From nobody Thu Apr 2 12:56:32 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E7373A12B9; Thu, 2 Apr 2020 12:56:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xSGG2dD9qmGZ; Thu, 2 Apr 2020 12:56:17 -0700 (PDT) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00077.outbound.protection.outlook.com [40.107.0.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2320A3A12C7; Thu, 2 Apr 2020 12:56:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E35yKceJoQoee7ac7PtqeGN+vff/PLFBa87jdRH9VQP0Oqukbk87c7pWqaOjxJ3Q+DnWwBDt2HLlxM5Y4Al3r7tfeAAK+Ir71ddbNKKrFLeiCU/PSbQ34+eqtkrhClu2CLNp4hrZJGtd3kWNAwMUimeSp5ucu/XWQRy4b/bC/EvhhBEJobYNNmIOS0pMuMgY2uJIElawaBQpLJ1aYj6pxNjGJe6cYTozy+auz5hnBIxynLCxoalpm42Q2elxakJlsWBnacVd7kaovdVlXCJS3Jv2N9mbfkn5OGBrGGvwPvZHVDXcnJpSguByy3HmbDQlpxOtXzTDFluDlB0c9N4XYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URylAVG6nLg9VYfDU2TnD/BjPW1doAGlsXh3Y8Gqoh4=; b=RDryT+2NYioUyHCKCfEVkqfJLSDFdN9rEMY88A3WEF4JFVcnYcd6yQ6dXksGouVcY/kl9ezIeRs/5WJ/OVF8NBUuq3Y4Z+PL0KfRAZt6dYVNW9EAW9RGgLNHkwJV5qQDXoYvSv/rtC2R2zHQRG/zIJqwc3ZT0U5N4JUqU2yTLG1jnJey8+qQxySxABH0J92RRQzK+suqUQUTS/yrbKwONWW8H1GrNqUA230BtXN3jGXcc5X+kxew2lBn35kbX8sP8V5RUeo+SjaWU+cuZgv8PHsIt/iPpZg7Yan1zBYt8a9ZlD29VcGMrOy3PXiTeGH56z8TshzDVzLQhBoL5EixNg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URylAVG6nLg9VYfDU2TnD/BjPW1doAGlsXh3Y8Gqoh4=; b=tZbu6obeTsLD9fUDRFGQbO/NSkLIQku80QRvuPPK3PbxnKV7cdID9kMZbF1ByI8y5WNcHCJ72wMbZWycDjSlLhzBdty2J9vE6UR9Ki1tlVlsoucw2cAIIt1EzFLAT4d0P862rEPNJGvOu0ZVj26GrBrZ8DSEQtjJ8llgHsBiloU= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB4084.eurprd07.prod.outlook.com (52.134.81.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.13; Thu, 2 Apr 2020 19:56:13 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::c93a:7b44:e182:cef6]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::c93a:7b44:e182:cef6%6]) with mapi id 15.20.2878.014; Thu, 2 Apr 2020 19:56:12 +0000 From: Miika Komu To: "iesg@ietf.org" , Magnus Westerlund CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8t5gg3Zvxq1PeEaWx2XZsfEZi6hma8SA Date: Thu, 2 Apr 2020 19:56:12 +0000 Message-ID: References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> In-Reply-To: <158340648969.14566.11476213026719970345@ietfa.amsl.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: eebf3147-8018-4680-dc15-08d7d73fe582 x-ms-traffictypediagnostic: AM0PR07MB4084:|AM0PR07MB4084: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0361212EA8 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(366004)(396003)(39860400002)(136003)(346002)(376002)(91956017)(54906003)(2906002)(81166006)(86362001)(66556008)(450100002)(4326008)(110136005)(64756008)(8676002)(6506007)(66476007)(5660300002)(44832011)(186003)(76116006)(8936002)(6512007)(2616005)(26005)(66446008)(81156014)(478600001)(30864003)(6636002)(66946007)(966005)(316002)(36756003)(6486002)(71200400001)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: lKG4ka7pUVZ2FW1TR0DZj8Bh78/ycFM2I3C9vzG7klb2hTAmq486LRKjpG1nwf8U6RfwFdZ6fqYdhkQtXB2fm7Q+7LIzyt3U56g6RZl1K3y/7r0bE/sycKb9KBJoP+1/GooBN8LhSapZKnv/9Zkq8NQMbkSDW0CTZd8bKFLhCbkWa/jr1ydDrUxZr83wonxKgQMh2WujSH1NFbRZNC2DUXveVj72lVADG6e4yr5sMsL44zaUHpGbsaqeByLWpAUFblk/ajTINHod4LaBxsf3c0UeGh1NPGU0xm7NzTQjl2mTA8krUeMzQx/Ob9H6umPBPUFROu4vv4pRwCZPr3wsQTgmTuHNRxBJR85GFNX/xOOeVPZvI8G048EdFNAc4/1bc+zprW4YZRg78hoXuUHO0TAYoPDHl00DkYFd138de91wsIB+Jml3xZ8UVBzvwaoOr0XpcDUfoVbqDJT1hdEOyhyxtb1w/W5YnAECHSNZZR+doH3F4zYCDO/E21izgVdlw2/R7V5JLLhqkDVNv12X3PxiFs/DDNTUqu4QrHMnk0nONVjiFs5e1e2ATHm2oSig x-ms-exchange-antispam-messagedata: 1DhVTJAk/ItTlkiuzkpJm1BVolqkyiNzCsdB+8UDD0sXJu+Rc/m+FUhRZgk+UpEsHz2u2lYVaBMImP7gaEVD8k8hT0Mw9L0k3QFuisxlIhVS9cpZfRrfB6zew6o53VxKs95LwEZDAPRTfIGfuvhb4Q== Content-Type: text/plain; charset="utf-8" Content-ID: <5CC64DD3063D81448B05D318004D6EDF@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: eebf3147-8018-4680-dc15-08d7d73fe582 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2020 19:56:12.8335 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 0q/vZCppR8BTuCtnhRkM4Wjr2GFECsKtA+wruoQ3ewPu+e1vOBA0sr0NClBV7g2eGMqA1AnYR7SE1dk1g1+eQQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4084 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2020 19:56:26 -0000 SGkgTWFnbnVzLA0KDQp0bywgMjAyMC0wMy0wNSBrZWxsbyAwMzowOCAtMDgwMCwgTWFnbnVzIFdl c3Rlcmx1bmQgdmlhIERhdGF0cmFja2VyDQpraXJqb2l0dGk6DQo+IE1hZ251cyBXZXN0ZXJsdW5k IGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcg0KPiBkcmFmdC1p ZXRmLWhpcC1uYXRpdmUtbmF0LXRyYXZlcnNhbC0zMDogRGlzY3Vzcw0KPiANCj4gV2hlbiByZXNw b25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8g YWxsDQo+IGVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAo RmVlbCBmcmVlIHRvIGN1dA0KPiB0aGlzDQo+IGludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2 ZXIuKQ0KPiANCj4gDQo+IFBsZWFzZSByZWZlciB0byANCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcv aWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1jcml0ZXJpYS5odG1sDQo+IGZvciBtb3JlIGluZm9ybWF0 aW9uIGFib3V0IElFU0cgRElTQ1VTUyBhbmQgQ09NTUVOVCBwb3NpdGlvbnMuDQo+IA0KPiANCj4g VGhlIGRvY3VtZW50LCBhbG9uZyB3aXRoIG90aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBm b3VuZCBoZXJlOg0KPiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRm LWhpcC1uYXRpdmUtbmF0LXRyYXZlcnNhbC8NCj4gDQo+IA0KPiANCj4gLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiAt LS0NCj4gRElTQ1VTUzoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiAtLS0NCj4gDQo+IFNvIEkgdGhpbmsgdGhl IGJlbG93IGFyZSBpbXBvcnRhbnQgdGhpbmdzIHRoYXQgbmVlZHMgdG8gYmUgZGlzY3Vzc2VkDQo+ IGJlZm9yZQ0KPiBwcm9jZWVkaW5nLiBIb3dldmVyLCBJIG1pZ2h0IGhhdmUgbWlzc2VkIHRoaW5n cyBhcyBJIGRpZG4ndCBoYXZlIHRpbWUNCj4gdG8gcmVhZA0KPiB0aGUgd2hvbGUgZG9jdW1lbnQg aW4gZGV0YWlsLiBTZXZlcmFsIG9mIHRoZSBpc3N1ZXMgYXJlIHBpZWNlcyBmb3INCj4gZGlzY3Vz c2lvbg0KPiB0byBlbnN1cmUgdGhhdCB0aGUgcmlnaHQgdGhpbmcgcmVhbGx5IGlzIGRvbmUuDQo+ IA0KPiAxLiBTbyB0aGlzIGRvY3VtZW50IHJlY29tbWVuZHMgdGhlIHVzYWdlIG9mIHBvcnQgMTA1 MDAgYXMgZGVmYXVsdA0KPiBsaXN0ZW5pbmcNCj4gcG9ydC4gQSBwb3J0IHJlZ2lzdGVyZWQgYnkg QXJpIGFuZCBhbHNvIHVzZWQgZm9yIFJGQyA1NzcwLiBJIGdldCB0aGUNCj4gaW1wcmVzc2lvbg0K PiB0aGF0IHRoZSBwb3J0IHdhcyByZWdpc3RlcmVkIHNlcGFyYXRlbHkgZnJvbSBSRkMgNTc3MC4g U28gdGhlIHBvcnQgaXMNCj4gYXNzaWduZWQNCj4gdG8gQXJpLiBXb3VsZCBBcmkgYmUgd2lsbGlu ZyB0byByZWxlYXNlIHRoZSBwb3J0IGZvciByZS1hc3NpZ25tZW50IHRvDQo+IElFU0cNCj4gY29u dHJvbC4gUkZDIDYzMzUgaGFzIHRoZSByZWNvbW1lbmRhdGlvbiBmb3IgcG9ydHMgZm9yIElFVEYg cHJvdG9jb2xzDQo+IHRoYXQgdGhlDQo+IGFzc2lnbmVlIGlzIElFU0cgYW5kIHRoZSBjb250YWN0 IGNoYWlyQGlldGYub3JnLiBUaGlzIHRvIGhhdmUgdGhlDQo+IGNoYW5nZQ0KPiBjb250cm9sIHdp dGggSUVURiBhcyBib2R5IHJhdGhlciB0aGFuIHdpdGggaW5kaXZpZHVhbHMuDQo+IA0KPiBJZiBB cmkgYWdyZWVzIHRvIHRoaXMsIEkgdGhpbmsgaXQgd291bGQgYmUgZ29vZCB0byBoYXZlIHRoZSBJ QU5BDQo+IHNlY3Rpb24gYmUNCj4gdXBkYXRlZCB0byBub3RlIHRoZSByZS1hc3NpZ25tZW50IGFu ZCBwcm92aWRlIHRoZSBuZWNlc3NhcnkNCj4gaW5mb3JtYXRpb24uDQoNClRoaXMgZG9jdW1lbnQg cmV1c2VzIHRoZSBzYW1lIGRlZmF1bHQgVURQIHBvcnQgbnVtYmVyIDEwNTAwIGFzDQpzcGVjaWZp ZWQgYnkgTGVnYWN5IElDRS1ISVAgW1JGQzU3NzBdIGZvciB0dW5uZWxpbmcgYm90aCBISVAgY29u dHJvbA0KcGxhbmUgYW5kIGRhdGEgcGxhbmUgdHJhZmZpYy4gIFRoZSBwb3J0IHdhcyB3YXMgcmVn aXN0ZXJlZCANCnNlcGFyYXRlbHkgZm9yIFJGQzU3NzAgdG8gY28tYXV0aG9yIEFyaSBLZXJhbmVu IGJ1dCBzaG91bGQgbm93IGJlIHJlLQ0KYXNzaWduZWQgZm9yIElFU0cgY29udHJvbC4gIFdpdGgg dGhlIHBlcm1pc3Npb24gb2YgQXJpIEtlcmFuZW4sIHRoZSBuZXcNCmFzc2lnbmVlIGlzIElFU0cg YW5kIGNvbnRhY3QgImNoYWlyQGlldGYub3JnIi4gIEluIGFkZGl0aW9uLCBJQU5BIGlzDQpyZXF1 ZXN0ZWQgdG8gYWRkIGEgcmVmZXJlbmNlIHRvIHRoaXMgZG9jdW1lbnQgaW4gdGhlIGVudHJ5IGZv ciBVRFAgcG9ydA0KMTA1MDAgaW4gdGhlIFRyYW5zcG9ydCBQcm90b2NvbCBQb3J0IE51bWJlciBS ZWdpc3RyeS4gIFRoZSBzZWxlY3Rpb24NCmJldHdlZW4gTGVnYWN5IElDRS1ISVAgYW5kIE5hdGl2 ZSBJQ0UtSElQIG1vZGUgaXMgbmVnb3RpYXRlZCB1c2luZw0KTkFUX1RSQVZFUlNBTF9NT0RFIHBh cmFtZXRlciBkdXJpbmcgdGhlIGJhc2UgZXhjaGFuZ2UuICBCeSBkZWZhdWx0LA0KaG9zdHMgbGlz dGVuIHRoaXMgcG9ydCBmb3IgaW5jb21pbmcgVURQIGRhdGFncmFtcyBhbmQgY2FuIHVzZSBpdCBh bHNvDQpmb3Igc2VuZGluZyBVRFAgZGF0YWdyYW1zLiAgT3RoZXIgZW1waGVtZXJhbCBwb3J0IG51 bWJlcnMgYXJlDQpuZWdvdGlhdGVkIGFuZCB1dGlsaXplZCBkeW5hbWljYWxseS4NCg0KPiAyLiBT ZWNvbmRseSwgYXMgdGhpcyBzb2x1dGlvbiBpcyBkaWZmZXJlbnQgZnJvbSB0aGUgUkZDIDU3NzAg c2hvdWxkDQo+IHRoaXMNCj4gc29sdXRpb24gaGF2ZSBhIGRpZmZlcmVudCBzZXJ2aWNlIG5hbWU/ IFRoZSByZWFzb24gSSBhbSBhc2tpbmcgaXMNCj4gdGhhdCBpdA0KPiBkZXBlbmRzIG9uIGhvdyBm b3IgZXhhbXBsZSBob3cgYW4gaW5pdGlhdG9yIGRldGVybWluZSB3aGljaCBvZiB0aGUNCj4gTkFU DQo+IHRyYXZlcnNhbCBzb2x1dGlvbi4gSWYgdGhlcmUgaXMgYW55IGludGVudGlvbiB0byB1c2Ug RE5TIFNSViBmb3INCj4gZXhhbXBsZQ0KPiBkaWZmZXJlbnQgc2VydmljZSBuYW1lIHdvdWxkIG1h a2Ugc2Vuc2UuIFRoaXMgaXMgcHJpbWFyaWx5IHRvIHZlcmlmeQ0KPiB0aGF0IHRoaXMNCj4gaGFz IGJlZW4gY29uc2lkZXJlZC4NCg0KSSBhbSBub3QgYW4gZXhwZXJ0IG9uIHRoZSB0b3BpYyBidXQg YmFzZWQgb24gc29tZSBkaXNjdXNzaW9ucyB3aXRoIHNvbWUNCmNvbGxlYWd1ZXMsIHRoZSBTUlYg cmVjb3JkcyBzZWVtIHRvIG1vcmUgc3VpdGFibGUgZm9yIGluZnJhc3RydWN0dXJlDQpkaXNjb3Zl cnksIG5vdCByZWFsbHkgZm9yIGVuZC1ob3N0IGRpc2NvdmVyeS4gU2luY2UgeW91IGFza2VkIGZv ciB0aGlzLA0KSSB3cm90ZSBhIG5ldyBzZWN0aW9uIGluIHRoZSBhcHBlbmRpeDoNCg0KQXBwZW5k aXggRS4gIEROUyBDb25zaWRlcmF0aW9ucw0KDQpbUkZDNTc3MF0gZGlkIG5vdCBzcGVjaWZ5IGhv dyBhbiBlbmQtaG9zdCBjYW4gbG9vayB1cCBhbm90aGVyIGVuZC0NCmhvc3QgdmlhIEROUyBhbmQg aW5pdGlhdGUgYW4gVURQLWJhc2VkIEhJUCBiYXNlIGV4Y2hhbmdlIHdpdGggaXQsIHNvDQp0aGlz IHNlY3Rpb24gbWFrZXMgYW4gYXR0ZW1wdCB0byBmaWxsIHRoaXMgZ2FwLg0KDQpbUkZDODAwNV0g c3BlY2lmaWVzIGhvdyBhbiBISVAgZW5kLWhvc3QgYW5kIGl0cyBSZW5kZXp2b3VzIHNlcnZlciBp cw0KcmVnaXN0ZXJlZCB0byBETlMuICBFc3NlbnRpYWxseSwgdGhlIHB1YmxpYyBrZXkgb2YgdGhl IGVuZC1ob3N0IGlzDQpzdG9yZWQgYXMgSEkgcmVjb3JkIGFuZCBpdHMgUmVuZGV6dm91cyBTZXJ2 ZXIgYXMgQSBvciBBQUFBIHJlY29yZC4NClRoaXMgd2F5LCB0aGUgUmVuZGV6dm91cyBTZXJ2ZXIg Y2FuIGFjdCBhcyBhbiBpbnRlcm1lZGlhcnkgZm9yIHRoZQ0KZW5kLWhvc3QgYW5kIGZvcndhcmQg cGFja2V0cyB0byBpdCBiYXNlZCBvbiB0aGUgRE5TIGNvbmZpZ3VyYXRpb24uDQpDb250cm9sIFJl bGF5IFNlcnZlciBvZmZlcnMgc2ltaWxhciBmdW5jdGlvbmFsaXR5IGFzIFJlbmRlenZvdXMNClNl cnZlciwgd2l0aCB0aGUgZGlmZmVyZW5jZSB0aGF0IHRoZSBDb250cm9sIFJlbGF5IFNlcnZlciBm b3J3YXJkcw0KYWxsIGNvbnRyb2wgbWVzc2FnZXMsIG5vdCBqdXN0IHRoZSBmaXJzdCBJMSBtZXNz YWdlLg0KDQpQcmlvciB0byB0aGlzIGRvY3VtZW50LCB0aGUgQSBhbmQgQUFBQSByZWNvcmRzIGlu IHRoZSBETlMgcmVmZXINCmVpdGhlciB0byB0aGUgSElQIGVuZC1ob3N0IGl0c2VsZiBvciBhIFJl bmRlenZvdXMgU2VydmVyIFtSRkM4MDA1XSwNCmFuZCBjb250cm9sIGFuZCBkYXRhIHBsYW5lIGNv bW11bmljYXRpb24gd2l0aCB0aGUgYXNzb2NpYXRlZCBob3N0IGhhcw0KYmVlbiBhc3N1bWVkIHRv IG9jY3VyIGRpcmVjdGx5IG92ZXIgSVB2NCBvciBJUHY2LiAgSG93ZXZlciwgdGhpcw0Kc3BlY2lm aWNhdGlvbiBleHRlbmRzIHRoZSByZWNvcmRzIHRvIGJlIHVzZWQgZm9yIFVEUC1iYXNlZA0KY29t bXVuaWNhdGlvbnMuDQoNCkxldCB1cyBjb25zaWRlciB0aGUgY2FzZSBvZiBhIEhJUCBJbml0aWF0 b3Igd2l0aCB0aGUgZGVmYXVsdCBwb2xpY3kNCnRvIGVtcGxveSBVRFAgZW5jYXBzdWxhdGlvbiBh bmQgdGhlIGV4dGVuc2lvbnMgZGVmaW5lZCBpbiB0aGlzDQpkb2N1bWVudC4gIFRoZSBJbml0aWF0 b3IgbG9va3MgdXAgdGhlIEZRRE4gb2YgYSBSZXNwb25kZXIsIGFuZA0KcmV0cmlldmVzIGl0cyBI SSwgQSBhbmQgQUFBQSByZWNvcmRzLiAgU2luY2UgdGhlIGRlZmF1bHQgcG9saWN5IGlzIHRvDQp1 c2UgVURQIGVuY2Fwc3VsYXRpb24sIHRoZSBJbml0aWF0b3IgTVVTVCBzZW5kIHRoZSBJMSBtZXNz YWdlIG92ZXINClVEUCB0byBkZXN0aW5hdGlvbiBwb3J0IDEwNTAwIChlaXRoZXIgb3ZlciBJUHY0 IGluIHRoZSBjYXNlIG9mIGEgQQ0KcmVjb3JkIG9yIG92ZXIgSVB2NiBpbiB0aGUgY2FzZSBvZiBh IEFBQUEgcmVjb3JkKS4gIEl0IE1BWSBzZW5kIGFuIEkxDQptZXNzYWdlIGJvdGggd2l0aCBhbmQg d2l0aG91dCBVRFAgZW5jYXBzdWxhdGlvbiBpbiBwYXJhbGxlbC4gIEluIHRoZQ0KY2FzZSB0aGUg SW5pdGlhdG9yIHJlY2VpdmVzIFIxIG1lc3NhZ2VzIGJvdGggd2l0aCBhbmQgd2l0aG91dCBVRFAN CmVuY2Fwc3VsYXRpb24gZnJvbSB0aGUgUmVzcG9uZGVyLCB0aGUgSW5pdGlhdG9yIFNIT1VMRCBp Z25vcmUgdGhlIFIxDQptZXNzYWdlcyB3aXRob3V0IFVEUCBlbmNhcHN1bGF0aW9uLg0KDQpUaGUg VURQIGVuY2Fwc3VsYXRlZCBJMSBwYWNrZXQgY291bGQgYmUgcmVjZWl2ZWQgYnkgdGhyZWUgZGlm ZmVyZW50DQp0eXBlcyBvZiBob3N0czoNCg0KMS4gIEhJUCBDb250cm9sIFJlbGF5IFNlcnZlcjog aW4gdGhpcyBjYXNlIHRoZSBBL0FBQUEgcmVjb3JkcyByZWZlcnMNCiAgICB0byBhIENvbnRyb2wg UmVsYXkgU2VydmVyLCBhbmQgaXQgd2lsbCBmb3J3YXJkIHRoZSBwYWNrZXQgdG8gdGhlDQogICAg Y29ycmVzcG9uZGluZyBDb250cm9sIFJlbGF5IENsaWVudCBiYXNlZCBvbiB0aGUgZGVzdGluYXRp b24gSElUDQogICAgaW4gdGhlIEkxIHBhY2tldC4NCg0KMi4gIEhJUCBSZXNwb25kZXIgc3VwcG9y dGluZyBVRFAgZW5jYXBzdWxhdGlvbjogaW4gdGhpcyBjYXNlLCB0aGUgdGhlDQogICAgQS9BQUFB IHJlY29yZHMgcmVmZXJzIHRvIHRoZSBlbmQtaG9zdC4gIEFzc3VtaW5nIHRoZSBkZXN0aW5hdGlv bg0KICAgIEhJVCBiZWxvbmdzIHRvIHRoZSBSZXNwb25kZXIsIGl0IHJlY2VpdmVzIGFuZCBwcm9j ZXNzZXMgaXQNCiAgICBhY2NvcmRpbmcgdG8gdGhlIG5lZ290aWF0ZWQgTkFUIHRyYXZlcnNhbCBt ZWNoYW5pc20uICBUaGUgc3VwcG9ydA0KICAgIGZvciB0aGUgcHJvdG9jb2wgZGVmaW5lZCBpbiB0 aGlzIGRvY3VtZW50IHZzIFtSRkM1NzcwXSBpcw0KICAgIGR5bmFtaWNhbGx5IG5lZ290aWF0ZWQg ZHVyaW5nIHRoZSBiYXNlIGV4Y2hhbmdlLiAgVGhlIGRldGFpbHMgYXJlDQogICAgc3BlY2lmaWVk IGluIFNlY3Rpb24gNC4zLg0KDQozLiAgSElQIFJlbmRlenZvdXMgU2VydmVyOiB0aGlzIGVudGl0 eSBpcyBub3QgbGlzdGVuaW5nIHRvIFVEUCBwb3J0DQogICAgMTA1MDAsIHNvIGl0IHdpbGwgZHJv cCB0aGUgSTEgbWVzc2FnZS4NCg0KNC4gIEhJUCBSZXNwb25kZXIgbm90IHN1cHBvcnRpbmcgVURQ IGVuY2Fwc3VsYXRpb246IHRoZSB0YXJnZXRlZCBlbmQtDQogICAgICAgaG9zdCBpcyBub3QgbGlz dGVuaW5nIHRvIFVEUCBwb3J0IDEwNTAwLCBzbyBpdCB3aWxsIGRyb3AgdGhlIEkxDQogICAgICAg bWVzc2FnZS4NCg0KVGhlIEEvQUFBQS1yZWNvcmQgTVVTVCBOT1QgYmUgY29uZmlndXJlZCB0byBy ZWZlciB0byBhIERhdGEgUmVsYXkNClNlcnZlciB1bmxlc3MgdGhlIGhvc3QgaW4gcXVlc3Rpb24g c3VwcG9ydHMgYWxzbyBDb250cm9sIFJlbGF5IFNlcnZlcg0KZnVuY3Rpb25hbGl0eS4NCg0KSXQg YWxzbyB3b3J0aCBub3RpbmcgdGhhdCBTUlYgcmVjb3JkcyBhcmUgbm90IGVtcGxveWVkIGluIHRo aXMNCnNwZWNpZmljYXRpb24uICBXaGlsZSB0aGV5IGNvdWxkIGJlIHVzZWQgZm9yIG1vcmUgZmxl eGlibGUgVURQIHBvcnQNCnNlbGVjdGlvbiwgdGhleSBhcmUgbm90IHN1aXRhYmxlIGZvciBlbmQt aG9zdCBkaXNjb3ZlcnkgYnV0IHJhdGhlcg0Kd291bGQgYmUgbW9yZSBzdWl0YWJsZSBmb3IgdGhl IGRpc2NvdmVyeSBvZiBISVAtc3BlY2lmaWMNCmluZnJhc3RydWN0dXJlLiAgRnVydGhlciBleHRl bnNpb25zIHRvIHRoaXMgZG9jdW1lbnQgbWF5IGRlZmluZSBTUlYNCnJlY29yZHMgZm9yIENvbnRy b2wgYW5kIERhdGEgUmVsYXkgU2VydmVyIGRpc2NvdmVyeSB3aXRoaW4gYSBETlMNCmRvbWFpbi4N Cg0KPiAzLiBTbyBJIGRvbid0IHF1aXRlIHVuZGVyc3RhbmQgd2hhdCB0aGUgY28tZXhpc3RhbmNl IHN0b3J5IGFyZSBmb3INCj4gdGhlIHJlbGF5DQo+IGhhdmluZyBhbiBsaXN0ZW5lciBvbiBwb3J0 IDEwNTAwPyBJcyB0aGF0IHBvcnQgb25seSB1c2VkIGZvcg0KPiBVRFAvSElQdjENCj4gKFJGQzU3 NzApIGFuZCBVRFAvSElQdjIgKFRoaXMgZG9jKS4NCg0KWWVzIChieSByZWxheXMgb3IgZW5kLWhv c3RzKQ0KDQo+IEFuZCB0aGUgbGlzdGVuaW5nIHN0YWNrIGNhbiBkZXRlcm1pbmUgd2hpY2gNCj4g dmVyc2lvbiBpcyB1c2VkIHRvIGRldGVybWluZSB3aGljaCBvZiB0aGUgcHJvdG9jb2wgaXMgcnVu Lg0KDQpISVAgdmVyc2lvbiBpcyBpbiB0aGUgaGVhZGVyLiBJZiBhIG1pZGRsZWJveCBvciBlbmQt aG9zdCBkb2VzIG5vdA0Kc3VwcG9ydCB0aGUgSElQIHZlcnNpb24sIGl0IHdpbGwgcmVzcG9uZCB0 byB3aXRoIGFuIElDTVA6DQoNCmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM3NDAxI3Nl Y3Rpb24tNS40LjENCg0KVGhlbiB0aGVyZSBpcyBSRkM1NzcwIHZzICJuYXRpdmUgTkFUIHRyYXZl cnNhbCIgKHRoaXMgc3BlYykNCnNwZWNpZmljYXRpb24gaXNzdWVzOg0KDQoxLiBDbGllbnQgcmVn aXN0cmF0aW9uIHRvIGEgUmVsYXk6DQoNCi0gUkVMQVlfVURQX0hJUCBpbiBib3RoIHNwZWNzDQot IE5ldyBSRUxBWV9VRFBfRVNQIHNlcnZpY2UgaW4gTmF0aXZlIE5BVCB0cmF2ZXJzYWwNCg0KDQpo dHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1oaXAtbmF0aXZlLW5hdC10cmF2 ZXJzYWwtMzAjc2VjdGlvbi00LjENCg0KVGhpcyBpcyBzaW1wbGUuIFRoZSBSZWxheSBTZXJ2ZXIg b2ZmZXJzIHNlcnZpY2VzIGFuZCB0aGUgQ2xpZW50IGNob29zZXMNCmZyb20gdGhlbS4gVGhlIENv bnRyb2wgUmVsYXkgU2VydmljZSBpcyB0aGUgc2FtZSBpbiBib3RoIHNwZWNzLg0KDQoyLiBCYXNl IGV4Y2hhbmdlIGJldHdlZW4gdGhlIGFjdHVhbCBlbmQtaG9zdHM6DQoNCi0gTkFUX1RNOiBJQ0Ut U1RVTi1VRFAgKFJGQzU3NzApIHZzIElDRS1ISVAtVURQIChuYXRpdmUgTkFUIHRyYXZlcnNhbCkg DQoNCg0KaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtaGlwLW5hdGl2ZS1u YXQtdHJhdmVyc2FsLTMwI3NlY3Rpb24tNC41DQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwv cmZjNTc3MCNzZWN0aW9uLTQuMw0KDQpUaGUgZW5kLWhvc3RzIG5lZ290aWF0ZSBSRkM1NzcwIHZz IG5hdGl2ZSBOQVQgdHJhdmVyc2FsIHN1cHBvcnQgZHVyaW5nDQp0aGUgYmFzZSBleGNoYW5nZS4N Cg0KPiBBbmQgdGhlIGlzc3VlIHdpdGgNCj4gbXVsdGlwbGV4aW5nIGlzIG9ubHkgZXhpc3Rpbmcg Zm9yIHRoZSBwb3J0cyB0aGF0IG9uZSBnYXRoZXJzPw0KDQpXaGF0IGRvIHlvdSBleGFjdGx5IG1l YW4gYnkgdGhpcz8gSXMgdGhlcmUgYW4gaXNzdWUgYmV0d2VlbiBOQVQNCnRyYXZlcnNhbCB2ZXJz aW9ucz8gT3IgYXJlIHlvdSByZWZlcnJpbmcgdG86DQoNCjYuNC4gIERlbXVsdGlwbGV4aW5nIERp ZmZlcmVudCBISVAgQXNzb2NpYXRpb25zDQoNCk9SDQoNCjQuMTIuMy4gIEhhbmRsaW5nIENvbmZs aWN0aW5nIFNQSSBWYWx1ZXMgKG5vdGUgdHdvIHNjZW5hcmlvcyBoZXJlKQ0KDQouLi53aGljaCBi b3RoIHRhbGsgYWJvdXQgbXVsdGlwbGV4aW5nLiBUaGUgbGF0dGVyIHNlY3Rpb24gZGVhbHMgd2l0 aCB0aGUgbmV3IHNlcnZpY2UgYWRkZWQgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIChEYXRhIFJlbGF5 IFNlcnZpY2UpIGFuZCBwb3J0IGdhdGhlcmluZyB3aXRoIHRoYXQuDQoNCj4gQ2FuIHlvdSBwbGVh c2UNCj4gYWRkIGEgcGFyYWdyYXBoIG9yIHR3byBzb21ld2hlcmUgaW4gdGhlIGRvY3VtZW50Lg0K DQpJIGNhbiBhZGQgc29tZSB0ZXh0IGlmIHlvdSBjYW4gY29uZmlybSBpZiBJIGhhdmUgYW5zd2Vy ZWQgdG8gdGhlIHJpZ2h0DQpxdWVzdGlvbnM/DQoNCj4gSSB0aGluayBpdCBzaG91bGQgYmUNCj4g cmVmZXJlbmNlZCBieSB0aGUgcG9ydCByZWdpc3RyYXRpb24gdXBkYXRlLg0KDQpUaGlzIHdhcyBo YW5kbGVkIGFscmVhZHkgbXkgcmVzcG9uc2UgdG8gcXVlc3Rpb24gMT8NCg0KPiA0LiBNVFUgaW1w YWN0IG9mIE5BVCB0cmF2ZXJzYWwuDQo+IA0KPiBTZWN0aW9uIDUuMSBzdGF0ZXMNCj4gIkl0IGlz IHdvcnRoIG5vdGluZyB0aGF0IFVEUCBlbmNhcHN1bGF0aW9uIG9mIEhJUCBwYWNrZXRzIHJlZHVj ZXMgdGhlDQo+ICAgIE1heGltdW0gVHJhbnNmZXIgVW5pdCAoTVRVKSBzaXplIG9mIHRoZSBjb250 cm9sIHBsYW5lIGJ5IDEyDQo+IGJ5dGVzLiINCj4gDQo+IFRoZXJlIGlzIGFsc28gYSBzaW1pbGFy IHRleHQgaW4gU2VjdGlvbiA1LjExOg0KPiANCj4gICAgSXQgaXMgd29ydGggbm90aW5nIHRoYXQg VURQIGVuY2Fwc3VsYXRpb24gb2YgRVNQIHJlZHVjZXMgdGhlIE1UVQ0KPiBzaXplDQo+ICAgIG9m IGRhdGEgcGxhbmUgYnkgOCBieXRlcy4NCj4gDQo+IEkgdGhpbmsgdGhlIGRvY3VtZW50IG5lZWRz IGEgZGlzY3Vzc2lvbiBhbmQgaW1wYWN0IG9uIE1UVSB3aGljaCB0aGlzDQo+IE5BVA0KPiB0cmF2 ZXJzYWwgaGFzIG9uIHRoZSBISVAgcGFja2V0cyBiZWluZyBzZW50LiAtIEZpcnN0IG9mIGFsbCB0 aGVyZQ0KPiBhcHBlYXJzIHRvIGJlDQo+IG1vcmUgcGFja2V0IGV4cGFuc2lvbnMgaGFwcGVuaW5n IGluIHNvbWUgY2FzZXMsIGZvciBleGFtcGxlIHRoZQ0KPiBSRUxBWV9ITUFDDQo+IG9wdGlvbiBl eHBhbmRzIHBhY2tldHMgb24gb25lIGxlZy4gLSBTZWNvbmRseSwgSElQIHJlcXVpcmVzIElQDQo+ IGZyYWdlbWVudGF0aW9uDQo+IHN1cHBvcnQsIGhvd2V2ZXIgSVAgZnJhZ21lbnRhdGlvbiB0aHJv dWdoIE5BVCBpcyBjb21tb25seSBub3QNCj4gd29ya2luZy4gVGh1cyBhbg0KPiBISVAgcGFja2V0 IGJlaW5nIFVEUCBlbmNhcHN1bGF0ZWQgdGhhdCByZXN1bHRzIGluIHBhY2tldCBleGNlZWRpbmcN Cj4gTVRVIHdpbGwNCj4gbGlrZWx5IGVuZCB1cCBpbiBhbiBNVFUgYmxhY2sgaG9sZSBvbiBwYXRo Lg0KPiANCj4gVGhlIGFkZGl0aW9uIG9mIHRoZSBOQVQgdHJhdmVyc2FsIGVuY2Fwc3VsYXRpb24g YWN0dWFsbHkgaW5jcmVhc2VzDQo+IHRoZSBuZWVkIGZvcg0KPiBNVFUgZGlzY292ZXJ5IG9yIGNh cmUgaW4gTVRVIGhhbmRsaW5nIGJ5IHRoZSBISVAgaW5pdGlhdG9yLiBJIHRoaW5rDQo+IHRoZXJl IG5lZWQNCj4gdG8gYmUgZGlzY3Vzc2lvbiBvZiB0aGF0IGluIHRoZSBkb2N1bWVudC4NCg0KSSBh bSBzdGlsIGl0ZXJhdGluZyBzb21lIHRleHQgb24gdGhpcywgSSBob3BlIEplZmYgQWhyZW5ob2x6 IGNhbiBoZWxwDQp3aXRoIHRoaXMuDQoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiAtLS0NCj4gQ09NTUVOVDoN Cj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLQ0KPiAtLS0NCj4gDQo+IE1heSBJIGlucXVpcmUgYWJvdXQgdGhlIHJlYXNv bmluZyB3aHkgdGhpcyBkb2N1bWVudCBkbyBub3Qgb2Jzb2xldGUNCj4gUkZDIDU3NzA/DQoNClRo aXMgd2FzIGRpc2N1c3NlZCBlYXJsaWVyIGJ1dCB0aGUgd29ya2luZyBncm91cCBkZWNpZGVkIHRv IGtlZXAgYm90aCwNCmFuZCBsZXQgaW1wbGVtZW50b3IncyB0byBjaG9vc2UgYmV0d2VlbiByZXVz aW5nIGV4aXN0aW5nIFNUVU4vVFVSTg0KaW5mcmEgKFJGQzU3NzApIHZzIGZhc3RlciBkYXRhIHBs YW5lIChuYXRpdmUgTkFUIHRyYXZlcnNhbCkuDQoNCg0KDQoNCg== From nobody Thu Apr 2 23:41:17 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 492AF3A10B2; Thu, 2 Apr 2020 23:41:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oXu7jufNEw2e; Thu, 2 Apr 2020 23:41:13 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70050.outbound.protection.outlook.com [40.107.7.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 855E53A10B4; Thu, 2 Apr 2020 23:41:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NgaPSI/sa5e1KsMLn8f0JP65OUkr4Wed+m57kv/2lYMYikaScRkoWPGIFgHl4IHQ/oW/4GloYcprIcHF0R+Bndh21mTJ/ZASWif3BGsfI/SzPzWzaxiQuhYz+1JBjKkUZ1WS2D5jM4mZwYkrlSKKDbrKtA0boEVUrASKwloTde0yy/iF+zMarl6F/uIkFTBX/fD4b6JYLUAAB6Cn0EkGTHY/yimlLVDCeNFH0NLRNfbj2+iS/s8+2F/grW/C62gaiwJmX8ArXqyO0Du2cBzI9AV5E9rbVafYxGhY56Pb1ZvGO1LwdZ9g5ZgIKvahMYXtVlCwLTV4IdYbm+VhD3zA8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VicodJUG0GcYuraUCJei41eLLHMrX6vSQUMy//Bgg04=; b=IYIbOscv3tOSboNyFHUH3+6jRMDjsLJHMZbPyfLPEbZBd3LOxTRUEcqN0GGxjv3FzAMIkVgZIXvuIsml6JMpSn7jrshYALV1fJuH6TuWHSkhnVk9Bh8UHS8vPUTxcuz30j+UWGpEEtKpDJX5bv5nJx/gADFaj/0fK93hSfi127dcO1VqawXJNilcIVxvD2cSdPJnfhKMsSexlamnPQRQIIGzbH+ju83yGh5MOdnvh0gOvkcDTa0DK3CoYximx3idktGfyDdj4jjbJVW9UqfOSCsq7f7SFD8Wvj6RkNH/evA8NcBJA3PKjQtACIGtWpmET96xQhTABgk48VFOsKY6Ww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VicodJUG0GcYuraUCJei41eLLHMrX6vSQUMy//Bgg04=; b=qgEnPX6n/nAOK+d8oKTENFvSWc4IzT1IcuFZdkpdx7rnRr4ZvwAk4W6wnnjGDLexsC8bIB7eN3HIAF0JXskSDQdPb7U/N6K4BQ2Q/UbZ4kyf+oh/cL6ytTD5LVCRNFgkAZLmL48gizD1vKmMHLUAJ5bSL3CfYO9xQCie3sY3Jrg= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB3841.eurprd07.prod.outlook.com (52.134.84.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.15; Fri, 3 Apr 2020 06:41:10 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::c93a:7b44:e182:cef6]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::c93a:7b44:e182:cef6%6]) with mapi id 15.20.2878.014; Fri, 3 Apr 2020 06:41:10 +0000 From: Miika Komu To: "iesg@ietf.org" , Magnus Westerlund CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8t5gg3Zvxq1PeEaWx2XZsfEZi6hma8SAgAC0NIA= Date: Fri, 3 Apr 2020 06:41:09 +0000 Message-ID: <1ee7a7a90a590c89583c7ce3e6a61d07f63ad9b1.camel@ericsson.com> References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> In-Reply-To: Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 991c386c-04ff-465b-86ff-08d7d799febd x-ms-traffictypediagnostic: AM0PR07MB3841:|AM0PR07MB3841: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0362BF9FDB x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(136003)(39860400002)(376002)(346002)(366004)(186003)(81156014)(26005)(66446008)(8676002)(4326008)(36756003)(316002)(86362001)(81166006)(110136005)(6512007)(6636002)(54906003)(6506007)(2906002)(5660300002)(71200400001)(66476007)(91956017)(8936002)(2616005)(450100002)(6486002)(66946007)(66556008)(76116006)(44832011)(64756008)(478600001)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ZlpSjpK5/+yzcycznLxPTf0RnFbptviUkjlOyxO/C+Wyu1PtAjCLeSRO5vJK84x/4Yr+8QPIFQ+JxKQDXYv7BV9e7MevPkrhxG7k6XVW1UpQuZYJV4svRhuzHcsgKApASMzEWlNRYXMrg35T6axzqBz9i1yqqpAEBujlDznxU4/GGmiGhTiQWtDIcwgxcUhePlOemmI4cjaMvtBGSaKpnrRTvZyQ4WjmM+4A7P59PyB3ReHpQkrkZ2hlMP2haFiC6JFeiiNprH0ZMySrC21eje4EFfXag11MjS4898NlfcOf8+ZrAtF+2zCZ5KaB3t9Er7gXT/Xpr4aCqYG+9etbe4sS4/hc/LtEqseCOZfiOGRi8HnNS5KS0JWD5kSp6AjEQ7yOC6Nooz0+A7KupCVRmQrj53VJnquZmRsIFOnub2GMzyILWGaFNL/orGxlYVFiacdCAZ/VwUNRB0a7YCU43BCaMPZokzbL47WTFCf9p5NzKKRwOdxMUVoRmHTL+QtG x-ms-exchange-antispam-messagedata: XDbFnvT1euZgA77KLIFoTBJq22aYTEMGg7cSsURa+vhEV5ZHD1rOsfHVOTTlqJtFoiPfgeOLif5yqxYPsbGyRdXzkgB9rKKNuUMtJeiWrT0vOLxOXwgXoYohS2+E1ZzBbVcJ4YhxpVvFjShd9XfeZQ== Content-Type: text/plain; charset="utf-8" Content-ID: <36FED5C5A816E24FA21C8802C0BB0589@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 991c386c-04ff-465b-86ff-08d7d799febd X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 06:41:09.9586 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: LKI2i1hYtTo1hpRc/KzdLGyhmOFoQ4xh0OqXca/mJFetZ1UHM75MjH+n2nCAazE5kgZbxkTxXwZxen+quORS+Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3841 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 06:41:15 -0000 SGkgTWFnbnVzLA0KDQp0bywgMjAyMC0wNC0wMiBrZWxsbyAyMjo1NiArMDMwMCwgTWlpa2EgS29t dSBraXJqb2l0dGk6DQo+IA0KPiA+IDQuIE1UVSBpbXBhY3Qgb2YgTkFUIHRyYXZlcnNhbC4NCj4g PiANCj4gPiBTZWN0aW9uIDUuMSBzdGF0ZXMNCj4gPiAiSXQgaXMgd29ydGggbm90aW5nIHRoYXQg VURQIGVuY2Fwc3VsYXRpb24gb2YgSElQIHBhY2tldHMgcmVkdWNlcw0KPiA+IHRoZQ0KPiA+ICAg IE1heGltdW0gVHJhbnNmZXIgVW5pdCAoTVRVKSBzaXplIG9mIHRoZSBjb250cm9sIHBsYW5lIGJ5 IDEyDQo+ID4gYnl0ZXMuIg0KPiA+IA0KPiA+IFRoZXJlIGlzIGFsc28gYSBzaW1pbGFyIHRleHQg aW4gU2VjdGlvbiA1LjExOg0KPiA+IA0KPiA+ICAgIEl0IGlzIHdvcnRoIG5vdGluZyB0aGF0IFVE UCBlbmNhcHN1bGF0aW9uIG9mIEVTUCByZWR1Y2VzIHRoZSBNVFUNCj4gPiBzaXplDQo+ID4gICAg b2YgZGF0YSBwbGFuZSBieSA4IGJ5dGVzLg0KPiA+IA0KPiA+IEkgdGhpbmsgdGhlIGRvY3VtZW50 IG5lZWRzIGEgZGlzY3Vzc2lvbiBhbmQgaW1wYWN0IG9uIE1UVSB3aGljaA0KPiA+IHRoaXMNCj4g PiBOQVQNCj4gPiB0cmF2ZXJzYWwgaGFzIG9uIHRoZSBISVAgcGFja2V0cyBiZWluZyBzZW50LiAt IEZpcnN0IG9mIGFsbCB0aGVyZQ0KPiA+IGFwcGVhcnMgdG8gYmUNCj4gPiBtb3JlIHBhY2tldCBl eHBhbnNpb25zIGhhcHBlbmluZyBpbiBzb21lIGNhc2VzLCBmb3IgZXhhbXBsZSB0aGUNCj4gPiBS RUxBWV9ITUFDDQo+ID4gb3B0aW9uIGV4cGFuZHMgcGFja2V0cyBvbiBvbmUgbGVnLiAtIFNlY29u ZGx5LCBISVAgcmVxdWlyZXMgSVANCj4gPiBmcmFnZW1lbnRhdGlvbg0KPiA+IHN1cHBvcnQsIGhv d2V2ZXIgSVAgZnJhZ21lbnRhdGlvbiB0aHJvdWdoIE5BVCBpcyBjb21tb25seSBub3QNCj4gPiB3 b3JraW5nLiBUaHVzIGFuDQo+ID4gSElQIHBhY2tldCBiZWluZyBVRFAgZW5jYXBzdWxhdGVkIHRo YXQgcmVzdWx0cyBpbiBwYWNrZXQgZXhjZWVkaW5nDQo+ID4gTVRVIHdpbGwNCj4gPiBsaWtlbHkg ZW5kIHVwIGluIGFuIE1UVSBibGFjayBob2xlIG9uIHBhdGguDQo+ID4gDQo+ID4gVGhlIGFkZGl0 aW9uIG9mIHRoZSBOQVQgdHJhdmVyc2FsIGVuY2Fwc3VsYXRpb24gYWN0dWFsbHkgaW5jcmVhc2Vz DQo+ID4gdGhlIG5lZWQgZm9yDQo+ID4gTVRVIGRpc2NvdmVyeSBvciBjYXJlIGluIE1UVSBoYW5k bGluZyBieSB0aGUgSElQIGluaXRpYXRvci4gSSB0aGluaw0KPiA+IHRoZXJlIG5lZWQNCj4gPiB0 byBiZSBkaXNjdXNzaW9uIG9mIHRoYXQgaW4gdGhlIGRvY3VtZW50Lg0KPiANCj4gSSBhbSBzdGls IGl0ZXJhdGluZyBzb21lIHRleHQgb24gdGhpcywgSSBob3BlIEplZmYgQWhyZW5ob2x6IGNhbiBo ZWxwDQo+IHdpdGggdGhpcy4NCg0KSSBnb3QgdGV4dCBmcm9tIEplZmYgQWhyZW5ob2x6IGFuZCBS b2JlcnQgTW9za293aXR6Og0KDQpTZWN0aW9uIDUuMg0KDQpyZXBsYWNlZCB0aGlzOg0KDQpJdCBp cyB3b3J0aCBub3RpbmcgdGhhdCBVRFAgZW5jYXBzdWxhdGlvbiBvZiBISVAgcGFja2V0cyByZWR1 Y2VzIHRoZQ0KTWF4aW11bSBUcmFuc2ZlciBVbml0IChNVFUpIHNpemUgb2YgdGhlIGNvbnRyb2wg cGxhbmUgYnkgMTIgYnl0ZXMuDQoNCndpdGg6DQoNClVEUCBlbmNhcHN1bGF0aW9uIG9mIEhJUCBw YWNrZXRzIHJlZHVjZXMgdGhlIE1heGltdW0gVHJhbnNmZXIgVW5pdA0KKE1UVSkgc2l6ZSBvZiB0 aGUgY29udHJvbCBwbGFuZSBieSAxMiBieXRlcyAoOC1ieXRlIFVEUCBoZWFkZXIgcGx1cw0KNC1i eXRlIHplcm8gU1BJIG1hcmtlciksIGFuZCB0aGUgZGF0YSBwbGFuZSBieSA4IGJ5dGVzLiAgVGhp cw0KZW5jYXBzdWxhdGlvbiBvdmVyaGVhZCBpbmNyZWFzZXMgdGhlIG5lZWQgZm9yIE1UVSBkaXNj b3ZlcnkuICBBIEhJUA0KaG9zdCBTSE9VTEQgaGF2ZSB0aGUgb3B0aW9uIHRvIGVuYWJsZSBJQ01Q IHBhdGggTVRVIGRpc2NvdmVyeSAoUE1UVUQpDQpbUkZDMTA2M10gW1JGQzgyMDFdLiAgT3RoZXJ3 aXNlLCBzdXBwb3J0IGZvciBJUCBmcmFnbWVudGF0aW9uIGlzDQpyZXF1aXJlZCwgd2hpY2ggbWF5 IG5vdCBiZSBjb21tb25seSBzdXBwb3J0ZWQgdGhyb3VnaCBOQVRzLiAgV2hlbiBISVANCmVuY2Fw c3VsYXRpb24gaXMgaW1wbGVtZW50ZWQgdXNpbmcgYSB2aXJ0dWFsIHR1bm5lbGluZyBpbnRlcmZh Y2UsDQpjb25zaWRlciB1c2luZyBhIHJlZHVjZWQgTVRVIChlLmcuIDE0MDApIGJ5IGRlZmF1bHQu ICBBZGRpdGlvbmFsIEhJUA0KcmVsYXkgcGFyYW1ldGVycywgc3VjaCBhcyBSRUxBWV9ITUFDLCBS RUxBWV9VRFBfSElQLCBSRUxBWV9VRFBfRVNQLA0KZXRjLiwgZnVydGhlciBpbmNyZWFzZSB0aGUg c2l6ZSBvZiBjZXJ0YWluIEhJUCBwYWNrZXRzLiAgSXQgaXMgd29ydGgNCm5vdGluZyB0aGF0IGZ1 cnRoZXIgSElQIGV4dGVuc2lvbnMgY2FuIHRyaW0gb2ZmIDggYnl0ZXMgaW4gdGhlIEVTUA0KaGVh ZGVyIGJ5IG5lZ290aWF0aW5nIGltcGxpY2l0IElWIHN1cHBvcnQgaW4gdGhlIEVTUF9UUkFOU0ZP Uk0NCnBhcmFtZXRlciBhcyBkZXNjcmliZWQgaW4gW1JGQzg3NTBdLg0KDQpEb2VzIHRoaXMgYWRk cmVzcyB5b3VyIGNvbmNlcm5zPw0KDQpCdHcsIEkgd291bGQgcmVtb3ZlIHRoZSBmb2xsb3dpbmcg cmVkdW5kYW50IHN0YXRlbWVudCBpbg0KIlJFTEFZRURfQUREUkVTUyBhbmQgTUFQUEVEX0FERFJF U1MgUGFyYW1ldGVycyIgc2VjdGlvbjoNCg0KSXQgaXMgd29ydGggbm90aW5nIHRoYXQgVURQIGVu Y2Fwc3VsYXRpb24gb2YgRVNQIHJlZHVjZXMNCnRoZSBNVFUgc2l6ZSBvZiBkYXRhIHBsYW5lIGJ5 IDggYnl0ZXMuDQo= From nobody Fri Apr 3 02:17:24 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BECA73A1569; Fri, 3 Apr 2020 02:17:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uRjJU6tcIuz9; Fri, 3 Apr 2020 02:17:18 -0700 (PDT) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00081.outbound.protection.outlook.com [40.107.0.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F92B3A1568; Fri, 3 Apr 2020 02:17:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eKa6sA0wDViTegJt+N5SDGCtSzxHamwybVMQKleMkkwGnl/X7EBRgxVgAVPjTdpOQEkj/EFaeU6EP0Op1UndUIGH/dwNxbwKT9Eb+FaWzuAbWgnuSkNeU8snFMV4KiKKC4AcPqb0in6OE/0aq5Px06eFlYkvg3RXO0Ru9pShyDpX/poKKVDb8ZRc5S4o7wjVQ02o/3K0ZsaxpN/pSEkFZdftB+0oL1duyUK498J9X9znXVPvnIw0W7yor3gGgcgGyEpDqpo04kEZHg+7StGiQfj1M8EqOrhRRzdPGZYAmyEe6J7/BGUAl4mcM9LRyvaWXPM4sxifxeYlwrdHtyWFEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eJbM+FixjWwM9b5VS1/xxZBW5TXZDEdVkaC8tXWgqCo=; b=UWZaJmDOoY0EWkL4pmmDU5fsuhKQ0UMY2oiwlBR6BDvhr5o+sD9+hytuVg/fybSCiS7dQiOhPmlNpAvaqoHjJdfh6LIQ2ad8hJUMDMkRNPBmk1bSyYWSBSvikdnMpSsGPCHtbo0slIIf2hBr28yOnqbGKowCCwomRP5vP8zF6zOLGddAkXM4czli6xPCp3PH8O6P8cS5CmNC9cV2/sqllOceg8RwGJa0GyxocN7VJh228H6XbtIM4TAfG87ssC7zOrWf/uwokRg6nxu/FHGmcDqDnUZiiMrnZjA8H6IYZlL+pTp6SogbZc+4e8f092HF4C8IsPNZR3GrQxe7ifRpEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eJbM+FixjWwM9b5VS1/xxZBW5TXZDEdVkaC8tXWgqCo=; b=HUdbOYLx2Pe4pU1Oum9p8Dy3nOcf1klDE6yFm3E/v9KVjNEG/VGmW3MoAiRoLEDVXbOti+djjesearElkV9dSQ7j48h4BNIn4gtypzt/NXiZrL+9PAlsKe6DYhBwF+/On6dBOXEN4Yzguqi+/beQSoEUJEP4/Q3jQCup6gS0WxI= Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (52.133.7.14) by HE1PR0702MB3594.eurprd07.prod.outlook.com (10.167.126.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.16; Fri, 3 Apr 2020 09:17:14 +0000 Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a%2]) with mapi id 15.20.2878.014; Fri, 3 Apr 2020 09:17:14 +0000 From: Magnus Westerlund To: "iesg@ietf.org" , Miika Komu CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8t5jpwo8AfrnzU6oGxAW8ZOYmqhma8gAgADfzYA= Date: Fri, 3 Apr 2020 09:17:14 +0000 Message-ID: <326b5dfa75824f82e990b4b990c51accbfbf4d72.camel@ericsson.com> References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> In-Reply-To: Accept-Language: sv-SE, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com; x-originating-ip: [158.174.118.23] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6bd9cf90-cbd1-4dcc-27c8-08d7d7afccae x-ms-traffictypediagnostic: HE1PR0702MB3594:|HE1PR0702MB3594: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0362BF9FDB x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(346002)(39860400002)(376002)(366004)(396003)(136003)(36756003)(66556008)(66616009)(30864003)(2616005)(64756008)(8936002)(71200400001)(44832011)(66446008)(6506007)(66476007)(76116006)(54906003)(450100002)(6486002)(4326008)(66946007)(110136005)(81166006)(2906002)(26005)(86362001)(6636002)(6512007)(316002)(5660300002)(186003)(478600001)(99936003)(8676002)(966005)(81156014)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GTAeQUbF34z+LxwU9LFoKz5pPhHj50z78u/E3Zsn4dNa2KfS4My4UZbN7t4TMwwy89euzRgPAKXzVZDFiy1JtdkG4SGI/RO0VjloXQiA2FYHIktJfdsGo75A1iZNk8EsaixMjcX46cpva1DZ9veExIwxOEequbXE+e/n2XP6sLnfqwNsa4NSsWHp7o1qryxHMChDuyC0jXx9WOaUMG3NCBMzHSVTpCePQxqEUL3bpIK2rOygaaEJ8YXV/tF+mDTvtPi0cbJZp8MQ85oQtTBLwavq0YCsDnky1Vl+kaJ8rx5MxhNwdEO6DRKmJKBHm9ORBykzYX9631k3EJpgegFTZtGWT9WjmivmUja/JMCy2g766BhgFSAVyugKaJtGfX10XuqebQUJZ6yUYA4TZFvVJkLaKyPB6FpdQH1h5UvrsxehfhihgfU/7Rz1Hl52Ip/sh7yRzATTnrV3+OHItiuaIJDulDlejxUzh98Zbpt01fDTvqVvM/6WjIzn3CDelMZMQMtbFuD2sjQBsxyxhle4cm2AwFzlCutbwIhRa3FbV9wAa3YTXEq2RBenFdxfP23M x-ms-exchange-antispam-messagedata: lHTIJJErv1rB7aIootXsivyd40jl6AQRa6c4bmMqB8nSUjzdZ0Fa3t71khafG+HNX7arMqt7C0jIhXg95IjWkCu3p+TmFUS9he6PHCclQ2pd0aaBxgoeUY7PYMl6exHdWlp6h6vu2YsoeQ/iC2J2xQ== Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-puWjvMJX4YbvLLjOqn0F" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6bd9cf90-cbd1-4dcc-27c8-08d7d7afccae X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 09:17:14.7439 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: MJ7T0R5xAM7fqY3+NVzvCT/YvgJyuI1QaMqwcaZjgSnH2eofN49uk83LEifhfeB5SDqEpfhv7+Po8bI6HFtwAgCcmovdCGhdo274SfHV1hs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3594 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 09:17:23 -0000 --=-puWjvMJX4YbvLLjOqn0F Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Miika, Please see inline.=20 On Thu, 2020-04-02 at 19:56 +0000, Miika Komu wrote: > Hi Magnus, >=20 > to, 2020-03-05 kello 03:08 -0800, Magnus Westerlund via Datatracker > kirjoitti: > > Magnus Westerlund has entered the following ballot position for > > draft-ietf-hip-native-nat-traversal-30: Discuss > >=20 > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut > > this > > introductory paragraph, however.) > >=20 > >=20 > > Please refer to=20 > > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > >=20 > >=20 > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ > >=20 > >=20 > >=20 > > ------------------------------------------------------------------- > > --- > > DISCUSS: > > ------------------------------------------------------------------- > > --- > >=20 > > So I think the below are important things that needs to be discussed > > before > > proceeding. However, I might have missed things as I didn't have time > > to read > > the whole document in detail. Several of the issues are pieces for > > discussion > > to ensure that the right thing really is done. > >=20 > > 1. So this document recommends the usage of port 10500 as default > > listening > > port. A port registered by Ari and also used for RFC 5770. I get the > > impression > > that the port was registered separately from RFC 5770. So the port is > > assigned > > to Ari. Would Ari be willing to release the port for re-assignment to > > IESG > > control. RFC 6335 has the recommendation for ports for IETF protocols > > that the > > assignee is IESG and the contact chair@ietf.org. This to have the > > change > > control with IETF as body rather than with individuals. > >=20 > > If Ari agrees to this, I think it would be good to have the IANA > > section be > > updated to note the re-assignment and provide the necessary > > information. >=20 > This document reuses the same default UDP port number 10500 as > specified by Legacy ICE-HIP [RFC5770] for tunneling both HIP control > plane and data plane traffic. The port was was registered=20 > separately for RFC5770 to co-author Ari Keranen but should now be re- > assigned for IESG control. With the permission of Ari Keranen, the new > assignee is IESG and contact "chair@ietf.org". In addition, IANA is > requested to add a reference to this document in the entry for UDP port > 10500 in the Transport Protocol Port Number Registry. The selection > between Legacy ICE-HIP and Native ICE-HIP mode is negotiated using > NAT_TRAVERSAL_MODE parameter during the base exchange. By default, > hosts listen this port for incoming UDP datagrams and can use it also > for sending UDP datagrams. Other emphemeral port numbers are > negotiated and utilized dynamically. Thanks, this is exactly what I wanted to here.=20 >=20 > > 2. Secondly, as this solution is different from the RFC 5770 should > > this > > solution have a different service name? The reason I am asking is > > that it > > depends on how for example how an initiator determine which of the > > NAT > > traversal solution. If there is any intention to use DNS SRV for > > example > > different service name would make sense. This is primarily to verify > > that this > > has been considered. >=20 > I am not an expert on the topic but based on some discussions with some > colleagues, the SRV records seem to more suitable for infrastructure > discovery, not really for end-host discovery. Since you asked for this, > I wrote a new section in the appendix: So the main reason for my question was to ensure that you have not forgoett= en that you actually have some dependnecy on the service name that would in fa= ct be incompatible. That could include some supporting document, for example usag= e of SRV records. However, with the below text written, I do find it informative= . And the statement at the end that you don't use SRV records currently is also g= ood and part to answer one aspect of my question. To conclude, it appears to be= no issues with having the two mechanisms share service name and port.=20 =46rom my perspective it appears to be some benefit in including the below appendix in the specificaiton, but you should seek consensus on it in the W= G before the document is approved in my opinion.=20 >=20 > Appendix E. DNS Considerations >=20 > [RFC5770] did not specify how an end-host can look up another end- > host via DNS and initiate an UDP-based HIP base exchange with it, so > this section makes an attempt to fill this gap. >=20 > [RFC8005] specifies how an HIP end-host and its Rendezvous server is > registered to DNS. Essentially, the public key of the end-host is > stored as HI record and its Rendezvous Server as A or AAAA record. > This way, the Rendezvous Server can act as an intermediary for the > end-host and forward packets to it based on the DNS configuration. > Control Relay Server offers similar functionality as Rendezvous > Server, with the difference that the Control Relay Server forwards > all control messages, not just the first I1 message. >=20 > Prior to this document, the A and AAAA records in the DNS refer > either to the HIP end-host itself or a Rendezvous Server [RFC8005], > and control and data plane communication with the associated host has > been assumed to occur directly over IPv4 or IPv6. However, this > specification extends the records to be used for UDP-based > communications. >=20 > Let us consider the case of a HIP Initiator with the default policy > to employ UDP encapsulation and the extensions defined in this > document. The Initiator looks up the FQDN of a Responder, and > retrieves its HI, A and AAAA records. Since the default policy is to > use UDP encapsulation, the Initiator MUST send the I1 message over > UDP to destination port 10500 (either over IPv4 in the case of a A > record or over IPv6 in the case of a AAAA record). It MAY send an I1 > message both with and without UDP encapsulation in parallel. In the > case the Initiator receives R1 messages both with and without UDP > encapsulation from the Responder, the Initiator SHOULD ignore the R1 > messages without UDP encapsulation. >=20 > The UDP encapsulated I1 packet could be received by three different > types of hosts: >=20 > 1. HIP Control Relay Server: in this case the A/AAAA records refers > to a Control Relay Server, and it will forward the packet to the > corresponding Control Relay Client based on the destination HIT > in the I1 packet. >=20 > 2. HIP Responder supporting UDP encapsulation: in this case, the the > A/AAAA records refers to the end-host. Assuming the destination > HIT belongs to the Responder, it receives and processes it > according to the negotiated NAT traversal mechanism. The support > for the protocol defined in this document vs [RFC5770] is > dynamically negotiated during the base exchange. The details are > specified in Section 4.3. >=20 > 3. HIP Rendezvous Server: this entity is not listening to UDP port > 10500, so it will drop the I1 message. >=20 > 4. HIP Responder not supporting UDP encapsulation: the targeted end- > host is not listening to UDP port 10500, so it will drop the I1 > message. >=20 > The A/AAAA-record MUST NOT be configured to refer to a Data Relay > Server unless the host in question supports also Control Relay Server > functionality. >=20 > It also worth noting that SRV records are not employed in this > specification. While they could be used for more flexible UDP port > selection, they are not suitable for end-host discovery but rather > would be more suitable for the discovery of HIP-specific > infrastructure. Further extensions to this document may define SRV > records for Control and Data Relay Server discovery within a DNS > domain. >=20 > > 3. So I don't quite understand what the co-existance story are for > > the relay > > having an listener on port 10500? Is that port only used for > > UDP/HIPv1 > > (RFC5770) and UDP/HIPv2 (This doc). >=20 > Yes (by relays or end-hosts) >=20 > > And the listening stack can determine which > > version is used to determine which of the protocol is run. >=20 > HIP version is in the header. If a middlebox or end-host does not > support the HIP version, it will respond to with an ICMP: >=20 > https://tools.ietf.org/html/rfc7401#section-5.4.1 >=20 > Then there is RFC5770 vs "native NAT traversal" (this spec) > specification issues: >=20 > 1. Client registration to a Relay: >=20 > - RELAY_UDP_HIP in both specs > - New RELAY_UDP_ESP service in Native NAT traversal >=20 >=20 > https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-30#sectio= n-4.1 >=20 > This is simple. The Relay Server offers services and the Client chooses > from them. The Control Relay Service is the same in both specs. >=20 > 2. Base exchange between the actual end-hosts: >=20 > - NAT_TM: ICE-STUN-UDP (RFC5770) vs ICE-HIP-UDP (native NAT traversal)= =20 >=20 >=20 > https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-30#sectio= n-4.5 > https://tools.ietf.org/html/rfc5770#section-4.3 >=20 > The end-hosts negotiate RFC5770 vs native NAT traversal support during > the base exchange. >=20 > > And the issue with > > multiplexing is only existing for the ports that one gathers? >=20 > What do you exactly mean by this? Is there an issue between NAT > traversal versions? Or are you referring to: >=20 > 6.4. Demultiplexing Different HIP Associations >=20 > OR >=20 > 4.12.3. Handling Conflicting SPI Values (note two scenarios here) >=20 > ...which both talk about multiplexing. The latter section deals with the = new > service added in this specification (Data Relay Service) and port gatheri= ng > with that. >=20 Deciphering my own comment, I think it was primarily the question how the r= elay can separate the different traffic on that port, primarily from supporting = old version at the same time. I think the seperation of the difference client's streams appears sufficiently well defined.=20 > > Can you please > > add a paragraph or two somewhere in the document. >=20 > I can add some text if you can confirm if I have answered to the right > questions? >=20 > > I think it should be > > referenced by the port registration update. >=20 > This was handled already my response to question 1? >=20 > > 4. MTU impact of NAT traversal. > >=20 > > Section 5.1 states > > "It is worth noting that UDP encapsulation of HIP packets reduces the > > Maximum Transfer Unit (MTU) size of the control plane by 12 > > bytes." > >=20 > > There is also a similar text in Section 5.11: > >=20 > > It is worth noting that UDP encapsulation of ESP reduces the MTU > > size > > of data plane by 8 bytes. > >=20 > > I think the document needs a discussion and impact on MTU which this > > NAT > > traversal has on the HIP packets being sent. - First of all there > > appears to be > > more packet expansions happening in some cases, for example the > > RELAY_HMAC > > option expands packets on one leg. - Secondly, HIP requires IP > > fragementation > > support, however IP fragmentation through NAT is commonly not > > working. Thus an > > HIP packet being UDP encapsulated that results in packet exceeding > > MTU will > > likely end up in an MTU black hole on path. > >=20 > > The addition of the NAT traversal encapsulation actually increases > > the need for > > MTU discovery or care in MTU handling by the HIP initiator. I think > > there need > > to be discussion of that in the document. >=20 > I am stil iterating some text on this, I hope Jeff Ahrenholz can help > with this. >=20 Will answer the other email with text on this.=20 > > ------------------------------------------------------------------- > > --- > > COMMENT: > > ------------------------------------------------------------------- > > --- > >=20 > > May I inquire about the reasoning why this document do not obsolete > > RFC 5770? >=20 > This was discussed earlier but the working group decided to keep both, > and let implementor's to choose between reusing existing STUN/TURN > infra (RFC5770) vs faster data plane (native NAT traversal). >=20 Ok.=20 =20 Cheers Magnus Westerlund=20 ---------------------------------------------------------------------- Networks, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- --=-puWjvMJX4YbvLLjOqn0F Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCEtww ggYHMIID76ADAgECAhALRm3NcHtuMGWutmt5cXntMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYT AlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBD QSB2MzAeFw0xNzEyMTUwNzIyMjNaFw0yMDEyMTUwNzIyMjJaMHAxETAPBgNVBAoMCEVyaWNzc29u MRowGAYDVQQDDBFNYWdudXMgV2VzdGVybHVuZDEtMCsGCSqGSIb3DQEJARYebWFnbnVzLndlc3Rl cmx1bmRAZXJpY3Nzb24uY29tMRAwDgYDVQQFEwdlcmFtc3dkMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAsKlHZvB3TsmLEDtPSiFFKAh73S2wApt+laqg5eXTqonqnzT9ykEGL2dx9mBT +2WZiIKxo4w2sisVl3EEYTqXTkctpur7cN29gLC8F3tJHGI2sUVpO9AwpVrN+UuHEVetHt7hdxW9 uYd0LJJ8TP6/wGkIfAFaZxlZUn79O2eHElfih1iVIiTZXLcEe1rBJtzhUNRHWgOm2vQlDJ4sCpig GFq5w+XSRviEQMkQZRvw1CQmb35QS/C/T36ogzIRHDuAdkoSaiUOY/S2dLp4HkwvOOg+tADpaHkr bdmdnjKGrYSnJigmxw14pJugxL/Vb2EeVcgpAfVVst7Lm4POPRI8+wIDAQABo4IBxDCCAcAwSAYD VR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC50cnVzdC50ZWxpYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNybDCBggYIKwYBBQUHAQEEdjB0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcDIu dHJ1c3QudGVsaWEuY29tMEgGCCsGAQUFBzAChjxodHRwOi8vY2EudHJ1c3QudGVsaWFzb25lcmEu Y29tL2VyaWNzc29ubmxpbmRpdmlkdWFsY2F2My5jZXIwKQYDVR0RBCIwIIEebWFnbnVzLndlc3Rl cmx1bmRAZXJpY3Nzb24uY29tMFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQESMDowOAYIKwYBBQUH AgEWLGh0dHBzOi8vcmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMB0GA1UdJQQW MBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNVHQ4EFgQU5ivuhpU51W4UhBDBWwf8XsU837YwHwYD VR0jBBgwFoAUHHsZnpecdqwgPdjc45Fq49stplMwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEB CwUAA4ICAQBn0FKukg00UN/c/ESpxSIaYTrsd8liHHMu5rLpOBNOacpGNBMGNgUDDt4QihhoQR3c vhYXCrAM59NTvw0HNlgqHZoEeVY7YnJJYnJXDCLUfkK5Dn28E3QrzykkF6giUOXDyF9mhWYbSAkJ yx0Yj0Xc8en3wYNyoFYEqjlKtZrdV0pcgFzEeXVLS8DWrzSy7+KfUtDOEiM6H3zO3nsq++KBmsOi SKkWn4oYERZg5KElEAHis9av+3KIaEPnOAt8QRWRpFfGZ4d89F16qFvElup5n7l864FqxnC2friD o4hLQY6ENaOaYIihXhbl2UYxAGDk89aJm/S5pYyq7wzm+KK3IcUl60rmc8SJlt6QXKw0wXEOE1Mu bauYKMsad2s8jD+rEkXp+agTRl+sezWaRxHBpxuUKDd6MhwDig3SZi1qP7D/Ds4V+JLIjjUJc25l 9tvMGC9+lqI0P+vMI3Zyrou0NNfb55uLQaq18O+7BZ8Kv7jvFdxYyUgbxQ0SPEiyhylcLHAmJeLC QaiZHmCREBkCLKSf0O4lE2TrVzdOD38wjzuQ27U3UddVCD9EQ3tF7o6EVhpxJJUlB6xe/2UWwy4Z la71dKLUhakdVrN5abzxqFWvzOAT9nBa2HzYVBtpbcu6KGh72YJ+M79fa9iIkcQCgUnw3gIAeWd/ /n4YbY2QhDCCBgcwggPvoAMCAQICEAtGbc1we24wZa62a3lxee0wDQYJKoZIhvcNAQELBQAwRzEL MAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRp dmlkdWFsIENBIHYzMB4XDTE3MTIxNTA3MjIyM1oXDTIwMTIxNTA3MjIyMlowcDERMA8GA1UECgwI RXJpY3Nzb24xGjAYBgNVBAMMEU1hZ251cyBXZXN0ZXJsdW5kMS0wKwYJKoZIhvcNAQkBFh5tYWdu dXMud2VzdGVybHVuZEBlcmljc3Nvbi5jb20xEDAOBgNVBAUTB2VyYW1zd2QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwqUdm8HdOyYsQO09KIUUoCHvdLbACm36VqqDl5dOqieqfNP3K QQYvZ3H2YFP7ZZmIgrGjjDayKxWXcQRhOpdORy2m6vtw3b2AsLwXe0kcYjaxRWk70DClWs35S4cR V60e3uF3Fb25h3QsknxM/r/AaQh8AVpnGVlSfv07Z4cSV+KHWJUiJNlctwR7WsEm3OFQ1EdaA6ba 9CUMniwKmKAYWrnD5dJG+IRAyRBlG/DUJCZvflBL8L9PfqiDMhEcO4B2ShJqJQ5j9LZ0ungeTC84 6D60AOloeStt2Z2eMoathKcmKCbHDXikm6DEv9VvYR5VyCkB9VWy3subg849Ejz7AgMBAAGjggHE MIIBwDBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nv bm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggrBgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6 Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYIKwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxp YXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2aWR1YWxjYXYzLmNlcjApBgNVHREEIjAggR5tYWdu dXMud2VzdGVybHVuZEBlcmljc3Nvbi5jb20wVQYDVR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4 BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMw HQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMB0GA1UdDgQWBBTmK+6GlTnVbhSEEMFbB/xe xTzftjAfBgNVHSMEGDAWgBQcexmel5x2rCA92NzjkWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJ KoZIhvcNAQELBQADggIBAGfQUq6SDTRQ39z8RKnFIhphOux3yWIccy7msuk4E05pykY0EwY2BQMO 3hCKGGhBHdy+FhcKsAzn01O/DQc2WCodmgR5VjtickliclcMItR+QrkOfbwTdCvPKSQXqCJQ5cPI X2aFZhtICQnLHRiPRdzx6ffBg3KgVgSqOUq1mt1XSlyAXMR5dUtLwNavNLLv4p9S0M4SIzoffM7e eyr74oGaw6JIqRafihgRFmDkoSUQAeKz1q/7cohoQ+c4C3xBFZGkV8Znh3z0XXqoW8SW6nmfuXzr gWrGcLZ+uIOjiEtBjoQ1o5pgiKFeFuXZRjEAYOTz1omb9LmljKrvDOb4orchxSXrSuZzxImW3pBc rDTBcQ4TUy5tq5goyxp3azyMP6sSRen5qBNGX6x7NZpHEcGnG5QoN3oyHAOKDdJmLWo/sP8OzhX4 ksiONQlzbmX228wYL36WojQ/68wjdnKui7Q019vnm4tBqrXw77sFnwq/uO8V3FjJSBvFDRI8SLKH KVwscCYl4sJBqJkeYJEQGQIspJ/Q7iUTZOtXN04PfzCPO5DbtTdR11UIP0RDe0XujoRWGnEklSUH rF7/ZRbDLhmVrvV0otSFqR1Ws3lpvPGoVa/M4BP2cFrYfNhUG2lty7ooaHvZgn4zv19r2IiRxAKB SfDeAgB5Z3/+fhhtjZCEMIIGwjCCBKqgAwIBAgIQU7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0B AQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBD QSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcxMjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYD VQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIw DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5D tjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK 6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6jRrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1Nwk TepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFlhFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJ kwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/20aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2 haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCYrEqHMRaojI/VStloQgW76E76zQ2byw5QxrhO UbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuTLUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW 9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMday0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP0 5tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqdGTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QL sgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMBAAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8 MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVzdC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUH MAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJv b3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEAMFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQEC MDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20v Q1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20v dGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4G A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpecdqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU 8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcNAQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PL Fpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUb AL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4 Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRypF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2 d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86IWst821ww0wxsCpEfClIvF7fBw2QkbG/1Pwu zAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QDXnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg 0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F 04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbNQUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d 1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbHXSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7 C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i6Ds5j0Qpj5aQMYICzTCCAskCAQEwWzBHMQsw CQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2 aWR1YWwgQ0EgdjMCEAtGbc1we24wZa62a3lxee0wDQYJYIZIAWUDBAIBBQCgggFDMBgGCSqGSIb3 DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIwMDQwMzA5MTcxM1owLwYJKoZIhvcN AQkEMSIEIIO2/051qtKPqsSwbPwpTPmUjECfwi0+3gbz0NYyvNBlMGoGCSsGAQQBgjcQBDFdMFsw RzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJ bmRpdmlkdWFsIENBIHYzAhALRm3NcHtuMGWutmt5cXntMGwGCyqGSIb3DQEJEAILMV2gWzBHMQsw CQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2 aWR1YWwgQ0EgdjMCEAtGbc1we24wZa62a3lxee0wDQYJKoZIhvcNAQEBBQAEggEAfyJceQoI+fcL vFSAXsN+IH79pFicoFB8XojihaG/eZVNSPv/0PmXrsvbW+LssVy/BN6CpxSfZEH8DnOZidQz6hYp sZeHjEVIjP8X9BDfBSFeBUNbdanCJ1jFjPiMKdB5zCXuz9AIg0C4SfpiF5m8vI+F5rxKV+wyv71L Xsb9braLPkHgahb5t9+O4uZKbq1RVTRuoFNSWL6joghwnpyfhDIX2iwFJEAMb40u0rOozOcEUEqv WxBiKtOZmHDH2QruwzgsxYh/HbKBLuhVGwTJmshxqGUh8zRQXZCcdwzFYPLQ9X8eMomPy6uwnUem 8ljo7qqKeG6jpSMkZch8MIfAIwAAAAAAAA== --=-puWjvMJX4YbvLLjOqn0F-- From nobody Fri Apr 3 02:49:08 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 785D83A15FA; Fri, 3 Apr 2020 02:49:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7zUM2NH3IvAx; Fri, 3 Apr 2020 02:49:05 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80075.outbound.protection.outlook.com [40.107.8.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 380ED3A15F9; Fri, 3 Apr 2020 02:49:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E+kBtYWgU64zFyFoNE30Le8irnBgWt3msQ43mLuYKd4QJg4HCTwOGjB/iIgaM70yf3OY7ehuYMz9dF59dJXgtQEcp8addIbnfKaE8EUGDuZ+56/fAu893axFs65XPrjOdEfGoz3QxijXczmInwiHqZUwdBqt8RfvUgkDsQikFoxIcySgHxjKkESdL0uW4hdk0cNWqyPNMoF1Wn8qGWW4oze8v5nyfZApGqM3byrkATwSDYiBqNUt8AVWEoM4wPJA6IE4KIY5EYXxYl7JFW+5K04Ar205wRzdOO/leTCu86BmRxRmy94l3bP4cNAAzpxocUfJAyh5LxaLP45MKJsI/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S1qLrgYagIRVvcG1GFBISVjfEcmBqsqxBi+77vhiqzI=; b=Mxt9jw8plgJZavyWz4i+5FB1QCYZoEeMNnA3vPyYsG0dOeBmqDsxQUOYctyKi6by1K1AZmlmMIw4KuHRFXdH9G/S0vccfR6TyYxsIYZMiTh6FkKKKF4ga6m45y3A5ZvO8X94Q/E7qNDSre5txwyzhV7o1l/tAuZ+JUiE6xlNGXRhtf4r3PdLuI4s5x77LVRc8BTcdd7QYFC7H9IXk5aX+Azn+UFL+zgywilJm/H/Ny0g2cXSqJl9NXIrHtzwyT/2sP9z9b3dLhKlO6P5XkswFljSn+umOUru+8Vx6n5lIisiWugrkj1OQzz2CNpVIFqbMYmQ7WEbFcU1RI+RL+dAKQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S1qLrgYagIRVvcG1GFBISVjfEcmBqsqxBi+77vhiqzI=; b=FFQxFHHpqPBAXPI09MTr9ZpOFdhQBeo25oHHFfbiNdfArJ4KQB/eDyft9BT3tutNDo4qDGCuK6tk7+rtd4Q8ImC8pO9MWXRXaj3Qi79HwtUef2sm42ieMGHIXMr0E4/eiATxGP2vYU6foaniLkZxexCAckXMViw142nNmn+P2gY= Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (52.133.7.14) by HE1PR0702MB3786.eurprd07.prod.outlook.com (52.133.7.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.14; Fri, 3 Apr 2020 09:49:00 +0000 Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a%2]) with mapi id 15.20.2878.014; Fri, 3 Apr 2020 09:49:00 +0000 From: Magnus Westerlund To: "iesg@ietf.org" , Miika Komu CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8t5jpwo8AfrnzU6oGxAW8ZOYmqhma8gAgAC0MoCAADR7gA== Date: Fri, 3 Apr 2020 09:49:00 +0000 Message-ID: <6d093953853f2062d0d31e23807f5116c4748ba3.camel@ericsson.com> References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> <1ee7a7a90a590c89583c7ce3e6a61d07f63ad9b1.camel@ericsson.com> In-Reply-To: <1ee7a7a90a590c89583c7ce3e6a61d07f63ad9b1.camel@ericsson.com> Accept-Language: sv-SE, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com; x-originating-ip: [158.174.118.23] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7d21aa1c-1049-4041-0806-08d7d7b43c90 x-ms-traffictypediagnostic: HE1PR0702MB3786:|HE1PR0702MB3786: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 0362BF9FDB x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(366004)(39860400002)(396003)(136003)(346002)(376002)(6486002)(66476007)(66446008)(2906002)(86362001)(5660300002)(6512007)(76116006)(81156014)(64756008)(36756003)(81166006)(66946007)(8936002)(66556008)(66616009)(110136005)(186003)(54906003)(44832011)(6506007)(8676002)(450100002)(966005)(478600001)(99936003)(4326008)(26005)(316002)(6636002)(71200400001)(2616005)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: oRfeqlWEk1OrxH0SxaNIycDugy4PBx7IOM0nzduIaLLIpX+WLA9RK4661xMet60RIETd6kvLceaxn6v7C9UOoAWVdhkc1yKX4/7vH6EaoY23FMKLtYv79is0uZ1BeQqGBm4IWvK5574ZGWyodX+oHdQ86Fn58b8bTIm3rOnH5UkPO6elw5Injzcy/7JUbj0fvUaTiwZztT5iVFP+5dmf108fKGtVyYg0xPlrl3IBA+2OGTweb3K0nJ9vVDz4RCV1RFxHsfVWw39tD77h84JZKOTLmP/vaQqahOAjpgl5JwAXrm/ARRzGUzlzTUwJ8m54VmVv5hXfkYm4aJDlsON//D5lNLFt0FebBq3njSS32xs0pPfE0C8c5xrcE2ghtwltGOWwIcQzFPPKX+jANFLGg38l3RwxlyzkyhhvQKbIhL3eTFBE7qmglSQ6m9eG/ynFy4WEGLUsd3InEZ7ok092fhVzhq84iKg9SqjIxdHmulv09vrsod8fFl7XbiBFL+MPQw/agmMK6cKWE4J4HgQe3E0l0SFLxWtESVjdt/6xZQAL8OhTbtGncUirk3V0e+K2 x-ms-exchange-antispam-messagedata: Rfy6Jc+SzBU/Y0dKgKbJEfSAdnAlajq1eIIgn/yNA4hwtitFOrw/3BNHnOXGLJhR7Lohj9JBiFb/rw+t15JnvWHxBdLhLf8k/WOlBWW0PzmfRL0GaOcBbWV+iEPWSxXVGGS/yDzD8K2qeB9AzU2sxw== Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-TAgZMAwUvy0a08VISedQ" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d21aa1c-1049-4041-0806-08d7d7b43c90 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 09:49:00.5122 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: L5zH3BezEvRwkENvc3YWm/zOoJuQgKf8JCM7AXxcFwb4zRSD1+yUgtpxx+twpIDsUV7YueDTh0IyJfcdZCaix0wOnlskO260MqldHNWm9A0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3786 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 09:49:07 -0000 --=-TAgZMAwUvy0a08VISedQ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi,=20 See below. On Fri, 2020-04-03 at 06:41 +0000, Miika Komu wrote: > Hi Magnus, >=20 > to, 2020-04-02 kello 22:56 +0300, Miika Komu kirjoitti: > >=20 > > > 4. MTU impact of NAT traversal. > > >=20 > > > Section 5.1 states > > > "It is worth noting that UDP encapsulation of HIP packets reduces > > > the > > > Maximum Transfer Unit (MTU) size of the control plane by 12 > > > bytes." > > >=20 > > > There is also a similar text in Section 5.11: > > >=20 > > > It is worth noting that UDP encapsulation of ESP reduces the MTU > > > size > > > of data plane by 8 bytes. > > >=20 > > > I think the document needs a discussion and impact on MTU which > > > this > > > NAT > > > traversal has on the HIP packets being sent. - First of all there > > > appears to be > > > more packet expansions happening in some cases, for example the > > > RELAY_HMAC > > > option expands packets on one leg. - Secondly, HIP requires IP > > > fragementation > > > support, however IP fragmentation through NAT is commonly not > > > working. Thus an > > > HIP packet being UDP encapsulated that results in packet exceeding > > > MTU will > > > likely end up in an MTU black hole on path. > > >=20 > > > The addition of the NAT traversal encapsulation actually increases > > > the need for > > > MTU discovery or care in MTU handling by the HIP initiator. I think > > > there need > > > to be discussion of that in the document. > >=20 > > I am stil iterating some text on this, I hope Jeff Ahrenholz can help > > with this. >=20 > I got text from Jeff Ahrenholz and Robert Moskowitz: >=20 > Section 5.2 >=20 > replaced this: >=20 > It is worth noting that UDP encapsulation of HIP packets reduces the > Maximum Transfer Unit (MTU) size of the control plane by 12 bytes. >=20 > with: >=20 > UDP encapsulation of HIP packets reduces the Maximum Transfer Unit > (MTU) size of the control plane by 12 bytes (8-byte UDP header plus > 4-byte zero SPI marker), and the data plane by 8 bytes. This > encapsulation overhead increases the need for MTU discovery. A HIP > host SHOULD have the option to enable ICMP path MTU discovery (PMTUD) > [RFC1063] [RFC8201]. Otherwise, support for IP fragmentation is > required, which may not be commonly supported through NATs. When HIP > encapsulation is implemented using a virtual tunneling interface, > consider using a reduced MTU (e.g. 1400) by default. Additional HIP > relay parameters, such as RELAY_HMAC, RELAY_UDP_HIP, RELAY_UDP_ESP, > etc., further increase the size of certain HIP packets. It is worth > noting that further HIP extensions can trim off 8 bytes in the ESP > header by negotiating implicit IV support in the ESP_TRANSFORM > parameter as described in [RFC8750]. >=20 > Does this address your concerns? I think the recommendation for virtual interface is a reasonable one based = on the constraints. However, I think:=20 A HIP > host SHOULD have the option to enable ICMP path MTU discovery (PMTUD) > [RFC1063] [RFC8201]. Otherwise, support for IP fragmentation is > required, which may not be commonly supported through NATs. maybe should be reformulated. ICMP messages are sometimes dropped in NATs, despite recommendations to support at least the TOO BIG messages. And I thi= nk if ICMP either is not working or not enabled, indicating that IP fragmentation could be a possible way to get thingst to work, appears even less likely to= work as IP fragmentation handling in NATs becomes resource demanding due to all = per packet state needed to be maintained, as only the first fragement contains = the UDP header allowing the lookup of the translation record.=20 Maybe it can be made clearer by restructuring the text so that it says this= :=20 - A HIP host SHOULD implement ICMP message handling to support MTU discover= y per [RFC1063] [RFC8201].=20 - Reliance on IP fragmentation is unlikely to be a viable strategy through = NATs so if ICMP MTU discovery is not working MTU realted path black holes may oc= cur.=20 - A mitigation is to constrain the MTU, especially for virtual interfaces t= o expected to be safe MTU values, e.g. 1400 bytes for underlying interfaces t= hat support 1500 bytes MTU. - (to include something realted to below discussion consider this bullet al= so, assumes that PLP MTUD actually can be implemented in HIP relay rather simpl= y): Implement PLPMTUD [draft-ietf-tsvwg-datagram-plpmtud] in HIP to find a work= ing path MTU without unnecessary constraining that size. =20 Has anyone looked at implementing=20 https://datatracker.ietf.org/doc/draft-ietf-tsvwg-datagram-plpmtud/ (docume= nt is in IESG evaluation) style path MTU discovery between the HIP client and the relay? Becasue I think that would be the best to actually run a HIP level p= ath MTU discovery, so that the HIP client can set its MTU to path minus overhea= d and including any for occasional messages that are required to be included when carrying useful payload. If HIP has a padding option, then I would expect t= hat HIP has everything necessary to implement working probe messages that can u= sed by the above draft.=20 To be clear, I don't expect that you write up and include such a one in thi= s specification. At most you could consider an informative statement that an = a client implementor could consider to implement such a mechanism.=20 I would more hope that someone in the WG considers to actually write a draf= t for a specification for PLP MTU discovery for HIP, which hopefully are a rather short document, but can enable a HIP based virtual interface to set well wo= rking MTU without unnecessary constraining the MTU.=20 >=20 > Btw, I would remove the following redundant statement in > "RELAYED_ADDRESS and MAPPED_ADDRESS Parameters" section: >=20 > It is worth noting that UDP encapsulation of ESP reduces > the MTU size of data plane by 8 bytes. Ok. Cheers Magnus Westerlund=20 ---------------------------------------------------------------------- Networks, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- --=-TAgZMAwUvy0a08VISedQ Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCEtww ggYHMIID76ADAgECAhALRm3NcHtuMGWutmt5cXntMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYT AlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBD QSB2MzAeFw0xNzEyMTUwNzIyMjNaFw0yMDEyMTUwNzIyMjJaMHAxETAPBgNVBAoMCEVyaWNzc29u MRowGAYDVQQDDBFNYWdudXMgV2VzdGVybHVuZDEtMCsGCSqGSIb3DQEJARYebWFnbnVzLndlc3Rl cmx1bmRAZXJpY3Nzb24uY29tMRAwDgYDVQQFEwdlcmFtc3dkMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAsKlHZvB3TsmLEDtPSiFFKAh73S2wApt+laqg5eXTqonqnzT9ykEGL2dx9mBT +2WZiIKxo4w2sisVl3EEYTqXTkctpur7cN29gLC8F3tJHGI2sUVpO9AwpVrN+UuHEVetHt7hdxW9 uYd0LJJ8TP6/wGkIfAFaZxlZUn79O2eHElfih1iVIiTZXLcEe1rBJtzhUNRHWgOm2vQlDJ4sCpig GFq5w+XSRviEQMkQZRvw1CQmb35QS/C/T36ogzIRHDuAdkoSaiUOY/S2dLp4HkwvOOg+tADpaHkr bdmdnjKGrYSnJigmxw14pJugxL/Vb2EeVcgpAfVVst7Lm4POPRI8+wIDAQABo4IBxDCCAcAwSAYD VR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC50cnVzdC50ZWxpYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNybDCBggYIKwYBBQUHAQEEdjB0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcDIu dHJ1c3QudGVsaWEuY29tMEgGCCsGAQUFBzAChjxodHRwOi8vY2EudHJ1c3QudGVsaWFzb25lcmEu Y29tL2VyaWNzc29ubmxpbmRpdmlkdWFsY2F2My5jZXIwKQYDVR0RBCIwIIEebWFnbnVzLndlc3Rl cmx1bmRAZXJpY3Nzb24uY29tMFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQESMDowOAYIKwYBBQUH AgEWLGh0dHBzOi8vcmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMB0GA1UdJQQW MBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNVHQ4EFgQU5ivuhpU51W4UhBDBWwf8XsU837YwHwYD VR0jBBgwFoAUHHsZnpecdqwgPdjc45Fq49stplMwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEB CwUAA4ICAQBn0FKukg00UN/c/ESpxSIaYTrsd8liHHMu5rLpOBNOacpGNBMGNgUDDt4QihhoQR3c vhYXCrAM59NTvw0HNlgqHZoEeVY7YnJJYnJXDCLUfkK5Dn28E3QrzykkF6giUOXDyF9mhWYbSAkJ yx0Yj0Xc8en3wYNyoFYEqjlKtZrdV0pcgFzEeXVLS8DWrzSy7+KfUtDOEiM6H3zO3nsq++KBmsOi SKkWn4oYERZg5KElEAHis9av+3KIaEPnOAt8QRWRpFfGZ4d89F16qFvElup5n7l864FqxnC2friD o4hLQY6ENaOaYIihXhbl2UYxAGDk89aJm/S5pYyq7wzm+KK3IcUl60rmc8SJlt6QXKw0wXEOE1Mu bauYKMsad2s8jD+rEkXp+agTRl+sezWaRxHBpxuUKDd6MhwDig3SZi1qP7D/Ds4V+JLIjjUJc25l 9tvMGC9+lqI0P+vMI3Zyrou0NNfb55uLQaq18O+7BZ8Kv7jvFdxYyUgbxQ0SPEiyhylcLHAmJeLC QaiZHmCREBkCLKSf0O4lE2TrVzdOD38wjzuQ27U3UddVCD9EQ3tF7o6EVhpxJJUlB6xe/2UWwy4Z la71dKLUhakdVrN5abzxqFWvzOAT9nBa2HzYVBtpbcu6KGh72YJ+M79fa9iIkcQCgUnw3gIAeWd/ /n4YbY2QhDCCBgcwggPvoAMCAQICEAtGbc1we24wZa62a3lxee0wDQYJKoZIhvcNAQELBQAwRzEL MAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRp dmlkdWFsIENBIHYzMB4XDTE3MTIxNTA3MjIyM1oXDTIwMTIxNTA3MjIyMlowcDERMA8GA1UECgwI RXJpY3Nzb24xGjAYBgNVBAMMEU1hZ251cyBXZXN0ZXJsdW5kMS0wKwYJKoZIhvcNAQkBFh5tYWdu dXMud2VzdGVybHVuZEBlcmljc3Nvbi5jb20xEDAOBgNVBAUTB2VyYW1zd2QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwqUdm8HdOyYsQO09KIUUoCHvdLbACm36VqqDl5dOqieqfNP3K QQYvZ3H2YFP7ZZmIgrGjjDayKxWXcQRhOpdORy2m6vtw3b2AsLwXe0kcYjaxRWk70DClWs35S4cR V60e3uF3Fb25h3QsknxM/r/AaQh8AVpnGVlSfv07Z4cSV+KHWJUiJNlctwR7WsEm3OFQ1EdaA6ba 9CUMniwKmKAYWrnD5dJG+IRAyRBlG/DUJCZvflBL8L9PfqiDMhEcO4B2ShJqJQ5j9LZ0ungeTC84 6D60AOloeStt2Z2eMoathKcmKCbHDXikm6DEv9VvYR5VyCkB9VWy3subg849Ejz7AgMBAAGjggHE MIIBwDBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nv bm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggrBgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6 Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYIKwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxp YXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2aWR1YWxjYXYzLmNlcjApBgNVHREEIjAggR5tYWdu dXMud2VzdGVybHVuZEBlcmljc3Nvbi5jb20wVQYDVR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4 BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMw HQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMB0GA1UdDgQWBBTmK+6GlTnVbhSEEMFbB/xe xTzftjAfBgNVHSMEGDAWgBQcexmel5x2rCA92NzjkWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJ KoZIhvcNAQELBQADggIBAGfQUq6SDTRQ39z8RKnFIhphOux3yWIccy7msuk4E05pykY0EwY2BQMO 3hCKGGhBHdy+FhcKsAzn01O/DQc2WCodmgR5VjtickliclcMItR+QrkOfbwTdCvPKSQXqCJQ5cPI X2aFZhtICQnLHRiPRdzx6ffBg3KgVgSqOUq1mt1XSlyAXMR5dUtLwNavNLLv4p9S0M4SIzoffM7e eyr74oGaw6JIqRafihgRFmDkoSUQAeKz1q/7cohoQ+c4C3xBFZGkV8Znh3z0XXqoW8SW6nmfuXzr gWrGcLZ+uIOjiEtBjoQ1o5pgiKFeFuXZRjEAYOTz1omb9LmljKrvDOb4orchxSXrSuZzxImW3pBc rDTBcQ4TUy5tq5goyxp3azyMP6sSRen5qBNGX6x7NZpHEcGnG5QoN3oyHAOKDdJmLWo/sP8OzhX4 ksiONQlzbmX228wYL36WojQ/68wjdnKui7Q019vnm4tBqrXw77sFnwq/uO8V3FjJSBvFDRI8SLKH KVwscCYl4sJBqJkeYJEQGQIspJ/Q7iUTZOtXN04PfzCPO5DbtTdR11UIP0RDe0XujoRWGnEklSUH rF7/ZRbDLhmVrvV0otSFqR1Ws3lpvPGoVa/M4BP2cFrYfNhUG2lty7ooaHvZgn4zv19r2IiRxAKB SfDeAgB5Z3/+fhhtjZCEMIIGwjCCBKqgAwIBAgIQU7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0B AQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBD QSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcxMjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYD VQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIw DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5D tjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK 6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6jRrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1Nwk TepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFlhFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJ kwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/20aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2 haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCYrEqHMRaojI/VStloQgW76E76zQ2byw5QxrhO UbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuTLUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW 9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMday0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP0 5tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqdGTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QL sgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMBAAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8 MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVzdC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUH MAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJv b3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEAMFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQEC MDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20v Q1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20v dGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4G A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpecdqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU 8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcNAQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PL Fpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUb AL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4 Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRypF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2 d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86IWst821ww0wxsCpEfClIvF7fBw2QkbG/1Pwu zAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QDXnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg 0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F 04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbNQUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d 1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbHXSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7 C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i6Ds5j0Qpj5aQMYICzTCCAskCAQEwWzBHMQsw CQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2 aWR1YWwgQ0EgdjMCEAtGbc1we24wZa62a3lxee0wDQYJYIZIAWUDBAIBBQCgggFDMBgGCSqGSIb3 DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIwMDQwMzA5NDg1OVowLwYJKoZIhvcN AQkEMSIEIJ1RK4dgxaol9/f1zPVl20ZIByfcZsFk51kbPprqXoEhMGoGCSsGAQQBgjcQBDFdMFsw RzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJ bmRpdmlkdWFsIENBIHYzAhALRm3NcHtuMGWutmt5cXntMGwGCyqGSIb3DQEJEAILMV2gWzBHMQsw CQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2 aWR1YWwgQ0EgdjMCEAtGbc1we24wZa62a3lxee0wDQYJKoZIhvcNAQEBBQAEggEAqTP3jASCuIrb 2dDQEw2ASITnu6RuQ55cqxNXG7vcceAPCQ7JRf4MY5wPjWp4TfFadIc6emZI7FuVYGTVevE6ZArw USm9NgjWmJ+fZAwlxo01EvtvrVRJMOPx7rfNyG8OFk+cFgF1+sKyljP3V6Eo6uAGI5j9u13K8JrO BASS+QwtcAG9rrLP0d389piSNBg5MC9cNqRUhOHIqPCDlaHkswAix2OtWbz7zCZ0l5nYTDdN5Eou 8c6dCwakTHWVtOUP7bFy84qCMmGGTU0LHLNbP91AO89l8HYQTqh1g3u8pFWGMJBBX02sJ/wMn7fC 9JnDYh17hABuO9+fYS1UJMXH3AAAAAAAAA== --=-TAgZMAwUvy0a08VISedQ-- From nobody Fri Apr 3 06:29:12 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AA053A0964 for ; Fri, 3 Apr 2020 06:29:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cv5MZS_HxgiX for ; Fri, 3 Apr 2020 06:29:09 -0700 (PDT) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3F643A095F for ; Fri, 3 Apr 2020 06:29:08 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 5EEFB6213F for ; Fri, 3 Apr 2020 09:29:08 -0400 (EDT) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fn10+ZD1UyxA for ; Fri, 3 Apr 2020 09:29:02 -0400 (EDT) Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 5C50862136 for ; Fri, 3 Apr 2020 09:29:02 -0400 (EDT) To: HIP From: Robert Moskowitz Message-ID: <187f5430-1c5f-1ebe-7c81-1938fc7b9cd7@htt-consult.com> Date: Fri, 3 Apr 2020 09:28:56 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------9D835C15081BDE5E9DD5626B" Content-Language: en-US Archived-At: Subject: [Hipsec] Fwd: New Version Notification for draft-moskowitz-hip-fast-mobility-03.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2020 13:29:11 -0000 This is a multi-part message in MIME format. --------------9D835C15081BDE5E9DD5626B Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit I have updated the hip-fast-mobility draft. I welcome review. It will be used in an upcoming DRIP N-RID secure transport draft that will also include secure C2 transport. Stay tuned... -------- Forwarded Message -------- Subject: New Version Notification for draft-moskowitz-hip-fast-mobility-03.txt Date: Fri, 03 Apr 2020 06:24:02 -0700 From: internet-drafts@ietf.org To: Stuart W. Card , Adam Wiethuechter , Robert Moskowitz , Stuart Card A new version of I-D, draft-moskowitz-hip-fast-mobility-03.txt has been successfully submitted by Robert Moskowitz and posted to the IETF repository. Name: draft-moskowitz-hip-fast-mobility Revision: 03 Title: Fast HIP Host Mobility Document date: 2020-04-03 Group: Individual Submission Pages: 9 URL: https://www.ietf.org/internet-drafts/draft-moskowitz-hip-fast-mobility-03.txt Status: https://datatracker.ietf.org/doc/draft-moskowitz-hip-fast-mobility/ Htmlized: https://tools.ietf.org/html/draft-moskowitz-hip-fast-mobility-03 Htmlized: https://datatracker.ietf.org/doc/html/draft-moskowitz-hip-fast-mobility Diff: https://www.ietf.org/rfcdiff?url2=draft-moskowitz-hip-fast-mobility-03 Abstract: This document describes mobility scenarios and how to aggressively support them in HIP. The goal is minimum lag in the mobility event. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat --------------9D835C15081BDE5E9DD5626B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit
I have updated the hip-fast-mobility draft.

I welcome review.

It will be used in an upcoming DRIP N-RID secure transport draft that will also include secure C2 transport.

Stay tuned...


-------- Forwarded Message --------
Subject: New Version Notification for draft-moskowitz-hip-fast-mobility-03.txt
Date: Fri, 03 Apr 2020 06:24:02 -0700
From: internet-drafts@ietf.org
To: Stuart W. Card <stu.card@axenterprize.com>, Adam Wiethuechter <adam.wiethuechter@axenterprize.com>, Robert Moskowitz <rgm@labs.htt-consult.com>, Stuart Card <stu.card@axenterprize.com>



A new version of I-D, draft-moskowitz-hip-fast-mobility-03.txt
has been successfully submitted by Robert Moskowitz and posted to the
IETF repository.

Name: draft-moskowitz-hip-fast-mobility
Revision: 03
Title: Fast HIP Host Mobility
Document date: 2020-04-03
Group: Individual Submission
Pages: 9
URL: https://www.ietf.org/internet-drafts/draft-moskowitz-hip-fast-mobility-03.txt
Status: https://datatracker.ietf.org/doc/draft-moskowitz-hip-fast-mobility/
Htmlized: https://tools.ietf.org/html/draft-moskowitz-hip-fast-mobility-03
Htmlized: https://datatracker.ietf.org/doc/html/draft-moskowitz-hip-fast-mobility
Diff: https://www.ietf.org/rfcdiff?url2=draft-moskowitz-hip-fast-mobility-03

Abstract:
This document describes mobility scenarios and how to aggressively
support them in HIP. The goal is minimum lag in the mobility event.



Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


--------------9D835C15081BDE5E9DD5626B-- From nobody Sat Apr 4 15:06:32 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 881EC3A0D5B; Sat, 4 Apr 2020 15:04:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pPMHp1sRYqrY; Sat, 4 Apr 2020 15:04:53 -0700 (PDT) Received: from out.west.exch081.serverdata.net (cas081-co-1.exch081.serverdata.net [199.193.204.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C7053A0D59; Sat, 4 Apr 2020 15:04:53 -0700 (PDT) Received: from MBX081-W5-CO-2.exch081.serverpod.net (10.224.129.85) by MBX081-W5-CO-1 (10.224.129.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 4 Apr 2020 15:04:51 -0700 Received: from MBX081-W5-CO-2.exch081.serverpod.net ([10.224.129.85]) by MBX081-W5-CO-2.exch081.serverpod.net ([10.224.129.85]) with mapi id 15.00.1497.006; Sat, 4 Apr 2020 15:04:51 -0700 From: Jeff Ahrenholz To: Magnus Westerlund , "iesg@ietf.org" , Miika Komu CC: "hipsec@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "draft-ietf-hip-native-nat-traversal@ietf.org" Thread-Topic: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHWCs0QwYJaPNdvAUSdnQZll/PFwg== Date: Sat, 4 Apr 2020 22:04:51 +0000 Message-ID: <4005590A-2B50-4E8A-9DB4-9C9B6CF43DAE@tempered.io> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [73.254.156.159] Content-Type: text/plain; charset="utf-8" Content-ID: <0B04B33D5FF98A468EBF09D44085BB3B@exch081.serverpod.net> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 22:04:55 -0000 PiAgIEhhcyBhbnlvbmUgbG9va2VkIGF0IGltcGxlbWVudGluZyANCj4gICBodHRwczovL2RhdGF0 cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXRzdndnLWRhdGFncmFtLXBscG10dWQvIChk b2N1bWVudCBpcw0KPiAgIGluIElFU0cgZXZhbHVhdGlvbikgc3R5bGUgcGF0aCBNVFUgZGlzY292 ZXJ5IGJldHdlZW4gdGhlIEhJUCBjbGllbnQgYW5kIHRoZQ0KPiAgIHJlbGF5PyBCZWNhc3VlIEkg dGhpbmsgdGhhdCB3b3VsZCBiZSB0aGUgYmVzdCB0byBhY3R1YWxseSBydW4gYSBISVAgbGV2ZWwg cGF0aA0KPiAgIE1UVSBkaXNjb3ZlcnksIHNvIHRoYXQgdGhlIEhJUCBjbGllbnQgY2FuIHNldCBp dHMgTVRVIHRvIHBhdGggbWludXMgb3ZlcmhlYWQgYW5kDQo+ICAgaW5jbHVkaW5nIGFueSBmb3Ig b2NjYXNpb25hbCBtZXNzYWdlcyB0aGF0IGFyZSByZXF1aXJlZCB0byBiZSBpbmNsdWRlZCB3aGVu DQo+ICAgY2FycnlpbmcgdXNlZnVsIHBheWxvYWQuIElmIEhJUCBoYXMgYSBwYWRkaW5nIG9wdGlv biwgdGhlbiBJIHdvdWxkIGV4cGVjdCB0aGF0DQo+ICAgSElQIGhhcyBldmVyeXRoaW5nIG5lY2Vz c2FyeSB0byBpbXBsZW1lbnQgd29ya2luZyBwcm9iZSBtZXNzYWdlcyB0aGF0IGNhbiB1c2VkDQo+ ICAgYnkgdGhlIGFib3ZlIGRyYWZ0LiANCg0KVGhhbmtzIGZvciB0aGUgcG9pbnRlciB0byB0aGlz IGRyYWZ0LiBXZSBoYXZlbid0IGxvb2tlZCBpbnRvIGl0IHlldCBidXQgdGhpcyBtYXkgYmUgYSBn b29kIHNvbHV0aW9uIGZvciBvdXIgSElQIGRlcGxveW1lbnRzLiAoV2UncmUgYWx3YXlzIGRvaW5n IEhJUC1vdmVyLVVEUCBhbmQgb2Z0ZW4gdXNpbmcgcmVsYXlpbmcuKQ0KDQotSmVmZiANCg0K From nobody Sun Apr 5 06:13:21 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA8923A089B; Sun, 5 Apr 2020 06:13:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Cahc5E2Th2s; Sun, 5 Apr 2020 06:13:15 -0700 (PDT) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130075.outbound.protection.outlook.com [40.107.13.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE5403A0896; Sun, 5 Apr 2020 06:13:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Bb3Toy/tj8U82p9PI7ZOOeK9mUd3w1eVew8w9vXK33h3ZiH2OWV7bxEFPy0oZj0mframaoHDygr549D722VY2zZDvpPjC2OMABQX04M8xO/4yCH6j1u/qYYcoGzkn98I4G9StGxuVqCevF5MO6RRvJ3PrX04D/aEvv1rQGfiOWOR1S8UXJd0VbDk0Gs7FF0smNYI1rwGkvqkQj6FzcCiInCt2qepb84OD5n9IrDzipWAHDXQkpYa3YI5U+eQKohbRPQUM960nkgNRvO3g+o3PRAYXHC8qEFEIta4L4wcDTRkZlJdw6pGr4wcRauTNFucQ8EqDv6JfMnAnu4nKc/IvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zMwOHswzHLUBiwmQhwzlstc3HsTPFJcp1PJmBNrviIw=; b=LvPGOVixMm09sP3eswQQr0Z84D+ZrfssWTd1hlHJMgyFJ+lFUMbOY9Z0G1UrTckjLy3znW5E+Gj9d3uuZ0XnzU6gxe2gq2lDGIuc3MgrgT0lkS0ybkXH3GhYf2yIF6E7OfTZqPT9nSmfbnbbvY+S4Hmru+YQkjpsDvpieX7vuwJ+tIeE8e0aNja4arfdwR2gTYzZT6fK1E7hjQhDlr/5jG9tStN9meCYGwpx3lZvYrOLfXuPQvSIG8XSP47+LKIKZ7ybZyit2OlSZGNvh8y28eSuxyIaDs+CXN3lSEoIAuDtU88DdpsRFH5BdGkNGoEEGImLKbLEgSY1pM4UH7qO1Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zMwOHswzHLUBiwmQhwzlstc3HsTPFJcp1PJmBNrviIw=; b=JXYDLshqHhyGZm/00GzdepKEHtdDsCbLvyuQRwcPQfdAh3fKXktUNItMPpuIQyFR5z9WrVdkm+u2ziacSd1rPNtMuKhOtWho3G86BC8rv6X3W1P9uTnKQvMIgDjdOTBsGQ3FG1gFdI0lzfjP1R9m91S1B1GqEExBxRBddUX30oM= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB4611.eurprd07.prod.outlook.com (52.135.151.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.13; Sun, 5 Apr 2020 13:13:07 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4%7]) with mapi id 15.20.2900.012; Sun, 5 Apr 2020 13:13:07 +0000 From: Miika Komu To: "iesg@ietf.org" , Magnus Westerlund CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8t5gg3Zvxq1PeEaWx2XZsfEZi6hma8SAgAC0NICAADR+AIADXbGA Date: Sun, 5 Apr 2020 13:13:07 +0000 Message-ID: <408e58bf1969e7a538e0ee545dd69ff694d81bf0.camel@ericsson.com> References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> <1ee7a7a90a590c89583c7ce3e6a61d07f63ad9b1.camel@ericsson.com> <6d093953853f2062d0d31e23807f5116c4748ba3.camel@ericsson.com> In-Reply-To: <6d093953853f2062d0d31e23807f5116c4748ba3.camel@ericsson.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cb9f6902-d9d8-4538-4b00-08d7d963154c x-ms-traffictypediagnostic: AM0PR07MB4611:|AM0PR07MB4611: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 03648EFF89 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(136003)(346002)(376002)(366004)(396003)(966005)(8676002)(36756003)(6506007)(6636002)(2906002)(81156014)(5660300002)(450100002)(478600001)(81166006)(71200400001)(316002)(186003)(8936002)(91956017)(66446008)(4326008)(66556008)(110136005)(26005)(86362001)(44832011)(6486002)(64756008)(66946007)(76116006)(2616005)(66476007)(6512007)(54906003)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Ir7Uu+MC5Q4wPdAh8gybzyTnTXLiCvul6urirHafOb3ujz6em87bl7QOx0dllmPFRhDLW5/08vCvffI4fYXdMHKCrwt/Q9sNIQh633Tdyg/c3wmSAqcpmyBkCnWyJWCIhBVAF9JapSiqJikXZL7yYlg02ORdMeinKhQ8k/0QJYCLvCAY41rgbHAobH4lTrwld4Ek1kDgbOVJe55WeDhCBtEgdavvku7zuBpmjZt5OQBNsrQrkDhoWoKlnvWINqbib9HCXVkEgUYoOSCFrHqwpusiIZCp3HYczKKrOngWuIEIhCnz5deRSMTIVr70tyU98+m8h8J7RlKNipcT9DXEP62pw84Wq/TnUy1OTSdyp7aOv7XNPiUGbDwXZL7lk1Uxw6bFKwBrLwNSJRzsxNlmRgLF/8DM0YlgyQ5NlRcD2QhLI1RO056jrE/OSDYa0173zdimfc3lq4Wdb952nKxhUWiYUre4zaF1NoRDzg4dt11JTfbktaXlLrUFjrWlfosCwHyJgpYiIM0DTwA16pu1zmHXnaYub50F2eByliXyHrbmvahVjXrfdpSvgDjGu9xY x-ms-exchange-antispam-messagedata: 9m1aLMmg/3896tjeKLICi2yj3HysRqanipfBJfwVLXXGssS/stPD7TYPkHQL6qtgycZo2Ud2UM4cUv7L4r+in1mjIiwsD5lwCN3qcZ3qZeqZAuB6siWmg06qkgsrYKimpHPD5Y7UZFkuwIwtdsGLSg== Content-Type: text/plain; charset="utf-8" Content-ID: <700D1E76E3664648964F8782554DEC0B@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: cb9f6902-d9d8-4538-4b00-08d7d963154c X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2020 13:13:07.7696 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TZonAO8HX7gN4FHi0YQIduIqmOnUvj6bozCh0llLnQc/t74PwhY4HmhQIfjCGziljZ0hqigjY8Glzk/O+BOJFw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4611 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2020 13:13:18 -0000 SGkgTWFnbnVzLA0KDQpwZSwgMjAyMC0wNC0wMyBrZWxsbyAwOTo0OSArMDAwMCwgTWFnbnVzIFdl c3Rlcmx1bmQga2lyam9pdHRpOg0KPiBIaSwgDQo+IA0KPiBTZWUgYmVsb3cuDQo+IA0KPiBPbiBG cmksIDIwMjAtMDQtMDMgYXQgMDY6NDEgKzAwMDAsIE1paWthIEtvbXUgd3JvdGU6DQo+ID4gSGkg TWFnbnVzLA0KPiA+IA0KPiA+IHRvLCAyMDIwLTA0LTAyIGtlbGxvIDIyOjU2ICswMzAwLCBNaWlr YSBLb211IGtpcmpvaXR0aToNCj4gPiA+IA0KPiA+ID4gPiA0LiBNVFUgaW1wYWN0IG9mIE5BVCB0 cmF2ZXJzYWwuDQo+ID4gPiA+IA0KPiA+ID4gPiBTZWN0aW9uIDUuMSBzdGF0ZXMNCj4gPiA+ID4g Ikl0IGlzIHdvcnRoIG5vdGluZyB0aGF0IFVEUCBlbmNhcHN1bGF0aW9uIG9mIEhJUCBwYWNrZXRz DQo+ID4gPiA+IHJlZHVjZXMNCj4gPiA+ID4gdGhlDQo+ID4gPiA+ICAgIE1heGltdW0gVHJhbnNm ZXIgVW5pdCAoTVRVKSBzaXplIG9mIHRoZSBjb250cm9sIHBsYW5lIGJ5IDEyDQo+ID4gPiA+IGJ5 dGVzLiINCj4gPiA+ID4gDQo+ID4gPiA+IFRoZXJlIGlzIGFsc28gYSBzaW1pbGFyIHRleHQgaW4g U2VjdGlvbiA1LjExOg0KPiA+ID4gPiANCj4gPiA+ID4gICAgSXQgaXMgd29ydGggbm90aW5nIHRo YXQgVURQIGVuY2Fwc3VsYXRpb24gb2YgRVNQIHJlZHVjZXMgdGhlDQo+ID4gPiA+IE1UVQ0KPiA+ ID4gPiBzaXplDQo+ID4gPiA+ICAgIG9mIGRhdGEgcGxhbmUgYnkgOCBieXRlcy4NCj4gPiA+ID4g DQo+ID4gPiA+IEkgdGhpbmsgdGhlIGRvY3VtZW50IG5lZWRzIGEgZGlzY3Vzc2lvbiBhbmQgaW1w YWN0IG9uIE1UVSB3aGljaA0KPiA+ID4gPiB0aGlzDQo+ID4gPiA+IE5BVA0KPiA+ID4gPiB0cmF2 ZXJzYWwgaGFzIG9uIHRoZSBISVAgcGFja2V0cyBiZWluZyBzZW50LiAtIEZpcnN0IG9mIGFsbA0K PiA+ID4gPiB0aGVyZQ0KPiA+ID4gPiBhcHBlYXJzIHRvIGJlDQo+ID4gPiA+IG1vcmUgcGFja2V0 IGV4cGFuc2lvbnMgaGFwcGVuaW5nIGluIHNvbWUgY2FzZXMsIGZvciBleGFtcGxlIHRoZQ0KPiA+ ID4gPiBSRUxBWV9ITUFDDQo+ID4gPiA+IG9wdGlvbiBleHBhbmRzIHBhY2tldHMgb24gb25lIGxl Zy4gLSBTZWNvbmRseSwgSElQIHJlcXVpcmVzIElQDQo+ID4gPiA+IGZyYWdlbWVudGF0aW9uDQo+ ID4gPiA+IHN1cHBvcnQsIGhvd2V2ZXIgSVAgZnJhZ21lbnRhdGlvbiB0aHJvdWdoIE5BVCBpcyBj b21tb25seSBub3QNCj4gPiA+ID4gd29ya2luZy4gVGh1cyBhbg0KPiA+ID4gPiBISVAgcGFja2V0 IGJlaW5nIFVEUCBlbmNhcHN1bGF0ZWQgdGhhdCByZXN1bHRzIGluIHBhY2tldA0KPiA+ID4gPiBl eGNlZWRpbmcNCj4gPiA+ID4gTVRVIHdpbGwNCj4gPiA+ID4gbGlrZWx5IGVuZCB1cCBpbiBhbiBN VFUgYmxhY2sgaG9sZSBvbiBwYXRoLg0KPiA+ID4gPiANCj4gPiA+ID4gVGhlIGFkZGl0aW9uIG9m IHRoZSBOQVQgdHJhdmVyc2FsIGVuY2Fwc3VsYXRpb24gYWN0dWFsbHkNCj4gPiA+ID4gaW5jcmVh c2VzDQo+ID4gPiA+IHRoZSBuZWVkIGZvcg0KPiA+ID4gPiBNVFUgZGlzY292ZXJ5IG9yIGNhcmUg aW4gTVRVIGhhbmRsaW5nIGJ5IHRoZSBISVAgaW5pdGlhdG9yLiBJDQo+ID4gPiA+IHRoaW5rDQo+ ID4gPiA+IHRoZXJlIG5lZWQNCj4gPiA+ID4gdG8gYmUgZGlzY3Vzc2lvbiBvZiB0aGF0IGluIHRo ZSBkb2N1bWVudC4NCj4gPiA+IA0KPiA+ID4gSSBhbSBzdGlsIGl0ZXJhdGluZyBzb21lIHRleHQg b24gdGhpcywgSSBob3BlIEplZmYgQWhyZW5ob2x6IGNhbg0KPiA+ID4gaGVscA0KPiA+ID4gd2l0 aCB0aGlzLg0KPiA+IA0KPiA+IEkgZ290IHRleHQgZnJvbSBKZWZmIEFocmVuaG9seiBhbmQgUm9i ZXJ0IE1vc2tvd2l0ejoNCj4gPiANCj4gPiBTZWN0aW9uIDUuMg0KPiA+IA0KPiA+IHJlcGxhY2Vk IHRoaXM6DQo+ID4gDQo+ID4gSXQgaXMgd29ydGggbm90aW5nIHRoYXQgVURQIGVuY2Fwc3VsYXRp b24gb2YgSElQIHBhY2tldHMgcmVkdWNlcw0KPiA+IHRoZQ0KPiA+IE1heGltdW0gVHJhbnNmZXIg VW5pdCAoTVRVKSBzaXplIG9mIHRoZSBjb250cm9sIHBsYW5lIGJ5IDEyIGJ5dGVzLg0KPiA+IA0K PiA+IHdpdGg6DQo+ID4gDQo+ID4gVURQIGVuY2Fwc3VsYXRpb24gb2YgSElQIHBhY2tldHMgcmVk dWNlcyB0aGUgTWF4aW11bSBUcmFuc2ZlciBVbml0DQo+ID4gKE1UVSkgc2l6ZSBvZiB0aGUgY29u dHJvbCBwbGFuZSBieSAxMiBieXRlcyAoOC1ieXRlIFVEUCBoZWFkZXIgcGx1cw0KPiA+IDQtYnl0 ZSB6ZXJvIFNQSSBtYXJrZXIpLCBhbmQgdGhlIGRhdGEgcGxhbmUgYnkgOCBieXRlcy4gIFRoaXMN Cj4gPiBlbmNhcHN1bGF0aW9uIG92ZXJoZWFkIGluY3JlYXNlcyB0aGUgbmVlZCBmb3IgTVRVIGRp c2NvdmVyeS4gIEEgSElQDQo+ID4gaG9zdCBTSE9VTEQgaGF2ZSB0aGUgb3B0aW9uIHRvIGVuYWJs ZSBJQ01QIHBhdGggTVRVIGRpc2NvdmVyeQ0KPiA+IChQTVRVRCkNCj4gPiBbUkZDMTA2M10gW1JG QzgyMDFdLiAgT3RoZXJ3aXNlLCBzdXBwb3J0IGZvciBJUCBmcmFnbWVudGF0aW9uIGlzDQo+ID4g cmVxdWlyZWQsIHdoaWNoIG1heSBub3QgYmUgY29tbW9ubHkgc3VwcG9ydGVkIHRocm91Z2ggTkFU cy4gIFdoZW4NCj4gPiBISVANCj4gPiBlbmNhcHN1bGF0aW9uIGlzIGltcGxlbWVudGVkIHVzaW5n IGEgdmlydHVhbCB0dW5uZWxpbmcgaW50ZXJmYWNlLA0KPiA+IGNvbnNpZGVyIHVzaW5nIGEgcmVk dWNlZCBNVFUgKGUuZy4gMTQwMCkgYnkgZGVmYXVsdC4gIEFkZGl0aW9uYWwNCj4gPiBISVANCj4g PiByZWxheSBwYXJhbWV0ZXJzLCBzdWNoIGFzIFJFTEFZX0hNQUMsIFJFTEFZX1VEUF9ISVAsIFJF TEFZX1VEUF9FU1AsDQo+ID4gZXRjLiwgZnVydGhlciBpbmNyZWFzZSB0aGUgc2l6ZSBvZiBjZXJ0 YWluIEhJUCBwYWNrZXRzLiAgSXQgaXMNCj4gPiB3b3J0aA0KPiA+IG5vdGluZyB0aGF0IGZ1cnRo ZXIgSElQIGV4dGVuc2lvbnMgY2FuIHRyaW0gb2ZmIDggYnl0ZXMgaW4gdGhlIEVTUA0KPiA+IGhl YWRlciBieSBuZWdvdGlhdGluZyBpbXBsaWNpdCBJViBzdXBwb3J0IGluIHRoZSBFU1BfVFJBTlNG T1JNDQo+ID4gcGFyYW1ldGVyIGFzIGRlc2NyaWJlZCBpbiBbUkZDODc1MF0uDQo+ID4gDQo+ID4g RG9lcyB0aGlzIGFkZHJlc3MgeW91ciBjb25jZXJucz8NCj4gDQo+IEkgdGhpbmsgdGhlIHJlY29t bWVuZGF0aW9uIGZvciB2aXJ0dWFsIGludGVyZmFjZSBpcyBhIHJlYXNvbmFibGUgb25lDQo+IGJh c2VkIG9uDQo+IHRoZSBjb25zdHJhaW50cy4gSG93ZXZlciwgSSB0aGluazogDQo+IA0KPiBBIEhJ UA0KPiA+IGhvc3QgU0hPVUxEIGhhdmUgdGhlIG9wdGlvbiB0byBlbmFibGUgSUNNUCBwYXRoIE1U VSBkaXNjb3ZlcnkNCj4gPiAoUE1UVUQpDQo+ID4gW1JGQzEwNjNdIFtSRkM4MjAxXS4gIE90aGVy d2lzZSwgc3VwcG9ydCBmb3IgSVAgZnJhZ21lbnRhdGlvbiBpcw0KPiA+IHJlcXVpcmVkLCB3aGlj aCBtYXkgbm90IGJlIGNvbW1vbmx5IHN1cHBvcnRlZCB0aHJvdWdoIE5BVHMuDQo+IA0KPiBtYXli ZSBzaG91bGQgYmUgcmVmb3JtdWxhdGVkLiBJQ01QIG1lc3NhZ2VzIGFyZSBzb21ldGltZXMgZHJv cHBlZCBpbg0KPiBOQVRzLA0KPiBkZXNwaXRlIHJlY29tbWVuZGF0aW9ucyB0byBzdXBwb3J0IGF0 IGxlYXN0IHRoZSBUT08gQklHIG1lc3NhZ2VzLiBBbmQNCj4gSSB0aGluayBpZg0KPiBJQ01QIGVp dGhlciBpcyBub3Qgd29ya2luZyBvciBub3QgZW5hYmxlZCwgaW5kaWNhdGluZyB0aGF0IElQDQo+ IGZyYWdtZW50YXRpb24NCj4gY291bGQgYmUgYSBwb3NzaWJsZSB3YXkgdG8gZ2V0IHRoaW5nc3Qg dG8gd29yaywgYXBwZWFycyBldmVuIGxlc3MNCj4gbGlrZWx5IHRvIHdvcmsNCj4gYXMgSVAgZnJh Z21lbnRhdGlvbiBoYW5kbGluZyBpbiBOQVRzIGJlY29tZXMgcmVzb3VyY2UgZGVtYW5kaW5nIGR1 ZQ0KPiB0byBhbGwgcGVyDQo+IHBhY2tldCBzdGF0ZSBuZWVkZWQgdG8gYmUgbWFpbnRhaW5lZCwg YXMgb25seSB0aGUgZmlyc3QgZnJhZ2VtZW50DQo+IGNvbnRhaW5zIHRoZQ0KPiBVRFAgaGVhZGVy IGFsbG93aW5nIHRoZSBsb29rdXAgb2YgdGhlIHRyYW5zbGF0aW9uIHJlY29yZC4gDQo+IA0KPiBN YXliZSBpdCBjYW4gYmUgbWFkZSBjbGVhcmVyIGJ5IHJlc3RydWN0dXJpbmcgdGhlIHRleHQgc28g dGhhdCBpdA0KPiBzYXlzIHRoaXM6IA0KPiANCj4gLSBBIEhJUCBob3N0IFNIT1VMRCBpbXBsZW1l bnQgSUNNUCBtZXNzYWdlIGhhbmRsaW5nIHRvIHN1cHBvcnQgTVRVDQo+IGRpc2NvdmVyeSBwZXIN Cj4gW1JGQzEwNjNdIFtSRkM4MjAxXS4gDQo+IC0gUmVsaWFuY2Ugb24gSVAgZnJhZ21lbnRhdGlv biBpcyB1bmxpa2VseSB0byBiZSBhIHZpYWJsZSBzdHJhdGVneQ0KPiB0aHJvdWdoIE5BVHMNCj4g c28gaWYgSUNNUCBNVFUgZGlzY292ZXJ5IGlzIG5vdCB3b3JraW5nIE1UVSByZWFsdGVkIHBhdGgg YmxhY2sgaG9sZXMNCj4gbWF5IG9jY3VyLiANCj4gLSBBIG1pdGlnYXRpb24gaXMgdG8gY29uc3Ry YWluIHRoZSBNVFUsIGVzcGVjaWFsbHkgZm9yIHZpcnR1YWwNCj4gaW50ZXJmYWNlcyB0bw0KPiBl eHBlY3RlZCB0byBiZSBzYWZlIE1UVSB2YWx1ZXMsIGUuZy4gMTQwMCBieXRlcyBmb3IgdW5kZXJs eWluZw0KPiBpbnRlcmZhY2VzIHRoYXQNCj4gc3VwcG9ydCAxNTAwIGJ5dGVzIE1UVS4NCj4gLSAo dG8gaW5jbHVkZSBzb21ldGhpbmcgcmVhbHRlZCB0byBiZWxvdyBkaXNjdXNzaW9uIGNvbnNpZGVy IHRoaXMNCj4gYnVsbGV0IGFsc28sDQo+IGFzc3VtZXMgdGhhdCBQTFAgTVRVRCBhY3R1YWxseSBj YW4gYmUgaW1wbGVtZW50ZWQgaW4gSElQIHJlbGF5IHJhdGhlcg0KPiBzaW1wbHkpOg0KPiBJbXBs ZW1lbnQgUExQTVRVRCBbZHJhZnQtaWV0Zi10c3Z3Zy1kYXRhZ3JhbS1wbHBtdHVkXSBpbiBISVAg dG8gZmluZA0KPiBhIHdvcmtpbmcNCj4gcGF0aCBNVFUgd2l0aG91dCB1bm5lY2Vzc2FyeSBjb25z dHJhaW5pbmcgdGhhdCBzaXplLiAgDQo+IA0KPiBIYXMgYW55b25lIGxvb2tlZCBhdCBpbXBsZW1l bnRpbmcgDQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtdHN2 d2ctZGF0YWdyYW0tcGxwbXR1ZC8NCj4gKGRvY3VtZW50IGlzDQo+IGluIElFU0cgZXZhbHVhdGlv bikgc3R5bGUgcGF0aCBNVFUgZGlzY292ZXJ5IGJldHdlZW4gdGhlIEhJUCBjbGllbnQNCj4gYW5k IHRoZQ0KPiByZWxheT8gQmVjYXN1ZSBJIHRoaW5rIHRoYXQgd291bGQgYmUgdGhlIGJlc3QgdG8g YWN0dWFsbHkgcnVuIGEgSElQDQo+IGxldmVsIHBhdGgNCj4gTVRVIGRpc2NvdmVyeSwgc28gdGhh dCB0aGUgSElQIGNsaWVudCBjYW4gc2V0IGl0cyBNVFUgdG8gcGF0aCBtaW51cw0KPiBvdmVyaGVh ZCBhbmQNCj4gaW5jbHVkaW5nIGFueSBmb3Igb2NjYXNpb25hbCBtZXNzYWdlcyB0aGF0IGFyZSBy ZXF1aXJlZCB0byBiZQ0KPiBpbmNsdWRlZCB3aGVuDQo+IGNhcnJ5aW5nIHVzZWZ1bCBwYXlsb2Fk LiBJZiBISVAgaGFzIGEgcGFkZGluZyBvcHRpb24sIHRoZW4gSSB3b3VsZA0KPiBleHBlY3QgdGhh dA0KPiBISVAgaGFzIGV2ZXJ5dGhpbmcgbmVjZXNzYXJ5IHRvIGltcGxlbWVudCB3b3JraW5nIHBy b2JlIG1lc3NhZ2VzIHRoYXQNCj4gY2FuIHVzZWQNCj4gYnkgdGhlIGFib3ZlIGRyYWZ0LiANCj4g DQo+IFRvIGJlIGNsZWFyLCBJIGRvbid0IGV4cGVjdCB0aGF0IHlvdSB3cml0ZSB1cCBhbmQgaW5j bHVkZSBzdWNoIGEgb25lDQo+IGluIHRoaXMNCj4gc3BlY2lmaWNhdGlvbi4gQXQgbW9zdCB5b3Ug Y291bGQgY29uc2lkZXIgYW4gaW5mb3JtYXRpdmUgc3RhdGVtZW50DQo+IHRoYXQgYW4gYQ0KPiBj bGllbnQgaW1wbGVtZW50b3IgY291bGQgY29uc2lkZXIgdG8gaW1wbGVtZW50IHN1Y2ggYSBtZWNo YW5pc20uIA0KPiANCj4gSSB3b3VsZCBtb3JlIGhvcGUgdGhhdCBzb21lb25lIGluIHRoZSBXRyBj b25zaWRlcnMgdG8gYWN0dWFsbHkgd3JpdGUNCj4gYSBkcmFmdCBmb3INCj4gYSBzcGVjaWZpY2F0 aW9uIGZvciBQTFAgTVRVIGRpc2NvdmVyeSBmb3IgSElQLCB3aGljaCBob3BlZnVsbHkgYXJlIGEN Cj4gcmF0aGVyDQo+IHNob3J0IGRvY3VtZW50LCBidXQgY2FuIGVuYWJsZSBhIEhJUCBiYXNlZCB2 aXJ0dWFsIGludGVyZmFjZSB0byBzZXQNCj4gd2VsbCB3b3JraW5nDQo+IE1UVSB3aXRob3V0IHVu bmVjZXNzYXJ5IGNvbnN0cmFpbmluZyB0aGUgTVRVLiANCg0KSSB0cmllZCB0byBtZXJnZSB5b3Vy IGZlZWRiYWNrIHdpdGggdGV4dCBmcm9tIEplZmYgYW5kIFJvYmVydCwgc28gbm93DQppdCBpcyBh cyBmb2xsb3dzOg0KDQpVRFAgZW5jYXBzdWxhdGlvbiBvZiBISVAgcGFja2V0cyByZWR1Y2VzIHRo ZSBNYXhpbXVtIFRyYW5zZmVyIFVuaXQNCihNVFUpIHNpemUgb2YgdGhlIGNvbnRyb2wgcGxhbmUg YnkgMTIgYnl0ZXMgKDgtYnl0ZSBVRFAgaGVhZGVyIHBsdXMNCjQtYnl0ZSB6ZXJvIFNQSSBtYXJr ZXIpLCBhbmQgdGhlIGRhdGEgcGxhbmUgYnkgOCBieXRlcy4gIEFkZGl0aW9uYWwNCkhJUCByZWxh eSBwYXJhbWV0ZXJzLCBzdWNoIGFzIFJFTEFZX0hNQUMsIFJFTEFZX1VEUF9ISVAsDQpSRUxBWV9V RFBfRVNQLCBldGMuLCBmdXJ0aGVyIGluY3JlYXNlIHRoZSBzaXplIG9mIGNlcnRhaW4gSElQDQpw YWNrZXRzLiAgSW4gcmVnYXJkIHRvIE1UVSwgdGhlIGZvbGxvd2luZyBhc3BlY3RzIG5lZWQgdG8g YmUNCmNvbnNpZGVyZWQgaW4gYW4gaW1wbGVtZW50YXRpb246DQoNCm8gIEEgSElQIGhvc3QgU0hP VUxEIGltcGxlbWVudCBJQ01QIG1lc3NhZ2UgaGFuZGxpbmcgdG8gc3VwcG9ydCBwYXRoDQogICBN VFUgZGlzY292ZXJ5IChQTVRVRCkgZGlzY292ZXJ5IGFzIGRlc2NyaWJlZCBpbiBbUkZDMTA2M10N CiAgIFtSRkM4MjAxXQ0KDQpvICBSZWxpYW5jZSBvbiBJUCBmcmFnbWVudGF0aW9uIGlzIHVubGlr ZWx5IHRvIGJlIGEgdmlhYmxlIHN0cmF0ZWd5DQogICB0aHJvdWdoIE5BVHMuICBJZiBJQ01QIE1U VSBkaXNjb3ZlcnkgaXMgbm90IHdvcmtpbmcsIE1UVSByZWxhdGVkDQogICBwYXRoIGJsYWNrIGhv bGVzIG1heSBvY2N1ci4NCg0KbyAgQSBtaXRpZ2F0aW9uIHN0cmF0ZWd5IGlzIHRvIGNvbnN0cmFp biB0aGUgTVRVLCBlc3BlY2lhbGx5IGZvcg0KICAgdmlydHVhbCBpbnRlcmZhY2VzLCB0byBleHBl Y3RlZCBzYWZlIE1UVSB2YWx1ZXMsIGUuZy4sIDE0MDAgYnl0ZXMNCiAgIGZvciB0aGUgdW5kZXJs eWluZyBpbnRlcmZhY2VzIHRoYXQgc3VwcG9ydCAxNTAwIGJ5dGVzIE1UVS4NCg0KbyAgRnVydGhl ciBleHRlbnNpb25zIHRvIHRoaXMgc3BlY2lmaWNhdGlvbiBtYXkgZGVmaW5lIGEgSElQLWJhc2Vk DQogICBtZWNoYW5pc20gdG8gZmluZCBhIHdvcmtpbmcgcGF0aCBNVFUgd2l0aG91dCB1bm5lY2Vz c2FyeQ0KICAgY29uc3RyYWluaW5nIHRoYXQgc2l6ZSB1c2luZyBQYWNrZXRpemF0aW9uIExheWVy IFBhdGggTVRVDQogICBEaXNjb3ZlcnkgZm9yIERhdGFncmFtIFRyYW5zcG9ydHMNCiAgIFtJLUQu aWV0Zi10c3Z3Zy1kYXRhZ3JhbS1wbHBtdHVkXS4gIEZvciBpbnN0YW5jZSwgc3VjaCBtZWNoYW5p c20NCiAgIGNvdWxkIGJlIGltcGxlbWVudGVkIGJldHdlZW4gYSBISVAgUmVsYXkgQ2xpZW50IGFu ZCBISVAgUmVsYXkNCiAgIFNlcnZlci4NCg0KbyAgSXQgaXMgd29ydGggbm90aW5nIHRoYXQgZnVy dGhlciBISVAgZXh0ZW5zaW9ucyBjYW4gdHJpbSBvZmYgOA0KICAgYnl0ZXMgaW4gdGhlIEVTUCBo ZWFkZXIgYnkgbmVnb3RpYXRpbmcgaW1wbGljaXQgSVYgc3VwcG9ydCBpbiB0aGUNCiAgIEVTUF9U UkFOU0ZPUk0gcGFyYW1ldGVyIGFzIGRlc2NyaWJlZCBpbiBbUkZDODc1MF0uDQo= From nobody Sun Apr 5 06:20:47 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2CCD3A08CD for ; Sun, 5 Apr 2020 06:20:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.103 X-Spam-Level: X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-T2oq4iVMs0 for ; Sun, 5 Apr 2020 06:20:41 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80044.outbound.protection.outlook.com [40.107.8.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E72B73A08CB for ; Sun, 5 Apr 2020 06:20:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RbOHH1bNGj1gtGvRcuSRQ6upkmp4MK+JV3PQUIaVjYBs2PYFC4hGvN/NqWumbJTQwZLcHuGRTk19pA5n6PWhmcKTzpOu0RxRz95NbTBorBroC79dPuEIAsC4+Yk68xYr/RmvdIjn2NBeR10efD7Ycb9dijA1SkpmBZUvEJVlXD+n/1esUrIw2OW7cuddXxqAeo1P+gpST9xf+HqCXUtyvDMZLXJnYjzdj5xm0zXorRiYG2HnsTITwk2BNxT2JsnZcxwHgy0ARp3Fn9XfssFarS1IcJSV2Y1eVhOQZjJGphSVA91cm3a8ESoJCLUSqHiIIwNqifqN4wvp+HE20G15rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0qd9lkTRJFgVkLKWA0Xr6ApQuvClRVyBFmumME16KHs=; b=N7dumDsMfIMZVQpwxW2wyHaFRGH/m7jbk17ljzm+A2ZXCXXcea6bVo3hGveiQVpfxTFljrYkVkb34H4bNEdDVUsrqjE2QYzR56hnK0EPTKY9WerP6m8z65etSIB1rmBi2NpCbjscwmj+X4q3ktn04l707IdFvbhHJLL4FFVkmORMo6fvbeIx38ksWGPMFpzvFUyMyXgznlnKUL9tf/dsCkZm6AqYPKvD3+aECIW4FFzlUl2NWbcstVPNTXtRIvUca33O3ppOwpKGkAhvrQXDEXLB0Mj6aUeKu+QKJn9MHFIY8iRDU+STnPcY5+oqvXWis6g491gaQAHuHFiBCZotnw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0qd9lkTRJFgVkLKWA0Xr6ApQuvClRVyBFmumME16KHs=; b=ZheODYzloFQNcbIwn/eYmFCj1jU62bi1wbtX12CPcyQGXbFqn6aGQX8GeEip7jLiHPneyCTUFwNiivrDf/63Cquf7RPKebXBk6YJFGztnKvbn68uzaGZ5OJB+emUSl8jRAzhbfAC97GNxQhzxpSDyCV8AKrP7dhWSeLr1ODx3rU= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB4516.eurprd07.prod.outlook.com (52.135.152.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.12; Sun, 5 Apr 2020 13:20:37 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4%7]) with mapi id 15.20.2900.012; Sun, 5 Apr 2020 13:20:37 +0000 From: Miika Komu To: "hipsec@ietf.org" Thread-Topic: DNS considerations in draft-ietf-hip-native-nat-traversal Thread-Index: AQHWC0z++EF13lTjuk+JiMyOEPIlOg== Date: Sun, 5 Apr 2020 13:20:37 +0000 Message-ID: Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5aae45ff-44c7-4f3c-eb18-08d7d9642125 x-ms-traffictypediagnostic: AM0PR07MB4516: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 03648EFF89 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(136003)(346002)(366004)(39860400002)(376002)(2616005)(6916009)(5660300002)(71200400001)(66446008)(186003)(6512007)(44832011)(64756008)(66556008)(66476007)(86362001)(91956017)(478600001)(8676002)(66946007)(81156014)(6486002)(6506007)(81166006)(316002)(76116006)(2906002)(8936002)(36756003)(26005)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ycJbJhl5McMIOPwO+JT8Ie7UMm2Z6DFEqUSTL8tfmTBlY2Hb1Epx5fgFdHI1CXhqdx1toJyRFHCp8/FuN78WIaEGR8/wnbwIQtl6JcBZe3Q510UoI4W+/BQKf6HyvFdTqxxiW3QsmumASfoVaJirgWZJdg6aqj+F8V+9m0p8D6lcnJsv4qk8loxwQAG+4K0WeCOX22F6d8VhFR4cdjf3QaTPAZr+cJpDbQ+jWe3ac5P5iQ/Ml5MYGqESV3BtDvDM2ipNDW+chpBL/GmNoEpBaZgQLXoFkyz2ddDHULKeFYLTC98gqXRU2kbTqRNeJj4HcfMshB4yeBSngI1UE4CDGvYCbOZBA71uELtXQtEp337VEh3gICH3WlEhdCl58AT0K3AIQuhlG4fFcIcveeCxiZKlYrZaxhO4N7lNKCeJwW1HaM6NqSIFwXHp1jVygJYo9cHk2Dw76SJuNh5t2GlhXJzBZarPcv/sI+5O5a32k5V2XwsTS+zzqz3IudumuKW3 x-ms-exchange-antispam-messagedata: dcWe8+2ocGFNyLv2qTBOjkd3BtofVwBGQncjOmOwpf71OpIJWzNHn3prvnlsikzkrifXc/dyl03T7Db+fJLyxgRGfKlICyOdTT6KNh/70RTyLzEIS1aPr9snGwIewAHrib4axMHqJQL9ACvuAvX7jQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <57DBFF0C72622543BE74F17E2C4C2FD9@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5aae45ff-44c7-4f3c-eb18-08d7d9642125 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2020 13:20:37.1525 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: MzwOs8X1GcyrsBkkIUKHA0Wui1KPwbYC33JDpcUs/C9kQUc+iBqyq4JhNpvvwdl6ynmbGjl9X//h891hphyNmg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4516 Archived-At: Subject: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2020 13:20:44 -0000 SGksDQoNCmR1cmluZyBJRVNHIHJldmlldyBNYWdudXMgV2VzdGVybHVuZCBhc2tlZCBhYm91dCBE TlMgc3VwcG9ydCBpbiBkcmFmdC0NCmlldGYtaGlwLW5hdGl2ZS1uYXQtdHJhdmVyc2FsLCBzbyBJ IGFkZGVkIHRoZSB0aGUgdGV4dCBiZWxvdyB0byBkcmFmdC0NCmlldGYtaGlwLW5hdGl2ZS1uYXQt dHJhdmVyc2FsLiBEb2VzIGl0IHNlZW0gb2sgZm9yIHRoZSBXRz8NCg0KQXBwZW5kaXggRS4gIERO UyBDb25zaWRlcmF0aW9ucw0KDQpbUkZDNTc3MF0gZGlkIG5vdCBzcGVjaWZ5IGhvdyBhbiBlbmQt aG9zdCBjYW4gbG9vayB1cCBhbm90aGVyIGVuZC0NCmhvc3QgdmlhIEROUyBhbmQgaW5pdGlhdGUg YW4gVURQLWJhc2VkIEhJUCBiYXNlIGV4Y2hhbmdlIHdpdGggaXQsIHNvDQp0aGlzIHNlY3Rpb24g bWFrZXMgYW4gYXR0ZW1wdCB0byBmaWxsIHRoaXMgZ2FwLg0KDQpbUkZDODAwNV0gc3BlY2lmaWVz IGhvdyBhbiBISVAgZW5kLWhvc3QgYW5kIGl0cyBSZW5kZXp2b3VzIHNlcnZlciBpcw0KcmVnaXN0 ZXJlZCB0byBETlMuICBFc3NlbnRpYWxseSwgdGhlIHB1YmxpYyBrZXkgb2YgdGhlIGVuZC1ob3N0 IGlzDQpzdG9yZWQgYXMgSEkgcmVjb3JkIGFuZCBpdHMgUmVuZGV6dm91cyBTZXJ2ZXIgYXMgQSBv ciBBQUFBIHJlY29yZC4NClRoaXMgd2F5LCB0aGUgUmVuZGV6dm91cyBTZXJ2ZXIgY2FuIGFjdCBh cyBhbiBpbnRlcm1lZGlhcnkgZm9yIHRoZQ0KZW5kLWhvc3QgYW5kIGZvcndhcmQgcGFja2V0cyB0 byBpdCBiYXNlZCBvbiB0aGUgRE5TIGNvbmZpZ3VyYXRpb24uDQpDb250cm9sIFJlbGF5IFNlcnZl ciBvZmZlcnMgc2ltaWxhciBmdW5jdGlvbmFsaXR5IGFzIFJlbmRlenZvdXMNClNlcnZlciwgd2l0 aCB0aGUgZGlmZmVyZW5jZSB0aGF0IHRoZSBDb250cm9sIFJlbGF5IFNlcnZlciBmb3J3YXJkcw0K YWxsIGNvbnRyb2wgbWVzc2FnZXMsIG5vdCBqdXN0IHRoZSBmaXJzdCBJMSBtZXNzYWdlLg0KDQpQ cmlvciB0byB0aGlzIGRvY3VtZW50LCB0aGUgQSBhbmQgQUFBQSByZWNvcmRzIGluIHRoZSBETlMg cmVmZXINCmVpdGhlciB0byB0aGUgSElQIGVuZC1ob3N0IGl0c2VsZiBvciBhIFJlbmRlenZvdXMg U2VydmVyIFtSRkM4MDA1XSwNCmFuZCBjb250cm9sIGFuZCBkYXRhIHBsYW5lIGNvbW11bmljYXRp b24gd2l0aCB0aGUgYXNzb2NpYXRlZCBob3N0IGhhcw0KYmVlbiBhc3N1bWVkIHRvIG9jY3VyIGRp cmVjdGx5IG92ZXIgSVB2NCBvciBJUHY2LiAgSG93ZXZlciwgdGhpcw0Kc3BlY2lmaWNhdGlvbiBl eHRlbmRzIHRoZSByZWNvcmRzIHRvIGJlIHVzZWQgZm9yIFVEUC1iYXNlZA0KY29tbXVuaWNhdGlv bnMuDQoNCkxldCB1cyBjb25zaWRlciB0aGUgY2FzZSBvZiBhIEhJUCBJbml0aWF0b3Igd2l0aCB0 aGUgZGVmYXVsdCBwb2xpY3kNCnRvIGVtcGxveSBVRFAgZW5jYXBzdWxhdGlvbiBhbmQgdGhlIGV4 dGVuc2lvbnMgZGVmaW5lZCBpbiB0aGlzDQpkb2N1bWVudC4gIFRoZSBJbml0aWF0b3IgbG9va3Mg dXAgdGhlIEZRRE4gb2YgYSBSZXNwb25kZXIsIGFuZA0KcmV0cmlldmVzIGl0cyBISSwgQSBhbmQg QUFBQSByZWNvcmRzLiAgU2luY2UgdGhlIGRlZmF1bHQgcG9saWN5IGlzIHRvDQp1c2UgVURQIGVu Y2Fwc3VsYXRpb24sIHRoZSBJbml0aWF0b3IgTVVTVCBzZW5kIHRoZSBJMSBtZXNzYWdlIG92ZXIN ClVEUCB0byBkZXN0aW5hdGlvbiBwb3J0IDEwNTAwIChlaXRoZXIgb3ZlciBJUHY0IGluIHRoZSBj YXNlIG9mIGEgQQ0KcmVjb3JkIG9yIG92ZXIgSVB2NiBpbiB0aGUgY2FzZSBvZiBhIEFBQUEgcmVj b3JkKS4gIEl0IE1BWSBzZW5kIGFuIEkxDQptZXNzYWdlIGJvdGggd2l0aCBhbmQgd2l0aG91dCBV RFAgZW5jYXBzdWxhdGlvbiBpbiBwYXJhbGxlbC4gIEluIHRoZQ0KY2FzZSB0aGUgSW5pdGlhdG9y IHJlY2VpdmVzIFIxIG1lc3NhZ2VzIGJvdGggd2l0aCBhbmQgd2l0aG91dCBVRFANCmVuY2Fwc3Vs YXRpb24gZnJvbSB0aGUgUmVzcG9uZGVyLCB0aGUgSW5pdGlhdG9yIFNIT1VMRCBpZ25vcmUgdGhl IFIxDQptZXNzYWdlcyB3aXRob3V0IFVEUCBlbmNhcHN1bGF0aW9uLg0KDQpUaGUgVURQIGVuY2Fw c3VsYXRlZCBJMSBwYWNrZXQgY291bGQgYmUgcmVjZWl2ZWQgYnkgdGhyZWUgZGlmZmVyZW50DQp0 eXBlcyBvZiBob3N0czoNCg0KMS4gIEhJUCBDb250cm9sIFJlbGF5IFNlcnZlcjogaW4gdGhpcyBj YXNlIHRoZSBBL0FBQUEgcmVjb3JkcyByZWZlcnMNCiAgICB0byBhIENvbnRyb2wgUmVsYXkgU2Vy dmVyLCBhbmQgaXQgd2lsbCBmb3J3YXJkIHRoZSBwYWNrZXQgdG8gdGhlDQogICAgY29ycmVzcG9u ZGluZyBDb250cm9sIFJlbGF5IENsaWVudCBiYXNlZCBvbiB0aGUgZGVzdGluYXRpb24gSElUDQog ICAgaW4gdGhlIEkxIHBhY2tldC4NCg0KMi4gIEhJUCBSZXNwb25kZXIgc3VwcG9ydGluZyBVRFAg ZW5jYXBzdWxhdGlvbjogaW4gdGhpcyBjYXNlLCB0aGUgdGhlDQogICAgQS9BQUFBIHJlY29yZHMg cmVmZXJzIHRvIHRoZSBlbmQtaG9zdC4gIEFzc3VtaW5nIHRoZSBkZXN0aW5hdGlvbg0KICAgIEhJ VCBiZWxvbmdzIHRvIHRoZSBSZXNwb25kZXIsIGl0IHJlY2VpdmVzIGFuZCBwcm9jZXNzZXMgaXQN CiAgICBhY2NvcmRpbmcgdG8gdGhlIG5lZ290aWF0ZWQgTkFUIHRyYXZlcnNhbCBtZWNoYW5pc20u ICBUaGUgc3VwcG9ydA0KICAgIGZvciB0aGUgcHJvdG9jb2wgZGVmaW5lZCBpbiB0aGlzIGRvY3Vt ZW50IHZzIFtSRkM1NzcwXSBpcw0KICAgIGR5bmFtaWNhbGx5IG5lZ290aWF0ZWQgZHVyaW5nIHRo ZSBiYXNlIGV4Y2hhbmdlLiAgVGhlIGRldGFpbHMgYXJlDQogICAgc3BlY2lmaWVkIGluIFNlY3Rp b24gNC4zLg0KDQozLiAgSElQIFJlbmRlenZvdXMgU2VydmVyOiB0aGlzIGVudGl0eSBpcyBub3Qg bGlzdGVuaW5nIHRvIFVEUCBwb3J0DQogICAgMTA1MDAsIHNvIGl0IHdpbGwgZHJvcCB0aGUgSTEg bWVzc2FnZS4NCg0KNC4gIEhJUCBSZXNwb25kZXIgbm90IHN1cHBvcnRpbmcgVURQIGVuY2Fwc3Vs YXRpb246IHRoZSB0YXJnZXRlZCBlbmQtDQogICAgICAgaG9zdCBpcyBub3QgbGlzdGVuaW5nIHRv IFVEUCBwb3J0IDEwNTAwLCBzbyBpdCB3aWxsIGRyb3AgdGhlIEkxDQogICAgICAgbWVzc2FnZS4N Cg0KVGhlIEEvQUFBQS1yZWNvcmQgTVVTVCBOT1QgYmUgY29uZmlndXJlZCB0byByZWZlciB0byBh IERhdGEgUmVsYXkNClNlcnZlciB1bmxlc3MgdGhlIGhvc3QgaW4gcXVlc3Rpb24gc3VwcG9ydHMg YWxzbyBDb250cm9sIFJlbGF5IFNlcnZlcg0KZnVuY3Rpb25hbGl0eS4NCg0KSXQgYWxzbyB3b3J0 aCBub3RpbmcgdGhhdCBTUlYgcmVjb3JkcyBhcmUgbm90IGVtcGxveWVkIGluIHRoaXMNCnNwZWNp ZmljYXRpb24uICBXaGlsZSB0aGV5IGNvdWxkIGJlIHVzZWQgZm9yIG1vcmUgZmxleGlibGUgVURQ IHBvcnQNCnNlbGVjdGlvbiwgdGhleSBhcmUgbm90IHN1aXRhYmxlIGZvciBlbmQtaG9zdCBkaXNj b3ZlcnkgYnV0IHJhdGhlcg0Kd291bGQgYmUgbW9yZSBzdWl0YWJsZSBmb3IgdGhlIGRpc2NvdmVy eSBvZiBISVAtc3BlY2lmaWMNCmluZnJhc3RydWN0dXJlLiAgRnVydGhlciBleHRlbnNpb25zIHRv IHRoaXMgZG9jdW1lbnQgbWF5IGRlZmluZSBTUlYNCnJlY29yZHMgZm9yIENvbnRyb2wgYW5kIERh dGEgUmVsYXkgU2VydmVyIGRpc2NvdmVyeSB3aXRoaW4gYSBETlMNCmRvbWFpbi4NCg== From nobody Sun Apr 5 06:25:17 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E203A08F6; Sun, 5 Apr 2020 06:25:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oLatH-XHGRTq; Sun, 5 Apr 2020 06:25:13 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80055.outbound.protection.outlook.com [40.107.8.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 650333A08F5; Sun, 5 Apr 2020 06:25:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xlv1qQqwNijnVKXMqKfkjNwueYJQX4I9kDMRELmtYJsFPanYQdVrenVZyBjyu5+X04RKyZAMHZ3zhIya/7fHWss0Q6kCuY0tZC9esmXAvzkQ5t0A143T6S5ZDqkShJVIF/NEbG7/0hYszuSPda/lTWAD3sPAr7Upm2DofgHdiISvSmVaOgQ8msn29tCQKKZhVjxyjE1CUoZkfuytKUXhIB/sTsqElpBF+xTdD0s/oZabkDfso+FLhWikLBSBQeRkkCWHNEe4oLxCz979iDlfLOb1MtVFnYC23dgFlMtW1Upr2AFrmNxlTYWefc5CtAV3FEpOVjP3IF8D3oK/DH7u8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CLUCyVGbvtr8XITnGe1l9FlaiLet/4JmIkcRnMrlpKg=; b=lfj/P8FwwtVu7HAUnB6Y5abYLqfBGX6C9GeX7buVpz8+AqNe/5gmTN8mUvFl5TIMmEB6BvNH6lFD2df6jBCoglpi1nf7pT61QKhSSxmsz1BrPBtnrdoxvs3zr5Hdp55nqQudqK+7Uq4wn30799PHCik01XjPyn69VEqS9M7VAs3W5IjgTM3us9tF6tXs48J1/CFxZ/aAThCld/mYon2oTp+TdeS3gFchAGyJRMyLASWznM0nV4XeLHRU6Xem7/xlTZ6OsYfIINxvrSTKEqhM+OTXo5OZHs2njY/SWRPl6oksKFo1mptlOvIdpysGI04i8IN2esjw4Ba2I0zkywZBqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CLUCyVGbvtr8XITnGe1l9FlaiLet/4JmIkcRnMrlpKg=; b=Y6hqA5vtbulhRPmOAeh0L04PwtP7WFcgks300hiocFQL3kQTK4SXh9huue1vw4Lrr7nwnBoLy0417HPKTJQ+PR2Cr0/TLnS3yIjz9uQMfLmI4Ki5yJlm/EbK8zQUN25TLpSDXjrmTA5qPu5shAc9p/2c0qmOodYBGkuQDStgymY= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB4516.eurprd07.prod.outlook.com (52.135.152.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.12; Sun, 5 Apr 2020 13:25:11 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4%7]) with mapi id 15.20.2900.012; Sun, 5 Apr 2020 13:25:11 +0000 From: Miika Komu To: "iesg@ietf.org" , Magnus Westerlund CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8t5gg3Zvxq1PeEaWx2XZsfEZi6hma8SAgADf0gCAA2nvAA== Date: Sun, 5 Apr 2020 13:25:10 +0000 Message-ID: References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> <326b5dfa75824f82e990b4b990c51accbfbf4d72.camel@ericsson.com> In-Reply-To: <326b5dfa75824f82e990b4b990c51accbfbf4d72.camel@ericsson.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cf9e2cc9-f1c2-417c-2470-08d7d964c460 x-ms-traffictypediagnostic: AM0PR07MB4516:|AM0PR07MB4516: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 03648EFF89 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(346002)(376002)(39860400002)(366004)(396003)(136003)(54906003)(110136005)(6486002)(66946007)(81156014)(316002)(76116006)(2906002)(6506007)(81166006)(478600001)(86362001)(91956017)(8676002)(26005)(8936002)(36756003)(6636002)(2616005)(6512007)(186003)(66556008)(66476007)(64756008)(44832011)(5660300002)(4326008)(450100002)(66446008)(71200400001)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: f9szKmYLdwoDd0Y1qKknDxwQXeGa3Cx0HL4zecnId9sSylg0MFon5G3HfblBhILRlSLsmKqFQWLngpc4dCP4Qsz0/M4jTiIYdFfkp2NCFEG86zKNAnqIXCWrMI/IY/Uw8+WLq6Tl9YITAPZZtuPFlWW4e9/IAzmJmL8lcmzBkwE+T1jIFT/UyL9NumuQnSrW6IqrLjw6vkD0NTFrmitE38RAFQQAAmwrH+4nkWHAW6A+fmnAB2W+E1MBiLnhKEXQ6mdiM/uSVUZzIzycf79ec/ndFXBlubZUTdSG8JytrJ2bRfjLA4QWEdsuTToMIVAYqMsH67xMQkMCDYZJOiOTGx5GgxAgSHk2oC8YtkA00iLuuHH9RtkYj37m0l0n2SfCRFfDBpU4oGd0FEO+B6kZXUuQFtN2Ul8noNAiJ7D/a4DFzEjTeqlPiKGre79xdN5UDJImtvzxS6tFhNgelIIrzRT+ywc90u4gomP1+Th05kH1C/sahFfosxDrnlnDY9fB x-ms-exchange-antispam-messagedata: K3hAeVkKYCtvzhtezbuwUVsSkrYWo9Lvv9tjXvp48DIn7SyAw5bwtAQAMrO5IELaK8pHVFDRTbPzuzk0cc+4/V11AuaPcU4UXRLqf0lY/WlNlsdw6XZ797zJR1gXZKjTUfhGdjL/jGfXEd0ok/BKzg== Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: cf9e2cc9-f1c2-417c-2470-08d7d964c460 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2020 13:25:10.9827 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 297nlHvYcZZLrMVY4gPgfx6A6M/vBP16yC/wQhKgLhJ4u7+PfFORcueQ8uMHJPIPTImP+VsP302Xt94GfW2pmA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4516 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2020 13:25:16 -0000 SGkgTWFnbnVzLA0KDQpwZSwgMjAyMC0wNC0wMyBrZWxsbyAwOToxNyArMDAwMCwgTWFnbnVzIFdl c3Rlcmx1bmQga2lyam9pdHRpOg0KPiA+IA0KPiA+ID4gMi4gU2Vjb25kbHksIGFzIHRoaXMgc29s dXRpb24gaXMgZGlmZmVyZW50IGZyb20gdGhlIFJGQyA1NzcwDQo+IHNob3VsZA0KPiA+ID4gdGhp cw0KPiA+ID4gc29sdXRpb24gaGF2ZSBhIGRpZmZlcmVudCBzZXJ2aWNlIG5hbWU/IFRoZSByZWFz b24gSSBhbSBhc2tpbmcgaXMNCj4gPiA+IHRoYXQgaXQNCj4gPiA+IGRlcGVuZHMgb24gaG93IGZv ciBleGFtcGxlIGhvdyBhbiBpbml0aWF0b3IgZGV0ZXJtaW5lIHdoaWNoIG9mDQo+IHRoZQ0KPiA+ ID4gTkFUDQo+ID4gPiB0cmF2ZXJzYWwgc29sdXRpb24uIElmIHRoZXJlIGlzIGFueSBpbnRlbnRp b24gdG8gdXNlIEROUyBTUlYgZm9yDQo+ID4gPiBleGFtcGxlDQo+ID4gPiBkaWZmZXJlbnQgc2Vy dmljZSBuYW1lIHdvdWxkIG1ha2Ugc2Vuc2UuIFRoaXMgaXMgcHJpbWFyaWx5IHRvDQo+IHZlcmlm eQ0KPiA+ID4gdGhhdCB0aGlzDQo+ID4gPiBoYXMgYmVlbiBjb25zaWRlcmVkLg0KPiA+IA0KPiA+ IEkgYW0gbm90IGFuIGV4cGVydCBvbiB0aGUgdG9waWMgYnV0IGJhc2VkIG9uIHNvbWUgZGlzY3Vz c2lvbnMgd2l0aA0KPiBzb21lDQo+ID4gY29sbGVhZ3VlcywgdGhlIFNSViByZWNvcmRzIHNlZW0g dG8gbW9yZSBzdWl0YWJsZSBmb3INCj4gaW5mcmFzdHJ1Y3R1cmUNCj4gPiBkaXNjb3ZlcnksIG5v dCByZWFsbHkgZm9yIGVuZC1ob3N0IGRpc2NvdmVyeS4gU2luY2UgeW91IGFza2VkIGZvcg0KPiB0 aGlzLA0KPiA+IEkgd3JvdGUgYSBuZXcgc2VjdGlvbiBpbiB0aGUgYXBwZW5kaXg6DQo+IA0KPiBT byB0aGUgbWFpbiByZWFzb24gZm9yIG15IHF1ZXN0aW9uIHdhcyB0byBlbnN1cmUgdGhhdCB5b3Ug aGF2ZSBub3QNCj4gZm9yZ29ldHRlbg0KPiB0aGF0IHlvdSBhY3R1YWxseSBoYXZlIHNvbWUgZGVw ZW5kbmVjeSBvbiB0aGUgc2VydmljZSBuYW1lIHRoYXQgd291bGQNCj4gaW4gZmFjdCBiZQ0KPiBp bmNvbXBhdGlibGUuIFRoYXQgY291bGQgaW5jbHVkZSBzb21lIHN1cHBvcnRpbmcgZG9jdW1lbnQs IGZvcg0KPiBleGFtcGxlIHVzYWdlIG9mDQo+IFNSViByZWNvcmRzLiBIb3dldmVyLCB3aXRoIHRo ZSBiZWxvdyB0ZXh0IHdyaXR0ZW4sIEkgZG8gZmluZCBpdA0KPiBpbmZvcm1hdGl2ZS4gQW5kDQo+ IHRoZSBzdGF0ZW1lbnQgYXQgdGhlIGVuZCB0aGF0IHlvdSBkb24ndCB1c2UgU1JWIHJlY29yZHMg Y3VycmVudGx5IGlzDQo+IGFsc28gZ29vZA0KPiBhbmQgcGFydCB0byBhbnN3ZXIgb25lIGFzcGVj dCBvZiBteSBxdWVzdGlvbi4gVG8gY29uY2x1ZGUsIGl0IGFwcGVhcnMNCj4gdG8gYmUgbm8NCj4g aXNzdWVzIHdpdGggaGF2aW5nIHRoZSB0d28gbWVjaGFuaXNtcyBzaGFyZSBzZXJ2aWNlIG5hbWUg YW5kIHBvcnQuIA0KPiANCj4gRnJvbSBteSBwZXJzcGVjdGl2ZSBpdCBhcHBlYXJzIHRvIGJlIHNv bWUgYmVuZWZpdCBpbiBpbmNsdWRpbmcgdGhlDQo+IGJlbG93DQo+IGFwcGVuZGl4IGluIHRoZSBz cGVjaWZpY2FpdG9uLCBidXQgeW91IHNob3VsZCBzZWVrIGNvbnNlbnN1cyBvbiBpdCBpbg0KPiB0 aGUgV0cNCj4gYmVmb3JlIHRoZSBkb2N1bWVudCBpcyBhcHByb3ZlZCBpbiBteSBvcGluaW9uLg0K DQpJIGhhdmUgc2VudCBhbiBzZXBhcmF0ZSBlbWFpbCB0byB0aGUgV0cgbWFpbGluZyBsaXN0IG9u IHRoaXMuDQoNClAuUy4gVGhhbmtzIGZvciBhbGwgb2YgeW91ciB2YWx1YWJsZSBjb21tZW50cyEN Cg== From nobody Sun Apr 5 10:44:37 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B38A83A105A for ; Sun, 5 Apr 2020 10:44:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5VAjmwQ07dbS for ; Sun, 5 Apr 2020 10:44:29 -0700 (PDT) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D056F3A1058 for ; Sun, 5 Apr 2020 10:44:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id B1E0C62136; Sun, 5 Apr 2020 13:44:26 -0400 (EDT) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id lkc3FVuXE7uq; Sun, 5 Apr 2020 13:44:17 -0400 (EDT) Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 5426762123; Sun, 5 Apr 2020 13:44:15 -0400 (EDT) To: Miika Komu , "hipsec@ietf.org" References: From: Robert Moskowitz Message-ID: <3d656083-dbd1-30d0-2476-e34e2230b7ee@htt-consult.com> Date: Sun, 5 Apr 2020 13:44:06 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Archived-At: Subject: Re: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2020 17:44:33 -0000 I am in agreement with this approach. It is consistent with everything we have done (and planning, see my HHIT draft) in HIP with DNS. Robert Moskowitz On 4/5/20 9:20 AM, Miika Komu wrote: > Hi, > > during IESG review Magnus Westerlund asked about DNS support in draft- > ietf-hip-native-nat-traversal, so I added the the text below to draft- > ietf-hip-native-nat-traversal. Does it seem ok for the WG? > > Appendix E. DNS Considerations > > [RFC5770] did not specify how an end-host can look up another end- > host via DNS and initiate an UDP-based HIP base exchange with it, so > this section makes an attempt to fill this gap. > > [RFC8005] specifies how an HIP end-host and its Rendezvous server is > registered to DNS. Essentially, the public key of the end-host is > stored as HI record and its Rendezvous Server as A or AAAA record. > This way, the Rendezvous Server can act as an intermediary for the > end-host and forward packets to it based on the DNS configuration. > Control Relay Server offers similar functionality as Rendezvous > Server, with the difference that the Control Relay Server forwards > all control messages, not just the first I1 message. > > Prior to this document, the A and AAAA records in the DNS refer > either to the HIP end-host itself or a Rendezvous Server [RFC8005], > and control and data plane communication with the associated host has > been assumed to occur directly over IPv4 or IPv6. However, this > specification extends the records to be used for UDP-based > communications. > > Let us consider the case of a HIP Initiator with the default policy > to employ UDP encapsulation and the extensions defined in this > document. The Initiator looks up the FQDN of a Responder, and > retrieves its HI, A and AAAA records. Since the default policy is to > use UDP encapsulation, the Initiator MUST send the I1 message over > UDP to destination port 10500 (either over IPv4 in the case of a A > record or over IPv6 in the case of a AAAA record). It MAY send an I1 > message both with and without UDP encapsulation in parallel. In the > case the Initiator receives R1 messages both with and without UDP > encapsulation from the Responder, the Initiator SHOULD ignore the R1 > messages without UDP encapsulation. > > The UDP encapsulated I1 packet could be received by three different > types of hosts: > > 1. HIP Control Relay Server: in this case the A/AAAA records refers > to a Control Relay Server, and it will forward the packet to the > corresponding Control Relay Client based on the destination HIT > in the I1 packet. > > 2. HIP Responder supporting UDP encapsulation: in this case, the the > A/AAAA records refers to the end-host. Assuming the destination > HIT belongs to the Responder, it receives and processes it > according to the negotiated NAT traversal mechanism. The support > for the protocol defined in this document vs [RFC5770] is > dynamically negotiated during the base exchange. The details are > specified in Section 4.3. > > 3. HIP Rendezvous Server: this entity is not listening to UDP port > 10500, so it will drop the I1 message. > > 4. HIP Responder not supporting UDP encapsulation: the targeted end- > host is not listening to UDP port 10500, so it will drop the I1 > message. > > The A/AAAA-record MUST NOT be configured to refer to a Data Relay > Server unless the host in question supports also Control Relay Server > functionality. > > It also worth noting that SRV records are not employed in this > specification. While they could be used for more flexible UDP port > selection, they are not suitable for end-host discovery but rather > would be more suitable for the discovery of HIP-specific > infrastructure. Further extensions to this document may define SRV > records for Control and Data Relay Server discovery within a DNS > domain. > _______________________________________________ > Hipsec mailing list > Hipsec@ietf.org > https://www.ietf.org/mailman/listinfo/hipsec From nobody Sun Apr 5 19:02:29 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45E613A0B76; Sun, 5 Apr 2020 19:01:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zNjqm_Q7qzqD; Sun, 5 Apr 2020 19:01:28 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0FAA3A0B72; Sun, 5 Apr 2020 19:01:26 -0700 (PDT) Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 03621DBo019044 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 5 Apr 2020 22:01:16 -0400 Date: Sun, 5 Apr 2020 19:01:13 -0700 From: Benjamin Kaduk To: Robert Moskowitz Cc: The IESG , draft-ietf-hip-dex@ietf.org, hip-chairs@ietf.org, hipsec@ietf.org, Gonzalo Camarillo Message-ID: <20200406020113.GV88064@kduck.mit.edu> References: <158334389700.29463.11015652778464092751@ietfa.amsl.com> <2b32b723-65f1-12f1-9531-fc81528a207f@labs.htt-consult.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <2b32b723-65f1-12f1-9531-fc81528a207f@labs.htt-consult.com> User-Agent: Mutt/1.12.1 (2019-06-15) Archived-At: Subject: Re: [Hipsec] Benjamin Kaduk's Discuss on draft-ietf-hip-dex-13: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 02:01:33 -0000 Hi Bob, Sorry this dropped off my radar for so long -- I got really swamped. Just a few notes inline, as I'll focus on reading the -18. On Mon, Mar 09, 2020 at 04:00:33PM -0400, Robert Moskowitz wrote: > > > On 3/4/20 12:44 PM, Benjamin Kaduk via Datatracker wrote: > > Benjamin Kaduk has entered the following ballot position for > > draft-ietf-hip-dex-13: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-hip-dex/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > This is a placeholder discuss, intended to illustrate several key > > omissions from the current document and as an indication that it is not > > yet ready for full IESG Evaluation. In that vein, I will defer the > > evaluation shortly, to attempt to short-circuit the current round of > > evaluation while the draft improves. In particular, this is not > > intended to be a complete review of the document. > > > > The FOLD scheme for compressing full host identities into ORCHIDs/HITs > > is pretty problematic. The current text acknowledges that collisions > > are possible and attempts to justify the scheme by pointing out that no > > collision-free scheme is possible absent a cryptographic hash, which is > > an appeal to authority ("we can't use a cryptographic hash on > > constrained systems") that does not attempt to answer the question of > > whether it is actually reasonable to use a mechanism that allows > > collisions for this purpose (vs. just not being able to do anything). > > Additionally, there is not any discussion of second-preimage resistance, > > which is the more important property here, in terms of an attacker being > > able to construct a collision with an existing HIT of an honest node. > > In my humble opinion, second-preimage attack defense will be the same as > any attack against the HI -> HIT mapping function. Fair enough. We should still use the words "second-preimage attack" in some fashion, though, I think. (Maybe I will have thoughts about where as I review the -18.) > The only place HITs are used in HIP unauthenticated is in the initial I1 > - I2 part of the exchange.  By the R2, everything is authenticated.  All > other HIP messages containing HITs are authenticated. > > So the attack is slipping in a HI-HIT mapping that is malicious. Per > Roman's comments, I will be adding to the I2 and R2 processing to > validate this mapping. > > HIP has always had to handle probabilistic collisions.  DEX now requires > checking for collisions as critical (via ACLs or other mechanisms).  I > will see to adding text. > > Operationally, the challenge is in those low level sensors that have no > way to have an ACL set up for the servers/gateways that they are > connected to.  But this is true even for BEX.  So inclusion of the > password authentication is part of the critical behavior is ACL or (I think I maybe hadn't made it to the password authentication part when I stopped reading the -13.) > similar HI-HIT mappings are not possible (sensors with no out-of-band > update mechanism).  We are always twisting ourselves in the > chicken-and-egg problem with these devices. > > > In a related vein, Section 3.2.1 claims that the above concerns can be > > remediated by deployment of a collision detection scheme, "achieved here > > through either an ACL or some other lookup process". This process is > > vital to the security of the system as a whole, and it would be > > irresponsible to publish this document without a precise specification > > of what properties are needed in order to perform this process, as well > > as a worked example that can be used absent other considerations. > > I will be adding this per Roman's comments.  Most will be in the I2 and > R2 processing. > > > > Given that the applicability statement ("in communicating with such > > constrained devices") implies that there is intent to have full-featured > > nodes that implement both HIP DEX and HIP BEX, I think we need > > significantly more discussion of how such nodes avoid using DEX in > > situations where it was not appropriate. That is, how is it known that > > the peer should be using DEX vs. BEX? Yes, the HIT includes an > > indication of whether the identity is for use with DEX vs. BEX, but that > > does not seem like quite the relevant property. Do we envision > > scenarios where a node is positioned somewhat like a gateway, using DEX > > on one interface and BEX to the broader internet? > > > Yes to the gateway situation.  Or the sensor has E2E DEX connection to > the central server somewhere on the greater Internet. > > Perhaps text that limits DEX on non-constrained nodes for use with peers > in the DEX ACL (or other equivalent control mechanism). That could work, I think. > > Using AES-CTR with the long-term static-static master key requires > > careful tracking of counter (sequence) number to nonvolatile storage. I > > did not see discussion of the security consequences of inadvertent > > counter reuse. > > I will look at this and see what I can add. > > > I appreciate the design to limit use of the long-term static-static > > master key to essentially just key-wrap operations, but this seems to > > require the presence of a CSPRNG in order to obtain secure session keys. > > Expecting a strong CSPRNG on a node so constrained that DEX is necessary > > seems to be a questionable assumption, and I see no discussion of the > > need for a good RNG. (Relying on the full-featured peer to contribute > > good entropy to the key derivation is not an option, since DEX is > > allowed to be used between two nodes that are both constrained.) > > The current text is: > >    o  The strength of the keys for the Pair-wise Key SA is based on the >       quality of the random keying material generated by the Initiator >       and the Responder.  As either peer may be a sensor or an actuator >       device, there is a natural concern about the quality of its random >       number generator. > > Changed to: > >    o  The strength of the keys for both the Master and Pair-wise Key SAs >       is based on the quality of the random keying material generated by >       the Initiator and the Responder.  As either peer may be a sensor >       or an actuator device, there is a natural concern about the >       quality of its random number generator.  Thus at least a CSPRNG >       SHOULD be used. > > > The default KEYMAT algorithm uses the "CKDF" (CMAC-based KDF) > > construction, analogous to HKDF (RFC 5869). However, the paper > > motivating 5869's design choices does not seem to justify the usage of > > CMAC instead of HMAC, since the proof requires a PRF* but CMAC (with > > AES) is only a PRP. Absent some detailed justification or prior art it > > does not seem prudent to use such a novel construction for > > security-critical functionality. > > The CKDF design comes from NIST SP800-108.  I had extensive discussions > with NIST and the 5869 authors at the DEX design time. These points were > discussed and considered that CKDF is a prudent design. We should cite SP800-108 for the derivation, then. > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Some additional comments (also incomplete), since they were already written. > > It would be reasonable to ignore for now any that don't make sense or > > are on parts of the text likely to change as a result of the higher-level discussion. > > > > Abstract > > > > My preference is to just use "forward secrecy" rather than "perfect > > forward secrecy", as perfection is hard to attain. > > I am all for that!  My Jewish Orthodox background makes me cringe at the > use of PFS.  No such thing in this world (btw, I also cringe at the > common use of "awesome")... > > If there is consensus to drop PFS from all IETF standards, I will > replace "perfect forward secrecy" with "forward secrecy" and PFS with > just the full verbiage as FS does not seem to be meaningful. > > > > Section 1.1 > > > > HIP DEX operationally is very similar to HIP BEX. Moreover, the > > employed model is also fairly equivalent to 802.11-2007 > > [IEEE.802-11.2007] Master Key and Pair-wise Transient Key, but > > handled in a single exchange. > > > > 802.11 security does not exactly have a shiny track record... > > You want to see the "smoking gun" document on WEP design from Nov '94?  > I have it. > > The point is the Master key and Pair-wise key design.  Not necessarily > how they were constructed.  I also published the initial paper on the > attack on WPA-PSK. I guess I'm still not entirely sure what value the reference is adding for us. Is it just an academic-style "this is not novel; here is some prior related work" (as opposed to "group X used a similar thing, so our thing is secure")? > > HIP DEX does not have the option to encrypt the Host Identity of the > > Initiator in the I2 packet. The Responder's Host Identity also is > > not protected. Thus, contrary to HIPv2, HIP DEX does not provide for > > end-point anonymity and any signaling (i.e., HOST_ID parameter > > contained with an ENCRYPTED parameter) that indicates such anonymity > > should be ignored. > > > > What would you do if you didn't ignore such signalling? Drop the > > connection as being with a misbehaving peer? > > Probably more like a ill thought-out implementation.  Right now I am of > the opinion of leaving this as is.  But I can be convinced to add a drop > connection. > > > As in [RFC7401], data packets start to flow after the R2 packet. The > > I2 and R2 packets may carry a data payload in the future. The > > details of this may be defined later. > > > > I'm not sure what value is added by mentioning the possibility of data > > payload in I2/R2. > > This is carried over from 5201.  There were ideas pointing how the 3-way > TCP setup can become a 5-way HIP - TCPinESP setup. A few other were > discussed in HIPRG, but no one has proposed to actually use this > feature.  It stays for some future thinker to tinker with. > > > > An existing HIP association can be updated with the update mechanism > > defined in [RFC7401]. Likewise, the association can be torn down > > with the defined closing mechanism for HIPv2 if it is no longer > > needed. In doing so, HIP DEX omits the HIP_SIGNATURE parameters of > > the original HIPv2 specification. > > > > I think the intent here is more along the lines of "HIP DEX does so even > > in the absence of the HIP_SIGNATURE that is used in standard HIPv2". > > (I also note that there's some subtle semantic mismatch between DEX as > > "diet exchange" and its used to indicate continuing lack of security > > functionality throughout the extent of the association, after the > > exchange is completed.) > > Changed to: > >    An existing HIP association can be updated with the update mechanism >    defined in [RFC7401].  Likewise, the association can be torn down >    with the defined closing mechanism for HIPv2 if it is no longer >    needed.  In doing so, HIP DEX does so even in the absence of the >    HIP_SIGNATURE that is used in standard HIPv2. Maybe swap out the last sentence for "Standard HIPv2 uses a HIP_SIGNATURE to authenticate the close [ed. is there a better word?], but since DEX does not provide for signatures, the usual per-message MAC suffices to authenticate the close."? > > > Finally, HIP DEX is designed as an end-to-end authentication and key > > establishment protocol. As such, it can be used in combination with > > > > Don't we have a LAKE WG now? How does DEX compare to what they are > > working on? > > I looked some more at LAKE.  They are proposing to use ephemeral DH as > part of the exchange.  That goes counter to sec 1.2 of HIP-DEX. If they > come up with an approach that performs "acceptably", then I will be > looking at it. > > > Section 1.2 > > > > In lieu of detailed comments, allow me to propose a rewrite of the whole > > section: > > > > % HIP DEX achieves its lightweight nature in large part due to the > > % intentional removal of Forward Secrecy (FS) from the key exchange. Current > > % mechanisms to achieve FS use an authenticated ephemeral Diffie-Hellman > > % exchange (e.g., SIGMA or PAKE). HIP DEX targets usage on devices where > > % even the most lightweight ECDH exchange is prohibitively expensive for > > % recurring (ephemeral) use. For example, experience with the 8-bit > > % 8051-based ZWAWVE ZW0500 microprocessor has shown that EC25519 keypair > > % generation exceeds 10 seconds and consumes significant energy (i.e., > > % battery resources). Even the ECDH multiplication for the HIP DEX > > % static-static key exchange takes 8-9 seconds, again with measurable > > % energy consumption. This resource consumption is tolerable as a > > % one-time event during provisioning, but would render the protocol > > % unsuitable for use on these devices if it was required to be a > > % recurring part of the protocol. For devices constrained in this > > % manner, a FS-enabled protocol will likely provide little gain. The > > % resulting "FS" key, likely produced during device provisioning, would > > % typically end up being used for the remainder of the device's > > % lifetime. With such a usage pattern, the inherent benefit of > > % ephemeral keys is not realized. The security properties of such usage > > % are very similar to those of using a statically provisioned symmetric > > % pre-shared key, in that there remains a single PSK in static storage > > % that is susceptible to exfiltration/compromise, and compromise of that > > % key in effect compromises the entire protocol for that node. HIP DEX > > % achieves marginally better security properties by computing the > > % effective long-term PSK from a DH exchange, so that the provisioning > > % service is not required to be part of the risk surface due to also > > % possessing the PSK. > > % > > % Due to the substantially reduced security guarantees of HIP DEX > > % compared to HIP BEX, HIP DEX MUST only be used when at least one of > > % the two endpoints is a class 0 or 1 constrained device defined in > > % Section 3 of [RFC7228]). HIP DEX MUST NOT be used when both endpoints > > % are class 2 devices or unconstrained. > > I have accepted your text with one typo and some formatting.  Of course > this text uses FS rather than PFS so that is a mis-match for now. > > 1.2.  Applicability > >    HIP DEX achieves its lightweight nature in large part due to the >    intentional removal of Forward Secrecy (FS) from the key exchange. >    Current mechanisms to achieve FS use an authenticated ephemeral >    Diffie-Hellman exchange (e.g., SIGMA or PAKE).  HIP DEX targets usage >    on devices where even the most lightweight ECDH exchange is >    prohibitively expensive for recurring (ephemeral) use.  For example, >    experience with the 8-bit 8051-based ZWAVE ZW0500 microprocessor has >    shown that EC25519 keypair generation exceeds 10 seconds and consumes >    significant energy (i.e., battery resources).  Even the ECDH >    multiplication for the HIP DEX static-static key exchange takes 8-9 >    seconds, again with measurable energy consumption.  This resource >    consumption is tolerable as a one-time event during provisioning, but >    would render the protocol unsuitable for use on these devices if it >    was required to be a recurring part of the protocol.  For devices >    constrained in this manner, a FS-enabled protocol will likely provide >    little gain.  The resulting "FS" key, likely produced during device >    provisioning, would typically end up being used for the remainder of >    the device's lifetime. > >    With such a usage pattern, the inherent benefit of ephemeral keys is >    not realized.  The security properties of such usage are very similar >    to those of using a statically provisioned symmetric pre-shared key, >    in that there remains a single PSK in static storage that is >    susceptible to exfiltration/compromise, and compromise of that key in >    effect compromises the entire protocol for that node.  HIP DEX >    achieves marginally better security properties by computing the >    effective long-term PSK from a DH exchange, so that the provisioning >    service is not required to be part of the risk surface due to also >    possessing the PSK. > >    Due to the substantially reduced security guarantees of HIP DEX >    compared to HIP BEX, HIP DEX MUST only be used when at least one of >    the two endpoints is a class 0 or 1 constrained device defined in >    Section 3 of [RFC7228]).  HIP DEX MUST NOT be used when both >    endpoints are class 2 devices or unconstrained. > > > > Section 2.2 > > > > Ltrunc (M(x), K) denotes the lowest order K bits of the result of > > the MAC function M on the input x. > > > > I'm not sure I'm going to interpret the "lowest order K bits" the same > > way that everyone else will. I think "leftmost" or "first" are more > > common terms for describing this sort of truncation. > > This text goes back to 5201.  Implementors of 5201 did not have a > problem with this, in fact probably one of them supplied the text. But I > am open to change based on consensus. > > > Section 2.3 > > > > CMAC: The Cipher-based Message Authentication Code with the 128-bit > > Advanced Encryption Standard (AES) defined in RFC 4493 [RFC4493]. > > > > I would suggest just using CMAC as the acronym and not trying to > > overload it to also be AES-specific. > > Do you recommend I just reference SP800-38B? That would work, but my recommendation would be to use this definition text as the definition of "AES-CMAC" ... though the RFC Editor might want to make us change all the usages of CMAC() in formulae as well. > > HIT Suite: A HIT Suite groups all algorithms that are required to > > generate and use an HI and its HIT. In particular, these > > algorithms are: 1) ECDH and 2) FOLD. > > > > For DEX. For normal HIPv2 we wouldn't touch FOLD with a long pole. > > :) > >    HIT Suite:  A HIT Suite groups all algorithms that are required to >       generate and use an HI and its HIT.  In particular for HIP DEX, >       these algorithms are: 1) ECDH and 2) FOLD. > > BTW, I once DID use a 10' pole to chase a family of raccoons out of my > garage.  Really, it WAS 10' long, I had just gotten it from the lumber > yard.  Came home and there were a bunch of beady eyes in the garage.. > > > HI (Host Identity): The static ECDH public key that represents the > > identity of the host. In HIP DEX, a host proves ownership of the > > private key belonging to its HI by creating a HIP_MAC with the > > derived ECDH key (see Section 3). > > > > This may sound pedantic, but this doesn't actually prove ownership of > > the private key. Someone who knows the private key of the other party > > and the public key of the host in question would be able to produce the > > same MAC from the corresponding derived ECDH key. I think the most we > > can say here is that a host authenticates itself as that host identity > > [with that HIP_MAC]. There's the corresponding trust of the recipient > > that its own private key remains secure and thus that no party other > > than itself or the peer identity could have generated that message. > > I will think on this one.  See what verbiage helps. > > > Initiator: The host that initiates the HIP DEX handshake. This role > > is typically forgotten once the handshake is completed. > > > > "typically"? Perhaps it's best to say that the role is not used or > > needed after the handshake is completed. > > I the HIP state machine, either peer can be the Initiator.  Roles can be > reversed.  If one party looses state, it can then become the Initiator > regardless of what role it had in the original exchange. > > This is the text used in 7401. > > > KEYMAT: Keying material. That is, the bit string(s) used as > > cryptographic keys. > > > > I'm surprised we need an abbreviation for this. > > I got comments in early drafts of 5201-bis.  Put it in.  Take it out.  > So for now, I leave it in. > > > Length of the Responder's HIT Hash Algorithm (RHASH_len): The > > natural output length of RHASH in bits. > > > > [this doesn't really fit the pattern of "definition"s] > > It is in 7401.  If the AD says pull it.  It goes. > > Though perhaps the definition is of RHASH_len? > > > Responder: The host that responds to the Initiator in the HIP DEX > > handshake. This role is typically forgotten once the handshake is > > completed. > > > > [same thing re "typically"] > > Same response. > > > Section 3 > > > > HIP DEX implementations MUST support the Elliptic Curve Diffie- > > Hellman (ECDH) [RFC6090] key exchange for generating the HI as > > defined in Section 5.2.3. No additional algorithms are supported at > > this time. > > > > It's kind of weird to see a "MUST" for "RFC6090 key exchange"; 6090 > > discusses the general class of things but is not a specific key exchange > > algorithm (e.g., curve). > > I'd also consider s/supported/defined/. > > Good point.  Changed to: > >    HIP DEX implementations use the Elliptic Curve Diffie-Hellman (ECDH) >    [RFC6090] key exchange for generating the HI as defined in >    Section 5.2.3.  No alternative algorithms are defined at this time. > > > Due to the latter property, an attacker may be able to find a > > collision with a HIT that is in use. Hence, policy decisions such as > > access control MUST NOT be based solely on the HIT. Instead, the HI > > of a host SHOULD be considered. > > > > I don't think this is correct or a strong enough statement. In > > particular, I don't think access control should be based on the HIT at > > all, so strike "solely". Also, the "SHOULD" seems too week. I can > > understand that "MUST use the HI" could be overly constraining, but > > "access control decisions MUST be made on the actual identity of the > > host, e.g., the full HI" should allow for sufficient flexibility. > > I will see how this changes with the ACL additions. > > > Carrying HIs and HITs in the header of user data packets would > > increase the overhead of packets. Thus, it is not expected that > > > > s/and/or/? > > fixed. > > > association. When other user data packet formats are used, the > > corresponding extensions need to define a replacement for the > > ESP_TRANSFORM [RFC7402] parameter along with associated semantics, > > but this procedure is outside the scope of this document. > > > > Why is ESP_TRANSFORM the most important parameter here, when we talk > > about mapping a packet to the HIP association? I thought ESP_TRANSFORM > > was literally about the encryption mechanics, not metadata around it. > > Again, this goes back to 5201.  We are talking about ~20 years of > discussions. > > We are discussing HIs and HITs, but that SPIs are used in everyday > packets as the pointer to the HIs and HITs involved.  I will think on > this, but it is down the list on things to change that were inherited > from 5201. > > > Section 3.2 > > > > ORCHID claims to provide statistical uniqueness and routability at some > > overlay layer, neither of which this FOLD procedure provides, due to > > easily-generatable second preimages. > > > > Section 3.2.1 > > > > Since collision-resistance is not possible with the tools at hand, > > any reasonable function (e.g. FOLD) that takes the full value of the > > HI into generating the HIT can be used, provided that collision > > detection is part of the HIP-DEX deployment design. This is achieved > > > > This is not an argument that this is a reasonable thing to do; it's > > merely an argument that it's a thing that can be done that has the same > > claimed properties as the only type of thing that could be done. It > > might be a bad idea to do the only type of thing that can be done, and > > you have not convinced me otherwise. (See also the distinction between > > collision-resistance and second-preimage-resistance alluded to in my > > comment on the previous section.) > > Other changes may help, or not.  We can rejoin this point after draft 14 > (note I will be pushing out draft 13 today for the publish deadline for > changes done so far). > > > here through either an ACL or some other lookup process that > > externally binds the HIT and HI. > > > > Without at least one well-specified mechanism for actually doing this > > and clear documentation of what precise properties such a mechanism > > needs to provide, I think it's irresponsible to publish this document. > > In the works. > > > Section 4.1 > > > > By definition, the system initiating a HIP Diet EXchange is the > > Initiator, and the peer is the Responder. This distinction is > > typically forgotten once the handshake completes, and either party > > can become the Initiator in future communications. > > > > ["typically" again] > > same response. > > > Diffie-Hellman Group IDs supported by the Initiator. Note that in > > some cases it may be possible to replace this trigger packet by some > > other form of a trigger, in which case the protocol starts with the > > Responder sending the R1 packet. In such cases, another mechanism to > > convey the Initiator's supported DH Groups (e.g., by using a default > > group) must be specified. > > > > This seems under-specified for a proposed standard and is probably > > better off omitted entirely. > > This is carried over from 5201, which WAS experimental.  So I can see it > as reasonable to drop this as no one proposed another mechanism. > >    The Initiator first sends a trigger packet, I1, to the Responder. >    This packet contains the HIT of the Initiator and the HIT of the >    Responder, if it is known.  Moreover, the I1 packet initializes the >    negotiation of the Diffie-Hellman group that is used for generating >    the Master Key SA.  Therefore, the I1 packet contains a list of >    Diffie-Hellman Group IDs supported by the Initiator. ("Therefore" feels a bit out of place, but this helps, thanks.) > > > The second packet, R1, starts the actual authenticated Diffie-Hellman > > key exchange. It contains a puzzle - a cryptographic challenge that > > the Initiator must solve before continuing the exchange. The level > > of difficulty of the puzzle can be adjusted based on level of trust > > with the Initiator, current load, or other factors. In addition, the > > > > The Initiator is unauthenticated at this point, so "level of trust" > > seems to not really be defined... > > Changed to "knowledge of the".  If the Responder "knows" that the > Initiator is a sensor, using a smaller puzzle may be preferred. there is > discussion about large puzzles being an attack on sensors. > > > Section 4.1.1 > > > > If an unconstrained (DoSing) attacker is competing with a constrained > > honest initiator to solve puzzles during an attack, it seems like the > > honest initiator is going to lose out pretty badly. > > You do what you can that makes some degree of sense.  You just don't > walk away from the problem. > > > Section 4.1.4 > > > > There are security considerations for serializing the HIP state to > > nonvolatile storage! > > Do you want text about this in the Securities Considerations? Yes, please! I see there's new text about having the ENCRYPTED_KEY counter be part of the state stored to nonvolatile storage, which is good. We may also want discussion of whether having any crypto state (e.g., private key) on nonvolatile storage is a security risk when there is physical device access, and how bad ("very!") the consequences are when the data non nonvolatile storage is not properly sync'd or lost entirely. Thanks for the updates, Ben From nobody Sun Apr 5 19:17:23 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66BE83A0BC1; Sun, 5 Apr 2020 19:17:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TGDO05XDcT4v; Sun, 5 Apr 2020 19:17:16 -0700 (PDT) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29CC43A0BBF; Sun, 5 Apr 2020 19:17:16 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id A8D5162136; Sun, 5 Apr 2020 22:17:13 -0400 (EDT) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id OqwLRfTJfFP5; Sun, 5 Apr 2020 22:16:55 -0400 (EDT) Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id B022162123; Sun, 5 Apr 2020 22:16:54 -0400 (EDT) To: Benjamin Kaduk Cc: The IESG , draft-ietf-hip-dex@ietf.org, hip-chairs@ietf.org, hipsec@ietf.org, Gonzalo Camarillo References: <158334389700.29463.11015652778464092751@ietfa.amsl.com> <2b32b723-65f1-12f1-9531-fc81528a207f@labs.htt-consult.com> <20200406020113.GV88064@kduck.mit.edu> From: Robert Moskowitz Message-ID: Date: Sun, 5 Apr 2020 22:16:46 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <20200406020113.GV88064@kduck.mit.edu> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: Re: [Hipsec] Benjamin Kaduk's Discuss on draft-ietf-hip-dex-13: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 02:17:21 -0000 Ben, I will wait for your response on reading -18. Passover is this week and I am swamped.  I have one more DRIP draft to push out before the ASTM virtual meeting later this week. Perhaps Monday during the middle days I can read all your responses and work up the -19 ver. Bob On 4/5/20 10:01 PM, Benjamin Kaduk wrote: > Hi Bob, > > Sorry this dropped off my radar for so long -- I got really swamped. > Just a few notes inline, as I'll focus on reading the -18. > > On Mon, Mar 09, 2020 at 04:00:33PM -0400, Robert Moskowitz wrote: >> >> On 3/4/20 12:44 PM, Benjamin Kaduk via Datatracker wrote: >>> Benjamin Kaduk has entered the following ballot position for >>> draft-ietf-hip-dex-13: Discuss >>> >>> When responding, please keep the subject line intact and reply to all >>> email addresses included in the To and CC lines. (Feel free to cut this >>> introductory paragraph, however.) >>> >>> >>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>> for more information about IESG DISCUSS and COMMENT positions. >>> >>> >>> The document, along with other ballot positions, can be found here: >>> https://datatracker.ietf.org/doc/draft-ietf-hip-dex/ >>> >>> >>> >>> ---------------------------------------------------------------------- >>> DISCUSS: >>> ---------------------------------------------------------------------- >>> >>> This is a placeholder discuss, intended to illustrate several key >>> omissions from the current document and as an indication that it is not >>> yet ready for full IESG Evaluation. In that vein, I will defer the >>> evaluation shortly, to attempt to short-circuit the current round of >>> evaluation while the draft improves. In particular, this is not >>> intended to be a complete review of the document. >>> >>> The FOLD scheme for compressing full host identities into ORCHIDs/HITs >>> is pretty problematic. The current text acknowledges that collisions >>> are possible and attempts to justify the scheme by pointing out that no >>> collision-free scheme is possible absent a cryptographic hash, which is >>> an appeal to authority ("we can't use a cryptographic hash on >>> constrained systems") that does not attempt to answer the question of >>> whether it is actually reasonable to use a mechanism that allows >>> collisions for this purpose (vs. just not being able to do anything). >>> Additionally, there is not any discussion of second-preimage resistance, >>> which is the more important property here, in terms of an attacker being >>> able to construct a collision with an existing HIT of an honest node. >> In my humble opinion, second-preimage attack defense will be the same as >> any attack against the HI -> HIT mapping function. > Fair enough. We should still use the words "second-preimage attack" in > some fashion, though, I think. (Maybe I will have thoughts about where as > I review the -18.) > >> The only place HITs are used in HIP unauthenticated is in the initial I1 >> - I2 part of the exchange.  By the R2, everything is authenticated.  All >> other HIP messages containing HITs are authenticated. >> >> So the attack is slipping in a HI-HIT mapping that is malicious. Per >> Roman's comments, I will be adding to the I2 and R2 processing to >> validate this mapping. >> >> HIP has always had to handle probabilistic collisions.  DEX now requires >> checking for collisions as critical (via ACLs or other mechanisms).  I >> will see to adding text. >> >> Operationally, the challenge is in those low level sensors that have no >> way to have an ACL set up for the servers/gateways that they are >> connected to.  But this is true even for BEX.  So inclusion of the >> password authentication is part of the critical behavior is ACL or > (I think I maybe hadn't made it to the password authentication part when I > stopped reading the -13.) > >> similar HI-HIT mappings are not possible (sensors with no out-of-band >> update mechanism).  We are always twisting ourselves in the >> chicken-and-egg problem with these devices. >> >>> In a related vein, Section 3.2.1 claims that the above concerns can be >>> remediated by deployment of a collision detection scheme, "achieved here >>> through either an ACL or some other lookup process". This process is >>> vital to the security of the system as a whole, and it would be >>> irresponsible to publish this document without a precise specification >>> of what properties are needed in order to perform this process, as well >>> as a worked example that can be used absent other considerations. >> I will be adding this per Roman's comments.  Most will be in the I2 and >> R2 processing. >> >> >>> Given that the applicability statement ("in communicating with such >>> constrained devices") implies that there is intent to have full-featured >>> nodes that implement both HIP DEX and HIP BEX, I think we need >>> significantly more discussion of how such nodes avoid using DEX in >>> situations where it was not appropriate. That is, how is it known that >>> the peer should be using DEX vs. BEX? Yes, the HIT includes an >>> indication of whether the identity is for use with DEX vs. BEX, but that >>> does not seem like quite the relevant property. Do we envision >>> scenarios where a node is positioned somewhat like a gateway, using DEX >>> on one interface and BEX to the broader internet? >> >> Yes to the gateway situation.  Or the sensor has E2E DEX connection to >> the central server somewhere on the greater Internet. >> >> Perhaps text that limits DEX on non-constrained nodes for use with peers >> in the DEX ACL (or other equivalent control mechanism). > That could work, I think. > >>> Using AES-CTR with the long-term static-static master key requires >>> careful tracking of counter (sequence) number to nonvolatile storage. I >>> did not see discussion of the security consequences of inadvertent >>> counter reuse. >> I will look at this and see what I can add. >> >>> I appreciate the design to limit use of the long-term static-static >>> master key to essentially just key-wrap operations, but this seems to >>> require the presence of a CSPRNG in order to obtain secure session keys. >>> Expecting a strong CSPRNG on a node so constrained that DEX is necessary >>> seems to be a questionable assumption, and I see no discussion of the >>> need for a good RNG. (Relying on the full-featured peer to contribute >>> good entropy to the key derivation is not an option, since DEX is >>> allowed to be used between two nodes that are both constrained.) >> The current text is: >> >>    o  The strength of the keys for the Pair-wise Key SA is based on the >>       quality of the random keying material generated by the Initiator >>       and the Responder.  As either peer may be a sensor or an actuator >>       device, there is a natural concern about the quality of its random >>       number generator. >> >> Changed to: >> >>    o  The strength of the keys for both the Master and Pair-wise Key SAs >>       is based on the quality of the random keying material generated by >>       the Initiator and the Responder.  As either peer may be a sensor >>       or an actuator device, there is a natural concern about the >>       quality of its random number generator.  Thus at least a CSPRNG >>       SHOULD be used. >> >>> The default KEYMAT algorithm uses the "CKDF" (CMAC-based KDF) >>> construction, analogous to HKDF (RFC 5869). However, the paper >>> motivating 5869's design choices does not seem to justify the usage of >>> CMAC instead of HMAC, since the proof requires a PRF* but CMAC (with >>> AES) is only a PRP. Absent some detailed justification or prior art it >>> does not seem prudent to use such a novel construction for >>> security-critical functionality. >> The CKDF design comes from NIST SP800-108.  I had extensive discussions >> with NIST and the 5869 authors at the DEX design time. These points were >> discussed and considered that CKDF is a prudent design. > We should cite SP800-108 for the derivation, then. > >>> ---------------------------------------------------------------------- >>> COMMENT: >>> ---------------------------------------------------------------------- >>> >>> Some additional comments (also incomplete), since they were already written. >>> It would be reasonable to ignore for now any that don't make sense or >>> are on parts of the text likely to change as a result of the higher-level discussion. >>> >>> Abstract >>> >>> My preference is to just use "forward secrecy" rather than "perfect >>> forward secrecy", as perfection is hard to attain. >> I am all for that!  My Jewish Orthodox background makes me cringe at the >> use of PFS.  No such thing in this world (btw, I also cringe at the >> common use of "awesome")... >> >> If there is consensus to drop PFS from all IETF standards, I will >> replace "perfect forward secrecy" with "forward secrecy" and PFS with >> just the full verbiage as FS does not seem to be meaningful. >> >> >>> Section 1.1 >>> >>> HIP DEX operationally is very similar to HIP BEX. Moreover, the >>> employed model is also fairly equivalent to 802.11-2007 >>> [IEEE.802-11.2007] Master Key and Pair-wise Transient Key, but >>> handled in a single exchange. >>> >>> 802.11 security does not exactly have a shiny track record... >> You want to see the "smoking gun" document on WEP design from Nov '94? >> I have it. >> >> The point is the Master key and Pair-wise key design.  Not necessarily >> how they were constructed.  I also published the initial paper on the >> attack on WPA-PSK. > I guess I'm still not entirely sure what value the reference is adding for > us. Is it just an academic-style "this is not novel; here is some prior > related work" (as opposed to "group X used a similar thing, so our thing is > secure")? > >>> HIP DEX does not have the option to encrypt the Host Identity of the >>> Initiator in the I2 packet. The Responder's Host Identity also is >>> not protected. Thus, contrary to HIPv2, HIP DEX does not provide for >>> end-point anonymity and any signaling (i.e., HOST_ID parameter >>> contained with an ENCRYPTED parameter) that indicates such anonymity >>> should be ignored. >>> >>> What would you do if you didn't ignore such signalling? Drop the >>> connection as being with a misbehaving peer? >> Probably more like a ill thought-out implementation.  Right now I am of >> the opinion of leaving this as is.  But I can be convinced to add a drop >> connection. >> >>> As in [RFC7401], data packets start to flow after the R2 packet. The >>> I2 and R2 packets may carry a data payload in the future. The >>> details of this may be defined later. >>> >>> I'm not sure what value is added by mentioning the possibility of data >>> payload in I2/R2. >> This is carried over from 5201.  There were ideas pointing how the 3-way >> TCP setup can become a 5-way HIP - TCPinESP setup. A few other were >> discussed in HIPRG, but no one has proposed to actually use this >> feature.  It stays for some future thinker to tinker with. >> >> >>> An existing HIP association can be updated with the update mechanism >>> defined in [RFC7401]. Likewise, the association can be torn down >>> with the defined closing mechanism for HIPv2 if it is no longer >>> needed. In doing so, HIP DEX omits the HIP_SIGNATURE parameters of >>> the original HIPv2 specification. >>> >>> I think the intent here is more along the lines of "HIP DEX does so even >>> in the absence of the HIP_SIGNATURE that is used in standard HIPv2". >>> (I also note that there's some subtle semantic mismatch between DEX as >>> "diet exchange" and its used to indicate continuing lack of security >>> functionality throughout the extent of the association, after the >>> exchange is completed.) >> Changed to: >> >>    An existing HIP association can be updated with the update mechanism >>    defined in [RFC7401].  Likewise, the association can be torn down >>    with the defined closing mechanism for HIPv2 if it is no longer >>    needed.  In doing so, HIP DEX does so even in the absence of the >>    HIP_SIGNATURE that is used in standard HIPv2. > Maybe swap out the last sentence for "Standard HIPv2 uses a HIP_SIGNATURE > to authenticate the close [ed. is there a better word?], but since DEX does > not provide for signatures, the usual per-message MAC suffices to > authenticate the close."? > >>> Finally, HIP DEX is designed as an end-to-end authentication and key >>> establishment protocol. As such, it can be used in combination with >>> >>> Don't we have a LAKE WG now? How does DEX compare to what they are >>> working on? >> I looked some more at LAKE.  They are proposing to use ephemeral DH as >> part of the exchange.  That goes counter to sec 1.2 of HIP-DEX. If they >> come up with an approach that performs "acceptably", then I will be >> looking at it. >> >>> Section 1.2 >>> >>> In lieu of detailed comments, allow me to propose a rewrite of the whole >>> section: >>> >>> % HIP DEX achieves its lightweight nature in large part due to the >>> % intentional removal of Forward Secrecy (FS) from the key exchange. Current >>> % mechanisms to achieve FS use an authenticated ephemeral Diffie-Hellman >>> % exchange (e.g., SIGMA or PAKE). HIP DEX targets usage on devices where >>> % even the most lightweight ECDH exchange is prohibitively expensive for >>> % recurring (ephemeral) use. For example, experience with the 8-bit >>> % 8051-based ZWAWVE ZW0500 microprocessor has shown that EC25519 keypair >>> % generation exceeds 10 seconds and consumes significant energy (i.e., >>> % battery resources). Even the ECDH multiplication for the HIP DEX >>> % static-static key exchange takes 8-9 seconds, again with measurable >>> % energy consumption. This resource consumption is tolerable as a >>> % one-time event during provisioning, but would render the protocol >>> % unsuitable for use on these devices if it was required to be a >>> % recurring part of the protocol. For devices constrained in this >>> % manner, a FS-enabled protocol will likely provide little gain. The >>> % resulting "FS" key, likely produced during device provisioning, would >>> % typically end up being used for the remainder of the device's >>> % lifetime. With such a usage pattern, the inherent benefit of >>> % ephemeral keys is not realized. The security properties of such usage >>> % are very similar to those of using a statically provisioned symmetric >>> % pre-shared key, in that there remains a single PSK in static storage >>> % that is susceptible to exfiltration/compromise, and compromise of that >>> % key in effect compromises the entire protocol for that node. HIP DEX >>> % achieves marginally better security properties by computing the >>> % effective long-term PSK from a DH exchange, so that the provisioning >>> % service is not required to be part of the risk surface due to also >>> % possessing the PSK. >>> % >>> % Due to the substantially reduced security guarantees of HIP DEX >>> % compared to HIP BEX, HIP DEX MUST only be used when at least one of >>> % the two endpoints is a class 0 or 1 constrained device defined in >>> % Section 3 of [RFC7228]). HIP DEX MUST NOT be used when both endpoints >>> % are class 2 devices or unconstrained. >> I have accepted your text with one typo and some formatting.  Of course >> this text uses FS rather than PFS so that is a mis-match for now. >> >> 1.2.  Applicability >> >>    HIP DEX achieves its lightweight nature in large part due to the >>    intentional removal of Forward Secrecy (FS) from the key exchange. >>    Current mechanisms to achieve FS use an authenticated ephemeral >>    Diffie-Hellman exchange (e.g., SIGMA or PAKE).  HIP DEX targets usage >>    on devices where even the most lightweight ECDH exchange is >>    prohibitively expensive for recurring (ephemeral) use.  For example, >>    experience with the 8-bit 8051-based ZWAVE ZW0500 microprocessor has >>    shown that EC25519 keypair generation exceeds 10 seconds and consumes >>    significant energy (i.e., battery resources).  Even the ECDH >>    multiplication for the HIP DEX static-static key exchange takes 8-9 >>    seconds, again with measurable energy consumption.  This resource >>    consumption is tolerable as a one-time event during provisioning, but >>    would render the protocol unsuitable for use on these devices if it >>    was required to be a recurring part of the protocol.  For devices >>    constrained in this manner, a FS-enabled protocol will likely provide >>    little gain.  The resulting "FS" key, likely produced during device >>    provisioning, would typically end up being used for the remainder of >>    the device's lifetime. >> >>    With such a usage pattern, the inherent benefit of ephemeral keys is >>    not realized.  The security properties of such usage are very similar >>    to those of using a statically provisioned symmetric pre-shared key, >>    in that there remains a single PSK in static storage that is >>    susceptible to exfiltration/compromise, and compromise of that key in >>    effect compromises the entire protocol for that node.  HIP DEX >>    achieves marginally better security properties by computing the >>    effective long-term PSK from a DH exchange, so that the provisioning >>    service is not required to be part of the risk surface due to also >>    possessing the PSK. >> >>    Due to the substantially reduced security guarantees of HIP DEX >>    compared to HIP BEX, HIP DEX MUST only be used when at least one of >>    the two endpoints is a class 0 or 1 constrained device defined in >>    Section 3 of [RFC7228]).  HIP DEX MUST NOT be used when both >>    endpoints are class 2 devices or unconstrained. >> >> >>> Section 2.2 >>> >>> Ltrunc (M(x), K) denotes the lowest order K bits of the result of >>> the MAC function M on the input x. >>> >>> I'm not sure I'm going to interpret the "lowest order K bits" the same >>> way that everyone else will. I think "leftmost" or "first" are more >>> common terms for describing this sort of truncation. >> This text goes back to 5201.  Implementors of 5201 did not have a >> problem with this, in fact probably one of them supplied the text. But I >> am open to change based on consensus. >> >>> Section 2.3 >>> >>> CMAC: The Cipher-based Message Authentication Code with the 128-bit >>> Advanced Encryption Standard (AES) defined in RFC 4493 [RFC4493]. >>> >>> I would suggest just using CMAC as the acronym and not trying to >>> overload it to also be AES-specific. >> Do you recommend I just reference SP800-38B? > That would work, but my recommendation would be to use this definition text > as the definition of "AES-CMAC" ... though the RFC Editor might want to > make us change all the usages of CMAC() in formulae as well. > >>> HIT Suite: A HIT Suite groups all algorithms that are required to >>> generate and use an HI and its HIT. In particular, these >>> algorithms are: 1) ECDH and 2) FOLD. >>> >>> For DEX. For normal HIPv2 we wouldn't touch FOLD with a long pole. >> :) >> >>    HIT Suite:  A HIT Suite groups all algorithms that are required to >>       generate and use an HI and its HIT.  In particular for HIP DEX, >>       these algorithms are: 1) ECDH and 2) FOLD. >> >> BTW, I once DID use a 10' pole to chase a family of raccoons out of my >> garage.  Really, it WAS 10' long, I had just gotten it from the lumber >> yard.  Came home and there were a bunch of beady eyes in the garage.. >> >>> HI (Host Identity): The static ECDH public key that represents the >>> identity of the host. In HIP DEX, a host proves ownership of the >>> private key belonging to its HI by creating a HIP_MAC with the >>> derived ECDH key (see Section 3). >>> >>> This may sound pedantic, but this doesn't actually prove ownership of >>> the private key. Someone who knows the private key of the other party >>> and the public key of the host in question would be able to produce the >>> same MAC from the corresponding derived ECDH key. I think the most we >>> can say here is that a host authenticates itself as that host identity >>> [with that HIP_MAC]. There's the corresponding trust of the recipient >>> that its own private key remains secure and thus that no party other >>> than itself or the peer identity could have generated that message. >> I will think on this one.  See what verbiage helps. >> >>> Initiator: The host that initiates the HIP DEX handshake. This role >>> is typically forgotten once the handshake is completed. >>> >>> "typically"? Perhaps it's best to say that the role is not used or >>> needed after the handshake is completed. >> I the HIP state machine, either peer can be the Initiator.  Roles can be >> reversed.  If one party looses state, it can then become the Initiator >> regardless of what role it had in the original exchange. >> >> This is the text used in 7401. >> >>> KEYMAT: Keying material. That is, the bit string(s) used as >>> cryptographic keys. >>> >>> I'm surprised we need an abbreviation for this. >> I got comments in early drafts of 5201-bis.  Put it in.  Take it out. >> So for now, I leave it in. >> >>> Length of the Responder's HIT Hash Algorithm (RHASH_len): The >>> natural output length of RHASH in bits. >>> >>> [this doesn't really fit the pattern of "definition"s] >> It is in 7401.  If the AD says pull it.  It goes. >> >> Though perhaps the definition is of RHASH_len? >> >>> Responder: The host that responds to the Initiator in the HIP DEX >>> handshake. This role is typically forgotten once the handshake is >>> completed. >>> >>> [same thing re "typically"] >> Same response. >> >>> Section 3 >>> >>> HIP DEX implementations MUST support the Elliptic Curve Diffie- >>> Hellman (ECDH) [RFC6090] key exchange for generating the HI as >>> defined in Section 5.2.3. No additional algorithms are supported at >>> this time. >>> >>> It's kind of weird to see a "MUST" for "RFC6090 key exchange"; 6090 >>> discusses the general class of things but is not a specific key exchange >>> algorithm (e.g., curve). >>> I'd also consider s/supported/defined/. >> Good point.  Changed to: >> >>    HIP DEX implementations use the Elliptic Curve Diffie-Hellman (ECDH) >>    [RFC6090] key exchange for generating the HI as defined in >>    Section 5.2.3.  No alternative algorithms are defined at this time. >> >>> Due to the latter property, an attacker may be able to find a >>> collision with a HIT that is in use. Hence, policy decisions such as >>> access control MUST NOT be based solely on the HIT. Instead, the HI >>> of a host SHOULD be considered. >>> >>> I don't think this is correct or a strong enough statement. In >>> particular, I don't think access control should be based on the HIT at >>> all, so strike "solely". Also, the "SHOULD" seems too week. I can >>> understand that "MUST use the HI" could be overly constraining, but >>> "access control decisions MUST be made on the actual identity of the >>> host, e.g., the full HI" should allow for sufficient flexibility. >> I will see how this changes with the ACL additions. >> >>> Carrying HIs and HITs in the header of user data packets would >>> increase the overhead of packets. Thus, it is not expected that >>> >>> s/and/or/? >> fixed. >> >>> association. When other user data packet formats are used, the >>> corresponding extensions need to define a replacement for the >>> ESP_TRANSFORM [RFC7402] parameter along with associated semantics, >>> but this procedure is outside the scope of this document. >>> >>> Why is ESP_TRANSFORM the most important parameter here, when we talk >>> about mapping a packet to the HIP association? I thought ESP_TRANSFORM >>> was literally about the encryption mechanics, not metadata around it. >> Again, this goes back to 5201.  We are talking about ~20 years of >> discussions. >> >> We are discussing HIs and HITs, but that SPIs are used in everyday >> packets as the pointer to the HIs and HITs involved.  I will think on >> this, but it is down the list on things to change that were inherited >> from 5201. >> >>> Section 3.2 >>> >>> ORCHID claims to provide statistical uniqueness and routability at some >>> overlay layer, neither of which this FOLD procedure provides, due to >>> easily-generatable second preimages. >>> >>> Section 3.2.1 >>> >>> Since collision-resistance is not possible with the tools at hand, >>> any reasonable function (e.g. FOLD) that takes the full value of the >>> HI into generating the HIT can be used, provided that collision >>> detection is part of the HIP-DEX deployment design. This is achieved >>> >>> This is not an argument that this is a reasonable thing to do; it's >>> merely an argument that it's a thing that can be done that has the same >>> claimed properties as the only type of thing that could be done. It >>> might be a bad idea to do the only type of thing that can be done, and >>> you have not convinced me otherwise. (See also the distinction between >>> collision-resistance and second-preimage-resistance alluded to in my >>> comment on the previous section.) >> Other changes may help, or not.  We can rejoin this point after draft 14 >> (note I will be pushing out draft 13 today for the publish deadline for >> changes done so far). >> >>> here through either an ACL or some other lookup process that >>> externally binds the HIT and HI. >>> >>> Without at least one well-specified mechanism for actually doing this >>> and clear documentation of what precise properties such a mechanism >>> needs to provide, I think it's irresponsible to publish this document. >> In the works. >> >>> Section 4.1 >>> >>> By definition, the system initiating a HIP Diet EXchange is the >>> Initiator, and the peer is the Responder. This distinction is >>> typically forgotten once the handshake completes, and either party >>> can become the Initiator in future communications. >>> >>> ["typically" again] >> same response. >> >>> Diffie-Hellman Group IDs supported by the Initiator. Note that in >>> some cases it may be possible to replace this trigger packet by some >>> other form of a trigger, in which case the protocol starts with the >>> Responder sending the R1 packet. In such cases, another mechanism to >>> convey the Initiator's supported DH Groups (e.g., by using a default >>> group) must be specified. >>> >>> This seems under-specified for a proposed standard and is probably >>> better off omitted entirely. >> This is carried over from 5201, which WAS experimental.  So I can see it >> as reasonable to drop this as no one proposed another mechanism. >> >>    The Initiator first sends a trigger packet, I1, to the Responder. >>    This packet contains the HIT of the Initiator and the HIT of the >>    Responder, if it is known.  Moreover, the I1 packet initializes the >>    negotiation of the Diffie-Hellman group that is used for generating >>    the Master Key SA.  Therefore, the I1 packet contains a list of >>    Diffie-Hellman Group IDs supported by the Initiator. > ("Therefore" feels a bit out of place, but this helps, thanks.) >>> The second packet, R1, starts the actual authenticated Diffie-Hellman >>> key exchange. It contains a puzzle - a cryptographic challenge that >>> the Initiator must solve before continuing the exchange. The level >>> of difficulty of the puzzle can be adjusted based on level of trust >>> with the Initiator, current load, or other factors. In addition, the >>> >>> The Initiator is unauthenticated at this point, so "level of trust" >>> seems to not really be defined... >> Changed to "knowledge of the".  If the Responder "knows" that the >> Initiator is a sensor, using a smaller puzzle may be preferred. there is >> discussion about large puzzles being an attack on sensors. >> >>> Section 4.1.1 >>> >>> If an unconstrained (DoSing) attacker is competing with a constrained >>> honest initiator to solve puzzles during an attack, it seems like the >>> honest initiator is going to lose out pretty badly. >> You do what you can that makes some degree of sense.  You just don't >> walk away from the problem. >> >>> Section 4.1.4 >>> >>> There are security considerations for serializing the HIP state to >>> nonvolatile storage! >> Do you want text about this in the Securities Considerations? > Yes, please! > > I see there's new text about having the ENCRYPTED_KEY counter be part of > the state stored to nonvolatile storage, which is good. We may also want > discussion of whether having any crypto state (e.g., private key) on > nonvolatile storage is a security risk when there is physical device > access, and how bad ("very!") the consequences are when the data non > nonvolatile storage is not properly sync'd or lost entirely. > > Thanks for the updates, > > Ben From nobody Sun Apr 5 23:00:49 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B80523A08F3; Sun, 5 Apr 2020 23:00:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.268 X-Spam-Level: X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMYpU0eXlDTb; Sun, 5 Apr 2020 23:00:27 -0700 (PDT) Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10084.outbound.protection.outlook.com [40.107.1.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 273083A0952; Sun, 5 Apr 2020 23:00:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mp53w4OOoGjheWrmGjikpvL9VFNPCqThRD1iL/REPZB9CaalTO7QMIgMwvYP+FKfFgurGgY5clu8dNPnOy6Nfy2bJd2hvOjwlaEOPt4uWlc6US7Xyn5aE2+5qJUHt0rNZbfc2hL5gujebQCXy7dBSQROvMteFSDRXyPt7U6mqlz/s1VQWoTkDt4sWiqF5I4Cz22SnCRKA5fgyKAZAZCNbwGvQxqbgI+fmfqrCIKsRl70eNcFbGWFHG9hRXMlb3OGNzDHRClrm55UDw57ORJ36kKddiMv7o1EmNywGLC/6ECJPGQIW+fWOI3bYXgzOjKdlIY0d4N4G/O1U4cQbwAgsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LBPIzyZlcXsU7ye5YXGMjY2vZ6i2EckGlGd7tRIu8LQ=; b=MJKIV802fXn97qJoi0exdnThHkcjoJ9yP+rhNAlF37kxGkQoHlecAa88ieeWEsd6BadGxpbUOIbJGlzn6w1p8jwKYNIesswftDP5+xCHd+WK6OPiOgr1R1VbNphYyk0nc4Wk2ym9fqQjOMqGNo24z92WwnutMvCa6wTL+uQJp+vBo+lXT7olZmaOXnQIiS+zTyAJfw21wC+yhoGamwaXs0SUdAWVHKyI3+6UzdxCPLUH2GPZkVUwn72AQAh/vwkKFCcat/C2x/Of4nvn+ZjqvfCiv3GmxDQJX3FTApHqzkSXgC1xgW9B7sLZH1YI5UECPn2kJXPW7AOhZ9nEEymH8A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LBPIzyZlcXsU7ye5YXGMjY2vZ6i2EckGlGd7tRIu8LQ=; b=HtdsCRG5DCgqO6sLkYyrdss4mSA/pv9GVDmrC4Mn9J/c0JEB8FqeVzARDN+LQIHCTDLd4afNKZI7/ehcw14gamSHQ8x4ZjRfesZJWAdz/KQO7BIoZ6dHQUZf8ZnXG7nlBvO9eXC1GV3SS1u2++b+DQQ14HJ53MAfRCU69yS6yZE= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB6050.eurprd07.prod.outlook.com (20.178.115.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.12; Mon, 6 Apr 2020 06:00:24 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4%7]) with mapi id 15.20.2900.012; Mon, 6 Apr 2020 06:00:24 +0000 From: Miika Komu To: "iesg@ietf.org" , "barryleiba@computer.org" CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Barry Leiba's No Objection on draft-ietf-hip-native-nat-traversal-30: (with COMMENT) Thread-Index: AQHV8qvxB5XGc/XRtUmYfKdFR6R576hry/qA Date: Mon, 6 Apr 2020 06:00:24 +0000 Message-ID: References: <158338482498.29408.1849982962699257652@ietfa.amsl.com> In-Reply-To: <158338482498.29408.1849982962699257652@ietfa.amsl.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3f90d95a-55bc-420e-2edc-08d7d9efcc51 x-ms-traffictypediagnostic: AM0PR07MB6050: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0365C0E14B x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(366004)(346002)(376002)(4326008)(36756003)(186003)(6512007)(5660300002)(66446008)(64756008)(66556008)(91956017)(76116006)(66946007)(66476007)(44832011)(71200400001)(2616005)(110136005)(6486002)(54906003)(86362001)(2906002)(26005)(6506007)(8676002)(478600001)(81156014)(81166006)(316002)(966005)(8936002)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: tW3bRcdXNtX1jb7Or8scFloxt46c4BSp3xuMNTSlmmlUpck8pQ3rRHGJk/nNmNQE/xLCUq+QxJ9uM6QNSrcIqUtW37sLRuGwZZNTNODagl7yeq3osBOALHWO5RFHJGb9zK/+JRYoX3ya4AVcSYYyyDzPQOKtCYX5QXQCyP6Lpneg7Ihfb3le53NeHv+js6tzmSW8fKdnQCSiBYuZOwhtaunS+8OAdBNv5KGUGAvpv/E5dfafQV6gwK5+3MRd8p+mVqxL172UkchhJVLLOgpeL7c1X7w8Miw6B15RFEoRp5qybEqomeRejFQrcZ29AiCBbUy6jwXaSHj0LMEkV/fU6Q6eT17+cwqEF2uIBZtTiYdhgd4enzQkIJK7ZskqRXHHNpYnvE6qhI3GGWiA8zoh4UT1SBOaxEhBsVzxw9pOTgO14+m3iiaVCDYaKbzAfk2avlqbGzVxf9yaShrf1fXWKfB6iUKAYDTTd6tIOqHA2srTFDPTMPx+XsfbTbGXclV8UhdwCMguhSfWCFNhKS9Fi49pnTanOVOH75SaVLjARQ/0GupMOa6awKVzsgx7LICp x-ms-exchange-antispam-messagedata: /FcDxoX/IgmcuIQGTQ3kFO14wcBUf815G5YkhAOGNM6p+vJnY6/eBZSCrFHm7iYFfx23aDeWA9R5p5zym4fIut0h1ZNTJGfeULoUtmh9EH2GyMSbJY3d1AE0U9DDJms3ZBYDF/821wfOa9PDlQx+IA== Content-Type: text/plain; charset="utf-8" Content-ID: <898ED38D4279B14BBA25386D12A9A1B3@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3f90d95a-55bc-420e-2edc-08d7d9efcc51 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2020 06:00:24.3838 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 0TAcE5J32c4e0G4kvLEn7VlinSisi1KIXMlJ0jk4Xv6t0SYVH7YjbQ0fyeKHaWhLMLLo/3Nl7/5J3CDt4LzSfA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6050 Archived-At: Subject: Re: [Hipsec] Barry Leiba's No Objection on draft-ietf-hip-native-nat-traversal-30: (with COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 06:00:39 -0000 SGkgQmFycnksDQoNCmtlLCAyMDIwLTAzLTA0IGtlbGxvIDIxOjA3IC0wODAwLCBCYXJyeSBMZWli YSB2aWEgRGF0YXRyYWNrZXINCmtpcmpvaXR0aToNCj4gQmFycnkgTGVpYmEgaGFzIGVudGVyZWQg dGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQo+IGRyYWZ0LWlldGYtaGlwLW5hdGl2 ZS1uYXQtdHJhdmVyc2FsLTMwOiBObyBPYmplY3Rpb24NCj4gDQo+IFdoZW4gcmVzcG9uZGluZywg cGxlYXNlIGtlZXAgdGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5kIHJlcGx5IHRvIGFsbA0KPiBl bWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJl ZSB0byBjdXQNCj4gdGhpcw0KPiBpbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVyLikNCj4g DQo+IA0KPiBQbGVhc2UgcmVmZXIgdG8gDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3Rh dGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbA0KPiBmb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91 dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KPiANCj4gDQo+IFRoZSBkb2N1 bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVy ZToNCj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1oaXAtbmF0 aXZlLW5hdC10cmF2ZXJzYWwvDQo+IA0KPiANCj4gDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gLS0tDQo+IENP TU1FTlQ6DQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gLS0tDQo+IA0KPiBHaXZlbiB0aGlzIGRvY3VtZW504oCZ cyBkZXBlbmRlbmN5IG9uIGNvbmNlcHRzIGFuZCB0ZXJtaW5vbG9neSBmcm9tDQo+IDU3NzAsIEkg dGhpbmsNCj4gdGhhdCBkb2N1bWVudCBoYXMgdG8gYmUgYSBub3JtYXRpdmUgcmVmZXJlbmNlLiAg Q2FuIHNvbWVvbmUgcmVhbGx5DQo+IHVuZGVyc3RhbmQNCj4gYW5kIGltcGxlbWVudCB0aGlzIHdp dGhvdXQgYW55IHJlZmVyZW5jZSB0byA1NzcwPw0KDQpJIGNoYW5nZWQgdGhlIHJlZmVuY2UgdG8g bm9ybWF0aXZlLg0KDQo+IOKAlCBBYnN0cmFjdCDigJQNCj4gDQo+ICAgIFRoZSBtYWluDQo+ICAg IGRpZmZlcmVuY2UgZnJvbSB0aGUgcHJldmlvdXNseSBzcGVjaWZpZWQgbW9kZXMgaXMgdGhlIHVz ZSBvZiBISVANCj4gICAgbWVzc2FnZXMgaW5zdGVhZCBvZiBJQ0UgZm9yIGFsbCBOQVQgdHJhdmVy c2FsIHByb2NlZHVyZXMgZHVlIHRvDQo+IGl0cw0KPiAgICBrZXJuZWwtc3BhY2UgZGVwZW5kZW5j aWVzLg0KPiANCj4gVGhlIGFudGVjZWRlbnQgdG8g4oCcaXRz4oCdIGlzIHVuY2xlYXI6IGl0IGNv dWxkIGJlIOKAnHVzZSBvZiBISVANCj4gbWVzc2FnZXPigJ0sIG9yDQo+IOKAnElDReKAnSwgb3Ig 4oCcTkFUIHRyYXZlcnNhbOKAnS4gIFBsZWFzZSByZXBocmFzZSB0byBjbGFyaWZ5Lg0KDQpjaGFu Z2VkIHRvICJkdWUgdG8gdGhlIGtlcm5lbC1zcGFjZSBkZXBlbmRlbmNpZXMgb2YgSElQIi4NCg0K PiDigJQgU2VjdGlvbiAxIOKAlA0KPiANCj4gICAgQWxzbywgZXNwZWNpYWxseSBOQVRzIHVzdWFs bHkgcmVxdWlyZSB0aGUNCj4gICAgaG9zdCBiZWhpbmQgYSBOQVQgdG8gY3JlYXRlIGEgZm9yd2Fy ZGluZyBzdGF0ZSBpbiB0aGUgTkFUIGJlZm9yZQ0KPiAgICBvdGhlciBob3N0cyBvdXRzaWRlIG9m IHRoZSBOQVQgY2FuIGNvbnRhY3QgdGhlDQo+IA0KPiBXaGF0IGRvZXMg4oCcZXNwZWNpYWxseeKA nSBtZWFuIGluIHRoaXMgc2VudGVuY2U/ICBJdCBkb2VzbuKAmXQgbWFrZSBzZW5zZQ0KPiB0byBt ZS4gDQo+IERvZXMgaXQgYWRkIGFueXRoaW5nPw0KDQpJIHJlbW92ZWQgaXQuDQoNCj4gICAgd2hp Y2ggd2lsbCBiZSByZWZlcnJlZCBhcyAiTGVnYWN5IElDRS1ISVAiIGluIHRoaXMgZG9jdW1lbnQu DQo+IA0KPiBOaXQ6IOKAnHJlZmVycmVkIHRv4oCdDQoNCmNoYW5nZWQgYXMgc3VnZ2VzdGVkDQoN Cj4gICAgSElQIHBvc2VzIGEgdW5pcXVlIGNoYWxsZW5nZSB0byB1c2luZyBzdGFuZGFyZCBJQ0Us IGR1ZSBub3Qgb25seQ0KPiB0bw0KPiAgICBpdHMga2VybmVsLXNwYWNlIGltcGxlbWVudGF0aW9u LCBidXQgYWxzbyBkdWUgdG8gaXRzIGNsb3NlDQo+IA0KPiBTYW1lIGNvbW1lbnQgYWJvdXQg4oCc aXRz4oCdIGFzIGluIHRoZSBhYnN0cmFjdDogcGxlYXNlIHJlcGxhY2Ug4oCcaXRz4oCdDQo+IHdp dGggd2hhdA0KPiB5b3XigJlyZSB0YWxraW5nIGFib3V0LCBhcyBpdCBpc27igJl0IGNsZWFyLg0K DQpjaGFuZ2VkIHRvICJrZXJuZWwtc3BhY2UgZGVwZW5kZW5jaWVzIG9mIEhJUCIuDQoNClRoYW5r cyBmb3IgeW91ciBjb21tZW50cyENCg== From nobody Mon Apr 6 01:52:10 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1918E3A0BC4; Mon, 6 Apr 2020 01:52:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.268 X-Spam-Level: X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00vv1LEyTg3L; Mon, 6 Apr 2020 01:52:04 -0700 (PDT) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2052.outbound.protection.outlook.com [40.107.22.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61A9B3A0BC5; Mon, 6 Apr 2020 01:52:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X6OgGp3g/ghF6GjDoUIvWWsn83rpq+gUcRq+6R6TamTIE/2WokPD/Iz3ct1pBL0VkmX/Qj687dEGqrtuuAiiO9RvsrkHSRAaSjtD68GNJfHNWjqbub7rJsiSuZdhRgjKHX3ai4hEc+7mN539U6JlnsZxsqjSI0m1ZzBPdPWXVP1N8a+aDYTQWItU5JLMEKW9uCLJ0a/zTDz2Cq37rsSgBW8TzRiuIV9ipn03opZS+u9daPK7HrnsvfHcxSE6miVF5pNR+CCFhXuFyk6MqnrmsoyQtrUsoJpP4XGpRY3/IqgHHOHt+ORk8ozc9huzP02GYtWDeZqptN679Cra8jSwdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ydF9d+8QsVwkx4PYKRWqtz9wpFqLmf17BKpj7PW28n4=; b=nf3j3yKuwvR1Ew7hKNHiTFENpn+KN7vtiz8g90aWu/f30iKdKqTzU7Bdf6n2mci7ecwaYSj0aKjcwYdNpZSw5+TBRd6JKJTYAPih8aTe5KINqC5/obutKJTk9V0QgHctmYNJHfBH6QDERbDuj418cb550sEtBIy3DOnwiGuF8ZnTc+wcBbWotVq2COE2QybaXb5VcjGYd4dL32M4XBT2FqwVkipU5WrmKfAq6pdrHI0f+2x/Ku2g75lMo44iKEbQJ2WzgDry0Ww3bhkPblw2WwWBYk+GO0tGgjC+bh+ZAmhT+KmRjEEbyUCxqS1G6lbc42tLqoI91ZJF3/9JdpQocA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ydF9d+8QsVwkx4PYKRWqtz9wpFqLmf17BKpj7PW28n4=; b=nNQceqn4sg6faDXiIGqCCe58/UL2CdZzsTyIWh2hUZYn0+pgU2y9OffjBOH4IABA9ktSFimZJiWcMiZEjtQ5iKNM9JyZBU3bV5uChyXjR9h79YKwrB98OfDsEhLOhf56j9FAJdctIwr3J6i/H+7TjtiJO6QzF3wjFLIpFzx7UPM= Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (52.133.7.14) by HE1PR0702MB3530.eurprd07.prod.outlook.com (52.133.5.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.14; Mon, 6 Apr 2020 08:52:01 +0000 Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a%2]) with mapi id 15.20.2900.012; Mon, 6 Apr 2020 08:52:01 +0000 From: Magnus Westerlund To: "iesg@ietf.org" , Miika Komu CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8t5jpwo8AfrnzU6oGxAW8ZOYmqhma8gAgAC0MoCAADR7gIADXbKAgAFJX4A= Date: Mon, 6 Apr 2020 08:52:01 +0000 Message-ID: <7a9890d44949e638b796af989fd06c4eda26d5c2.camel@ericsson.com> References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> <1ee7a7a90a590c89583c7ce3e6a61d07f63ad9b1.camel@ericsson.com> <6d093953853f2062d0d31e23807f5116c4748ba3.camel@ericsson.com> <408e58bf1969e7a538e0ee545dd69ff694d81bf0.camel@ericsson.com> In-Reply-To: <408e58bf1969e7a538e0ee545dd69ff694d81bf0.camel@ericsson.com> Accept-Language: sv-SE, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com; x-originating-ip: [158.174.118.23] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4b738978-c470-41bd-0739-08d7da07c5a8 x-ms-traffictypediagnostic: HE1PR0702MB3530:|HE1PR0702MB3530: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0365C0E14B x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(39860400002)(366004)(376002)(346002)(136003)(76116006)(6486002)(8676002)(36756003)(5660300002)(316002)(86362001)(110136005)(66446008)(6636002)(66946007)(64756008)(66556008)(81166006)(8936002)(81156014)(66616009)(54906003)(66476007)(186003)(26005)(450100002)(4326008)(2616005)(44832011)(99936003)(6506007)(2906002)(71200400001)(6512007)(478600001)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 4YbI7vU/sbyA6vWev/vEwsugMSLzU6F6+eHdv8tKjEJ3I49QuMbxcy+OFZCr1NBXdP6XxA6t02F0voTZ9IJRx6TRalpQQ89FRFK7dvzr6hmDZwz9D9yVmPWRXao788uLTnywReVgKwxY3upScquvUQmrEZuJy2gryB71/X2zJY9rqAzz8Buzd9VMAO2cusySAKMzyLvKPGAW4qvRHeEsGjKqxgOysY+K4UW5uztydLFD40ltDBwX+/x5OTQflDCXZP1wb7wITgdekacH1x07bsZBPCEA+YwAVg9rI7TTCz0ablMxsGT95eYOPvWCh83aOPTbGeOFr7GaZV/pipGY3n+5lnipmXnzWnvnOqdA6zm61DouymKm47xp8Sn65PeaTqzwjqR3FnVEEL/BdSMUjZ4j+vuXLPaTRo7m62TypyCGXosSRtsDccD/e10ONkwxzyBcxDwYltDYvwDMvtcvUgws+RbX7CgNneNYI+yJyy9gQoNslO/R0dV0gZIg//mU x-ms-exchange-antispam-messagedata: /Yx4mcDBZG0teBbiX1zv56kZVL/xYn2QeZoztF+pp5QhoDTYYRJn/lkBgJlHSMLnmSGD7WMTl+ddndLa2AOiUTaSkLHzJKIrfbbZJucB87AM41kCzYEZ8pbjRCHm3n/bWicdsLfM5/qUuVeixsI80w== Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-9nUAWfLpE4PDrbEb+fhs" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4b738978-c470-41bd-0739-08d7da07c5a8 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2020 08:52:01.0355 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vNg0I/Ja2gVlKK6zY36bjl9Nk9ZB1jIdUe1t1q2dNoWiNO/1wbnhCRGyD1IDEWvR+03MOflCKd4TmRAzWRAocuUk4S0zGt+PuPKh+jSDMVg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3530 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 08:52:08 -0000 --=-9nUAWfLpE4PDrbEb+fhs Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, I think the below text looks good. If you are reasonably confident that HIP supports the capabilities required for implementing PLP MTUD requirements t= hen I think that pargraph is good hint. So I believe I will have no issues with clearing when a document with the discussed updates are made available. Thanks Magnus=20 On Sun, 2020-04-05 at 13:13 +0000, Miika Komu wrote: > Hi Magnus, >=20 >=20 > I tried to merge your feedback with text from Jeff and Robert, so now > it is as follows: >=20 > UDP encapsulation of HIP packets reduces the Maximum Transfer Unit > (MTU) size of the control plane by 12 bytes (8-byte UDP header plus > 4-byte zero SPI marker), and the data plane by 8 bytes. Additional > HIP relay parameters, such as RELAY_HMAC, RELAY_UDP_HIP, > RELAY_UDP_ESP, etc., further increase the size of certain HIP > packets. In regard to MTU, the following aspects need to be > considered in an implementation: >=20 > o A HIP host SHOULD implement ICMP message handling to support path > MTU discovery (PMTUD) discovery as described in [RFC1063] > [RFC8201] >=20 > o Reliance on IP fragmentation is unlikely to be a viable strategy > through NATs. If ICMP MTU discovery is not working, MTU related > path black holes may occur. >=20 > o A mitigation strategy is to constrain the MTU, especially for > virtual interfaces, to expected safe MTU values, e.g., 1400 bytes > for the underlying interfaces that support 1500 bytes MTU. >=20 > o Further extensions to this specification may define a HIP-based > mechanism to find a working path MTU without unnecessary > constraining that size using Packetization Layer Path MTU > Discovery for Datagram Transports > [I-D.ietf-tsvwg-datagram-plpmtud]. For instance, such mechanism > could be implemented between a HIP Relay Client and HIP Relay > Server. >=20 > o It is worth noting that further HIP extensions can trim off 8 > bytes in the ESP header by negotiating implicit IV support in the > ESP_TRANSFORM parameter as described in [RFC8750]. --=20 Cheers Magnus Westerlund=20 ---------------------------------------------------------------------- Networks, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- --=-9nUAWfLpE4PDrbEb+fhs Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCEtww ggYHMIID76ADAgECAhALRm3NcHtuMGWutmt5cXntMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYT AlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBD QSB2MzAeFw0xNzEyMTUwNzIyMjNaFw0yMDEyMTUwNzIyMjJaMHAxETAPBgNVBAoMCEVyaWNzc29u MRowGAYDVQQDDBFNYWdudXMgV2VzdGVybHVuZDEtMCsGCSqGSIb3DQEJARYebWFnbnVzLndlc3Rl cmx1bmRAZXJpY3Nzb24uY29tMRAwDgYDVQQFEwdlcmFtc3dkMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAsKlHZvB3TsmLEDtPSiFFKAh73S2wApt+laqg5eXTqonqnzT9ykEGL2dx9mBT +2WZiIKxo4w2sisVl3EEYTqXTkctpur7cN29gLC8F3tJHGI2sUVpO9AwpVrN+UuHEVetHt7hdxW9 uYd0LJJ8TP6/wGkIfAFaZxlZUn79O2eHElfih1iVIiTZXLcEe1rBJtzhUNRHWgOm2vQlDJ4sCpig GFq5w+XSRviEQMkQZRvw1CQmb35QS/C/T36ogzIRHDuAdkoSaiUOY/S2dLp4HkwvOOg+tADpaHkr bdmdnjKGrYSnJigmxw14pJugxL/Vb2EeVcgpAfVVst7Lm4POPRI8+wIDAQABo4IBxDCCAcAwSAYD VR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC50cnVzdC50ZWxpYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNybDCBggYIKwYBBQUHAQEEdjB0MCgGCCsGAQUFBzABhhxodHRwOi8vb2NzcDIu dHJ1c3QudGVsaWEuY29tMEgGCCsGAQUFBzAChjxodHRwOi8vY2EudHJ1c3QudGVsaWFzb25lcmEu Y29tL2VyaWNzc29ubmxpbmRpdmlkdWFsY2F2My5jZXIwKQYDVR0RBCIwIIEebWFnbnVzLndlc3Rl cmx1bmRAZXJpY3Nzb24uY29tMFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQESMDowOAYIKwYBBQUH AgEWLGh0dHBzOi8vcmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMB0GA1UdJQQW MBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNVHQ4EFgQU5ivuhpU51W4UhBDBWwf8XsU837YwHwYD VR0jBBgwFoAUHHsZnpecdqwgPdjc45Fq49stplMwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEB CwUAA4ICAQBn0FKukg00UN/c/ESpxSIaYTrsd8liHHMu5rLpOBNOacpGNBMGNgUDDt4QihhoQR3c vhYXCrAM59NTvw0HNlgqHZoEeVY7YnJJYnJXDCLUfkK5Dn28E3QrzykkF6giUOXDyF9mhWYbSAkJ yx0Yj0Xc8en3wYNyoFYEqjlKtZrdV0pcgFzEeXVLS8DWrzSy7+KfUtDOEiM6H3zO3nsq++KBmsOi SKkWn4oYERZg5KElEAHis9av+3KIaEPnOAt8QRWRpFfGZ4d89F16qFvElup5n7l864FqxnC2friD o4hLQY6ENaOaYIihXhbl2UYxAGDk89aJm/S5pYyq7wzm+KK3IcUl60rmc8SJlt6QXKw0wXEOE1Mu bauYKMsad2s8jD+rEkXp+agTRl+sezWaRxHBpxuUKDd6MhwDig3SZi1qP7D/Ds4V+JLIjjUJc25l 9tvMGC9+lqI0P+vMI3Zyrou0NNfb55uLQaq18O+7BZ8Kv7jvFdxYyUgbxQ0SPEiyhylcLHAmJeLC QaiZHmCREBkCLKSf0O4lE2TrVzdOD38wjzuQ27U3UddVCD9EQ3tF7o6EVhpxJJUlB6xe/2UWwy4Z la71dKLUhakdVrN5abzxqFWvzOAT9nBa2HzYVBtpbcu6KGh72YJ+M79fa9iIkcQCgUnw3gIAeWd/ /n4YbY2QhDCCBgcwggPvoAMCAQICEAtGbc1we24wZa62a3lxee0wDQYJKoZIhvcNAQELBQAwRzEL MAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRp dmlkdWFsIENBIHYzMB4XDTE3MTIxNTA3MjIyM1oXDTIwMTIxNTA3MjIyMlowcDERMA8GA1UECgwI RXJpY3Nzb24xGjAYBgNVBAMMEU1hZ251cyBXZXN0ZXJsdW5kMS0wKwYJKoZIhvcNAQkBFh5tYWdu dXMud2VzdGVybHVuZEBlcmljc3Nvbi5jb20xEDAOBgNVBAUTB2VyYW1zd2QwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCwqUdm8HdOyYsQO09KIUUoCHvdLbACm36VqqDl5dOqieqfNP3K QQYvZ3H2YFP7ZZmIgrGjjDayKxWXcQRhOpdORy2m6vtw3b2AsLwXe0kcYjaxRWk70DClWs35S4cR V60e3uF3Fb25h3QsknxM/r/AaQh8AVpnGVlSfv07Z4cSV+KHWJUiJNlctwR7WsEm3OFQ1EdaA6ba 9CUMniwKmKAYWrnD5dJG+IRAyRBlG/DUJCZvflBL8L9PfqiDMhEcO4B2ShJqJQ5j9LZ0ungeTC84 6D60AOloeStt2Z2eMoathKcmKCbHDXikm6DEv9VvYR5VyCkB9VWy3subg849Ejz7AgMBAAGjggHE MIIBwDBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nv bm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggrBgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6 Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYIKwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxp YXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2aWR1YWxjYXYzLmNlcjApBgNVHREEIjAggR5tYWdu dXMud2VzdGVybHVuZEBlcmljc3Nvbi5jb20wVQYDVR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4 BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMw HQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMB0GA1UdDgQWBBTmK+6GlTnVbhSEEMFbB/xe xTzftjAfBgNVHSMEGDAWgBQcexmel5x2rCA92NzjkWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJ KoZIhvcNAQELBQADggIBAGfQUq6SDTRQ39z8RKnFIhphOux3yWIccy7msuk4E05pykY0EwY2BQMO 3hCKGGhBHdy+FhcKsAzn01O/DQc2WCodmgR5VjtickliclcMItR+QrkOfbwTdCvPKSQXqCJQ5cPI X2aFZhtICQnLHRiPRdzx6ffBg3KgVgSqOUq1mt1XSlyAXMR5dUtLwNavNLLv4p9S0M4SIzoffM7e eyr74oGaw6JIqRafihgRFmDkoSUQAeKz1q/7cohoQ+c4C3xBFZGkV8Znh3z0XXqoW8SW6nmfuXzr gWrGcLZ+uIOjiEtBjoQ1o5pgiKFeFuXZRjEAYOTz1omb9LmljKrvDOb4orchxSXrSuZzxImW3pBc rDTBcQ4TUy5tq5goyxp3azyMP6sSRen5qBNGX6x7NZpHEcGnG5QoN3oyHAOKDdJmLWo/sP8OzhX4 ksiONQlzbmX228wYL36WojQ/68wjdnKui7Q019vnm4tBqrXw77sFnwq/uO8V3FjJSBvFDRI8SLKH KVwscCYl4sJBqJkeYJEQGQIspJ/Q7iUTZOtXN04PfzCPO5DbtTdR11UIP0RDe0XujoRWGnEklSUH rF7/ZRbDLhmVrvV0otSFqR1Ws3lpvPGoVa/M4BP2cFrYfNhUG2lty7ooaHvZgn4zv19r2IiRxAKB SfDeAgB5Z3/+fhhtjZCEMIIGwjCCBKqgAwIBAgIQU7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0B AQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBD QSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcxMjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYD VQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nzb24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIw DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5D tjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK 6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6jRrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1Nwk TepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFlhFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJ kwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/20aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2 haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCYrEqHMRaojI/VStloQgW76E76zQ2byw5QxrhO UbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuTLUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW 9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMday0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP0 5tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqdGTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QL sgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMBAAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8 MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVzdC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUH MAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRlbGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJv b3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEAMFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQEC MDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3NpdG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20v Q1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20v dGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4G A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpecdqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU 8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcNAQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PL Fpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUb AL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4 Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRypF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2 d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86IWst821ww0wxsCpEfClIvF7fBw2QkbG/1Pwu zAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QDXnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg 0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F 04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbNQUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d 1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbHXSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7 C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i6Ds5j0Qpj5aQMYICzTCCAskCAQEwWzBHMQsw CQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2 aWR1YWwgQ0EgdjMCEAtGbc1we24wZa62a3lxee0wDQYJYIZIAWUDBAIBBQCgggFDMBgGCSqGSIb3 DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIwMDQwNjA4NTE1OVowLwYJKoZIhvcN AQkEMSIEIN4tq62vtttt0TIFx62RgD5pTrVQyLMZnoGsCdvC8FYuMGoGCSsGAQQBgjcQBDFdMFsw RzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJ bmRpdmlkdWFsIENBIHYzAhALRm3NcHtuMGWutmt5cXntMGwGCyqGSIb3DQEJEAILMV2gWzBHMQsw CQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24xJTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2 aWR1YWwgQ0EgdjMCEAtGbc1we24wZa62a3lxee0wDQYJKoZIhvcNAQEBBQAEggEAdvX8qJfU6sOO vYJH/3oCJvFD7FGmrbWuFQHSTzKAVw9X1689u0ogEfWITKvc6ig1FkvsX6MqOgtKWw/5sVdA/53h T9FuAK6z3O2psqOAje3XIg7w0/p2vK4wbymWrtLwV8Fdwfc2l/asC33W3RcW5KaQ8zp9HE/c6qKY YfiJ42QW5eZDgJOUJ23IHiAl3lL/0DHPeuHPilzWt1uqOMnjF88qe7NxF/YS80XTAUk/tY5aTvvU MIYw5Lm7qZksguUH6MsAIju2uAxzq2MfAjeFQkPb3ysLCzbmxRmyJbMJQ/NZe+JqG4yQD7KYDVif 9e6ZxY2ViMxiVsB3X9/va+8+oAAAAAAAAA== --=-9nUAWfLpE4PDrbEb+fhs-- From nobody Mon Apr 6 06:32:13 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCADE3A2080 for ; Mon, 6 Apr 2020 06:31:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KyE7Iox_o-rR for ; Mon, 6 Apr 2020 06:31:05 -0700 (PDT) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E3BE3A12FF for ; Mon, 6 Apr 2020 06:27:11 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 3293B6218E for ; Mon, 6 Apr 2020 09:27:10 -0400 (EDT) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id sHcnygGyLFpD for ; Mon, 6 Apr 2020 09:27:08 -0400 (EDT) Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id EB55762136 for ; Mon, 6 Apr 2020 09:27:07 -0400 (EDT) To: HIP From: Robert Moskowitz Message-ID: Date: Mon, 6 Apr 2020 09:27:00 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: [Hipsec] HIP home stretch and new work for DRIP X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 13:31:28 -0000 HIPsters: Miika and I have been working away to get NAT-traversal and DEX through the IESG and on to last call.  We are close.... That being said, hopefully you have noticed what is going on in the DRIP workgroup. In My Highly Biased Opinion (IMHBO), and what is an Opinion, but a bias... HITs are the only mechanism around that stand a chance to meet the constraints of Remote ID and provide trust. Others, with enough hand-waving and infrastructure, can work for some groups of UAS.  None can work for all but the smallest UA that only support receive RF. That bias said, Stu, Adam, and I have been busy putting together a number of drafts over in DRIP and a number here which open the question of rechartering HIP to meet the needs of DRIP. Besides the HIP drafts, and the 'orphaned' ORCHID draft, there are also new ESP transforms to consider. Do we need to updated 7402 of RFC 8750? What about a new NIST lightweight cipher like Keyak (see new-crypto draft)? Or do Jeff and I, as the HIP IANA experts just update the HIP registry with these transforms for ESP?  (well none assigned YET for Keyak, etc.) Please voice your positions on these points so we can get things moving going into April. Bob From nobody Mon Apr 6 06:44:27 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882733A1067 for ; Mon, 6 Apr 2020 06:44:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x-MQozkYObUD for ; Mon, 6 Apr 2020 06:44:23 -0700 (PDT) Received: from out.west.exch081.serverdata.net (cas081-co-3.exch081.serverdata.net [199.193.204.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0ABF63A08FE for ; Mon, 6 Apr 2020 06:44:22 -0700 (PDT) Received: from MBX081-W5-CO-2.exch081.serverpod.net (10.224.129.85) by MBX081-W5-CO-1 (10.224.129.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Apr 2020 06:44:22 -0700 Received: from MBX081-W5-CO-2.exch081.serverpod.net ([10.224.129.85]) by MBX081-W5-CO-2.exch081.serverpod.net ([10.224.129.85]) with mapi id 15.00.1497.006; Mon, 6 Apr 2020 06:44:22 -0700 From: Jeff Ahrenholz To: Miika Komu , "hipsec@ietf.org" Thread-Topic: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal Thread-Index: AQHWDBl6+EF13lTjuk+JiMyOEPIlOg== Date: Mon, 6 Apr 2020 13:44:22 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [73.254.156.159] Content-Type: text/plain; charset="utf-8" Content-ID: <89D75260DC95C74D963DD1FE107CE8CE@exch081.serverpod.net> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 13:44:26 -0000 TWlpa2EsDQpMb29rcyBnb29kIHRvIG1lLiBJIGxpa2UgaG93IHRoZSBkaXN0aW5jdGlvbiBiZXR3 ZWVuIFJWUyBhbmQgQ29udHJvbCBSZWxheSBTZXJ2ZXIgIGlzIHNwZWxsZWQgb3V0Lg0KDQpKdXN0 IGEgY291cGxlIG9mIG5pdHM6DQpzL2FuIEhJUC8gYSBISVAvDQpzL3RoZSB0aGUgQS90aGUgQS8N Cg0KLUplZmYNCg0K77u/T24gNC81LzIwLCA2OjIwIEFNLCAiSGlwc2VjIG9uIGJlaGFsZiBvZiBN aWlrYSBLb211IiA8aGlwc2VjLWJvdW5jZXNAaWV0Zi5vcmcgb24gYmVoYWxmIG9mIG1paWthLmtv bXU9NDBlcmljc3Nvbi5jb21AZG1hcmMuaWV0Zi5vcmc+IHdyb3RlOg0KDQogICAgSGksDQogICAg DQogICAgZHVyaW5nIElFU0cgcmV2aWV3IE1hZ251cyBXZXN0ZXJsdW5kIGFza2VkIGFib3V0IERO UyBzdXBwb3J0IGluIGRyYWZ0LQ0KICAgIGlldGYtaGlwLW5hdGl2ZS1uYXQtdHJhdmVyc2FsLCBz byBJIGFkZGVkIHRoZSB0aGUgdGV4dCBiZWxvdyB0byBkcmFmdC0NCiAgICBpZXRmLWhpcC1uYXRp dmUtbmF0LXRyYXZlcnNhbC4gRG9lcyBpdCBzZWVtIG9rIGZvciB0aGUgV0c/DQogICAgDQogICAg QXBwZW5kaXggRS4gIEROUyBDb25zaWRlcmF0aW9ucw0KICAgIA0KICAgIFtSRkM1NzcwXSBkaWQg bm90IHNwZWNpZnkgaG93IGFuIGVuZC1ob3N0IGNhbiBsb29rIHVwIGFub3RoZXIgZW5kLQ0KICAg IGhvc3QgdmlhIEROUyBhbmQgaW5pdGlhdGUgYW4gVURQLWJhc2VkIEhJUCBiYXNlIGV4Y2hhbmdl IHdpdGggaXQsIHNvDQogICAgdGhpcyBzZWN0aW9uIG1ha2VzIGFuIGF0dGVtcHQgdG8gZmlsbCB0 aGlzIGdhcC4NCiAgICANCiAgICBbUkZDODAwNV0gc3BlY2lmaWVzIGhvdyBhbiBISVAgZW5kLWhv c3QgYW5kIGl0cyBSZW5kZXp2b3VzIHNlcnZlciBpcw0KICAgIHJlZ2lzdGVyZWQgdG8gRE5TLiAg RXNzZW50aWFsbHksIHRoZSBwdWJsaWMga2V5IG9mIHRoZSBlbmQtaG9zdCBpcw0KICAgIHN0b3Jl ZCBhcyBISSByZWNvcmQgYW5kIGl0cyBSZW5kZXp2b3VzIFNlcnZlciBhcyBBIG9yIEFBQUEgcmVj b3JkLg0KICAgIFRoaXMgd2F5LCB0aGUgUmVuZGV6dm91cyBTZXJ2ZXIgY2FuIGFjdCBhcyBhbiBp bnRlcm1lZGlhcnkgZm9yIHRoZQ0KICAgIGVuZC1ob3N0IGFuZCBmb3J3YXJkIHBhY2tldHMgdG8g aXQgYmFzZWQgb24gdGhlIEROUyBjb25maWd1cmF0aW9uLg0KICAgIENvbnRyb2wgUmVsYXkgU2Vy dmVyIG9mZmVycyBzaW1pbGFyIGZ1bmN0aW9uYWxpdHkgYXMgUmVuZGV6dm91cw0KICAgIFNlcnZl ciwgd2l0aCB0aGUgZGlmZmVyZW5jZSB0aGF0IHRoZSBDb250cm9sIFJlbGF5IFNlcnZlciBmb3J3 YXJkcw0KICAgIGFsbCBjb250cm9sIG1lc3NhZ2VzLCBub3QganVzdCB0aGUgZmlyc3QgSTEgbWVz c2FnZS4NCiAgICANCiAgICBQcmlvciB0byB0aGlzIGRvY3VtZW50LCB0aGUgQSBhbmQgQUFBQSBy ZWNvcmRzIGluIHRoZSBETlMgcmVmZXINCiAgICBlaXRoZXIgdG8gdGhlIEhJUCBlbmQtaG9zdCBp dHNlbGYgb3IgYSBSZW5kZXp2b3VzIFNlcnZlciBbUkZDODAwNV0sDQogICAgYW5kIGNvbnRyb2wg YW5kIGRhdGEgcGxhbmUgY29tbXVuaWNhdGlvbiB3aXRoIHRoZSBhc3NvY2lhdGVkIGhvc3QgaGFz DQogICAgYmVlbiBhc3N1bWVkIHRvIG9jY3VyIGRpcmVjdGx5IG92ZXIgSVB2NCBvciBJUHY2LiAg SG93ZXZlciwgdGhpcw0KICAgIHNwZWNpZmljYXRpb24gZXh0ZW5kcyB0aGUgcmVjb3JkcyB0byBi ZSB1c2VkIGZvciBVRFAtYmFzZWQNCiAgICBjb21tdW5pY2F0aW9ucy4NCiAgICANCiAgICBMZXQg dXMgY29uc2lkZXIgdGhlIGNhc2Ugb2YgYSBISVAgSW5pdGlhdG9yIHdpdGggdGhlIGRlZmF1bHQg cG9saWN5DQogICAgdG8gZW1wbG95IFVEUCBlbmNhcHN1bGF0aW9uIGFuZCB0aGUgZXh0ZW5zaW9u cyBkZWZpbmVkIGluIHRoaXMNCiAgICBkb2N1bWVudC4gIFRoZSBJbml0aWF0b3IgbG9va3MgdXAg dGhlIEZRRE4gb2YgYSBSZXNwb25kZXIsIGFuZA0KICAgIHJldHJpZXZlcyBpdHMgSEksIEEgYW5k IEFBQUEgcmVjb3Jkcy4gIFNpbmNlIHRoZSBkZWZhdWx0IHBvbGljeSBpcyB0bw0KICAgIHVzZSBV RFAgZW5jYXBzdWxhdGlvbiwgdGhlIEluaXRpYXRvciBNVVNUIHNlbmQgdGhlIEkxIG1lc3NhZ2Ug b3Zlcg0KICAgIFVEUCB0byBkZXN0aW5hdGlvbiBwb3J0IDEwNTAwIChlaXRoZXIgb3ZlciBJUHY0 IGluIHRoZSBjYXNlIG9mIGEgQQ0KICAgIHJlY29yZCBvciBvdmVyIElQdjYgaW4gdGhlIGNhc2Ug b2YgYSBBQUFBIHJlY29yZCkuICBJdCBNQVkgc2VuZCBhbiBJMQ0KICAgIG1lc3NhZ2UgYm90aCB3 aXRoIGFuZCB3aXRob3V0IFVEUCBlbmNhcHN1bGF0aW9uIGluIHBhcmFsbGVsLiAgSW4gdGhlDQog ICAgY2FzZSB0aGUgSW5pdGlhdG9yIHJlY2VpdmVzIFIxIG1lc3NhZ2VzIGJvdGggd2l0aCBhbmQg d2l0aG91dCBVRFANCiAgICBlbmNhcHN1bGF0aW9uIGZyb20gdGhlIFJlc3BvbmRlciwgdGhlIElu aXRpYXRvciBTSE9VTEQgaWdub3JlIHRoZSBSMQ0KICAgIG1lc3NhZ2VzIHdpdGhvdXQgVURQIGVu Y2Fwc3VsYXRpb24uDQogICAgDQogICAgVGhlIFVEUCBlbmNhcHN1bGF0ZWQgSTEgcGFja2V0IGNv dWxkIGJlIHJlY2VpdmVkIGJ5IHRocmVlIGRpZmZlcmVudA0KICAgIHR5cGVzIG9mIGhvc3RzOg0K ICAgIA0KICAgIDEuICBISVAgQ29udHJvbCBSZWxheSBTZXJ2ZXI6IGluIHRoaXMgY2FzZSB0aGUg QS9BQUFBIHJlY29yZHMgcmVmZXJzDQogICAgICAgIHRvIGEgQ29udHJvbCBSZWxheSBTZXJ2ZXIs IGFuZCBpdCB3aWxsIGZvcndhcmQgdGhlIHBhY2tldCB0byB0aGUNCiAgICAgICAgY29ycmVzcG9u ZGluZyBDb250cm9sIFJlbGF5IENsaWVudCBiYXNlZCBvbiB0aGUgZGVzdGluYXRpb24gSElUDQog ICAgICAgIGluIHRoZSBJMSBwYWNrZXQuDQogICAgDQogICAgMi4gIEhJUCBSZXNwb25kZXIgc3Vw cG9ydGluZyBVRFAgZW5jYXBzdWxhdGlvbjogaW4gdGhpcyBjYXNlLCB0aGUgdGhlDQogICAgICAg IEEvQUFBQSByZWNvcmRzIHJlZmVycyB0byB0aGUgZW5kLWhvc3QuICBBc3N1bWluZyB0aGUgZGVz dGluYXRpb24NCiAgICAgICAgSElUIGJlbG9uZ3MgdG8gdGhlIFJlc3BvbmRlciwgaXQgcmVjZWl2 ZXMgYW5kIHByb2Nlc3NlcyBpdA0KICAgICAgICBhY2NvcmRpbmcgdG8gdGhlIG5lZ290aWF0ZWQg TkFUIHRyYXZlcnNhbCBtZWNoYW5pc20uICBUaGUgc3VwcG9ydA0KICAgICAgICBmb3IgdGhlIHBy b3RvY29sIGRlZmluZWQgaW4gdGhpcyBkb2N1bWVudCB2cyBbUkZDNTc3MF0gaXMNCiAgICAgICAg ZHluYW1pY2FsbHkgbmVnb3RpYXRlZCBkdXJpbmcgdGhlIGJhc2UgZXhjaGFuZ2UuICBUaGUgZGV0 YWlscyBhcmUNCiAgICAgICAgc3BlY2lmaWVkIGluIFNlY3Rpb24gNC4zLg0KICAgIA0KICAgIDMu ICBISVAgUmVuZGV6dm91cyBTZXJ2ZXI6IHRoaXMgZW50aXR5IGlzIG5vdCBsaXN0ZW5pbmcgdG8g VURQIHBvcnQNCiAgICAgICAgMTA1MDAsIHNvIGl0IHdpbGwgZHJvcCB0aGUgSTEgbWVzc2FnZS4N CiAgICANCiAgICA0LiAgSElQIFJlc3BvbmRlciBub3Qgc3VwcG9ydGluZyBVRFAgZW5jYXBzdWxh dGlvbjogdGhlIHRhcmdldGVkIGVuZC0NCiAgICAgICAgICAgaG9zdCBpcyBub3QgbGlzdGVuaW5n IHRvIFVEUCBwb3J0IDEwNTAwLCBzbyBpdCB3aWxsIGRyb3AgdGhlIEkxDQogICAgICAgICAgIG1l c3NhZ2UuDQogICAgDQogICAgVGhlIEEvQUFBQS1yZWNvcmQgTVVTVCBOT1QgYmUgY29uZmlndXJl ZCB0byByZWZlciB0byBhIERhdGEgUmVsYXkNCiAgICBTZXJ2ZXIgdW5sZXNzIHRoZSBob3N0IGlu IHF1ZXN0aW9uIHN1cHBvcnRzIGFsc28gQ29udHJvbCBSZWxheSBTZXJ2ZXINCiAgICBmdW5jdGlv bmFsaXR5Lg0KICAgIA0KICAgIEl0IGFsc28gd29ydGggbm90aW5nIHRoYXQgU1JWIHJlY29yZHMg YXJlIG5vdCBlbXBsb3llZCBpbiB0aGlzDQogICAgc3BlY2lmaWNhdGlvbi4gIFdoaWxlIHRoZXkg Y291bGQgYmUgdXNlZCBmb3IgbW9yZSBmbGV4aWJsZSBVRFAgcG9ydA0KICAgIHNlbGVjdGlvbiwg dGhleSBhcmUgbm90IHN1aXRhYmxlIGZvciBlbmQtaG9zdCBkaXNjb3ZlcnkgYnV0IHJhdGhlcg0K ICAgIHdvdWxkIGJlIG1vcmUgc3VpdGFibGUgZm9yIHRoZSBkaXNjb3Zlcnkgb2YgSElQLXNwZWNp ZmljDQogICAgaW5mcmFzdHJ1Y3R1cmUuICBGdXJ0aGVyIGV4dGVuc2lvbnMgdG8gdGhpcyBkb2N1 bWVudCBtYXkgZGVmaW5lIFNSVg0KICAgIHJlY29yZHMgZm9yIENvbnRyb2wgYW5kIERhdGEgUmVs YXkgU2VydmVyIGRpc2NvdmVyeSB3aXRoaW4gYSBETlMNCiAgICBkb21haW4uDQogICAgX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCiAgICBIaXBzZWMgbWFp bGluZyBsaXN0DQogICAgSGlwc2VjQGlldGYub3JnDQogICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcv bWFpbG1hbi9saXN0aW5mby9oaXBzZWMNCiAgICANCg0K From nobody Mon Apr 6 10:51:54 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01C973A0DC7 for ; Mon, 6 Apr 2020 10:51:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5J2cTQmqfTah for ; Mon, 6 Apr 2020 10:51:32 -0700 (PDT) Received: from out.west.exch081.serverdata.net (cas081-co-7.exch081.serverdata.net [199.193.204.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06C2D3A08D7 for ; Mon, 6 Apr 2020 10:51:11 -0700 (PDT) Received: from MBX081-W5-CO-2.exch081.serverpod.net (10.224.129.85) by MBX081-W5-CO-2 (10.224.129.85) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Apr 2020 10:51:11 -0700 Received: from MBX081-W5-CO-2.exch081.serverpod.net ([10.224.129.85]) by MBX081-W5-CO-2.exch081.serverpod.net ([10.224.129.85]) with mapi id 15.00.1497.006; Mon, 6 Apr 2020 10:51:11 -0700 From: Jeff Ahrenholz To: Robert Moskowitz , HIP Thread-Topic: [Hipsec] Fwd: New Version Notification for draft-moskowitz-hip-fast-mobility-03.txt Thread-Index: AQHWCbvi6DKOIFN7WEO0AAerAVw7NqhsZHEA Date: Mon, 6 Apr 2020 17:51:11 +0000 Message-ID: <245D00B8-98D9-4D3A-AAF6-DB16BE4C74FB@tempered.io> References: <187f5430-1c5f-1ebe-7c81-1938fc7b9cd7@htt-consult.com> In-Reply-To: <187f5430-1c5f-1ebe-7c81-1938fc7b9cd7@htt-consult.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [73.254.156.159] Content-Type: text/plain; charset="utf-8" Content-ID: <439F66E1607B044595EF4173228B0030@exch081.serverpod.net> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Hipsec] Fwd: New Version Notification for draft-moskowitz-hip-fast-mobility-03.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 17:51:34 -0000 Qm9iLA0KQnJpZWYgcmV2aWV3IGJlbG93Li4uDQoNCj4gSSBoYXZlIHVwZGF0ZWQgdGhlIGhpcC1m YXN0LW1vYmlsaXR5IGRyYWZ0Lg0KPg0KPiBJIHdlbGNvbWUgcmV2aWV3Lg0KPg0KPiBJdCB3aWxs IGJlIHVzZWQgaW4gYW4gdXBjb21pbmcgRFJJUCBOLVJJRCBzZWN1cmUgdHJhbnNwb3J0IGRyYWZ0 IHRoYXQgd2lsbCBhbHNvIGluY2x1ZGUgc2VjdXJlIEMyIHRyYW5zcG9ydC4NCg0KR2VuZXJhbCBj b21tZW50czoNCg0KLSBPdmVyYWxsIEkgdGhpbmsgdGhlIGRyYWZ0IGxvb2tzIGdvb2QsIGl0IGlz IGEgc2hvcnQgcmVhZCBhbmQgcXVpdGUgc3RyYWlnaHRmb3J3YXJkLg0KICBUaGUgVExEUjogDQog IDEpIGluY2x1ZGUgVklBX1JWUyBtb3JlIG9mdGVuIChhbHdheXMgaW4gUjEvSTIpLCBzbyBwZWVy cyBhbHdheXMga25vdyBob3cgdG8gcmVhY2ggeW91LA0KICAyKSBkb24ndCB3YWl0IGZvciBjb21w bGV0ZSBhZGRyZXNzIHZlcmlmaWNhdGlvbiBmb3IgdXNpbmcgYW4gYWRkcmVzcw0KICAzKSBwaWdn eWJhY2sgdXBwZXIgbGF5ZXIgZGF0YSB3aGVuIHBvc3NpYmxlDQoNCi0gV2hhdCBhYm91dCBJUHY0 PyBUaGVyZSBpcyBubyBtZW50aW9uIG9mIGl0LiBBbmQgbm8gZXh0ZW5zaW9uIGhlYWRlciBmaWVs ZCBsaWtlIElQdjYuDQoNCi0gRGlkIHlvdSBjb25zaWRlciB0aGUgQ3JlZGl0LUJhc2VkIEF1dGhv cml6YXRpb24gdGVjaG5pcXVlIGluIHNlY3Rpb24gMy4zLjIgb2YgUkZDIDgwNDY/IFlvdSBjb3Vs ZCBtYXliZSBtZW50aW9uIGluIHRoaXMgZHJhZnQgdGhhdCBpdCBjb3VsZCBvcHRpb25hbGx5IGJl IHVzZWQgaGVyZT8gKFBsYXlzIHdlbGwgLyBzYW1lIGNvbmNlcHQgYXMgdGhlIHNlbmQtYmVmb3Jl LXZlcmlmaWVkLikNCiAgICAgIA0KU2VjdGlvbiA1LjQuMQ0KInRoZSBkYXRhZ3JhbSBpcyBzZW50 IHNlcGFyYXRlbHkgYWZ0ZXIgcmVjZWlwdCBvZiB0aGUgSElQIFVQREFURSBmcm9tIEhvc3QgQi4i DQoNClRoaXMgaW1wbGllcyBidWZmZXJpbmcgcGFja2V0cyBhZnRlciB5b3UndmUgc2VudCBhbiBV UERBVEUgYnV0IHdhaXRpbmcgZm9yIFVQREFURS1BQ0s7IHdlIGFsbW9zdCBuZWVkIGEgbmV3IGFz c29jaWF0aW9uIHN0YXRlICJtb3ZpbmciIGJlY2F1c2UgaG93IGxvbmcgd2lsbCB5b3Ugd2FpdCBh bmQgYnVmZmVyIHBhY2tldHM/IFdoYXQgaWYgdGhlIFVQREFURS1BQ0sgaXMgbG9zdCBvciBub3Qg c2VudCAtLSBuZWVkIHRvIHRlYXIgZG93bj8NCg0KSW4gcHJhY3RpY2UsIHNvbWV0aW1lcyB3ZSdy ZSBzZWVpbmcgZHJvcHBlZCBwYWNrZXRzIGR1cmluZyBtb2JpbGl0eSAoZGVwZW5kcyBvbiBob3cg cXVpY2tseSBob3N0IGNhbiBhY3F1aXJlIGEgbmV3IGFkZHJlc3MgYWZ0ZXIgbG9zaW5nIHRoZSBv bGQgYWRkcmVzcykuIEFsc28gd2UgcmVjZW50bHkgcmVtb3ZlZCB0aGUgaW5pdGlhbC1wYWNrZXQt ZW1iYXJnbyBmcm9tIG91ciBpbXBsZW1lbnRhdGlvbiAoYnVmZmVyaW5nIHBhY2tldHMgd2hpbGUg d2FpdGluZyBmb3IgQkVYIHRvIGNvbXBsZXRlKSBhcyB0aGUgY29tcGxleGl0eSB3YXNuJ3Qgd2Fy cmFudGVkIChlLmcuIHVwcGVyIGxheWVycyB0eXBpY2FsbHkgcmV0cmFuc21pdDsgcGFja2V0cyBs aWtlbHkgdG8gYmUgc3RhbGUuKQ0KDQpDb25zaWRlciBhbHNvIHN3aXRjaGluZyBpbnRlcmZhY2Vz LCB3aGljaCBtYXkgaGF2ZSBkaWZmZXJpbmcgTVRVcyAoZS5nLiBjZWxsdWxhci9FdGhlcm5ldCBm YWlsb3Zlci4pDQoNClNlY3Rpb24gOCBTZWN1cml0eSBDb25zaWRlcmF0aW9uczoNCg0KQWRkaW5n IHRoZSBWSUFfUlZTIHBhcmFtZXRlciB0byBtb3JlIHBhY2tldHMgLS0gYW55IHNlY3VyaXR5IGNv bnNpZGVyYXRpb25zLCBzaW5jZSB0aGlzIGlzIHR5cGljYWxseSBvdXRzaWRlIHRoZSBzaWduYXR1 cmU/IFJGQyA4MDA0IGluZGljYXRlcyAiVGhlIG1haW4gZ29hbCBvZiB1c2luZyB0aGUgVklBX1JW UyBwYXJhbWV0ZXIgaXMgdG8gYWxsb3cgb3BlcmF0b3JzIHRvIGRpYWdub3NlIHBvc3NpYmxlIGlz c3VlcyIgYnV0IGhlcmUgeW91J3JlIHN1Z2dlc3RpbmcgdG8gdXNlIHRoZSBhZGRyZXNzIGR1cmlu ZyBzaG90Z3VubmluZy4NCg0KDQpCZWxvdyBhcmUgc29tZSBlZGl0b3JpYWwgbml0czoNCg0KU2Vj dGlvbiA1LjENCg0KY29uc2lkZXIgcmVwbGFjaW5nOg0KIkFuIGltcGxlbWVudGF0aW9uIG1heSBi ZSBhYmxlIHRvIGFkanVzdCB0aGUNCiAgIHRyYW5zcG9ydCB3aW5kb3cgc2l6ZSBkb3dud2FyZCBz byB0aGF0IHRoZSBoaWdoZXIgbGF5ZXIgY291bGQgc3RpbGwNCiAgIGZpbGwgaXQgYW5kIHRoZSB3 aG9sZSBwaWVjZSB0aGVuIHN0aWxsIGZpdCB3aXRoaW4gdGhlIE1UVS4iDQp3aXRoOg0KIkFuIGlt cGxlbWVudGF0aW9uIG1heSBiZSBhYmxlIHRvIGFkanVzdCB0aGUNCiAgIHRyYW5zcG9ydCB3aW5k b3cgc2l6ZSBkb3dud2FyZCBzbyB0aGF0IHRoZSBoaWdoZXIgbGF5ZXIgY291bGQNCiAgIGZpdCBp dHMgZGF0YSBwbHVzIHRoZSBVUERBVEUgcGF5bG9hZCB3aXRoaW4gdGhlIE1UVS4iDQogICANCjUu Mg0Kcy9vdGhlcnMgUlZTL290aGVyJ3MgUlZTLw0KNS4zIGFuZCA1LjQNCnMvb2YgbmV3IGFkZHJl c3Mvb2YgYSBuZXcgYWRkcmVzcy8NCg0KNS41LjEgYW5kIDUuNS4yDQpzL3dhaXQgZnJvbSBISVAg VVBEQVRFL3dhaXQgZm9yIEhJUCBVUERBVEUvDQoNCjcuIElBTkEgQ29uc2lkZXJhdGlvbnMNCnRo ZXJlIGlzIG5vIFBBWUxPQURfTUlDIHVzZWQgaGVyZQ0KDQotSmVmZg0KDQo= From nobody Mon Apr 6 11:13:07 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9BE93A0E19 for ; Mon, 6 Apr 2020 11:12:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id abjkHMGQDS-B for ; Mon, 6 Apr 2020 11:12:53 -0700 (PDT) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 937713A0E12 for ; Mon, 6 Apr 2020 11:12:53 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id B6A0E62196; Mon, 6 Apr 2020 14:12:51 -0400 (EDT) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id EK+e5ZjZA5xQ; Mon, 6 Apr 2020 14:12:47 -0400 (EDT) Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id EEEF66218E; Mon, 6 Apr 2020 14:12:46 -0400 (EDT) To: Jeff Ahrenholz , HIP References: <187f5430-1c5f-1ebe-7c81-1938fc7b9cd7@htt-consult.com> <245D00B8-98D9-4D3A-AAF6-DB16BE4C74FB@tempered.io> From: Robert Moskowitz Message-ID: <0242b8df-50a6-fb8d-02fc-8a3f76a1836e@htt-consult.com> Date: Mon, 6 Apr 2020 14:12:45 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <245D00B8-98D9-4D3A-AAF6-DB16BE4C74FB@tempered.io> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: Re: [Hipsec] Fwd: New Version Notification for draft-moskowitz-hip-fast-mobility-03.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2020 18:12:55 -0000 Jeff, Thanks for the feedback.  After Passover, I will incorporate what I pull out of this. Bob On 4/6/20 1:51 PM, Jeff Ahrenholz wrote: > Bob, > Brief review below... > >> I have updated the hip-fast-mobility draft. >> >> I welcome review. >> >> It will be used in an upcoming DRIP N-RID secure transport draft that will also include secure C2 transport. > General comments: > > - Overall I think the draft looks good, it is a short read and quite straightforward. > The TLDR: > 1) include VIA_RVS more often (always in R1/I2), so peers always know how to reach you, > 2) don't wait for complete address verification for using an address > 3) piggyback upper layer data when possible > > - What about IPv4? There is no mention of it. And no extension header field like IPv6. > > - Did you consider the Credit-Based Authorization technique in section 3.3.2 of RFC 8046? You could maybe mention in this draft that it could optionally be used here? (Plays well / same concept as the send-before-verified.) > > Section 5.4.1 > "the datagram is sent separately after receipt of the HIP UPDATE from Host B." > > This implies buffering packets after you've sent an UPDATE but waiting for UPDATE-ACK; we almost need a new association state "moving" because how long will you wait and buffer packets? What if the UPDATE-ACK is lost or not sent -- need to tear down? > > In practice, sometimes we're seeing dropped packets during mobility (depends on how quickly host can acquire a new address after losing the old address). Also we recently removed the initial-packet-embargo from our implementation (buffering packets while waiting for BEX to complete) as the complexity wasn't warranted (e.g. upper layers typically retransmit; packets likely to be stale.) > > Consider also switching interfaces, which may have differing MTUs (e.g. cellular/Ethernet failover.) > > Section 8 Security Considerations: > > Adding the VIA_RVS parameter to more packets -- any security considerations, since this is typically outside the signature? RFC 8004 indicates "The main goal of using the VIA_RVS parameter is to allow operators to diagnose possible issues" but here you're suggesting to use the address during shotgunning. > > > Below are some editorial nits: > > Section 5.1 > > consider replacing: > "An implementation may be able to adjust the > transport window size downward so that the higher layer could still > fill it and the whole piece then still fit within the MTU." > with: > "An implementation may be able to adjust the > transport window size downward so that the higher layer could > fit its data plus the UPDATE payload within the MTU." > > 5.2 > s/others RVS/other's RVS/ > 5.3 and 5.4 > s/of new address/of a new address/ > > 5.5.1 and 5.5.2 > s/wait from HIP UPDATE/wait for HIP UPDATE/ > > 7. IANA Considerations > there is no PAYLOAD_MIC used here > > -Jeff > From nobody Mon Apr 6 23:32:49 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E8463A1763 for ; Mon, 6 Apr 2020 23:32:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.268 X-Spam-Level: X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dBuzBNfmB1mN for ; Mon, 6 Apr 2020 23:32:46 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60071.outbound.protection.outlook.com [40.107.6.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD2273A1761 for ; Mon, 6 Apr 2020 23:32:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=exWvhvykdaMtNbt1jzACqHKE6CL+nr1yEQPUJV/eMbsBB/uapHGOM3fk2ThP+7yBzi8D+laPVivPd3+Ap3cevLv+R5nkSFkHxqrOhoBw3l2XM/zdXEtDKDc+4LgBYOk6VHu5z+//Tlmk1ir7zyHTEXsOLZD3bAnnFLHIaedt7Mj9r0wfzHrxRdcXeJojh0h5J5iwUHSPwh3rHDbVFwX+4rZPyhLy2NfhcXN8HxK4pAfZcvz8eioveRuNoIg6Y8Sk8fUOFNJ48vGP5CvfhsU5hJJZYUQPrTgu9W9NSvcJr3bpvCcYYrdcdREXjJS3gL651cRg2of39ULU87IA25/wyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e8MEOBNwIiinVEXBG0r/gYLtLXiktjbk2fEctxZmxhk=; b=lhnYtwhIJLn3EE48bEARW5Ubrb8Jc8wV6MiFzya1To0gr+U/iYbrROo03RjmqzwVi8IIohb8DbZIcTpPSU7XG+H2FSPNVcQ9T/QeM8K4YFWjqauvgrYmbq4DbHsWL8F80O2Cwl2Ymb5x+P/x0AI2rP/rppl3luB+32gkTdEYhspE0Z8ZsyCJYTspbrVgqoqQ9o8QjLNMxYmz/x5yujeqrRO+FxFroEaEOe0knAs9N6DxREtiwozwsj9G55V0QP3HqdGoz6PI/Kku1fS7QM2tlzskvx2/XxKvhjoNS9pBnF6mCa25yDpuTTwcoM2q14ICZPX64i+fTdcSU8RNIGT9ig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e8MEOBNwIiinVEXBG0r/gYLtLXiktjbk2fEctxZmxhk=; b=n9GHcTduj6cU7EextIPBTkW9VWKWYDCKEm3WPZYx95ugqEq7IrJbpkaI0TnIxSxS6AWMgBn7hjMHLJjju1y2aP1S4O06p+5IO5j2LPlxG8wbFrcfymGo8jEpHODrtiJstGrWbuZ1wXkalvo98oxJFnjdX7xbSi8MGrDBjT2PqCI= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (2603:10a6:208:44::16) by AM0PR07MB4452.eurprd07.prod.outlook.com (2603:10a6:208:6e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15; Tue, 7 Apr 2020 06:32:42 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4%7]) with mapi id 15.20.2900.015; Tue, 7 Apr 2020 06:32:42 +0000 From: Miika Komu To: "miika.komu=40ericsson.com@dmarc.ietf.org" , "j.ahrenholz@Tempered.io" , "hipsec@ietf.org" Thread-Topic: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal Thread-Index: AQHWDBl6+EF13lTjuk+JiMyOEPIlOqhtNHyA Date: Tue, 7 Apr 2020 06:32:42 +0000 Message-ID: <6f2da742222f0f75a91e2fd2d82b992e55a89a8f.camel@ericsson.com> References: In-Reply-To: Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ad93fc69-a13d-48e3-f2e0-08d7dabd7a0c x-ms-traffictypediagnostic: AM0PR07MB4452: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5236; x-forefront-prvs: 036614DD9C x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(376002)(346002)(396003)(366004)(136003)(86362001)(6512007)(26005)(966005)(478600001)(186003)(2616005)(44832011)(6486002)(8676002)(8936002)(110136005)(81166006)(5660300002)(66446008)(64756008)(66556008)(66476007)(316002)(76116006)(66946007)(81156014)(36756003)(6506007)(2906002)(71200400001)(91956017)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: nb5bfqyH1eAqAm7RW2qgBRfMfnxVFyqzX2OLcsQLACfN1ZA0Q/jqPZZXlcjkHkXk3OqH/G+EztMVMh075sC7x57nSdjA7QZ4RKDIozGULLNDxfuDknjg7TarJDTTx51Bdmbn9YWmwcrV2Y2CHM0klQbklt/qfinE0Y5qWtQNQIv22T91O4wZ+4vp77qbg5vo4M0EdktmkUuEkezjWCpq+yMvQFk+32lYj4pnQ0Y6G/sHyoKUSFKs/aK+vxt7YComo/xdeC2iL7S7mKtH6D1D5fSIYGQbSw9rKIAMkEXLz4n+/f19n4JDOtR8mXj0Hp9qBIa+B8C2Wu3BmHJ6mcUDdUP+gfsqz/E/rR0b6wvn6SeQcBfKcDFesYffr2wZnx0B9Gf41SbVfWUhLGSkeb3DsfFqBfXUjlvYwJjgmba+QfffTymDQf8DtmfE6igL60cbr5kf6ipTL3ukj8Sx6ZYQUj1JOnZXSyDKAduGHDyZE5O5cmCe2lOBxK4TiQ4Nn42w7/TMPiCAjhVcxmDkqykRs41JLBXPNNWgwzSSNhGcO96hcjd1fkdgD/SqpCVvl5WA x-ms-exchange-antispam-messagedata: 4RJPtR3IKDgMRiiVHnHpFEFUFdCP94RM9WiDkGgb28it4/T7Y5cVcHiWqI8QExhNsc/jeibU192bx+7j0wA8jqP79jOc4+AEptiIqnDHOWkPGr7jZDcMmF2sIAxFGxaIppOnVasxJQY1JZ6X8Y1VuA== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <55B614076EDB3D48B25DF7432D72933A@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad93fc69-a13d-48e3-f2e0-08d7dabd7a0c X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2020 06:32:42.7287 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NF/d8ddLbSo9toAHb0NShaB3SqjFPd0WysVpuif+3OhNAYE1pN5mH1Y4FopGb61RmGga7PBcQXqfYTR9iceS0Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4452 Archived-At: Subject: Re: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Apr 2020 06:32:48 -0000 VGhhbmtzIEplZmYsDQoNCnlvdXIgbml0cyB3aWxsIGJlIGluY2x1ZGVkIGluIHRoZSBuZXh0IHZl cnNpb24uDQoNCm1hLCAyMDIwLTA0LTA2IGtlbGxvIDEzOjQ0ICswMDAwLCBKZWZmIEFocmVuaG9s eiBraXJqb2l0dGk6DQo+IE1paWthLA0KPiBMb29rcyBnb29kIHRvIG1lLiBJIGxpa2UgaG93IHRo ZSBkaXN0aW5jdGlvbiBiZXR3ZWVuIFJWUyBhbmQgQ29udHJvbA0KPiBSZWxheSBTZXJ2ZXIgIGlz IHNwZWxsZWQgb3V0Lg0KPiANCj4gSnVzdCBhIGNvdXBsZSBvZiBuaXRzOg0KPiBzL2FuIEhJUC8g YSBISVAvDQo+IHMvdGhlIHRoZSBBL3RoZSBBLw0KPiANCj4gLUplZmYNCj4gDQo+IO+7v09uIDQv NS8yMCwgNjoyMCBBTSwgIkhpcHNlYyBvbiBiZWhhbGYgb2YgTWlpa2EgS29tdSIgPA0KPiBoaXBz ZWMtYm91bmNlc0BpZXRmLm9yZyBvbiBiZWhhbGYgb2YgDQo+IG1paWthLmtvbXU9NDBlcmljc3Nv bi5jb21AZG1hcmMuaWV0Zi5vcmc+IHdyb3RlOg0KPiANCj4gICAgIEhpLA0KPiAgICAgDQo+ICAg ICBkdXJpbmcgSUVTRyByZXZpZXcgTWFnbnVzIFdlc3Rlcmx1bmQgYXNrZWQgYWJvdXQgRE5TIHN1 cHBvcnQgaW4NCj4gZHJhZnQtDQo+ICAgICBpZXRmLWhpcC1uYXRpdmUtbmF0LXRyYXZlcnNhbCwg c28gSSBhZGRlZCB0aGUgdGhlIHRleHQgYmVsb3cgdG8NCj4gZHJhZnQtDQo+ICAgICBpZXRmLWhp cC1uYXRpdmUtbmF0LXRyYXZlcnNhbC4gRG9lcyBpdCBzZWVtIG9rIGZvciB0aGUgV0c/DQo+ICAg ICANCj4gICAgIEFwcGVuZGl4IEUuICBETlMgQ29uc2lkZXJhdGlvbnMNCj4gICAgIA0KPiAgICAg W1JGQzU3NzBdIGRpZCBub3Qgc3BlY2lmeSBob3cgYW4gZW5kLWhvc3QgY2FuIGxvb2sgdXAgYW5v dGhlcg0KPiBlbmQtDQo+ICAgICBob3N0IHZpYSBETlMgYW5kIGluaXRpYXRlIGFuIFVEUC1iYXNl ZCBISVAgYmFzZSBleGNoYW5nZSB3aXRoIGl0LA0KPiBzbw0KPiAgICAgdGhpcyBzZWN0aW9uIG1h a2VzIGFuIGF0dGVtcHQgdG8gZmlsbCB0aGlzIGdhcC4NCj4gICAgIA0KPiAgICAgW1JGQzgwMDVd IHNwZWNpZmllcyBob3cgYW4gSElQIGVuZC1ob3N0IGFuZCBpdHMgUmVuZGV6dm91cyBzZXJ2ZXIN Cj4gaXMNCj4gICAgIHJlZ2lzdGVyZWQgdG8gRE5TLiAgRXNzZW50aWFsbHksIHRoZSBwdWJsaWMg a2V5IG9mIHRoZSBlbmQtaG9zdA0KPiBpcw0KPiAgICAgc3RvcmVkIGFzIEhJIHJlY29yZCBhbmQg aXRzIFJlbmRlenZvdXMgU2VydmVyIGFzIEEgb3IgQUFBQQ0KPiByZWNvcmQuDQo+ICAgICBUaGlz IHdheSwgdGhlIFJlbmRlenZvdXMgU2VydmVyIGNhbiBhY3QgYXMgYW4gaW50ZXJtZWRpYXJ5IGZv cg0KPiB0aGUNCj4gICAgIGVuZC1ob3N0IGFuZCBmb3J3YXJkIHBhY2tldHMgdG8gaXQgYmFzZWQg b24gdGhlIEROUw0KPiBjb25maWd1cmF0aW9uLg0KPiAgICAgQ29udHJvbCBSZWxheSBTZXJ2ZXIg b2ZmZXJzIHNpbWlsYXIgZnVuY3Rpb25hbGl0eSBhcyBSZW5kZXp2b3VzDQo+ICAgICBTZXJ2ZXIs IHdpdGggdGhlIGRpZmZlcmVuY2UgdGhhdCB0aGUgQ29udHJvbCBSZWxheSBTZXJ2ZXINCj4gZm9y d2FyZHMNCj4gICAgIGFsbCBjb250cm9sIG1lc3NhZ2VzLCBub3QganVzdCB0aGUgZmlyc3QgSTEg bWVzc2FnZS4NCj4gICAgIA0KPiAgICAgUHJpb3IgdG8gdGhpcyBkb2N1bWVudCwgdGhlIEEgYW5k IEFBQUEgcmVjb3JkcyBpbiB0aGUgRE5TIHJlZmVyDQo+ICAgICBlaXRoZXIgdG8gdGhlIEhJUCBl bmQtaG9zdCBpdHNlbGYgb3IgYSBSZW5kZXp2b3VzIFNlcnZlcg0KPiBbUkZDODAwNV0sDQo+ICAg ICBhbmQgY29udHJvbCBhbmQgZGF0YSBwbGFuZSBjb21tdW5pY2F0aW9uIHdpdGggdGhlIGFzc29j aWF0ZWQgaG9zdA0KPiBoYXMNCj4gICAgIGJlZW4gYXNzdW1lZCB0byBvY2N1ciBkaXJlY3RseSBv dmVyIElQdjQgb3IgSVB2Ni4gIEhvd2V2ZXIsIHRoaXMNCj4gICAgIHNwZWNpZmljYXRpb24gZXh0 ZW5kcyB0aGUgcmVjb3JkcyB0byBiZSB1c2VkIGZvciBVRFAtYmFzZWQNCj4gICAgIGNvbW11bmlj YXRpb25zLg0KPiAgICAgDQo+ICAgICBMZXQgdXMgY29uc2lkZXIgdGhlIGNhc2Ugb2YgYSBISVAg SW5pdGlhdG9yIHdpdGggdGhlIGRlZmF1bHQNCj4gcG9saWN5DQo+ICAgICB0byBlbXBsb3kgVURQ IGVuY2Fwc3VsYXRpb24gYW5kIHRoZSBleHRlbnNpb25zIGRlZmluZWQgaW4gdGhpcw0KPiAgICAg ZG9jdW1lbnQuICBUaGUgSW5pdGlhdG9yIGxvb2tzIHVwIHRoZSBGUUROIG9mIGEgUmVzcG9uZGVy LCBhbmQNCj4gICAgIHJldHJpZXZlcyBpdHMgSEksIEEgYW5kIEFBQUEgcmVjb3Jkcy4gIFNpbmNl IHRoZSBkZWZhdWx0IHBvbGljeQ0KPiBpcyB0bw0KPiAgICAgdXNlIFVEUCBlbmNhcHN1bGF0aW9u LCB0aGUgSW5pdGlhdG9yIE1VU1Qgc2VuZCB0aGUgSTEgbWVzc2FnZQ0KPiBvdmVyDQo+ICAgICBV RFAgdG8gZGVzdGluYXRpb24gcG9ydCAxMDUwMCAoZWl0aGVyIG92ZXIgSVB2NCBpbiB0aGUgY2Fz ZSBvZiBhDQo+IEENCj4gICAgIHJlY29yZCBvciBvdmVyIElQdjYgaW4gdGhlIGNhc2Ugb2YgYSBB QUFBIHJlY29yZCkuICBJdCBNQVkgc2VuZA0KPiBhbiBJMQ0KPiAgICAgbWVzc2FnZSBib3RoIHdp dGggYW5kIHdpdGhvdXQgVURQIGVuY2Fwc3VsYXRpb24gaW4gcGFyYWxsZWwuICBJbg0KPiB0aGUN Cj4gICAgIGNhc2UgdGhlIEluaXRpYXRvciByZWNlaXZlcyBSMSBtZXNzYWdlcyBib3RoIHdpdGgg YW5kIHdpdGhvdXQgVURQDQo+ICAgICBlbmNhcHN1bGF0aW9uIGZyb20gdGhlIFJlc3BvbmRlciwg dGhlIEluaXRpYXRvciBTSE9VTEQgaWdub3JlIHRoZQ0KPiBSMQ0KPiAgICAgbWVzc2FnZXMgd2l0 aG91dCBVRFAgZW5jYXBzdWxhdGlvbi4NCj4gICAgIA0KPiAgICAgVGhlIFVEUCBlbmNhcHN1bGF0 ZWQgSTEgcGFja2V0IGNvdWxkIGJlIHJlY2VpdmVkIGJ5IHRocmVlDQo+IGRpZmZlcmVudA0KPiAg ICAgdHlwZXMgb2YgaG9zdHM6DQo+ICAgICANCj4gICAgIDEuICBISVAgQ29udHJvbCBSZWxheSBT ZXJ2ZXI6IGluIHRoaXMgY2FzZSB0aGUgQS9BQUFBIHJlY29yZHMNCj4gcmVmZXJzDQo+ICAgICAg ICAgdG8gYSBDb250cm9sIFJlbGF5IFNlcnZlciwgYW5kIGl0IHdpbGwgZm9yd2FyZCB0aGUgcGFj a2V0IHRvDQo+IHRoZQ0KPiAgICAgICAgIGNvcnJlc3BvbmRpbmcgQ29udHJvbCBSZWxheSBDbGll bnQgYmFzZWQgb24gdGhlIGRlc3RpbmF0aW9uDQo+IEhJVA0KPiAgICAgICAgIGluIHRoZSBJMSBw YWNrZXQuDQo+ICAgICANCj4gICAgIDIuICBISVAgUmVzcG9uZGVyIHN1cHBvcnRpbmcgVURQIGVu Y2Fwc3VsYXRpb246IGluIHRoaXMgY2FzZSwgdGhlDQo+IHRoZQ0KPiAgICAgICAgIEEvQUFBQSBy ZWNvcmRzIHJlZmVycyB0byB0aGUgZW5kLWhvc3QuICBBc3N1bWluZyB0aGUNCj4gZGVzdGluYXRp b24NCj4gICAgICAgICBISVQgYmVsb25ncyB0byB0aGUgUmVzcG9uZGVyLCBpdCByZWNlaXZlcyBh bmQgcHJvY2Vzc2VzIGl0DQo+ICAgICAgICAgYWNjb3JkaW5nIHRvIHRoZSBuZWdvdGlhdGVkIE5B VCB0cmF2ZXJzYWwgbWVjaGFuaXNtLiAgVGhlDQo+IHN1cHBvcnQNCj4gICAgICAgICBmb3IgdGhl IHByb3RvY29sIGRlZmluZWQgaW4gdGhpcyBkb2N1bWVudCB2cyBbUkZDNTc3MF0gaXMNCj4gICAg ICAgICBkeW5hbWljYWxseSBuZWdvdGlhdGVkIGR1cmluZyB0aGUgYmFzZSBleGNoYW5nZS4gIFRo ZSBkZXRhaWxzDQo+IGFyZQ0KPiAgICAgICAgIHNwZWNpZmllZCBpbiBTZWN0aW9uIDQuMy4NCj4g ICAgIA0KPiAgICAgMy4gIEhJUCBSZW5kZXp2b3VzIFNlcnZlcjogdGhpcyBlbnRpdHkgaXMgbm90 IGxpc3RlbmluZyB0byBVRFANCj4gcG9ydA0KPiAgICAgICAgIDEwNTAwLCBzbyBpdCB3aWxsIGRy b3AgdGhlIEkxIG1lc3NhZ2UuDQo+ICAgICANCj4gICAgIDQuICBISVAgUmVzcG9uZGVyIG5vdCBz dXBwb3J0aW5nIFVEUCBlbmNhcHN1bGF0aW9uOiB0aGUgdGFyZ2V0ZWQNCj4gZW5kLQ0KPiAgICAg ICAgICAgIGhvc3QgaXMgbm90IGxpc3RlbmluZyB0byBVRFAgcG9ydCAxMDUwMCwgc28gaXQgd2ls bCBkcm9wDQo+IHRoZSBJMQ0KPiAgICAgICAgICAgIG1lc3NhZ2UuDQo+ICAgICANCj4gICAgIFRo ZSBBL0FBQUEtcmVjb3JkIE1VU1QgTk9UIGJlIGNvbmZpZ3VyZWQgdG8gcmVmZXIgdG8gYSBEYXRh IFJlbGF5DQo+ICAgICBTZXJ2ZXIgdW5sZXNzIHRoZSBob3N0IGluIHF1ZXN0aW9uIHN1cHBvcnRz IGFsc28gQ29udHJvbCBSZWxheQ0KPiBTZXJ2ZXINCj4gICAgIGZ1bmN0aW9uYWxpdHkuDQo+ICAg ICANCj4gICAgIEl0IGFsc28gd29ydGggbm90aW5nIHRoYXQgU1JWIHJlY29yZHMgYXJlIG5vdCBl bXBsb3llZCBpbiB0aGlzDQo+ICAgICBzcGVjaWZpY2F0aW9uLiAgV2hpbGUgdGhleSBjb3VsZCBi ZSB1c2VkIGZvciBtb3JlIGZsZXhpYmxlIFVEUA0KPiBwb3J0DQo+ICAgICBzZWxlY3Rpb24sIHRo ZXkgYXJlIG5vdCBzdWl0YWJsZSBmb3IgZW5kLWhvc3QgZGlzY292ZXJ5IGJ1dA0KPiByYXRoZXIN Cj4gICAgIHdvdWxkIGJlIG1vcmUgc3VpdGFibGUgZm9yIHRoZSBkaXNjb3Zlcnkgb2YgSElQLXNw ZWNpZmljDQo+ICAgICBpbmZyYXN0cnVjdHVyZS4gIEZ1cnRoZXIgZXh0ZW5zaW9ucyB0byB0aGlz IGRvY3VtZW50IG1heSBkZWZpbmUNCj4gU1JWDQo+ICAgICByZWNvcmRzIGZvciBDb250cm9sIGFu ZCBEYXRhIFJlbGF5IFNlcnZlciBkaXNjb3Zlcnkgd2l0aGluIGEgRE5TDQo+ICAgICBkb21haW4u DQo+ICAgICBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0K PiAgICAgSGlwc2VjIG1haWxpbmcgbGlzdA0KPiAgICAgSGlwc2VjQGlldGYub3JnDQo+ICAgICBo dHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2hpcHNlYw0KPiAgICAgDQo+IA0K PiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBIaXBz ZWMgbWFpbGluZyBsaXN0DQo+IEhpcHNlY0BpZXRmLm9yZw0KPiBodHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL2hpcHNlYw0K From nobody Thu Apr 9 01:13:42 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC6DD3A0E52; Thu, 9 Apr 2020 01:13:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.258 X-Spam-Level: X-Spam-Status: No, score=-2.258 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BxpD8sLXChKM; Thu, 9 Apr 2020 01:13:36 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70059.outbound.protection.outlook.com [40.107.7.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4AEF3A0E48; Thu, 9 Apr 2020 01:13:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=foMnC9AcsdVrAxdpzv3nZaL/SkGBde7mxE7VWhcj5wOFq88b6QRsBFCuwVmFOdAtlZuv4eW5l0GZCFsitrK47jlnL8VhGOy91fz2j/iup89flzdfNczgpQqvl+ycK9FC4jDSlf+/ZLBwck+ap+bPWSb4vaA055CayWPK3f6NHL+nBY2snE+kW/aQExak0KSB5LCr9a4v2rF9Pll+IGFyHKHwizVb5XzfgGgAvz605xTJ/IWhrKjAxo1FtzJckhXjlYZ5YxmPPzhYcVgAJ5nqL2fL0q6lSxN3dASR3pHCcLYF59zVrDYzIaCLDRialk8rlR4IQv5+Ww2LOqdjo5DOzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4oLSlgZ3z+yqhg0qzGg+ncVXw1Z6mysU+/E88h07AWU=; b=mIJq0e1FyMb2FMl4Jdqo9oxuNSj0qWfGSbvlh7lRMGTp4//RV52pqJXOyM6u7ZpEZZtbiHK8fpQkD560kH+ViXWcoPoellAbK4haU0Coy+EZHrdrS+R7AVORgcGauzL1xK8F3C6oj3kyOSy2c4fJXJ6WvQ53HN/KcPrherPmJw2P0I5snLcsJkFpLg0dwfABnNH/Jn82t+AkajU5u2HepaX7H0swBlxEUG+QFq+lz6EmQwFDBRXKqSo8UXpMFp7JJ7wGICrS9RoYyx4L0OtITT1CLsmtEmbgCoDexZdCar8MakcxgmYPRNvigywSiT3ZvOd2bPquS09tKwZ8xY1WNg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4oLSlgZ3z+yqhg0qzGg+ncVXw1Z6mysU+/E88h07AWU=; b=PJsYH/6fVxFkF++hFL1hJhcpg/as0331kLldSg1GKAxg9TdoVRD8i7iFLMWKs/g4Qc8p3Mj0dyzOQMLxucRGkHrla/SifqSVJ7v+0wTve2811lIdTnjPNCO49T2Lj9roNkvCfEM9M8HLzt8WKnPLu05m3XyO5HzN6EztvO0Dt9M= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (2603:10a6:208:44::16) by AM0PR07MB5361.eurprd07.prod.outlook.com (2603:10a6:208:10a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.13; Thu, 9 Apr 2020 08:13:33 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4%7]) with mapi id 15.20.2900.015; Thu, 9 Apr 2020 08:13:33 +0000 From: Miika Komu To: "iesg@ietf.org" , Magnus Westerlund CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8t5gg3Zvxq1PeEaWx2XZsfEZi6hma8SAgADf0gCACVw3gA== Date: Thu, 9 Apr 2020 08:13:33 +0000 Message-ID: <8adf583d11435dc690a170da1f6a18d9c86273eb.camel@ericsson.com> References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> <326b5dfa75824f82e990b4b990c51accbfbf4d72.camel@ericsson.com> In-Reply-To: <326b5dfa75824f82e990b4b990c51accbfbf4d72.camel@ericsson.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 672b9ed1-4e4a-434c-5d56-08d7dc5de574 x-ms-traffictypediagnostic: AM0PR07MB5361:|AM0PR07MB5361: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0368E78B5B x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(376002)(396003)(366004)(346002)(136003)(39860400002)(6486002)(316002)(86362001)(8676002)(186003)(54906003)(110136005)(81156014)(450100002)(6636002)(2906002)(6506007)(4326008)(6512007)(91956017)(66556008)(64756008)(71200400001)(66476007)(66946007)(66446008)(478600001)(5660300002)(81166007)(26005)(8936002)(2616005)(966005)(36756003)(76116006)(44832011)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: IB9xjtLTrb3dC3qvf6SobM2EIsuHepzOzzYOSts83RCfzrQcS1dvtwKjHro4ZlpOBim54Zh8MQ/pbbULdNzIz8GkVR1GiGUwPCcFnGARK6kunBDXXO01sZQzuz84/J3/oroEHlyM8mXaFbLbAqciCeEIDeoHf5+gmhG4lidrzI7IeuhF+u7J1pGtnpCNRGuIeBb/K/SyCjmuQadiF/5wjObT83f6rB80ov1uOfdJHdjDIjdBxoEsOO3RBUnZjagdXyL3qG47RglJ00u7+osPVf0f58oMDAlXN41EL8GiWBchVGvwI3xVewFNC+eCC5ZYoAg5ej9nnN74amkgT5vMavNk1svzswywVRcdizsaPm/OzbrhaNs7faDOj7P0TrQPSRWNbjbU/WqPVre1awG3+uVZ1OsJYyy8qRe5yXvyXrbMexsg/vlzh1QbSpK0okwRIWzt5B27a6DqzFAX0AXoTI4lvW0I2VYA8o6RowLwaJ0Ep6Y19hZyxjT6clH8ROT2zR+9tbinpg0QBf6OMHUT2XPyem7kkBJDeZN6embWD7bnb2ZtSz3w9R+8PwEYkCME x-ms-exchange-antispam-messagedata: o0UAq7rM+cXmUqsl2ymbo2JMnujDrwj3z2tdNRn28ipaazkx+7duAUpo8K814Hl91Z/eVzmjaJFcTxoV9Cj2E3X+K6SuwrJGa/KlffOjlrvk95sWlgwHaFEP8Mw9hKqgQNVuppt4gN8zols8egWTEg== Content-Type: text/plain; charset="utf-8" Content-ID: <86A3FD095C9F6143AAF12B54B61DAD8D@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 672b9ed1-4e4a-434c-5d56-08d7dc5de574 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2020 08:13:33.4752 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: O/kx4ro+jF3l+N5IBiIgOQ8n+kK5XcssIQcOByvPmUd41OETbGGHe7n2K8phH14Ym6ZCgCqeJ9ftFcEUiqcSWw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5361 Archived-At: Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2020 08:13:41 -0000 SGkgTWFnbnVzLA0KDQpwZSwgMjAyMC0wNC0wMyBrZWxsbyAwOToxNyArMDAwMCwgTWFnbnVzIFdl c3Rlcmx1bmQga2lyam9pdHRpOg0KPiA+IA0KPiA+ID4gMi4gU2Vjb25kbHksIGFzIHRoaXMgc29s dXRpb24gaXMgZGlmZmVyZW50IGZyb20gdGhlIFJGQyA1NzcwDQo+IHNob3VsZA0KPiA+ID4gdGhp cw0KPiA+ID4gc29sdXRpb24gaGF2ZSBhIGRpZmZlcmVudCBzZXJ2aWNlIG5hbWU/IFRoZSByZWFz b24gSSBhbSBhc2tpbmcgaXMNCj4gPiA+IHRoYXQgaXQNCj4gPiA+IGRlcGVuZHMgb24gaG93IGZv ciBleGFtcGxlIGhvdyBhbiBpbml0aWF0b3IgZGV0ZXJtaW5lIHdoaWNoIG9mDQo+IHRoZQ0KPiA+ ID4gTkFUDQo+ID4gPiB0cmF2ZXJzYWwgc29sdXRpb24uIElmIHRoZXJlIGlzIGFueSBpbnRlbnRp b24gdG8gdXNlIEROUyBTUlYgZm9yDQo+ID4gPiBleGFtcGxlDQo+ID4gPiBkaWZmZXJlbnQgc2Vy dmljZSBuYW1lIHdvdWxkIG1ha2Ugc2Vuc2UuIFRoaXMgaXMgcHJpbWFyaWx5IHRvDQo+IHZlcmlm eQ0KPiA+ID4gdGhhdCB0aGlzDQo+ID4gPiBoYXMgYmVlbiBjb25zaWRlcmVkLg0KPiA+IA0KPiA+ IEkgYW0gbm90IGFuIGV4cGVydCBvbiB0aGUgdG9waWMgYnV0IGJhc2VkIG9uIHNvbWUgZGlzY3Vz c2lvbnMgd2l0aA0KPiBzb21lDQo+ID4gY29sbGVhZ3VlcywgdGhlIFNSViByZWNvcmRzIHNlZW0g dG8gbW9yZSBzdWl0YWJsZSBmb3INCj4gaW5mcmFzdHJ1Y3R1cmUNCj4gPiBkaXNjb3ZlcnksIG5v dCByZWFsbHkgZm9yIGVuZC1ob3N0IGRpc2NvdmVyeS4gU2luY2UgeW91IGFza2VkIGZvcg0KPiB0 aGlzLA0KPiA+IEkgd3JvdGUgYSBuZXcgc2VjdGlvbiBpbiB0aGUgYXBwZW5kaXg6DQo+IA0KPiBT byB0aGUgbWFpbiByZWFzb24gZm9yIG15IHF1ZXN0aW9uIHdhcyB0byBlbnN1cmUgdGhhdCB5b3Ug aGF2ZSBub3QNCj4gZm9yZ29ldHRlbg0KPiB0aGF0IHlvdSBhY3R1YWxseSBoYXZlIHNvbWUgZGVw ZW5kbmVjeSBvbiB0aGUgc2VydmljZSBuYW1lIHRoYXQgd291bGQNCj4gaW4gZmFjdCBiZQ0KPiBp bmNvbXBhdGlibGUuIFRoYXQgY291bGQgaW5jbHVkZSBzb21lIHN1cHBvcnRpbmcgZG9jdW1lbnQs IGZvcg0KPiBleGFtcGxlIHVzYWdlIG9mDQo+IFNSViByZWNvcmRzLiBIb3dldmVyLCB3aXRoIHRo ZSBiZWxvdyB0ZXh0IHdyaXR0ZW4sIEkgZG8gZmluZCBpdA0KPiBpbmZvcm1hdGl2ZS4gQW5kDQo+ IHRoZSBzdGF0ZW1lbnQgYXQgdGhlIGVuZCB0aGF0IHlvdSBkb24ndCB1c2UgU1JWIHJlY29yZHMg Y3VycmVudGx5IGlzDQo+IGFsc28gZ29vZA0KPiBhbmQgcGFydCB0byBhbnN3ZXIgb25lIGFzcGVj dCBvZiBteSBxdWVzdGlvbi4gVG8gY29uY2x1ZGUsIGl0IGFwcGVhcnMNCj4gdG8gYmUgbm8NCj4g aXNzdWVzIHdpdGggaGF2aW5nIHRoZSB0d28gbWVjaGFuaXNtcyBzaGFyZSBzZXJ2aWNlIG5hbWUg YW5kIHBvcnQuIA0KPiANCj4gRnJvbSBteSBwZXJzcGVjdGl2ZSBpdCBhcHBlYXJzIHRvIGJlIHNv bWUgYmVuZWZpdCBpbiBpbmNsdWRpbmcgdGhlDQo+IGJlbG93DQo+IGFwcGVuZGl4IGluIHRoZSBz cGVjaWZpY2FpdG9uLCBidXQgeW91IHNob3VsZCBzZWVrIGNvbnNlbnN1cyBvbiBpdCBpbg0KPiB0 aGUgV0cNCj4gYmVmb3JlIHRoZSBkb2N1bWVudCBpcyBhcHByb3ZlZCBpbiBteSBvcGluaW9uLg0K DQpJIG5vdGljZWQgdGhhdCB0aGUgbmV3IHByb3Bvc2VkIHRleHQgb24gRE5TIGlzIGhhbmRsaW5n IHRoaW5ncw0KZGlmZmVyZW50bHkgdGhhbiB0aGlzIHBhcnQgaW4gUkZDNTc3MDoNCg0KaHR0cHM6 Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzU3NzAjYXBwZW5kaXgtQg0KDQpTbyBJIHdvdWxkIHN1 Z2dlc3QgdGhhdCB3ZSB3b3VsZCB1cGRhdGUgUkZDNTc3MCBhcHBlbmRpeCBCIGluIHRoZQ0KbmF0 aXZlIE5BVCB0cmF2ZXJzYWwgZHJhZnQgYW5kIHJlcGxhY2UgaXQgd2l0aCB0aGUgbmV3IEROUyB0 ZXh0Lg0KDQooSSBjYW4gYXNrIFdHIGNvbnNlbnN1cyBmb3IgdGhpcyBhbHNvKQ0K From nobody Thu Apr 9 01:16:09 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1C713A0E72 for ; Thu, 9 Apr 2020 01:16:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.258 X-Spam-Level: X-Spam-Status: No, score=-2.258 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZY0t6Qj4wMG for ; Thu, 9 Apr 2020 01:16:01 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70041.outbound.protection.outlook.com [40.107.7.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85E973A0E60 for ; Thu, 9 Apr 2020 01:15:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZtpB3YqNz/n/Gf1GIN5fIggfuH9HXioPe0ISL+RO2uHX0B5z7VNZGP1XvWpZG/MqiJJ7IBsRQpnNoCJ09fGoxCErbjeGpicsTsrHbfY0q8zo6mHTP+3gHo5XyVSMJMrwBPW7Ntl4XvHJkzBdn650KfFLZ+SOUZAxhaMqxWZLALukP/ixvWlyg09npEGUG2RxRb6V439ozrS5v7zHXSf7KzqpXtXbGDZj0AfDS8ku1FpQIevQbc2BZXwI2bUcsU7dMmRT4U9Upy3B6NV9Nfdg+lHhZxY6snXA8ndtxsNdMDV8YrlAD3DECMFq4SFES0WaQvtYhuTIG9Ssy+N2uC5sRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GyOIeISuB/kVPI0aqR0XFyrpGVuIcdZBZdfj4FCllBo=; b=eh9NVHk2aUlb3q/Ya0GtL09LbWQFCOJhaENvgBbZm1Axvelnw+W378jYip9vkJX+5O0tKwarokNZm8fKRK705QRJtgktGCCgxuhOiASoixRh3TGWBPGEEq2iS1SLdt/BmOTYdpTm54dNu9FyE2Ofy5Y+MQ5fNC6txGh5IyEgUP0ww0KMv4wRHMpnW9fJPAfMjcDsh3HzzOyV6kaZQAsOKdLioL9BpnXwiUotkIDgDCduW79bVZ2k5gUfxzm4mJlwiuEFWSJr5ASYvtsYk5RDH8Hh1SFoCeAckonrKEk12XqcpJXq+uLq8DdUAC4u3ZuA2xtLg1ZNf95lS9xzXKo1Kw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GyOIeISuB/kVPI0aqR0XFyrpGVuIcdZBZdfj4FCllBo=; b=tIwwzT2C5Q44gs60lkN+XDkCmF2sAaRUuHT374DtPSZAHzN4x7kvCqrRuRyixhAW9607eJStNpmOKlD3TubuvSzhgkTrj/A6AEKtC+ndAKjWcTnDRcksC6nHeYPKF7j09cgRqHUgdd1HpA+DDY8taB/sSbBUF7OFJTfCJ0A9HNY= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (2603:10a6:208:44::16) by AM0PR07MB5602.eurprd07.prod.outlook.com (2603:10a6:208:ff::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.12; Thu, 9 Apr 2020 08:15:51 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4%7]) with mapi id 15.20.2900.015; Thu, 9 Apr 2020 08:15:51 +0000 From: Miika Komu To: "miika.komu=40ericsson.com@dmarc.ietf.org" , "j.ahrenholz@Tempered.io" , "hipsec@ietf.org" Thread-Topic: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal Thread-Index: AQHWDBl6+EF13lTjuk+JiMyOEPIlOqhwdfuA Date: Thu, 9 Apr 2020 08:15:51 +0000 Message-ID: <80a8d1d013b215a66a04bc0a08ebe6c8d5f1d8f6.camel@ericsson.com> References: In-Reply-To: Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b4c61cad-f6a5-4d4f-a853-08d7dc5e377e x-ms-traffictypediagnostic: AM0PR07MB5602: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4941; x-forefront-prvs: 0368E78B5B x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(366004)(376002)(396003)(346002)(39860400002)(316002)(81156014)(8936002)(8676002)(478600001)(71200400001)(86362001)(91956017)(76116006)(2616005)(6486002)(44832011)(5660300002)(966005)(81166007)(2906002)(36756003)(110136005)(64756008)(66946007)(26005)(186003)(66446008)(66556008)(66476007)(6506007)(6512007)(99106002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: hp4Gje0jBqBRt8Trs39l4t611EoLPr5oOPVELkqIFBWxIb81kUmoEnf05BD04IdoXd2GavVSA3ctTWCYUe5GkTPGv3jtBj/4r3KWaQy44vSYEhEjL8Vwkcefi7CPDLkPJiVUPzblEV+/YgwjzFZPh42fUNOvLH/jQ2N7tGOP8PyqNPYiXkrArKrU5mwaZoABnMl6Tdkrin1vxu0hRrJdGNoJ3yJdCFJwpSHrWgIHsXBcr2aeIqG3WRII9AEZGHVXkg3VEWdmM7XXvTLsLjtAxxEFSHOIAmAUHeml5Ze/6/3exm0L67y3WpQFoy3TMfsKcYaQt5vn6ECkOA/U7a0OYoILIFtEH4w0mYNEUPRi52UTMwH9yJj53wwfykeQm4i/O5MbnlVANgXCDD8UP5hm4PyRo0Iglq7Wg1G8vcZc8SsRBMdgLUTLhBmB5QSP2ikgPVkYUmNLPe4UwN3DdwTqqAVYDzjolrpIpL4Exn/fXkWX/DzI5W9vAIV1WILuqu5rfH36N/nIrCrI2x0y8UBQUkje/17F10lNiDKiMjMrIPATBvJhYmPT9LgKcA5QxbHS x-ms-exchange-antispam-messagedata: CMSfZRtONB0gdtpdpRKkeardMoG9yE9SEDPF+FtX/HhR/dYhiYAnF52DoyW4z4mpJsUcZYbpMXZIkzcY6D8N2A/TF/es21hjYVkOLbzv3E6a1ENzdNXtfetFjf3VH4blneOq91K2vhweQKwFQ2neRg== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <694893C298011C42B779B603A77DD339@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: b4c61cad-f6a5-4d4f-a853-08d7dc5e377e X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2020 08:15:51.1728 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GVbbPTFMbaqdyYqKHVsVkKY931sOCzQtD87JfWz/PPeLpnwJDgPvnDi2T+fOtYDL6wSu35d5zBWH41k62sUb9Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5602 Archived-At: Subject: Re: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2020 08:16:08 -0000 SGksDQoNCkkgbm90aWNlZCB0aGF0IHRoZSBuZXcgcHJvcG9zZWQgdGV4dCBvbiBETlMgaXMgaGFu ZGxpbmcgdGhpbmdzDQpkaWZmZXJlbnRseSB0aGFuIHRoaXMgcGFydCBpbiBSRkM1NzcwOg0KDQpo dHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNTc3MCNhcHBlbmRpeC1CDQoNClNvIEkgd291 bGQgc3VnZ2VzdCB0aGF0IHdlIHdvdWxkIHVwZGF0ZSBSRkM1NzcwIGFwcGVuZGl4IEIgaW4gdGhl DQpuYXRpdmUgTkFUIHRyYXZlcnNhbCBkcmFmdCBhbmQgcmVwbGFjZSBpdCB3aXRoIHRoZSBuZXcg RE5TIHRleHQuIFdvdWxkDQp5b3UgYmUgb2sgd2l0aCB0aGlzPw0KDQptYSwgMjAyMC0wNC0wNiBr ZWxsbyAxMzo0NCArMDAwMCwgSmVmZiBBaHJlbmhvbHoga2lyam9pdHRpOg0KPiBNaWlrYSwNCj4g TG9va3MgZ29vZCB0byBtZS4gSSBsaWtlIGhvdyB0aGUgZGlzdGluY3Rpb24gYmV0d2VlbiBSVlMg YW5kIENvbnRyb2wNCj4gUmVsYXkgU2VydmVyICBpcyBzcGVsbGVkIG91dC4NCj4gDQo+IEp1c3Qg YSBjb3VwbGUgb2Ygbml0czoNCj4gcy9hbiBISVAvIGEgSElQLw0KPiBzL3RoZSB0aGUgQS90aGUg QS8NCj4gDQo+IC1KZWZmDQo+IA0KPiDvu79PbiA0LzUvMjAsIDY6MjAgQU0sICJIaXBzZWMgb24g YmVoYWxmIG9mIE1paWthIEtvbXUiIDwNCj4gaGlwc2VjLWJvdW5jZXNAaWV0Zi5vcmcgb24gYmVo YWxmIG9mIA0KPiBtaWlrYS5rb211PTQwZXJpY3Nzb24uY29tQGRtYXJjLmlldGYub3JnPiB3cm90 ZToNCj4gDQo+ICAgICBIaSwNCj4gICAgIA0KPiAgICAgZHVyaW5nIElFU0cgcmV2aWV3IE1hZ251 cyBXZXN0ZXJsdW5kIGFza2VkIGFib3V0IEROUyBzdXBwb3J0IGluDQo+IGRyYWZ0LQ0KPiAgICAg aWV0Zi1oaXAtbmF0aXZlLW5hdC10cmF2ZXJzYWwsIHNvIEkgYWRkZWQgdGhlIHRoZSB0ZXh0IGJl bG93IHRvDQo+IGRyYWZ0LQ0KPiAgICAgaWV0Zi1oaXAtbmF0aXZlLW5hdC10cmF2ZXJzYWwuIERv ZXMgaXQgc2VlbSBvayBmb3IgdGhlIFdHPw0KPiAgICAgDQo+ICAgICBBcHBlbmRpeCBFLiAgRE5T IENvbnNpZGVyYXRpb25zDQo+ICAgICANCj4gICAgIFtSRkM1NzcwXSBkaWQgbm90IHNwZWNpZnkg aG93IGFuIGVuZC1ob3N0IGNhbiBsb29rIHVwIGFub3RoZXINCj4gZW5kLQ0KPiAgICAgaG9zdCB2 aWEgRE5TIGFuZCBpbml0aWF0ZSBhbiBVRFAtYmFzZWQgSElQIGJhc2UgZXhjaGFuZ2Ugd2l0aCBp dCwNCj4gc28NCj4gICAgIHRoaXMgc2VjdGlvbiBtYWtlcyBhbiBhdHRlbXB0IHRvIGZpbGwgdGhp cyBnYXAuDQo+ICAgICANCj4gICAgIFtSRkM4MDA1XSBzcGVjaWZpZXMgaG93IGFuIEhJUCBlbmQt aG9zdCBhbmQgaXRzIFJlbmRlenZvdXMgc2VydmVyDQo+IGlzDQo+ICAgICByZWdpc3RlcmVkIHRv IEROUy4gIEVzc2VudGlhbGx5LCB0aGUgcHVibGljIGtleSBvZiB0aGUgZW5kLWhvc3QNCj4gaXMN Cj4gICAgIHN0b3JlZCBhcyBISSByZWNvcmQgYW5kIGl0cyBSZW5kZXp2b3VzIFNlcnZlciBhcyBB IG9yIEFBQUENCj4gcmVjb3JkLg0KPiAgICAgVGhpcyB3YXksIHRoZSBSZW5kZXp2b3VzIFNlcnZl ciBjYW4gYWN0IGFzIGFuIGludGVybWVkaWFyeSBmb3INCj4gdGhlDQo+ICAgICBlbmQtaG9zdCBh bmQgZm9yd2FyZCBwYWNrZXRzIHRvIGl0IGJhc2VkIG9uIHRoZSBETlMNCj4gY29uZmlndXJhdGlv bi4NCj4gICAgIENvbnRyb2wgUmVsYXkgU2VydmVyIG9mZmVycyBzaW1pbGFyIGZ1bmN0aW9uYWxp dHkgYXMgUmVuZGV6dm91cw0KPiAgICAgU2VydmVyLCB3aXRoIHRoZSBkaWZmZXJlbmNlIHRoYXQg dGhlIENvbnRyb2wgUmVsYXkgU2VydmVyDQo+IGZvcndhcmRzDQo+ICAgICBhbGwgY29udHJvbCBt ZXNzYWdlcywgbm90IGp1c3QgdGhlIGZpcnN0IEkxIG1lc3NhZ2UuDQo+ICAgICANCj4gICAgIFBy aW9yIHRvIHRoaXMgZG9jdW1lbnQsIHRoZSBBIGFuZCBBQUFBIHJlY29yZHMgaW4gdGhlIEROUyBy ZWZlcg0KPiAgICAgZWl0aGVyIHRvIHRoZSBISVAgZW5kLWhvc3QgaXRzZWxmIG9yIGEgUmVuZGV6 dm91cyBTZXJ2ZXINCj4gW1JGQzgwMDVdLA0KPiAgICAgYW5kIGNvbnRyb2wgYW5kIGRhdGEgcGxh bmUgY29tbXVuaWNhdGlvbiB3aXRoIHRoZSBhc3NvY2lhdGVkIGhvc3QNCj4gaGFzDQo+ICAgICBi ZWVuIGFzc3VtZWQgdG8gb2NjdXIgZGlyZWN0bHkgb3ZlciBJUHY0IG9yIElQdjYuICBIb3dldmVy LCB0aGlzDQo+ICAgICBzcGVjaWZpY2F0aW9uIGV4dGVuZHMgdGhlIHJlY29yZHMgdG8gYmUgdXNl ZCBmb3IgVURQLWJhc2VkDQo+ICAgICBjb21tdW5pY2F0aW9ucy4NCj4gICAgIA0KPiAgICAgTGV0 IHVzIGNvbnNpZGVyIHRoZSBjYXNlIG9mIGEgSElQIEluaXRpYXRvciB3aXRoIHRoZSBkZWZhdWx0 DQo+IHBvbGljeQ0KPiAgICAgdG8gZW1wbG95IFVEUCBlbmNhcHN1bGF0aW9uIGFuZCB0aGUgZXh0 ZW5zaW9ucyBkZWZpbmVkIGluIHRoaXMNCj4gICAgIGRvY3VtZW50LiAgVGhlIEluaXRpYXRvciBs b29rcyB1cCB0aGUgRlFETiBvZiBhIFJlc3BvbmRlciwgYW5kDQo+ICAgICByZXRyaWV2ZXMgaXRz IEhJLCBBIGFuZCBBQUFBIHJlY29yZHMuICBTaW5jZSB0aGUgZGVmYXVsdCBwb2xpY3kNCj4gaXMg dG8NCj4gICAgIHVzZSBVRFAgZW5jYXBzdWxhdGlvbiwgdGhlIEluaXRpYXRvciBNVVNUIHNlbmQg dGhlIEkxIG1lc3NhZ2UNCj4gb3Zlcg0KPiAgICAgVURQIHRvIGRlc3RpbmF0aW9uIHBvcnQgMTA1 MDAgKGVpdGhlciBvdmVyIElQdjQgaW4gdGhlIGNhc2Ugb2YgYQ0KPiBBDQo+ICAgICByZWNvcmQg b3Igb3ZlciBJUHY2IGluIHRoZSBjYXNlIG9mIGEgQUFBQSByZWNvcmQpLiAgSXQgTUFZIHNlbmQN Cj4gYW4gSTENCj4gICAgIG1lc3NhZ2UgYm90aCB3aXRoIGFuZCB3aXRob3V0IFVEUCBlbmNhcHN1 bGF0aW9uIGluIHBhcmFsbGVsLiAgSW4NCj4gdGhlDQo+ICAgICBjYXNlIHRoZSBJbml0aWF0b3Ig cmVjZWl2ZXMgUjEgbWVzc2FnZXMgYm90aCB3aXRoIGFuZCB3aXRob3V0IFVEUA0KPiAgICAgZW5j YXBzdWxhdGlvbiBmcm9tIHRoZSBSZXNwb25kZXIsIHRoZSBJbml0aWF0b3IgU0hPVUxEIGlnbm9y ZSB0aGUNCj4gUjENCj4gICAgIG1lc3NhZ2VzIHdpdGhvdXQgVURQIGVuY2Fwc3VsYXRpb24uDQo+ ICAgICANCj4gICAgIFRoZSBVRFAgZW5jYXBzdWxhdGVkIEkxIHBhY2tldCBjb3VsZCBiZSByZWNl aXZlZCBieSB0aHJlZQ0KPiBkaWZmZXJlbnQNCj4gICAgIHR5cGVzIG9mIGhvc3RzOg0KPiAgICAg DQo+ICAgICAxLiAgSElQIENvbnRyb2wgUmVsYXkgU2VydmVyOiBpbiB0aGlzIGNhc2UgdGhlIEEv QUFBQSByZWNvcmRzDQo+IHJlZmVycw0KPiAgICAgICAgIHRvIGEgQ29udHJvbCBSZWxheSBTZXJ2 ZXIsIGFuZCBpdCB3aWxsIGZvcndhcmQgdGhlIHBhY2tldCB0bw0KPiB0aGUNCj4gICAgICAgICBj b3JyZXNwb25kaW5nIENvbnRyb2wgUmVsYXkgQ2xpZW50IGJhc2VkIG9uIHRoZSBkZXN0aW5hdGlv bg0KPiBISVQNCj4gICAgICAgICBpbiB0aGUgSTEgcGFja2V0Lg0KPiAgICAgDQo+ICAgICAyLiAg SElQIFJlc3BvbmRlciBzdXBwb3J0aW5nIFVEUCBlbmNhcHN1bGF0aW9uOiBpbiB0aGlzIGNhc2Us IHRoZQ0KPiB0aGUNCj4gICAgICAgICBBL0FBQUEgcmVjb3JkcyByZWZlcnMgdG8gdGhlIGVuZC1o b3N0LiAgQXNzdW1pbmcgdGhlDQo+IGRlc3RpbmF0aW9uDQo+ICAgICAgICAgSElUIGJlbG9uZ3Mg dG8gdGhlIFJlc3BvbmRlciwgaXQgcmVjZWl2ZXMgYW5kIHByb2Nlc3NlcyBpdA0KPiAgICAgICAg IGFjY29yZGluZyB0byB0aGUgbmVnb3RpYXRlZCBOQVQgdHJhdmVyc2FsIG1lY2hhbmlzbS4gIFRo ZQ0KPiBzdXBwb3J0DQo+ICAgICAgICAgZm9yIHRoZSBwcm90b2NvbCBkZWZpbmVkIGluIHRoaXMg ZG9jdW1lbnQgdnMgW1JGQzU3NzBdIGlzDQo+ICAgICAgICAgZHluYW1pY2FsbHkgbmVnb3RpYXRl ZCBkdXJpbmcgdGhlIGJhc2UgZXhjaGFuZ2UuICBUaGUgZGV0YWlscw0KPiBhcmUNCj4gICAgICAg ICBzcGVjaWZpZWQgaW4gU2VjdGlvbiA0LjMuDQo+ICAgICANCj4gICAgIDMuICBISVAgUmVuZGV6 dm91cyBTZXJ2ZXI6IHRoaXMgZW50aXR5IGlzIG5vdCBsaXN0ZW5pbmcgdG8gVURQDQo+IHBvcnQN Cj4gICAgICAgICAxMDUwMCwgc28gaXQgd2lsbCBkcm9wIHRoZSBJMSBtZXNzYWdlLg0KPiAgICAg DQo+ICAgICA0LiAgSElQIFJlc3BvbmRlciBub3Qgc3VwcG9ydGluZyBVRFAgZW5jYXBzdWxhdGlv bjogdGhlIHRhcmdldGVkDQo+IGVuZC0NCj4gICAgICAgICAgICBob3N0IGlzIG5vdCBsaXN0ZW5p bmcgdG8gVURQIHBvcnQgMTA1MDAsIHNvIGl0IHdpbGwgZHJvcA0KPiB0aGUgSTENCj4gICAgICAg ICAgICBtZXNzYWdlLg0KPiAgICAgDQo+ICAgICBUaGUgQS9BQUFBLXJlY29yZCBNVVNUIE5PVCBi ZSBjb25maWd1cmVkIHRvIHJlZmVyIHRvIGEgRGF0YSBSZWxheQ0KPiAgICAgU2VydmVyIHVubGVz cyB0aGUgaG9zdCBpbiBxdWVzdGlvbiBzdXBwb3J0cyBhbHNvIENvbnRyb2wgUmVsYXkNCj4gU2Vy dmVyDQo+ICAgICBmdW5jdGlvbmFsaXR5Lg0KPiAgICAgDQo+ICAgICBJdCBhbHNvIHdvcnRoIG5v dGluZyB0aGF0IFNSViByZWNvcmRzIGFyZSBub3QgZW1wbG95ZWQgaW4gdGhpcw0KPiAgICAgc3Bl Y2lmaWNhdGlvbi4gIFdoaWxlIHRoZXkgY291bGQgYmUgdXNlZCBmb3IgbW9yZSBmbGV4aWJsZSBV RFANCj4gcG9ydA0KPiAgICAgc2VsZWN0aW9uLCB0aGV5IGFyZSBub3Qgc3VpdGFibGUgZm9yIGVu ZC1ob3N0IGRpc2NvdmVyeSBidXQNCj4gcmF0aGVyDQo+ICAgICB3b3VsZCBiZSBtb3JlIHN1aXRh YmxlIGZvciB0aGUgZGlzY292ZXJ5IG9mIEhJUC1zcGVjaWZpYw0KPiAgICAgaW5mcmFzdHJ1Y3R1 cmUuICBGdXJ0aGVyIGV4dGVuc2lvbnMgdG8gdGhpcyBkb2N1bWVudCBtYXkgZGVmaW5lDQo+IFNS Vg0KPiAgICAgcmVjb3JkcyBmb3IgQ29udHJvbCBhbmQgRGF0YSBSZWxheSBTZXJ2ZXIgZGlzY292 ZXJ5IHdpdGhpbiBhIEROUw0KPiAgICAgZG9tYWluLg0KPiAgICAgX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gICAgIEhpcHNlYyBtYWlsaW5nIGxpc3QN Cj4gICAgIEhpcHNlY0BpZXRmLm9yZw0KPiAgICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9oaXBzZWMNCj4gICAgIA0KPiANCj4gX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX18NCj4gSGlwc2VjIG1haWxpbmcgbGlzdA0KPiBIaXBzZWNA aWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9oaXBzZWMN Cg== From nobody Thu Apr 9 07:36:55 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1423A3A079B for ; Thu, 9 Apr 2020 07:36:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E00YQpLKpnpN for ; Thu, 9 Apr 2020 07:36:52 -0700 (PDT) Received: from out.west.exch081.serverdata.net (cas081-co-2.exch081.serverdata.net [199.193.204.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63D7D3A0795 for ; Thu, 9 Apr 2020 07:36:52 -0700 (PDT) Received: from MBX081-W5-CO-2.exch081.serverpod.net (10.224.129.85) by MBX081-W5-CO-1 (10.224.129.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 9 Apr 2020 07:36:51 -0700 Received: from MBX081-W5-CO-2.exch081.serverpod.net ([10.224.129.85]) by MBX081-W5-CO-2.exch081.serverpod.net ([10.224.129.85]) with mapi id 15.00.1497.006; Thu, 9 Apr 2020 07:36:51 -0700 From: Jeff Ahrenholz To: Miika Komu , "miika.komu=40ericsson.com@dmarc.ietf.org" , "hipsec@ietf.org" Thread-Topic: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal Thread-Index: AQHWDBl6+EF13lTjuk+JiMyOEPIlOqhwdfuAgABqbQA= Date: Thu, 9 Apr 2020 14:36:51 +0000 Message-ID: References: <80a8d1d013b215a66a04bc0a08ebe6c8d5f1d8f6.camel@ericsson.com> In-Reply-To: <80a8d1d013b215a66a04bc0a08ebe6c8d5f1d8f6.camel@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [73.254.156.159] Content-Type: text/plain; charset="utf-8" Content-ID: <3E40BEFD005D68409624A1D1AE338D7F@exch081.serverpod.net> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Hipsec] DNS considerations in draft-ietf-hip-native-nat-traversal X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2020 14:36:54 -0000 IA0KPiAgICBJIG5vdGljZWQgdGhhdCB0aGUgbmV3IHByb3Bvc2VkIHRleHQgb24gRE5TIGlzIGhh bmRsaW5nIHRoaW5ncw0KPiAgICBkaWZmZXJlbnRseSB0aGFuIHRoaXMgcGFydCBpbiBSRkM1Nzcw Og0KPiAgICANCj4gICAgaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzU3NzAjYXBwZW5k aXgtQg0KPiAgICANCj4gICAgU28gSSB3b3VsZCBzdWdnZXN0IHRoYXQgd2Ugd291bGQgdXBkYXRl IFJGQzU3NzAgYXBwZW5kaXggQiBpbiB0aGUNCj4gICAgbmF0aXZlIE5BVCB0cmF2ZXJzYWwgZHJh ZnQgYW5kIHJlcGxhY2UgaXQgd2l0aCB0aGUgbmV3IEROUyB0ZXh0LiBXb3VsZA0KPiAgICB5b3Ug YmUgb2sgd2l0aCB0aGlzPw0KDQpTb3VuZHMgZ29vZCB0byBtZS4NCg0KLUplZmYNCiANCg0K From nobody Wed Apr 22 23:54:59 2020 Return-Path: X-Original-To: hipsec@ietfa.amsl.com Delivered-To: hipsec@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17F363A0A50; Wed, 22 Apr 2020 23:54:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.899 X-Spam-Level: ** X-Spam-Status: No, score=2.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lg0Imn8wLyo6; Wed, 22 Apr 2020 23:54:50 -0700 (PDT) Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10087.outbound.protection.outlook.com [40.107.1.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D68E3A047F; Wed, 22 Apr 2020 23:54:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V7o+4ULlrcOkrGe2J3VS/bgJkgr1nARQGgRKHBaHrDbNgryJ8Bp89eiu25Uxjza14apm/RA1QrYPFpj9vxDmpUQdKIxHKqC62Uwp2ehFIjQBJxkyyf2s01b/tqugU62ktLMPOEuKWv634qh1a6RYASyydORYo80gT3A+1xfzIRs6/EXIl4yNtQvGlKQoH23M3FolVdPpcMAm05ezUETlp5NkpTKCGGQrwEQifPOwHM5pEi/JvTGlkQyjpfG5mMoCVFfXECpf94+MMt9sK/O9SNUWfNHFgGX4eTsya+w072tECFjXVHgDwzstRQLkh4241crKPgevMma145EWQKObrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uU+kMuFbjMiVR7iUygaCuiAvz23dInx42JV3EO9HgR0=; b=ILDVNzdlxF6nlQc5/9u7tPsVu4TVnOY96M14eMDw0UKtAAhG99jQ3wETz0gR7xwHXr5NVZk7xKytG1JFRCHC9TwMGR72DUlSFk88ql8Tgz2XfHLkS4DtEh1LS1VO0lYCbrfdBgCziZW3eDsj4inlsbnNj98KJwjtqKFZo5J9qSbc8Ey+RVtGeIWAmQtMVrxfEsfLnhC4iCCjtRF6qt1Z7sTc4ShiiNvcXPj+zKY1W719qCOXSI2ZfkAR7U2A7QC5O4zI/b1fnzt/kc8qhv6hVTswWqqqcFHpN2HqF9yQNgSs75so2hwk85AR2fT3YzYKfKyX7wixWnsHG4uGd4zD0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uU+kMuFbjMiVR7iUygaCuiAvz23dInx42JV3EO9HgR0=; b=Tfi2pBn+3dC7sK5Wyq9Soqehrgg59Q1a0IzeqkrhwhKy/NEKgGixuvCzlD/eLdcX+tMi+WQPJObzMBbGugY0jf0dypU3xP4IVHpOp+Xwao2e4a2R6cOl36hIPOwypno7X45jzpuIQYTUS2giRrGiUKzYDUa6sMJ2vkc6NiHSAgk= Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (2603:10a6:208:44::16) by AM0PR07MB6305.eurprd07.prod.outlook.com (2603:10a6:20b:15f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.9; Thu, 23 Apr 2020 06:54:47 +0000 Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::5c87:eedc:6e84:fd4%7]) with mapi id 15.20.2937.012; Thu, 23 Apr 2020 06:54:47 +0000 From: Miika Komu To: "iesg@ietf.org" , "kaduk@mit.edu" CC: "draft-ietf-hip-native-nat-traversal@ietf.org" , "hip-chairs@ietf.org" , Gonzalo Camarillo , "hipsec@ietf.org" Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) Thread-Index: AQHV8dqoVIydRk/JZUOi/WLKkTTa1qiGlHAA Date: Thu, 23 Apr 2020 06:54:47 +0000 Message-ID: <564252e5be5a2cba75ecbcaf19a96dbe2af36498.camel@ericsson.com> References: <158329494071.7765.9192526076932474796@ietfa.amsl.com> In-Reply-To: <158329494071.7765.9192526076932474796@ietfa.amsl.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2 authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com; x-originating-ip: [88.148.205.35] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0375e353-fe86-4c1c-7917-08d7e753364d x-ms-traffictypediagnostic: AM0PR07MB6305: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 03827AF76E x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(396003)(136003)(366004)(346002)(39860400002)(86362001)(316002)(8676002)(66476007)(66556008)(64756008)(66446008)(81156014)(91956017)(66946007)(966005)(478600001)(76116006)(110136005)(54906003)(8936002)(36756003)(4326008)(71200400001)(186003)(2616005)(5660300002)(30864003)(66574012)(44832011)(6506007)(6512007)(6486002)(2906002)(26005)(99106002)(579004); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Ets6+51LKS6d7h5u9mJA3+/YS6pFEtwbUIGynxuDqmfXHAcpzMAsdPwKiS2ViEt1BjOu7geZajaJygpty9G7X18EttFCb2/5/S/yPCK2tRYyrwZ6zmUzlhynQNhMWawE1B+tDkj4Ie8TYVDZs+bVqNgRvCaWxE4FGLEnN3BsXFe5vNUdT9XIegwjiEm9vbwQAArszhwE4ZBYwTPnirR9ZJ6Ts1M/cRKZhNdSjXwV8W3g2ysSHrwGnqgNdxATnFRc8jBCoXkpwsuZf1f0gKt/bJ3kbCbdj1n8ybjkkUS+9prVzbHcPyfgrO8peOYBkP4KOJa3CzgGQfZUn8whB0v6us4L4AbmKA3BHSiNIkxBD/e0oGATgt66OyIO2W5nLJBUy0zFXX9Shhc6lGcfwn/hdNMA2DeGqttlT8bKwo58kjhczHJ/pCNBJos7FsyMIoPR8D4exi9RZXeMQ1+rV7j/DaLXDE+4WV2LhPWERfhcmXXN0Qmh6f4a/Ju/KU7NuBLDSLNvqRlMECMQY+p3r/iUEpxma8kylQyQLV5BuR5Q58S02p9bn+Ar5cHE++UXefYf x-ms-exchange-antispam-messagedata: Ev9ONrIcTr6H/pPtJuApRwfHdHFfTqtQdubtVJb3/pIK4MRxD+yQ6gma+VCF/fvsINKOVG7VbfHhJ8F4IGCBRIddf0PFAjpwxI2S8btTLXleP6tu7W1LKXv8e0GeKiw3j1MUEcB3G2y58/9Ed1EJjpVNyMIOSFnCNrdm4X5eDnFg2lNdG8jXeojVdzV292NPgB1wgO3mleJIn54ayB/mEdJ/keV3han0trOvuY+aaVxMjU22PGs4UImZcKJUvS2Q9eJmGDvZnmcHdAL1ZyUqTskNTTws30A2zq3ccKzhYcQ8HL9gfU+if0esoxJ4I+TcFcj34xatpbbto1veKKyY0bGgQ7e8K6wCJDevgxA5zQxo+by6yuyGQlwqwPrl2ODvwdTLnkU3mtS1GiOIQ/O1J7JSbcCmD9X+yr2iP8EB2Epf1J61z8LWjmJ+HCG7CvE3h8PE+Q/+4dm+2v8eo13v8xBdg1L/VR74KTaLF8yP8R8jh05skwtpht7JH2SucLPXeyec/bX3x2Few/8TLEM/KXKTkJT6AciaY3oxLPeMWNaIFT3jP7qHhwVXw262eSm/jq1NkHEXUFr1Roex+5WbivriB+ztdIh8CkNnsS8jlkIMm1aPwVwBAm7aO0dCT7ZZyOtWljoQM0rhOCQ4AssRUJ59emnbdpOO/kH3/DIBihRx8tzfMQpUXlcR9Yb6IubV/zez0E2+ryb6JsIhPaNnQ1xb9cymZmLyBuu+LyWLCTcFzJoTsSzlCwx/7dfLs2VFGwRWf64XU9UGQ5y6uiE9DYnjRwHMXyxpE6re5DYxFPM= Content-Type: text/plain; charset="utf-8" Content-ID: <1FD55F41BE31AB4992FB850CEA2278CB@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0375e353-fe86-4c1c-7917-08d7e753364d X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2020 06:54:47.4743 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: OEGOvd5kNV+OtkRgKtW446U8RdqENHbdvW9Hkq6GXJpaiuVhRDhJlgrGd5HEgzGtAvAf1TZQp5Qf/xcZkWixyQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6305 Archived-At: Subject: Re: [Hipsec] Benjamin Kaduk's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT) X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 06:54:53 -0000 SGkgQmVuamFtaW4sDQoNCnRpLCAyMDIwLTAzLTAzIGtlbGxvIDIwOjA5IC0wODAwLCBCZW5qYW1p biBLYWR1ayB2aWEgRGF0YXRyYWNrZXINCmtpcmpvaXR0aToNCj4gQmVuamFtaW4gS2FkdWsgaGFz IGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQo+IGRyYWZ0LWlldGYt aGlwLW5hdGl2ZS1uYXQtdHJhdmVyc2FsLTMwOiBEaXNjdXNzDQo+IA0KPiBXaGVuIHJlc3BvbmRp bmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwN Cj4gZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVs IGZyZWUgdG8gY3V0DQo+IHRoaXMNCj4gaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4p DQo+IA0KPiANCj4gUGxlYXNlIHJlZmVyIHRvIA0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9pZXNn L3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4gZm9yIG1vcmUgaW5mb3JtYXRpb24g YWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCj4gDQo+IA0KPiBUaGUg ZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5k IGhlcmU6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtaGlw LW5hdGl2ZS1uYXQtdHJhdmVyc2FsLw0KPiANCj4gDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IC0tLQ0K PiBESVNDVVNTOg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IC0tLQ0KPiANCj4gT25lIGZhaXJseSBtaW5vciBw b2ludCB0byBzdGFydDogU2VjdGlvbiA0LjMgc2F5cyB0aGF0IHdlIGRlZmluZSBhDQo+IG5ldw0K PiBtb2RlIChJQ0UtSElQLVVEUCkgZm9yIHRoZSBOQVRfVFJBVkVSU0FMX01PREUgcGFyYW1ldGVy IHR5cGUsIGJ1dA0KPiB0aGVuDQo+IGdvZXMgb24gdG8gc2F5IHRoYXQgInRoZSBwcmVzZW5jZSBv ZiB0aGUgcGFyYW1ldGVyIGluIGEgSElQIGJhc2UNCj4gZXhjaGFuZ2UgbWVhbnMgdGhhdCB0aGUg ZW5kLWhvc3Qgc3VwcG9ydHMgTkFUIHRyYXZlcnNhbCBleHRlbnNpb25zDQo+IGRlZmluZWQgaW4g dGhpcyBkb2N1bWVudCIuICBJZiBJIHVuZHJlc3RhbmQgY29ycmVjdGx5LCBvbmx5IHRoZQ0KPiBz cGVjaWZpYw0KPiBwcmVzZW5jZSBvZiB0aGUgSUNFLUhJUC1VRFAgbW9kZSBvZiB0aGUgTkFUX1RS QVZFUlNBTF9NT0RFIHBhcmFtZXRlcg0KPiBkb2VzIHNvLCBhbmQgc28gdG8gc2F5IHRoYXQgdGhl IHByZXNlbmNlIG9mICJ0aGUgW05BVF9UUkFWRVJTQUxfTU9ERV0NCj4gcGFyYW1ldGVyIiBpbmRp Y2F0ZXMgc3VwcG9ydCBmb3IgdGhpcyBkb2N1bWVudCB3b3VsZCBiZSBiYWNrd2FyZHMNCj4gaW5j b21wYXRpYmxlIHdpdGggUkZDIDU3NzAuDQo+IA0KPiBJJ2QgYWxzbyBsaWtlIHRvIGRlbHZlIGEg bGl0dGxlIGZ1cnRoZXIgaW50byB0aGUgcG90ZW50aWFsDQo+ICJjcm9zcy1wcm90b2NvbCIgYXR0 YWNrIChzYW1lIHByb3RvY29sLCByZWFsbHksIGJ1dCB0aGUgc2FtZSBhdHRhY2spDQo+IHRoYXQg RWtyIHJhaXNlZCwgYmV0d2VlbiBSVlNfSE1BQyBhbmQgUkVMQVlfSE1BQy4gIFRoaXMgaXMgcHJv YmFibHkgYQ0KPiAiZGlzY3VzcyBkaXNjdXNzIiwgc28gbGV0J3Mgc2VlIHdoZXJlIGl0IGxlYWRz Li4uDQo+IA0KPiBUaGUgc2VtYW50aWNzIGZvciBlaXRoZXIgdHlwZSBvZiBITUFDIGlzIHRoYXQg aXQgaXMgYW4gSE1BQyBvdmVyIHRoZQ0KPiBISVANCj4gcGFja2V0IGV4Y2x1ZGluZyBpdHNlbGYg YW5kIHN1YnNlcXVlbnQgcGFyYW1ldGVycy4gIFB1bGxpbmcgdXAgdGhlDQo+IEhJUA0KPiBwYWNr ZXQgZm9ybWF0IGZyb20gUkZDIDc0MDEsIHRoYXQgbG9va3MgbGlrZToNCj4gDQo+ICAgICAwICAg ICAgICAgICAgICAgICAgIDEgICAgICAgICAgICAgICAgICAgMiAgICAgICAgICAgICAgICAgICAz DQo+ICAgICAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMgNCA1IDYgNyA4IDkgMCAxIDIgMyA0 IDUgNiA3IDggOSAwIDENCj4gICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNCj4gICAgfCBOZXh0IEhlYWRlciAgIHwgSGVh ZGVyIExlbmd0aCB8MHwgUGFja2V0IFR5cGUgfFZlcnNpb258IFJFUy58MXwNCj4gICAgKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r LSsNCj4gICAgfCAgICAgICAgICBDaGVja3N1bSAgICAgICAgICAgICB8ICAgICAgICAgICBDb250 cm9scyAgICAgICAgICAgIHwNCj4gICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNCj4gICAgfCAgICAgICAgICAgICAgICBT ZW5kZXIncyBIb3N0IElkZW50aXR5IFRhZyAoSElUKSAgICAgICAgICAgICAgIHwNCj4gICAgfCAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHwNCj4gICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHwNCj4gICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwNCj4gICAgKy0rLSstKy0rLSstKy0r LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNCj4gICAg fCAgICAgICAgICAgICAgIFJlY2VpdmVyJ3MgSG9zdCBJZGVudGl0eSBUYWcgKEhJVCkgICAgICAg ICAgICAgIHwNCj4gICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHwNCj4gICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwNCj4gICAgfCAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwNCj4g ICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSsNCj4gICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHwNCj4gICAgLyAgICAgICAgICAgICAgICAgICAgICAg IEhJUCBQYXJhbWV0ZXJzICAgICAgICAgICAgICAgICAgICAgICAgIC8NCj4gICAgLyAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC8N Cj4gICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHwNCj4gICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNCj4gDQo+IFRoZSBITUFDIGtleSBpcyB0aGUg aW50ZWdyaXR5IGtleSBmb3IgdGhhdCBkaXJlY3Rpb24gb2YgdHJhZmZpYw0KPiBiZXR3ZWVuDQo+ IEhJVHMsIHNvIHRoZSAiY3Jvc3MtcHJvdG9jb2wiIHBhcnQgY2FuIG9ubHkgY29tZSBpbiBieSBj b25mdXNpbmcgdGhlDQo+IHBhY2tldCByZWNpcGllbnQgaW50byBjb25mdXNpb24gYXMgdG8gd2hl dGhlciBpdCBpcyBwcm9jZXNzaW5nIGFuDQo+IFJWU19ITUFDIG9yIGEgUkVMQVlfSE1BQyAoYnV0 IGFueSBvdGhlciBlbnRpdHkgd2lsbCByZWplY3QgdGhlIHBhY2tldA0KPiBieQ0KPiB2aXJ0dWUg b2YgaXQgdXNpbmcgdGhlIHdyb25nIGtleSkuICBNb2Rlcm4gYmVzdCBwcmFjdGljZXMgYXJlIHRv IGdvDQo+IHRocm91Z2ggYSBrZXkgZGVyaXZhdGlvbiBzdGVwIHRoYXQgaW5jb3Jwb3JhdGVzIGFz IG11Y2ggaW5mb3JtYXRpb24NCj4gYXMNCj4gcG9zc2libGUgYWJvdXQgd2hhdCB0aGUgZGVyaXZl ZCBrZXkgd2lsbCBiZSB1c2VkIGZvciwgd2hpY2ggd291bGQgaW4NCj4gdGhpcyBjYXNlIGluY2x1 ZGUgdGhlIFRMViB0eXBlIG9mIHRoZSBITUFDIHBhcmFtZXRlciBhbmQgcHJlc3VtYWJseQ0KPiB0 aGUNCj4gSElUcyBpbiBxdWVzdGlvbiBhcyB3ZWxsLg0KPiANCj4gSW4gcGFydGljdWxhciwgdGhl IFRMViB0eXBlIG9mIHRoZSBITUFDIHBhcmFtZXRlciBpcyAqbm90KiBpbnB1dCBpbnRvDQo+IHRo ZSBITUFDIGNhbGN1bGF0aW9uIChhdCBsZWFzdCBmb3IgUlZTX0hNQUMpLCBzbyB0aGUgdHJpdmlh bA0KPiBkaXNjcmltaW5hdG9yIGlzIG5vdCBwcmVzZW50LiAgVGhlICJwYWNrZXQgdHlwZSIgaW4g dGhlIGhlYWRlciBpbiB0aGUNCj4gaGVhZGVyIGlzIHBvdGVudGlhbGx5IGdvaW5nIHRvIGRpZmZl ciBhY3Jvc3MgdXNhZ2VzLCBzbyBJIHRoaW5rDQo+IHRoYXQncyBhDQo+IGdvb2QgcGxhY2UgdG8g Zm9jdXMgZGlzY3Vzc2lvbi4gIFVuZm9ydHVuYXRlbHksIFNlY3Rpb24gNC4yLjEgb2YgUkZDDQo+ IDgwMDQgc3VnZ2VzdHMgdGhhdCBSVlNfSE1BQyBpcyBnb2luZyB0byBiZSBwcmVzZW50IGEgbG90 IG9mIHRoZSB0aW1lLA0KPiBzbw0KPiBpdCdzIG5vdCByZWFsbHkgY2xlYXIgdG8gbWUgd2hhdCBw YWNrZXQgdHlwZXMgZWl0aGVyIFJWU19ITUFDIGFuZC9vcg0KPiBSRVBMQVlfSE1BQyBhcmUgZXhw ZWN0ZWQgdG8gb2NjdXIgaW4uICBDb3VsZCBhIEhJUCBleHBlcnQgcGxlYXNlIGp1bXANCj4gaW4N Cj4gYW5kIGhlbHAgY2xhcmlmeT8NCg0KbGV0J3MgaXRlcmF0ZSB0aGlzIGZ1cnRoZXIuIEkgdGhp bmsgdGhlIHNlY3VyaXR5IGNvbmNlcm4gaGVyZSBpcw0KZ2VuZXJpYyBidXQgbm8gc3BlY2lmaWMg YXR0YWNrIHNjZW5hcmlvLiBBdCB0aGlzIHBvaW50IG9mDQpzdGFuZGFyZGl6YXRpb24sDQpJIGFt IGJpdCBoZXNpdGFudCB0byBkbyBhbnkgZHJhc3RpYyBjaGFuZ2VzIHRvIHRoaXMgdW5sZXNzIHRo ZXJlIGlzDQpzb21lDQpjbGVhciBhdHRhY2suDQoNClNvIHRoZSBwYXJhbWV0ZXJzIGNhbiBiZSBp biB0aGUgZm9sbG93aW5nIG1lc3NhZ2VzOg0KDQoqIFJFTEFZX0hNQUMgcGFyYW1ldGVyIGNhbiBi ZSBpbiBJMSBvciBJMiwgVVBEQVRFIG9yIENMT1NFIG1lc3NhZ2UNCiogUlZTX0hNQUMgcGFyYW1l dGVyIGNhbiBiZSBpbiBJMSAob3IgVVBEQVRFKQ0KDQpSZWxheSBvciBSVlMgc2VydmVyIGFwcGVu ZHMgdGhlIGNvcnJlc3BvbmRpbmcgcGFyYW1ldGVyIHdoZW4gaXQgcGFzc2VzDQphIHBhY2tldCB0 byBhDQpyZWdpc3RlcmVkIGNsaWVudCAodGhlIHJldmVyc2UgZG9lcyBub3QgYXBwbHkpIGFzIGZv bGxvd3M6DQoNCiAgICAgIDEuIE1TRyAgICAgICAgICAgICAgICAgIDIuIE1TRytITUFDDQpQZWVy IC0tLS0tPiBSVlMvIENvbnRyb2wgUmVsYXkgLS0tLS0tPiBSVlMvQ29udHJvbCBSZWxheSBDbGll bnQNCg0KSSBkb24ndCBzZWUgaG93IHRoZSBwZWVyIGF0dGFja2VyIGNvdWxkIGJlbmVmaXQsIGUu Zy4sIGJ5IHJlcGxheWluZw0KdGhvc2UgcGFja2V0cyBhbmQgdHJ5aW5nIHRvIGNvbmZ1c2UgdGhl IHJ2cy9yZWxheSBjbGllbnQgYWJvdXQgd2hldGhlcg0KaXQgd2FzIFJWUyBvciBSRUxBWSBITUFD Lg0KDQpBIGNsaWVudCBtaWdodCByZWdpc3RlciBib3RoIHRvIFJWUyBhbmQgQ29udHJvbCBSZWxh eSBzZXJ2aWNlIGZvciB0aGUNCnNhbWUgSElQIG1pZGRsZWJveC4gSG93ZXZlciwgaWYgdGhlIHBl ZXIgdGhlIGFib3ZlIGZpZ3VyZSBpbml0aWF0ZXMgYQ0KYmFzZSBleGNoYW5nZSB3aXRoIEkxIG1l c3NhZ2Ugb3ZlciBVRFAsIHRoZW4geW91IGdldCBDb250cm9sIFJlbGF5DQpmdW5jdGlvbmFsaXR5 IGZvciB0aGUgcmVtYWluZGVyIG9mIHRoZSBzZXNzaW9uLiBJZiB0aGUgcGVlciBzZW5kcyB0aGUN CkkxIG1lc3NhZ2Ugd2l0aG91dCBVRFAgZW5jYXBzdWxhdGlvbiwgdGhlIHJlbWFpbmRlciBvZiB0 aGUgc2Vzc2lvbiB3aWxsDQplbXBsb3kgUlZTLiBBbmQgeW91IGNhbm5vdCBzd2l0Y2ggZnJvbSBu b24tVURQIG1vZGUgdG8gVURQIG9yIHZpY2UNCnZlcnNhLg0KDQpTbyBwZXJoYXBzIHRoZSBwcm9i bGVtIG1pZ2h0IGEgInJvZ3VlIiBpbXBsZW1lbnRhdGlvbiBvZmZlcmluZyBib3RoIFJWUw0KYW5k IENvbnRyb2wgUmVsYXkgc2VydmljZSBvdmVyIFVEUC4gVG8gbWFrZSBzdXJlIHRoaXMgaXMgbm90 DQphY2NlcHRhYmxlLCBJIGhhdmUgYWRkZWQgdGhlIGZvbGxvd2luZyBzdGF0ZW1lbnQgaW4gdGhl IGVuZCBvZiB0aGUNCmZvbGxvd2luZyBzZWN0aW9uOg0KDQo0LjEuICBSZWxheSBSZWdpc3RyYXRp b24NCg0KICAgWy4uXQ0KDQogICBUbyBhdm9pZCBjcm9zcy1wcm90b2NvbCBhdHRhY2tzIGFzc29j aWF0ZWQgd2l0aCBSRUxBWV9ITUFDIGFuZA0KICAgUlZTX0hNQUMsIGEgQ29udHJvbCBSZWxheSBT ZXJ2ZXIgTVVTVCBOT1Qgb2ZmZXIgUkVOREVaVk9VUw0KICAgcmVnaXN0cmF0aW9uIHNlcnZpY2Ug W1JGQzgwMDRdIHRvIGFueSBDb250cm9sIFJlbGF5IENsaWVudC4NCg0KRG9lcyB0aGlzIGFkZHJl c3MgeW91ciBjb25jZXJuPw0KDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gLS0tDQo+IENPTU1FTlQ6DQo+IC0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0NCj4gLS0tDQo+IA0KPiBbTXkgbGF0ZXN0IHJlcGx5IHRvIHRoZSBiYWxsb3QgdGhy ZWFkIGZvciBteSBwcmV2aW91cyBiYWxsb3QNCj4gcG9zaXRpb24sDQo+IA0KaHR0cHM6Ly9tYWls YXJjaGl2ZS5pZXRmLm9yZy9hcmNoL21zZy9oaXBzZWMvaVBfb2YzUDJSZnhKSWJlVkR6MnFHb25P OG5ZLw0KPiAsIHNlZW1zIHRvIGhhdmUgbm90IGdvdHRlbiBhIHJlc3BvbnNlXQ0KDQpJIGRpZDoN Cg0KDQpodHRwczovL21haWxhcmNoaXZlLmlldGYub3JnL2FyY2gvbXNnL2hpcHNlYy8zOEwzX3NL d09QSUpzLW90RlViZWx5ekV3QW8vDQoNCj4gV2h5IGRpZCBzb21lIHJmYzUyNDViaXMgcmVmZXJl bmNlcyBnZXQgY29udmVydGVkIHRvIFJGQzUyNDUgYW5kDQo+IG90aGVycw0KPiB0byBSRkM4NDQ1 Pw0KDQpUaGUgZmlyc3QgYW5kIG9ubHkgUkZDNTI0NSByZWZlcmVuY2UgaXMgYXNzb2NpYXRlZCB3 aXRoIFJGQzU3NzAuDQpUaGlzIGlzIGNvcnJlY3QgYmVjYXVzZSBSRkM4NDQ1IGRpZCBub3QgZXhp c3QgYmFjayB3aGVuIFJGQzU3NzAgd2FzDQpwdWJsaXNoZWQuDQoNCj4gVGhlIHBocmFzZSAiQ29u dHJvbCBEYXRhIFJlbGF5IiBvY2N1cnMganVzdCBmaXZlIHRpbWVzIGluIHRoZQ0KPiBkb2N1bWVu dA0KPiAodnMuIG92ZXIgYSBodW5kcmVkIGZvciAiQ29udHJvbCBSZWxheSIpIGFuZCBzZWVtcyB0 byBuZWVkbGVzc2x5DQo+IGNvbmZsYXRlICJDb250cm9sIFJlbGF5IiBhbmQgIkRhdGEgUmVsYXki LiAgSSdkIHN1Z2dlc3QgcmV3b3JkaW5nIHRvDQo+IGF2b2lkIHRoaXMgcGhyYXNlLg0KDQpnb29k IGNhdGNoLiBObyBzdWNoIHRoaW5nIGFzICJDb250cm9sIERhdGEgUmVsYXkiLiBUaGlzIHNob3Vs ZCBiZQ0KIkNvbnRyb2wgUmVsYXkgU2VydmVyIiBpbiBhbGwgYnV0IHRoZSBmaXJzdCBjYXNlIHRo YXQgSSBjaGFuZ2VkIGFzDQpmb2xsb3dzOg0KDQotIFRoZSBSZWxheSBDbGllbnQgcmVnaXN0ZXJz IGZvciB0aGUgQ29udHJvbCBEYXRhIFJlbGF5DQorIFRoZSBSZWxheSBDbGllbnQgcmVnaXN0ZXJz IGZvciB0aGUgQ29udHJvbC9EYXRhIFJlbGF5DQoNCj4gQWJzdHJhY3QNCj4gDQo+ICAgIGFuZCBV RFAgZW5jYXBzdWxhdGlvbiBvZiBkYXRhIGFuZCBzaWduYWxpbmcgdHJhZmZpYy4gIFRoZSBtYWlu DQo+ICAgIGRpZmZlcmVuY2UgZnJvbSB0aGUgcHJldmlvdXNseSBzcGVjaWZpZWQgbW9kZXMgaXMg dGhlIHVzZSBvZiBISVANCj4gICAgbWVzc2FnZXMgaW5zdGVhZCBvZiBJQ0UgZm9yIGFsbCBOQVQg dHJhdmVyc2FsIHByb2NlZHVyZXMgZHVlIHRvDQo+IGl0cw0KPiAgICBrZXJuZWwtc3BhY2UgZGVw ZW5kZW5jaWVzLg0KPiANCj4gSXQgbWlnaHQgYmUgd29ydGggZGlzYW1iaWd1YXRpbmcgd2hhdCAi aXRzIiByZWZlcnMgdG8uDQoNCnRoaXMgaXMgbm93IGNoYW5nZWQgbm93IHRvICIuLi5kdWUgdG8g dGhlIGtlcm5lbC1zcGFjZSBkZXBlbmRlbmNpZXMgb2YNCkhJUCIuDQoNCj4gU2VjdGlvbiAxDQo+ IA0KPiAgICBtZXNzYWdlcyB0dW5uZWxlZCBvdmVyIGEgc2luZ2xlIFVEUCBmbG93LiAgVGhlIGJl bmVmaXQgb2YgdXNpbmcNCj4gSUNFDQo+ICAgIGFuZCBpdHMgU1RVTi9UVVJOIG1lc3NhZ2luZyBm b3JtYXRzIGlzIHRoYXQgb25lIGNhbiByZS11c2UgdGhlIE5BVA0KPiAgICB0cmF2ZXJzYWwgaW5m cmFzdHJ1Y3R1cmUgYWxyZWFkeSBhdmFpbGFibGUgaW4gdGhlIEludGVybmV0LCBzdWNoDQo+IGFz DQo+ICAgIFNUVU4gYW5kIFRVUk4gc2VydmVycy4gIEFsc28sIHNvbWUgbWlkZGxlYm94ZXMgbWF5 IGJlIFNUVU4tYXdhcmUNCj4gYW5kDQo+ICAgIG1heSBiZSBhYmxlIHRvIGRvIHNvbWV0aGluZyAi c21hcnQiIHdoZW4gdGhleSBzZWUgU1RVTiBiZWluZyB1c2VkDQo+IGZvcg0KPiAgICBOQVQgdHJh dmVyc2FsLg0KPiANCj4gRG9uJ3Qgd2UgZ28gb24gdG8gc2F5IHRoYXQgd2UgY2FuJ3QgYWN0dWFs bHkgdXNlIHN0b2NrIFRVUk4NCj4gaW5mcmFzdHJ1Y3R1cmUgc2luY2Ugd2UnZCBuZWVkIGV4dHJh IGVuY2Fwc3VsYXRpb24gZm9yIHRoZSBISVAgYml0cz8NCg0KSSBhbSBub3Qgc3VyZSBob3cgdG8g Zml0IHRoaXMgZGV0YWlsIGZsdWVudGx5IGhlcmUgdG8gdGhlIHRleHQgYnV0DQpBcHBlbmRpeCBC LiBhbHJlYWR5IGFscmVhZHkgbWVudGlvbnMgdGhpczoNCg0KIlJlbGF5aW5nIG9mIEVTUCBwYWNr ZXRzIHZpYSBUVVJOIHJlbGF5cyB3YXMgbm90IGNvbnNpZGVyZWQgdGhhdCBzaW1wbGUNCmJlY2F1 c2UgVFVSTiByZWxheXMgcmVxdWlyZSBhZGRpbmcgYW5kIHJlbW92aW5nIGV4dHJhIFRVUk4gZnJh bWluZyBmb3INCnRoZSByZWxheWVkIHBhY2tldHMuIg0KDQo+IFNlY3Rpb24gMg0KPiANCj4gICAg SElQIG9mZmVyOg0KPiAgICAgICBCZWZvcmUgdHdvIGVuZC1ob3N0cyBjYW4gZXN0YWJsaXNoIGEg Y29tbXVuaWNhdGlvbiBjaGFubmVsDQo+IHVzaW5nDQo+ICAgICAgIHRoZSBOQVQgdHJhdmVyc2Fs IHByb2NlZHVyZXMgZGVmaW5lZCBpbiB0aGlzIGRvY3VtZW50LCB0aGV5DQo+IG5lZWQNCj4gICAg ICAgZXhjaGFuZ2UgdGhlaXIgbG9jYXRvcnMgKGkuZS4gY2FuZGlkYXRlcykgd2l0aCBlYWNoIG90 aGVyLiAgSW4NCj4gICAgICAgSUNFLCB0aGlzIHByb2NlZHVyZSBpcyBjYWxsZWQgQ2FuZGlkYXRl IEV4Y2hhbmdlIGFuZCBpdCBkb2VzDQo+ICAgICAgIHNwZWNpZnkgaG93IHRoZSBjYW5kaWRhdGVz IGFyZSBleGNoYW5nZWQgYnV0IFNlc3Npb24NCj4gRGVzY3JpcHRpb24NCj4gDQo+IG5pdDogcy9k b2VzIHNwZWNpZnkvZG9lcyBub3Qgc3BlY2lmeS8NCg0KdGhhbmtzLCBmaXhlZC4NCg0KPiAgICAg ICBoYW5kb3Zlci4gIEZvbGxvd2luZyBbUkZDNTc3MF0gYW5kIFNlc3Npb24gRGVzY3JpcHRpb24g UHJvdG9jb2wNCj4gICAgICAgKFNEUCkgW1JGQzMyNjRdIG5hbWluZyBjb252ZW50aW9ucywgIkhJ UCBvZmZlciIgaXMgdGhlIHRoZQ0KPiANCj4gbml0OiB3ZSBqdXN0IGV4cGFuZGVkIFNEUCBhIGZl dyBsaW5lcyBwcmV2aW91c2x5OyB3ZSBwcm9iYWJseSBkb24ndA0KPiBuZWVkDQo+IHRvIGRvIGl0 IGFnYWluLg0KDQp0aGFua3MsIGZpeGVkLg0KDQo+IFNlY3Rpb24gMw0KPiANCj4gICAgY29ubmVj dGVkIHRvIHRoZSBwdWJsaWMgSW50ZXJuZXQuICBUbyBiZSBjb250YWN0ZWQgZnJvbSBiZWhpbmQg YQ0KPiBOQVQsDQo+ICAgIGF0IGxlYXN0IHRoZSBSZXNwb25kZXIgbXVzdCBiZSByZWdpc3RlcmVk IHdpdGggaXMgb3duIENvbnRyb2wNCj4gUmVsYXkNCj4gICAgU2VydmVyIHJlYWNoYWJsZSBvbiB0 aGUgcHVibGljIEludGVybmV0LiAgVGhlIFJlc3BvbmRlciBtYXkgaGF2ZQ0KPiBhbHNvDQo+IA0K PiBuaXQ6ICJpcyBvd24iIGlzIG5vdCByaWdodDsgSSdtIG5vdCBzdXJlIHdoZXRoZXIgImhpcyBv d24iIG9yICJpdHMNCj4gb3duIg0KPiB3YXMgaW50ZW5kZWQgKGJ1dCB0aGUgImEgQ29udHJvbCBS ZWxheSBTZXJ2ZXIgaW4gdGhlIC0yOCBkaWRuJ3Qgc2VlbQ0KPiB3cm9uZyB0byBtZSBlaXRoZXIp Lg0KDQpjaGFuZ2VkIHRvICJhIENvbnRyb2wgUmVsYXkgU2VydmVyIg0KDQo+IFNlY3Rpb24gNC4x DQo+IA0KPiAgICBJbiBzdGVwIDMsIHRoZSBSZWxheSBDbGllbnQgc2VsZWN0cyB0aGUgc2Vydmlj ZXMgZm9yIHdoaWNoIGl0DQo+ICAgIHJlZ2lzdGVycyBhbmQgbGlzdHMgdGhlbSBpbiB0aGUgUkVH X1JFUSBwYXJhbWV0ZXIuICBUaGUgUmVsYXkNCj4gQ2xpZW50DQo+ICAgIHJlZ2lzdGVycyBmb3Ig dGhlIENvbnRyb2wgRGF0YSBSZWxheSBzZXJ2aWNlIGJ5IGxpc3RpbmcgdGhlDQo+ICAgIFJFTEFZ X1VEUF9ISVAgdmFsdWUgaW4gdGhlIHJlcXVlc3QgcGFyYW1ldGVyLiAgSWYgdGhlIFJlbGF5IENs aWVudA0KPiAgICByZXF1aXJlcyBhbHNvIEVTUCByZWxheWluZyBvdmVyIFVEUCwgaXQgbGlzdHMg YWxzbyBSRUxBWV9VRFBfRVNQLg0KPiANCj4gKFRoaXMgaXMgb25lIG9mIHRoZSBmaXZlICJDb250 cm9sIERhdGEgUmVsYXkicyBJIG1lbnRpb24gcHJldmlvdXNseS4pDQo+IEknZCBzdWdnZXN0IHVz aW5nICJEYXRhIFJlbGF5IFNlcnZpY2UiIGluIGNvbWJpbmF0aW9uIHdpdGgNCj4gUkVMQVlfVURQ X0VTUA0KPiB0byByZWluZm9yY2UgdGhlIGxpbmsgYmV0d2VlbiB0aGUgdHdvIHRlcm1zLiAgVGhl IGN1cnJlbnQgIm1peCBhbmQNCj4gbWF0Y2giIG9mICJDb250cm9sIFsuLi5dIFJlbGF5IiBhbmQg IlJFTEFZX1VEUF9FU1AiIHJlcXVpcmVzIG1vcmUNCj4gZWZmb3J0DQo+IHRvIHVuZGVyc3RhbmQg dGhhbiB1c2luZyBhIHVuaWZvcm0gc2V0IG9mIHRlcm1pbm9sb2d5IHdvdWxkLg0KDQphcyBtZW50 aW9uZWQgZWFybGllciwgIkNvbnRyb2wgRGF0YSBSZWxheSIgc2hvdWxkIGhhdmUgYmVlbg0KIkNv bnRyb2wgUmVsYXkiIGhlcmU6DQoNCiAgIFRoZSBSZWxheSBDbGllbnQNCiAgIHJlZ2lzdGVycyBm b3IgdGhlIENvbnRyb2wgUmVsYXkgc2VydmljZSBieSBsaXN0aW5nIHRoZSBSRUxBWV9VRFBfSElQ DQogICB2YWx1ZSBpbiB0aGUgcmVxdWVzdCBwYXJhbWV0ZXIuICBJZiB0aGUgUmVsYXkgQ2xpZW50 IHJlcXVpcmVzIGFsc28NCiAgIEVTUCByZWxheWluZyBvdmVyIFVEUCwgaXQgbGlzdHMgYWxzbyBS RUxBWV9VRFBfRVNQLg0KDQpJIHRoaW5rIHRoZSByZWluZm9yY2VtZW50IGxpbmsgaXMgbm93IHRo ZXJlPw0KDQo+ICAgIEVDSE9fUkVRVUVTVF9TSUdORUQgLiBJbiBjYXNlIHRoZSBEYXRhIFJlbGF5 IFNlcnZlciBhZG1pdHRlZCBhIG5ldw0KPiAgICByZWxheWVkIFVEUCBwb3J0IGZvciB0aGUgRGF0 YSBSZWxheSBDbGllbnQsIHRoZSBSRUdfUkVTIHBhcmFtZXRlcg0KPiAgICBNVVNUIGxpc3QgUkVM QVlfVURQX0VTUCBhcyBhIHNlcnZpY2UgYW5kIHRoZSBVUERBVEUgbWVzc2FnZSBNVVNUDQo+IGFs c28NCj4gICAgaW5jbHVkZSBhIFJFTEFZRURfQUREUkVTUyBwYXJhbWV0ZXIgZGVzY3JpYmluZyB0 aGUgcmVsYXllZCBVRFANCj4gcG9ydC4NCj4gDQo+IG5pdDogImFkbWl0dGVkIiBpcyBhIHN1cnBy aXNpbmcgd29yZCBjaG9pY2UsIHRvIG1lLg0KDQpjaGFuZ2VkIHRvICJhbGxvY2F0ZWQiDQoNCj4g U2VjdGlvbiA0LjINCj4gDQo+ICAgIGxvY2FsIHByZWZlcmVuY2UgdmFsdWUgTVVTVCBiZSB1bmlx dWUuICBEdWFsLXN0YWNrIGNvbnNpZGVyYXRpb25zDQo+IGZvcg0KPiAgICBJUHY2IGFwcGx5IGFs c28gaGVyZSBhcyBkZWZpbmVkIGluIFtSRkM4NDQ1XSBpbiBzZWN0aW9uIDUuMS4yLjIuDQo+IA0K PiBJdCBsb29rcyBsaWtlIHRoaXMgc2hvdWxkIGJlIDUuMS4yLjEsIG5vdCA1LjEuMi4yLg0KDQpn b29kIGNhdGNoLCBjb3JyZWN0ZWQgKHRoZSBzZWN0aW9uIG51bWJlcmluZyBjaGFuZ2VkIGluIHNv bWUgSUNFLWJpcw0KdmVyc2lvbikNCg0KPiAgICB3aGVyZSBUYSBpcyB0aGUgdmFsdWUgdXNlZCBm b3IgdGhlIGNvbm5lY3Rpdml0eSBjaGVjayBwYWNpbmcgYW5kDQo+IE51bS0NCj4gICAgT2YtQ2Fu ZHMgaXMgdGhlIHN1bSBvZiBzZXJ2ZXItcmVmbGV4aXZlIGFuZCByZWxheSBjYW5kaWRhdGVzLiAg QQ0KPiAgICBzbWFsbGVyIHZhbHVlIHRoYW4gNTAwIG1zIGZvciB0aGUgUlRPIE1VU1QgTk9UIGJl IHVzZWQuDQo+IA0KPiBuaXQ6IEkgZG9uJ3QgdGhpbmsgYWRkaXRpb24gaXMgZGVmaW5lZCBvbiAo c2V0LW9mLXNlcnZlci1yZWZsZXhpdmUNCj4gY2FuZGlkYXRlcywgc2V0LW9mLXJlbGF5IGNhbmRp ZGF0ZXMpOyBwcmVzdW1hYmx5IHRoZXJlJ3Mgc29tZSBtaXNzaW5nDQo+ICJudW1iZXIgb2YicyBo ZXJlLg0KDQpJIGNoYW5nZWQgdGhpcyBhcyBmb2xsb3dzOg0KDQoiTnVtLU9mLUNhbmRzIGlzIHRo ZSBudW1iZXIgb2Ygc2VydmVyLXJlZmxleGl2ZSBhbmQgcmVsYXkgY2FuZGlkYXRlcy4iDQoNCj4g U2VjdGlvbiA0LjMNCj4gDQo+ICAgIEluIHN0ZXAgNCwgdGhlIFJlc3BvbmRlciBjb25jbHVkZXMg dGhlIGJhc2UgZXhjaGFuZ2Ugd2l0aCBhbiBSMg0KPiAgICBwYWNrZXQuICBJZiB0aGUgSW5pdGlh dG9yIGNob3NlIElDRSBOQVQgdHJhdmVyc2FsIG1vZGUsIHRoZQ0KPiBSZXNwb25kZXINCj4gDQo+ IG5pdCg/KTogcy9JQ0UgTkFUL0lDRS1ISVAtVURQLz8NCg0KdGhhbmtzLCBjb3JyZWN0ZWQgYXMg c3VnZ2VzdGVkLg0KDQo+IFNlY3Rpb24gNC41DQo+IA0KPiAgICByZXBlYXRlZCBoZXJlLiAgU2lt aWxhcmx5LCB0aGUgTkFUIHRyYXZlcnNhbCBtb2RlIG5lZ290aWF0aW9uDQo+IHByb2Nlc3MNCj4g ICAgKGRlbm90ZWQgYXMgTkFUX1RNIGluIHRoZSBleGFtcGxlKSB3YXMgZGVzY3JpYmVkIGluIFNl Y3Rpb24gNC4zDQo+IGFuZA0KPiAgICBpcyBuZWl0aGVyIHJlcGVhdGVkIGhlcmUuICBJZiBhIENv bnRyb2wgUmVsYXkgU2VydmVyIHJlY2VpdmVzIGFuDQo+IFIxDQo+IA0KPiBuaXQ6IEFGQUlLIHRo aXMgaXMgbm90IGEgY29ycmVjdCB1c2FnZSBvZiAibmVpdGhlciIuDQoNCkNoYW5nZWQgdG8gImFu ZCBpcyBhbHNvIG5vdCByZXBlYXRlZCINCg0KPiAgICBJdCBpcyBSRUNPTU1FTkRFRCB0aGF0IHRo ZSBJbml0aWF0b3Igc2VuZCBhbiBJMSBwYWNrZXQNCj4gZW5jYXBzdWxhdGVkDQo+ICAgIGluIFVE UCB3aGVuIGl0IGlzIGRlc3RpbmVkIHRvIGFuIElQdjQgYWRkcmVzcyBvZiB0aGUgUmVzcG9uZGVy Lg0KPiANCj4gICAgUmVzcGVjdGl2ZWx5LCB0aGUgUmVzcG9uZGVyIE1VU1QgcmVzcG9uZCB0byBz dWNoIGFuIEkxIHBhY2tldCB3aXRoDQo+IGENCj4gICAgVURQLWVuY2Fwc3VsYXRlZCBSMSBwYWNr ZXQsIGFuZCBhbHNvIHRoZSByZXN0IG9mIHRoZSBjb21tdW5pY2F0aW9uDQo+ICAgIHJlbGF0ZWQg dG8gdGhlIEhJUCBhc3NvY2lhdGlvbiBNVVNUIGFsc28gdXNlIFVEUCBlbmNhcHN1bGF0aW9uLg0K PiANCj4gSXMgdGhpcyBSZXNwb25kZXIgYmVoYXZpb3IgYWxzbyByZXN0cmljdGVkIHRvIElQdjQ/ DQoNCm5vLCBjaGFuZ2VkIHRoaXMgdG8gIklQIGFkZHJlc3MiDQoNCj4gICAgU2VydmVyLiAgVGhl IENvbnRyb2wgUmVsYXkgU2VydmVyIHByb3RlY3RzIHRoZSBJMSBwYWNrZXQgd2l0aA0KPiAgICBS RUxBWV9ITUFDIGFzIGRlc2NyaWJlZCBpbiBbUkZDODAwNF0sIGV4Y2VwdCB0aGF0IHRoZSBwYXJh bWV0ZXINCj4gdHlwZQ0KPiAgICBpcyBkaWZmZXJlbnQgKHNlZSBTZWN0aW9uIDUuOCkuICBUaGUg Q29udHJvbCBSZWxheSBTZXJ2ZXIgY2hhbmdlcw0KPiB0aGUNCj4gDQo+IEkgc3VnZ2VzdCBkcm9w cGluZyB0aGUgODAwNCByZWZlcmVuY2UgYW5kIGp1c3QgdXNpbmcgU2VjdGlvbiA1Ljggb2YNCj4g dGhpcw0KPiBkb2N1bWVudC4NCg0KZG9uZQ0KDQo+ICAgIEluIHN0ZXAgMywgdGhlIFJlc3BvbmRl ciByZWNlaXZlcyB0aGUgSTEgcGFja2V0LiAgVGhlIFJlc3BvbmRlcg0KPiAgICBwcm9jZXNzZXMg aXQgYWNjb3JkaW5nIHRvIHRoZSBydWxlcyBpbiBbUkZDNzQwMV0uICBJbiBhZGRpdGlvbiwNCj4g dGhlDQo+ICAgIFJlc3BvbmRlciB2YWxpZGF0ZXMgdGhlIFJFTEFZX0hNQUMgYWNjb3JkaW5nIHRv IFtSRkM4MDA0XSBhbmQNCj4gICAgc2lsZW50bHkgZHJvcHMgdGhlIHBhY2tldCBpZiB0aGUgdmFs aWRhdGlvbiBmYWlscy4gIFRoZSBSZXNwb25kZXINCj4gDQo+IFtsaWtld2lzZSBoZXJlXQ0KDQpv aw0KDQo+ICAgIEluIHN0ZXAgNywgdGhlIFJlc3BvbmRlciByZWNlaXZlcyB0aGUgSTIgcGFja2V0 IGFuZCBwcm9jZXNzZXMgaXQNCj4gICAgYWNjb3JkaW5nIHRvIFtSRkM3NDAxXS4gIFRoZSBSZXNw b25kZXIgdmFsaWRhdGVzIHRoZSBSRUxBWV9ITUFDDQo+ICAgIGFjY29yZGluZyB0byBbUkZDODAw NF0gYW5kIHNpbGVudGx5IGRyb3BzIHRoZSBwYWNrZXQgaWYgdGhlDQo+ICAgIHZhbGlkYXRpb24g ZmFpbHMuICBJdCByZXBsaWVzIHdpdGggYW4gUjIgcGFja2V0IGFuZCBpbmNsdWRlcyBhDQo+IA0K PiBbYW5kIGhlcmVdDQoNCm9rDQoNCj4gICAgSG9zdHMgTVVTVCBpbmNsdWRlIHRoZSBhZGRyZXNz IG9mIG9uZSBvciBtb3JlIENvbnRyb2wgUmVsYXkNCj4gU2VydmVycw0KPiAgICAoaW5jbHVkaW5n IHRoZSBvbmUgdGhhdCBpcyBiZWluZyB1c2VkIGZvciB0aGUgaW5pdGlhbCBzaWduYWxpbmcpDQo+ IGluDQo+ICAgIHRoZSBMT0NBVE9SX1NFVCBwYXJhbWV0ZXIgaW4gSTIgYW5kIFIyIGlmIHRoZXkg aW50ZW5kIHRvIHVzZSBzdWNoDQo+ICAgIHNlcnZlcnMgZm9yIHJlbGF5aW5nIEhJUCBzaWduYWxp bmcgaW1tZWRpYXRlbHkgYWZ0ZXIgdGhlIGJhc2UNCj4gICAgZXhjaGFuZ2UgY29tcGxldGVzLiAg VGhlIHRyYWZmaWMgdHlwZSBvZiB0aGVzZSBhZGRyZXNzZXMgTVVTVCBiZQ0KPiAiSElQDQo+ICAg IHNpZ25hbGluZyIgYW5kIHRoZXkgTVVTVCBOT1QgYmUgdXNlZCBhcyBISVAgY2FuZGlkYXRlcy4g IElmIHRoZQ0KPiANCj4gSSdtIG5vdCBzdXJlIEkgdW5kZXJzdGFuZCBob3cgdGhlIHJlY2lwaWVu dCB3aWxsIGtub3cgdGhhdCBhIGdpdmVuDQo+ICJISVANCj4gc2lnbmFsaW5nIiBjYW5kaWRhdGUg aXMgaW50ZW5kZWQgb25seSBmb3Igc2lnbmFsaW5nIGFuZCBpcyBub3QgdG8gYmUNCj4gdXNlZCBh cyBhIEhJUCBjYW5kaWRhdGUuICBJcyB0aGF0IGluaGVyZW50IHRvIHRoZSAiSElQIHNpZ25hbGlu ZyINCj4gdHJhZmZpYyB0eXBlICh2cy4gRVNQKT8gIChXZSBkb24ndCBzZWVtIHRvIGRlZmluZSAi SElQIGNhbmRpZGF0ZSINCj4gc3BlY2lmaWNhbGx5Iiwgd2hpY2ggcHJvYmFibHkgY29udHJpYnV0 ZXMgdG8gbXkgY29uZnVzaW9uLikNCg0KdGhlIHNpZ25hbGluZyB0cmFmZmljIHR5cGUgZGVzY3Jp YmVkIGluIGEgc2VjdGlvbiBpbiB0aGUgZHJhZnQuDQpJIHB1dCBhIHBvaW50ZXIgdGhlcmUgYXMg Zm9sbG93czoNCg0KICAgVGhlIHRyYWZmaWMgdHlwZSBvZiB0aGVzZSBhZGRyZXNzZXMgTVVTVCBi ZSAiSElQDQogICBzaWduYWxpbmciIChzZWUgU2VjdGlvbiA1LjcpIGFuZCB0aGV5IE1VU1QgTk9U IGJlIHVzZWQgZm9yIHRoZQ0KICAgY29ubmVjdGl2aXR5IHRlc3RzIGRlc2NyaWJlZCBpbiBTZWN0 aW9uIDQuNi4NCg0KIkhJUCBjYW5kaWRhdGUiIHdhcyBvbGQsIGNvbmZ1c2luZyB0ZXJtaW5vbG9n eSBmcm9tIGVhcmxpZXIgcmV2aXNpb25zLg0KSSBjbGVhcmVkIGl0IHVwLCBzbyBpdCBtZWFucyB0 aGF0IHRoZSBhZGRyZXNzIGlzIG5vdCB0ZXN0ZWQgZm9yDQpjb25uZWN0aXZpdHkuDQoNCj4gU2Vj dGlvbiA0LjYuMg0KPiANCj4gDQo+ICAgIEFsbCBvZiB0aGUgY29ubmVjdGl2aXR5IGNoZWNrIHBh Y2tldHMgTVVTVCBiZSBwcm90ZWN0ZWQgd2l0aCBITUFDcw0KPiAgICBhbmQgc2lnbmF0dXJlcyAo ZXZlbiB0aG91Z2ggdGhlIGlsbHVzdHJhdGlvbnMgaW4gdGhpcw0KPiBzcGVjaWZpY2F0aW9uDQo+ ICAgIG9taXQgdGhlbSBmb3Igc2ltcGxpY2l0eSkuICBFYWNoIGNvbm5lY3Rpdml0eSBjaGVjayBz ZW50IGJ5IGEgaG9zdA0KPiANCj4gQXJlIHRoZXNlIHRoZSBSRUxBWV9ITUFDcyBkZWZpbmVkIGJ5 IHRoaXMgZG9jdW1lbnQgb3IgdGhlIG5vcm1hbA0KPiBISVBfTUFDPw0KDQp0aGlzIHdvdWxkIGJl IEhJUF9NQUMgc2luY2UgaXQgaXMgZGlyZWN0bHkgYmV0d2VlbiB0aGUgdHdvIGVuZC1ob3N0cy4N CkNsYXJpZmllZCBhcyBmb2xsb3dzOg0KDQogICBBbGwgb2YgdGhlIGNvbm5lY3Rpdml0eSBjaGVj ayBtZXNzYWdlcyBNVVNUIGJlIHByb3RlY3RlZCB3aXRoDQogICBISVBfSE1BQyBhbmQgc2lnbmF0 dXJlcyAoZXZlbiB0aG91Z2ggdGhlIGlsbHVzdHJhdGlvbnMgaW4gdGhpcw0KICAgc3BlY2lmaWNh dGlvbiBvbWl0IHRoZW0gZm9yIHNpbXBsaWNpdHkpIGFjY29yZGluZyB0byBbUkZDNzQwMV0uDQoN Cj4gICAgW1JGQzc0MDFdIHN0YXRlcyB0aGF0IFVQREFURSBwYWNrZXRzIGhhdmUgdG8gaW5jbHVk ZSBlaXRoZXIgYSBTRVENCj4gb3INCj4gICAgQUNLIHBhcmFtZXRlciAob3IgYm90aCkuICBBY2Nv cmRpbmcgdG8gdGhlIFJGQywgZWFjaCBTRVEgcGFyYW1ldGVyDQo+ICAgIHNob3VsZCBiZSBhY2tu b3dsZWRnZWQgc2VwYXJhdGVseS4gIEluIHRoZSBjb250ZXh0IG9mIE5BVHMsIHRoaXMNCj4gDQo+ IEknbSBub3QgZmluZGluZyB3aGVyZSBSRkMgNzQwMSBzYXlzIHRoYXQgZWFjaCBTRVEgcGFyYW1l dGVyIHNob3VsZCBiZQ0KPiAiYWNrbm93bGVkZ2VkIHNlcGFyYXRlbHkiLiAgKEEgZmV3IHNlbnRl bmNlcyBsYXRlciB3ZSBzYXkgdGhhdCBhbiBBQ0sNCj4gcGFyYW1ldGVyIG1heSBhY2tub3dsZWRn ZSBtdWx0aXBsZSBzZXF1ZW5jZSBpZGVudGlmaWVycywgdG9vLi4uKQ0KDQpJIHB1dCBhIG1vcmUg cHJlY2lzZSBwb2ludGVyIG5vdzoNCg0KICAgW1JGQzc0MDFdIHNlY3Rpb24gNS4zLjUgc3RhdGVz IHRoYXQgVVBEQVRFIHBhY2tldHMgaGF2ZSB0byBpbmNsdWRlDQogICBlaXRoZXIgYSBTRVEgb3Ig QUNLIHBhcmFtZXRlciAoYnV0IGNhbiBpbmNsdWRlIGJvdGgpLg0KDQpSRkM3NDAxOiAiQW4gVVBE QVRFIHBhY2tldCB3aXRob3V0IGVpdGhlciBhIFNFUSBvciBhbiBBQ0sgcGFyYW1ldGVyIGlzDQpp bnZhbGlkOyBzdWNoIHVuYWNrbm93bGVkZ2VkIHVwZGF0ZXMgTVVTVCBpbnN0ZWFkIHVzZSBhIE5P VElGWSBwYWNrZXQuIg0KDQo+ICAgIEZ1bGwgSUNFIHByb2NlZHVyZXMgZm9yIHByaW9yaXRpemlu ZyBjYW5kaWRhdGVzLCBlbGltaW5hdGluZw0KPiAgICByZWR1bmRhbnQgY2FuZGlkYXRlcywgZm9y bWluZyBjaGVjayBsaXN0cyAoaW5jbHVkaW5nIHBydW5pbmcpIGFuZA0KPiAgICB0cmlnZ2VyZWQg Y2hlY2stcXVldWVzIE1VU1QgYmUgZm9sbG93ZWQgYXMgc3BlY2lmaWVkIGluIHNlY3Rpb24NCj4g Ni4xDQo+ICAgIFtSRkM4NDQ1XSwgd2l0aCB0aGUgZXhjZXB0aW9uIHRoYXQgdGhlIGZvdW5kYXRp b24sIGZyb3plbg0KPiBjYW5kaWRhdGVzDQo+IA0KPiBuaXQ6IG1pc3NpbmcgIm9mIg0KDQp0aGFu a3MsIGFkZGVkDQoNCj4gU2VjdGlvbiA0LjcuMg0KPiANCj4gICAgdHJhdmVyc2FsIG1vZGUgYXMg b25lIG9mIHRoZSBzdXBwb3J0ZWQgbW9kZXMgaW4gdGhlIFIxIHBhY2tldC4gIElmDQo+ICAgIHRo ZSBSZXNwb25kZXIgaGFzIHJlZ2lzdGVyZWQgdG8gYSBDb250cm9sIFJlbGF5IFNlcnZlciBpbiBv cmRlciB0bw0KPiAgICBkaXNjb3ZlciBpdHMgYWRkcmVzcyBjYW5kaWRhdGVzLCBpdCBNVVNUIGFs c28gaW5jbHVkZSBhDQo+IExPQ0FUT1JfU0VUDQo+ICAgIHBhcmFtZXRlciBpbiBSMSB0aGF0IGNv bnRhaW5zIGEgcHJlZmVycmVkIGFkZHJlc3Mgd2hlcmUgdGhlDQo+IFJlc3BvbmRlcg0KPiANCj4g UHJldmlvdXMgbWVudGlvbnMgb2YgTE9DQVRPUl9TRVQgaGF2ZSBtYW5kYXRlZCBhbiBFTkNSWVBU RUQNCj4gY29udGFpbmVyLg0KPiBJZiB0aGlzIGluc3RhbmNlIGlzIG5vdGFibGUgaW4gaXRzIGV4 Y2VwdGlvbiBmcm9tIHRoYXQsIEkgc3VnZ2VzdA0KPiBjYWxsaW5nIGl0IG91dCBleHBsaWNpdGx5 IGFzIG5vdCBlbmNyeXB0ZWQ7IG90aGVyd2lzZSwgSSB0aGluayBhDQo+IHJlbWluZGVyIG1pZ2h0 IGJlIGluIG9yZGVyLg0KDQpPaywgbm93IHRoaXMgdGV4dCBpcyBhcyBmb2xsb3dzOg0KDQogICBJ ZiB0aGUgUmVzcG9uZGVyIGhhcyByZWdpc3RlcmVkIHRvIGEgQ29udHJvbCBSZWxheSBTZXJ2ZXIg aW4gb3JkZXINCiAgIHRvIGRpc2NvdmVyIGl0cyBhZGRyZXNzIGNhbmRpZGF0ZXMsIGl0IFNIT1VM RCBhbHNvIGluY2x1ZGUgYQ0KICAgTE9DQVRPUl9TRVQgcGFyYW1ldGVyIGVuY2Fwc3VsYXRlZCBp bnNpZGUgYW4gRU5DUllQVEVEIHBhcmFtZXRlcg0KICAgaW4gUjEgbWVzc2FnZSB0aGF0IGNvbnRh aW5zIGEgcHJlZmVycmVkIGFkZHJlc3Mgd2hlcmUgdGhlIFJlc3BvbmRlcg0KICAgaXMgYWJsZSB0 byByZWNlaXZlIFVEUC1lbmNhcHN1bGF0ZWQgRVNQIGFuZCBISVAgcGFja2V0cy4NCg0KKG5vdGUg dGhhdCBJIGNoYW5nZWQgdGhlICJpdCBNVVNUIiB0byAiaXQgU0hPVUxEIiwgc2VlIG15IGZvbGxv d2luZw0KY29tbWVudCkNCg0KPiAgICBpcyBhYmxlIHRvIHJlY2VpdmUgVURQLWVuY2Fwc3VsYXRl ZCBFU1AgYW5kIEhJUCBwYWNrZXRzLiAgVGhpcw0KPiAgICBsb2NhdG9yIE1VU1QgYmUgb2YgdHlw ZSAiVHJhbnNwb3J0IGFkZHJlc3MiLCBpdHMgVHJhZmZpYyB0eXBlIE1VU1QNCj4gYmUNCj4gICAg ImJvdGgiLCBhbmQgaXQgTVVTVCBoYXZlIHRoZSAiUHJlZmVycmVkIGJpdCIgc2V0IChzZWUgVGFi bGUNCj4gMSkuICBJZg0KPiAgICB0aGVyZSBpcyBubyBzdWNoIGxvY2F0b3IgaW4gUjEsIHRoZSBz b3VyY2UgYWRkcmVzcyBvZiBSMSBpcyB1c2VkDQo+IGFzDQo+ICAgIHRoZSBSZXNwb25kZXIncyBw cmVmZXJyZWQgYWRkcmVzcy4NCj4gDQo+IEdpdmVuIHRoZSBsYXN0IHNlbnRlbmNlLCBpdCBzZWVt cyBsaWtlIHRoZSAiTVVTVCBhbHNvIGluY2x1ZGUgWy4uLl0NCj4gcHJlZmVycmVkIGFkZHJlc3Mi IGlzIHVuZW5mb3JjZWFibGUgYnkgdGhlIEluaXRpYXRvci4NCg0KSSBhbSBub3Qgc3VyZSB3aGF0 IHlvdSBtZWFuPyBUaGUgTVVTVCAob3Igbm93IFNIT1VMRCkgaXMgYSBndWlkZWxpbmUgDQp3aGF0 IHRoZSBSZXNwb25kZXIgc2VuZHMuIEFueXdheSwgSSBjaGFuZ2VkIHRoZSB3b3JkaW5nIG5vdyBz byB0aGF0DQp0aGlzIHNob3VsZCBiZSBtb3JlIGNsZWFyIGFuZCBob3BlZnVsbHkgbGVzcyBhbWJp Z3VvdXM/DQoNCiAgSWYgdGhlcmUgaXMgbm8gc3VjaCBsb2NhdG9yIGluIFIxLCB0aGUgSW5pdGlh dG9yIE1VU1QgdXNlIHRoZSBzb3VyY2UNCiAgYWRkcmVzcyBvZiB0aGUgUjEgYXMgdGhlIFJlc3Bv bmRlcidzIHByZWZlcnJlZCBhZGRyZXNzLg0KDQpOb3RlOiBJIGNoYW5nZWQgdGhlICJpdCAqTVVT VCogYWxzbyBpbmNsdWRlIGEgTE9DQVRPUl9TRVQiIHRvDQoiaXQgKlNIT1VMRCogaW5jbHVkZSBh IExPQ0FUT1IiIHNldCBiZWNhdXNlIG90aGVyd2lzZSB0aGUgbGFzdCBzZW50ZW5jZQ0KKCJJZiB0 aGVyZSBpcyBubyBzdWNoIGxvY2F0b3IgaW4gUjEiKSBpcyBtb290IHNpbmNlIGEgTVVTVCBpcyBh IE1VU1QuDQpUaGUgbGF0dGVyIGNhc2UgY2FuIGJlIHVzZWQgaW4gc2NlbmFyaW9zIHdoZXJlIHRo ZSBSZXNwb25kZXIgaGFzIGENCnB1YmxpYyBJUCBhZGRyZXNzLg0KDQo+IFNlY3Rpb24gNC45DQo+ IA0KPiAgICByZXNwb25kcyB3aXRoIGFuIFVQREFURSB3aXRoIEVDSE9fUkVRX1NJR04gYXMgZGVz Y3JpYmVkIGluIHN0ZXAgMw0KPiBpbg0KPiAgICBGaWd1cmUgNi4gIFVwb24gcmVjZWl2aW5nIHRo ZSB2YWxpZCByZXNwb25zZSBmcm9tIGhvc3QgTSBhcw0KPiBkZXNjcmliZWQNCj4gICAgaW4gc3Rl cCA2LCB0aGUgcGVlciBob3N0IE1VU1QgcmVzdGFydCB0aGUgY29ubmVjdGl2aXR5IGNoZWNrcyB3 aXRoDQo+ICAgIGhvc3QgTS4gIFRoaXMgd2F5LCBib3RoIGhvc3RzIHN0YXJ0IHRoZSBjb25uZWN0 aXZpdHkgY2hlY2tzDQo+IHJvdWdobHkNCj4gICAgaW4gYSBzeW5jaHJvbml6ZWQgd2F5LiAgSXQg aXMgYWxzbyBpbXBvcnRhbnQgdGhhdCBwZWVyIGhvc3QgZG9lcw0KPiBub3QNCj4gICAgcmVzdGFy dCB0aGUgY29ubmVjdGl2aXR5IGNoZWNrcyB1bnRpbCBpdCBoYXMgcmVjZWl2ZWQgYSB2YWxpZA0K PiAiZnJlc2giDQo+ICAgIGNvbmZpcm1hdGlvbiBmcm9tIGhvc3QgTSBiZWNhdXNlIHRoZSBVUERB VEUgbWVzc2FnZSBjYXJyeWluZw0KPiBsb2NhdG9ycw0KPiAgICBjb3VsZCBiZSByZXBsYXllZCBi eSBhbiBhdHRhY2tlci4NCj4gDQo+IENhbiB5b3UgcmVtaW5kIG1lIHdoaWNoIHN0ZXAgdGhpcyAi ZnJlc2giIGNvbmZpcm1hdGlvbiBpcyBpbj8gIFN0ZXAgNg0KPiBkb2Vzbid0IHJlYWxseSBzZWVt IHRvIG1hdGNoIHRoYXQgZGVzY3JpcHRpb24uLi4NCg0KSSBjaGFuZ2VkIHRoaXMgc2VudGVuY2Ug dG8gYmUgbW9yZSBleHBsaWNpdDoNCg0KICAgSXQgaXMgYWxzbyBpbXBvcnRhbnQgdGhhdCBwZWVy IGhvc3QgZG9lcyBub3QNCiAgIHJlc3RhcnQgdGhlIGNvbm5lY3Rpdml0eSBjaGVja3MgdW50aWwg dGhlIHN0ZXAgNiBpcyBzdWNjZXNzZnVsbHkNCiAgIGNvbXBsZXRlZCBiZWNhdXNlIHRoZSBVUERB VEUgbWVzc2FnZSBjYXJyeWluZyBsb2NhdG9ycyBpbiBzdGVwIDENCiAgIGNvdWxkIGJlIHJlcGxh eWVkIGJ5IGFuIGF0dGFja2VyLg0KDQo+IFNlY3Rpb24gNS40DQo+IA0KPiANCj4gICAgVGhlIGZv cm1hdCBvZiBOQVQgdHJhdmVyc2FsIG1vZGUgcGFyYW1ldGVyIGlzIGJvcnJvd2VkIGZyb20gTGVn YWN5DQo+ICAgIElDRS1ISVAgW1JGQzU3NzBdLiAgVGhlIGZvcm1hdCBvZiB0aGUgTkFUX1RSQVZF UlNBTF9NT0RFIHBhcmFtZXRlcg0KPiBpcw0KPiANCj4gIkJvcnJvd2VkIGZyb20iPyAgSXQgaGFk IGRhcm4gd2VsbCBiZXR0ZXIgYmUgKnRoZSBzYW1lIGFzKiAoaS5lLiwNCj4gInJldGFpbmVkIGZy b20iKSB0aGUgUkZDIDU3NzAgZm9ybWF0LCB0aGUgd2F5IHdlJ3JlIHVzaW5nIHRoZSBJQU5BDQo+ IHJlZ2lzdHJ5IGZvciBOQVQgdHJhdmVyc2FsIG1vZGVzLi4uDQo+IChUaGUgImRlZmluZWQgaW4g W1JGQzU3NzBdLiBidXQgcmVwZWF0ZWQgZm9yIGNvbXBsZXRlbmVzcyIgbGFuZ3VhZ2UNCj4gd2UN Cj4gdXNlIGZvciBUUkFOU0FDVElPTl9QQUNJTkcgc2VlbXMgbXVjaCBiZXR0ZXIuKQ0KDQpDaGFu Z2VkIHRvOg0KDQogICBUaGUgZm9ybWF0IG9mIE5BVCB0cmF2ZXJzYWwgbW9kZSBwYXJhbWV0ZXIg aXMgZGVmaW5lZCBpbiBMZWdhY3kgSUNFLQ0KICAgSElQIFtSRkM1NzcwXSBidXQgcmVwZWF0ZWQg aGVyZSBmb3IgY29tcGxldGVuZXNzLg0KDQo+IFNlY3Rpb24gNS43DQo+IA0KPiBTaG91bGQgd2Ug c2F5IHRoYXQgdGhlIExPQ0FUT1JfU0VUIG11c3QgYWx3YXlzIGFwcGVhciB3aXRoaW4gYW4NCj4g RU5DUllQVEVEIHdyYXBwZXI/DQoNCkFkZGVkIHRvIHRoZSBlbmQgb2YgdGhpcyBzZWN0aW9uOg0K DQogIFRoZSBMT0NBVE9SIHBhcmFtZXRlciBNVVNUIGJlIGVuY2Fwc3VsYXRlZCBpbnNpZGUgYW4g RU5DUllQVEVEDQpwYXJhbWV0ZXIuDQoNCj4gU2VjdGlvbiA2LjENCj4gDQo+IEl0J3MgaGFyZCB0 byBzZWUgdGhlIHBocmFzZSAicmVxdWlyZXMgZnVydGhlciBleHBlcmltZW50YXRpb24iIGluIGEN Cj4gcHJvcG9zZWQgc3RhbmRhcmQuICAoTWF5YmUgaXQgc2hvdWxkbid0IGJlLCBnaXZlbiB0aGUg InByb3Bvc2VkIg0KPiBwYXJ0LA0KPiBidXQgaW4gcHJhY3RpY2UgaXQgc2VlbXMgdG8gYmUuKSAg UGVyaGFwcyB3ZSBjb3VsZCBqdXN0IHNheSB0aGF0DQo+IHdoaWNoDQo+IGhvc3QgYWRkcmVzc2Vz IHRvIGV4Y2x1ZGUgZnJvbSB0aGUgTE9DQVRPUl9TRVQgaXMgYSBtYXR0ZXIgb2YgbG9jYWwNCj4g cG9saWN5Pw0KDQpJIGRvbid0IHNlZSB3aHkgYSBsb2NhbCBwb2xpY3kgc2hvdWxkIGJlIG1hbmRh dGVkIGluIGFuIFJGQz8gQW55d2F5LCBJDQp0dXJuZWQgdGhpcyBhcm91bmQgYXMgZm9sbG93czoN Cg0KICAgRm9yIHRoZXNlIHR3byBsb2NhbCBwb2xpY3kgcmVhc29ucywgaXQgbWlnaHQgYmUgdGVt cHRpbmcgZXhjbHVkZSANCiAgIGNlcnRhaW4gaG9zdCBhZGRyZXNzZXMgZnJvbSB0aGUgTE9DQVRP Ul9TRVQgcGFyYW1ldGVyIG9mIGFuIGVuZC0gICANCiAgIGhvc3QgIGJ1dCB0aGlzIGlzIE5PVCBS RUNPTU1FTkRFRC4gRm9yIGluc3RhbmNlLCBzdWNoIGJlaGF2aW9yDQogICBjcmVhdGVzIG5vbi1v cHRpbWFsIHBhdGhzIHdoZW4gdGhlIGhvc3RzIGFyZSBsb2NhdGVkIGJlaGluZCB0aGUgICAgDQog ICBzYW1lIE5BVC4NCg0KQXJlIHlvdSBvayB3aXRoIHRoaXM/DQoNCj4gICAgVGhpcyBzY2VuYXJp byBpcyByZWZlcnJlZCB0byBhcyB0aGUgaGFpcnBpbiBwcm9ibGVtDQo+IFtSRkM1MTI4XS4gIFdp dGgNCj4gICAgc3VjaCBhIGxlZ2FjeSBOQVQsIHRoZSBvbmx5IG9wdGlvbiBsZWZ0IHdvdWxkIGJl IHRvIHVzZSBhIHJlbGF5ZWQNCj4gICAgdHJhbnNwb3J0IGFkZHJlc3MgZnJvbSBhbiBDb250cm9s IFJlbGF5IFNlcnZlciBzZXJ2ZXIuDQo+IA0KPiBEYXRhIFJlbGF5IFNlcnZlciwgbm8/ICAoQWxz bywgbml0OiAiU2VydmVyIHNlcnZlciIuKQ0KDQp0aGFua3MsIG5vdyB0aGlzIGlzOg0KDQoiLi4u ZnJvbSBhbiBEYXRhIFJlbGF5IFNlcnZlci4iDQoNCj4gU2VjdGlvbiA2LjcNCj4gDQo+ICAgIHJl cGxheSBhdHRhY2tzIHRoYXQgYXJlIGRpZmZpY3VsdCB0byBwcmV2ZW50LiAgVGhlIGNvbm5lY3Rp dml0eQ0KPiAgICBjaGVja3MgaW4gdGhpcyBwcm90b2NvbCBhcmUgaW1tdW5lIGFnYWluc3QgcmVw bGF5IGF0dGFja3MgYmVjYXVzZQ0KPiBhDQo+ICAgIGNvbm5lY3Rpdml0eSByZXF1ZXN0IGluY2x1 ZGVzIGEgcmFuZG9tIG5vbmNlIHRoYXQgdGhlIHJlY2lwaWVudA0KPiBtdXN0DQo+ICAgIHNpZ24g YW5kIHNlbmQgYmFjayBhcyBhIHJlc3BvbnNlLg0KPiANCj4gSWYgSSB3YXMgZmVlbGluZyBwYXJ0 aWN1bGFybHkgcGVkYW50aWMgSSdkIHJlcXVlc3QgImVmZmVjdGl2ZWx5DQo+IGltbXVuZSIsDQo+ IHNpbmNlIHRoZXJlIGlzIHRoZSBtaW5vciByaXNrIG9mIGNvbGxpc2lvbiBpbiB0aGUgcmFuZG9t IG5vbmNlDQo+IHZhbHVlcy4NCg0KYWRkZWQgImVmZmVjdGl2ZWx5Ig0KDQo+IFNlY3Rpb24gMTAu MQ0KPiANCj4gUkZDIDU3NjYgY291bGQgcHJvYmFibHkgYmUganVzdCBhbiBpbmZvcm1hdGl2ZSBy ZWZlcmVuY2U7IFJGQ3MgNjE0Ng0KPiBhbmQNCj4gNjE0NyBhcyB3ZWxsLg0KDQpkb25lIQ0KDQo+ IFNlY3Rpb24gMTAuMg0KPiANCj4gSSdtIG5vdCBzdXJlIHRoYXQgd2Ugc3RpbGwgbmVlZCB0byBy ZWZlcmVuY2UgUkZDIDUyNDUgKHZzLiA4NDQ1KT8NCg0KUkZDNTc3MCBkZXBlbmRzIG9uIGl0LiBS RkM1MjQ1IGlzIGFuIGluZm9ybWF0aXZlIHJlZmVyZW5jZS4NCg0KPiBUaGUgc3RhdHVzIG9mIFJG QyA1NzcwIGlzIGxlc3MgY2xlYXI7IGluIFNlY3Rpb24gNSB3ZSBub3RlIHRoYXQgIm1vc3QNCj4g b2YNCj4gdGhlIHBhcmFtZXRlcnMgYXJlIHNob3duIGZvciB0aGUgc2FrZSBvZiBjb21wbGV0ZW5l c3MiLCBpbXBseWluZyB0aGF0DQo+IG5vdCBhbGwgYXJlIHNob3duLCB3aGljaCB3b3VsZCBpbiB0 aGVvcnkgbGVhdmUgYSBub3JtYXRpdmUgZGVwZW5kZW5jeQ0KPiBvbg0KPiBSRkMgNTc3MCBmb3Ig dGhvc2UgcGFyYW1ldGVycycgaW50ZXJwcmV0YXRpb24uDQoNCkkgY29tcGFyZWQgdGhlIGRyYWZ0 IHBhcmFtZXRlcnMgd2l0aCBSRkM1NzcwLCBhbmQgbm93IGNoYW5nZWQgIm1vc3QiIHRvDQoiYWxs Ii4NCg0KPiBTaW1pbGFybHksIHRoZSBzdGF0dXMgb2YgUkZDIDM5NDggaXMgYWxzbyBsZXNzIGNs ZWFyOyB3ZSBkbyB1c2UgYQ0KPiBmYWlyDQo+IGJpdCBvZiBtYWNoaW5lcnkgZnJvbSBpdCBhbmQg aXQncyBub3QgdHJpdmlhbGx5IGNsZWFyIHRoYXQgd2UNCj4gcmVwcm9kdWNlDQo+IGV2ZXJ5dGhp bmcgdGhhdCBpcyBuZWVkZWQuDQoNCnRoZSBVRFAgZW5jYXBzdWxhdGlvbiBvZiBFU1AgaXMgZmFp cmx5IHRyaXZpYWwgYW5kIGhhcyBiZWVuDQppbnRlcm9wZXJhdGVkIHN1Y2Nlc3NmdWxseSBieSB0 aHJlZSBpbXBsZW1lbnRhdGlvbnMuDQoNCj4gQ291bGQgd2UgZ2V0ICJkcmFmdC1yb3NlbmJlcmct bW11c2ljLWljZS1ub25zaXAiIGluY2x1ZGVkIGluIHRoZQ0KPiBbTU1VU0lDLUlDRV0gcmVmZXJl bmNlLCBhc3N1bWluZyB0aGF0J3MgdGhlIHJpZ2h0IEktRD8NCg0KZG9uZQ0KDQo+IFNpbWlsYXJs eSwgYSBkcmFmdCBuYW1lIGZvciBbSElQLU1JRERMRV0gd291bGQgYmUgaGVscGZ1bC4NCg0KZG9u ZQ0KDQo+IEFwcGVuZGl4IEENCj4gDQo+IFsiZnVydGhlciBleHBlcmltZW50YXRpb24iIGhlcmUg YXMgd2VsbF0NCg0KQ2hhbmdlZCB0aGlzIHRvOg0KDQogICBJbiBnZW5lcmFsLCBlc3RpbWF0aW5n IFJUVCBjYW4gYmUgZGlmZmljdWx0IGFuZCBlcnJvciBwcm9uZSwgdGh1cyANCiAgIHRoZSBndWlk ZWxpbmVzIGZvciBjaG9vc2luZyBhIFRhIHZhbHVlIGluIFNlY3Rpb24gNC40IE1VU1QgYmUNCiAg IGZvbGxvd2VkLg0K From nobody Thu Apr 23 02:09:54 2020 Return-Path: X-Original-To: hipsec@ietf.org Delivered-To: hipsec@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 806673A1769; Thu, 23 Apr 2020 02:09:12 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: internet-drafts@ietf.org To: Cc: hipsec@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.127.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: hipsec@ietf.org Message-ID: <158763295241.12691.3987600757568339438@ietfa.amsl.com> Date: Thu, 23 Apr 2020 02:09:12 -0700 Archived-At: Subject: [Hipsec] I-D Action: draft-ietf-hip-native-nat-traversal-31.txt X-BeenThere: hipsec@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is the official IETF Mailing List for the HIP Working Group." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2020 09:09:14 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Host Identity Protocol WG of the IETF. Title : Native NAT Traversal Mode for the Host Identity Protocol Authors : Ari Keranen Jan MelĂ©n Miika Komu Filename : draft-ietf-hip-native-nat-traversal-31.txt Pages : 65 Date : 2020-04-23 Abstract: This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages instead of ICE for all NAT traversal procedures due to the kernel-space dependencies of HIP. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-hip-native-nat-traversal-31 https://datatracker.ietf.org/doc/html/draft-ietf-hip-native-nat-traversal-31 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-hip-native-nat-traversal-31 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/