14:14:13 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24839
	for ; Fri, 29 Apr 2005 14:14:12 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 928DA20726;
	Fri, 29 Apr 2005 14:14:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 587602041C;
	Fri, 29 Apr 2005 14:14:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 179F42041C
	for ; Fri, 29 Apr 2005 14:13:42 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 33F492041A
	for ; Fri, 29 Apr 2005 14:13:40 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DRZzf-000P8t-AN
	for eap@frascone.com; Fri, 29 Apr 2005 14:13:39 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3TIDbR04100
	for ; Fri, 29 Apr 2005 11:13:38 -0700
From: Bernard Aboba 
To: eap@frascone.com
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] Access to 802.16 Archives
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 11:13:37 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

The EAP WG has received a request to review 802.16e with respect to
conformance to RFC 3748 and the EAP Key Management Framework document.

To enable this review, we have requested that the EAP WG be granted access
to the 802.16 document archive.

Any EAP WG participant interested in this subject can request archive
access by sending email to me or Jari.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Fri Apr 29 14:56:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA28226
	for ; Fri, 29 Apr 2005 14:56:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 36F6320727;
	Fri, 29 Apr 2005 14:56:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 1734920719;
	Fri, 29 Apr 2005 14:56:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 3D97220719
	for ; Fri, 29 Apr 2005 14:55:28 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id 9BE202026B
	for ; Fri, 29 Apr 2005 14:55:26 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DRae5-00095X-FA; Fri, 29 Apr 2005 14:55:25 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3TItNZ06827;
	Fri, 29 Apr 2005 11:55:23 -0700
From: Bernard Aboba 
To: Jari Arkko 
Cc: Nakhjiri Madjid-MNAKHJI1 , eap@frascone.com
Subject: Re: FW: [eap] Re: EAP key binding discussion
In-Reply-To: <42723033.9050403@piuha.net>
Message-ID: 
References: 
 <42723033.9050403@piuha.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 11:55:23 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> Yes, if the AAA-Key is same for all authenticators.

I think one issue is exactly what the definition of an "authenticator" is.

From the AAA perspective, an authenticator is defined by attributes such
as NAS-IP-Address, NAS-IPv6-Address, and NAS-Identifier.  One issue is
that a NAS may have more than one IP address (e.g. APs can be members of
multiple VLANs and will need an IP address on each VLAN).  So it seems
like NAS-Identifier is perhaps the best identifier to use for the purpose
of defining the NAS identity from the point of view of the EAP peer,
server and authenticator.

Assuming that the NAS advertises its NAS-Identifier to the peer, securely
confirms it in an exchange with the peer (such as in the Secure
Association Protocol) and sends this to the server, it is possible for the
EAP peer, server and authenticator to confirm that the NAS has accurately
represented its identity.  The peer and server can confirm that the NAS
has told them the same NAS-Identifier via Channel Bindings.

If the peer and server confirm the NAS-Identifier value told to them is
the same, then the peer can assume that the server has verified that the
NAS is not impersonating another NAS.  The key framework discusses how
this can be done -- it basically requires verification by the first hop
proxy.

Note that I believe it is outside the scope of the document to describe
what hardware configurations constitute a valid NAS.  That is, a large NAS
could involve multiple processors, could be a WLAN switch or a stand alone
AP, could come in a plastic box, a metal box or no box at all (wirewrap
board in the open air).  A single NAS could even be a cluster.

Obviously it is a good idea for the NAS to not leak keying material beyond
its boundaries.  But that leakage can occur via poor circuit design,
inadequate shielding, as well as security vulnerabilities within the AP
itself.  So I think it's out of scope to describe all the precautions that
should be taken.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From ChatmanAnn@fssk.com  Fri Apr 29 15:33:48 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA02072
	for ; Fri, 29 Apr 2005 15:33:48 -0400 (EDT)
Message-Id: <200504291933.PAA02072@ietf.org>
Received: from 81-170-134-223.bahnhofbredband.net ([81.170.134.223] helo=fssk.com)
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DRbSC-00065O-Cf
	for eap-archive@ietf.org; Fri, 29 Apr 2005 15:47:24 -0400
From: "Annunziata Chatman" 
To: "Malak Weller" 
Subject: Re: V'lAGRA Va1ium C-ALLIS
Date: Fri, 29 Apr 2005 15:33:20 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0008_01C54A95.42729A10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: 4.3 (++++)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465

This is a multi-part message in MIME format.

------=_NextPart_000_0008_01C54A95.42729A10
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello, 

since the coming of this expedition.
a perverse nation we are - ....   Oh, but it's a long story, and 

cheese in a mousetrap, and we are the little mice.  Goddam!  And 
fragments before their occupants could extricate themselves.  The
Mr. Blood saw no profit to himself in lingering.
What is?
refuse to pay the ransom?  What then?  He laughed, and got lazil
Maybe it'll comfort you to know that the Captain has altered our
the church and there lock them up, to await deliverance at the
CHAPTER XXV
is far more grave is that you have concealed from me this part of
I give you nothing, flashed the white-faced youth, who did not
You are probably aware that he delivered us, said he.  And liv
They were approaching the peopled part of the mole.  Quickly, but


Have a nice day.
------=_NextPart_000_0008_01C54A95.42729A10
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable









Hello, =
WWould you like to spend less on your  =
MÈDlCÁTlÔNS?

=
VlÂGRÅ VÂLlÚM CIÂLlS and many=20
other.

Have=20
a nice day.


------=_NextPart_000_0008_01C54A95.42729A10--



From eap-admin@frascone.com  Fri Apr 29 15:50:12 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03149
	for ; Fri, 29 Apr 2005 15:50:11 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 7BDB62072D;
	Fri, 29 Apr 2005 15:50:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 6563220726;
	Fri, 29 Apr 2005 15:50:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id C831E20722
	for ; Fri, 29 Apr 2005 15:49:13 -0400 (EDT)
Received: from mailout2.samsung.com (mailout2.samsung.com [203.254.224.25])
	by mail.frascone.com (Postfix) with ESMTP id 8CFEF2026B
	for ; Fri, 29 Apr 2005 15:49:11 -0400 (EDT)
Received: from ep_mmp1 (mailout2.samsung.com [203.254.224.25])
 by mailout2.samsung.com
 (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0IFQ00ISZ4DX5B@mailout2.samsung.com> for eap@frascone.com; Sat,
 30 Apr 2005 04:49:09 +0900 (KST)
Received: from Alperyegin ([105.144.29.41])
 by mmp1.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTPA id <0IFQ008ZZ4DV52@mmp1.samsung.com> for eap@frascone.com; Sat,
 30 Apr 2005 04:49:09 +0900 (KST)
From: Alper Yegin 
Subject: RE: [eap] Basic facts about EAP
In-reply-to: 
To: "'Bernard Aboba'" , eap@frascone.com
Message-id: <049a01c54cf4$7213f950$291d9069@sisa.samsung.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Mailer: Microsoft Outlook, Build 10.0.2627
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Fri, 29 Apr 2005 12:48:40 -0700
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Content-Transfer-Encoding: 7BIT

Hi Bernard,

> a. EAP is a two party protocol, run between an EAP peer and server.
> Saying EAP is an N-party protocol is like saying that TCP is a
> N-party protocol because TCP packets pass through routers.  Forwarding
> an EAP packet without modification does not cause an entity to become
a
> "participant" in an EAP conversation any more than forwarding an IP
packet
> turns a router into a host.

Referring to the Figure 2 in RFC 3748...

I agree to that if we are talking about the "EAP method layer". But if
we look at the "EAP layer" I see a third entity called "pass through
authenticator" that has a specific role at the EAP layer. 

- It reads the EAP method payload to determine AAA routing (reading the
client ID).
- It reads the EAP code for sanity check. If it receives an EAP request
that it should not, it can drop the EAP packet.
- It can generate an EAP Identity Request.
- It handles retransmissions and it can re-generate loss packets.

> b. EAP can travel over any lower layer transport meeting the
requirements
> of RFC 3748 Section 3.1.

My personal reading of Section 3.1 is these are necessary but not
sufficient requirements for EAP lower layer designers. I don't expect
this to be an all comprehensive list. But imo, designing an
RFC3748-compliant EAP lower layer requires factoring in additional
aspects of the EAP specs, such as channel binding and secure
association, which are not covered in that list. 

> c. An EAP peer or authenticator can have multiple ports.  EAP
> lower layers that confuse the authenticator (or peer) with its ports
are
> a bit like a person who shakes hands with both arms of someone they
> meet because they don't look at the head attached to the hands they
are
> shaking.  

This is a good example. I think the EAP peer should know the NAS ID
(head), and know the connected port IDs (hands connected to the same
head). 

> EAP exchanges occur between the EAP peer and server, not between
> ports of the EAP server and authenticator.  Similarly, the AAA-Key is
> shared by all ports of an authenticator and peer.

This does not mean sending the AAA-Key to the ports, right? The ports
may be on separate nodes (like in AC-AP separation in WiFi).

Regards,

Alper

_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From gruenes@didamail.com  Fri Apr 29 18:27:49 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA26863;
	Fri, 29 Apr 2005 18:27:49 -0400 (EDT)
Received: from a83-132-242-92.netcabo.pt ([83.132.242.92])
	by ietf-mx.ietf.org with smtp (Exim 4.33)
	id 1DReAh-0000DH-7x; Fri, 29 Apr 2005 18:41:27 -0400
Authentication-Results: criterion.es
  from=premium.sycophant.es; domainkeys=neutral (no sig)
X-Originating-IP: [85.2.244.226]
Received: from premium.tommie.es  (EHLO premium.amen.es) 
  by premium.stubby.es with SMTP; Fri, 29 Apr 2005 18:23:56 -0500
Date: Fri, 29 Apr 2005 19:19:56 -0400
From: "Carmen Camp" 
To: eap-archive@ietf.org
Cc: eb-archive@ietf.org, eccmtmagma-admin@ietf.org, ediint-archive@ietf.org,
        edu-discuss@ietf.org, edu-discuss-admin@ietf.org,
        edu-discuss-web-archive@ietf.org, edu-team@ietf.org,
        edu-team-admin@ietf.org, edu-team-bounces@ietf.org
Subject: Re-finance at todays low rate
Message-ID: <112341.9110.gruenes@didamail.com>
X-Mailer: Kana Connect 6
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have qualified for the lowest rate in years...

 You could get over $380,000 for as little as $500 a month!

 Ba(d credit? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.h0us1ng.com/sign.asp



 Best Regards,

 Lemuel Ayala
 
 to be remov(ed:	http://www.h0us1ng.com/gone.asp

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.


From eap-admin@frascone.com  Sat Apr 30 08:56:12 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA03688
	for ; Sat, 30 Apr 2005 08:56:12 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 278D0201F6;
	Sat, 30 Apr 2005 08:56:09 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 3897B1FE1E;
	Sat, 30 Apr 2005 08:56:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 5ABF71FE1E
	for ; Sat, 30 Apr 2005 08:55:47 -0400 (EDT)
Received: from motgate2.mot.com (motgate2.mot.com [144.189.100.101])
	by mail.frascone.com (Postfix) with ESMTP id 3AE1D1FE0F
	for ; Sat, 30 Apr 2005 08:55:40 -0400 (EDT)
Received: from az33exr04.mot.com (az33exr04.mot.com [10.64.251.234])
	by motgate2.mot.com (8.12.11/Motgate2) with ESMTP id j3UD4m97001957
	for ; Sat, 30 Apr 2005 06:04:48 -0700 (MST)
Received: from il27exm03.cig.mot.com (il27exm03.cig.mot.com [10.17.193.4])
	by az33exr04.mot.com (8.13.1/8.13.0) with ESMTP id j3UCvYbS019817
	for ; Sat, 30 Apr 2005 07:57:35 -0500 (CDT)
Received: by il27exm03.cig.mot.com with Internet Mail Service (5.5.2657.72)
	id ; Sat, 30 Apr 2005 07:55:38 -0500
Message-ID: 
From: Nakhjiri Madjid-MNAKHJI1 
To: "'Bernard Aboba'" 
Cc: eap@frascone.com
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Subject: [eap] RE: EAP key management support for handover??
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Sat, 30 Apr 2005 07:55:37 -0500
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

Hi Bernard,

Well, the actual key derivation formula is a bit of deviation of my main objective with that email. But this is also important to sort out as well. 
 
Please see my inline responses

Regards,

Madjid 

-----Original Message-----
From: Bernard Aboba [mailto:aboba@internaut.com] 
Sent: Thursday, April 28, 2005 12:26 AM
To: Nakhjiri Madjid-MNAKHJI1
Cc: eap@frascone.com
Subject: Re: EAP key management support for handover??

> To prevent the domino effect, prior EAP key management specifications [EAPKEY5] suggested
>a procedure by which the AAA-key can be bound to each of the
> authenticators:

The formula described here is quite different from what was in the -05
draft.  The formula in the -05 draft did not depend on the MSK, only on
AMSK derived from the EMSK, which is not transported from the AAA server.

Madjid>> I must admit that I first included the formula in my email, but then simplified for the sake of discussion. If you think I made serious errors in my simplification. Let us discuss that as well. This is what it was in EAP keying 05 (I changed the names a bit to relate to base stations:

AAA-Key = MSK(0,63)

      AMSK = KDF(EMSK, "EAP AAA-Key derivation for multiple attachments",
                  length)

      AAABS-Key-A = prf(AMSK(0,63),"EAP AAA-Key derivation for
                  multiple attachments", AAA-Key, BS-A-Id,
                  Peer-Id,length)

Madjid>>
Here are my issues:
1) After reading the draft a few times, I am still not clear how EMSK is derived? And what the distinction between MSK and EMSK is?
2) on generation of AAABS-Key-A, I am wondering why there is first AMSK(0,63) and then AAA-key? Aren't they the same (according to the first expression). Is this just the notation, or the AMSK is actually used twice?
3) Ok, so if the AAABS-key is derived based on the AMSK only and the AMSK is never transported from the AAA server, and only AAA-key is transported to the authenticator, that partly addresses my concern. But what does transferring the AAA-key to the authenticator achieve anyway?
For every new authenticator the AAABS-key must still be derived by the AAA server?


Deriving keys from the AMSK formula not only enables cryptographic
separation, but it addresses the domino effect as well since the EMSK
never leaves the peer or server on which it is derived.

Madjid>>agreed, however, I still now how EMSK is derived?

> *   Since only the EAP/AAA server is aware of MSK and EMSK,

The MSK and EMSK are derived on both the EAP peer and server.  In
conventional EAP authentication the MSK is sent to the authenticator in
the AAA-Key.  So wouldn't the MSK be known by the peer, server and
authenticator; and the EMSK by the peer and server?

Madjid>> same question again, how is EMSK derived and its differentiation from MSK?

>the AAABS-Key-X (the key to authenticator X) must be calculated by the
>AAA server and needs either be pushed to a number of authenticators
>(possibly a neighbor set) proactively or as part of a request/ response
>procedure in conjunction with each handover.

These two alternatives correspond to existing proposals - proactive keying
and key request.  As I understand it, both of these proposals can use the
existing AMSK derivation.  Why is an alternative formula required?

Madjid>> Again, I am not stressing on defining a new formula. I apologize if I caused any confusion. The point is that both alternatives seems to require involvement of a AAA server.

>The former is not practical with RADIUS implementations
>and possibly requires the AAA server to be aware of mobility patterns or
>network edge topology, while the latter inserts the AAABS-Key-X
>installation on the timing critical path for handover and requires
>a busy AAA server to be involved in every handover.

I'd suggest that more careful evaluation is required to justify these
conclusions.  The reality is that mobility patterns can vary considerably
depending on the scenario, and there are probably scenarios in which each
of the above techiques will work fine.  For example, it matters a lot if
the mobile station is revisiting the same group of authenticators (e.g.
personnel in a building) versus constantly encountering new authenticators
(wireless-enabled part on an assembly line, or car on a highway).
The implication is that evaluation of these techniques probably requires
detailed usage scenarios and simulations.

Madjid>> Not sure if this is the right place to discuss mobility patterns, but just as you mentioned in your final scenario, well you are talking about big cell sizes (not 802.11) , faster mobility on a highway, things are very different. I personally don't need a simulation to have a justification for not having AAA server involved in every handover. Proactive methods will only work for a neighbor set, once you do inter-set handovers, you are back to the same issue.

RFC 3576 is being implemented and will presumably be
deployed, so that RADIUS server initiated exchanges are feasible.

Madjid>> I will look into that.

AAA server knowledge of mobility patterns is also probably feasible for
local authentication.  Where this approach becomes more suspect is when
roaming is involved.  It may not be reasonable for a RADIUS server to
have a-priori knowledge of the topology of the access networks of all
potential roaming partners.

Madjid>>I think we are converging now.

I am not clear that AAA server involvement is really a showstopper for the
"Key Request" approach.  Today's AAA servers can handle enormous loads
at modest cost.  Think about how many authentications/second a box
with four 64-bit processors can handle.

Madjid>> I was planning on writing a draft on EAP key management and handover and include this as a simplest (but less desirable) alternative.

The "Key Request" approach does seem feasible for use in
roaming situations, but in terms of scaling it has some of the same
potential drawbacks as pre-authentication: load will scale with the number
of potential roaming candidates and the key lifetime.

If the mobility patterns cause a station to revisit the same
authenticators, and the key lifetime is suitably long, a "Key Request"
will not be required for each attachment.  Whereas if a station is
constantly encountering new authenticators or key lifetime is short, it is
possible that more than one "Key Request" could be needed for each
successful handoff.

> *    In many deployments, access points or base stations are light weight and AAA-incapable

I think the point is not that light weight APs are incapable of handling
AAA (they generally are quite capable in that regard) but that there are
advantages to multi-port authenticators.  One of these advantages is
sharing of the key cache.  This enables the peer to change the point of
attachment without changing the authenticator.  Existing WLAN switches
take advantage of this (this is known as "optimistic PMK caching" within
WPA2).  The existing EAP key hierarchy already handles this, and Channel
Bindings (see RFC 3748, Section 7.15) can take care of ensuring that the
NAS-Identifier is synch'd between peer, server and authenticator,
providing that the authenticator advertises it and securely confirms it
with the peer in the Secure Association Protocol.

Madjid>> As I understand this currently, the WLAN AP and WLAN switch are separate boxes, no? how does EAP traverses over these two hops?
That is why I was suggesting the local key distribution function because I was trying to get away from the two hop-problem.

>Another main flaw is that the peer must first initiate contact the base
>station, to become aware of the authenticator identity and the AAA server
>is only aware of the authenticator identity rather than BS identity.

In 802.11, the NAS-ID can be advertised in the Beacon as well as sent
in a Probe-Response.  Does 802.16 not support Beaconing?

Madjid>> I don't think 802.16 actually separates between BS and NAS in a clear way, so even if the BS ID goes in a "beacon", I don't think a NAS-ID does.

>The AAA server does not have any control over how the AAA key X is
>generated from the AAA key, or how AAABS-key-X is cached or used.

I don't think this is necessarily the case.  For example, the key
management framework talks about "key usage restrictions" that can be sent
along with the AAA-Key.
_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From eap-admin@frascone.com  Sat Apr 30 18:31:11 2005
Received: from mail.frascone.com (postfix@frascone.com [204.49.99.9])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07899
	for ; Sat, 30 Apr 2005 18:31:10 -0400 (EDT)
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 9EC3D202A3;
	Sat, 30 Apr 2005 18:31:10 -0400 (EDT)
Received: from xavier (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 053DF2027D;
	Sat, 30 Apr 2005 18:31:07 -0400 (EDT)
X-Original-To: eap@frascone.com
Delivered-To: eap@frascone.com
Received: from localhost (xavier [127.0.0.1])
	by mail.frascone.com (Postfix) with ESMTP id 9551E2027D
	for ; Sat, 30 Apr 2005 18:30:22 -0400 (EDT)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by mail.frascone.com (Postfix) with ESMTP id D438620242
	for ; Sat, 30 Apr 2005 18:30:20 -0400 (EDT)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.44)
	id 1DS0Tb-000Lil-AD; Sat, 30 Apr 2005 18:30:19 -0400
Received: from localhost (aboba@localhost)
	by internaut.com (8.10.2/8.10.2) with ESMTP id j3UMUEa13346;
	Sat, 30 Apr 2005 15:30:18 -0700
From: Bernard Aboba 
To: Alper Yegin 
Cc: eap@frascone.com
Subject: RE: [eap] Basic facts about EAP
In-Reply-To: <049a01c54cf4$7213f950$291d9069@sisa.samsung.com>
Message-ID: 
References: <049a01c54cf4$7213f950$291d9069@sisa.samsung.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)
Sender: eap-admin@frascone.com
Errors-To: eap-admin@frascone.com
X-BeenThere: eap@frascone.com
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: 
List-Post: 
List-Subscribe: ,
	
List-Id: Discussion list for EAP 
List-Unsubscribe: ,
	
List-Archive: 
Date: Sat, 30 Apr 2005 15:30:14 -0700 (PDT)
X-Virus-Scanned: by AMaViS 0.3.12 (frascone.com)

> I agree to that if we are talking about the "EAP method layer". But if
> we look at the "EAP layer" I see a third entity called "pass through
> authenticator" that has a specific role at the EAP layer.

RFC 3748 requires that EAP operate the same way whether the authenticator
is operating in "pass-through" mode or not.  This is perhaps the single
most important invariant within EAP.  In the process of developing RFC
3748, the WG examinec ases where the protocol operated differently in
"pass-through" mode, and corrections were made so as to allow the protocol
to be invariant.  An example of this was the inability to handle silent
drop on the EAP server side in "pass-through" mode.  This was fixed in RFC
3579.

One of the reasons why the EAP Key Management framework document may be so
confusing to people is that it does not stress this point enough.  EAP key
management behavior MUST be the same whether the authenticator is in
"pass-through mode" or not, and many of the properties of the EAP
key management architecture can be derived from this fundamental
assumption.

As an example:

The behavior of EAP methods and the EAP layer is the same in any
configuration.  For example, as discussed at IETF 62, the EAP layer does
not cache parameters exported by EAP methods, but passes these
parameters down to the lower layer.  On the EAP server the lower layer may
be AAA (in pass-through), or it may be a link layer or IP.  However, the
operation of the protocol MUST be identical in both cases.

> - It reads the EAP method payload to determine AAA routing (reading the
> client ID).

The EAP layer is unaware of EAP method payloads, so the only way for it to
become aware of EAP method-specific identities is if this is exported by
the EAP method itself.  In addition to the MSK, EMSK and IV, EAP methods
may export the peer-ID, server-ID, method-ID and key-lifetime.  So the way
to think about AAA routing behavior is that the authenticator terminates
the Identity Request/Response conversation and therefore receives the
peer-ID from the Identity method, which it subsequently inserts in the
User-Name attribute in AAA, subsequently used for routing.  However, the
EAP authenticator does *not* handle AAA routing itself.

> - It reads the EAP code for sanity check. If it receives an EAP request
> that it should not, it can drop the EAP packet.

In "pass-through" mode the authenticator does handle forwarding between
lower layers, and RFC 3748 does indicate that this includes a
responsibility for checking the Code, Identifier and Length fields.

> - It can generate an EAP Identity Request.

For the Identity Request/Response, the authenticator acts as the EAP
server, so it both generates the Request and terminates the Response.

> - It handles retransmissions and it can re-generate loss packets.

This is a responsibility that goes with forwarding EAP packets.

> My personal reading of Section 3.1 is these are necessary but not
> sufficient requirements for EAP lower layer designers. I don't expect
> this to be an all comprehensive list. But imo, designing an
> RFC3748-compliant EAP lower layer requires factoring in additional
> aspects of the EAP specs, such as channel binding and secure
> association, which are not covered in that list.

Yes, RFC 3748 does not provide a complete list of lower layer
responsibilities.

The way to think about Channel Bindings is that these represent additional
parameters exported/imported by the lower layer to/from the EAP method and
EAP. For example, the channel bindings provided by the NAS to the AAA server are
imported by the EAP method (e.g. NAS-Identifier, Called-Station-Id,
Calling-Station-Id).  These are treated like opaque blobs and therefore do
not introduce media dependence to the EAP method, which may transmit them
from EAP server to EAP peer.  The method then exports the Channel Bindings
to the EAP layer, which passes them down to the lower layer.  The lower
layer on the peer can then verify whether the exported Channel Bindings
match those it has received from the authenticator.

Note that additional obligations arise when the lower layer caches
parameters from the EAP method/EAP layer.  For example, one of the security
requirements is session key freshness. Were parameters not to be cached
by the lower layer, and a new EAP exchange is completed for each
session, then this can be satisfied if the EAP method itself guarantees
freshness.  However once caching and reuse is introduced this is no longer
sufficient and therefore the SAP needs to introduce its own freshness
guarantee.


> This is a good example. I think the EAP peer should know the NAS ID
> (head), and know the connected port IDs (hands connected to the same
> head).

The NAS-ID and port-ID may be imported within the EAP method via
Channel-Bindings, but they are treated as opaque blobs, so that the EAP
method or EAP layers don't really "know" them.  However, the lower layer
does.  One way to understand this is that because EAP runs between the
peer and server and operates the same way in "pass-through" as where EAP
terminates on the authenticator, the NAS-ID or port-ID is not really
relevant to EAP methods or the EAP layer.

However, it is *very* relevant to the lower layer because the NAS-ID
determines the scope of use of the keying material provided by EAP methods
(MSK, EMSK, IV).  Since the lower layer handles caching, it cares
about key scope.

> This does not mean sending the AAA-Key to the ports, right? The ports
> may be on separate nodes (like in AC-AP separation in WiFi).

We have already had a suggestion that the term "AAA-Key" was a bad choice,
and I think this may have contributed to some of the confusion we are
seeing.  "Pass-through" invariance requires that EAP operate the same way
whether AAA is in use or not, so I think this criticism is quite valid.

The way to think about it is that the EAP method exports the parameters
(MSK, EMSK, IV, peer-ID, server-ID, method-ID, key-lifetime,
channel-bindings), and the EAP layer passes this down to the lower layer.

The EAP peer does not care what "mode" the authenticator is operating in;
it is the responsibility of AAA to make sure that this invariant is
maintained.

So perhaps a better way to describe what actually happens is that the
lower layer derives its key hierarchy from the MSK and EMSK and that it is
the job of AAA to make sure that this key hierarchy is present on both the
peer and authenticator.

For example, in 802.11i the key hierarchy is derived from the PMK (part of
the MSK), and therefore AAA takes responsibility for ensuring that the MSK
is replicated in "pass-through" mode so that the EAP peer doesn't need to
be aware of the mode on the authenticator.

Note that this illusion would be shattered were the peer to determine its
key hierarchy from the EMSK since current AAA implementations do not
replicate that parameter.

One way to understand some of the issues that arise with key management
extensions is to ask the question:

"Does this extension function without pass-through?"

For example, if the EAP server is present on the authenticator, the
completion of an EAP conversation cannot cause keys to exist on another
authenticator, without fundamentally changing the nature of EAP as a
two-party protocol.  Therefore any "extension" that proposes something
like this is incompatible with the EAP "pass-through" and "two party"
invariants.


_______________________________________________
eap mailing list
eap@frascone.com
http://mail.frascone.com/mailman/listinfo/eap


From sympf@amigo.net.gt  Sat Apr 30 21:41:30 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA16071;
	Sat, 30 Apr 2005 21:41:30 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DS3fx-00085i-KW; Sat, 30 Apr 2005 21:55:22 -0400
Received: from pc-30-247-114.pvaldivia1.pc.metropolis-inter.com ([200.30.247.114])
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1DS3SN-0008Ip-UJ; Sat, 30 Apr 2005 21:41:24 -0400
Received: from fxhtabxtuy.asandox.com (lcljugnpeq.asandox.com [32.95.142.128]) by 201.239.185.62 Microsoft SMTPSVC(5.0.2195.6713);
	 Sat, 30 Apr 2005 18:44:14 -0800
Message-ID: 
Date: Sat, 30 Apr 2005 18:44:14 -0800
From: Marylou.Jack
Reply-To: "sympf@amigo.net.gt"
To: mailman@ietf.org
Subject: Congratulations
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="005130454"
X-Spam-Score: 4.5 (++++)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22

--005130454
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7Bit



Hello mailman@ietf.org,

We tried to contact you earlier about flnanclng your home at a lower rate. 
I would like to let you know that we have gone ahead and started the preapproval process, 
Here are the results:

Name: Mailman
Negotiable Amount: $290,000 to $897,000
Rate: 4.40% - 7.36%

For more information or to have a broker contact you please visit:
http://g.msn.com/0MNBUS00/1?http://jettisonit.com

No future contact:
http://g.msn.com/0MNBUS00/1?http://jettisonit.com/gone.asp

Best Regards,

Marylou Jack, 
Account Manager

--005130454--


From owens_lz@yahoo.com  Sat May 14 17:34:38 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05764
	for ; Sat, 14 May 2005 17:34:38 -0400 (EDT)
Received: from 81-202-250-13.user.ono.com ([81.202.250.13] helo=localhost)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DX4Xc-00084B-Lm
	for eap-archive@ietf.org; Sat, 14 May 2005 17:51:26 -0400
Received: from 194.100.30.183 by smtp.yahoo.com;
	Fri, 17 Dec 2004 03:37:14
Message-ID: 
From: "Cleveland Owens" 
To: eap-archive@ietf.org
Subject: =?iso-8859-1?B?TmljZSB0byBtZWV0IHlvaSAgICA4?=
Date: Mon, 25 Apr 2005 07:36:50 +310000
MIME-Version: 1.0
X-Sender: 
Sender: 
Reply-To: "Cleveland Owens" 
In-Reply-To: <224401c4e349$17d9b663$de40a5c4@dtulmh1>
X-MimeOLE: Produced By Microsoft Exchange V6.0.6613.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-Spam-Score: 5.1 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: d17f825e43c9aed4fd65b7edddddec89
Content-Transfer-Encoding: 8bit

http://www.greenpies.com/extra/regpink/

Find Girl For Fuck In Your City
100% Free Site




out
http://www.greenpies.com/extra/regpink/getmeoff.php



From jennings_br@herdez.com.mx  Sun May 22 15:59:48 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA20591
	for ; Sun, 22 May 2005 15:59:48 -0400 (EDT)
Received: from ip-92.net-82-216-118.rev.numericable.fr ([82.216.118.92] helo=intnet.mu)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DZwti-0000lk-O1
	for eap-archive@ietf.org; Sun, 22 May 2005 16:18:15 -0400
Message-ID: 
From: "Tonia Jennings" 
To: eap-archive@ietf.org
Subject: this is the future
Date: Fri, 24 Sep 2004 06:02:02 +0000
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: base64
X-Spam-Score: 5.0 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad
Content-Transfer-Encoding: base64

dHJ5IHRoZSBuZXcgYzFhbC1pcyBzMGZ0LXRhYnMgLSB3b3JrcyBpbiB1bmRl
ciAxMCBtaW51dGVzIQ0KDQoNCmh0dHA6Ly9nYWxsYW50ZWQuY29tL2NzLz9z
cGVjaWFsDQoNCg0Kbm8gc2lkZSBlZmZlLWN0cyBsaWtlIHRoZSBvdGgtZXJz
LCB5b3UgY2FuIGV2ZW4gbWl4IGFsY28taG9sLi4uDQpubyBkaXp6eSBzZW5z
YXRpb25zIHNvIHlvdSBjYW4gb3BlcmEtdGUgbWFjaGluZXJ5IHNhZmVseSEg
DQpsYXN0aS1uZyAzNSBob3VycywgdGFrZSBvbmNlIGFuZCBlbmpveSB0aGUg
d2Vla2VuZCA7KQ0KDQoNCnRha2UgMTAgbWludXRlcyBiZWZvcmUgaGF2aW5n
IHNlLXggYW5kIGhhdmUgdGhlIGhhcmRlc3QgYm9uLWVyIHlvdSd2ZSBldmVy
IGhhZCENCg0KDQpmYXN0IHdvcmxkLXdpZGUgc2hpcHBpLW5nLCBvdmVyIDEg
bWlsbGktb24gc2F0aXNmaWVkIGN1c3RvbS1lcnMhDQoNCmh0dHA6Ly9nYWxs
YW50ZWQuY29tL2NzLz9zcGVjaWFsDQoNCg0KDQoNCg0KDQpybXY6IGh0dHA6
Ly9nYWxsYW50ZWQuY29tL3JtLnBocD9zcGVjaWFsDQo=



From fixcomputer@21cn.com  Wed Jun  1 09:21:22 2005
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA15470
	for ; Wed, 1 Jun 2005 09:21:22 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DdTTl-00036R-46
	for eap-archive@ietf.org; Wed, 01 Jun 2005 09:41:54 -0400
Received: from [218.18.4.172] (helo=21cn.com)
	by mx2.foretec.com with esmtp (Exim 4.24)
	id 1DdT9r-0001No-CM
	for eap-archive@ietf.org; Wed, 01 Jun 2005 09:21:21 -0400
From: =?GB2312?B?ye7b2si6waa/xry8?= 
Subject: =?GB2312?B?v+zL2deo0rXJz8PFzqzQ3rXnxNQ=?=
To: eap-archive@ietf.org
Content-Type: text/html;charset="GB2312"
Date: Mon, 24 May 2004 21:20:19 +0800
X-Priority: 2
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Message-Id: 
X-Spam-Score: 7.1 (+++++++)
X-Spam-Flag: YES
X-NONENGLISH: Subject contains non-English characters
X-Scan-Signature: 25620135586de10c627e3628c432b04a


ÎÞ±êÌâÎĵµ





 





  
  

    
      

        
        

          

      

        
        

          
            Ç×°®µÄÅóÓÑÃÇ£º

           ÄúÃǺã¡×÷ΪµçÄÔµÄÖ÷ÈË£¬ÄãÃÇÊÇ·ñÔø¾­ÎªÎ¬ÐÞµçÄÔ¶ø¿àÄÕ¹ýÄØ£¿ÏÄÌ죬×ó§ÓÒ±§µÄ´ø×ŵçÄÔÖ±±¼»ªÇ¿¡¢Èü¸ñ
£¬ÏÈ°´ÏÂһ·ÉÏŪµÃÏ㺹ÁÜÀìºÍÒ»ÉíÆ£±¹
²»Ëµ£¬²»¹ý¶¬Ì컹¿ÉÒÔ£¬Ö»µÃÒ»ÉíÀÛ°É¡£µ«µ½Á˵çÄÔ¹«Ë¾¼ûµ½Á˹¤³Ìʦ£¬ÊÇ·ñÄÜÂíÉÏ¿ª¹¤°ïæ¸ãµàÄØ£¿Õâ¸ö»¹µÃ¿¿ÔËÆøÄØ£¬´ËÇé´Ë¾°Äã˵ͷ²»Í·
ÔΣ¿×÷Ϊһ¸öÉúÒâÈË£¬Ê±¼ä¾ÍÊǽðÇ®£¬ÔÙ¼Ó
ÉÏÕâÊǸö¸ßËÙÐÅÏ¢»¯Ê±´ú£¬Ã»ÓÐÁ˵çÄÔ£¬¼òÖ±¾ÍÏñÈȹøÉϵÄÂìÒÏ¡£Ãæ¶Ô´ËÇé´Ë¾°£¬´Ëʱ´Ë¿ÌÎÒÃÇÉîÛÚȺÁ¦¿Æ
¼¼Ö»ÏëÓÃÎÒÃǵÄÇà´º»»»ØÄãÃDZ¦
¹óµÄʱ¹â£¬ÌØΪÅóÓÑÃdzÊÉÏÎÒÃǵķþÎñ£¬¿Ò
Çë¶à¶àÖ¸½Ì£¬Ð»Ð»¡£
     ³¬µÍ¼Û**Ç©Ô¼°üÔÂ**¿ìËÙרҵÉÏÃÅάÐÞµçÄÔ

                       ÉÁµç°²×°ÐÂϵͳ  30·ÖÖÓ¾ÍOK  ÉúÒâÈ˵ÄÊ×Ñ¡


                   (1)¸öÈ˵çÄÔ×é×°¼°Ó²¼þÏúÊÛÓëά»¤
       (2)¿ìËÙ°²×°¸÷ÖÖ·±¡¢¼òÌå²Ù×÷ϵͳ(²Ù×÷ϵͳÀïÒÑ°üº¬Óи÷ÖÖ³£ÓÃÈí¼þ) 
            
       (3)Åųý¸÷ÖÖ³£¼ûµÄ¹ÊÕÏ¡¢Ó²ÅÌÊý¾Ý»Ö¸´

       (4)°²×°¸÷ÖÖ³£Óð칫¡¢¹¤¾ß
Èí¼þ(°²×°ÐÂϵ
ͳÃâ·Ñ)
       (5)°²×°ÏúÊÛÕý°æɱ¶¾Èí¼þ¡¢ËÑË÷¡¢Èº·¢EmailÈí¼þ

       (6)¾ÖÓòÍø¡¢¹ã
ÓòÍø¹²Ïí

       (7)ÍøÂçϵͳ²¼ÏßÉè¼Æ¼°Ó¦ÓÃ
       (8)¼ÆËã»ú
²¡¶¾·ÀÖμ°·À»ðǽÉèÖÃ

       (9)¿ìËÙ½â¾öÌìÍþ¶à»úͬʱÉÏÍø
            
       ****µçÄÔά»¤¡¢µçÄÔ×é×°¡¢ÍøÂ繤³Ì****

            
       **רҵ×齨ÓÐÅÌ¡¢ÎÞÅÌÍø°É¹¤³Ì**

            
       *ÈÈÁÒ»¶Ó­µ¥Î»»ò¸öÈËÇ©Ô¼°üÔÂ*

            
       **ÈȳϵķþÎñ£¬È«ÐÄÈ«ÒâȫΪÁËÄú**

            
       ÉîÛÚȺÁ¦¿Æ¼¼ÓÐÏÞ¹«Ë¾
       ÁªÏµ
ÈË£ºÅ·ÞÈ·á

       ÁªÏµµç»°£º13714682076 »ò
 0755-83601633
       QQ£º
282079259   
            2441630
       E-mail:168it@126.com       Íø
Ö·:http://www.it678.net


      

        
        

          ¡¡    ÍøÂçά»¤£ºhttp://www.it678.net 
            ¡¡¡¡¡¡¡¡¡¡¡¡¡¡                   µçÄÔάÐÞ£ºhttp://www.it678.net 




From rasmussenlx@ubiquity-audio.co.uk  Fri Jun 10 12:05:43 2005
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04201
	for ; Fri, 10 Jun 2005 12:05:42 -0400 (EDT)
Received: from p2231-ipad31sizuokaden.shizuoka.ocn.ne.jp ([221.189.239.231] helo=whittlepark.co.uk)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1DgmMb-0006y0-RG
	for eap-archive@ietf.org; Fri, 10 Jun 2005 12:28:11 -0400
Message-ID: 
From: "Stephan Rasmussen" 
To: eap-archive@ietf.org
Subject: try this
Date: Wed, 13 Oct 2004 02:07:04 +0000
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: base64
X-Spam-Score: 5.0 (+++++)
X-Spam-Flag: YES
X-Scan-Signature: 7aefe408d50e9c7c47615841cb314bed
Content-Transfer-Encoding: base64

V2FudCB5b3VyIGN1LW0gdG8gc2hvby10IG91dCBoYXJkPyB2b2x1bWktemUg
eW91ciBsb2FkIGJ5IDUwMCUhDQpXZSBoYXZlIGEgc3BlY2lhLWwgZC1lYWwg
Zm9yIHlvdSwgd2l0aCByMGNrIGJvdHRvbSBwci1pY2luZy4NClRoZXNlIGFy
ZSB0aGUgYmVzLXQgcXUtYWxpLXR5DQoNCg0KDQpodHRwOi8vc29kZGVubmVz
cy5uZXQvc3B1ci8/c3BlY2lhbA0KDQoNCg0KDQoNCnJtdjogaHR0cDovL3Nv
ZGRlbm5lc3MubmV0L3JtLnBocD9zcGVjaWFsDQo=



From XUXYIBC@asahi-net.or.jp  Tue Jun 14 00:26:49 2005
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA14698
	for ; Tue, 14 Jun 2005 00:26:49 -0400 (EDT)
Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com)
	by ietf-mx.ietf.org with esmtp (Exim 4.33)
	id 1Di3N4-0000vs-T3
	for eap-archive@ietf.org; Tue, 14 Jun 2005 00:50:02 -0400
Received: from [218.84.134.166] (helo=SERVER)
	by mx2.foretec.com with smtp (Exim 4.24)
	id 1Di30R-0003L6-Ln
	for eap-archive@ietf.org; Tue, 14 Jun 2005 00:26:38 -0400
Received: from kyewbqu-localhost ([29.110.148.89])
	by sj-218.84.134.166 (8.12.AD/8.12.22) with ESMTP id x99KFCCwbv7Z6773
	for ; Wed, 20 Apr 2005 15:52:53 +0200
Received: from mail pickup service by %142.226.68.104 with Microsoft SMTPSVC;
	 Wed, 20 Apr 2005 16:51:53 +0300
From: Boston S Katheryn 
To: eap-archive@ietf.org
Subject: no studying, no books, no classes - get your diplom.a online now!
Date: Wed, 20 Apr 2005 19:50:53 +0600
Message-ID: <0D0AB53EAE7EE2.0FC89F7F60D.1E67B34B7C@flintlock-btcuujE4E6F8B8EAAF8.%FROM_DOMAIN>
Mime-Version: 1.D5
Content-Type: multipart/alternative;
	boundary="--9825430B769EB99F"
X-Spam-Score: 21.5 (+++++++++++++++++++++)
X-Spam-Flag: YES
X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c

----9825430B769EB99F
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

If your educational portfolio is causing your financial portfolio to suffe=
r then you need to check this out

http://FkdivergeyTrisha.aIkK99.CoM

to be ramoved from our list : http://4.AIKK99.COM/re

We are here to add what we can to, not what we can get from, life. - Sir W=
illiam Osler

----9825430B769EB99F--