From hartmans@painless-security.com Thu Jun 28 10:21:32 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1482A21F85FD for ; Thu, 28 Jun 2012 10:21:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.165 X-Spam-Level: X-Spam-Status: No, score=-2.165 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QSLkWxqRja8 for ; Thu, 28 Jun 2012 10:21:31 -0700 (PDT) Received: from permutation-city.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id 6C83521F85F8 for ; Thu, 28 Jun 2012 10:21:31 -0700 (PDT) Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 905E420424; Thu, 28 Jun 2012 13:20:54 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id D005341EF; Thu, 28 Jun 2012 13:21:12 -0400 (EDT) From: Sam Hartman To: "Jim Schaad" References: <01ed01cd064e$e6086ce0$b21946a0$@augustcellars.com> Date: Thu, 28 Jun 2012 13:21:12 -0400 In-Reply-To: <01ed01cd064e$e6086ce0$b21946a0$@augustcellars.com> (Jim Schaad's message of "Mon, 19 Mar 2012 21:06:56 -0700") Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Mon, 02 Jul 2012 08:37:29 -0700 Cc: mrw@painless-security.com, zhangdacheng@huawei.com, emu@ietf.org Subject: Re: [Emu] Comments on draft-hartman-emu-mutual-crypto-bind X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2012 17:21:32 -0000 >>>>> "Jim" == Jim Schaad writes: Jim> Sam et al, Jim> 1. In section 1 after the Classic Tunnel Attack figure, I believe there are Jim> three methods listed as possible mitigation strategies, however I don't Jim> understand how the second one - a sufficiently strong inner method - could Jim> possibly be a mitigation by itself. The three I see are 1) Policy 2) strong Jim> inner method 3) Cryptographic binding. I actually was intending to describe cryptographic binding in two sentences; I've re-punctuated the text to indicate that if the inner method is strong enough you can do cryptographic binding. I believe I've addressed your other comments in an upcoming draft. --Sam From zhou.sujing@zte.com.cn Mon Jul 2 18:43:46 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C00B311E80EC for ; Mon, 2 Jul 2012 18:43:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -92.19 X-Spam-Level: X-Spam-Status: No, score=-92.19 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, J_CHICKENPOX_65=0.6, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tJoldWz8z+G for ; Mon, 2 Jul 2012 18:43:45 -0700 (PDT) Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 619D421F85B5 for ; Mon, 2 Jul 2012 18:43:44 -0700 (PDT) Received: from [10.30.17.99] by mx5.zte.com.cn with surfront esmtp id 286201794749335; Tue, 3 Jul 2012 09:38:08 +0800 (CST) Received: from [10.30.3.20] by [192.168.168.15] with StormMail ESMTP id 66221.2827933790; Tue, 3 Jul 2012 09:43:46 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id q631heqL076067; Tue, 3 Jul 2012 09:43:40 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn) In-Reply-To: To: Sam Hartman MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007 Message-ID: From: zhou.sujing@zte.com.cn Date: Tue, 3 Jul 2012 09:43:39 +0800 X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-07-03 09:43:41, Serialize complete at 2012-07-03 09:43:41 Content-Type: multipart/alternative; boundary="=_alternative 0009899148257A30_=" X-MAIL: mse01.zte.com.cn q631heqL076067 Cc: hartmans-ietf@mit.edu, emu@ietf.org Subject: [Emu] =?gb2312?b?tPC4tDogUmU6ICBvbiBkcmFmdC1oYXJ0bWFuLWVtdS1tdXR1?= =?gb2312?b?YWwtY3J5cHRvLWJpbmQtMDA=?= X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 01:43:46 -0000 This is a multipart message in MIME format. --=_alternative 0009899148257A30_= Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: base64 UmVnYXJkc35+fg0KDQotU3VqaW5nIFpob3UNCg0KU2FtIEhhcnRtYW4gPGhhcnRtYW5zLWlldGZA bWl0LmVkdT4g0LTT2iAyMDEyLTA2LTI5IDAyOjA2OjAwOg0KDQo+ID4+Pj4+ICJ6aG91IiA9PSB6 aG91IHN1amluZyA8emhvdS5zdWppbmdAenRlLmNvbS5jbj4gd3JpdGVzOg0KPiANCj4gICAgIHpo b3U+IFRvIG15IHVuZGVyc3RhbmRpbmcsIHJpZ2h0IHByaW9yIHRvIGZpbmlzaGluZyB0dW5uZWwg DQo+IGVzdGFibGlzaGVtZW50LCBFQVAgcGVlcg0KPiAgICAgemhvdT4gYW5kIEVBUCBTZXJ2ZXIo cHJpbnQgc2VydmVyIGluIHRoZSBzZXJ2ZXIgaW5zZXJ0aW9uIGF0dGFjaw0KPiBjYXNlKSBzaG91 bGQgaGF2ZQ0KPiAgICAgemhvdT4gZXhjaGFuZ2VkIGNoYW5uZWwgYmluZGluZyB3aXRoIGludGVn cml0eSBwcm90ZWN0aW9uIGJ5IGtleQ0KPiBvbmx5IGtub3duIHRvIEVBUA0KPiAgICAgemhvdT4g cGVlciBhbmQgRUFQIHNlcnZlciAoTVNLIGluIHRoaXMgY2FzZSksDQo+IA0KPiB3ZWxsLCBJIGFj dHVhbGx5IHRoaW5rIHRoaXMgaGFwcGVucyBhZnRlciB0dW5uZWwgZXN0YWJsaXNobWVudCBhbmQg YWZ0ZXINCj4gdGhlIGlubmVyIG1ldGhvZC4NCj4gU28sICBhZnRlciB0aGUgcHJpbnQgc2VydmVy IGxlYXJucyB0aGUgTVNLLg0KPiBBcyBJIHJlYWQgZHJhZnQtaWV0Zi1lbXUtY2hiaW5kIG5vdGhp bmcgZm9yYmlkcyB0aGlzLiBDZXJ0YWlubHkgdGhlDQo+IGV4aXN0aW5nIGltcGxlbWVudGF0aW9u cyBvZiBjaGFubmVsIGJpbmRpbmcgSSdtIGF3YXJlIG9mIHdvcmsgdGhhdCB3YXkuDQo+IA0KDQpT aW5jZSB0dW5uZWwgbWV0aG9kIGlzIGFsc28gYW4gRUFQIG1ldGhvZCwgYW5kIHVzZWQgZm9yIHBy b3RlY3RpbmcgdGhlIA0KaW5uZXIgRUFQIG1ldGhvZCwNCndoeSBjYW5uJ3QgcHV0IGNoYW5uZWwg YmluZGluZyByaWdodCBhZnRlciB0aGUgdHVubmVsIG1ldGhvZD8gU28gdGhhdCANCmFkdmVyc2Ug YWZmZWN0cyBjYW4gDQpiZSBwcmV2ZW50ZWQgbW9yZSBlZmZlY3RpdmVseS4NCiBUaGVyZSBpcyBh IHBhcmFncmFwaCBpbiAgZHJhZnQtaWV0Zi1lbXUtY2hiaW5kDQoiIFRoZSBjaGFubmVsIGJpbmRp bmcgcHJvdG9jb2wgZGVmaW5lZCBpbiB0aGlzIGRvY3VtZW50IG11c3QgYmUNCiAgIHRyYW5zcG9y dGVkIGFmdGVyIGtleWluZyBtYXRlcmlhbCBoYXMgYmVlbiBkZXJpdmVkIGJldHdlZW4gdGhlIEVB UA0KICAgcGVlciBhbmQgc2VydmVyLCBhbmQgYmVmb3JlIHRoZSBwZWVyIHdvdWxkIHN1ZmZlciBh ZHZlcnNlIGFmZmVjdHMNCiAgIGZyb20gam9pbmluZyBhbiBhZHZlcnNhcmlhbCBuZXR3b3JrLiAg Ig0KDQoNCg== --=_alternative 0009899148257A30_= Content-Type: text/html; charset="GB2312" Content-Transfer-Encoding: base64 DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlJlZ2FyZHN+fn48YnI+DQo8YnI+ DQotU3VqaW5nIFpob3U8L2ZvbnQ+DQo8YnI+DQo8YnI+PHR0Pjxmb250IHNpemU9Mj5TYW0gSGFy dG1hbiAmbHQ7aGFydG1hbnMtaWV0ZkBtaXQuZWR1Jmd0OyDQtNPaIDIwMTItMDYtMjkNCjAyOjA2 OjAwOjxicj4NCjxicj4NCiZndDsgJmd0OyZndDsmZ3Q7Jmd0OyZndDsgJnF1b3Q7emhvdSZxdW90 OyA9PSB6aG91IHN1amluZyAmbHQ7emhvdS5zdWppbmdAenRlLmNvbS5jbiZndDsNCndyaXRlczo8 YnI+DQomZ3Q7IDxicj4NCiZndDsgJm5ic3A7ICZuYnNwOyB6aG91Jmd0OyBUbyBteSB1bmRlcnN0 YW5kaW5nLCByaWdodCBwcmlvciB0byBmaW5pc2hpbmcNCnR1bm5lbCA8YnI+DQomZ3Q7IGVzdGFi bGlzaGVtZW50LCBFQVAgcGVlcjxicj4NCiZndDsgJm5ic3A7ICZuYnNwOyB6aG91Jmd0OyBhbmQg RUFQIFNlcnZlcihwcmludCBzZXJ2ZXIgaW4gdGhlIHNlcnZlciBpbnNlcnRpb24NCmF0dGFjazxi cj4NCiZndDsgY2FzZSkgc2hvdWxkIGhhdmU8YnI+DQomZ3Q7ICZuYnNwOyAmbmJzcDsgemhvdSZn dDsgZXhjaGFuZ2VkIGNoYW5uZWwgYmluZGluZyB3aXRoIGludGVncml0eSBwcm90ZWN0aW9uDQpi eSBrZXk8YnI+DQomZ3Q7IG9ubHkga25vd24gdG8gRUFQPGJyPg0KJmd0OyAmbmJzcDsgJm5ic3A7 IHpob3UmZ3Q7IHBlZXIgYW5kIEVBUCBzZXJ2ZXIgKE1TSyBpbiB0aGlzIGNhc2UpLDxicj4NCiZn dDsgPGJyPg0KJmd0OyB3ZWxsLCBJIGFjdHVhbGx5IHRoaW5rIHRoaXMgaGFwcGVucyBhZnRlciB0 dW5uZWwgZXN0YWJsaXNobWVudCBhbmQNCmFmdGVyPGJyPg0KJmd0OyB0aGUgaW5uZXIgbWV0aG9k Ljxicj4NCiZndDsgU28sICZuYnNwO2FmdGVyIHRoZSBwcmludCBzZXJ2ZXIgbGVhcm5zIHRoZSBN U0suPGJyPg0KJmd0OyBBcyBJIHJlYWQgZHJhZnQtaWV0Zi1lbXUtY2hiaW5kIG5vdGhpbmcgZm9y YmlkcyB0aGlzLiBDZXJ0YWlubHkgdGhlPGJyPg0KJmd0OyBleGlzdGluZyBpbXBsZW1lbnRhdGlv bnMgb2YgY2hhbm5lbCBiaW5kaW5nIEknbSBhd2FyZSBvZiB3b3JrIHRoYXQNCndheS48YnI+DQom Z3Q7IDxicj4NCjwvZm9udD48L3R0Pg0KPGJyPjx0dD48Zm9udCBzaXplPTI+U2luY2UgdHVubmVs IG1ldGhvZCBpcyBhbHNvIGFuIEVBUCBtZXRob2QsIGFuZCB1c2VkDQpmb3IgcHJvdGVjdGluZyB0 aGUgaW5uZXIgRUFQIG1ldGhvZCw8L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPndo eSBjYW5uJ3QgcHV0IGNoYW5uZWwgYmluZGluZyByaWdodCBhZnRlciB0aGUgdHVubmVsDQptZXRo b2Q/IFNvIHRoYXQgYWR2ZXJzZSBhZmZlY3RzIGNhbiA8L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZv bnQgc2l6ZT0yPmJlIHByZXZlbnRlZCBtb3JlIGVmZmVjdGl2ZWx5LjwvZm9udD48L3R0Pg0KPGJy Pjx0dD48Zm9udCBzaXplPTI+Jm5ic3A7VGhlcmUgaXMgYSBwYXJhZ3JhcGggaW4gJm5ic3A7ZHJh ZnQtaWV0Zi1lbXUtY2hiaW5kPC9mb250PjwvdHQ+DQo8YnI+PHR0Pjxmb250IHNpemU9Mj4mcXVv dDs8L2ZvbnQ+PC90dD48dHQ+PGZvbnQgc2l6ZT0zPiBUaGUgY2hhbm5lbCBiaW5kaW5nDQpwcm90 b2NvbCBkZWZpbmVkIGluIHRoaXMgZG9jdW1lbnQgbXVzdCBiZTxicj4NCiAmbmJzcDsgdHJhbnNw b3J0ZWQgYWZ0ZXIga2V5aW5nIG1hdGVyaWFsIGhhcyBiZWVuIGRlcml2ZWQgYmV0d2VlbiB0aGUN CkVBUDxicj4NCiAmbmJzcDsgcGVlciBhbmQgc2VydmVyLCBhbmQgYmVmb3JlIHRoZSBwZWVyIHdv dWxkIHN1ZmZlciBhZHZlcnNlIGFmZmVjdHM8YnI+DQogJm5ic3A7IGZyb20gam9pbmluZyBhbiBh ZHZlcnNhcmlhbCBuZXR3b3JrLiAmbmJzcDs8L2ZvbnQ+PC90dD48dHQ+PGZvbnQgc2l6ZT0yPiZx dW90OzwvZm9udD48L3R0Pg0KPGJyPg0KPGJyPg0K --=_alternative 0009899148257A30_=-- From zhou.sujing@zte.com.cn Mon Jul 2 20:27:05 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8572411E8116; Mon, 2 Jul 2012 20:27:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -92.49 X-Spam-Level: X-Spam-Status: No, score=-92.49 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JEsXBZnUs78s; Mon, 2 Jul 2012 20:27:04 -0700 (PDT) Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 1D37311E80EC; Mon, 2 Jul 2012 20:27:03 -0700 (PDT) Received: from [10.30.17.100] by mx5.zte.com.cn with surfront esmtp id 286202676637534; Tue, 3 Jul 2012 11:21:28 +0800 (CST) Received: from [10.30.3.21] by [192.168.168.16] with StormMail ESMTP id 11535.6179328368; Tue, 3 Jul 2012 11:27:00 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse02.zte.com.cn with ESMTP id q633Qsjm074441; Tue, 3 Jul 2012 11:26:54 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn) In-Reply-To: To: Sam Hartman MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007 Message-ID: From: zhou.sujing@zte.com.cn Date: Tue, 3 Jul 2012 11:26:54 +0800 X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-07-03 11:26:56, Serialize complete at 2012-07-03 11:26:56 Content-Type: multipart/alternative; boundary="=_alternative 0012FD5248257A30_=" X-MAIL: mse02.zte.com.cn q633Qsjm074441 Cc: draft-hartman-emu-mutual-crypto-bind@tools.ietf.org, emu-bounces@ietf.org, Sam Hartman , emu@ietf.org Subject: [Emu] =?gb2312?b?tPC4tDogUmU6ICBOZXcgZHJhZnQgb24gbXV0dWFsIGNyeXB0?= =?gb2312?b?byBiaW5kaW5nIHByb2JsZW0=?= X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 03:27:05 -0000 This is a multipart message in MIME format. --=_alternative 0012FD5248257A30_= Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: base64 SG93IGRvZXMgRU1TSyBicmVhayBpbnRlcm1lZGlhdGUgQUFBIHNlcnZlcnOjvw0KDQpSZWdhcmRz fn5+DQoNCi1TdWppbmcgWmhvdQ0KDQplbXUtYm91bmNlc0BpZXRmLm9yZyDQtNPaIDIwMTItMDYt MjkgMDI6MjU6NDQ6DQoNCj4gPj4+Pj4gIkhhbyIgPT0gSGFvIFpob3UgPGh6aG91QGNpc2NvLmNv bT4gd3JpdGVzOg0KPiANCj4gICAgIEhhbz4gU2FtOg0KPiAgICAgSGFvPiBUaGlzIGlzIGEgd2Vs bCB0aG91Z2h0IGFuZCB3ZWxsIHdyaXR0ZW4gZHJhZnQsIGl0IGNvdmVycyBhIA0KPiBsb3Qgb2Yg YmFja2dyb3VuZA0KPiAgICAgSGFvPiBhbmQgYXNwZWN0IG9mIHRoZSBhdHRhY2tzIGFuZCBtaXRp Z2F0aW9ucy4gSG93ZXZlciwgSSBoYXZlIA0KPiBmZXcgY29tbWVudHM6DQo+IFRoYW5rcyENCj4g DQo+IFlvdSBsaXN0ZWQgYSBzZXQgb2YgZHJhd2JhY2tzIHRvIEVNU0stYmFzZWQgY3J5cHRvIGJp bmRpbmcuDQo+IA0KPiAgICAgSGFvPiBBLiBNdXR1YWwgY3J5cHRvLWJpbmRpbmcgcmVxdWlyZWQg dGhlIHVzZSBvZiBFTVNLLCBub3QgYWxsIA0KPiBleGlzdGluZyBFQVANCj4gICAgIEhhbz4gbWV0 aG9kIGdlbmVyYXRlIGFuZCBleHBvcnQgRU1TSy4gSXQgd2lsbCBhbHNvIGJyZWFrIA0KaW50ZXJt ZWRpYXRlIEFBQQ0KPiAgICAgSGFvPiBzZXJ2ZXJzLiBNb3JlIGltcG9ydGFudGx5LCBpdCB3b3Vs ZCBvbmx5IHdvcmsgZm9yIGFuIEVBUCBtZXRob2QgDQp0aGF0DQo+ICAgICBIYW8+IGdlbmVyYXRl cyBrZXlzLiBQYXJ0IG9mIHRoZSBnb2FsIG9mIFR1bm5lbCBNZXRob2QgaXMgdG8gcHJvdGVjdCAN CndlYWsNCj4gICAgIEhhbz4gYXV0aGVudGljYXRpb24gb3IgRUFQIG1ldGhvZCwgdGhpcyB3b3Vs ZCBub3QgYmVuZWZpdHMgdGhlbS4NCj4gDQo+IFRoZXNlIGRyYXdiYWNrcyB0byBFTVNLLWJhc2Vk IGNyeXB0b2dyYXBoaWMgYmluZGluZyBhcmUgZG9jdW1lbnRlZDsNCj4gdGhhbmtzLg0KPiANCj4g ICAgIEhhbz4gRC4gRW5mb3JjaW5nIHNlcnZlciBwb2xpY3kgd291bGQgYmUgYW5vdGhlciBnb29k IHdheSB0byBnbywNCj4gaWYgc2VydmVyIGNhbg0KPiAgICAgSGFvPiBkZW1hbmQgdHVubmVsIG1l dGhvZCBvbmx5LCBlbGltaW5hdGUgdGhlIGNoYW5jZSBvZiBpbm5lciANCj4gbWV0aG9kIE1TSyBi ZWluZw0KPiAgICAgSGFvPiBzZW50IHRvIHRoZSBhdHRhY2tlci4NCj4gDQo+IEFzIGRpc2N1c3Nl ZCBpbiB0aGUgZHJhZnQsIHlvdSBhY3R1YWxseSBuZWVkIGEgbnVtYmVyIG9mIGNvbmRpdGlvbnMN Cj4gYmV5b25kIGp1c3QgdGhhdC4NCj4gSG93ZXZlciBJIGFncmVlIHNlcnZlciBwb2xpY3kgaXMg YW5vdGhlciBpbXBvcnRhbnQgbWl0aWdhdGlvbiwgd2hpY2ggaXMNCj4gd2h5IHRoZSBkcmFmdCBy ZWNvbW1lbmRzIGl0Lg0KPiANCj4gICAgIEhhbz4gMi4gSSBhbSBub3Qgc3VyZSAiTXV0dWFsIENy eXB0by1iaW5kaW5nIiBpcyBhIGdvb2QgdGVybSwgYXMNCj4gdGhlIGV4aXN0aW5nDQo+ICAgICBI YW8+IGNyeXB0by1iaW5kaW5nIGlzIGFscmVhZHkgbXV0dWFsbHkgYXV0aGVudGljYXRpbmcgdGhl IHBlZXIgDQo+IGFuZCB0aGUgc2VydmVyLg0KPiAgICAgSGFvPiBNYXliZSBtb3JlIGFjY3VyYXRl IHRvIGJlIGNhbGxlZCAiQ3J5cHRvLWJpbmRpbmcgYmFzZWQgb24gDQo+IEVNU0siIG9yICJFeHRl bmRlZA0KPiAgICAgSGFvPiBDcnlwdG8tYmluZGluZyIgZXRjLg0KPiANCj4gSSB0aGluayBvZiBt dXR1YWwgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIGFzIGNyeXB0byBiaW5kaW5nIHRoYXQgcHJvdmlk ZXMNCj4gZGVmZW5zZSBhZ2FpbnN0IHRoZXNlIHNvcnQgb2YgYXR0YWNrcyAoYW5kIHBlcnNvbmFs bHkgZG9uJ3QgY29uc2lkZXINCj4gZXhpc3RpbmcgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRvIHJl YWxseSBxdWFsaWZ5IGFzICJtdXR1YWwiLikNCj4gSSB0aGluayB0aG91Z2ggdGhhdCBkZXNjcmli aW5nIHRoaXMgbmV3IG1lY2hhbmlzbSBhcyBFTVNLLWJhc2VkDQo+IGNyeXB0b2dyYXBoaWMgYmlu ZGluZyBpcyBnb29kLiBXZSBtYXkgaGF2ZSBvdGhlciBtZWNoYW5pc21zIHRoYXQgbWVldA0KPiB0 aGUgc2VjdXJpdHkgZ29hbHMgb2YgbXV0dWFsIGNyeXB0b2dyYXBoaWMgYmluZGluZyBhbmQgaXQg aXMgYWx3YXlzDQo+IGRlc2lyYWJsZSB0byBzZXBhcmF0ZSBtZWNoYW5pc20gZnJvbSBhYnN0cmFj dGlvbi4NCj4gSSd2ZSB0cmllZCB0byBzdGFydCB0aGF0IHRyYW5zaXRpb24gaW4gdGhlIG5leHQg dmVyc2lvbiBvZiB0aGUNCj4gZHJhZnQuIFRoYW5rcyB2ZXJ5IG11Y2ggZm9yIHBvaW50aW5nIHRo aXMgb3V0Lg0KPiBEb3VidGxlc3Mgd2UnbGwgaGF2ZSBhbm90aGVyICByb3VuZCBvZiBpbXByb3Zp bmcgdGVybWlub2xvZ3kuDQo+IA0KPiBBZ2FpbiwgdGhhbmtzIHNvIG11Y2ggZm9yIHlvdXIgY29t bWVudHMuDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQo+IEVtdSBtYWlsaW5nIGxpc3QNCj4gRW11QGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYu b3JnL21haWxtYW4vbGlzdGluZm8vZW11DQo+IA0KDQo= --=_alternative 0012FD5248257A30_= Content-Type: text/html; charset="GB2312" Content-Transfer-Encoding: base64 DQo8YnI+PHR0Pjxmb250IHNpemU9Mj5Ib3cgZG9lcyBFTVNLIGJyZWFrIGludGVybWVkaWF0ZSBB QUEgc2VydmVyc6O/PC9mb250PjwvdHQ+DQo8YnI+DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNh bnMtc2VyaWYiPlJlZ2FyZHN+fn48YnI+DQo8YnI+DQotU3VqaW5nIFpob3U8L2ZvbnQ+DQo8YnI+ DQo8YnI+PHR0Pjxmb250IHNpemU9Mj5lbXUtYm91bmNlc0BpZXRmLm9yZyDQtNPaIDIwMTItMDYt MjkgMDI6MjU6NDQ6PGJyPg0KPGJyPg0KJmd0OyAmZ3Q7Jmd0OyZndDsmZ3Q7Jmd0OyAmcXVvdDtI YW8mcXVvdDsgPT0gSGFvIFpob3UgJmx0O2h6aG91QGNpc2NvLmNvbSZndDsNCndyaXRlczo8YnI+ DQomZ3Q7IDxicj4NCiZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IFNhbTo8YnI+DQomZ3Q7ICZu YnNwOyAmbmJzcDsgSGFvJmd0OyBUaGlzIGlzIGEgd2VsbCB0aG91Z2h0IGFuZCB3ZWxsIHdyaXR0 ZW4gZHJhZnQsDQppdCBjb3ZlcnMgYSA8YnI+DQomZ3Q7IGxvdCBvZiBiYWNrZ3JvdW5kPGJyPg0K Jmd0OyAmbmJzcDsgJm5ic3A7IEhhbyZndDsgYW5kIGFzcGVjdCBvZiB0aGUgYXR0YWNrcyBhbmQg bWl0aWdhdGlvbnMuIEhvd2V2ZXIsDQpJIGhhdmUgPGJyPg0KJmd0OyBmZXcgY29tbWVudHM6PGJy Pg0KJmd0OyBUaGFua3MhPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IFlvdSBsaXN0ZWQgYSBzZXQgb2Yg ZHJhd2JhY2tzIHRvIEVNU0stYmFzZWQgY3J5cHRvIGJpbmRpbmcuPGJyPg0KJmd0OyA8YnI+DQom Z3Q7ICZuYnNwOyAmbmJzcDsgSGFvJmd0OyBBLiBNdXR1YWwgY3J5cHRvLWJpbmRpbmcgcmVxdWly ZWQgdGhlIHVzZSBvZg0KRU1TSywgbm90IGFsbCA8YnI+DQomZ3Q7IGV4aXN0aW5nIEVBUDxicj4N CiZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IG1ldGhvZCBnZW5lcmF0ZSBhbmQgZXhwb3J0IEVN U0suIEl0IHdpbGwgYWxzbw0KYnJlYWsgaW50ZXJtZWRpYXRlIEFBQTxicj4NCiZndDsgJm5ic3A7 ICZuYnNwOyBIYW8mZ3Q7IHNlcnZlcnMuIE1vcmUgaW1wb3J0YW50bHksIGl0IHdvdWxkIG9ubHkg d29yaw0KZm9yIGFuIEVBUCBtZXRob2QgdGhhdDxicj4NCiZndDsgJm5ic3A7ICZuYnNwOyBIYW8m Z3Q7IGdlbmVyYXRlcyBrZXlzLiBQYXJ0IG9mIHRoZSBnb2FsIG9mIFR1bm5lbCBNZXRob2QNCmlz IHRvIHByb3RlY3Qgd2Vhazxicj4NCiZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IGF1dGhlbnRp Y2F0aW9uIG9yIEVBUCBtZXRob2QsIHRoaXMgd291bGQgbm90DQpiZW5lZml0cyB0aGVtLjxicj4N CiZndDsgPGJyPg0KJmd0OyBUaGVzZSBkcmF3YmFja3MgdG8gRU1TSy1iYXNlZCBjcnlwdG9ncmFw aGljIGJpbmRpbmcgYXJlIGRvY3VtZW50ZWQ7PGJyPg0KJmd0OyB0aGFua3MuPGJyPg0KJmd0OyA8 YnI+DQomZ3Q7ICZuYnNwOyAmbmJzcDsgSGFvJmd0OyBELiBFbmZvcmNpbmcgc2VydmVyIHBvbGlj eSB3b3VsZCBiZSBhbm90aGVyDQpnb29kIHdheSB0byBnbyw8YnI+DQomZ3Q7IGlmIHNlcnZlciBj YW48YnI+DQomZ3Q7ICZuYnNwOyAmbmJzcDsgSGFvJmd0OyBkZW1hbmQgdHVubmVsIG1ldGhvZCBv bmx5LCBlbGltaW5hdGUgdGhlIGNoYW5jZQ0Kb2YgaW5uZXIgPGJyPg0KJmd0OyBtZXRob2QgTVNL IGJlaW5nPGJyPg0KJmd0OyAmbmJzcDsgJm5ic3A7IEhhbyZndDsgc2VudCB0byB0aGUgYXR0YWNr ZXIuPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IEFzIGRpc2N1c3NlZCBpbiB0aGUgZHJhZnQsIHlvdSBh Y3R1YWxseSBuZWVkIGEgbnVtYmVyIG9mIGNvbmRpdGlvbnM8YnI+DQomZ3Q7IGJleW9uZCBqdXN0 IHRoYXQuPGJyPg0KJmd0OyBIb3dldmVyIEkgYWdyZWUgc2VydmVyIHBvbGljeSBpcyBhbm90aGVy IGltcG9ydGFudCBtaXRpZ2F0aW9uLCB3aGljaA0KaXM8YnI+DQomZ3Q7IHdoeSB0aGUgZHJhZnQg cmVjb21tZW5kcyBpdC48YnI+DQomZ3Q7IDxicj4NCiZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7 IDIuIEkgYW0gbm90IHN1cmUgJnF1b3Q7TXV0dWFsIENyeXB0by1iaW5kaW5nJnF1b3Q7DQppcyBh IGdvb2QgdGVybSwgYXM8YnI+DQomZ3Q7IHRoZSBleGlzdGluZzxicj4NCiZndDsgJm5ic3A7ICZu YnNwOyBIYW8mZ3Q7IGNyeXB0by1iaW5kaW5nIGlzIGFscmVhZHkgbXV0dWFsbHkgYXV0aGVudGlj YXRpbmcNCnRoZSBwZWVyIDxicj4NCiZndDsgYW5kIHRoZSBzZXJ2ZXIuPGJyPg0KJmd0OyAmbmJz cDsgJm5ic3A7IEhhbyZndDsgTWF5YmUgbW9yZSBhY2N1cmF0ZSB0byBiZSBjYWxsZWQgJnF1b3Q7 Q3J5cHRvLWJpbmRpbmcNCmJhc2VkIG9uIDxicj4NCiZndDsgRU1TSyZxdW90OyBvciAmcXVvdDtF eHRlbmRlZDxicj4NCiZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IENyeXB0by1iaW5kaW5nJnF1 b3Q7IGV0Yy48YnI+DQomZ3Q7IDxicj4NCiZndDsgSSB0aGluayBvZiBtdXR1YWwgY3J5cHRvZ3Jh cGhpYyBiaW5kaW5nIGFzIGNyeXB0byBiaW5kaW5nIHRoYXQgcHJvdmlkZXM8YnI+DQomZ3Q7IGRl ZmVuc2UgYWdhaW5zdCB0aGVzZSBzb3J0IG9mIGF0dGFja3MgKGFuZCBwZXJzb25hbGx5IGRvbid0 IGNvbnNpZGVyPGJyPg0KJmd0OyBleGlzdGluZyBjcnlwdG9ncmFwaGljIGJpbmRpbmcgdG8gcmVh bGx5IHF1YWxpZnkgYXMgJnF1b3Q7bXV0dWFsJnF1b3Q7Lik8YnI+DQomZ3Q7IEkgdGhpbmsgdGhv dWdoIHRoYXQgZGVzY3JpYmluZyB0aGlzIG5ldyBtZWNoYW5pc20gYXMgRU1TSy1iYXNlZDxicj4N CiZndDsgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIGlzIGdvb2QuIFdlIG1heSBoYXZlIG90aGVyIG1l Y2hhbmlzbXMgdGhhdCBtZWV0PGJyPg0KJmd0OyB0aGUgc2VjdXJpdHkgZ29hbHMgb2YgbXV0dWFs IGNyeXB0b2dyYXBoaWMgYmluZGluZyBhbmQgaXQgaXMgYWx3YXlzPGJyPg0KJmd0OyBkZXNpcmFi bGUgdG8gc2VwYXJhdGUgbWVjaGFuaXNtIGZyb20gYWJzdHJhY3Rpb24uPGJyPg0KJmd0OyBJJ3Zl IHRyaWVkIHRvIHN0YXJ0IHRoYXQgdHJhbnNpdGlvbiBpbiB0aGUgbmV4dCB2ZXJzaW9uIG9mIHRo ZTxicj4NCiZndDsgZHJhZnQuIFRoYW5rcyB2ZXJ5IG11Y2ggZm9yIHBvaW50aW5nIHRoaXMgb3V0 Ljxicj4NCiZndDsgRG91YnRsZXNzIHdlJ2xsIGhhdmUgYW5vdGhlciAmbmJzcDtyb3VuZCBvZiBp bXByb3ZpbmcgdGVybWlub2xvZ3kuPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IEFnYWluLCB0aGFua3Mg c28gbXVjaCBmb3IgeW91ciBjb21tZW50cy48YnI+DQomZ3Q7IF9fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KJmd0OyBFbXUgbWFpbGluZyBsaXN0PGJy Pg0KJmd0OyBFbXVAaWV0Zi5vcmc8YnI+DQomZ3Q7IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxt YW4vbGlzdGluZm8vZW11PGJyPg0KJmd0OyA8YnI+DQo8L2ZvbnQ+PC90dD4NCg== --=_alternative 0012FD5248257A30_=-- From zhou.sujing@zte.com.cn Mon Jul 2 21:04:24 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE6BB11E80EC; Mon, 2 Jul 2012 21:04:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -92.64 X-Spam-Level: X-Spam-Status: No, score=-92.64 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smNr5Dfv5ezm; Mon, 2 Jul 2012 21:04:23 -0700 (PDT) Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 1733A11E8116; Mon, 2 Jul 2012 21:04:22 -0700 (PDT) Received: from [10.30.17.100] by mx5.zte.com.cn with surfront esmtp id 286202676637534; Tue, 3 Jul 2012 11:58:45 +0800 (CST) Received: from [10.30.3.20] by [192.168.168.16] with StormMail ESMTP id 11535.5431455923; Tue, 3 Jul 2012 12:04:18 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id q6344I8L069349; Tue, 3 Jul 2012 12:04:18 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn) In-Reply-To: To: "Zhangdacheng (Dacheng)" MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007 Message-ID: From: zhou.sujing@zte.com.cn Date: Tue, 3 Jul 2012 12:04:18 +0800 X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-07-03 12:04:19, Serialize complete at 2012-07-03 12:04:19 Content-Type: multipart/alternative; boundary="=_alternative 001669C148257A30_=" X-MAIL: mse01.zte.com.cn q6344I8L069349 Cc: "emu-bounces@ietf.org" , Sam Hartman , "emu@ietf.org" Subject: [Emu] =?gb2312?b?tPC4tDogUkU6IFJlOiAgTmV3IGRyYWZ0IG9uIG11dHVhbCBj?= =?gb2312?b?cnlwdG8gYmluZGluZyBwcm9ibGVt?= X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2012 04:04:25 -0000 This is a multipart message in MIME format. --=_alternative 001669C148257A30_= Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: base64 UmVnYXJkc35+fg0KDQotU3VqaW5nIFpob3UNCg0KIlpoYW5nZGFjaGVuZyAoRGFjaGVuZykiIDx6 aGFuZ2RhY2hlbmdAaHVhd2VpLmNvbT4g0LTT2iAyMDEyLTA3LTAzIA0KMTE6NDE6NDk6DQoNCj4g SSB0aGluayB5b3UgdHJ5IHRvIGFzayB3aHkgRVNNSyBjYW4gYmUgdXNlZCB0byBkZXRlY3QgdGhl IGF0dGFja2VycyANCj4gd2hvIHRyeSB0byBpbXBlcnNvbmF0ZSBvdGhlciBob25lc3Qgc2VydmVy cy4NCj4gDQo+IFVubGlrZSBNU0ssIEVNU0sgd2lsbCBuZXZlciBiZSB0cmFuc3BvcnRlZCBvdmVy IHRoZSBuZXR3b3JrIGFuZCB0aGVuDQo+IGNhbm5vdCBiZSBhY2Nlc3NlZCBieSBhdHRhY2tlcnMu IFRoZXJlZm9yZSwgaXQgaXMgcG9zc2libGUgZm9yIGEgDQo+IHBlZXIgdG8gdXNlIEVNU0sgdG8g ZGV0ZWN0IGFuIGF0dGFja2VyIHdobyB0cmllcyB0byBwZXJmb3JtIHRoZSANCj4gYXR0YWNrcyBp bGx1c3RyYXRlZCBpbiB0aGUgZHJhZnQuDQoNClRoYXQgaXMgd2hhdCBJIHVuZGVyc3RhbmQsIGJ1 dCBFTVNLLWJhc2VkIGNyeXB0byBiaW5kaW5nIGNhbiBzdGlsbCBiZSANCnRyYW5zcG9ydGVkIHRo cm91Z2ggaW50ZXJtZWRpYXRlIEFBQSBzZXJ2ZXJzIA0KYmV0d2VlbiBob21lIEFBQSBzZXJ2ZXIg YW5kIHBlZXIsIHJpZ2h0PyANCqPJZG9uJ3QgdW5kZXJzdGFuZCBIYW8gWmhvdSdzIGNvbmNlcm4g aGVyZS4NCg0KPiANCj4gRnJvbTogemhvdS5zdWppbmdAenRlLmNvbS5jbiBbbWFpbHRvOnpob3Uu c3VqaW5nQHp0ZS5jb20uY25dIA0KPiBTZW50OiBUdWVzZGF5LCBKdWx5IDAzLCAyMDEyIDExOjI3 IEFNDQo+IFRvOiBTYW0gSGFydG1hbg0KPiBDYzogZHJhZnQtaGFydG1hbi1lbXUtbXV0dWFsLWNy eXB0by1iaW5kQHRvb2xzLmlldGYub3JnOyBlbXVAaWV0Zi4NCj4gb3JnOyBlbXUtYm91bmNlc0Bp ZXRmLm9yZzsgU2FtIEhhcnRtYW47IEhhbyBaaG91DQo+IFN1YmplY3Q6ILTwuLQ6IFJlOiBbRW11 XSBOZXcgZHJhZnQgb24gbXV0dWFsIGNyeXB0byBiaW5kaW5nIHByb2JsZW0NCj4gDQo+IA0KPiBI b3cgZG9lcyBFTVNLIGJyZWFrIGludGVybWVkaWF0ZSBBQUEgc2VydmVyc6O/IA0KPiANCj4gUmVn YXJkc35+fg0KPiANCj4gLVN1amluZyBaaG91IA0KPiANCj4gZW11LWJvdW5jZXNAaWV0Zi5vcmcg 0LTT2iAyMDEyLTA2LTI5IDAyOjI1OjQ0Og0KPiANCj4gPiA+Pj4+PiAiSGFvIiA9PSBIYW8gWmhv dSA8aHpob3VAY2lzY28uY29tPiB3cml0ZXM6DQo+ID4gDQo+ID4gICAgIEhhbz4gU2FtOg0KPiA+ ICAgICBIYW8+IFRoaXMgaXMgYSB3ZWxsIHRob3VnaHQgYW5kIHdlbGwgd3JpdHRlbiBkcmFmdCwg aXQgY292ZXJzIGEgDQo+ID4gbG90IG9mIGJhY2tncm91bmQNCj4gPiAgICAgSGFvPiBhbmQgYXNw ZWN0IG9mIHRoZSBhdHRhY2tzIGFuZCBtaXRpZ2F0aW9ucy4gSG93ZXZlciwgSSBoYXZlIA0KPiA+ IGZldyBjb21tZW50czoNCj4gPiBUaGFua3MhDQo+ID4gDQo+ID4gWW91IGxpc3RlZCBhIHNldCBv ZiBkcmF3YmFja3MgdG8gRU1TSy1iYXNlZCBjcnlwdG8gYmluZGluZy4NCj4gPiANCj4gPiAgICAg SGFvPiBBLiBNdXR1YWwgY3J5cHRvLWJpbmRpbmcgcmVxdWlyZWQgdGhlIHVzZSBvZiBFTVNLLCBu b3QgYWxsIA0KPiA+IGV4aXN0aW5nIEVBUA0KPiA+ICAgICBIYW8+IG1ldGhvZCBnZW5lcmF0ZSBh bmQgZXhwb3J0IEVNU0suIEl0IHdpbGwgYWxzbyBicmVhayANCj4gaW50ZXJtZWRpYXRlIEFBQQ0K PiA+ICAgICBIYW8+IHNlcnZlcnMuIE1vcmUgaW1wb3J0YW50bHksIGl0IHdvdWxkIG9ubHkgd29y ayBmb3IgYW4gRUFQIA0KPiBtZXRob2QgdGhhdA0KPiA+ICAgICBIYW8+IGdlbmVyYXRlcyBrZXlz LiBQYXJ0IG9mIHRoZSBnb2FsIG9mIFR1bm5lbCBNZXRob2QgaXMgdG8gDQo+IHByb3RlY3Qgd2Vh aw0KPiA+ICAgICBIYW8+IGF1dGhlbnRpY2F0aW9uIG9yIEVBUCBtZXRob2QsIHRoaXMgd291bGQg bm90IGJlbmVmaXRzIHRoZW0uDQo+ID4gDQo+ID4gVGhlc2UgZHJhd2JhY2tzIHRvIEVNU0stYmFz ZWQgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIGFyZSBkb2N1bWVudGVkOw0KPiA+IHRoYW5rcy4NCj4g PiANCj4gPiAgICAgSGFvPiBELiBFbmZvcmNpbmcgc2VydmVyIHBvbGljeSB3b3VsZCBiZSBhbm90 aGVyIGdvb2Qgd2F5IHRvIGdvLA0KPiA+IGlmIHNlcnZlciBjYW4NCj4gPiAgICAgSGFvPiBkZW1h bmQgdHVubmVsIG1ldGhvZCBvbmx5LCBlbGltaW5hdGUgdGhlIGNoYW5jZSBvZiBpbm5lciANCj4g PiBtZXRob2QgTVNLIGJlaW5nDQo+ID4gICAgIEhhbz4gc2VudCB0byB0aGUgYXR0YWNrZXIuDQo+ ID4gDQo+ID4gQXMgZGlzY3Vzc2VkIGluIHRoZSBkcmFmdCwgeW91IGFjdHVhbGx5IG5lZWQgYSBu dW1iZXIgb2YgY29uZGl0aW9ucw0KPiA+IGJleW9uZCBqdXN0IHRoYXQuDQo+ID4gSG93ZXZlciBJ IGFncmVlIHNlcnZlciBwb2xpY3kgaXMgYW5vdGhlciBpbXBvcnRhbnQgbWl0aWdhdGlvbiwgd2hp Y2ggDQppcw0KPiA+IHdoeSB0aGUgZHJhZnQgcmVjb21tZW5kcyBpdC4NCj4gPiANCj4gPiAgICAg SGFvPiAyLiBJIGFtIG5vdCBzdXJlICJNdXR1YWwgQ3J5cHRvLWJpbmRpbmciIGlzIGEgZ29vZCB0 ZXJtLCBhcw0KPiA+IHRoZSBleGlzdGluZw0KPiA+ICAgICBIYW8+IGNyeXB0by1iaW5kaW5nIGlz IGFscmVhZHkgbXV0dWFsbHkgYXV0aGVudGljYXRpbmcgdGhlIHBlZXIgDQo+ID4gYW5kIHRoZSBz ZXJ2ZXIuDQo+ID4gICAgIEhhbz4gTWF5YmUgbW9yZSBhY2N1cmF0ZSB0byBiZSBjYWxsZWQgIkNy eXB0by1iaW5kaW5nIGJhc2VkIG9uIA0KPiA+IEVNU0siIG9yICJFeHRlbmRlZA0KPiA+ICAgICBI YW8+IENyeXB0by1iaW5kaW5nIiBldGMuDQo+ID4gDQo+ID4gSSB0aGluayBvZiBtdXR1YWwgY3J5 cHRvZ3JhcGhpYyBiaW5kaW5nIGFzIGNyeXB0byBiaW5kaW5nIHRoYXQgDQpwcm92aWRlcw0KPiA+ IGRlZmVuc2UgYWdhaW5zdCB0aGVzZSBzb3J0IG9mIGF0dGFja3MgKGFuZCBwZXJzb25hbGx5IGRv bid0IGNvbnNpZGVyDQo+ID4gZXhpc3RpbmcgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRvIHJlYWxs eSBxdWFsaWZ5IGFzICJtdXR1YWwiLikNCj4gPiBJIHRoaW5rIHRob3VnaCB0aGF0IGRlc2NyaWJp bmcgdGhpcyBuZXcgbWVjaGFuaXNtIGFzIEVNU0stYmFzZWQNCj4gPiBjcnlwdG9ncmFwaGljIGJp bmRpbmcgaXMgZ29vZC4gV2UgbWF5IGhhdmUgb3RoZXIgbWVjaGFuaXNtcyB0aGF0IG1lZXQNCj4g PiB0aGUgc2VjdXJpdHkgZ29hbHMgb2YgbXV0dWFsIGNyeXB0b2dyYXBoaWMgYmluZGluZyBhbmQg aXQgaXMgYWx3YXlzDQo+ID4gZGVzaXJhYmxlIHRvIHNlcGFyYXRlIG1lY2hhbmlzbSBmcm9tIGFi c3RyYWN0aW9uLg0KPiA+IEkndmUgdHJpZWQgdG8gc3RhcnQgdGhhdCB0cmFuc2l0aW9uIGluIHRo ZSBuZXh0IHZlcnNpb24gb2YgdGhlDQo+ID4gZHJhZnQuIFRoYW5rcyB2ZXJ5IG11Y2ggZm9yIHBv aW50aW5nIHRoaXMgb3V0Lg0KPiA+IERvdWJ0bGVzcyB3ZSdsbCBoYXZlIGFub3RoZXIgIHJvdW5k IG9mIGltcHJvdmluZyB0ZXJtaW5vbG9neS4NCj4gPiANCj4gPiBBZ2FpbiwgdGhhbmtzIHNvIG11 Y2ggZm9yIHlvdXIgY29tbWVudHMuDQo+ID4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18NCj4gPiBFbXUgbWFpbGluZyBsaXN0DQo+ID4gRW11QGlldGYub3Jn DQo+ID4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXUNCj4gPiANCg== --=_alternative 001669C148257A30_= Content-Type: text/html; charset="GB2312" Content-Transfer-Encoding: base64 DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlJlZ2FyZHN+fn48YnI+DQo8YnI+ DQotU3VqaW5nIFpob3U8L2ZvbnQ+DQo8YnI+DQo8YnI+PHR0Pjxmb250IHNpemU9Mj4mcXVvdDta aGFuZ2RhY2hlbmcgKERhY2hlbmcpJnF1b3Q7ICZsdDt6aGFuZ2RhY2hlbmdAaHVhd2VpLmNvbSZn dDsNCtC009ogMjAxMi0wNy0wMyAxMTo0MTo0OTo8YnI+DQo8YnI+DQomZ3Q7IEkgdGhpbmsgeW91 IHRyeSB0byBhc2sgd2h5IEVTTUsgY2FuIGJlIHVzZWQgdG8gZGV0ZWN0IHRoZSBhdHRhY2tlcnMN Cjxicj4NCiZndDsgd2hvIHRyeSB0byBpbXBlcnNvbmF0ZSBvdGhlciBob25lc3Qgc2VydmVycy48 L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPiZndDsgJm5ic3A7PC9mb250PjwvdHQ+ DQo8YnI+PHR0Pjxmb250IHNpemU9Mj4mZ3Q7IFVubGlrZSBNU0ssIEVNU0sgd2lsbCBuZXZlciBi ZSB0cmFuc3BvcnRlZCBvdmVyDQp0aGUgbmV0d29yayBhbmQgdGhlbjxicj4NCiZndDsgY2Fubm90 IGJlIGFjY2Vzc2VkIGJ5IGF0dGFja2Vycy4gVGhlcmVmb3JlLCBpdCBpcyBwb3NzaWJsZSBmb3Ig YSA8YnI+DQomZ3Q7IHBlZXIgdG8gdXNlIEVNU0sgdG8gZGV0ZWN0IGFuIGF0dGFja2VyIHdobyB0 cmllcyB0byBwZXJmb3JtIHRoZSA8YnI+DQomZ3Q7IGF0dGFja3MgaWxsdXN0cmF0ZWQgaW4gdGhl IGRyYWZ0LjwvZm9udD48L3R0Pg0KPGJyPg0KPGJyPjx0dD48Zm9udCBzaXplPTI+VGhhdCBpcyB3 aGF0IEkgdW5kZXJzdGFuZCwgYnV0IEVNU0stYmFzZWQgY3J5cHRvIGJpbmRpbmcNCmNhbiBzdGls bCBiZSB0cmFuc3BvcnRlZCB0aHJvdWdoIGludGVybWVkaWF0ZSBBQUEgc2VydmVycyA8L2ZvbnQ+ PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPmJldHdlZW4gaG9tZSBBQUEgc2VydmVyIGFuZCBw ZWVyLCByaWdodD8gPC9mb250PjwvdHQ+DQo8YnI+PHR0Pjxmb250IHNpemU9Mj6jyWRvbid0IHVu ZGVyc3RhbmQgSGFvIFpob3UncyBjb25jZXJuIGhlcmUuPC9mb250PjwvdHQ+DQo8YnI+DQo8YnI+ PHR0Pjxmb250IHNpemU9Mj4mZ3Q7ICZuYnNwOzwvZm9udD48L3R0Pg0KPGJyPjx0dD48Zm9udCBz aXplPTI+Jmd0OyBGcm9tOiB6aG91LnN1amluZ0B6dGUuY29tLmNuIFttYWlsdG86emhvdS5zdWpp bmdAenRlLmNvbS5jbl0NCjxicj4NCiZndDsgU2VudDogVHVlc2RheSwgSnVseSAwMywgMjAxMiAx MToyNyBBTTxicj4NCiZndDsgVG86IFNhbSBIYXJ0bWFuPGJyPg0KJmd0OyBDYzogZHJhZnQtaGFy dG1hbi1lbXUtbXV0dWFsLWNyeXB0by1iaW5kQHRvb2xzLmlldGYub3JnOyBlbXVAaWV0Zi48YnI+ DQomZ3Q7IG9yZzsgZW11LWJvdW5jZXNAaWV0Zi5vcmc7IFNhbSBIYXJ0bWFuOyBIYW8gWmhvdTxi cj4NCiZndDsgU3ViamVjdDogtPC4tDogUmU6IFtFbXVdIE5ldyBkcmFmdCBvbiBtdXR1YWwgY3J5 cHRvIGJpbmRpbmcgcHJvYmxlbTwvZm9udD48L3R0Pg0KPGJyPjx0dD48Zm9udCBzaXplPTI+Jmd0 OyAmbmJzcDs8L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPiZndDsgPGJyPg0KJmd0 OyBIb3cgZG9lcyBFTVNLIGJyZWFrIGludGVybWVkaWF0ZSBBQUEgc2VydmVyc6O/IDxicj4NCiZn dDsgPGJyPg0KJmd0OyBSZWdhcmRzfn5+PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IC1TdWppbmcgWmhv dSA8YnI+DQomZ3Q7IDxicj4NCiZndDsgZW11LWJvdW5jZXNAaWV0Zi5vcmcg0LTT2iAyMDEyLTA2 LTI5IDAyOjI1OjQ0Ojxicj4NCiZndDsgPGJyPg0KJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZndDsm Z3Q7ICZxdW90O0hhbyZxdW90OyA9PSBIYW8gWmhvdSAmbHQ7aHpob3VAY2lzY28uY29tJmd0Ow0K d3JpdGVzOjxicj4NCiZndDsgJmd0OyA8YnI+DQomZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8m Z3Q7IFNhbTo8YnI+DQomZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IFRoaXMgaXMgYSB3 ZWxsIHRob3VnaHQgYW5kIHdlbGwgd3JpdHRlbg0KZHJhZnQsIGl0IGNvdmVycyBhIDxicj4NCiZn dDsgJmd0OyBsb3Qgb2YgYmFja2dyb3VuZDxicj4NCiZndDsgJmd0OyAmbmJzcDsgJm5ic3A7IEhh byZndDsgYW5kIGFzcGVjdCBvZiB0aGUgYXR0YWNrcyBhbmQgbWl0aWdhdGlvbnMuDQpIb3dldmVy LCBJIGhhdmUgPGJyPg0KJmd0OyAmZ3Q7IGZldyBjb21tZW50czo8YnI+DQomZ3Q7ICZndDsgVGhh bmtzITxicj4NCiZndDsgJmd0OyA8YnI+DQomZ3Q7ICZndDsgWW91IGxpc3RlZCBhIHNldCBvZiBk cmF3YmFja3MgdG8gRU1TSy1iYXNlZCBjcnlwdG8gYmluZGluZy48YnI+DQomZ3Q7ICZndDsgPGJy Pg0KJmd0OyAmZ3Q7ICZuYnNwOyAmbmJzcDsgSGFvJmd0OyBBLiBNdXR1YWwgY3J5cHRvLWJpbmRp bmcgcmVxdWlyZWQgdGhlIHVzZQ0Kb2YgRU1TSywgbm90IGFsbCA8YnI+DQomZ3Q7ICZndDsgZXhp c3RpbmcgRUFQPGJyPg0KJmd0OyAmZ3Q7ICZuYnNwOyAmbmJzcDsgSGFvJmd0OyBtZXRob2QgZ2Vu ZXJhdGUgYW5kIGV4cG9ydCBFTVNLLiBJdCB3aWxsDQphbHNvIGJyZWFrIDxicj4NCiZndDsgaW50 ZXJtZWRpYXRlIEFBQTxicj4NCiZndDsgJmd0OyAmbmJzcDsgJm5ic3A7IEhhbyZndDsgc2VydmVy cy4gTW9yZSBpbXBvcnRhbnRseSwgaXQgd291bGQgb25seQ0Kd29yayBmb3IgYW4gRUFQIDxicj4N CiZndDsgbWV0aG9kIHRoYXQ8YnI+DQomZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IGdl bmVyYXRlcyBrZXlzLiBQYXJ0IG9mIHRoZSBnb2FsIG9mIFR1bm5lbA0KTWV0aG9kIGlzIHRvIDxi cj4NCiZndDsgcHJvdGVjdCB3ZWFrPGJyPg0KJmd0OyAmZ3Q7ICZuYnNwOyAmbmJzcDsgSGFvJmd0 OyBhdXRoZW50aWNhdGlvbiBvciBFQVAgbWV0aG9kLCB0aGlzIHdvdWxkDQpub3QgYmVuZWZpdHMg dGhlbS48YnI+DQomZ3Q7ICZndDsgPGJyPg0KJmd0OyAmZ3Q7IFRoZXNlIGRyYXdiYWNrcyB0byBF TVNLLWJhc2VkIGNyeXB0b2dyYXBoaWMgYmluZGluZyBhcmUgZG9jdW1lbnRlZDs8YnI+DQomZ3Q7 ICZndDsgdGhhbmtzLjxicj4NCiZndDsgJmd0OyA8YnI+DQomZ3Q7ICZndDsgJm5ic3A7ICZuYnNw OyBIYW8mZ3Q7IEQuIEVuZm9yY2luZyBzZXJ2ZXIgcG9saWN5IHdvdWxkIGJlIGFub3RoZXINCmdv b2Qgd2F5IHRvIGdvLDxicj4NCiZndDsgJmd0OyBpZiBzZXJ2ZXIgY2FuPGJyPg0KJmd0OyAmZ3Q7 ICZuYnNwOyAmbmJzcDsgSGFvJmd0OyBkZW1hbmQgdHVubmVsIG1ldGhvZCBvbmx5LCBlbGltaW5h dGUgdGhlDQpjaGFuY2Ugb2YgaW5uZXIgPGJyPg0KJmd0OyAmZ3Q7IG1ldGhvZCBNU0sgYmVpbmc8 YnI+DQomZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IHNlbnQgdG8gdGhlIGF0dGFja2Vy Ljxicj4NCiZndDsgJmd0OyA8YnI+DQomZ3Q7ICZndDsgQXMgZGlzY3Vzc2VkIGluIHRoZSBkcmFm dCwgeW91IGFjdHVhbGx5IG5lZWQgYSBudW1iZXIgb2YgY29uZGl0aW9uczxicj4NCiZndDsgJmd0 OyBiZXlvbmQganVzdCB0aGF0Ljxicj4NCiZndDsgJmd0OyBIb3dldmVyIEkgYWdyZWUgc2VydmVy IHBvbGljeSBpcyBhbm90aGVyIGltcG9ydGFudCBtaXRpZ2F0aW9uLA0Kd2hpY2ggaXM8YnI+DQom Z3Q7ICZndDsgd2h5IHRoZSBkcmFmdCByZWNvbW1lbmRzIGl0Ljxicj4NCiZndDsgJmd0OyA8YnI+ DQomZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IDIuIEkgYW0gbm90IHN1cmUgJnF1b3Q7 TXV0dWFsIENyeXB0by1iaW5kaW5nJnF1b3Q7DQppcyBhIGdvb2QgdGVybSwgYXM8YnI+DQomZ3Q7 ICZndDsgdGhlIGV4aXN0aW5nPGJyPg0KJmd0OyAmZ3Q7ICZuYnNwOyAmbmJzcDsgSGFvJmd0OyBj cnlwdG8tYmluZGluZyBpcyBhbHJlYWR5IG11dHVhbGx5IGF1dGhlbnRpY2F0aW5nDQp0aGUgcGVl ciA8YnI+DQomZ3Q7ICZndDsgYW5kIHRoZSBzZXJ2ZXIuPGJyPg0KJmd0OyAmZ3Q7ICZuYnNwOyAm bmJzcDsgSGFvJmd0OyBNYXliZSBtb3JlIGFjY3VyYXRlIHRvIGJlIGNhbGxlZCAmcXVvdDtDcnlw dG8tYmluZGluZw0KYmFzZWQgb24gPGJyPg0KJmd0OyAmZ3Q7IEVNU0smcXVvdDsgb3IgJnF1b3Q7 RXh0ZW5kZWQ8YnI+DQomZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IENyeXB0by1iaW5k aW5nJnF1b3Q7IGV0Yy48YnI+DQomZ3Q7ICZndDsgPGJyPg0KJmd0OyAmZ3Q7IEkgdGhpbmsgb2Yg bXV0dWFsIGNyeXB0b2dyYXBoaWMgYmluZGluZyBhcyBjcnlwdG8gYmluZGluZyB0aGF0DQpwcm92 aWRlczxicj4NCiZndDsgJmd0OyBkZWZlbnNlIGFnYWluc3QgdGhlc2Ugc29ydCBvZiBhdHRhY2tz IChhbmQgcGVyc29uYWxseSBkb24ndCBjb25zaWRlcjxicj4NCiZndDsgJmd0OyBleGlzdGluZyBj cnlwdG9ncmFwaGljIGJpbmRpbmcgdG8gcmVhbGx5IHF1YWxpZnkgYXMgJnF1b3Q7bXV0dWFsJnF1 b3Q7Lik8YnI+DQomZ3Q7ICZndDsgSSB0aGluayB0aG91Z2ggdGhhdCBkZXNjcmliaW5nIHRoaXMg bmV3IG1lY2hhbmlzbSBhcyBFTVNLLWJhc2VkPGJyPg0KJmd0OyAmZ3Q7IGNyeXB0b2dyYXBoaWMg YmluZGluZyBpcyBnb29kLiBXZSBtYXkgaGF2ZSBvdGhlciBtZWNoYW5pc21zIHRoYXQNCm1lZXQ8 YnI+DQomZ3Q7ICZndDsgdGhlIHNlY3VyaXR5IGdvYWxzIG9mIG11dHVhbCBjcnlwdG9ncmFwaGlj IGJpbmRpbmcgYW5kIGl0IGlzDQphbHdheXM8YnI+DQomZ3Q7ICZndDsgZGVzaXJhYmxlIHRvIHNl cGFyYXRlIG1lY2hhbmlzbSBmcm9tIGFic3RyYWN0aW9uLjxicj4NCiZndDsgJmd0OyBJJ3ZlIHRy aWVkIHRvIHN0YXJ0IHRoYXQgdHJhbnNpdGlvbiBpbiB0aGUgbmV4dCB2ZXJzaW9uIG9mIHRoZTxi cj4NCiZndDsgJmd0OyBkcmFmdC4gVGhhbmtzIHZlcnkgbXVjaCBmb3IgcG9pbnRpbmcgdGhpcyBv dXQuPGJyPg0KJmd0OyAmZ3Q7IERvdWJ0bGVzcyB3ZSdsbCBoYXZlIGFub3RoZXIgJm5ic3A7cm91 bmQgb2YgaW1wcm92aW5nIHRlcm1pbm9sb2d5Ljxicj4NCiZndDsgJmd0OyA8YnI+DQomZ3Q7ICZn dDsgQWdhaW4sIHRoYW5rcyBzbyBtdWNoIGZvciB5b3VyIGNvbW1lbnRzLjxicj4NCiZndDsgJmd0 OyBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCiZn dDsgJmd0OyBFbXUgbWFpbGluZyBsaXN0PGJyPg0KJmd0OyAmZ3Q7IEVtdUBpZXRmLm9yZzxicj4N CiZndDsgJmd0OyBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2VtdTxicj4N CiZndDsgJmd0OyA8L2ZvbnQ+PC90dD4NCg== --=_alternative 001669C148257A30_=-- From hzhou@cisco.com Mon Jul 9 09:32:59 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9903411E813E; Mon, 9 Jul 2012 09:32:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.55 X-Spam-Level: X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_HI=-8, SARE_SUB_ENC_GB2312=1.345] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FkU06k5kzVZC; Mon, 9 Jul 2012 09:32:58 -0700 (PDT) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id B654711E813B; Mon, 9 Jul 2012 09:32:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=hzhou@cisco.com; l=15428; q=dns/txt; s=iport; t=1341851603; x=1343061203; h=from:to:cc:subject:date:message-id:in-reply-to: mime-version; bh=Oqefg/ScoL4/i8Kwswv8QBi6beSnnpMZtEfEXvKcmnA=; b=FRv9hjHLJ0/e9jR8e0gHoGBC2jMT/SD6VaKzT89NJOeV1VGuV18qiK9m MjEFPO3SHRl3hHHhMnbXRIk6TakCvp7BHr3W1hunC/a0Me4MTQcfE4wz+ yERHCcgWk0OIEoxORQJDWjevhmijOCEKWWgrfBnCm8Yg4yKei4sns9r9K U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ah4FAMwG+0+tJV2Y/2dsb2JhbABFgkqDHIJgrhGBHYEHgiABAQEDAQEBAQ8BWwsFDQEGAhEDAQEBKAUEJQsUBgMIAgQBDQUih2UGC5thjRMIkmEEi0AKhGyBFgOVNo4fgWaBLYEy X-IronPort-AV: E=Sophos;i="4.77,552,1336348800"; d="scan'208,217";a="100054887" Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-2.cisco.com with ESMTP; 09 Jul 2012 16:33:22 +0000 Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id q69GXMWH022292 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 9 Jul 2012 16:33:22 GMT Received: from xmb-rcd-x14.cisco.com ([169.254.4.60]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.02.0298.004; Mon, 9 Jul 2012 11:33:22 -0500 From: "Hao Zhou (hzhou)" To: "zhou.sujing@zte.com.cn" , "Zhangdacheng (Dacheng)" Thread-Topic: =?gb2312?B?tPC4tDogUkU6IFJlOiBbRW11XSBOZXcgZHJhZnQgb24gbXV0dWFsIGNyeXB0?= =?gb2312?Q?o_binding_problem?= Thread-Index: AQHNWMvC80mKQe8PTkS2oWXpBYHWN5cXPceAgAAGSACACfw2AA== Date: Mon, 9 Jul 2012 16:33:21 +0000 Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.2.1.120420 x-originating-ip: [64.101.219.104] x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19028.005 x-tm-as-result: No--37.778100-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: multipart/alternative; boundary="_000_CC207EA6AAD4hzhouciscocom_" MIME-Version: 1.0 Cc: "emu-bounces@ietf.org" , Sam Hartman , "emu@ietf.org" Subject: Re: [Emu] =?gb2312?b?tPC4tDogUkU6IFJlOiAgTmV3IGRyYWZ0IG9uIG11dHVhbCBj?= =?gb2312?b?cnlwdG8gYmluZGluZyBwcm9ibGVt?= X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2012 16:33:00 -0000 --_000_CC207EA6AAD4hzhouciscocom_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 V2UgYXJlIHRhbGtpbmcgYWJvdXQgdGhlIGNhc2Ugb2Ygc2VwYXJhdGlvbiBvZiBvdXRlciBFQVAg bWV0aG9kIGFuZCBpbm5lciBtZXRob2QgKGludGVybWVkaWF0ZSBBQUEgdGVybWluYXRlcyB0aGUg RUFQIHR1bm5lbCBhbmQgaGF2ZSBhIHNlcGFyYXRlIEFBQSBzZXJ2ZXIgZm9yIHRoZSBpbm5lciBt ZXRob2QpLiBTaW5jZSBFTVNLIGZyb20gdGhlIGlubmVyIG1ldGhvZCBuZXZlciBsZWF2ZXMgdGhl IEFBQSBzZXJ2ZXIgd2hlcmUgaXQgaXMgZ2VuZXJhdGVkLCAobm9yIGl0IGlzIGRlc2lnbmVkIHRv IGJlIHRyYW5zcG9ydGVkIG9yIGEgcHJvdG9jb2wgZXhpc3RzIHRvIHRyYW5zcG9ydCB0aGUgRU1T SyBvciBrZXkgZGVyaXZlZCBmcm9tIGl0IGJldHdlZW4gQUFBIHNlcnZlcnMpLCBFTVNLIGJhc2Vk IGNyeXB0by1iaW5kaW5nIHdpbGwgcG90ZW50aWFsbHkgYnJlYWsgdGhpcyB1c2UgY2FzZS4NCg0K DQpGcm9tOiAiemhvdS5zdWppbmdAenRlLmNvbS5jbjxtYWlsdG86emhvdS5zdWppbmdAenRlLmNv bS5jbj4iIDx6aG91LnN1amluZ0B6dGUuY29tLmNuPG1haWx0bzp6aG91LnN1amluZ0B6dGUuY29t LmNuPj4NCkRhdGU6IFR1ZXNkYXksIEp1bHkgMywgMjAxMiAxMjowNCBBTQ0KVG86ICJaaGFuZ2Rh Y2hlbmcgKERhY2hlbmcpIiA8emhhbmdkYWNoZW5nQGh1YXdlaS5jb208bWFpbHRvOnpoYW5nZGFj aGVuZ0BodWF3ZWkuY29tPj4NCkNjOiAiZW11QGlldGYub3JnPG1haWx0bzplbXVAaWV0Zi5vcmc+ IiA8ZW11QGlldGYub3JnPG1haWx0bzplbXVAaWV0Zi5vcmc+PiwgImVtdS1ib3VuY2VzQGlldGYu b3JnPG1haWx0bzplbXUtYm91bmNlc0BpZXRmLm9yZz4iIDxlbXUtYm91bmNlc0BpZXRmLm9yZzxt YWlsdG86ZW11LWJvdW5jZXNAaWV0Zi5vcmc+PiwgU2FtIEhhcnRtYW4gPGhhcnRtYW5zLWlldGZA bWl0LmVkdTxtYWlsdG86aGFydG1hbnMtaWV0ZkBtaXQuZWR1Pj4sIENpc2NvIEVtcGxveWVlIDxo emhvdUBjaXNjby5jb208bWFpbHRvOmh6aG91QGNpc2NvLmNvbT4+DQpTdWJqZWN0OiC08Li0OiBS RTogUmU6IFtFbXVdIE5ldyBkcmFmdCBvbiBtdXR1YWwgY3J5cHRvIGJpbmRpbmcgcHJvYmxlbQ0K DQoNClJlZ2FyZHN+fn4NCg0KLVN1amluZyBaaG91DQoNCiJaaGFuZ2RhY2hlbmcgKERhY2hlbmcp IiA8emhhbmdkYWNoZW5nQGh1YXdlaS5jb208bWFpbHRvOnpoYW5nZGFjaGVuZ0BodWF3ZWkuY29t Pj4g0LTT2iAyMDEyLTA3LTAzIDExOjQxOjQ5Og0KDQo+IEkgdGhpbmsgeW91IHRyeSB0byBhc2sg d2h5IEVTTUsgY2FuIGJlIHVzZWQgdG8gZGV0ZWN0IHRoZSBhdHRhY2tlcnMNCj4gd2hvIHRyeSB0 byBpbXBlcnNvbmF0ZSBvdGhlciBob25lc3Qgc2VydmVycy4NCj4NCj4gVW5saWtlIE1TSywgRU1T SyB3aWxsIG5ldmVyIGJlIHRyYW5zcG9ydGVkIG92ZXIgdGhlIG5ldHdvcmsgYW5kIHRoZW4NCj4g Y2Fubm90IGJlIGFjY2Vzc2VkIGJ5IGF0dGFja2Vycy4gVGhlcmVmb3JlLCBpdCBpcyBwb3NzaWJs ZSBmb3IgYQ0KPiBwZWVyIHRvIHVzZSBFTVNLIHRvIGRldGVjdCBhbiBhdHRhY2tlciB3aG8gdHJp ZXMgdG8gcGVyZm9ybSB0aGUNCj4gYXR0YWNrcyBpbGx1c3RyYXRlZCBpbiB0aGUgZHJhZnQuDQoN ClRoYXQgaXMgd2hhdCBJIHVuZGVyc3RhbmQsIGJ1dCBFTVNLLWJhc2VkIGNyeXB0byBiaW5kaW5n IGNhbiBzdGlsbCBiZSB0cmFuc3BvcnRlZCB0aHJvdWdoIGludGVybWVkaWF0ZSBBQUEgc2VydmVy cw0KYmV0d2VlbiBob21lIEFBQSBzZXJ2ZXIgYW5kIHBlZXIsIHJpZ2h0Pw0Ko8lkb24ndCB1bmRl cnN0YW5kIEhhbyBaaG91J3MgY29uY2VybiBoZXJlLg0KDQo+DQo+IEZyb206IHpob3Uuc3VqaW5n QHp0ZS5jb20uY248bWFpbHRvOnpob3Uuc3VqaW5nQHp0ZS5jb20uY24+IFttYWlsdG86emhvdS5z dWppbmdAenRlLmNvbS5jbl0NCj4gU2VudDogVHVlc2RheSwgSnVseSAwMywgMjAxMiAxMToyNyBB TQ0KPiBUbzogU2FtIEhhcnRtYW4NCj4gQ2M6IGRyYWZ0LWhhcnRtYW4tZW11LW11dHVhbC1jcnlw dG8tYmluZEB0b29scy5pZXRmLm9yZzxtYWlsdG86ZHJhZnQtaGFydG1hbi1lbXUtbXV0dWFsLWNy eXB0by1iaW5kQHRvb2xzLmlldGYub3JnPjsgZW11QGlldGYuDQo+IG9yZzsgZW11LWJvdW5jZXNA aWV0Zi5vcmc8bWFpbHRvOmVtdS1ib3VuY2VzQGlldGYub3JnPjsgU2FtIEhhcnRtYW47IEhhbyBa aG91DQo+IFN1YmplY3Q6ILTwuLQ6IFJlOiBbRW11XSBOZXcgZHJhZnQgb24gbXV0dWFsIGNyeXB0 byBiaW5kaW5nIHByb2JsZW0NCj4NCj4NCj4gSG93IGRvZXMgRU1TSyBicmVhayBpbnRlcm1lZGlh dGUgQUFBIHNlcnZlcnOjvw0KPg0KPiBSZWdhcmRzfn5+DQo+DQo+IC1TdWppbmcgWmhvdQ0KPg0K PiBlbXUtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86ZW11LWJvdW5jZXNAaWV0Zi5vcmc+INC009og MjAxMi0wNi0yOSAwMjoyNTo0NDoNCj4NCj4gPiA+Pj4+PiAiSGFvIiA9PSBIYW8gWmhvdSA8aHpo b3VAY2lzY28uY29tPG1haWx0bzpoemhvdUBjaXNjby5jb20+PiB3cml0ZXM6DQo+ID4NCj4gPiAg ICAgSGFvPiBTYW06DQo+ID4gICAgIEhhbz4gVGhpcyBpcyBhIHdlbGwgdGhvdWdodCBhbmQgd2Vs bCB3cml0dGVuIGRyYWZ0LCBpdCBjb3ZlcnMgYQ0KPiA+IGxvdCBvZiBiYWNrZ3JvdW5kDQo+ID4g ICAgIEhhbz4gYW5kIGFzcGVjdCBvZiB0aGUgYXR0YWNrcyBhbmQgbWl0aWdhdGlvbnMuIEhvd2V2 ZXIsIEkgaGF2ZQ0KPiA+IGZldyBjb21tZW50czoNCj4gPiBUaGFua3MhDQo+ID4NCj4gPiBZb3Ug bGlzdGVkIGEgc2V0IG9mIGRyYXdiYWNrcyB0byBFTVNLLWJhc2VkIGNyeXB0byBiaW5kaW5nLg0K PiA+DQo+ID4gICAgIEhhbz4gQS4gTXV0dWFsIGNyeXB0by1iaW5kaW5nIHJlcXVpcmVkIHRoZSB1 c2Ugb2YgRU1TSywgbm90IGFsbA0KPiA+IGV4aXN0aW5nIEVBUA0KPiA+ICAgICBIYW8+IG1ldGhv ZCBnZW5lcmF0ZSBhbmQgZXhwb3J0IEVNU0suIEl0IHdpbGwgYWxzbyBicmVhaw0KPiBpbnRlcm1l ZGlhdGUgQUFBDQo+ID4gICAgIEhhbz4gc2VydmVycy4gTW9yZSBpbXBvcnRhbnRseSwgaXQgd291 bGQgb25seSB3b3JrIGZvciBhbiBFQVANCj4gbWV0aG9kIHRoYXQNCj4gPiAgICAgSGFvPiBnZW5l cmF0ZXMga2V5cy4gUGFydCBvZiB0aGUgZ29hbCBvZiBUdW5uZWwgTWV0aG9kIGlzIHRvDQo+IHBy b3RlY3Qgd2Vhaw0KPiA+ICAgICBIYW8+IGF1dGhlbnRpY2F0aW9uIG9yIEVBUCBtZXRob2QsIHRo aXMgd291bGQgbm90IGJlbmVmaXRzIHRoZW0uDQo+ID4NCj4gPiBUaGVzZSBkcmF3YmFja3MgdG8g RU1TSy1iYXNlZCBjcnlwdG9ncmFwaGljIGJpbmRpbmcgYXJlIGRvY3VtZW50ZWQ7DQo+ID4gdGhh bmtzLg0KPiA+DQo+ID4gICAgIEhhbz4gRC4gRW5mb3JjaW5nIHNlcnZlciBwb2xpY3kgd291bGQg YmUgYW5vdGhlciBnb29kIHdheSB0byBnbywNCj4gPiBpZiBzZXJ2ZXIgY2FuDQo+ID4gICAgIEhh bz4gZGVtYW5kIHR1bm5lbCBtZXRob2Qgb25seSwgZWxpbWluYXRlIHRoZSBjaGFuY2Ugb2YgaW5u ZXINCj4gPiBtZXRob2QgTVNLIGJlaW5nDQo+ID4gICAgIEhhbz4gc2VudCB0byB0aGUgYXR0YWNr ZXIuDQo+ID4NCj4gPiBBcyBkaXNjdXNzZWQgaW4gdGhlIGRyYWZ0LCB5b3UgYWN0dWFsbHkgbmVl ZCBhIG51bWJlciBvZiBjb25kaXRpb25zDQo+ID4gYmV5b25kIGp1c3QgdGhhdC4NCj4gPiBIb3dl dmVyIEkgYWdyZWUgc2VydmVyIHBvbGljeSBpcyBhbm90aGVyIGltcG9ydGFudCBtaXRpZ2F0aW9u LCB3aGljaCBpcw0KPiA+IHdoeSB0aGUgZHJhZnQgcmVjb21tZW5kcyBpdC4NCj4gPg0KPiA+ICAg ICBIYW8+IDIuIEkgYW0gbm90IHN1cmUgIk11dHVhbCBDcnlwdG8tYmluZGluZyIgaXMgYSBnb29k IHRlcm0sIGFzDQo+ID4gdGhlIGV4aXN0aW5nDQo+ID4gICAgIEhhbz4gY3J5cHRvLWJpbmRpbmcg aXMgYWxyZWFkeSBtdXR1YWxseSBhdXRoZW50aWNhdGluZyB0aGUgcGVlcg0KPiA+IGFuZCB0aGUg c2VydmVyLg0KPiA+ICAgICBIYW8+IE1heWJlIG1vcmUgYWNjdXJhdGUgdG8gYmUgY2FsbGVkICJD cnlwdG8tYmluZGluZyBiYXNlZCBvbg0KPiA+IEVNU0siIG9yICJFeHRlbmRlZA0KPiA+ICAgICBI YW8+IENyeXB0by1iaW5kaW5nIiBldGMuDQo+ID4NCj4gPiBJIHRoaW5rIG9mIG11dHVhbCBjcnlw dG9ncmFwaGljIGJpbmRpbmcgYXMgY3J5cHRvIGJpbmRpbmcgdGhhdCBwcm92aWRlcw0KPiA+IGRl ZmVuc2UgYWdhaW5zdCB0aGVzZSBzb3J0IG9mIGF0dGFja3MgKGFuZCBwZXJzb25hbGx5IGRvbid0 IGNvbnNpZGVyDQo+ID4gZXhpc3RpbmcgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRvIHJlYWxseSBx dWFsaWZ5IGFzICJtdXR1YWwiLikNCj4gPiBJIHRoaW5rIHRob3VnaCB0aGF0IGRlc2NyaWJpbmcg dGhpcyBuZXcgbWVjaGFuaXNtIGFzIEVNU0stYmFzZWQNCj4gPiBjcnlwdG9ncmFwaGljIGJpbmRp bmcgaXMgZ29vZC4gV2UgbWF5IGhhdmUgb3RoZXIgbWVjaGFuaXNtcyB0aGF0IG1lZXQNCj4gPiB0 aGUgc2VjdXJpdHkgZ29hbHMgb2YgbXV0dWFsIGNyeXB0b2dyYXBoaWMgYmluZGluZyBhbmQgaXQg aXMgYWx3YXlzDQo+ID4gZGVzaXJhYmxlIHRvIHNlcGFyYXRlIG1lY2hhbmlzbSBmcm9tIGFic3Ry YWN0aW9uLg0KPiA+IEkndmUgdHJpZWQgdG8gc3RhcnQgdGhhdCB0cmFuc2l0aW9uIGluIHRoZSBu ZXh0IHZlcnNpb24gb2YgdGhlDQo+ID4gZHJhZnQuIFRoYW5rcyB2ZXJ5IG11Y2ggZm9yIHBvaW50 aW5nIHRoaXMgb3V0Lg0KPiA+IERvdWJ0bGVzcyB3ZSdsbCBoYXZlIGFub3RoZXIgIHJvdW5kIG9m IGltcHJvdmluZyB0ZXJtaW5vbG9neS4NCj4gPg0KPiA+IEFnYWluLCB0aGFua3Mgc28gbXVjaCBm b3IgeW91ciBjb21tZW50cy4NCj4gPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXw0KPiA+IEVtdSBtYWlsaW5nIGxpc3QNCj4gPiBFbXVAaWV0Zi5vcmc8bWFp bHRvOkVtdUBpZXRmLm9yZz4NCj4gPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL2VtdQ0KPiA+DQo= --_000_CC207EA6AAD4hzhouciscocom_ Content-Type: text/html; charset="gb2312" Content-ID: <1F2565699C5EE74A898026795869926F@cisco.com> Content-Transfer-Encoding: quoted-printable
We are t= alking about the case of separation of outer EAP method and inner method (i= ntermediate AAA terminates the EAP tunnel and have a separate AAA server fo= r the inner method). Since EMSK from the inner method never leaves the AAA server where it is generated, (nor i= t is designed to be transported or a protocol exists to transport the EMSK = or key derived from it between AAA servers), EMSK based crypto-binding will= potentially break this use case.


From: "zhou.sujing@zte.com.cn" <zhou.sujing@zte.com.cn>
Date: Tuesday, July 3, 2012 12:04 A= M
To: "Zhangdacheng (Dacheng)&qu= ot; <zhangdacheng@huawei.com<= /a>>
Cc: "emu@ietf.org" <emu@ietf.= org>, "emu-bounces@ietf= .org" <emu-bounces@ietf= .org>, Sam Hartman <hartmans-ietf@mit= .edu>, Cisco Employee <hzhou@c= isco.com>
Subject: =B4=F0=B8=B4: RE: Re: [Emu= ] New draft on mutual crypto binding problem


Regards~~~

-Sujing Zhou

"Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com> =D0=B4=D3=DA 20= 12-07-03 11:41:49:

> I think you try to ask why ESMK can be used to detect the attackers > who try to impersonate other honest servers.
>  
> Unlike MSK, EMSK will never be transported over t= he network and then
> cannot be accessed by attackers. Therefore, it is possible for a
> peer to use EMSK to detect an attacker who tries to perform the
> attacks illustrated in the draft.

That is what I understand, but EMSK-based crypto bindi= ng can still be transported through intermediate AAA servers
between home AAA server and peer, right? <= br> =A3=C9don't understand Hao Zhou's concern here.=

>  
> From: z= hou.sujing@zte.com.cn [mailto= :zhou.sujing@zte.com.cn]
> Sent: Tuesday, July 03, 2012 11:27 AM
> To: Sam Hartman
> Cc: draft-hartman-emu-mutual-crypto-bind@tools.ietf.org; emu@ietf.
> org; emu-bounces@ietf.org;= Sam Hartman; Hao Zhou
> Subject: =B4=F0=B8=B4: Re: [Emu] New draft on mutual crypto binding pr= oblem
>  
>
> How does EMSK break intermediate AAA servers=A3=BF
>
> Regards~~~
>
> -Sujing Zhou
>
> emu-bounces@ietf.org =D0= =B4=D3=DA 2012-06-29 02:25:44:
>
> > >>>>> "Hao" =3D=3D Hao Zhou <hzhou@cisco.com> writes:
> >
> >     Hao> Sam:
> >     Hao> This is a well thought and well written dra= ft, it covers a
> > lot of background
> >     Hao> and aspect of the attacks and mitigations. = However, I have
> > few comments:
> > Thanks!
> >
> > You listed a set of drawbacks to EMSK-based crypto binding.
> >
> >     Hao> A. Mutual crypto-binding required the use o= f EMSK, not all
> > existing EAP
> >     Hao> method generate and export EMSK. It will al= so break
> intermediate AAA
> >     Hao> servers. More importantly, it would only wo= rk for an EAP
> method that
> >     Hao> generates keys. Part of the goal of Tunnel = Method is to
> protect weak
> >     Hao> authentication or EAP method, this would no= t benefits them.
> >
> > These drawbacks to EMSK-based cryptographic binding are documente= d;
> > thanks.
> >
> >     Hao> D. Enforcing server policy would be another= good way to go,
> > if server can
> >     Hao> demand tunnel method only, eliminate the ch= ance of inner
> > method MSK being
> >     Hao> sent to the attacker.
> >
> > As discussed in the draft, you actually need a number of conditio= ns
> > beyond just that.
> > However I agree server policy is another important mitigation, wh= ich is
> > why the draft recommends it.
> >
> >     Hao> 2. I am not sure "Mutual Crypto-bindin= g" is a good term, as
> > the existing
> >     Hao> crypto-binding is already mutually authenti= cating the peer
> > and the server.
> >     Hao> Maybe more accurate to be called "Cryp= to-binding based on
> > EMSK" or "Extended
> >     Hao> Crypto-binding" etc.
> >
> > I think of mutual cryptographic binding as crypto binding that pr= ovides
> > defense against these sort of attacks (and personally don't consi= der
> > existing cryptographic binding to really qualify as "mutual&= quot;.)
> > I think though that describing this new mechanism as EMSK-based > > cryptographic binding is good. We may have other mechanisms that = meet
> > the security goals of mutual cryptographic binding and it is alwa= ys
> > desirable to separate mechanism from abstraction.
> > I've tried to start that transition in the next version of the > > draft. Thanks very much for pointing this out.
> > Doubtless we'll have another  round of improving terminology= .
> >
> > Again, thanks so much for your comments.
> > _______________________________________________
> > Emu mailing list
> > Emu@ietf.org
> > https://www= .ietf.org/mailman/listinfo/emu
> >
--_000_CC207EA6AAD4hzhouciscocom_-- From zhou.sujing@zte.com.cn Mon Jul 9 19:57:30 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0504121F8611; Mon, 9 Jul 2012 19:57:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -93.325 X-Spam-Level: X-Spam-Status: No, score=-93.325 tagged_above=-999 required=5 tests=[AWL=-0.535, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d-zfoAApVlC7; Mon, 9 Jul 2012 19:57:29 -0700 (PDT) Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 4BF0321F8573; Mon, 9 Jul 2012 19:57:28 -0700 (PDT) Received: from [10.30.17.100] by mx5.zte.com.cn with surfront esmtp id 286202676637534; Tue, 10 Jul 2012 10:50:57 +0800 (CST) Received: from [10.30.3.20] by [192.168.168.16] with StormMail ESMTP id 45675.5431455923; Tue, 10 Jul 2012 10:57:43 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id q6A2vZri046052; Tue, 10 Jul 2012 10:57:35 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn) In-Reply-To: To: "Hao Zhou (hzhou)" MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007 Message-ID: From: zhou.sujing@zte.com.cn Date: Tue, 10 Jul 2012 10:57:34 +0800 X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-07-10 10:57:36, Serialize complete at 2012-07-10 10:57:36 Content-Type: multipart/alternative; boundary="=_alternative 00104E1348257A37_=" X-MAIL: mse01.zte.com.cn q6A2vZri046052 Cc: "emu-bounces@ietf.org" , Sam Hartman , "emu@ietf.org" Subject: [Emu] =?gb2312?b?tPC4tDogUmU6ILTwuLQ6IFJFOiBSZTogIE5ldyBkcmFmdCBv?= =?gb2312?b?biBtdXR1YWwgY3J5cHRvIGJpbmRpbmcgcHJvYmxlbQ==?= X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 02:57:30 -0000 This is a multipart message in MIME format. --=_alternative 00104E1348257A37_= Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: base64 UmVnYXJkc35+fg0KDQotU3VqaW5nIFpob3UNCg0KIkhhbyBaaG91IChoemhvdSkiIDxoemhvdUBj aXNjby5jb20+INC009ogMjAxMi0wNy0xMCAwMDozMzoyMToNCg0KPiBXZSBhcmUgdGFsa2luZyBh Ym91dCB0aGUgY2FzZSBvZiBzZXBhcmF0aW9uIG9mIG91dGVyIEVBUCBtZXRob2QgYW5kIA0KPiBp bm5lciBtZXRob2QgKGludGVybWVkaWF0ZSBBQUEgdGVybWluYXRlcyB0aGUgRUFQIHR1bm5lbCBh bmQgaGF2ZSBhIA0KPiBzZXBhcmF0ZSBBQUEgc2VydmVyIGZvciB0aGUgaW5uZXIgbWV0aG9kKS4g U2luY2UgRU1TSyBmcm9tIHRoZSBpbm5lcg0KPiBtZXRob2QgbmV2ZXIgbGVhdmVzIHRoZSBBQUEg c2VydmVyIHdoZXJlIGl0IGlzIGdlbmVyYXRlZCwgKG5vciBpdCBpcw0KPiBkZXNpZ25lZCB0byBi ZSB0cmFuc3BvcnRlZCBvciBhIHByb3RvY29sIGV4aXN0cyB0byB0cmFuc3BvcnQgdGhlIA0KPiBF TVNLIG9yIGtleSBkZXJpdmVkIGZyb20gaXQgYmV0d2VlbiBBQUEgc2VydmVycyksIEVNU0sgYmFz ZWQgY3J5cHRvLQ0KPiBiaW5kaW5nIHdpbGwgcG90ZW50aWFsbHkgYnJlYWsgdGhpcyB1c2UgY2Fz ZS4NCldlbGyjrGluIHRoaXMgY2FzZSB3aGVyZSB0dW5uZWwgc2VydmVyIGFuZCBFQVAgYXV0aGVu dGljYXRpb24gc2VydmVyIGFyZSANCnNlcGFyYXRlZCwNCmFuZCBpdCBpcyByZXF1aXJlZCB0byBj b21iaW5lIFRLIGFuZCBFTVNLIHRvZ2V0aGVyLCBjYW5uJ3QgaXQgDQpyZXNvbHZlZCBieSBlaXRo ZXIgc3BlY2lmeWluZyBob3cgdG8gdHJhbnNwb3J0IEVNU0sgdG8gYW5vdGhlciBBQUEgb3IgDQpz cGVjaWZ5aW5nICBob3cgdG8gdHJhbnNwb3J0IFRLIHRvIGFub3RoZXIgQUFBPw0KDQoNCg0KPiAN Cj4gRnJvbTogInpob3Uuc3VqaW5nQHp0ZS5jb20uY24iIDx6aG91LnN1amluZ0B6dGUuY29tLmNu Pg0KPiBEYXRlOiBUdWVzZGF5LCBKdWx5IDMsIDIwMTIgMTI6MDQgQU0NCj4gVG86ICJaaGFuZ2Rh Y2hlbmcgKERhY2hlbmcpIiA8emhhbmdkYWNoZW5nQGh1YXdlaS5jb20+DQo+IENjOiAiZW11QGll dGYub3JnIiA8ZW11QGlldGYub3JnPiwgImVtdS1ib3VuY2VzQGlldGYub3JnIiA8ZW11LQ0KPiBi b3VuY2VzQGlldGYub3JnPiwgU2FtIEhhcnRtYW4gPGhhcnRtYW5zLWlldGZAbWl0LmVkdT4sIENp c2NvIEVtcGxveWVlIDwNCj4gaHpob3VAY2lzY28uY29tPg0KPiBTdWJqZWN0OiC08Li0OiBSRTog UmU6IFtFbXVdIE5ldyBkcmFmdCBvbiBtdXR1YWwgY3J5cHRvIGJpbmRpbmcgcHJvYmxlbQ0KPiAN Cj4gDQo+IFJlZ2FyZHN+fn4NCj4gDQo+IC1TdWppbmcgWmhvdSANCj4gDQo+ICJaaGFuZ2RhY2hl bmcgKERhY2hlbmcpIiA8emhhbmdkYWNoZW5nQGh1YXdlaS5jb20+INC009ogMjAxMi0wNy0wMyAN CjExOjQxOjQ5Og0KPiANCj4gPiBJIHRoaW5rIHlvdSB0cnkgdG8gYXNrIHdoeSBFU01LIGNhbiBi ZSB1c2VkIHRvIGRldGVjdCB0aGUgYXR0YWNrZXJzIA0KPiA+IHdobyB0cnkgdG8gaW1wZXJzb25h dGUgb3RoZXIgaG9uZXN0IHNlcnZlcnMuIA0KPiA+IA0KPiA+IFVubGlrZSBNU0ssIEVNU0sgd2ls bCBuZXZlciBiZSB0cmFuc3BvcnRlZCBvdmVyIHRoZSBuZXR3b3JrIGFuZCB0aGVuDQo+ID4gY2Fu bm90IGJlIGFjY2Vzc2VkIGJ5IGF0dGFja2Vycy4gVGhlcmVmb3JlLCBpdCBpcyBwb3NzaWJsZSBm b3IgYSANCj4gPiBwZWVyIHRvIHVzZSBFTVNLIHRvIGRldGVjdCBhbiBhdHRhY2tlciB3aG8gdHJp ZXMgdG8gcGVyZm9ybSB0aGUgDQo+ID4gYXR0YWNrcyBpbGx1c3RyYXRlZCBpbiB0aGUgZHJhZnQu IA0KPiANCj4gVGhhdCBpcyB3aGF0IEkgdW5kZXJzdGFuZCwgYnV0IEVNU0stYmFzZWQgY3J5cHRv IGJpbmRpbmcgY2FuIHN0aWxsIA0KPiBiZSB0cmFuc3BvcnRlZCB0aHJvdWdoIGludGVybWVkaWF0 ZSBBQUEgc2VydmVycyANCj4gYmV0d2VlbiBob21lIEFBQSBzZXJ2ZXIgYW5kIHBlZXIsIHJpZ2h0 PyANCj4go8lkb24ndCB1bmRlcnN0YW5kIEhhbyBaaG91J3MgY29uY2VybiBoZXJlLiANCj4gDQo+ ID4gDQo+ID4gRnJvbTogemhvdS5zdWppbmdAenRlLmNvbS5jbiBbbWFpbHRvOnpob3Uuc3VqaW5n QHp0ZS5jb20uY25dIA0KPiA+IFNlbnQ6IFR1ZXNkYXksIEp1bHkgMDMsIDIwMTIgMTE6MjcgQU0N Cj4gPiBUbzogU2FtIEhhcnRtYW4NCj4gPiBDYzogZHJhZnQtaGFydG1hbi1lbXUtbXV0dWFsLWNy eXB0by1iaW5kQHRvb2xzLmlldGYub3JnOyBlbXVAaWV0Zi4NCj4gPiBvcmc7IGVtdS1ib3VuY2Vz QGlldGYub3JnOyBTYW0gSGFydG1hbjsgSGFvIFpob3UNCj4gPiBTdWJqZWN0OiC08Li0OiBSZTog W0VtdV0gTmV3IGRyYWZ0IG9uIG11dHVhbCBjcnlwdG8gYmluZGluZyBwcm9ibGVtIA0KPiA+IA0K PiA+IA0KPiA+IEhvdyBkb2VzIEVNU0sgYnJlYWsgaW50ZXJtZWRpYXRlIEFBQSBzZXJ2ZXJzo78g DQo+ID4gDQo+ID4gUmVnYXJkc35+fg0KPiA+IA0KPiA+IC1TdWppbmcgWmhvdSANCj4gPiANCj4g PiBlbXUtYm91bmNlc0BpZXRmLm9yZyDQtNPaIDIwMTItMDYtMjkgMDI6MjU6NDQ6DQo+ID4gDQo+ ID4gPiA+Pj4+PiAiSGFvIiA9PSBIYW8gWmhvdSA8aHpob3VAY2lzY28uY29tPiB3cml0ZXM6DQo+ ID4gPiANCj4gPiA+ICAgICBIYW8+IFNhbToNCj4gPiA+ICAgICBIYW8+IFRoaXMgaXMgYSB3ZWxs IHRob3VnaHQgYW5kIHdlbGwgd3JpdHRlbiBkcmFmdCwgaXQgY292ZXJzIGEgDQo+ID4gPiBsb3Qg b2YgYmFja2dyb3VuZA0KPiA+ID4gICAgIEhhbz4gYW5kIGFzcGVjdCBvZiB0aGUgYXR0YWNrcyBh bmQgbWl0aWdhdGlvbnMuIEhvd2V2ZXIsIEkgaGF2ZSANCj4gPiA+IGZldyBjb21tZW50czoNCj4g PiA+IFRoYW5rcyENCj4gPiA+IA0KPiA+ID4gWW91IGxpc3RlZCBhIHNldCBvZiBkcmF3YmFja3Mg dG8gRU1TSy1iYXNlZCBjcnlwdG8gYmluZGluZy4NCj4gPiA+IA0KPiA+ID4gICAgIEhhbz4gQS4g TXV0dWFsIGNyeXB0by1iaW5kaW5nIHJlcXVpcmVkIHRoZSB1c2Ugb2YgRU1TSywgbm90IGFsbCAN Cj4gPiA+IGV4aXN0aW5nIEVBUA0KPiA+ID4gICAgIEhhbz4gbWV0aG9kIGdlbmVyYXRlIGFuZCBl eHBvcnQgRU1TSy4gSXQgd2lsbCBhbHNvIGJyZWFrIA0KPiA+IGludGVybWVkaWF0ZSBBQUENCj4g PiA+ICAgICBIYW8+IHNlcnZlcnMuIE1vcmUgaW1wb3J0YW50bHksIGl0IHdvdWxkIG9ubHkgd29y ayBmb3IgYW4gRUFQIA0KPiA+IG1ldGhvZCB0aGF0DQo+ID4gPiAgICAgSGFvPiBnZW5lcmF0ZXMg a2V5cy4gUGFydCBvZiB0aGUgZ29hbCBvZiBUdW5uZWwgTWV0aG9kIGlzIHRvIA0KPiA+IHByb3Rl Y3Qgd2Vhaw0KPiA+ID4gICAgIEhhbz4gYXV0aGVudGljYXRpb24gb3IgRUFQIG1ldGhvZCwgdGhp cyB3b3VsZCBub3QgYmVuZWZpdHMgdGhlbS4NCj4gPiA+IA0KPiA+ID4gVGhlc2UgZHJhd2JhY2tz IHRvIEVNU0stYmFzZWQgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIGFyZSBkb2N1bWVudGVkOw0KPiA+ ID4gdGhhbmtzLg0KPiA+ID4gDQo+ID4gPiAgICAgSGFvPiBELiBFbmZvcmNpbmcgc2VydmVyIHBv bGljeSB3b3VsZCBiZSBhbm90aGVyIGdvb2Qgd2F5IHRvIGdvLA0KPiA+ID4gaWYgc2VydmVyIGNh bg0KPiA+ID4gICAgIEhhbz4gZGVtYW5kIHR1bm5lbCBtZXRob2Qgb25seSwgZWxpbWluYXRlIHRo ZSBjaGFuY2Ugb2YgaW5uZXIgDQo+ID4gPiBtZXRob2QgTVNLIGJlaW5nDQo+ID4gPiAgICAgSGFv PiBzZW50IHRvIHRoZSBhdHRhY2tlci4NCj4gPiA+IA0KPiA+ID4gQXMgZGlzY3Vzc2VkIGluIHRo ZSBkcmFmdCwgeW91IGFjdHVhbGx5IG5lZWQgYSBudW1iZXIgb2YgY29uZGl0aW9ucw0KPiA+ID4g YmV5b25kIGp1c3QgdGhhdC4NCj4gPiA+IEhvd2V2ZXIgSSBhZ3JlZSBzZXJ2ZXIgcG9saWN5IGlz IGFub3RoZXIgaW1wb3J0YW50IG1pdGlnYXRpb24sIHdoaWNoIA0KaXMNCj4gPiA+IHdoeSB0aGUg ZHJhZnQgcmVjb21tZW5kcyBpdC4NCj4gPiA+IA0KPiA+ID4gICAgIEhhbz4gMi4gSSBhbSBub3Qg c3VyZSAiTXV0dWFsIENyeXB0by1iaW5kaW5nIiBpcyBhIGdvb2QgdGVybSwgYXMNCj4gPiA+IHRo ZSBleGlzdGluZw0KPiA+ID4gICAgIEhhbz4gY3J5cHRvLWJpbmRpbmcgaXMgYWxyZWFkeSBtdXR1 YWxseSBhdXRoZW50aWNhdGluZyB0aGUgcGVlciANCj4gPiA+IGFuZCB0aGUgc2VydmVyLg0KPiA+ ID4gICAgIEhhbz4gTWF5YmUgbW9yZSBhY2N1cmF0ZSB0byBiZSBjYWxsZWQgIkNyeXB0by1iaW5k aW5nIGJhc2VkIG9uIA0KPiA+ID4gRU1TSyIgb3IgIkV4dGVuZGVkDQo+ID4gPiAgICAgSGFvPiBD cnlwdG8tYmluZGluZyIgZXRjLg0KPiA+ID4gDQo+ID4gPiBJIHRoaW5rIG9mIG11dHVhbCBjcnlw dG9ncmFwaGljIGJpbmRpbmcgYXMgY3J5cHRvIGJpbmRpbmcgdGhhdCANCnByb3ZpZGVzDQo+ID4g PiBkZWZlbnNlIGFnYWluc3QgdGhlc2Ugc29ydCBvZiBhdHRhY2tzIChhbmQgcGVyc29uYWxseSBk b24ndCBjb25zaWRlcg0KPiA+ID4gZXhpc3RpbmcgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRvIHJl YWxseSBxdWFsaWZ5IGFzICJtdXR1YWwiLikNCj4gPiA+IEkgdGhpbmsgdGhvdWdoIHRoYXQgZGVz Y3JpYmluZyB0aGlzIG5ldyBtZWNoYW5pc20gYXMgRU1TSy1iYXNlZA0KPiA+ID4gY3J5cHRvZ3Jh cGhpYyBiaW5kaW5nIGlzIGdvb2QuIFdlIG1heSBoYXZlIG90aGVyIG1lY2hhbmlzbXMgdGhhdCAN Cm1lZXQNCj4gPiA+IHRoZSBzZWN1cml0eSBnb2FscyBvZiBtdXR1YWwgY3J5cHRvZ3JhcGhpYyBi aW5kaW5nIGFuZCBpdCBpcyBhbHdheXMNCj4gPiA+IGRlc2lyYWJsZSB0byBzZXBhcmF0ZSBtZWNo YW5pc20gZnJvbSBhYnN0cmFjdGlvbi4NCj4gPiA+IEkndmUgdHJpZWQgdG8gc3RhcnQgdGhhdCB0 cmFuc2l0aW9uIGluIHRoZSBuZXh0IHZlcnNpb24gb2YgdGhlDQo+ID4gPiBkcmFmdC4gVGhhbmtz IHZlcnkgbXVjaCBmb3IgcG9pbnRpbmcgdGhpcyBvdXQuDQo+ID4gPiBEb3VidGxlc3Mgd2UnbGwg aGF2ZSBhbm90aGVyICByb3VuZCBvZiBpbXByb3ZpbmcgdGVybWlub2xvZ3kuDQo+ID4gPiANCj4g PiA+IEFnYWluLCB0aGFua3Mgc28gbXVjaCBmb3IgeW91ciBjb21tZW50cy4NCj4gPiA+IF9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+ID4gPiBFbXUgbWFp bGluZyBsaXN0DQo+ID4gPiBFbXVAaWV0Zi5vcmcNCj4gPiA+IGh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vZW11DQo+ID4gPiANCg== --=_alternative 00104E1348257A37_= Content-Type: text/html; charset="GB2312" Content-Transfer-Encoding: base64 DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPlJlZ2FyZHN+fn48YnI+DQo8YnI+ DQotU3VqaW5nIFpob3U8L2ZvbnQ+DQo8YnI+DQo8YnI+PHR0Pjxmb250IHNpemU9Mj4mcXVvdDtI YW8gWmhvdSAoaHpob3UpJnF1b3Q7ICZsdDtoemhvdUBjaXNjby5jb20mZ3Q7DQrQtNPaIDIwMTIt MDctMTAgMDA6MzM6MjE6PGJyPg0KPGJyPg0KJmd0OyBXZSBhcmUgdGFsa2luZyBhYm91dCB0aGUg Y2FzZSBvZiBzZXBhcmF0aW9uIG9mIG91dGVyIEVBUCBtZXRob2QgYW5kDQo8YnI+DQomZ3Q7IGlu bmVyIG1ldGhvZCAoaW50ZXJtZWRpYXRlIEFBQSB0ZXJtaW5hdGVzIHRoZSBFQVAgdHVubmVsIGFu ZCBoYXZlDQphIDxicj4NCiZndDsgc2VwYXJhdGUgQUFBIHNlcnZlciBmb3IgdGhlIGlubmVyIG1l dGhvZCkuIFNpbmNlIEVNU0sgZnJvbSB0aGUgaW5uZXI8YnI+DQomZ3Q7IG1ldGhvZCBuZXZlciBs ZWF2ZXMgdGhlIEFBQSBzZXJ2ZXIgd2hlcmUgaXQgaXMgZ2VuZXJhdGVkLCAobm9yIGl0DQppczxi cj4NCiZndDsgZGVzaWduZWQgdG8gYmUgdHJhbnNwb3J0ZWQgb3IgYSBwcm90b2NvbCBleGlzdHMg dG8gdHJhbnNwb3J0IHRoZSA8YnI+DQomZ3Q7IEVNU0sgb3Iga2V5IGRlcml2ZWQgZnJvbSBpdCBi ZXR3ZWVuIEFBQSBzZXJ2ZXJzKSwgRU1TSyBiYXNlZCBjcnlwdG8tPGJyPg0KJmd0OyBiaW5kaW5n IHdpbGwgcG90ZW50aWFsbHkgYnJlYWsgdGhpcyB1c2UgY2FzZS48L2ZvbnQ+PC90dD4NCjxicj48 dHQ+PGZvbnQgc2l6ZT0yPldlbGyjrGluIHRoaXMgY2FzZSB3aGVyZSB0dW5uZWwgc2VydmVyIGFu ZCBFQVAgYXV0aGVudGljYXRpb24NCnNlcnZlciBhcmUgc2VwYXJhdGVkLDwvZm9udD48L3R0Pg0K PGJyPjx0dD48Zm9udCBzaXplPTI+YW5kIGl0IGlzIHJlcXVpcmVkIHRvIGNvbWJpbmUgVEsgYW5k IEVNU0sgdG9nZXRoZXIsDQpjYW5uJ3QgaXQgPC9mb250PjwvdHQ+DQo8YnI+PHR0Pjxmb250IHNp emU9Mj5yZXNvbHZlZCBieSBlaXRoZXIgc3BlY2lmeWluZyBob3cgdG8gdHJhbnNwb3J0IEVNU0sN CnRvIGFub3RoZXIgQUFBIG9yIDwvZm9udD48L3R0Pg0KPGJyPjx0dD48Zm9udCBzaXplPTI+c3Bl Y2lmeWluZyAmbmJzcDtob3cgdG8gdHJhbnNwb3J0IFRLIHRvIGFub3RoZXIgQUFBPzwvZm9udD48 L3R0Pg0KPGJyPg0KPGJyPg0KPGJyPg0KPGJyPjx0dD48Zm9udCBzaXplPTI+Jmd0OyA8YnI+DQom Z3Q7IEZyb206ICZxdW90O3pob3Uuc3VqaW5nQHp0ZS5jb20uY24mcXVvdDsgJmx0O3pob3Uuc3Vq aW5nQHp0ZS5jb20uY24mZ3Q7PGJyPg0KJmd0OyBEYXRlOiBUdWVzZGF5LCBKdWx5IDMsIDIwMTIg MTI6MDQgQU08YnI+DQomZ3Q7IFRvOiAmcXVvdDtaaGFuZ2RhY2hlbmcgKERhY2hlbmcpJnF1b3Q7 ICZsdDt6aGFuZ2RhY2hlbmdAaHVhd2VpLmNvbSZndDs8YnI+DQomZ3Q7IENjOiAmcXVvdDtlbXVA aWV0Zi5vcmcmcXVvdDsgJmx0O2VtdUBpZXRmLm9yZyZndDssICZxdW90O2VtdS1ib3VuY2VzQGll dGYub3JnJnF1b3Q7DQombHQ7ZW11LTxicj4NCiZndDsgYm91bmNlc0BpZXRmLm9yZyZndDssIFNh bSBIYXJ0bWFuICZsdDtoYXJ0bWFucy1pZXRmQG1pdC5lZHUmZ3Q7LCBDaXNjbw0KRW1wbG95ZWUg Jmx0Ozxicj4NCiZndDsgaHpob3VAY2lzY28uY29tJmd0Ozxicj4NCiZndDsgU3ViamVjdDogtPC4 tDogUkU6IFJlOiBbRW11XSBOZXcgZHJhZnQgb24gbXV0dWFsIGNyeXB0byBiaW5kaW5nDQpwcm9i bGVtPC9mb250PjwvdHQ+DQo8YnI+PHR0Pjxmb250IHNpemU9Mj4mZ3Q7IDxicj4NCiZndDsgPGJy Pg0KJmd0OyBSZWdhcmRzfn5+PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IC1TdWppbmcgWmhvdSA8YnI+ DQomZ3Q7IDxicj4NCiZndDsgJnF1b3Q7WmhhbmdkYWNoZW5nIChEYWNoZW5nKSZxdW90OyAmbHQ7 emhhbmdkYWNoZW5nQGh1YXdlaS5jb20mZ3Q7DQrQtNPaIDIwMTItMDctMDMgMTE6NDE6NDk6PGJy Pg0KJmd0OyA8YnI+DQomZ3Q7ICZndDsgSSB0aGluayB5b3UgdHJ5IHRvIGFzayB3aHkgRVNNSyBj YW4gYmUgdXNlZCB0byBkZXRlY3QgdGhlIGF0dGFja2Vycw0KPGJyPg0KJmd0OyAmZ3Q7IHdobyB0 cnkgdG8gaW1wZXJzb25hdGUgb3RoZXIgaG9uZXN0IHNlcnZlcnMuIDxicj4NCiZndDsgJmd0OyAm bmJzcDsgPGJyPg0KJmd0OyAmZ3Q7IFVubGlrZSBNU0ssIEVNU0sgd2lsbCBuZXZlciBiZSB0cmFu c3BvcnRlZCBvdmVyIHRoZSBuZXR3b3JrIGFuZA0KdGhlbjxicj4NCiZndDsgJmd0OyBjYW5ub3Qg YmUgYWNjZXNzZWQgYnkgYXR0YWNrZXJzLiBUaGVyZWZvcmUsIGl0IGlzIHBvc3NpYmxlIGZvcg0K YSA8YnI+DQomZ3Q7ICZndDsgcGVlciB0byB1c2UgRU1TSyB0byBkZXRlY3QgYW4gYXR0YWNrZXIg d2hvIHRyaWVzIHRvIHBlcmZvcm0gdGhlDQo8YnI+DQomZ3Q7ICZndDsgYXR0YWNrcyBpbGx1c3Ry YXRlZCBpbiB0aGUgZHJhZnQuIDxicj4NCiZndDsgPGJyPg0KJmd0OyBUaGF0IGlzIHdoYXQgSSB1 bmRlcnN0YW5kLCBidXQgRU1TSy1iYXNlZCBjcnlwdG8gYmluZGluZyBjYW4gc3RpbGwNCjxicj4N CiZndDsgYmUgdHJhbnNwb3J0ZWQgdGhyb3VnaCBpbnRlcm1lZGlhdGUgQUFBIHNlcnZlcnMgPGJy Pg0KJmd0OyBiZXR3ZWVuIGhvbWUgQUFBIHNlcnZlciBhbmQgcGVlciwgcmlnaHQ/IDxicj4NCiZn dDsgo8lkb24ndCB1bmRlcnN0YW5kIEhhbyBaaG91J3MgY29uY2VybiBoZXJlLiA8YnI+DQomZ3Q7 IDxicj4NCiZndDsgJmd0OyAmbmJzcDsgPGJyPg0KJmd0OyAmZ3Q7IEZyb206IHpob3Uuc3VqaW5n QHp0ZS5jb20uY24gW21haWx0bzp6aG91LnN1amluZ0B6dGUuY29tLmNuXQ0KPGJyPg0KJmd0OyAm Z3Q7IFNlbnQ6IFR1ZXNkYXksIEp1bHkgMDMsIDIwMTIgMTE6MjcgQU08YnI+DQomZ3Q7ICZndDsg VG86IFNhbSBIYXJ0bWFuPGJyPg0KJmd0OyAmZ3Q7IENjOiBkcmFmdC1oYXJ0bWFuLWVtdS1tdXR1 YWwtY3J5cHRvLWJpbmRAdG9vbHMuaWV0Zi5vcmc7IGVtdUBpZXRmLjxicj4NCiZndDsgJmd0OyBv cmc7IGVtdS1ib3VuY2VzQGlldGYub3JnOyBTYW0gSGFydG1hbjsgSGFvIFpob3U8YnI+DQomZ3Q7 ICZndDsgU3ViamVjdDogtPC4tDogUmU6IFtFbXVdIE5ldyBkcmFmdCBvbiBtdXR1YWwgY3J5cHRv IGJpbmRpbmcNCnByb2JsZW0gPGJyPg0KJmd0OyAmZ3Q7ICZuYnNwOyA8YnI+DQomZ3Q7ICZndDsg PGJyPg0KJmd0OyAmZ3Q7IEhvdyBkb2VzIEVNU0sgYnJlYWsgaW50ZXJtZWRpYXRlIEFBQSBzZXJ2 ZXJzo78gPGJyPg0KJmd0OyAmZ3Q7IDxicj4NCiZndDsgJmd0OyBSZWdhcmRzfn5+PGJyPg0KJmd0 OyAmZ3Q7IDxicj4NCiZndDsgJmd0OyAtU3VqaW5nIFpob3UgPGJyPg0KJmd0OyAmZ3Q7IDxicj4N CiZndDsgJmd0OyBlbXUtYm91bmNlc0BpZXRmLm9yZyDQtNPaIDIwMTItMDYtMjkgMDI6MjU6NDQ6 PGJyPg0KJmd0OyAmZ3Q7IDxicj4NCiZndDsgJmd0OyAmZ3Q7ICZndDsmZ3Q7Jmd0OyZndDsmZ3Q7 ICZxdW90O0hhbyZxdW90OyA9PSBIYW8gWmhvdSAmbHQ7aHpob3VAY2lzY28uY29tJmd0Ow0Kd3Jp dGVzOjxicj4NCiZndDsgJmd0OyAmZ3Q7IDxicj4NCiZndDsgJmd0OyAmZ3Q7ICZuYnNwOyAmbmJz cDsgSGFvJmd0OyBTYW06PGJyPg0KJmd0OyAmZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7 IFRoaXMgaXMgYSB3ZWxsIHRob3VnaHQgYW5kIHdlbGwgd3JpdHRlbg0KZHJhZnQsIGl0IGNvdmVy cyBhIDxicj4NCiZndDsgJmd0OyAmZ3Q7IGxvdCBvZiBiYWNrZ3JvdW5kPGJyPg0KJmd0OyAmZ3Q7 ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IGFuZCBhc3BlY3Qgb2YgdGhlIGF0dGFja3MgYW5k IG1pdGlnYXRpb25zLg0KSG93ZXZlciwgSSBoYXZlIDxicj4NCiZndDsgJmd0OyAmZ3Q7IGZldyBj b21tZW50czo8YnI+DQomZ3Q7ICZndDsgJmd0OyBUaGFua3MhPGJyPg0KJmd0OyAmZ3Q7ICZndDsg PGJyPg0KJmd0OyAmZ3Q7ICZndDsgWW91IGxpc3RlZCBhIHNldCBvZiBkcmF3YmFja3MgdG8gRU1T Sy1iYXNlZCBjcnlwdG8gYmluZGluZy48YnI+DQomZ3Q7ICZndDsgJmd0OyA8YnI+DQomZ3Q7ICZn dDsgJmd0OyAmbmJzcDsgJm5ic3A7IEhhbyZndDsgQS4gTXV0dWFsIGNyeXB0by1iaW5kaW5nIHJl cXVpcmVkDQp0aGUgdXNlIG9mIEVNU0ssIG5vdCBhbGwgPGJyPg0KJmd0OyAmZ3Q7ICZndDsgZXhp c3RpbmcgRUFQPGJyPg0KJmd0OyAmZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IG1ldGhv ZCBnZW5lcmF0ZSBhbmQgZXhwb3J0IEVNU0suIEl0DQp3aWxsIGFsc28gYnJlYWsgPGJyPg0KJmd0 OyAmZ3Q7IGludGVybWVkaWF0ZSBBQUE8YnI+DQomZ3Q7ICZndDsgJmd0OyAmbmJzcDsgJm5ic3A7 IEhhbyZndDsgc2VydmVycy4gTW9yZSBpbXBvcnRhbnRseSwgaXQgd291bGQNCm9ubHkgd29yayBm b3IgYW4gRUFQIDxicj4NCiZndDsgJmd0OyBtZXRob2QgdGhhdDxicj4NCiZndDsgJmd0OyAmZ3Q7 ICZuYnNwOyAmbmJzcDsgSGFvJmd0OyBnZW5lcmF0ZXMga2V5cy4gUGFydCBvZiB0aGUgZ29hbCBv Zg0KVHVubmVsIE1ldGhvZCBpcyB0byA8YnI+DQomZ3Q7ICZndDsgcHJvdGVjdCB3ZWFrPGJyPg0K Jmd0OyAmZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IGF1dGhlbnRpY2F0aW9uIG9yIEVB UCBtZXRob2QsIHRoaXMNCndvdWxkIG5vdCBiZW5lZml0cyB0aGVtLjxicj4NCiZndDsgJmd0OyAm Z3Q7IDxicj4NCiZndDsgJmd0OyAmZ3Q7IFRoZXNlIGRyYXdiYWNrcyB0byBFTVNLLWJhc2VkIGNy eXB0b2dyYXBoaWMgYmluZGluZyBhcmUNCmRvY3VtZW50ZWQ7PGJyPg0KJmd0OyAmZ3Q7ICZndDsg dGhhbmtzLjxicj4NCiZndDsgJmd0OyAmZ3Q7IDxicj4NCiZndDsgJmd0OyAmZ3Q7ICZuYnNwOyAm bmJzcDsgSGFvJmd0OyBELiBFbmZvcmNpbmcgc2VydmVyIHBvbGljeSB3b3VsZCBiZQ0KYW5vdGhl ciBnb29kIHdheSB0byBnbyw8YnI+DQomZ3Q7ICZndDsgJmd0OyBpZiBzZXJ2ZXIgY2FuPGJyPg0K Jmd0OyAmZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IGRlbWFuZCB0dW5uZWwgbWV0aG9k IG9ubHksIGVsaW1pbmF0ZQ0KdGhlIGNoYW5jZSBvZiBpbm5lciA8YnI+DQomZ3Q7ICZndDsgJmd0 OyBtZXRob2QgTVNLIGJlaW5nPGJyPg0KJmd0OyAmZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8m Z3Q7IHNlbnQgdG8gdGhlIGF0dGFja2VyLjxicj4NCiZndDsgJmd0OyAmZ3Q7IDxicj4NCiZndDsg Jmd0OyAmZ3Q7IEFzIGRpc2N1c3NlZCBpbiB0aGUgZHJhZnQsIHlvdSBhY3R1YWxseSBuZWVkIGEg bnVtYmVyIG9mDQpjb25kaXRpb25zPGJyPg0KJmd0OyAmZ3Q7ICZndDsgYmV5b25kIGp1c3QgdGhh dC48YnI+DQomZ3Q7ICZndDsgJmd0OyBIb3dldmVyIEkgYWdyZWUgc2VydmVyIHBvbGljeSBpcyBh bm90aGVyIGltcG9ydGFudCBtaXRpZ2F0aW9uLA0Kd2hpY2ggaXM8YnI+DQomZ3Q7ICZndDsgJmd0 OyB3aHkgdGhlIGRyYWZ0IHJlY29tbWVuZHMgaXQuPGJyPg0KJmd0OyAmZ3Q7ICZndDsgPGJyPg0K Jmd0OyAmZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IDIuIEkgYW0gbm90IHN1cmUgJnF1 b3Q7TXV0dWFsIENyeXB0by1iaW5kaW5nJnF1b3Q7DQppcyBhIGdvb2QgdGVybSwgYXM8YnI+DQom Z3Q7ICZndDsgJmd0OyB0aGUgZXhpc3Rpbmc8YnI+DQomZ3Q7ICZndDsgJmd0OyAmbmJzcDsgJm5i c3A7IEhhbyZndDsgY3J5cHRvLWJpbmRpbmcgaXMgYWxyZWFkeSBtdXR1YWxseQ0KYXV0aGVudGlj YXRpbmcgdGhlIHBlZXIgPGJyPg0KJmd0OyAmZ3Q7ICZndDsgYW5kIHRoZSBzZXJ2ZXIuPGJyPg0K Jmd0OyAmZ3Q7ICZndDsgJm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IE1heWJlIG1vcmUgYWNjdXJhdGUg dG8gYmUgY2FsbGVkICZxdW90O0NyeXB0by1iaW5kaW5nDQpiYXNlZCBvbiA8YnI+DQomZ3Q7ICZn dDsgJmd0OyBFTVNLJnF1b3Q7IG9yICZxdW90O0V4dGVuZGVkPGJyPg0KJmd0OyAmZ3Q7ICZndDsg Jm5ic3A7ICZuYnNwOyBIYW8mZ3Q7IENyeXB0by1iaW5kaW5nJnF1b3Q7IGV0Yy48YnI+DQomZ3Q7 ICZndDsgJmd0OyA8YnI+DQomZ3Q7ICZndDsgJmd0OyBJIHRoaW5rIG9mIG11dHVhbCBjcnlwdG9n cmFwaGljIGJpbmRpbmcgYXMgY3J5cHRvIGJpbmRpbmcNCnRoYXQgcHJvdmlkZXM8YnI+DQomZ3Q7 ICZndDsgJmd0OyBkZWZlbnNlIGFnYWluc3QgdGhlc2Ugc29ydCBvZiBhdHRhY2tzIChhbmQgcGVy c29uYWxseSBkb24ndA0KY29uc2lkZXI8YnI+DQomZ3Q7ICZndDsgJmd0OyBleGlzdGluZyBjcnlw dG9ncmFwaGljIGJpbmRpbmcgdG8gcmVhbGx5IHF1YWxpZnkgYXMgJnF1b3Q7bXV0dWFsJnF1b3Q7 Lik8YnI+DQomZ3Q7ICZndDsgJmd0OyBJIHRoaW5rIHRob3VnaCB0aGF0IGRlc2NyaWJpbmcgdGhp cyBuZXcgbWVjaGFuaXNtIGFzIEVNU0stYmFzZWQ8YnI+DQomZ3Q7ICZndDsgJmd0OyBjcnlwdG9n cmFwaGljIGJpbmRpbmcgaXMgZ29vZC4gV2UgbWF5IGhhdmUgb3RoZXIgbWVjaGFuaXNtcw0KdGhh dCBtZWV0PGJyPg0KJmd0OyAmZ3Q7ICZndDsgdGhlIHNlY3VyaXR5IGdvYWxzIG9mIG11dHVhbCBj cnlwdG9ncmFwaGljIGJpbmRpbmcgYW5kIGl0DQppcyBhbHdheXM8YnI+DQomZ3Q7ICZndDsgJmd0 OyBkZXNpcmFibGUgdG8gc2VwYXJhdGUgbWVjaGFuaXNtIGZyb20gYWJzdHJhY3Rpb24uPGJyPg0K Jmd0OyAmZ3Q7ICZndDsgSSd2ZSB0cmllZCB0byBzdGFydCB0aGF0IHRyYW5zaXRpb24gaW4gdGhl IG5leHQgdmVyc2lvbg0Kb2YgdGhlPGJyPg0KJmd0OyAmZ3Q7ICZndDsgZHJhZnQuIFRoYW5rcyB2 ZXJ5IG11Y2ggZm9yIHBvaW50aW5nIHRoaXMgb3V0Ljxicj4NCiZndDsgJmd0OyAmZ3Q7IERvdWJ0 bGVzcyB3ZSdsbCBoYXZlIGFub3RoZXIgJm5ic3A7cm91bmQgb2YgaW1wcm92aW5nIHRlcm1pbm9s b2d5Ljxicj4NCiZndDsgJmd0OyAmZ3Q7IDxicj4NCiZndDsgJmd0OyAmZ3Q7IEFnYWluLCB0aGFu a3Mgc28gbXVjaCBmb3IgeW91ciBjb21tZW50cy48YnI+DQomZ3Q7ICZndDsgJmd0OyBfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCiZndDsgJmd0OyAm Z3Q7IEVtdSBtYWlsaW5nIGxpc3Q8YnI+DQomZ3Q7ICZndDsgJmd0OyBFbXVAaWV0Zi5vcmc8YnI+ DQomZ3Q7ICZndDsgJmd0OyBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Vt dTxicj4NCiZndDsgJmd0OyAmZ3Q7IDwvZm9udD48L3R0Pg0K --=_alternative 00104E1348257A37_=-- From hzhou@cisco.com Tue Jul 10 11:05:06 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3AF721F8732; Tue, 10 Jul 2012 11:05:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.55 X-Spam-Level: X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_HI=-8, SARE_SUB_ENC_GB2312=1.345] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pBagf3gzpYBB; Tue, 10 Jul 2012 11:05:05 -0700 (PDT) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 2D94B21F87A4; Tue, 10 Jul 2012 11:05:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=hzhou@cisco.com; l=20439; q=dns/txt; s=iport; t=1341943533; x=1343153133; h=from:to:cc:subject:date:message-id:in-reply-to: mime-version; bh=1O8tQyr0+SCUP0IOauy7bKN5m4Pj9Nxaqj0VG9Q0vI8=; b=NObaCeeAhp8KL52N/zYivoSquN89E7P+GDMuRojia2usRWvpf84wnfYi bolsxOh1eAyYFJFYYMqVN+eqIzvEqDmxiNH0iWSi5gW+cFUWsgg2RpLFL a4onKt1x59h3MyPynhKrEu7X0/IiwpTgnX8IZmoS0yJg3tIiYRwclTK24 k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgIFAMpt/E+tJV2Z/2dsb2JhbABFgkqDHLB7gRyBB4IgAQEBAwEBAQEPAVsLBQ0BBgIRAwEBASgFBCULFAYDCAIEDgUih2UGC50FjRMIkxkEi0AKhQKBFgOVNo4fgWaCXw X-IronPort-AV: E=Sophos;i="4.77,561,1336348800"; d="scan'208,217";a="100486042" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-2.cisco.com with ESMTP; 10 Jul 2012 18:05:30 +0000 Received: from xhc-rcd-x09.cisco.com (xhc-rcd-x09.cisco.com [173.37.183.83]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id q6AI5UFY007941 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 10 Jul 2012 18:05:30 GMT Received: from xmb-rcd-x14.cisco.com ([169.254.4.60]) by xhc-rcd-x09.cisco.com ([173.37.183.83]) with mapi id 14.02.0298.004; Tue, 10 Jul 2012 13:05:29 -0500 From: "Hao Zhou (hzhou)" To: "zhou.sujing@zte.com.cn" Thread-Topic: =?gb2312?B?tPC4tDogUmU6ILTwuLQ6IFJFOiBSZTogW0VtdV0gTmV3IGRyYWZ0IG9uIG11?= =?gb2312?Q?tual_crypto_binding_problem?= Thread-Index: AQHNWMvC80mKQe8PTkS2oWXpBYHWN5cXPceAgAAGSACACfw2AIAA8XcAgAC6mIA= Date: Tue, 10 Jul 2012 18:05:26 +0000 Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.2.1.120420 x-originating-ip: [64.101.219.104] x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19030.006 x-tm-as-result: No--40.452500-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: multipart/alternative; boundary="_000_CC21E601AC3Fhzhouciscocom_" MIME-Version: 1.0 Cc: "emu-bounces@ietf.org" , Sam Hartman , "emu@ietf.org" Subject: Re: [Emu] =?gb2312?b?tPC4tDogUmU6ILTwuLQ6IFJFOiBSZTogIE5ldyBkcmFmdCBv?= =?gb2312?b?biBtdXR1YWwgY3J5cHRvIGJpbmRpbmcgcHJvYmxlbQ==?= X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2012 18:05:07 -0000 --_000_CC21E601AC3Fhzhouciscocom_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 V2VsbCwgdGhlIEFBQSBzZXJ2ZXIgdGVybWluYXRlcyB0aGUgdHVubmVsIGlzIGRvaW5nIHRoZSBj cnlwdG8tYmluZGluZywgb3MgaXQgd2lsbCBuZWVkIHRoZSBFTVNLIGtleSBmcm9tIHRoZSBpbm5l ciBtZXRob2QgQUFBLiBIb3dldmVyLCBFTVNLLCBhY2NvcmRpbmcgdG8gIFJGQzUyNDcsICJpcyBu ZXZlciBzaGFyZWQgd2l0aCBhIHRoaXJkIHBhcnR5Ii4gU28sIGl0IGlzIHBvc3NpYmxlIHRvIHRy YW5zcG9ydCBzb21lIHRyYW5zaWVudCBrZXlzIGRlcml2ZWQgZnJvbSB0aGUgRU1TSyBiZXR3ZWVu IHRoZSBBQUEgc2VydmVycy4gVGhlIFRFQVAgZHJhZnQtMDIgdXNlcyB0aGUgdHJhbnNpZW50IGtl eSBkZXJpdmVkIGZyb20gaW5uZXIgbWV0aG9kIEVNU0sgaWYgYXZhaWxhYmxlLiBIb3dldmVyLCBu byBzdGFuZGVyIGRlZmluZWQgcHJvdG9jb2wgZXhpc3RzIHRvZGF5IHRvIGRvIHRoZSB0cmFuc3Bv cnQuIFRoYXQncyB0aGUgbWlzc2luZyBwaWVjZS4NCg0KDQpGcm9tOiAiemhvdS5zdWppbmdAenRl LmNvbS5jbjxtYWlsdG86emhvdS5zdWppbmdAenRlLmNvbS5jbj4iIDx6aG91LnN1amluZ0B6dGUu Y29tLmNuPG1haWx0bzp6aG91LnN1amluZ0B6dGUuY29tLmNuPj4NCkRhdGU6IE1vbmRheSwgSnVs eSA5LCAyMDEyIDEwOjU3IFBNDQpUbzogQ2lzY28gRW1wbG95ZWUgPGh6aG91QGNpc2NvLmNvbTxt YWlsdG86aHpob3VAY2lzY28uY29tPj4NCkNjOiAiZW11QGlldGYub3JnPG1haWx0bzplbXVAaWV0 Zi5vcmc+IiA8ZW11QGlldGYub3JnPG1haWx0bzplbXVAaWV0Zi5vcmc+PiwgImVtdS1ib3VuY2Vz QGlldGYub3JnPG1haWx0bzplbXUtYm91bmNlc0BpZXRmLm9yZz4iIDxlbXUtYm91bmNlc0BpZXRm Lm9yZzxtYWlsdG86ZW11LWJvdW5jZXNAaWV0Zi5vcmc+PiwgU2FtIEhhcnRtYW4gPGhhcnRtYW5z LWlldGZAbWl0LmVkdTxtYWlsdG86aGFydG1hbnMtaWV0ZkBtaXQuZWR1Pj4sICJaaGFuZ2RhY2hl bmcgKERhY2hlbmcpIiA8emhhbmdkYWNoZW5nQGh1YXdlaS5jb208bWFpbHRvOnpoYW5nZGFjaGVu Z0BodWF3ZWkuY29tPj4NClN1YmplY3Q6ILTwuLQ6IFJlOiC08Li0OiBSRTogUmU6IFtFbXVdIE5l dyBkcmFmdCBvbiBtdXR1YWwgY3J5cHRvIGJpbmRpbmcgcHJvYmxlbQ0KDQoNClJlZ2FyZHN+fn4N Cg0KLVN1amluZyBaaG91DQoNCiJIYW8gWmhvdSAoaHpob3UpIiA8aHpob3VAY2lzY28uY29tPG1h aWx0bzpoemhvdUBjaXNjby5jb20+PiDQtNPaIDIwMTItMDctMTAgMDA6MzM6MjE6DQoNCj4gV2Ug YXJlIHRhbGtpbmcgYWJvdXQgdGhlIGNhc2Ugb2Ygc2VwYXJhdGlvbiBvZiBvdXRlciBFQVAgbWV0 aG9kIGFuZA0KPiBpbm5lciBtZXRob2QgKGludGVybWVkaWF0ZSBBQUEgdGVybWluYXRlcyB0aGUg RUFQIHR1bm5lbCBhbmQgaGF2ZSBhDQo+IHNlcGFyYXRlIEFBQSBzZXJ2ZXIgZm9yIHRoZSBpbm5l ciBtZXRob2QpLiBTaW5jZSBFTVNLIGZyb20gdGhlIGlubmVyDQo+IG1ldGhvZCBuZXZlciBsZWF2 ZXMgdGhlIEFBQSBzZXJ2ZXIgd2hlcmUgaXQgaXMgZ2VuZXJhdGVkLCAobm9yIGl0IGlzDQo+IGRl c2lnbmVkIHRvIGJlIHRyYW5zcG9ydGVkIG9yIGEgcHJvdG9jb2wgZXhpc3RzIHRvIHRyYW5zcG9y dCB0aGUNCj4gRU1TSyBvciBrZXkgZGVyaXZlZCBmcm9tIGl0IGJldHdlZW4gQUFBIHNlcnZlcnMp LCBFTVNLIGJhc2VkIGNyeXB0by0NCj4gYmluZGluZyB3aWxsIHBvdGVudGlhbGx5IGJyZWFrIHRo aXMgdXNlIGNhc2UuDQpXZWxso6xpbiB0aGlzIGNhc2Ugd2hlcmUgdHVubmVsIHNlcnZlciBhbmQg RUFQIGF1dGhlbnRpY2F0aW9uIHNlcnZlciBhcmUgc2VwYXJhdGVkLA0KYW5kIGl0IGlzIHJlcXVp cmVkIHRvIGNvbWJpbmUgVEsgYW5kIEVNU0sgdG9nZXRoZXIsIGNhbm4ndCBpdA0KcmVzb2x2ZWQg YnkgZWl0aGVyIHNwZWNpZnlpbmcgaG93IHRvIHRyYW5zcG9ydCBFTVNLIHRvIGFub3RoZXIgQUFB IG9yDQpzcGVjaWZ5aW5nICBob3cgdG8gdHJhbnNwb3J0IFRLIHRvIGFub3RoZXIgQUFBPw0KDQoN Cg0KPg0KPiBGcm9tOiAiemhvdS5zdWppbmdAenRlLmNvbS5jbjxtYWlsdG86emhvdS5zdWppbmdA enRlLmNvbS5jbj4iIDx6aG91LnN1amluZ0B6dGUuY29tLmNuPG1haWx0bzp6aG91LnN1amluZ0B6 dGUuY29tLmNuPj4NCj4gRGF0ZTogVHVlc2RheSwgSnVseSAzLCAyMDEyIDEyOjA0IEFNDQo+IFRv OiAiWmhhbmdkYWNoZW5nIChEYWNoZW5nKSIgPHpoYW5nZGFjaGVuZ0BodWF3ZWkuY29tPG1haWx0 bzp6aGFuZ2RhY2hlbmdAaHVhd2VpLmNvbT4+DQo+IENjOiAiZW11QGlldGYub3JnPG1haWx0bzpl bXVAaWV0Zi5vcmc+IiA8ZW11QGlldGYub3JnPG1haWx0bzplbXVAaWV0Zi5vcmc+PiwgImVtdS1i b3VuY2VzQGlldGYub3JnPG1haWx0bzplbXUtYm91bmNlc0BpZXRmLm9yZz4iIDxlbXUtDQo+IGJv dW5jZXNAaWV0Zi5vcmc8bWFpbHRvOmJvdW5jZXNAaWV0Zi5vcmc+PiwgU2FtIEhhcnRtYW4gPGhh cnRtYW5zLWlldGZAbWl0LmVkdTxtYWlsdG86aGFydG1hbnMtaWV0ZkBtaXQuZWR1Pj4sIENpc2Nv IEVtcGxveWVlIDwNCj4gaHpob3VAY2lzY28uY29tPG1haWx0bzpoemhvdUBjaXNjby5jb20+Pg0K PiBTdWJqZWN0OiC08Li0OiBSRTogUmU6IFtFbXVdIE5ldyBkcmFmdCBvbiBtdXR1YWwgY3J5cHRv IGJpbmRpbmcgcHJvYmxlbQ0KPg0KPg0KPiBSZWdhcmRzfn5+DQo+DQo+IC1TdWppbmcgWmhvdQ0K Pg0KPiAiWmhhbmdkYWNoZW5nIChEYWNoZW5nKSIgPHpoYW5nZGFjaGVuZ0BodWF3ZWkuY29tPG1h aWx0bzp6aGFuZ2RhY2hlbmdAaHVhd2VpLmNvbT4+INC009ogMjAxMi0wNy0wMyAxMTo0MTo0OToN Cj4NCj4gPiBJIHRoaW5rIHlvdSB0cnkgdG8gYXNrIHdoeSBFU01LIGNhbiBiZSB1c2VkIHRvIGRl dGVjdCB0aGUgYXR0YWNrZXJzDQo+ID4gd2hvIHRyeSB0byBpbXBlcnNvbmF0ZSBvdGhlciBob25l c3Qgc2VydmVycy4NCj4gPg0KPiA+IFVubGlrZSBNU0ssIEVNU0sgd2lsbCBuZXZlciBiZSB0cmFu c3BvcnRlZCBvdmVyIHRoZSBuZXR3b3JrIGFuZCB0aGVuDQo+ID4gY2Fubm90IGJlIGFjY2Vzc2Vk IGJ5IGF0dGFja2Vycy4gVGhlcmVmb3JlLCBpdCBpcyBwb3NzaWJsZSBmb3IgYQ0KPiA+IHBlZXIg dG8gdXNlIEVNU0sgdG8gZGV0ZWN0IGFuIGF0dGFja2VyIHdobyB0cmllcyB0byBwZXJmb3JtIHRo ZQ0KPiA+IGF0dGFja3MgaWxsdXN0cmF0ZWQgaW4gdGhlIGRyYWZ0Lg0KPg0KPiBUaGF0IGlzIHdo YXQgSSB1bmRlcnN0YW5kLCBidXQgRU1TSy1iYXNlZCBjcnlwdG8gYmluZGluZyBjYW4gc3RpbGwN Cj4gYmUgdHJhbnNwb3J0ZWQgdGhyb3VnaCBpbnRlcm1lZGlhdGUgQUFBIHNlcnZlcnMNCj4gYmV0 d2VlbiBob21lIEFBQSBzZXJ2ZXIgYW5kIHBlZXIsIHJpZ2h0Pw0KPiCjyWRvbid0IHVuZGVyc3Rh bmQgSGFvIFpob3UncyBjb25jZXJuIGhlcmUuDQo+DQo+ID4NCj4gPiBGcm9tOiB6aG91LnN1amlu Z0B6dGUuY29tLmNuPG1haWx0bzp6aG91LnN1amluZ0B6dGUuY29tLmNuPiBbbWFpbHRvOnpob3Uu c3VqaW5nQHp0ZS5jb20uY25dDQo+ID4gU2VudDogVHVlc2RheSwgSnVseSAwMywgMjAxMiAxMToy NyBBTQ0KPiA+IFRvOiBTYW0gSGFydG1hbg0KPiA+IENjOiBkcmFmdC1oYXJ0bWFuLWVtdS1tdXR1 YWwtY3J5cHRvLWJpbmRAdG9vbHMuaWV0Zi5vcmc8bWFpbHRvOmRyYWZ0LWhhcnRtYW4tZW11LW11 dHVhbC1jcnlwdG8tYmluZEB0b29scy5pZXRmLm9yZz47IGVtdUBpZXRmLg0KPiA+IG9yZzsgZW11 LWJvdW5jZXNAaWV0Zi5vcmc8bWFpbHRvOmVtdS1ib3VuY2VzQGlldGYub3JnPjsgU2FtIEhhcnRt YW47IEhhbyBaaG91DQo+ID4gU3ViamVjdDogtPC4tDogUmU6IFtFbXVdIE5ldyBkcmFmdCBvbiBt dXR1YWwgY3J5cHRvIGJpbmRpbmcgcHJvYmxlbQ0KPiA+DQo+ID4NCj4gPiBIb3cgZG9lcyBFTVNL IGJyZWFrIGludGVybWVkaWF0ZSBBQUEgc2VydmVyc6O/DQo+ID4NCj4gPiBSZWdhcmRzfn5+DQo+ ID4NCj4gPiAtU3VqaW5nIFpob3UNCj4gPg0KPiA+IGVtdS1ib3VuY2VzQGlldGYub3JnPG1haWx0 bzplbXUtYm91bmNlc0BpZXRmLm9yZz4g0LTT2iAyMDEyLTA2LTI5IDAyOjI1OjQ0Og0KPiA+DQo+ ID4gPiA+Pj4+PiAiSGFvIiA9PSBIYW8gWmhvdSA8aHpob3VAY2lzY28uY29tPG1haWx0bzpoemhv dUBjaXNjby5jb20+PiB3cml0ZXM6DQo+ID4gPg0KPiA+ID4gICAgIEhhbz4gU2FtOg0KPiA+ID4g ICAgIEhhbz4gVGhpcyBpcyBhIHdlbGwgdGhvdWdodCBhbmQgd2VsbCB3cml0dGVuIGRyYWZ0LCBp dCBjb3ZlcnMgYQ0KPiA+ID4gbG90IG9mIGJhY2tncm91bmQNCj4gPiA+ICAgICBIYW8+IGFuZCBh c3BlY3Qgb2YgdGhlIGF0dGFja3MgYW5kIG1pdGlnYXRpb25zLiBIb3dldmVyLCBJIGhhdmUNCj4g PiA+IGZldyBjb21tZW50czoNCj4gPiA+IFRoYW5rcyENCj4gPiA+DQo+ID4gPiBZb3UgbGlzdGVk IGEgc2V0IG9mIGRyYXdiYWNrcyB0byBFTVNLLWJhc2VkIGNyeXB0byBiaW5kaW5nLg0KPiA+ID4N Cj4gPiA+ICAgICBIYW8+IEEuIE11dHVhbCBjcnlwdG8tYmluZGluZyByZXF1aXJlZCB0aGUgdXNl IG9mIEVNU0ssIG5vdCBhbGwNCj4gPiA+IGV4aXN0aW5nIEVBUA0KPiA+ID4gICAgIEhhbz4gbWV0 aG9kIGdlbmVyYXRlIGFuZCBleHBvcnQgRU1TSy4gSXQgd2lsbCBhbHNvIGJyZWFrDQo+ID4gaW50 ZXJtZWRpYXRlIEFBQQ0KPiA+ID4gICAgIEhhbz4gc2VydmVycy4gTW9yZSBpbXBvcnRhbnRseSwg aXQgd291bGQgb25seSB3b3JrIGZvciBhbiBFQVANCj4gPiBtZXRob2QgdGhhdA0KPiA+ID4gICAg IEhhbz4gZ2VuZXJhdGVzIGtleXMuIFBhcnQgb2YgdGhlIGdvYWwgb2YgVHVubmVsIE1ldGhvZCBp cyB0bw0KPiA+IHByb3RlY3Qgd2Vhaw0KPiA+ID4gICAgIEhhbz4gYXV0aGVudGljYXRpb24gb3Ig RUFQIG1ldGhvZCwgdGhpcyB3b3VsZCBub3QgYmVuZWZpdHMgdGhlbS4NCj4gPiA+DQo+ID4gPiBU aGVzZSBkcmF3YmFja3MgdG8gRU1TSy1iYXNlZCBjcnlwdG9ncmFwaGljIGJpbmRpbmcgYXJlIGRv Y3VtZW50ZWQ7DQo+ID4gPiB0aGFua3MuDQo+ID4gPg0KPiA+ID4gICAgIEhhbz4gRC4gRW5mb3Jj aW5nIHNlcnZlciBwb2xpY3kgd291bGQgYmUgYW5vdGhlciBnb29kIHdheSB0byBnbywNCj4gPiA+ IGlmIHNlcnZlciBjYW4NCj4gPiA+ICAgICBIYW8+IGRlbWFuZCB0dW5uZWwgbWV0aG9kIG9ubHks IGVsaW1pbmF0ZSB0aGUgY2hhbmNlIG9mIGlubmVyDQo+ID4gPiBtZXRob2QgTVNLIGJlaW5nDQo+ ID4gPiAgICAgSGFvPiBzZW50IHRvIHRoZSBhdHRhY2tlci4NCj4gPiA+DQo+ID4gPiBBcyBkaXNj dXNzZWQgaW4gdGhlIGRyYWZ0LCB5b3UgYWN0dWFsbHkgbmVlZCBhIG51bWJlciBvZiBjb25kaXRp b25zDQo+ID4gPiBiZXlvbmQganVzdCB0aGF0Lg0KPiA+ID4gSG93ZXZlciBJIGFncmVlIHNlcnZl ciBwb2xpY3kgaXMgYW5vdGhlciBpbXBvcnRhbnQgbWl0aWdhdGlvbiwgd2hpY2ggaXMNCj4gPiA+ IHdoeSB0aGUgZHJhZnQgcmVjb21tZW5kcyBpdC4NCj4gPiA+DQo+ID4gPiAgICAgSGFvPiAyLiBJ IGFtIG5vdCBzdXJlICJNdXR1YWwgQ3J5cHRvLWJpbmRpbmciIGlzIGEgZ29vZCB0ZXJtLCBhcw0K PiA+ID4gdGhlIGV4aXN0aW5nDQo+ID4gPiAgICAgSGFvPiBjcnlwdG8tYmluZGluZyBpcyBhbHJl YWR5IG11dHVhbGx5IGF1dGhlbnRpY2F0aW5nIHRoZSBwZWVyDQo+ID4gPiBhbmQgdGhlIHNlcnZl ci4NCj4gPiA+ICAgICBIYW8+IE1heWJlIG1vcmUgYWNjdXJhdGUgdG8gYmUgY2FsbGVkICJDcnlw dG8tYmluZGluZyBiYXNlZCBvbg0KPiA+ID4gRU1TSyIgb3IgIkV4dGVuZGVkDQo+ID4gPiAgICAg SGFvPiBDcnlwdG8tYmluZGluZyIgZXRjLg0KPiA+ID4NCj4gPiA+IEkgdGhpbmsgb2YgbXV0dWFs IGNyeXB0b2dyYXBoaWMgYmluZGluZyBhcyBjcnlwdG8gYmluZGluZyB0aGF0IHByb3ZpZGVzDQo+ ID4gPiBkZWZlbnNlIGFnYWluc3QgdGhlc2Ugc29ydCBvZiBhdHRhY2tzIChhbmQgcGVyc29uYWxs eSBkb24ndCBjb25zaWRlcg0KPiA+ID4gZXhpc3RpbmcgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRv IHJlYWxseSBxdWFsaWZ5IGFzICJtdXR1YWwiLikNCj4gPiA+IEkgdGhpbmsgdGhvdWdoIHRoYXQg ZGVzY3JpYmluZyB0aGlzIG5ldyBtZWNoYW5pc20gYXMgRU1TSy1iYXNlZA0KPiA+ID4gY3J5cHRv Z3JhcGhpYyBiaW5kaW5nIGlzIGdvb2QuIFdlIG1heSBoYXZlIG90aGVyIG1lY2hhbmlzbXMgdGhh dCBtZWV0DQo+ID4gPiB0aGUgc2VjdXJpdHkgZ29hbHMgb2YgbXV0dWFsIGNyeXB0b2dyYXBoaWMg YmluZGluZyBhbmQgaXQgaXMgYWx3YXlzDQo+ID4gPiBkZXNpcmFibGUgdG8gc2VwYXJhdGUgbWVj aGFuaXNtIGZyb20gYWJzdHJhY3Rpb24uDQo+ID4gPiBJJ3ZlIHRyaWVkIHRvIHN0YXJ0IHRoYXQg dHJhbnNpdGlvbiBpbiB0aGUgbmV4dCB2ZXJzaW9uIG9mIHRoZQ0KPiA+ID4gZHJhZnQuIFRoYW5r cyB2ZXJ5IG11Y2ggZm9yIHBvaW50aW5nIHRoaXMgb3V0Lg0KPiA+ID4gRG91YnRsZXNzIHdlJ2xs IGhhdmUgYW5vdGhlciAgcm91bmQgb2YgaW1wcm92aW5nIHRlcm1pbm9sb2d5Lg0KPiA+ID4NCj4g PiA+IEFnYWluLCB0aGFua3Mgc28gbXVjaCBmb3IgeW91ciBjb21tZW50cy4NCj4gPiA+IF9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+ID4gPiBFbXUgbWFp bGluZyBsaXN0DQo+ID4gPiBFbXVAaWV0Zi5vcmc8bWFpbHRvOkVtdUBpZXRmLm9yZz4NCj4gPiA+ IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZW11DQo+ID4gPg0K --_000_CC21E601AC3Fhzhouciscocom_ Content-Type: text/html; charset="gb2312" Content-ID: <8864B4EA042A1E458DF7134C55C0A5C5@cisco.com> Content-Transfer-Encoding: quoted-printable
Well, the AAA server terminates the tunnel is doing the crypto-binding= , os it will need the EMSK key from the inner method AAA. However, EMSK, ac= cording to  RFC5247, "is never shared with a third party". So, it is possible to transport some transient keys derived f= rom the EMSK between the AAA servers. The TEAP draft-02 uses the transient k= ey derived from inner method EMSK if available. Howeve= r, no stander defined protocol exists today to do the transport. That's the= missing piece.


From: "zhou.sujing@zte.com.cn" <zhou.sujing@zte.com.cn>
Date: Monday, July 9, 2012 10:57 PM=
To: Cisco Employee <hzhou@cisco.com>
Cc: "emu@ietf.org" <emu@ietf.= org>, "emu-bounces@ietf= .org" <emu-bounces@ietf= .org>, Sam Hartman <hartmans-ietf@mit= .edu>, "Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com>
Subject: =B4=F0=B8=B4: Re: =B4=F0= =B8=B4: RE: Re: [Emu] New draft on mutual crypto binding problem


Regards~~~

-Sujing Zhou

"Hao Zhou (hzhou)" <hzhou@cisco.com> =D0=B4=D3=DA 2012-07-10 00:33:21:

> We are talking about the case of separation of outer EAP method and > inner method (intermediate AAA terminates the EAP tunnel and have a > separate AAA server for the inner method). Since EMSK from the inner > method never leaves the AAA server where it is generated, (nor it is > designed to be transported or a protocol exists to transport the
> EMSK or key derived from it between AAA servers), EMSK based crypto- > binding will potentially break this use case.
Well=A3=ACin this case where tunnel server and EAP aut= hentication server are separated,
and it is required to combine TK and EMSK together, ca= nn't it
resolved by either specifying how to transport EMSK to= another AAA or
specifying  how to transport TK to another AAA?



>
> From: "zhou.sujing@zte.= com.cn" <zhou.sujing@= zte.com.cn>
> Date: Tuesday, July 3, 2012 12:04 AM
> To: "Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com>
> Cc: "emu@ietf.org" <<= a href=3D"mailto:emu@ietf.org">emu@ietf.org>, "emu-bounces@ietf.org" <emu-
> bounces@ietf.org>, Sam Hart= man <hartmans-ietf@mit.edu&= gt;, Cisco Employee <
> hzhou@cisco.com>
> Subject: =B4=F0=B8=B4: RE: Re: [Emu] New draft on mutual crypto bindin= g problem
>
>
> Regards~~~
>
> -Sujing Zhou
>
> "Zhangdacheng (Dacheng)" <zhangdacheng@huawei.com> =D0=B4=D3=DA 2012-07-03 11:41:4= 9:
>
> > I think you try to ask why ESMK can be used to detect the attacke= rs
> > who try to impersonate other honest servers.
> >  
> > Unlike MSK, EMSK will never be transported over the network and t= hen
> > cannot be accessed by attackers. Therefore, it is possible for a =
> > peer to use EMSK to detect an attacker who tries to perform the <= br> > > attacks illustrated in the draft.
>
> That is what I understand, but EMSK-based crypto binding can still > be transported through intermediate AAA servers
> between home AAA server and peer, right?
> =A3=C9don't understand Hao Zhou's concern here.
>
> >  
> > From: zhou.sujing@zte.c= om.cn [mailto:zhou.sujing@zte= .com.cn]
> > Sent: Tuesday, July 03, 2012 11:27 AM
> > To: Sam Hartman
> > Cc: draft-hartman-emu-mutual-crypto-bind@tools.ietf.org; emu@ietf= .
> > org; emu-bounces@ietf.org= ; Sam Hartman; Hao Zhou
> > Subject: =B4=F0=B8=B4: Re: [Emu] New draft on mutual crypto bindi= ng problem
> >  
> >
> > How does EMSK break intermediate AAA servers=A3=BF
> >
> > Regards~~~
> >
> > -Sujing Zhou
> >
> > emu-bounces@ietf.org = =D0=B4=D3=DA 2012-06-29 02:25:44:
> >
> > > >>>>> "Hao" =3D=3D Hao Zhou <hzhou@cisco.com> writes:
> > >
> > >     Hao> Sam:
> > >     Hao> This is a well thought and well writte= n draft, it covers a
> > > lot of background
> > >     Hao> and aspect of the attacks and mitigati= ons. However, I have
> > > few comments:
> > > Thanks!
> > >
> > > You listed a set of drawbacks to EMSK-based crypto binding.<= br> > > >
> > >     Hao> A. Mutual crypto-binding required the = use of EMSK, not all
> > > existing EAP
> > >     Hao> method generate and export EMSK. It wi= ll also break
> > intermediate AAA
> > >     Hao> servers. More importantly, it would on= ly work for an EAP
> > method that
> > >     Hao> generates keys. Part of the goal of Tu= nnel Method is to
> > protect weak
> > >     Hao> authentication or EAP method, this wou= ld not benefits them.
> > >
> > > These drawbacks to EMSK-based cryptographic binding are docu= mented;
> > > thanks.
> > >
> > >     Hao> D. Enforcing server policy would be an= other good way to go,
> > > if server can
> > >     Hao> demand tunnel method only, eliminate t= he chance of inner
> > > method MSK being
> > >     Hao> sent to the attacker.
> > >
> > > As discussed in the draft, you actually need a number of con= ditions
> > > beyond just that.
> > > However I agree server policy is another important mitigatio= n, which is
> > > why the draft recommends it.
> > >
> > >     Hao> 2. I am not sure "Mutual Crypto-b= inding" is a good term, as
> > > the existing
> > >     Hao> crypto-binding is already mutually aut= henticating the peer
> > > and the server.
> > >     Hao> Maybe more accurate to be called "= ;Crypto-binding based on
> > > EMSK" or "Extended
> > >     Hao> Crypto-binding" etc.
> > >
> > > I think of mutual cryptographic binding as crypto binding th= at provides
> > > defense against these sort of attacks (and personally don't = consider
> > > existing cryptographic binding to really qualify as "mu= tual".)
> > > I think though that describing this new mechanism as EMSK-ba= sed
> > > cryptographic binding is good. We may have other mechanisms = that meet
> > > the security goals of mutual cryptographic binding and it is= always
> > > desirable to separate mechanism from abstraction.
> > > I've tried to start that transition in the next version of t= he
> > > draft. Thanks very much for pointing this out.
> > > Doubtless we'll have another  round of improving termin= ology.
> > >
> > > Again, thanks so much for your comments.
> > > _______________________________________________
> > > Emu mailing list
> > > Emu@ietf.org
> > > https:= //www.ietf.org/mailman/listinfo/emu
> > >
--_000_CC21E601AC3Fhzhouciscocom_-- From jsalowey@cisco.com Tue Jul 10 22:10:37 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F5AF11E8099 for ; Tue, 10 Jul 2012 22:10:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.599 X-Spam-Level: X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8is6IDOSAuO for ; Tue, 10 Jul 2012 22:10:36 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id 7B13E11E8072 for ; Tue, 10 Jul 2012 22:10:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=jsalowey@cisco.com; l=277; q=dns/txt; s=iport; t=1341983466; x=1343193066; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=HJDqR5RiKP0cPJ7LbDqEgYD+xZqOWSsx+E4BPTSv6YQ=; b=bb40pchlvCnhu1GxsCeN3SD83EG4E5SlJ8I9Ag2bgDAtySr+Dz9ZPStP 7DsbE4z4EkDjm9Qewy2QLy+z/oV9z1QRG8V7H787S1szltevces9kBOQ7 yx3BhrzZpZFy24I35nbgIMm+h+bC5Xtf2ngVIGKlFbnyJg5fJXwSqul6c 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EACAK/U+tJV2a/2dsb2JhbABFt3+BB4InEgEnUQE+QicENYdrnAaBKKAbi1SEemADlTaOH4Fmgl+BVg X-IronPort-AV: E=Sophos;i="4.77,564,1336348800"; d="scan'208";a="100669277" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-6.cisco.com with ESMTP; 11 Jul 2012 05:11:05 +0000 Received: from xhc-aln-x14.cisco.com (xhc-aln-x14.cisco.com [173.36.12.88]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id q6B5B5T7016022 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Wed, 11 Jul 2012 05:11:05 GMT Received: from xmb-rcd-x09.cisco.com ([169.254.9.118]) by xhc-aln-x14.cisco.com ([173.36.12.88]) with mapi id 14.02.0283.003; Wed, 11 Jul 2012 00:11:05 -0500 From: "Joseph Salowey (jsalowey)" To: "emu@ietf.org" Thread-Topic: EMU session at IETF 84 Thread-Index: AQHNXyOSHYttui0nz0qtEx6ir7STlg== Date: Wed, 11 Jul 2012 05:10:38 +0000 Message-ID: <525517FD-CF91-4631-A2CD-5084B6DA0A43@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.33.249.195] x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19032.004 x-tm-as-result: No--24.321100-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: text/plain; charset="us-ascii" Content-ID: <3FC7B75D4C455248BC66FCEBF2989CDF@cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Emu] EMU session at IETF 84 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2012 05:10:37 -0000 THe EMU session has be scheduled for Tuesday, Morning Session I 0900-1020. = Please let the chairs know if you have something you would like to present= . We have limited time so priority will be given to material related to wo= rking group tasks. =20 Cheers, Joe= From ncamwing@cisco.com Sat Jul 14 20:34:19 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4966711E8079 for ; Sat, 14 Jul 2012 20:34:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.395 X-Spam-Level: X-Spam-Status: No, score=-6.395 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bud5WFjvYMuF for ; Sat, 14 Jul 2012 20:34:17 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 5AC3D11E8072 for ; Sat, 14 Jul 2012 20:34:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=29495; q=dns/txt; s=iport; t=1342323298; x=1343532898; h=from:to:cc:subject:date:message-id:in-reply-to: mime-version; bh=AIXGxMWWXy4PFnC9I0MWsQIW+LTgbI7Vn2SDrVrEbbY=; b=F+g11Ru0IRFGqaA4dm4iIRVVzlYJUU/9Zu/AEA6ia9h8fkPrr4DwoKWk su26f+X3WQHgrpMO0dJO7JGstu7LVqRaim4cpsOx9qe0QZGz71+W+Xz/5 dpqth42qBEtGD8LO6pyXisyvxe5wex2dGBPvrX4Wzu4LqbjnJrgdDhEzu Y=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkIFAG45AlCtJV2a/2dsb2JhbABFgkqDH4JgrkeBGYEHgiABAQEDAQEBAQ8BVAUCCwUNAQYCEQMBAiEHBQQlCxQJCAEBBAENBQkZhW+BdgYLmm+NEwiRbYtAFIRYgRYDlTuOIIFmgS2BMoFWAgcc X-IronPort-AV: E=Sophos;i="4.77,587,1336348800"; d="scan'208,217";a="98961204" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-9.cisco.com with ESMTP; 15 Jul 2012 03:34:57 +0000 Received: from xhc-rcd-x07.cisco.com (xhc-rcd-x07.cisco.com [173.37.183.81]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id q6F3YvwE027875 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 15 Jul 2012 03:34:57 GMT Received: from xmb-aln-x02.cisco.com ([169.254.5.178]) by xhc-rcd-x07.cisco.com ([173.37.183.81]) with mapi id 14.02.0298.004; Sat, 14 Jul 2012 22:34:56 -0500 From: "Nancy Cam-Winget (ncamwing)" To: "zhou.sujing@zte.com.cn" , "Joseph Salowey (jsalowey)" Thread-Topic: [Emu] A review Re: [Nea] I-D Action: draft-ietf-nea-pt-eap-02.txt Thread-Index: Ac1DxWOkmkRq2KB0TF+0RLaL1yQpxQeZKUwA Date: Sun, 15 Jul 2012 03:34:55 +0000 Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.2.1.120420 x-originating-ip: [10.21.145.162] x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19038.004 x-tm-as-result: No--43.179100-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: multipart/alternative; boundary="_000_CC278222D688ncamwingciscocom_" MIME-Version: 1.0 Cc: "emu@ietf.org" Subject: Re: [Emu] A review Re: [Nea] I-D Action: draft-ietf-nea-pt-eap-02.txt X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jul 2012 03:34:19 -0000 --_000_CC278222D688ncamwingciscocom_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 SGkgU3VqaW5nLA0KDQpJIGFtIGp1c3QgZ2V0dGluZyB0byB1cGRhdGUgdGhlIGRyYWZ0IGJhc2Vk IG9uIHJlY2VpdmVkIGNvbW1lbnRzLiAgSSBoYXZlIGZ1cnRoZXINCmNvbW1lbnRzIGFuZCBxdWVz dGlvbnMgYmVsb3c6DQoNCkZyb206ICJ6aG91LnN1amluZ0B6dGUuY29tLmNuPG1haWx0bzp6aG91 LnN1amluZ0B6dGUuY29tLmNuPiIgPHpob3Uuc3VqaW5nQHp0ZS5jb20uY248bWFpbHRvOnpob3Uu c3VqaW5nQHp0ZS5jb20uY24+Pg0KRGF0ZTogV2VkbmVzZGF5LCBKdW5lIDYsIDIwMTIgMjoxOCBB TQ0KVG86IEpvc2VwaCBTYWxvd2V5IDxqc2Fsb3dleUBjaXNjby5jb208bWFpbHRvOmpzYWxvd2V5 QGNpc2NvLmNvbT4+DQpDYzogImVtdUBpZXRmLm9yZzxtYWlsdG86ZW11QGlldGYub3JnPiIgPGVt dUBpZXRmLm9yZzxtYWlsdG86ZW11QGlldGYub3JnPj4NClN1YmplY3Q6IFtFbXVdIEEgcmV2aWV3 IFJlOiBbTmVhXSBJLUQgQWN0aW9uOiBkcmFmdC1pZXRmLW5lYS1wdC1lYXAtMDIudHh0DQoNCg0K U2VjdGlvbiAxDQoiVGhlIG90aGVyIHR5cGUgb2YgIFBULCBQVC1UTFMgW0ktRC5pZXRmLW5lYS1w dC10bHNdLCBvcGVyYXRlcyBiZWZvcmUgdGhlIGVuZHBvaW50IGdhaW5zDQogICBhbnkgYWNjZXNz IHRvIHRoZSBJUCBuZXR3b3JrLiAiDQo9PT5zaG91bGQgYmUgImFmdGVyIHRoZSBlbmRwb2ludCBo YXZlIGdhaW5lZCBhY2Nlc3MgdG8gdGhlIElQIG5ldHdvcmsiDQpbTkNXXSBUaGFuayB5b3UgZm9y IGNhdGNoaW5nIHRoaXMhICBJIGhhdmUgdXBkYXRlZCB0aGUgZHJhZnQgYWNjb3JkaW5nbHkuDQoN Cg0KIlBULUVBUCBpcyBhbiBpbm5lciBFQVAgW1JGQzM3NDhdIG1ldGhvZCBkZXNpZ25lZCB0byBi ZSB1c2VkIHVuZGVyIGENCiAgIHByb3RlY3RlZCB0dW5uZWwgc3VjaCBhcyBURUFQIFtJLUQuaWV0 Zi1lbXUtZWFwLXR1bm5lbC1tZXRob2RdLCBFQVAtDQogICBGQVNUIFtSRkM0ODUxXSBvciBFQVAt VFRMUyBbUkZDNTI4MV0uIg0KPT0+UEVBUCBpcyBtb3JlIHdpZGVseSBzdXBwb3J0ZWQuDQpbTkNX XSBBZ3JlZWQuICBCdXQgdGhlIGxpc3QgaXMgbm90IG1lYW50IHRvIGJlIGV4aGF1c3RpdmUgYW5k IGFkbWl0dGVkbHkNCml0IHdhcyBlYXNpZXIgdG8gY2l0ZSB1c2VkIG1ldGhvZHMgZm9yIHdoaWNo IHRoZXJlIGFyZSBJRVRGIFJGQydzoa0uYXMgd2VsbA0KYXMgd2hhdCBFTVUgaXMgYWRvcHRpbmcu DQoNCg0KDQoiRmluYWxseSwgaXQgZGVzY3JpYmVzIGhvdyB0aGUgIHRscy11bmlxdWUgY2hhbm5l bCBiaW5kaW5nIFtSRkM1OTI5XSBtYXkgYmUgdXNlZCB0byBQQS1UTkMgZXhjaGFuZ2VzDQogICB0 byB0aGUgRUFQIHR1bm5lbCBtZXRob2QsIGRlZmVhdGluZyBNSVRNIGF0dGFja3Mgc3VjaCBhcyB0 aGUgQXNva2FuICBhdHRhY2sgW0Fzb2thbl0uIg0KPT0+DQoNCg0KIlNvbWUgRUFQIHR1bm5lbCBt ZXRob2RzIG1heSBwcm92aWRlIGV4cGxpY2l0IGNvbmZpcm1hdGlvbiBvZiBpbm5lciBtZXRob2Qg c3VjY2Vzczsgb3RoZXJzIG1heSBub3QuICINCltOQ1ddIEkgYW0gbm90IHN1cmUgSSB1bmRlcnN0 YW5kIHRoZSBjb21tZW50IG9yIHJlcXVlc3QuICBUaGUgYWJvdmUgc2VudGVuY2UgaXMgdHJ1ZTsg aW4NClBULUVBUCdzIGNhc2UsIGFzIGl0IGlzIG5vdCBhbiBhdXRoZW50aWNhdGluZyBtZXRob2Qs IHdlIGRlc2NyaWJlIGhvdyB0bHMtdW5pcXVlIGlzIHVzZWQNCmluIFBULUVBUCB0byBhZGRyZXNz IHN1Y2ggYmluZGluZy4gIFNvLCB0aGUgc2VudGVuY2Ugc3RhbmRzIG9uIGl0cyBvd24gYXMgaXQg aXMgcmVmZXJlbmNlDQpmdXJ0aGVyIGRldGFpbHMgdG8gZm9sbG93Lg0KDQpzZWN0aW9uIDMuNCAi IEF0dGFjayBBbmFseXNpcyBbMTZdLCAiIHRoZSByZWZlcmVuY2UgWzE2XQ0KW05DV10gRml4ZWQg dGhlIHJlZmVyZW5jZSAodGhhbmtzISkNCg0Kc2VjdGlvbiA0LjIuMw0KIlRoZSBzdHJvbmcgaW50 ZWdyaXR5IHByb3RlY3Rpb25zIChoYXNoaW5nKSBvZmZlcmVkIGJ5IEVBUC1UVExTIGFsbG93cyB0 aGUNCiAgIFBULUVBUCBtZXNzYWdlIHJlY2lwaWVudHMgdG8gZGV0ZWN0IG1lc3NhZ2UgYWx0ZXJh dGlvbnMgYnkgb3RoZXINCiAgIHR5cGVzIG9mIG5ldHdvcmsgYmFzZWQgYWR2ZXJzYXJpZXMuICIN Cj09PT5pdCBpcyBub3QgaGFzaGluZyBvZmZlcmluZyB0aGUgaW50ZWdyaXR5LCBidXQgTUFDDQpb TkNXXSBSaWdodCwgdGV4dCB1cGRhdGVkIHRvIHJlYWQgImhhc2hpbmcgaW4gdGhlIE1BQyIgYWxz byBtYWRlIHRoZSByZWZlcmVuY2UgZ2VuZXJhbA0KQXMgaXQgaXMgcHJvdmlkZWQgYnkgdGhlIEVB UCBUTFMgYmFzZWQgdHVubmVsDQoNCnNlY3Rpb24gNC4yLjQNCiIgdGhlICBzZXNzaW9uIGNhbiBi ZSBlbmNyeXB0ZWQgYW5kIGhhc2hlZCB0byBwcmV2ZW50IHVuZGV0ZWN0ZWQNCiAgIG1vZGlmaWNh dGlvbiB0aGF0IGNvdWxkIGNyZWF0ZSBhIGRlbmlhbCBvZiBzZXJ2aWNlIHNpdHVhdGlvbi4NCiIN Cj09PT4gb25seSBNQUMsIG5vdCBlbmNyeXB0aW9uIGFuZCBoYXNoaW5nIGNhbiBwcmV2ZW50IG1v ZGlmaWNhdGlvbg0KW05DV10gSW4gZ2VuZXJhbCB0cnVlLCBidXQgc29tZSBtb2RlcyBkbyBib3Ro IGF1dGhlbnRpY2F0ZWQtZW5jcnlwdGlvbg0Kc28gdGhlIHJlZmVyZW5jZSB0byBib3RoIHNob3Vs ZCBhcHBseS4NCg0Kc2VjdGlvbiA0LjMNCiAgIlRoZSBwaGFzZSB0d28gZGlhbG9nIG1heSBpbmNs dWRlIGF1dGhlbnRpY2F0aW9uIG9mIHRoZSB1c2VyIGJ5IGRvaW5nDQogICBvdGhlciBFQVAgbWV0 aG9kcyBvciBpbiB0aGUgY2FzZSBvZiBUVExTIGJ5IHVzaW5nIG5vbi1FQVANCiAgIGF1dGhlbnRp Y2F0aW9uIGRpYWxvZ3MuICBQVC1FQVAgaXMgYWxzbyBjYXJyaWVkIGJ5IHRoZSBwaGFzZSB0d28N CiAgIHR1bm5lbCBhbGxvd2luZyB0aGUgTkVBIGFzc2Vzc21lbnQgdG8gYmUgd2l0aGluIGFuIGVu Y3J5cHRlZCBhbmQNCiAgIGludGVncml0eSBwcm90ZWN0ZWQgdHJhbnNwb3J0LiINCj09PiBUVExT IGNhbiBhbHNvIHVzZSBFQVAgbWV0aG9kIGFzIGlubmVyIG1ldGhvZC4NCltOQ1ddIEkndmUgY2xh cmlmaWVkIHRoYXQgc2VudGVuY2UNCg0KIlRoZXNlIGlubmVyIG1ldGhvZHMgbWF5IHBlcmZvcm0g YWRkaXRpb25hbCBzZWN1cml0eSBoYW5kc2hha2VzIGluY2x1ZGluZyBtb3JlDQogICBncmFudWxh ciBhdXRoZW50aWNhdGlvbnMgb3IgZXhjaGFuZ2VzIG9mIGludGVncml0eSBpbmZvcm1hdGlvbiAo c3VjaA0KICAgYXMgUFQtRUFQLikgICINCj09PT4gSU1Po6xQVC1FQVAgYmV0dGVyIGJlIGV4Y2hh bmdlZCBhZnRlciB0aGUgcGhhc2UgdHdvIG9mIHRoZSBFQVAgdHVubmVsIG1ldGhvZCwgc28gdGhh dA0KIHRoZSByZXN1bHRlZCBrZXkgZGVyaXZlZCBmcm9tIHR1bm5lbCBhbmQgaW5uZXIgYXV0aGVu dGljYXRpb24gbWV0aG9kIGNhbiBiZSB1c2VkIHRvIHByb3RlY3QgaXQuDQpbTkNXXSBEbyB5b3Ug bWVhbiB0byBlbmZvcmNlIGFuIGF1dGhlbnRpY2F0aW9uIChpbm5lcikgbWV0aG9kIHByaW9yIHRv IFBULUVBUD8NCg0KDQpzZWN0aW9uIDUNCiAgIlRvIHN1cHBvcnQgY291bnRlcm1lYXN1cmVzIGFn YWluc3QgTkVBIEFzb2thbiBhdHRhY2tzIGFzIGRlc2NyaWJlZCBpbg0KICAgU2VjdGlvbiAzLjQs IHRoZSBFQVAgVHVubmVsIE1ldGhvZCB1c2VkIHdpdGggUFQtRUFQIHdpbGwgbmVlZCB0bw0KICAg c3VwcG9ydCB0aGUgdGxzLXVuaXF1ZSBjaGFubmVsIGJpbmRpbmcuICBUaGlzIHNob3VsZCBub3Qg YmUgYSBoaWdoDQogICBiYXIgc2luY2UgYWxsIEVBUCB0dW5uZWwgbWV0aG9kcyBjdXJyZW50bHkg c3VwcG9ydCB0aGlzIGJ1dCBub3QgYWxsDQogICBpbXBsZW1lbnRhdGlvbnMgb2YgdGhvc2UgbWV0 aG9kcyBtYXkgZG8gc28uIg0KPT09PT4gSXQgc2VlbSBubyBjdXJyZW50IEVBUCB0dW5uZWwgc3Vw cG9ydCB0bHMtdW5pcXVlIG5vdy4NCiAgQW5kIEFzb2thbiBNaXRNIGF0dGFjayBpcyBjb3VudGVy ZWQgYnkgY3J5cHRvIGJpbmRpbmcsIHdoZXJlIHR1bm5lbCBtZXRob2QgaXMgYm91bmQgd2l0aCBp bm5lciBtZXRob2QuDQogIFdoaWxlIFRMUy11bmlxdWUgaXMgbGltaXRlZCB0byB0aGUgdHVubmVs IG1ldGhvZCB0byBwcm92aWRlIGJpbmRpbmcgYmV0d2VlbiBUTFMgYW5kIGFwcGxpY2F0aW9uLCBJ IHdvbmRlcg0KICBpZiB0aGVyZSBpcyBzb21lIGNvbmZ1c2lvbiBpbiB0aGUgZG9jdW1lbnQuDQpb TkNXXSB0bHMtdW5pcXVlIGlzIHNvbWV0aGluZyB0aGF0IHdpbGwgbmVlZCB0byBiZSBhZGRlZCB0 byB0aG9zZSBtZXRob2RzIHRoYXQgdXNlIGFuIEVNQaGtLnRoZSBiaW5kaW5nDQpJcyBkb25lIGJ5 IGhhdmluZyB0aGUgdGxzLXVuaXF1ZSB2YWx1ZSBwYXNzZWQgdG8gdGhlIEVNQSBmb3IgdmFsaWRh dGlvbi4gIEl0IGlzIHNwZWNpZmllZCBpbiBzZWN0aW9uIDMuNC4NCg0KDQoNClJlZ2FyZHN+fn4N Cg0KLVN1amluZyBaaG91DQoNCg0KSm9lIFNhbG93ZXkgPGpzYWxvd2V5QGNpc2NvLmNvbTxtYWls dG86anNhbG93ZXlAY2lzY28uY29tPj4NCreivP7IyzogIGVtdS1ib3VuY2VzQGlldGYub3JnPG1h aWx0bzplbXUtYm91bmNlc0BpZXRmLm9yZz4NCg0KMjAxMi0wNi0wNiAwMjowNQ0KDQoNCsrVvP7I yw0KICAgICAgICBlbXVAaWV0Zi5vcmc8bWFpbHRvOmVtdUBpZXRmLm9yZz4NCrOty80NCg0K1vfM 4g0KICAgICAgICBSZTogW0VtdV0gW05lYV0gSS1EIEFjdGlvbjogZHJhZnQtaWV0Zi1uZWEtcHQt ZWFwLTAyLnR4dA0KDQoNCg0KDQoNCg0KDQpKdW5lIDQgaGFzIGNvbWUgYW5kIGdvbmUgYW5kIHdl IGhhdmVuJ3QgcmVjZWl2ZWQgYW55IGNvbW1lbnRzLiAgSWYgeW91IGhhdmUgcmV2aWV3ZWQgdGhl IGRvY3VtZW50IGFuZCBub3QgZm91bmQgYW55IGlzc3VlcyBwbGVhc2UgaW5kaWNhdGUgdGhhdCBv biB0aGUgbGlzdC4gIEknbGwgbGVhdmUgdGhlIHJldmlldyBvcGVuIHVudGlsIDYvMTIuICBJZiB5 b3UgY2FuIGNvbW1pdCB0byByZXZpZXcgdGhlIGRvY3VtZW50LCBwbGVhc2UgbGV0IG1lIGtub3cu DQoNClRoYW5rcywNCg0KSm9lDQpPbiBNYXkgMjEsIDIwMTIsIGF0IDI6MDEgUE0sIEpvZSBTYWxv d2V5IHdyb3RlOg0KDQo+IFRoZSBORUEgd29ya2luZyBncm91cCBoYXMgcHJvZHVjZWQgYSBkcmFm dCBmb3IgY2FycnlpbmcgTkVBIHBvc3R1cmUgbWV0aG9kcyB3aXRoaW4gRUFQLiAgSXQgd291bGQg YmUgaGVscGZ1bCBpZiBzb21lIEVNVSB3b3JraW5nIGdyb3VwIG1lbWJlcnMgcmV2aWV3ZWQgdGhl IGRyYWZ0LiAgIFBsZWFzZSBzZW5kIHlvdXIgY29tbWVudHMgdG8gdGhlIEVNVSBsaXN0IGJ5IEp1 bmUgNCwgMjAxMi4NCj4NCj4gVGhhbmtzLA0KPg0KPiBKb2UNCj4NCj4gQmVnaW4gZm9yd2FyZGVk IG1lc3NhZ2U6DQo+DQo+PiBGcm9tOiBpbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8bWFpbHRvOmlu dGVybmV0LWRyYWZ0c0BpZXRmLm9yZz4NCj4+IERhdGU6IE1heSAxNSwgMjAxMiA4OjM2OjE0IEFN IFBEVA0KPj4gVG86IGktZC1hbm5vdW5jZUBpZXRmLm9yZzxtYWlsdG86aS1kLWFubm91bmNlQGll dGYub3JnPg0KPj4gQ2M6IG5lYUBpZXRmLm9yZzxtYWlsdG86bmVhQGlldGYub3JnPg0KPj4gU3Vi amVjdDogW05lYV0gSS1EIEFjdGlvbjogZHJhZnQtaWV0Zi1uZWEtcHQtZWFwLTAyLnR4dA0KPj4N Cj4+DQo+PiBBIE5ldyBJbnRlcm5ldC1EcmFmdCBpcyBhdmFpbGFibGUgZnJvbSB0aGUgb24tbGlu ZSBJbnRlcm5ldC1EcmFmdHMgZGlyZWN0b3JpZXMuIFRoaXMgZHJhZnQgaXMgYSB3b3JrIGl0ZW0g b2YgdGhlIE5ldHdvcmsgRW5kcG9pbnQgQXNzZXNzbWVudCBXb3JraW5nIEdyb3VwIG9mIHRoZSBJ RVRGLg0KPj4NCj4+ICAgICAgICAgICAgICAgICAgVGl0bGUgICAgICAgICAgIDogUFQtRUFQOiBQ b3N0dXJlIFRyYW5zcG9ydCAoUFQpIFByb3RvY29sIEZvciBFQVAgVHVubmVsIE1ldGhvZHMNCj4+ ICAgICAgICAgICAgICAgICAgQXV0aG9yKHMpICAgICAgIDogTmFuY3kgQ2FtLVdpbmdldA0KPj4g ICAgICAgICAgICAgICAgICAgICAgICAgUGF1bCBTYW5nc3Rlcg0KPj4gICAgICAgICAgICAgICAg ICBGaWxlbmFtZSAgICAgICAgOiBkcmFmdC1pZXRmLW5lYS1wdC1lYXAtMDIudHh0DQo+PiAgICAg ICAgICAgICAgICAgIFBhZ2VzICAgICAgICAgICA6IDIwDQo+PiAgICAgICAgICAgICAgICAgIERh dGUgICAgICAgICAgICA6IDIwMTItMDUtMTUNCj4+DQo+PiAgVGhpcyBkb2N1bWVudCBzcGVjaWZp ZXMgUFQtRUFQLCBhbiBFQVAgYmFzZWQgUG9zdHVyZSBUcmFuc3BvcnQgKFBUKQ0KPj4gIHByb3Rv Y29sIGRlc2lnbmVkIHRvIGJlIHVzZWQgb25seSBpbnNpZGUgYSBUTFMgcHJvdGVjdGVkIHR1bm5l bA0KPj4gIG1ldGhvZC4gIFRoZSBkb2N1bWVudCBhbHNvIGRlc2NyaWJlcyB0aGUgaW50ZW5kZWQg YXBwbGljYWJpbGl0eSBvZg0KPj4gIFBULUVBUC4NCj4+DQo+Pg0KPj4gQSBVUkwgZm9yIHRoaXMg SW50ZXJuZXQtRHJhZnQgaXM6DQo+PiBodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0 cy9kcmFmdC1pZXRmLW5lYS1wdC1lYXAtMDIudHh0DQo+Pg0KPj4gSW50ZXJuZXQtRHJhZnRzIGFy ZSBhbHNvIGF2YWlsYWJsZSBieSBhbm9ueW1vdXMgRlRQIGF0Og0KPj4gZnRwOi8vZnRwLmlldGYu b3JnL2ludGVybmV0LWRyYWZ0cy8NCj4+DQo+PiBUaGlzIEludGVybmV0LURyYWZ0IGNhbiBiZSBy ZXRyaWV2ZWQgYXQ6DQo+PiBmdHA6Ly9mdHAuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0 LWlldGYtbmVhLXB0LWVhcC0wMi50eHQNCj4+DQo+PiBUaGUgSUVURiBkYXRhdHJhY2tlciBwYWdl IGZvciB0aGlzIEludGVybmV0LURyYWZ0IGlzOg0KPj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRm Lm9yZy9kb2MvZHJhZnQtaWV0Zi1uZWEtcHQtZWFwLw0KPj4NCj4+IF9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+PiBOZWEgbWFpbGluZyBsaXN0DQo+PiBO ZWFAaWV0Zi5vcmc8bWFpbHRvOk5lYUBpZXRmLm9yZz4NCj4+IGh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vbmVhDQo+DQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fDQo+IEVtdSBtYWlsaW5nIGxpc3QNCj4gRW11QGlldGYub3JnPG1h aWx0bzpFbXVAaWV0Zi5vcmc+DQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGlu Zm8vZW11DQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQpFbXUgbWFpbGluZyBsaXN0DQpFbXVAaWV0Zi5vcmc8bWFpbHRvOkVtdUBpZXRmLm9yZz4NCmh0 dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZW11DQoNCg0K --_000_CC278222D688ncamwingciscocom_ Content-Type: text/html; charset="gb2312" Content-ID: <31F02C8D9AB797439F3E64D377901C72@cisco.com> Content-Transfer-Encoding: quoted-printable
Hi Sujing,

I am just getting to update the draft based on received comments.  I h= ave further
comments and questions below:

From: "zhou.sujing@zte.com.cn" <zhou.sujing@zte.com.cn>
Date: Wednesday, June 6, 2012 2:18 = AM
To: Joseph Salowey <jsalowey@cisco.com>
Cc: "emu@ietf.org" <emu@ietf.= org>
Subject: [Emu] A review Re: [Nea] I= -D Action: draft-ietf-nea-pt-eap-02.txt


Section 1
"The other type of  PT, PT-T= LS [I-D.ietf-nea-pt-tls], operates before the endpoint gains
   any access to the IP netw= ork. "
=3D=3D>should be "after the en= dpoint have gained access to the IP network"
[NCW] Thank you for catching thi= s!  I have updated the draft accordingly.


"PT-EAP is an inner EAP [RFC3748]= method designed to be used under a
   protected tunnel such as = TEAP [I-D.ietf-emu-eap-tunnel-method], EAP-
   FAST [RFC4851] or EAP-TTL= S [RFC5281]."
=3D=3D>PEAP is more widely supporte= d.
[NCW] Agreed.  But the list= is not meant to be exhaustive and admittedly
it was easier to cite used metho= ds for which there are IETF RFC's=A1=AD.as well
as what EMU is adopting.<= /div>



"Finally, it describes how the &n= bsp;tls-unique channel binding [RFC5929] may be used to PA-TNC exchanges
   to the EAP tunnel method,= defeating MITM attacks such as the Asokan  attack [Asokan]."
=3D=3D>
 

"Some EAP tunnel methods may prov= ide explicit confirmation of inner method success; others may not. "
[NCW] I am not sure I understand= the comment or request.  The above sentence is true; in
PT-EAP's case, as it is not an a= uthenticating method, we describe how tls-unique is used
in PT-EAP to address such bindin= g.  So, the sentence stands on its own as it is reference
further details to follow.

section 3.4 " Attack Analysis [16= ], " the reference [16]
[NCW] Fixed the reference (thank= s!)

section 4.2.3
"The strong integrity protections= (hashing) offered by EAP-TTLS allows the
   PT-EAP message recipients= to detect message alterations by other
   types of network based ad= versaries. "
=3D=3D=3D>it is not hashing offerin= g the integrity, but MAC
[NCW] Right, text updated to rea= d "hashing in the MAC" also made the reference general
As it is provided by the EAP TLS= based tunnel

section 4.2.4
" the  session can be encryp= ted and hashed to prevent undetected
   modification that could c= reate a denial of service situation.
"
=3D=3D=3D> only MAC, not encryption= and hashing can prevent modification
[NCW] In general true, but some = modes do both authenticated-encryption
so the reference to both should = apply.

section 4.3
  "The phase two dialog may = include authentication of the user by doing
   other EAP methods or in t= he case of TTLS by using non-EAP
   authentication dialogs. &= nbsp;PT-EAP is also carried by the phase two
   tunnel allowing the NEA a= ssessment to be within an encrypted and
   integrity protected trans= port."
=3D=3D> TTLS can also use EAP metho= d as inner method.
[NCW] I've clarified that senten= ce

"These inner methods may perform additi= onal security handshakes including more
   granular authentications or exchanges = of integrity information (such
   as PT-EAP.)  "
=3D=3D=3D> IMO=A3=ACPT-EAP better be exchanged a= fter the phase two of the EAP tunnel method, so that
 the resulted key derived from tunnel and inne= r authentication method can be used to protect it.
[NCW] Do you mean t= o enforce an authentication (inner) method prior to PT-EAP?


section 5
  "To support countermeasures against NEA= Asokan attacks as described in
   Section 3.4, the EAP Tunnel Method use= d with PT-EAP will need to
   support the tls-unique channel binding= .  This should not be a high
   bar since all EAP tunnel methods curre= ntly support this but not all
   implementations of those methods may d= o so."
=3D=3D=3D=3D> It seem no current EAP tunnel supp= ort tls-unique now.
  And Asokan MitM attack is countered by crypt= o binding, where tunnel method is bound with inner method.
  While TLS-unique is limited to the tunnel me= thod to provide binding between TLS and application, I wonder
  if there is some confusion in the document.
[NCW] tls-unique is= something that will need to be added to those methods that use an EMA=A1= =AD.the binding
Is done by having t= he tls-unique value passed to the EMA for validation.  It is specified= in section 3.4.

   

Regards~~~

-Sujing Zhou


Joe Salowey <<= a href=3D"mailto:jsalowey@cisco.com">jsalowey@cisco.com><= br> =B7=A2=BC=FE=C8=CB:  emu-bounces@ietf.org

2012-06-06 02:05

=CA=D5=BC=FE=C8= =CB
 em= u@ietf.org
=B3=AD=CB=CD
=D6=F7=CC=E2
 Re: [Emu] [Nea] I-D Action: draft-= ietf-nea-pt-eap-02.txt





June 4 has come and gone and we haven't received any comments. &nbs= p;If you have reviewed the document and not found any issues please indicat= e that on the list.  I'll leave the review open until 6/12.  If you can commit to review the document, please le= t me know.  

Thanks,

Joe
On May 21, 2012, at 2:01 PM, Joe Salowey wrote:

> The NEA working group has produced a draft for carrying NEA posture me= thods within EAP.  It would be helpful if some EMU working group membe= rs reviewed the draft.   Please send your comments to the EMU list by = June 4, 2012.
>
> Thanks,
>
> Joe
>
> Begin forwarded message:
>
>> From: internet-drafts@= ietf.org
>> Date: May 15, 2012 8:36:14 AM PDT
>> To: i-d-announce@ietf.org=
>> Cc: nea@ietf.org
>> Subject: [Nea] I-D Action: draft-ietf-nea-pt-eap-02.txt
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts= directories. This draft is a work item of the Network Endpoint Assessment = Working Group of the IETF.
>>
>>                  Titl= e           : PT-EAP: Posture Transport (PT) Proto= col For EAP Tunnel Methods
>>                  Auth= or(s)       : Nancy Cam-Winget
>>                   &nb= sp;     Paul Sangster
>>                  File= name        : draft-ietf-nea-pt-eap-02.txt
>>                  Page= s           : 20
>>                  Date=            : 2012-05-15
>>
>>  This document specifies PT-EAP, an EAP based Posture Transpo= rt (PT)
>>  protocol designed to be used only inside a TLS protected tun= nel
>>  method.  The document also describes the intended appli= cability of
>>  PT-EAP.
>>
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-ietf-nea-pt-eap-02.txt=
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org= /internet-drafts/
>>
>> This Internet-Draft can be retrieved at:
>> ftp://ftp.ietf.org/internet-drafts/draft-ietf-nea-pt-eap-02.txt
>>
>> The IETF datatracker page for this Internet-Draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-nea-pt-eap/
>>
>> _______________________________________________
>> Nea mailing list
>> Nea@ietf.org
>> https://www.= ietf.org/mailman/listinfo/nea
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf= .org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/= mailman/listinfo/emu


 --_000_CC278222D688ncamwingciscocom_-- From zhou.sujing@zte.com.cn Sun Jul 15 23:41:47 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 003EE11E8079 for ; Sun, 15 Jul 2012 23:41:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -93.218 X-Spam-Level: X-Spam-Status: No, score=-93.218 tagged_above=-999 required=5 tests=[AWL=-0.428, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ad5FSHb1ZZEe for ; Sun, 15 Jul 2012 23:41:46 -0700 (PDT) Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id A90F311E8085 for ; Sun, 15 Jul 2012 23:41:45 -0700 (PDT) Received: from [10.30.17.100] by mx5.zte.com.cn with surfront esmtp id 286201794749335; Mon, 16 Jul 2012 14:33:47 +0800 (CST) Received: from [10.30.3.20] by [192.168.168.16] with StormMail ESMTP id 14441.3648019715; Mon, 16 Jul 2012 14:42:24 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id q6G6gI9V033282; Mon, 16 Jul 2012 14:42:18 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn) In-Reply-To: To: "Nancy Cam-Winget (ncamwing)" MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007 Message-ID: From: zhou.sujing@zte.com.cn Date: Mon, 16 Jul 2012 14:42:18 +0800 X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-07-16 14:42:20, Serialize complete at 2012-07-16 14:42:20 Content-Type: multipart/alternative; boundary="=_alternative 0024E1CE48257A3D_=" X-MAIL: mse01.zte.com.cn q6G6gI9V033282 Cc: "emu@ietf.org" Subject: [Emu] =?gb2312?b?tPC4tDogUmU6ICBBIHJldmlldyBSZTogW05lYV0gSS1EIEFj?= =?gb2312?b?dGlvbjogZHJhZnQtaWV0Zi1uZWEtcHQtZWFwLTAyLnR4dA==?= X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2012 06:41:47 -0000 This is a multipart message in MIME format. --=_alternative 0024E1CE48257A3D_= Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: base64 SGksIE5hbmN5LA0KDQoNCiJOYW5jeSBDYW0tV2luZ2V0IChuY2Ftd2luZykiIDxuY2Ftd2luZ0Bj aXNjby5jb20+INC009ogMjAxMi0wNy0xNSANCjExOjM0OjU1Og0KIA0KPiANCj4gIkZpbmFsbHks IGl0IGRlc2NyaWJlcyBob3cgdGhlICB0bHMtdW5pcXVlIGNoYW5uZWwgYmluZGluZyBbUkZDNTky OV0NCj4gbWF5IGJlIHVzZWQgdG8gUEEtVE5DIGV4Y2hhbmdlcw0KPiAgICB0byB0aGUgRUFQIHR1 bm5lbCBtZXRob2QsIGRlZmVhdGluZyBNSVRNIGF0dGFja3Mgc3VjaCBhcyB0aGUgDQo+IEFzb2th biAgYXR0YWNrIFtBc29rYW5dLiINCj4gPT0+IA0KDQpUaGUgc2VudGVuY2UgaXMgZXhjZXJwdCBm cm9tIHRoZSBkcmFmdC1pZXRmLW5lYS1wdC1lYXAtMDIsDQpJIHdyb3RlIGl0IGRvd24gYnV0IGZv cmdvdCB0byB3cml0ZSB0aGUgY29tbWVudC4NCkkgd2FzIGEgYml0IGNvbmZ1c2VkIGJ5IHRoZSBz b2x1dGlvbiB0byBBc29rYW4gYXR0YWNrLCBiZWNhdXNlIEmhoWZvdW5kIA0KdHdvIHNvbHV0aW9u cyAgaW4gdHdvIGRpZmZlcmVudCBwbGFjZXMgaW4gdGhlIGRyYWZ0IDoNCjEuIHRscy11bmlxdWUg Mi5jcnlwdG8gYmluZGluZyANCiANCiANCj4gDQo+ICJTb21lIEVBUCB0dW5uZWwgbWV0aG9kcyBt YXkgcHJvdmlkZSBleHBsaWNpdCBjb25maXJtYXRpb24gb2YgaW5uZXIgDQo+IG1ldGhvZCBzdWNj ZXNzOyBvdGhlcnMgbWF5IG5vdC4gIg0KPiBbTkNXXSBJIGFtIG5vdCBzdXJlIEkgdW5kZXJzdGFu ZCB0aGUgY29tbWVudCBvciByZXF1ZXN0LiAgVGhlIGFib3ZlIA0KPiBzZW50ZW5jZSBpcyB0cnVl OyBpbg0KPiBQVC1FQVAncyBjYXNlLCBhcyBpdCBpcyBub3QgYW4gYXV0aGVudGljYXRpbmcgbWV0 aG9kLCB3ZSBkZXNjcmliZSANCj4gaG93IHRscy11bmlxdWUgaXMgdXNlZA0KPiBpbiBQVC1FQVAg dG8gYWRkcmVzcyBzdWNoIGJpbmRpbmcuICBTbywgdGhlIHNlbnRlbmNlIHN0YW5kcyBvbiBpdHMg DQo+IG93biBhcyBpdCBpcyByZWZlcmVuY2UNCj4gZnVydGhlciBkZXRhaWxzIHRvIGZvbGxvdy4N Cj4gDQpUaGlzIHNlbnRlbmNlIGlzIGFsc28gZXhjZXJwdCBmcm9tIHRoZSBkcmFmdC1pZXRmLW5l YS1wdC1lYXAtMDIsDQphZ2FpbiAgSSBmb3Jnb3QgdG8gd3JpdGUgdGhlIGNvbW1lbnQgOikgLg0K DQpJIGRvbid0IHNlZSBob3cgY3VycmVudCB0dW5uZWwgbWV0aG9kIHByb3ZpZGUgZXhwbGljaXQg Y29uZmlybWF0aW9uIG9mIA0KaW5uZXIgbWV0aG9kIHN1Y2Nlc3MuDQpJZiBpdCByZWZlcnMgdG8g dGhlIG1peHR1cmUgb2YgdHVubmVsIG1ldGhvZCBrZXkgYW5kIGlubmVyIG1ldGhvZCBrZXksIA0K eWVzLCB0aGVyZSBhcmUgc29tZSB0dW5uZWwgbWV0aG9kcyBkbyB0aGlzIG1peHR1cmUgKHRvIGFn YWluc3QgTUlUTSBhdHRhY2sgDQopIGFuZCBzb21lIGRvIG5vdCBkbywNCmJ1dCAgdGhvc2UgdHVu bmVsIG1ldGhvZCB0aGF0IGRvIG5vdCBtaXggdGhlIGtleXMgYXJlIG5vdCByZWNvbW1lbmRlZCB0 byANCnVzZSCjySBiZWxpZXZlLiANCg0KDQo+IA0KPiAiVGhlc2UgaW5uZXIgbWV0aG9kcyBtYXkg cGVyZm9ybSBhZGRpdGlvbmFsIHNlY3VyaXR5IGhhbmRzaGFrZXMgDQppbmNsdWRpbmcgbW9yZQ0K PiAgICBncmFudWxhciBhdXRoZW50aWNhdGlvbnMgb3IgZXhjaGFuZ2VzIG9mIGludGVncml0eSBp bmZvcm1hdGlvbiAoc3VjaA0KPiAgICBhcyBQVC1FQVAuKSAgIiANCj4gPT09PiBJTU+jrFBULUVB UCBiZXR0ZXIgYmUgZXhjaGFuZ2VkIGFmdGVyIHRoZSBwaGFzZSB0d28gb2YgdGhlIEVBUCANCj4g dHVubmVsIG1ldGhvZCwgc28gdGhhdA0KPiAgdGhlIHJlc3VsdGVkIGtleSBkZXJpdmVkIGZyb20g dHVubmVsIGFuZCBpbm5lciBhdXRoZW50aWNhdGlvbiANCj4gbWV0aG9kIGNhbiBiZSB1c2VkIHRv IHByb3RlY3QgaXQuIA0KPiBbTkNXXSBEbyB5b3UgbWVhbiB0byBlbmZvcmNlIGFuIGF1dGhlbnRp Y2F0aW9uIChpbm5lcikgbWV0aG9kIHByaW9yIHRvIA0KUFQtRUFQPw0KDQpZZXMuIEl0IHNlZW1z IHRvIG1lIHRoYXQgUFQtRUFQIGlzIGFuIGlubmVyIG1ldGhvZCBwcm92aW5kaW5nIHBsYWluIA0K bWVzc2FnZSB0cmFuc3BvcnRhdGlvbiwgbm90IGF1dGhlbnRpY2F0aW9uLg0KQW5kIEVBUCB0dW5u ZWwgbWV0aG9kIGlzIHNlbGRvbSB1c2VkIGFsb25lLCBiZWNhdWNlIGl0cyBwdXJwb3NlIGlzIHRv IA0KcHJvdGVjdCB0aGUgaW5uZXIgYXV0aGVudGljYXRpb24gbWV0aG9kLCBhbmQgb25seSBzZXJ2 ZXIgYXV0aGVudGljYXRpb24gaXMgDQpwcm92aWRlZCBpbiBpbXBsZW1lbWVudGF0aW9uLg0Kc28s IEkgZG91YnQgdGhlIHNlY3VyaXR5IG9mIFBULUVBUCBtZXNzYWdlIHRyYW5zaW1pdHRlZCBpbiB0 aGUgRUFQIFR1bm5lbCANCm1ldGhvZCB3aXRob3V0IGFub3RoZXIgaW5uZXIgYXV0aGVudGljYXRp b24gbWV0aG9kLiANCk1heWJlIGluIHRoaXMgY2FzZSwgbXV0dWFsIGF1dGhlbnRpY2F0aW9uIGNv dWxkIGJlIGVuZm9yY2VkIGluIEVBUCB0dW5uZWwgDQptZXRob2QsIHNvIHRoYXQgbm8gaW5uZXIg YXV0aGVudGljYXRpb24gbWV0aG9kcyBhcmUgbmVlZGVkLiANCg0KDQogDQoNCi1TdWppbmcgWmhv dQ0KDQo= --=_alternative 0024E1CE48257A3D_= Content-Type: text/html; charset="GB2312" Content-Transfer-Encoding: base64 DQo8YnI+PGZvbnQgc2l6ZT0yIGZhY2U9InNhbnMtc2VyaWYiPkhpLCBOYW5jeSw8YnI+DQo8YnI+ DQo8L2ZvbnQ+DQo8YnI+PHR0Pjxmb250IHNpemU9Mj4mcXVvdDtOYW5jeSBDYW0tV2luZ2V0IChu Y2Ftd2luZykmcXVvdDsgJmx0O25jYW13aW5nQGNpc2NvLmNvbSZndDsNCtC009ogMjAxMi0wNy0x NSAxMTozNDo1NTo8YnI+DQogPGJyPg0KJmd0OyA8YnI+DQomZ3Q7ICZxdW90O0ZpbmFsbHksIGl0 IGRlc2NyaWJlcyBob3cgdGhlICZuYnNwO3Rscy11bmlxdWUgY2hhbm5lbCBiaW5kaW5nDQpbUkZD NTkyOV08YnI+DQomZ3Q7IG1heSBiZSB1c2VkIHRvIFBBLVROQyBleGNoYW5nZXM8YnI+DQomZ3Q7 ICZuYnNwOyAmbmJzcDt0byB0aGUgRUFQIHR1bm5lbCBtZXRob2QsIGRlZmVhdGluZyBNSVRNIGF0 dGFja3Mgc3VjaA0KYXMgdGhlIDxicj4NCiZndDsgQXNva2FuICZuYnNwO2F0dGFjayBbQXNva2Fu XS4mcXVvdDs8YnI+DQomZ3Q7ID09Jmd0OyA8YnI+DQo8L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZv bnQgc2l6ZT0yPlRoZSBzZW50ZW5jZSBpcyBleGNlcnB0IGZyb20gdGhlIGRyYWZ0LWlldGYtbmVh LXB0LWVhcC0wMiw8L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPkkgd3JvdGUgaXQg ZG93biBidXQgZm9yZ290IHRvIHdyaXRlIHRoZSBjb21tZW50LjwvZm9udD48L3R0Pg0KPGJyPjx0 dD48Zm9udCBzaXplPTI+SSB3YXMgYSBiaXQgY29uZnVzZWQgYnkgdGhlIHNvbHV0aW9uIHRvIEFz b2thbiBhdHRhY2ssDQpiZWNhdXNlIEmhoWZvdW5kIHR3byBzb2x1dGlvbnMgJm5ic3A7aW4gdHdv IGRpZmZlcmVudCBwbGFjZXMgaW4gdGhlIGRyYWZ0DQo6PC9mb250PjwvdHQ+DQo8YnI+PHR0Pjxm b250IHNpemU9Mj4xLiB0bHMtdW5pcXVlIDIuY3J5cHRvIGJpbmRpbmcgPC9mb250PjwvdHQ+DQo8 YnI+PHR0Pjxmb250IHNpemU9Mj4mbmJzcDs8L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6 ZT0yPiZuYnNwOyA8YnI+DQomZ3Q7IDxicj4NCiZndDsgJnF1b3Q7U29tZSBFQVAgdHVubmVsIG1l dGhvZHMgbWF5IHByb3ZpZGUgZXhwbGljaXQgY29uZmlybWF0aW9uIG9mDQppbm5lciA8YnI+DQom Z3Q7IG1ldGhvZCBzdWNjZXNzOyBvdGhlcnMgbWF5IG5vdC4gJnF1b3Q7PC9mb250PjwvdHQ+DQo8 YnI+PHR0Pjxmb250IHNpemU9Mj4mZ3Q7IFtOQ1ddIEkgYW0gbm90IHN1cmUgSSB1bmRlcnN0YW5k IHRoZSBjb21tZW50DQpvciByZXF1ZXN0LiAmbmJzcDtUaGUgYWJvdmUgPGJyPg0KJmd0OyBzZW50 ZW5jZSBpcyB0cnVlOyBpbjwvZm9udD48L3R0Pg0KPGJyPjx0dD48Zm9udCBzaXplPTI+Jmd0OyBQ VC1FQVAncyBjYXNlLCBhcyBpdCBpcyBub3QgYW4gYXV0aGVudGljYXRpbmcNCm1ldGhvZCwgd2Ug ZGVzY3JpYmUgPGJyPg0KJmd0OyBob3cgdGxzLXVuaXF1ZSBpcyB1c2VkPC9mb250PjwvdHQ+DQo8 YnI+PHR0Pjxmb250IHNpemU9Mj4mZ3Q7IGluIFBULUVBUCB0byBhZGRyZXNzIHN1Y2ggYmluZGlu Zy4gJm5ic3A7U28sDQp0aGUgc2VudGVuY2Ugc3RhbmRzIG9uIGl0cyA8YnI+DQomZ3Q7IG93biBh cyBpdCBpcyByZWZlcmVuY2U8L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPiZndDsg ZnVydGhlciBkZXRhaWxzIHRvIGZvbGxvdy48L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6 ZT0yPiZndDsgPGJyPg0KVGhpcyBzZW50ZW5jZSBpcyBhbHNvIGV4Y2VycHQgZnJvbSB0aGUgZHJh ZnQtaWV0Zi1uZWEtcHQtZWFwLTAyLDwvZm9udD48L3R0Pg0KPGJyPjx0dD48Zm9udCBzaXplPTI+ YWdhaW4gJm5ic3A7SSBmb3Jnb3QgdG8gd3JpdGUgdGhlIGNvbW1lbnQgOikgLjwvZm9udD48L3R0 Pg0KPGJyPg0KPGJyPjx0dD48Zm9udCBzaXplPTI+SSBkb24ndCBzZWUgaG93IGN1cnJlbnQgdHVu bmVsIG1ldGhvZCBwcm92aWRlIGV4cGxpY2l0DQpjb25maXJtYXRpb24gb2YgaW5uZXIgbWV0aG9k IHN1Y2Nlc3MuPC9mb250PjwvdHQ+DQo8YnI+PHR0Pjxmb250IHNpemU9Mj5JZiBpdCByZWZlcnMg dG8gdGhlIG1peHR1cmUgb2YgdHVubmVsIG1ldGhvZCBrZXkgYW5kDQppbm5lciBtZXRob2Qga2V5 LCB5ZXMsIHRoZXJlIGFyZSBzb21lIHR1bm5lbCBtZXRob2RzIGRvIHRoaXMgbWl4dHVyZSAodG8N CmFnYWluc3QgTUlUTSBhdHRhY2sgKSBhbmQgc29tZSBkbyBub3QgZG8sPC9mb250PjwvdHQ+DQo8 YnI+PHR0Pjxmb250IHNpemU9Mj5idXQgJm5ic3A7dGhvc2UgdHVubmVsIG1ldGhvZCB0aGF0IGRv IG5vdCBtaXggdGhlDQprZXlzIGFyZSBub3QgcmVjb21tZW5kZWQgdG8gdXNlIKPJIGJlbGlldmUu IDwvZm9udD48L3R0Pg0KPGJyPjx0dD48Zm9udCBzaXplPTI+PGJyPg0KPC9mb250PjwvdHQ+DQo8 YnI+PHR0Pjxmb250IHNpemU9Mj4mZ3Q7IDxicj4NCiZndDsgJnF1b3Q7VGhlc2UgaW5uZXIgbWV0 aG9kcyBtYXkgcGVyZm9ybSBhZGRpdGlvbmFsIHNlY3VyaXR5IGhhbmRzaGFrZXMNCmluY2x1ZGlu ZyBtb3JlPGJyPg0KJmd0OyAmbmJzcDsgJm5ic3A7Z3JhbnVsYXIgYXV0aGVudGljYXRpb25zIG9y IGV4Y2hhbmdlcyBvZiBpbnRlZ3JpdHkgaW5mb3JtYXRpb24NCihzdWNoPGJyPg0KJmd0OyAmbmJz cDsgJm5ic3A7YXMgUFQtRUFQLikgJm5ic3A7JnF1b3Q7IDxicj4NCiZndDsgPT09Jmd0OyBJTU+j rFBULUVBUCBiZXR0ZXIgYmUgZXhjaGFuZ2VkIGFmdGVyIHRoZSBwaGFzZSB0d28gb2YgdGhlDQpF QVAgPGJyPg0KJmd0OyB0dW5uZWwgbWV0aG9kLCBzbyB0aGF0PGJyPg0KJmd0OyAmbmJzcDt0aGUg cmVzdWx0ZWQga2V5IGRlcml2ZWQgZnJvbSB0dW5uZWwgYW5kIGlubmVyIGF1dGhlbnRpY2F0aW9u DQo8YnI+DQomZ3Q7IG1ldGhvZCBjYW4gYmUgdXNlZCB0byBwcm90ZWN0IGl0LiA8L2ZvbnQ+PC90 dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPiZndDsgW05DV10gRG8geW91IG1lYW4gdG8gZW5mb3Jj ZSBhbiBhdXRoZW50aWNhdGlvbg0KKGlubmVyKSBtZXRob2QgcHJpb3IgdG8gUFQtRUFQPzwvZm9u dD48L3R0Pg0KPGJyPg0KPGJyPjx0dD48Zm9udCBzaXplPTI+WWVzLiBJdCBzZWVtcyB0byBtZSB0 aGF0IFBULUVBUCBpcyBhbiBpbm5lciBtZXRob2QNCnByb3ZpbmRpbmcgcGxhaW4gbWVzc2FnZSB0 cmFuc3BvcnRhdGlvbiwgbm90IGF1dGhlbnRpY2F0aW9uLjwvZm9udD48L3R0Pg0KPGJyPjx0dD48 Zm9udCBzaXplPTI+QW5kIEVBUCB0dW5uZWwgbWV0aG9kIGlzIHNlbGRvbSB1c2VkIGFsb25lLCBi ZWNhdWNlDQppdHMgcHVycG9zZSBpcyB0byBwcm90ZWN0IHRoZSBpbm5lciBhdXRoZW50aWNhdGlv biBtZXRob2QsIGFuZCBvbmx5IHNlcnZlcg0KYXV0aGVudGljYXRpb24gaXMgcHJvdmlkZWQgaW4g aW1wbGVtZW1lbnRhdGlvbi48L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPnNvLCBJ IGRvdWJ0IHRoZSBzZWN1cml0eSBvZiBQVC1FQVAgbWVzc2FnZSB0cmFuc2ltaXR0ZWQNCmluIHRo ZSBFQVAgVHVubmVsIG1ldGhvZCB3aXRob3V0IGFub3RoZXIgaW5uZXIgYXV0aGVudGljYXRpb24g bWV0aG9kLiAmbmJzcDs8L2ZvbnQ+PC90dD4NCjxicj48dHQ+PGZvbnQgc2l6ZT0yPk1heWJlIGlu IHRoaXMgY2FzZSwgbXV0dWFsIGF1dGhlbnRpY2F0aW9uIGNvdWxkIGJlDQplbmZvcmNlZCBpbiBF QVAgdHVubmVsIG1ldGhvZCwgc28gdGhhdCBubyBpbm5lciBhdXRoZW50aWNhdGlvbiBtZXRob2Rz DQphcmUgbmVlZGVkLiA8L2ZvbnQ+PC90dD4NCjxicj4NCjxicj4NCjxicj48dHQ+PGZvbnQgc2l6 ZT0yPiZuYnNwOzxicj4NCjwvZm9udD48L3R0Pg0KPGJyPjxmb250IHNpemU9MiBmYWNlPSJzYW5z LXNlcmlmIj4tU3VqaW5nIFpob3U8L2ZvbnQ+DQo8YnI+DQo= --=_alternative 0024E1CE48257A3D_=-- From hartmans@mit.edu Mon Jul 16 10:30:34 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C9BB11E8249 for ; Mon, 16 Jul 2012 10:30:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.122 X-Spam-Level: X-Spam-Status: No, score=-103.122 tagged_above=-999 required=5 tests=[AWL=-0.857, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3gv5wY9PcMBy for ; Mon, 16 Jul 2012 10:30:33 -0700 (PDT) Received: from permutation-city.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id C803F11E8247 for ; Mon, 16 Jul 2012 10:30:32 -0700 (PDT) Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 0BF06203BA for ; Mon, 16 Jul 2012 13:31:39 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 419C941F0; Mon, 16 Jul 2012 13:30:56 -0400 (EDT) From: Sam Hartman To: emu@ietf.org Date: Mon, 16 Jul 2012 13:30:56 -0400 Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: [Emu] Help reviewing auth48 channel bindings diagrams X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2012 17:30:34 -0000 I'd appreciate it if someone could review the diagrams in section 5.3 of http://www.rfc-editor.org/authors/rfc6677.txt and confirm that those diagrams match the text. Once I get a confirmation there I think we're ready to approve the channel bindings RFC. From khoeper@motorolasolutions.com Mon Jul 16 11:04:33 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C10921F86E8 for ; Mon, 16 Jul 2012 11:04:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.467 X-Spam-Level: X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aHHVPBckamek for ; Mon, 16 Jul 2012 11:04:32 -0700 (PDT) Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) by ietfa.amsl.com (Postfix) with ESMTP id 6162421F86EA for ; Mon, 16 Jul 2012 11:04:31 -0700 (PDT) Received: from mail20-ch1-R.bigfish.com (10.43.68.250) by CH1EHSOBE016.bigfish.com (10.43.70.66) with Microsoft SMTP Server id 14.1.225.23; Mon, 16 Jul 2012 18:05:17 +0000 Received: from mail20-ch1 (localhost [127.0.0.1]) by mail20-ch1-R.bigfish.com (Postfix) with ESMTP id C6E6E200210 for ; Mon, 16 Jul 2012 18:05:16 +0000 (UTC) X-Forefront-Antispam-Report: CIP:129.188.136.18; KIP:(null); UIP:(null); IPV:NLI; H:il06msg02.am.mot-solutions.com; RD:none; EFVD:NLI X-SpamScore: -32 X-BigFish: VPS-32(zz9371I542M1dbaI1486Mzz1202hzz1033IL8275dhz2fh2a8h683h839h944hd25hf0ah107ah) Received-SPF: pass (mail20-ch1: domain of motorolasolutions.com designates 129.188.136.18 as permitted sender) client-ip=129.188.136.18; envelope-from=khoeper@motorolasolutions.com; helo=il06msg02.am.mot-solutions.com ; olutions.com ; X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.85; KIP:(null); UIP:(null); (null); H:BL2PRD0410HT004.namprd04.prod.outlook.com; R:internal; EFV:INT Received: from mail20-ch1 (localhost.localdomain [127.0.0.1]) by mail20-ch1 (MessageSwitch) id 1342461914357242_23982; Mon, 16 Jul 2012 18:05:14 +0000 (UTC) Received: from CH1EHSMHS004.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.246]) by mail20-ch1.bigfish.com (Postfix) with ESMTP id 4B2524E0049 for ; Mon, 16 Jul 2012 18:05:14 +0000 (UTC) Received: from il06msg02.am.mot-solutions.com (129.188.136.18) by CH1EHSMHS004.bigfish.com (10.43.70.4) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 16 Jul 2012 18:05:13 +0000 Received: from il06msg02.am.mot-solutions.com (il06vts02.mot.com [129.188.137.142]) by il06msg02.am.mot-solutions.com (8.14.3/8.14.3) with ESMTP id q6GI5Ca9028653 for ; Mon, 16 Jul 2012 14:05:12 -0400 (EDT) Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe006.messaging.microsoft.com [216.32.180.189]) by il06msg02.am.mot-solutions.com (8.14.3/8.14.3) with ESMTP id q6GI5BKk028650 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Mon, 16 Jul 2012 14:05:11 -0400 (EDT) Received: from mail187-co1-R.bigfish.com (10.243.78.231) by CO1EHSOBE014.bigfish.com (10.243.66.77) with Microsoft SMTP Server id 14.1.225.23; Mon, 16 Jul 2012 18:05:11 +0000 Received: from mail187-co1 (localhost [127.0.0.1]) by mail187-co1-R.bigfish.com (Postfix) with ESMTP id 11D84C0024C for ; Mon, 16 Jul 2012 18:05:11 +0000 (UTC) Received: from mail187-co1 (localhost.localdomain [127.0.0.1]) by mail187-co1 (MessageSwitch) id 1342461909768516_16765; Mon, 16 Jul 2012 18:05:09 +0000 (UTC) Received: from CO1EHSMHS029.bigfish.com (unknown [10.243.78.233]) by mail187-co1.bigfish.com (Postfix) with ESMTP id B99B36C004C; Mon, 16 Jul 2012 18:05:09 +0000 (UTC) Received: from BL2PRD0410HT004.namprd04.prod.outlook.com (157.56.240.85) by CO1EHSMHS029.bigfish.com (10.243.66.39) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 16 Jul 2012 18:05:09 +0000 Received: from BL2PRD0410MB351.namprd04.prod.outlook.com ([169.254.1.251]) by BL2PRD0410HT004.namprd04.prod.outlook.com ([10.255.99.39]) with mapi id 14.16.0175.005; Mon, 16 Jul 2012 18:05:08 +0000 From: Hoeper Katrin-QWKN37 To: Sam Hartman , "emu@ietf.org" Thread-Topic: [Emu] Help reviewing auth48 channel bindings diagrams Thread-Index: AQHNY3jiLOkWtzDgF0ywYcKz8ATCU5csMdvw Date: Mon, 16 Jul 2012 18:05:08 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [67.167.208.109] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%1294$Dn%MIT.EDU$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn% X-FOPE-CONNECTOR: Id%1294$Dn%IETF.ORG$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn% X-CFilter-Loop: Reflected X-OriginatorOrg: motorolasolutions.com Subject: Re: [Emu] Help reviewing auth48 channel bindings diagrams X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2012 18:04:33 -0000 Hi Sam, I suggest to make a slight change to Figure 2: Channel-Binding Encoding. Right now the third row in the diagram is not closed and the fourth row con= tains no descriptor. Instead, I suggest closing the third row, and then adding "NS-specific ..."= as descriptor in the fourth row and leave that row open to indicate that t= he length of this field is not fixed. Alternatively, the fourth row could be deleted and the third row left open. All other diagrams look fine to me. Let me know what you think, and if desired, I can make the changes in the x= ml. Best regards, Katrin -----Original Message----- From: emu-bounces@ietf.org [mailto:emu-bounces@ietf.org] On Behalf Of Sam H= artman Sent: Monday, July 16, 2012 12:31 PM To: emu@ietf.org Subject: [Emu] Help reviewing auth48 channel bindings diagrams I'd appreciate it if someone could review the diagrams in section 5.3 of ht= tp://www.rfc-editor.org/authors/rfc6677.txt and confirm that those diagrams match the text. Once I get a confirmation there I think we're ready to approve the channel = bindings RFC. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu From ncamwing@cisco.com Mon Jul 16 15:23:52 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC56411E82F3; Mon, 16 Jul 2012 15:23:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEcQynCHmzh5; Mon, 16 Jul 2012 15:23:52 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id E68CF11E82BB; Mon, 16 Jul 2012 15:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=ncamwing@cisco.com; l=1860; q=dns/txt; s=iport; t=1342477478; x=1343687078; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=FiENO7MsVxKUULA/3+PJ7e1SqWfBSsXqEYY4cjjZH3w=; b=KV6yhABGzL0VtpFOrs/cBHpcTwY6fqXfz+pTA4zFv0YGMzWeWPfkBHSt xPY8jtMarHtCKtvli3sMmOhHOcNqmIv9cbASMpCtpXJDD4ZZGqXjhQSuU TT2K8cgGJERahvAkyrFC70jDm5QFjyg6Ju98/M6dvcW/+iUS+xcCRNLVI I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av4EAB+UBFCtJXG+/2dsb2JhbABFDrlCgQeCIgEEAQEBDwEnNAsSAQg2NwslAQEEAQ0FIodrC5wWoBUEkgcDlTuOIIFmgiY5gVgj X-IronPort-AV: E=Sophos;i="4.77,597,1336348800"; d="scan'208";a="102431297" Received: from rcdn-core2-3.cisco.com ([173.37.113.190]) by rcdn-iport-3.cisco.com with ESMTP; 16 Jul 2012 22:24:37 +0000 Received: from xhc-aln-x10.cisco.com (xhc-aln-x10.cisco.com [173.36.12.84]) by rcdn-core2-3.cisco.com (8.14.5/8.14.5) with ESMTP id q6GMOb40019919 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 16 Jul 2012 22:24:37 GMT Received: from xmb-aln-x02.cisco.com ([169.254.5.178]) by xhc-aln-x10.cisco.com ([173.36.12.84]) with mapi id 14.02.0298.004; Mon, 16 Jul 2012 17:24:37 -0500 From: "Nancy Cam-Winget (ncamwing)" To: Sam Hartman , "Joseph Salowey (jsalowey)" Thread-Topic: [Emu] A review Re: [Nea] I-D Action:draft-ietf-nea-pt-eap-02.txt Thread-Index: Ac1EreMkT97p5sCYR0SslYIFdX3xvQe4yAgA Date: Mon, 16 Jul 2012 22:24:36 +0000 Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.2.1.120420 x-originating-ip: [10.154.14.28] x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19042.007 x-tm-as-result: No--38.167100-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: text/plain; charset="us-ascii" Content-ID: <74B9EA7406605F46BDAF34259013D78E@cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "nea@ietf.org" , "emu@ietf.org" Subject: Re: [Emu] A review Re: [Nea] I-D Action:draft-ietf-nea-pt-eap-02.txt X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2012 22:23:52 -0000 Hi Joe and Sam, I've updated the PT-EAP draft to -03 version and included a new paragraph in section 3.4 to read: Note that tls-unique, as opposed to invoking a mutual cryptographic binding, is used as there is no keying material being generated by PT-EAP (the method is defined to facilitate the transport of posture data and is not an authentication method). However, the NEA Client may host an EMA which can be used as the means to cryptographically bind the tls-unique content that may be validated by the Posture Validator interfacing with the EAP Server. The binding of the tls-unique to the client authentication prevents the client's message from being used in another context. This prevents a poorly configured client from unintentionally compromising the NEA system. Strong mutual authentication of the NEA server and client is still REQUIRED to prevent the disclosure of possibly sensitive NEA client information to attacker. To address the comments below. Can you please review the updated draft and let me know if that is sufficient? Thanks, Nancy. On 6/7/12 6:02 AM, "Sam Hartman" wrote: >>>>>> "Joe" =3D=3D Joe Salowey writes: > > Joe> So, is your concern with using only MSK crypto binding with an >inner EAP authentication method used to authenticate an >unauthenticated/poorly authenticated tunnel or is it more specific to the >nea-pt-eap method? > Joe> For the first concern it may be sufficient to discuss the issue >in the security considerations. > >Sounds good to me and that is my concern. > >I see no reason EAP-PT needs more text than what we did for the cb >draft. >_______________________________________________ >Emu mailing list >Emu@ietf.org >https://www.ietf.org/mailman/listinfo/emu From jsalowey@cisco.com Wed Jul 18 08:59:01 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F4BC21F8739 for ; Wed, 18 Jul 2012 08:59:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -110.599 X-Spam-Level: X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HyiIcYQxWU6b for ; Wed, 18 Jul 2012 08:59:00 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 89A3621F8738 for ; Wed, 18 Jul 2012 08:59:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=587; q=dns/txt; s=iport; t=1342627191; x=1343836791; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=9+MuQc6pDmaIwtrM1FSJ3URnsh1IdaGmroUi35YFqwM=; b=Yi0Tl7Fv6qTUEVcVN6ztAmyzoEXO1q9gVA+ap1SK0L3LXLk1RFfbc0Zk sHcHDrkOKMHHZhaa6yBspAsbrnwLgnj44q1nGDP1eV12ZYA6p/eH/Y2hV gXAU/VNz4QuRS+8ymueJfrB3HfSGVJhFyVF5ZwKivyC6i9O6jmnyl0Kff k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EAELcBlCtJV2a/2dsb2JhbABFuTOBB4InEgEnUQE+QicENYdrC5xVgSigIYtAhW9gA5VEgRONEIFmgl8 X-IronPort-AV: E=Sophos;i="4.77,610,1336348800"; d="scan'208";a="100090467" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-9.cisco.com with ESMTP; 18 Jul 2012 15:59:51 +0000 Received: from xhc-rcd-x06.cisco.com (xhc-rcd-x06.cisco.com [173.37.183.80]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id q6IFxo4R030641 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Wed, 18 Jul 2012 15:59:50 GMT Received: from xmb-rcd-x09.cisco.com ([169.254.9.118]) by xhc-rcd-x06.cisco.com ([173.37.183.80]) with mapi id 14.02.0298.004; Wed, 18 Jul 2012 10:59:50 -0500 From: "Joseph Salowey (jsalowey)" To: "emu@ietf.org" Thread-Topic: EMU Draft Agenda for IETF-84 Thread-Index: AQHNZP5cBwfczdNZCk6EgqZIXk+qdg== Date: Wed, 18 Jul 2012 15:59:53 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.33.249.174] x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19048.005 x-tm-as-result: No--19.492800-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: text/plain; charset="us-ascii" Content-ID: <0E54BA0DC5B7FF41B2ABCB91BDDE34CD@cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Emu] EMU Draft Agenda for IETF-84 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2012 15:59:01 -0000 Draft agenda is uploaded, copied below for your convenience.=20 Joe EMU Meeting at IETF 84 Tuesday, July 31, 2012 - 0900-1020 ------------------------------------------------- 1. Note Well, agenda, note takers (5 Min) 2. Document Status (15 Min) - chairs http://tools.ietf.org/html/draft-ietf-emu-eaptunnel-req-09 http://tools.ietf.org/html/draft-ietf-emu-chbind-16 3. Mutual Channel Binding (10 Min) - Hartman http://tools.ietf.org/html/draft-ietf-emu-crypto-bind-00 4. Tunnel Method (25 min) - Cam-Winget http://tools.ietf.org/html/draft-ietf-emu-eap-tunnel-method-03 From wwwrun@rfc-editor.org Wed Jul 18 17:14:14 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A24D711E81DA; Wed, 18 Jul 2012 17:14:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.667 X-Spam-Level: X-Spam-Status: No, score=-104.667 tagged_above=-999 required=5 tests=[AWL=0.410, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_93=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrnXdBhNuVwn; Wed, 18 Jul 2012 17:14:13 -0700 (PDT) Received: from rfc-editor.org (rfcpa.amsl.com [12.22.58.47]) by ietfa.amsl.com (Postfix) with ESMTP id EADDF11E81FF; Wed, 18 Jul 2012 17:14:12 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 6601C72E105; Wed, 18 Jul 2012 17:14:28 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120719001428.6601C72E105@rfc-editor.org> Date: Wed, 18 Jul 2012 17:14:28 -0700 (PDT) Cc: emu@ietf.org, rfc-editor@rfc-editor.org Subject: [Emu] RFC 6677 on Channel-Binding Support for Extensible Authentication Protocol (EAP) Methods X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2012 00:14:14 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6677 Title: Channel-Binding Support for Extensible Authentication Protocol (EAP) Methods Author: S. Hartman, Ed., T. Clancy, K. Hoeper Status: Standards Track Stream: IETF Date: July 2012 Mailbox: hartmans-ietf@mit.edu, tcc@vt.edu, khoeper@motorolasolutions.com Pages: 31 Characters: 79805 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-emu-chbind-16.txt URL: http://www.rfc-editor.org/rfc/rfc6677.txt This document defines how to implement channel bindings for Extensible Authentication Protocol (EAP) methods to address the "lying Network Access Service (NAS)" problem as well as the "lying provider" problem. [STANDARDS-TRACK] This document is a product of the EAP Method Update Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From turners@ieca.com Wed Jul 18 21:51:34 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B71521F8629 for ; Wed, 18 Jul 2012 21:51:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.216 X-Spam-Level: X-Spam-Status: No, score=-102.216 tagged_above=-999 required=5 tests=[AWL=-0.216, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1SR5IrKxJLEu for ; Wed, 18 Jul 2012 21:51:33 -0700 (PDT) Received: from gateway08.websitewelcome.com (gateway08.websitewelcome.com [74.52.223.2]) by ietfa.amsl.com (Postfix) with ESMTP id 0306E21F862F for ; Wed, 18 Jul 2012 21:51:32 -0700 (PDT) Received: by gateway08.websitewelcome.com (Postfix, from userid 5007) id 74C3BC33E6FF0; Wed, 18 Jul 2012 23:52:25 -0500 (CDT) Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway08.websitewelcome.com (Postfix) with ESMTP id 69E74C33E6FC6 for ; Wed, 18 Jul 2012 23:52:25 -0500 (CDT) Received: from [71.191.15.186] (port=38072 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from ) id 1Sriiu-0002HO-BP for emu@ietf.org; Wed, 18 Jul 2012 23:52:24 -0500 Message-ID: <50079287.1040109@ieca.com> Date: Thu, 19 Jul 2012 00:52:23 -0400 From: Sean Turner User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: emu@ietf.org References: <20120719001428.6601C72E105@rfc-editor.org> In-Reply-To: <20120719001428.6601C72E105@rfc-editor.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator1743.hostgator.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ieca.com X-BWhitelist: no X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: (thunderfish.local) [71.191.15.186]:38072 X-Source-Auth: sean.turner@ieca.com X-Email-Count: 13 X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20= Subject: Re: [Emu] RFC 6677 on Channel-Binding Support for Extensible Authentication Protocol (EAP) Methods X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2012 04:51:34 -0000 Congrats on getting this done! spt On 7/18/12 8:14 PM, rfc-editor@rfc-editor.org wrote: > > A new Request for Comments is now available in online RFC libraries. > > > RFC 6677 > > Title: Channel-Binding Support for Extensible Authentication > Protocol (EAP) Methods > Author: S. Hartman, Ed., > T. Clancy, K. Hoeper > Status: Standards Track > Stream: IETF > Date: July 2012 > Mailbox: hartmans-ietf@mit.edu, > tcc@vt.edu, > khoeper@motorolasolutions.com > Pages: 31 > Characters: 79805 > Updates/Obsoletes/SeeAlso: None > > I-D Tag: draft-ietf-emu-chbind-16.txt > > URL: http://www.rfc-editor.org/rfc/rfc6677.txt > > This document defines how to implement channel bindings for > Extensible Authentication Protocol (EAP) methods to address the > "lying Network Access Service (NAS)" problem as well as the "lying > provider" problem. [STANDARDS-TRACK] > > This document is a product of the EAP Method Update Working Group of the IETF. > > This is now a Proposed Standard Protocol. > > STANDARDS TRACK: This document specifies an Internet standards track > protocol for the Internet community,and requests discussion and suggestions > for improvements. Please refer to the current edition of the Internet > Official Protocol Standards (STD 1) for the standardization state and > status of this protocol. Distribution of this memo is unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > http://www.ietf.org/mailman/listinfo/ietf-announce > http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist > > For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. > For downloading RFCs, see http://www.rfc-editor.org/rfc.html. > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. > > > The RFC Editor Team > Association Management Solutions, LLC > > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu > From wwwrun@rfc-editor.org Wed Jul 25 11:41:28 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB1C21F874A; Wed, 25 Jul 2012 11:41:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.258 X-Spam-Level: X-Spam-Status: No, score=-102.258 tagged_above=-999 required=5 tests=[AWL=0.342, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GPm14K9mAXSy; Wed, 25 Jul 2012 11:41:27 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id 4278D21F8627; Wed, 25 Jul 2012 11:41:27 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id A6457B1E005; Wed, 25 Jul 2012 11:41:14 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org From: rfc-editor@rfc-editor.org Message-Id: <20120725184114.A6457B1E005@rfc-editor.org> Date: Wed, 25 Jul 2012 11:41:14 -0700 (PDT) Cc: emu@ietf.org, rfc-editor@rfc-editor.org Subject: [Emu] RFC 6678 on Requirements for a Tunnel-Based Extensible Authentication Protocol (EAP) Method X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2012 18:41:28 -0000 A new Request for Comments is now available in online RFC libraries. RFC 6678 Title: Requirements for a Tunnel-Based Extensible Authentication Protocol (EAP) Method Author: K. Hoeper, S. Hanna, H. Zhou, J. Salowey, Ed. Status: Informational Stream: IETF Date: July 2012 Mailbox: khoeper@motorolasolutions.com, shanna@juniper.net, hzhou@cisco.com, jsalowey@cisco.com Pages: 23 Characters: 54446 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-emu-eaptunnel-req-09.txt URL: http://www.rfc-editor.org/rfc/rfc6678.txt This memo defines the requirements for a tunnel-based Extensible Authentication Protocol (EAP) Method. This tunnel method will use Transport Layer Security (TLS) to establish a secure tunnel. The tunnel will provide support for password authentication, EAP authentication, and the transport of additional data for other purposes. This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the EAP Method Update Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From hzhou@cisco.com Thu Jul 26 13:00:33 2012 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13C2C11E8098 for ; Thu, 26 Jul 2012 13:00:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LGBrJabTNBDO for ; Thu, 26 Jul 2012 13:00:32 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 1870121F84E4 for ; Thu, 26 Jul 2012 13:00:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6162; q=dns/txt; s=iport; t=1343332832; x=1344542432; h=from:to:subject:date:message-id:in-reply-to:content-id: content-transfer-encoding:mime-version; bh=1OFRMF4Ilh5xNpNgSGXGglZTQ//JeLCWGpYidIzcXBM=; b=C5vYbYNirUZ5NdmzD8+jR2LnMhxlO0QaXYB3Qc5RSpEcHUc9+czkGe/M Ha+q2k59YiYF30RTwSE+NwNXDkl3sSxN/8jFsATKBJ3d3QmH5sdvu20/3 Q4SxwlHWEKVUGjnm/h9rWnLkrUeOkZdnemTxGHUNA8kJ2S5UOwNrdw3F1 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av4EAMKgEVCtJV2a/2dsb2JhbAA8CQ65LIEHgiIBBAEBAQ8BJzQEGQEIEiQ3CxcOAgQBEhsHh2sLmyOgRASLYBOGUAOVSI4ngWaCJjk X-IronPort-AV: E=Sophos;i="4.77,660,1336348800"; d="scan'208";a="102722311" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-9.cisco.com with ESMTP; 26 Jul 2012 20:00:31 +0000 Received: from xhc-rcd-x15.cisco.com (xhc-rcd-x15.cisco.com [173.37.183.89]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id q6QK0VkU027483 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 26 Jul 2012 20:00:31 GMT Received: from xmb-rcd-x14.cisco.com ([169.254.4.60]) by xhc-rcd-x15.cisco.com ([173.37.183.89]) with mapi id 14.02.0298.004; Thu, 26 Jul 2012 15:00:30 -0500 From: "Hao Zhou (hzhou)" To: Sam Hartman , "emu@ietf.org" Thread-Topic: [Emu] Review of draft-ietf-emu-eap-tunnel-method Thread-Index: AQHNa2lOfTpZWucshEiJJb29zSv0VA== Date: Thu, 26 Jul 2012 20:00:30 +0000 Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.2.1.120420 x-originating-ip: [10.98.51.25] x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19066.001 x-tm-as-result: No--65.603800-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: text/plain; charset="us-ascii" Content-ID: <28CEC8F5B18BEA48B073C32037613C49@cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [Emu] Review of draft-ietf-emu-eap-tunnel-method X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2012 20:00:33 -0000 Sam: A new draft TEAP-03 was submitted. Please review and make sure all of your issues raised below are addressed in this draft. Thanks. On 3/25/12 7:50 AM, "Sam Hartman" wrote: > > >1) TEAP extends TLS RFC 5077 > >In section 2, TEAP discusses using phase 2 TLVs to include a TLS session >ticket and an associated secret key. >RFc 5077 only permits session tickets to be sent using the session >ticket message. I believe that this is an extension to TLS that would >need to go through the TLS working group. > >My preference is to remove TLS tickets sent via a manner other than the >session ticket handshake message. >If support for this is needed a better solution that does not involve >changing TLS would be to provision a key for use with a TLS preshared >key ciphersuite. > >2) TEAP server is separate architectural element from inner server > >So, in section 2 the document says that the TEAP server and inner >server are separate architectural elements. >However, in section 1 a design goal was avoiding MITM attacks. > >To meet that goal and to have an architecture where these servers are >separate, a lot more clarity is required around what a MITM is and what >is an acceptable intermediate. >I also suspect significant security analysis will be required on this >point. > >Let's start by coming up with a clear definition of what a MITM is for >this protocol and work from there. >Section 7.3 is inadequate. >It does not clearly explain who is involved in the trust relationship. >IN particular, does the peer need to trust the intermediate, or do the >inner servers need to trust the intermediate or both? > >I think it depends for different vulnerabilities. > >In order to understand the architectural implications of this I'd like >to ask those who want to support this architectural separation to go >through every reference to MITM or man-in-the-middle or mutual >authentication in the document. For each reference, answer the following >questions: > > > >A) Who is negatively affected if the attack is possible or the security >claim not maintained? (eap server, peer, intermediate, combination) > >B) for security claims especially those about inner methods. Which >parties need to confirm the claim in order to avoid the harm identified >in A above? > > >I also think we need clarity around mutual authentication and what that >means especially when looking at compositions. > > >3) Section 3.2: resistance to MITM attack > >The specification refers to inner methods providing resistance to >man-in-the-middle attacks as if this is an RFC 3748 security claim. >I assume this refers to the discussion in section 7.4 of RFC 3748. >I don't think that claim is strong enough to provide secure composition >of inner methods with anonymous ciphersuites. >This is related and possibly a superset of the problems discussed in >draft-hartman-emu-mutual-crypto-binding). >Clearly checking the certificates is an inadequate solution for >anonymous TLS ciphersuites. > >4) Section 3.2.2: overly much detail on TLS workings > >I think that having something called a PAC which is really just a TLS >session ticket is undesirable. I don't think we need a new name for TLS >concepts we're reusing. >I am concerned that we specify so much information about how TLS >session resumption works. What if future versions of TLS change that? >What if our spec is inconsistent with TLS? > >I recommend we remove most of the information about server and client >TLS session resumption and fall back to full vs abbreviated handshakes. > > >5) Section 3.3.3: confused > >I'm confused when I read section 3.3.3 on protected negotiation >indication. I don't understand when an intermediate result TLV is or is >not required for the peer and server. >Also, shouldn't the crypto binding TLV always be required here? > > >6) Section 3.3.3: please require peers reject EAP success without >protected negotiation. > >I think it is very important that we mandate peers implementing TEAP >MUST not treat an EAP success packet prior to the peer and server >reaching protected result indication as successful. >When peers do this (as many do with existing methods) it permits several >bid-down attacks. >Se the new text in one of the most recent channel bindings specs for an >example. > >7) Section 3.3.3: How does a peer do channel binding > >What should a peer do if it wishes to perform channel binding and server >sends back a protected success? > >Request-action seems inefficient for this because the first message is >the channel binding request coming from the client to server. > > >8) Examples with section 3.3 > >I think that section 3.3 could benefit from several examples: > > >1) A peer wishes to use a client certificate but wishes to hide its > identity and thus use renegotiation. The server requests some inner > method in the first phase 2 message before the client can start > renegotiation at TLS. >Show an example flow of how this works out and how the parties get back > in sync. > >2) A peer wishes to use an inner eap method even when the server is >happy to offer success in the first message. Show how many result >indications are required. > >3) Show how channel bindings interact with the result indications. > >8) Section 3.4: what is a peer ID? > >Section 3.4 needs a reference to where the concept of peer ID is >defined. > >9) Section 3.5: session ID > >First, you need a reference to what an EAP session ID is. > >second, do TLS implementations really make this value available? > >The text is unclear how this interacts with session resumption. I'd >like to start by understanding whether we want the session ID to change >for session resumption. > >I wonder if using something we've already standardized like the >construction in section 3 of RFC 5929 would be a better choice for >something that we can implement here? >_______________________________________________ >Emu mailing list >Emu@ietf.org >https://www.ietf.org/mailman/listinfo/emu