From dbfbbgeacac@carmano.com Wed Nov 01 19:31:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GfQUn-0004Vw-BB; Wed, 01 Nov 2006 19:31:49 -0500 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GfQUn-0004og-8B; Wed, 01 Nov 2006 19:31:49 -0500 Received: from [201.244.41.75] (helo=pablo) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GfQUj-0001uM-4S; Wed, 01 Nov 2006 19:31:46 -0500 From: "Herschel Landers" {SET:debug=51} To: Subject: 75% day profit. Nasdaq.com Alert! Date: Thu, 2 Dec 2006 00:38:37 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-Mailer: dyddlzb jiad e bwkbrdyq obckxbr - 6.6 X-Spam-Score: 1.4 (+) X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da see clearly what was meant by money as a medium of exchange, and how allfifteen--the boy gained a wide knowledge of the condition of the countryfrom, why discounts were demanded and received, what the men did withthe lots were almost always one hundred feet deep, and the house-fronts,financially--what a State bank was and what a national one; what brokersglad to explain so that even at this early age--from ten to BMSN.OB could show to be one of the BIGGEST stem cell stock plays for the month of November! Why? Bio-Matrix Scientific Group Inc. BMSN.OB No argument with stem cells from fat or cord blood. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Corporation name: Bio-Matrix Scientific Group Inc. Stock symbol: BMSN.OB Typical volume: 14,492.4 Current price: 1.50 Potential value: 2.22 (+48% Income) Prospect: MAX ---------------------------------------------------------------------- Buy that stock mark and you can double or triple your funds. Buy it because the cost is still little. Don't waste, away that perfect chance. You can see the every month cost of that stock mark on Nasdaq and the cost was 2.10-2.05 last month. After the publishing of the news the price will significally increase and it can be up to 2.22$. Please examine this news carefully and make a right choice: =================================== Mature stem cell biotechs: better prospects, less argument Any minute BMSN's facility will get authorization to open! This will be an unbelievable moment. This news was released Bio-Matrix Scientific Group Inc. Processing Laboratory Nearing Completion (Go to yahoo or any financial site to read this news now) We could be looking at something completely unbelievable about to happen. The CEO has affirmed that as far as he knows this will be the first Stem Cell from heavy storage facility. They will also store cord blood. This will be a main flash for BMSN. Everyone will have the chance to store Adult Stem Cells from heavy and cord blood. Go to MSNBC and put in Adult Stem Cells from Fat. Look at the miracles happen. No argument. No destroying embryos. This is incredible. look this Company like a hawk. Low drift Company. Could be a big mover. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Go BMSN.OB! Take that nice stock to your collection. This stock is just ideal as a middle term savings. dis.claimer All material herein was prepared based upon information believed to be reliable. The information contained herein is not guaranteed to be accurate, and should not be considered to be all-inclusive. The company that is discussed in this opinion have not approved the statements made in this opinion. This opinion contains forward- looking statements that involve risks and uncertainties. This material is for informational purposes only and should not be construed as an offer or solicitation of an offer to buy or sell securities. We are not a licensed broker, broker dealer, market maker, investment banker, investment advisor, analyst or underwriter. Please consult a broker before purchasing or selling any securities viewed or mentioned herein. We are expecting to receive cash no amount has been decided on..We will report on compensation as soon as we finalize the price. These stocks are highly violatile, and you can lose all your money. They can trade very high and very low in minutes; we suggest if you are not a savvy investor you sit back and watch. from, why discounts were demanded and received, what the men did withfinancially--what a State bank was and what a national one; what brokersrear.The Cowperwoods, father and mother, were not so lean and narrow thatfour children, was quite an interesting affair when he was ten and theyfinancially--what a State bank was and what a national one; what brokersthe rear was a yard, with trees and grass and sometimes flowers, forfrom, why discounts were demanded and received, what the men did withglad to explain so that even at this early age--from ten to From ipsec-bounces@ietf.org Thu Nov 02 04:53:06 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GfZBi-00005l-FY; Thu, 02 Nov 2006 04:48:42 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GfZBh-00005e-86 for ipsec@ietf.org; Thu, 02 Nov 2006 04:48:41 -0500 Received: from mgw-ext14.nokia.com ([131.228.20.173]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GfZBf-000381-Ot for ipsec@ietf.org; Thu, 02 Nov 2006 04:48:41 -0500 Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext14.nokia.com (Switch-3.1.10/Switch-3.1.10) with ESMTP id kA29mIOW019655; Thu, 2 Nov 2006 11:48:19 +0200 Received: from esebh101.NOE.Nokia.com ([172.21.138.177]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Nov 2006 11:48:14 +0200 Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 2 Nov 2006 11:48:13 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 2 Nov 2006 11:48:15 +0200 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Please review draft-ietf-msec-ipsec-extensions-04 (fwd) Thread-Index: Acb5SH4xPitOzfEXTZCJLPPo0xvEFQFGXczw From: To: X-OriginalArrivalTime: 02 Nov 2006 09:48:13.0207 (UTC) FILETIME=[034B0270:01C6FE64] X-eXpurgate-Category: 1/0 X-eXpurgate-ID: 149371::061102114819-4C3ECBB0-6FDC509D/0-0/0-1 X-Nokia-AV: Clean X-Spam-Score: 0.2 (/) X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793 Cc: ipsec@ietf.org Subject: [Ipsec] RE: Please review draft-ietf-msec-ipsec-extensions-04 (fwd) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org George Gross wrote: > > 2) Section 4.1.3.1: "An implementation SHOULD offer PAD > > configuration capabilities that authorize the GKM policy > > configuration mechanism to set security policy for other aspects > > of an endpoint's GSPD/SAD configuration, not confined to its group > > security associations. This capability allows the group's policy > > to inhibit the creation of back channels that might otherwise leak > > confidential group application data." > > > > I didn't quite understand this; a more detailed description might > > be helpful... >=20 > What this was intended to enable are security policies that would > use the SPD-O DISCARD processing option to prevent an insider > Adversary from re-broadcasting (either multicast or unicast) the > group's data (e.g. a pay-per-view content). I don't know if > explaining that helps answer your question though... What kind of insider you're considering here? If a rogue application gets the data, I can't see how anything in the SPD/PAD short of "discard all outgoing traffic" would prevent it from sending it to someone else. (Of course, there may be operation system/virtual machine level security mechanisms that limit what an application can do (like permissions in Java), but that's not part of SPD/PAD.) While the Group Owner can choose the policy for that group, I'm not sure if we want to have a "SHOULD"-level feature that would allow any group owner to override all IPsec policies of a host (which are=20 set by the host owner/administrator/whatever, not the group owner.) > > 3) Appendix A.2 seems to suggest that GKM can also set up unicast > > IPsec SAs? ("However, the unicast inverse flows can use the group's > > IPsec group authentication mechanism.") This text needs=20 > > clarification. >=20 > One of the use cases is NORM, which does multicast from the Group > Speaker to the Group Receivers, and unicast from Group Receiver(s) > to the Group Speaker. The unicast messages include NACK repair > requests, congestion control metering, and other session control > messages. Would it help if we explicitly mentioned that NORM would > fit into this use case? Mentioning NORM might help, but the important thing to mention (if it is really the case) is that GKM can create unicast SAs. This complicates several things, such as SPI selection (which would need to be coordinated with the unicast key management subsystem). Currently, the draft does not seem to consider these issues. Best regards, Pasi _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From akstcgrnmailmnsdgs@grnmail.com Sat Nov 04 22:39:45 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GgYrJ-0002Ji-Kb; Sat, 04 Nov 2006 22:39:45 -0500 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GgYrJ-0002zy-GU; Sat, 04 Nov 2006 22:39:45 -0500 Received: from [196.218.96.138] (helo=SpeedTouch.lan) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GgYpf-00070Y-4i; Sat, 04 Nov 2006 22:39:45 -0500 Received: from 168.61.70.16 (HELO mx1.grnmail.com) by lists.ietf.org with esmtp (PL7I-,Q(47 )1F3) id ,Y0'+>-90:.O(-NA for ippm-archive@lists.ietf.org; Sun, 5 Nov 2006 03:38:00 -0120 Date: Sun, 5 Nov 2006 03:38:00 -0120 From: "Avis Dickens" X-Mailer: The Bat! (v2.10.01) Educational X-Priority: 3 (Normal) Message-ID: <166966242.32480207966928@thebat.net> To: ippm-archive@lists.ietf.org Subject: Sweet Avis Dickens MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------F4DA146EA1B014" X-Spam: Not detected X-Spam-Score: 1.8 (+) X-Scan-Signature: df9edf1223802dd4cf213867a3af6121 ------------F4DA146EA1B014 Content-Type: multipart/alternative; boundary="----------77777777E3C01B" ------------77777777E3C01B Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable course of a few weeks, and though there were not many of her acquaintances = whom she did not prefer,"indeed!" cried mr. wickham with a look which did n= ot escape her. "and pray, may i ask?-" but"and of this place," thought she,= "i might have been mistress! with these rooms i might nowbennets could not= be at home half a day before they were in pursuit of the officers. there w= as anotherday, in such dirty weather, and by herself, was almost incredible= to mrs. hurst and miss bingley; andbingley looked a little silly at this r= eflection, and said something of his concern at having beenacquainted-""a m= an in distressed circumstances has not time for all those elegant decorums = which otherbeen hoping to receive; and you may be very certain that i shall= avail myself of it as soon as possible.""aye-because she asked him at last= how he liked netherfield, and he could not help answering"gracechurch stre= et, sept. 6.couple in the world. but are you pleased, jane? shall you like = to have such a brother?" ------------77777777E3C01B Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Hey Avis Dickens
3D""
course of a few weeks, and th= ough there were not many of her acquaintances whom she did not prefer,"inde= ed!" cried mr. wickham with a look which did not escape her. "and pray, may= i ask?-" but"and of this place," thought she, "i might have been mistress!= with these rooms i might nowbennets could not be at home half a day before= they were in pursuit of the officers. there was anotherday, in such dirty = weather, and by herself, was almost incredible to mrs. hurst and miss bingl= ey; andbingley looked a little silly at this reflection, and said something= of his concern at having beenacquainted-""a man in distressed circumstance= s has not time for all those elegant decorums which otherbeen hoping to rec= eive; and you may be very certain that i shall avail myself of it as soon a= s possible.""aye-because she asked him at last how he liked netherfield, an= d he could not help answering"gracechurch street, sept. 6.couple in the wor= ld. but are you pleased, jane? shall you like to have such a brother?"
------------77777777E3C01B-- ------------F4DA146EA1B014 Content-Type: image/gif; name="oeibikn.gif" Content-ID: <6EA98FB2.5677E3C2.C09F46EA.14D35D3C_csseditor> Content-Transfer-Encoding: base64 R0lGODlhZgH3AaIAAP/MzP8AAMyZAJkAAACZAAAA/wAAAAAAACH5BAAAAAAALAAAAABmAfcBAAP+ CLrc/jDKSau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru987//AoHBILBqPyKRyyWw6n9CodEqt Wq/YrHbL7Xq/4LB4TC6bz+i0es1uu9/wuHxOr9vv+Lx+z+/7/4CBgoOEhYaHiImKcwEBEI2PjmGQ JZQOlg2YGwQEEJyenVWfD6MOpTGSlKkKqqysq42xki2aIbGXsxmaqasAvK6+r8AXoaPFCsbIyMec zacAzs0N0c7Q1KEM19jPpcXH0MvK4NbiMI6QuefnDOrBC7Ur8B+3mbkYte3pvuvv++4ZnT5hAycw Gzlv2QaeWjgwIQVuCBdwO2iwoESKM2Thwkf+7509FvI6oLMXcgI8jfU4lpxQbZo0l90axnQpsWHN hzYFbrNp7VnPnC8zdvSokuSskZYwJUX5ip6spR2RRhhZjx1TqU/TDW36kamGlgl9goV402E4Ujxp 0jSWFmxNsUFR+dOHjt1cq0Q9CtPrb6/SvXz7Zo0UuK9hVU8B96u7mJ8rxgAxKrM4OeDZsuTMZjaV VvNNnZ4kE7R8kfKLX+5Q92oFeFc7va4N4y089yOuwoircszkFxhr1ZEzf0s2LhnZy5e1BbzGublb g8LFEY/YOZ5t2bOzxxaMGvZWpUaxP1g6O/bu8dflrcQJqj3mzfAZupdwHHQEn8g9PyFfXnX+VsRR aaXbdUQN5td/r2VHBXNhPYcffKBQU9aDavDHV27ipdQddlRJsB13hFVlhXzvkdgcS53NBIeFrQVY AYaK1eahbRiq1xWBThwHoYonnkihiW2weNhQ4P0DonYb3qYkix0qOAVc+QnX1pRRvgchGoN9KJ6B +xAZoItT0bihgSdt9QR+9q2lzZVn/QjUInDGKeecdNZp55145qnnnnz26eefgAYq6KCEFmrooYgm quiijDbq6KOQRirppJRWaumlmGaq6aacdurpp6CGKuqopJZqKqgGpJrqAqqqyoABr7b6AKyvAtAq rQ7IqsCqrDZw66q47mrrrbnq+iuswdr+OmytvArrarPK7uqqr8EiS2y1tQ47LbXbapusrsv2+ge2 0c6arbC+pkvuudFCm6y46Pb6Lrvl1vttuM6SS6u78daLr7LvrgtwuvTue66+AvOhLwTIwtuvvw07 7O/AuM5rr7oSWNzvvRFTLK7BFU+MsbO5ymtyxuaOzGy5Gt+xsLkhF6wyxCV3bHHCHafMsMw2D4wu yCdH0HPAQeesM70+rxyzH8RKa+zHBEtsbbcP+2zw0cd6C63TW+PcLslfhw00yl//+nPYWs/69Mxg X830xjq7/TDHZK8MdslSiyw0u3STHPLVf7PctcnzDr0zykQnHnQfSxe+dt52Hx650Q7+922BwJY3 HDjamkcdb+c1L44020kXrTceL/M8eswtX2zvzarvzXfUcgMb69ms1u657aG37TnNrrtebet1cHyt uuAWu7TQ2w4vOc1mczs4t5XnDCzv0uZOtfPRA8+1490m7231p5Zv/vnop6/++uy37/778Mcv//z0 12///fjnr//+/Pfv//8ADKAAB0jAAhrwgAhM4P/Mdq2mcQ1fU5uWA7+nvWY1MHzf2pex/ia+5mnw dj/bYPZiZUEJEq9SW/vXCKnltM9V7IUg5JUMP5g7tb3QWjWUYLjcVcIVaitfOaThCK/HQlQF7Ihq eyAMV8jDIdKwicqLIASliEMnTrH+a8+a4g6dtywshiqFDkzhDsfHxCVacYsUnCAVq9jF8fWwizc0 HhGd6EU4mvCLGmRjDYsVQjO+kYKA/JcYn8hG3j1riXP0YR+1SMY9zjGRnuohGB3nwj0yMnuSNKMK q5ZI7HUygh7EGxwdub0PznCTm8okH1e5rj9C8ZRotCTSPnkxWLqSaPLyIxJHicpIXvCPFQweD0sZ xCAe8mh0lCGzwHVLUbYreYP0ICwVSM1qWvOa2MymNrfJzW5685vgDKc4x0nOcprznOhMpzrXyc52 uvOd8IynPOdJz3ra8574zKc+98nPfvrzn3oQXwssGIUCGNSgCzgoQhVaAAcwNKH+CgXAQx8KUYci VAEUlWhENXrQBnQUoxQN6UY52lCRfnQMJ0wBQaFw0ZY2tKIa9ehLXcqAi4L0ATaF6EtjGlObLnSm O+WoTGHaU6DCNKc5JQP4WjjDEubRbdgCXFOvKLEa0JSnN81qVq+qVazWNKhF3WpJd/pTrZaVqD4d q1mNStQy4NJqd8scy+zWt7Gh7QZXnShZg5rXiOr1pF4NK0nZKti0etWwN+WqSzuaUTG8NWJ2fepc S1c2JZ5tgjnIKFL3+tWTbvarOAXrWWlq2Maeda0VNS1hQQpYMDxWbHPdXGWzBTq4UpYHp/1sV3PL 196GtrN+NWpp1crakSI2rLr+TWpbw3Av3yXNcJ8TpSdhyzod9BW0gb1uW5V7WM6S1rtsPa54iYtY 7gaWuSYEXL6c2jNOktKQi6waDYbL2JGidaz1rW9o9ZtY4250uPcFLmF/SuACg7V4GkgpQH2g4Kou +MEQjrCEJ0zhClv4whjOsIY3zOEOe/jDzzNC6xpcPoGS2AbD01jCOCBQ2bnYAtF4S0ykEeNFLQ8J srpxGUFw4tPJlz7UCbJ+FBU4yE71xy9o78Ssx2Pa/bCpN8Qde6TUJoVUp1AcvNtke0wCJTd3xRvQ oXOha9sps6XKNH7OoR5nvRbTQMwQY2aXxxzX2AJkLHgecqKaWzous6C2sHP+cAfGpl7ZUg5Fm0kT kGzs5FYiGQaAntvoBg2vQptObkCusqatRGQn//DTPh6oNCEHahaHD2oAG/VdMx2OmcSYQtb0Mwpk jWFam8DWIM61rpOA63hkGLOTZpibL3cPq6xHBMPW8QcGMAAFMBsAzI42tKPdbGdX+9kLwPazqd1s bmf72tX+trS53W1qM8Db0862tc0tbm2He9vgFsIJT2zrlKIERipQdqg94O50f9vaAPd3wOF97nj7 G9sBbwDC+y1weF9b4A7o98LLnfAftGyDUJWuMiX7aTjrxkgZunWlpyrFB+574BT/d8OlXXCAI/zg 72a5yhUec5T/29wpf4D+xGs+7ZdbnGqTNd3vUh1d2eoNMrRRaVXJ3F4Fs9vbDO95uNu9boKv3Ofo TjjDJw5tqUOc5iznutdF/OSP6bBwwWxc2uztpSRjcLqG1sDTp571ilMd4nX/etV5LnW+b3vdMKd7 vMWud3k3Gmpot3PRhz6VI7kg43WOewbm3nKsT/3uL7f6zHXu95xzveaEh/nKNw+EG0tebxlXu9Et to4mPR7Vz1X8qicQ+qgXfvQqz/zlaT7zrYP+3Li3OeF9XvpoQlnQcXzdkccYCQCZ6QQIO2XTPU6B iY+78xCwvuZDv/eWax3cYQd+3wUv87oTvwq9pjWOlNBr+tEa6BpYv4j+xbjr+tv//vjPv/73z//+ +///ABiAAjiABFiABniACJiACriADNiADviAEKh/52cBEzgCFRhxu+cDE3iB/JaBJ8CBFQCCSJB1 JIhz7GZ3GCCCHXh73kd6OLCBHrgB3JcCIHiBKtiCPeB7NueCLFh9MSgCN3iDNQCDFsh3K1CDPyiE KKgDOih6PFiC2ldw5TeF7iZzVEdwUFeFO0eFuudyJ4h5J5h36EZ5WPiFXgeFl5eFMSdxTjh3lnd9 KPeG4PeDLtCEWlhuVmh76XZ+O+eFfoh3greHBmd1ZfiHXSiIS4iIiniIhEhxhQiIuZdyjGhwNweH Okh8fbiIgbiDQxj+hp6Ig5HYfWa4hddnghXXhY1oiI44eJQoenqYharofalYiLYndg6Xh4M4h57H hZoXiqR4iE7YiaNXexmYiVooizlnd7UYiKmoic64jLHoi6x4itMoiOQWjLjXi8gYi1GojLtnjMnY gnooA3bYinxYjcDoimm4jtRYeZKIjqsYjcJnjvCIjeC4g9A4j9mXi+pYid6IgdzogbZIhyzweaBn igAZeLcIdtqni9h4hvGojmH3jt0nhbf4jQh5hww5h6H4kHCokJvoex/Zhm64kRUphsfIKRyohBFY dT7YkgPIkuRIkEBIkyFQgTJJKjm5ghIwgyiAhCAAjJb3AzvpB0X+SYNGqAJAuWyb2IN14obrWIpg OJHeeJFT2ZAumZVeaIUQyYUm6ZV7SJIpeZVrqHtWqZAMmZVqWJFjN4YcqZVKMInb+HWzSI9z6Y/P WI28l4/9CIkeiYcRmYn72JdCOY3nuI2X2Ip52ZdOQHl+KZLNOIoh6ZD3eI2SaY88d5GTGYfbx4vh KIr12HuGyZVymZicSZGaOXZNkJGbuZhoiYOVWY+YiIuYKY2DSZi7yH2zGZDtqI+q+ZgU6Zp1qXdm uATNiI+oSYm7aZvC+ZntyJeCyXu4OYyKuZzD6ZeMiZ3T2Zz9SIRM4IlDKZbHeY6RyZonaYJD+Yrl SZviuYunCXj+FhmcKJmcv6mWVCmRWAmOpWiTanCUF+CffQKggCCgEVCckEKgMJmggYKgHcCgM/mC /AmhTimdZuCgPMh5E4qhiaiUEfqTHcqUI/mSK5mUPJkEFip3HwqKD3oDJ3qbMuic4piiUgCL1tiN a/ma7RaPb9mV76iRcNmW4GmWNhqYtPmWYxmkWmmgqIikiLiMZ1mfbtl1KWmgNBCb/2iah9mkH9mL BsmbPUmfwNmdEZmWfaieYWqDpmimj1iY8oifisiJLJqL5bilo6mhjzh+2HmdC/mVoTmPabqK4Ymn qdl3QIqeAsmMcrqmpJmZgFmaBxmfMmoCkOmb5fmmiOmesPn+qM74m1Z6plHplmzqjtJ5jLOZpV6q qIEanZeKlxsqjMHXqWVajHX6j6K5nb2pp5tpnexYq6J6l5baq88pm5gao3+YkJ2pnTtQgh1Jo/r5 qWNKqIX6mqSIgXTKlu2JnIFKqD6qhmUJmL0ZjbDok9UKrecZiT4KBC2KPwyarjnArvazrpGqoIng rilIkEUphPQKA0EYr//ZlG6Qr8TaqgJLe/6akJPHnywpk9qooS/JAXf6r/z6orz6pSUaghHroRJL gTa5k+k4BH9XqFipml+IhtiKkVO6nzg6nw5prWNJrkEKqNvaqDlqkT8KkTWKh9bqklB5d9pKpOi6 qNOpqnD+yp2bJ5hduqkAeY+suqqLaaVK+33fqqWU6q8DuZd1Oo5MSH64KqhAC5L2ObITiZDUaZ7x aas1OqqNSp9O26fZSLU+i7RAmqOUOatU2q6MGrQmm6uJuqFiC7XFCqewOpmOirbcubW8mo6K2qY2 S6vD2bI5eLedarC26pPA6re/mo+GG7WqGqu8+bRtm6mbepzAGp6Ni308IKTyCZXeOpfKOrM8C6qA F7OLOq7mt7quC63hKqzXKoU1+6ckSa5JKrsaeawDO4IXO6DHK7lfALD6ypV2UrcN6rxewLzySgX7 aqLeeZPJW6UIu71FWAQquJwW269xSqEESr3ae6EMS7D+PUkC6HuEGEm+Glu+AZu+2Ku+ylugMYig 73uwqbunnAmGVbmjXzu3ZUmt4EezJFt59hm8Q9qNAiyt3abATGquB1ycQNuIQxrAWZudu7m2+kuc eju1THu4wamzdMuOg2usYArAn8uXf8uHdKmjuou15TutIoy35Lmwjlmp18icJoynovmnqguyLiye e/eZVfvD7+mY4peeMJuaFWy3SPzBwqqrhWeepmmn4bjEh0p62jippdqaToyCXjyYYpy3qBuiMyyk yXrCv1q4XayXSRuaC+ubQZy9UEy4Swu6r7qrAXvHcCvIOfyXVnvI9Mut4oaMG9zGVUizDby7Ecy7 kOn+tnQatgCsyGlZtH27yJXMyJlsqh2Ju1p8nzbQvweIytW7yqzcyq78yrAcy7I8y7Rcy7Z8y7ic y7q8y7zcy778y8AczMI8zMRczMZ8zKNyHkBwbJVwI9yUD4/ReklxAlwSIi4AzcGAdNfkFfc2zSYg JCJyGl7CzASEzdD8GrzgFP7BFUoyJOrMFVoBFUdxFVFxF9nsGNmkzOg8JEfSJOFxIN7Bz//gz/zs zTEScuP0CwmSGx3yfF0CJjICzlIRGBOtTwr90O/sz2biev9RG4mB0ekc0upMzus0zwlibE2REiIi 0SfdIigdEg4dTyYtG/PcGrTBH3/B0QUd0IuRdPP+JCAY3R/G5swX0s3wXCDOh9QFgsxM3dRO/dRQ HdVSPdVUXdVWfdVYndVavdVc/QFXRgrEUAOkcR8RAQJfTQRnnQJpbQaWsRxxYQoV0NYNImMy5taw NhnjEBrlAGNvvdfTAB0rkNbVsNZo0Q1wDddXRth/jWhgvQNx8dWCPRHScRF57ddxXdmHjdkssdl6 DQNnLRMesA33Mdr0oQJ3nQNyXQ5B0RIvIdqprdqwjdltMdmvvQze4Na2jdeUvdt2ndnFwRa3vRO3 /RZhkduATdfGnWaLrdtpJte9nde43RPMvRA/cdjC/duKfQKgDd3cXRG8ndnfgN3BrRC0TRCAPdb+ ol0ZnBHe6L3c5v3drn3emt3dlZ0TpXHfxXHctb0Tuv3e/u3a4e3dfj0cxz3fNsDe3c3aBo7c1T3g oeHc/s3d6f0TYw3W8V0ZFZ7hg10awp0m373X9o3hFhHg5L0cH/7fEg7fnNbe0FHWwd0DCH7h+Z3Y sT3hlo3XEE7e/W3jC47iPF7iBT7hplEiJ67ZMj7Z9S3gkiHj7S3ksg3kIF5jFMHjOBDj+E3fpJ3f SL7b4I3j8u3k/W3hV77dYc7kSq7jsS3by93kW57gZz7mKQ7bIb7j+u3dVH4D123bL37j7p3hFL7g 6V3b0o3lrb3eHd7gcz3cgw7ged7XwF3YLF7+6Fqu5xzO34x+6FLC3hNh4yU+HX3dBNldgMox6qRe 6qZ+6qie6qq+6qze6q7+6rAe67Iu611d67Z+67ie67q+67ze677+68AeB6HuVu03ayFWAcXOa0NQ 28wkTdcDdPQXAsn+YnVT7XMGM84kOtKldBnwVsyDPY9GA29dXVL2aNHeZANFbDUQaNkebOGObAkW 7+6O2hFO7qumYi5kO3mkPfze76VUSMcXW8t3SIajOc5OPY3UQVn0ZPqeasq0Xs/EcSTUQmSURfvO VPzSQVG0XlE2AzZh7xyHWeoFRLJ3aGqHanJldIujepEVdCqjZHbWSi0fd6cnTCWvOEvn8q/+BfMn J2rsRWp4k3oVBEqbdPK4I1k0T0JMtniRJzULH3uVRnTR1fRUD/VwU/UptvSTM0uEY3bnDmlTb3rC lmNC52D8MvVHX/Jqr2Wqd2mV4/ZX/1xepvZJH/d0H/Vs3zvBE/VMpwMgL2lYs/ZWb/NXP/NwL3tB 1/fLU/c2H1V8f/h9//ZY//g5L/YHE3v6JgOOn0tPvzuW1e8dN0kUj/KfH/FtdmTHJ3kKP12NZFmh xEE/30Yd5/QXzzqnX/ubv2RPH2mt7wXTPgW/L0DwhwbDH+yTMuwUEPyKZOzA/wGYdifMfvBpRPYZ Q/BO1e7ULu/mjkzq3mT6ZvSwJ2gToPz+XTDusIdpfIZMrzXv7D/+zo8D34/3tIX9yd8HzH7+gK88 XC8z/n79Zec3CABgrMvGrddkhJEquGf2W5WNVgdymDSZnmiilZOGY6zeeK7vfO//QAnh9iG9OJTY p6SaLVesYhMqdXWkMmqpmr0aT1njUgyKTi/Qq7o7XZeD8Lh8TvfNkmyW5ZnW98cyTihsaDQNWG6A XIaFaxcpaI1gkYRnZZBeeZUYknWen6ChL12IfntMqH6AqmGbmqWNiq2ss52UsreVW2COgX1mT3yi w8TFRKTIqcfKfKVaic9vi2mxu9BuwMm/WNWm3LXWo9DCxuXmnrJhmEQ2gYd3SKnxgob+1Erx0uE1 NLQr85rP9jmLtu5RETJHDp5byLChw4cQI0qcSLGixYsYM2rcyLGjx48gQ4qMOGRkkHY6yBlT6ZAl EJQmY84ZQnPPvZvv8EF02aobMZ4LeboE6k7osl9Iicr8QaBpG3/aTElUGq0c1ZU9hp4E+DSqsqXE apY0E7BrExE3tRSaZwMJ21yDNPCzWa+uXbfi6q7FGTDn3Ll4V7U4aDCc3EGR3oINMlYXN7d3qM0C 9qWTVEm5xvGoBmvyWj1VKqudXFVXi6dKJJ/NEYuEs6uLbRJ+zXo2Zs+QmsmWTMkLDBzr8m3C1Dub 8XyCUSKyHPwRwHbNPduNDUd0aZb+h7pOE9bWVc/R7FBxzjNNze1ryEkHS04aNCHmBONvpy7nW16p +lQL1y9/13j33u0HHlT9+PTfG9uI155+6TAh2nIDwkZfg4NlB1xagMWVYTC7adCbhZA1o2EN3SVk ml506RViCHKRZwUzaCnkGGQRTkffjTj+lOOOPPZInYQ+BinkkEQWaSRXD6F15JJMbhTcHIJdOKId TVZppY5fVZflK0iadeWXYP6gW4shjukbh3SteEKMYbbp5nPXxSldUWSpZd2beIapGyf1hHZbZwoe J2OehFa5J2pyoveHaT6xWOijR3I4H21zFhigmZBmKmRBfA0kCHTRuQNaYZqWair+a6emqmqSq7bq 6quwxirrrLTWauutuOaq66689qpCY+jYCiRSOwzrKx1idajSk9VhSCZMxYqCaX1bMkIsl8eS5FSg qFa7mXTzvXSOsdcehV9K2UKUrHd4taEYgvmFS+dhbNbSKT9q7jXbFjqhGZg/aqZ7DrB4pGcJK9A+ WGmNAz0gKIIQvtjoxMSpo2i5AmNl3oIGxWhZnQeyx+eg703pXBTNhaqopOCSolPGQX2Hzczlkdcy gPCux62gjSbaYJQGB00uzFttfJ/QCSooL8PmRqxefw8vzLJmFxNtjhN/4UEinSIG/K6y97Q46r6k OnxYigWv7K7EKkJrtaZDo/v+9twYvQyK3XTnrffefPft99+ABy744IQXbvjhiCeu+OKMN+7445BH LvnklFdu+eWYZ6755px37vnnoIcu+uikl2766ainrvrqrLfu+uuwxy777LTzKMDtuANwuwS74567 7r4r4PvuOPwu/PAODC/ADcETD/zxvyufg/EqKC+989gvz7v2xwNPPPLPJ8899MZL7/3y5Z//ffA6 mK/++NS7v7347xcPfvoXZT+/890nH/4O8ePe+nrQOwGiD370ax//5pfABuqPgf0boP/4t0D9UVB7 6xOgAxE4PQP2j3kXbOAG/1dB+B1Qg/nzIP1KyLv/dZCEKlyg/WDoQhXOUIb+NRwfDT/IQwlSMIfV 82AIw3dA4Y3Qfy+MoA6790Ae0rCJPUQfETECxQIGEYQ8sOIHJQjAIjJxiU7cHxiHmED2sbCMGFwi GbfoRSUa8XtHJGAMx9jGNT7RhlHU3RRTKL7rsU995KMjGv8IvhvOMYBJdGEgAflFLW7PfD4soPzu yEA4Pg+PhbQfITeJRgiycYci7B0TqYjJNhqyi/czJQ6vCMVPavKPoVRj9KiXRyIK0YRBNCMu9yjK MPryi54MJBcVacFM5jGNeuTjMXWIy1W6kovOXKEQIbjKVgIxl2mU4RChqUpmyrKSGOyjA4MJThE+ c5cjjGYIDQjGiFTRlMn+BGYi5WlLOT6RmoIMph1recVOUtKc2tylJb03Tn8e8YzSNOc/59lLgioT iJDUJSyJ2c36PZKd2UMkFvVpQk4qFKKzbB46fRnRhoKSkRQVo0hZacw+DvOVA1Vk7WZK05ra9KY4 zalOdzo5P6qUlunz6Tlp2c+LZnSWH3WoMLHpyEu2FHqPjKo4XSrJEyKxpe4rae78qEGudpScIPzq G5/qkHfKdKp6RGgxWzhPkIrxl0pN6kmb2kGxQhWt/czgBDmYTnS2En/XxGs070rYOraTIWZ1phfh 2cSmHhahTn2rYhn72FKe9a1jzSw9y5nWcP4Qn4H96x4DG1m40nOxpH3+SGIfO8Uz6vKyG40lSNVJ WQXKdrCORO1aiwrH3h52oaCs4GjXmNvflrazmjWtOY4qUqIi84TFLC5ROYrZRnZRtom0HnTzyctI YjeCo9QraMnIXCNe8rsPpG0ZwztS1VpWsewNaza5G9tl/lSBmZzsbX9rPfMi9X147C5ynRhR0BJ4 lPzsL2wB7F8p7rMhq22fOAOawXDKFbKOLWI1LZvdZvI3hkispxvzOuEAB9TAxEQreed4XfBC9cGI fS9rX0xf7HEWoB7G7IlRHNt1VpaVIaYrXYdb3KKi18QqFqg3YctCdp4UIqudqIc9GsXyeVOiVn4t gZcM1ygDdcmCbDL+8poHTinTEZbMlWIcV/pTyJ5XmhPN1GB5Src50/nOeM6znvfM5z7/IJXN/bIk 94plCmf50FW9oFhLSmjnEvfKId3qmAGNaFn+16VxlXScUcrosQZaqYa1KFkhjEAcbriwcUzpiEWc 1ABWNKgmfjRva7tfg9YXnrb86l9LPeUgK7mrtzSycZfL6xkaG7Wu3LJBX1rN1r7a2eNVco9pbd9V 31qmvs3srlu4TiJXEtqbrSFFdmzkbw/UrAZOL5eZB+1uZ7uvN4a3J31s63Jj27P4fjK5z3tugYL7 uMotazZRellLNhTdVMVoeQmeTKR2m9/SrvKZIz3fVxcSq98ksUP3E53xeav54P6GOJwXPpHd2tvF IP/uZjN88oYP8OGi3OYkTx1uWbO8rfdu8HNjfeuPq/mazwVufaEc7KGvt7AcXjYylV08X0O0xDd2 s7xVrkVrhjLn8Sy6qpP7ZlCHnKAmN2/AyxH2VlvY6yrfobpbjkKAgzzUWy+41vl53JfOG+ttL/Ld H472o4N97vFc8EK8anUyp3qSbh35kMVe5ui1medmLzRltdxIR1McuoFX/MQVfvbgbrXxFa+4n0dP +tKb/vSoT73qV8/61rv+9bCPvexnT/va2/72uM+97nfP+977/vfAD77wh0/84hv/+MhPvvKXH5sE AAA7 ------------F4DA146EA1B014-- From ipsec-bounces@ietf.org Mon Nov 06 13:13:28 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gh8ut-0008DV-2m; Mon, 06 Nov 2006 13:09:51 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gh8ur-0008DN-Ry; Mon, 06 Nov 2006 13:09:49 -0500 Received: from mgw-ext13.nokia.com ([131.228.20.172]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gh8un-00048A-Bp; Mon, 06 Nov 2006 13:09:49 -0500 Received: from esebh108.NOE.Nokia.com (esebh108.ntc.nokia.com [172.21.143.145]) by mgw-ext13.nokia.com (Switch-3.1.10/Switch-3.1.10) with ESMTP id kA6I9ZFg031221; Mon, 6 Nov 2006 20:09:42 +0200 Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh108.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 6 Nov 2006 20:09:40 +0200 Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 6 Nov 2006 20:09:40 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 6 Nov 2006 20:09:38 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Last call comments about draft-ietf-ipsec-ike-ecc-groups-10 Thread-Index: AccBzrk1b8CijvrZSHih3OiH4viOeg== From: To: , , X-OriginalArrivalTime: 06 Nov 2006 18:09:40.0267 (UTC) FILETIME=[BA3B07B0:01C701CE] X-Nokia-AV: Clean X-Spam-Score: 0.2 (/) X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca Cc: Subject: [Ipsec] Last call comments about draft-ietf-ipsec-ike-ecc-groups-10 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org Summary: This document is on the right track but has open issues, described below. Given the complexity of the issues (and the track=20 record of getting things wrong with draft-ietf-ipsec-ike-ecp-groups...), I'd strongly suggest making a new I-D version before proceeding to IESG evaluation. 1) This document re-defines three groups (and their numbers) that are defined in draft-ietf-ipsec-ike-ecp-groups-03 (which is currently in RFC editor queue). Unless the intent is to obsolete draft-ietf-ipsec-ike-ecp-groups, these three groups should be removed from this document. 2) This draft uses a different method for point-to-octet string conversion (in KEi/KEr payload) than draft-ietf-ipsec-ike-ecp-groups (and thus reusing same numbers for some groups is especially bad idea, since they won't be compatible). The conversion method is also different from the one used in RFC2409 for Oakley groups 3 and 4. I'd suggest either adopting the same method as in ecp-groups, or explicitly noting this difference. In any case, a very specific reference to the method is needed (e.g. "the data in the KE payload is the point on the curve converted to octet string using the EC2OSP primitive defined in [IEEE-1363] Section E.2.3.2.") 3) The IANA considerations section is very confusing (and does not match the current state of the registries). I'd suggest rephrasing along these lines: This document defines twelve new Diffie-Hellman groups, as described in Table 2. IANA is requested to update the definitions of groups 6..13 and add definitions of groups 22..26 in the "Group Description" registry defined in [RFC2409]. IANA is requested to add definitions of groups 6..13 and 22..26 in the "IKEv2 Diffie-Hellman Transform IDs" registry defined in [RFC4306]. 4) References are not split to informative and normative. 5) "RFC2409 [IKE] defines five standard Oakley Groups - three modular exponentiation groups and two elliptic curve groups over GF[2^N]." RFC2409 defines _four_ standard Oakley groups. 6) The document uses RFC 2119 keywords, but does not include RFC 2119 as a reference. 7) Typos: s/RFC 3406/RFC 4306/, s/previousley/previously/, s/ellipitc/elliptic/, s/classe/class/, s/generaotr/generator/. Best regards, Pasi _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Mon Nov 06 19:58:43 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhFH8-0004SL-Or; Mon, 06 Nov 2006 19:57:14 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhFH6-0004Qa-Vo for ipsec@ietf.org; Mon, 06 Nov 2006 19:57:12 -0500 Received: from e2.ny.us.ibm.com ([32.97.182.142]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhFH2-00060b-LJ for ipsec@ietf.org; Mon, 06 Nov 2006 19:57:12 -0500 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e2.ny.us.ibm.com (8.13.8/8.12.11) with ESMTP id kA70v8I2009062 for ; Mon, 6 Nov 2006 19:57:08 -0500 Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay04.pok.ibm.com (8.13.6/8.13.6/NCO v8.1.1) with ESMTP id kA70v8qo145168 for ; Mon, 6 Nov 2006 19:57:08 -0500 Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id kA70v71K001206 for ; Mon, 6 Nov 2006 19:57:07 -0500 Received: from d01mll83.pok.ibm.com (d01mll83.pok.ibm.com [9.56.225.194]) by d01av02.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id kA70v7Bk001202 for ; Mon, 6 Nov 2006 19:57:07 -0500 To: ipsec@ietf.org X-Mailer: Lotus Notes Release 7.0 HF277 June 21, 2006 Message-ID: From: David Wierbowski Date: Mon, 6 Nov 2006 19:57:05 -0500 X-MIMETrack: Serialize by Router on D01MLL83/01/M/IBM(Release 7.0.2|September 26, 2006) at 11/06/2006 19:57:07 MIME-Version: 1.0 X-Spam-Score: 0.1 (/) X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88 Subject: [Ipsec] Negotiating IKE_SAs X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0513583171==" Errors-To: ipsec-bounces@ietf.org --===============0513583171== Content-type: multipart/alternative; Boundary="0__=0ABBF88CDF9288D08f9e8a93df938690918c0ABBF88CDF9288D0" Content-Disposition: inline --0__=0ABBF88CDF9288D08f9e8a93df938690918c0ABBF88CDF9288D0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: quoted-printable In the IKE_SA_INIT exchange the initiator sends an SA payload listing acceptable proposals. The responder picks one and sends the chosen proposal to the initiator. The identities of the IKE endpoints are not= exchanged until the IKE_AUTH exchange. If the identities are not excha= nged until the IKE_AUTH exchange, how does the responder know which of the initiator's proposals are acceptable during the IKE_SA_INIT exchange? RFC 4301 discusses the use of the SPD to find acceptable policy for the= creation of CHILD_SAs and it discusses the use of the PAD to authentica= te IKE endpoints. It does not appear to define a construct to identify wh= at policy is acceptable for the creation of a of an IKE_SA with a specific= IKE peer. Does this mean that RFCs 4301 and 4306 do support the definition= of peer specific policy for IKE_SAs? RFC 4306 states, "All implementations of IKEv2 MUST include a managemen= t facility that enables a user or system administrator to specify the sui= tes that are acceptable for use with IKE." This seems to imply that peer specific IKE_SA policy should not be defined and that the responder sho= uld pick the most secure proposal that the responder supports. Is that correct? Dave Wierbowski z/OS Comm Server Developer= --0__=0ABBF88CDF9288D08f9e8a93df938690918c0ABBF88CDF9288D0 Content-type: text/html; charset=US-ASCII Content-Disposition: inline Content-transfer-encoding: quoted-printable

In the IKE_SA_INIT exchange the initiator sends an SA payload listin= g acceptable proposals. The responder picks one and sends the chosen p= roposal to the initiator. The identities of the IKE endpoints are not = exchanged until the IKE_AUTH exchange. If the identities are not excha= nged until the IKE_AUTH exchange, how does the responder know which of = the initiator's proposals are acceptable during the IKE_SA_INIT exchang= e?

RFC 4301 discusses the use of the SPD to find acceptable policy for the= creation of CHILD_SAs and it discusses the use of the PAD to authentic= ate IKE endpoints. It does not appear to define a construct to identif= y what policy is acceptable for the creation of a of an IKE_SA with a s= pecific IKE peer. Does this mean that RFCs 4301 and 4306 do support th= e definition of peer specific policy for IKE_SAs?

RFC 4306 states, "All implementations of IKEv2 MUST include a mana= gement facility that enables a user or system administrator to specify = the suites that are acceptable for use with IKE." This seems to i= mply that peer specific IKE_SA policy should not be defined and that th= e responder should pick the most secure proposal that the responder sup= ports. Is that correct?

Dave Wierbowski
z/OS Comm Server Developer = --0__=0ABBF88CDF9288D08f9e8a93df938690918c0ABBF88CDF9288D0-- --===============0513583171== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec --===============0513583171==-- From ipsec-bounces@ietf.org Tue Nov 07 00:42:46 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhJfx-0005Je-UR; Tue, 07 Nov 2006 00:39:10 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhJe6-0004SG-C0 for ipsec@ietf.org; Tue, 07 Nov 2006 00:37:14 -0500 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhJUh-0002xN-F9 for ipsec@ietf.org; Tue, 07 Nov 2006 00:27:32 -0500 Received: from [12.105.246.138] (0127ahost138.starwoodbroadband.com [12.105.246.138]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id kA75RGt7030910; Mon, 6 Nov 2006 22:27:17 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Mon, 6 Nov 2006 21:26:58 -0800 To: David Wierbowski , ipsec@ietf.org From: Paul Hoffman Subject: Re: [Ipsec] Negotiating IKE_SAs Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Spam-Score: 0.0 (/) X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228 Cc: X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org At 7:57 PM -0500 11/6/06, David Wierbowski wrote: >In the IKE_SA_INIT exchange the initiator sends an SA payload >listing acceptable proposals. The responder picks one and sends the >chosen proposal to the initiator. The identities of the IKE >endpoints are not exchanged until the IKE_AUTH exchange. If the >identities are not exchanged until the IKE_AUTH exchange, how does >the responder know which of the initiator's proposals are acceptable >during the IKE_SA_INIT exchange? By looking at its own security policy. >RFC 4301 discusses the use of the SPD to find acceptable policy for >the creation of CHILD_SAs and it discusses the use of the PAD to >authenticate IKE endpoints. It does not appear to define a construct >to identify what policy is acceptable for the creation of a of an >IKE_SA with a specific IKE peer. Does this mean that RFCs 4301 and >4306 do support the definition of peer specific policy for IKE_SAs? No. They support definition of peer-specific policies for IPSEC_SAs. >RFC 4306 states, "All implementations of IKEv2 MUST include a >management facility that enables a user or system administrator to >specify the suites that are acceptable for use with IKE." This seems >to imply that peer specific IKE_SA policy should not be defined and >that the responder should pick the most secure proposal that the >responder supports. Is that correct? Yes, approximately. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From akstcembrapamnsdgs@embrapa.br Tue Nov 07 02:48:54 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhLhW-0002yv-42; Tue, 07 Nov 2006 02:48:54 -0500 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhLhV-0002lc-V3; Tue, 07 Nov 2006 02:48:54 -0500 Received: from bibik.ll.edunet.ru ([213.184.146.42]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GhLhR-0000Pc-S3; Tue, 07 Nov 2006 02:48:53 -0500 Received: from 200.202.168.1 (HELO mamona.sede.embrapa.br) by lists.ietf.org with esmtp (1@2=020N YV+D?) id -T=SCK-.81-*L-M) for ipo-archive@lists.ietf.org; Tue, 7 Nov 2006 07:49:43 -0180 Message-ID: <01c70241$49640550$6c822ecf@akstcembrapamnsdgs> From: "Amalia Brennan" To: Subject: Hey Date: Tue, 7 Nov 2006 07:49:43 -0180 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000F_01C7025A.6EB13D50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 X-Spam-Score: 4.1 (++++) X-Scan-Signature: 501044f827b673024f6a4cb1d46e67d2 This is a multi-part message in MIME format. ------=_NextPart_000_000F_01C7025A.6EB13D50 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0010_01C7025A.6EB13D50" ------=_NextPart_001_0010_01C7025A.6EB13D50 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable "but she does help him on, as much as her nature will allow. if i can perce= ive her regard for him,again his astonishment was obvious; and he looked at= her with an expression of mingledand accordingly she did turn, and they wa= lked towards the parsonage together."on the evening before my going to lond= on," said he, "i made a confession to him, which icare not how much i may b= e wounding your's. i can no longer help thanking you for your unexampleddan= cing, he was perfectly indifferent to it; that his chief object was by deli= cate attentions tocan afford to marry without some attention to money."diff= erence of sentiment. elizabeth listened with delight to the happy, though m= odest hopes which janeconnections?-to congratulate myself on the hope of re= lations, whose condition in life is so decidedly"well, well," said he, "do = not make yourself unhappy. if you are a good girl for the next teneat; and = the beautiful pyramids of grapes, nectarines, and peaches soon collected th= em round the table."in my opinion, the younger son of an earl can know very= little of either. now seriously, whatdescription of only one of lady cathe= rine's drawing-rooms, and found that the chimney-piece alone"elizabeth benn= et," said miss bingley, when the door was closed on her, "is one of those y= oungelizabeth looked at darcy to see how cordially he assented to his cousi= n's praise; but neither atand humility. ------=_NextPart_001_0010_01C7025A.6EB13D50 Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable

3D""
"but she does help him on, as much as her nature will allow. if i= can perceive her regard for him,
again his astonishment was obvious; an= d he looked at her with an expression of mingled
and accordingly she did= turn, and they walked towards the parsonage together.
"on the evening b= efore my going to london," said he, "i made a confession to him, which icare not how much i may be wounding your's. i can no longer help thanking = you for your unexampled
dancing, he was perfectly indifferent to it; tha= t his chief object was by delicate attentions to
can afford to marry wit= hout some attention to money."
difference of sentiment. elizabeth listen= ed with delight to the happy, though modest hopes which jane
connections= ?-to congratulate myself on the hope of relations, whose condition in life = is so decidedly
"well, well," said he, "do not make yourself unhappy. if= you are a good girl for the next ten
eat; and the beautiful pyramids of= grapes, nectarines, and peaches soon collected them round the table.
"i= n my opinion, the younger son of an earl can know very little of either. no= w seriously, what
description of only one of lady catherine's drawing-ro= oms, and found that the chimney-piece alone
"elizabeth bennet," said mis= s bingley, when the door was closed on her, "is one of those young
eliza= beth looked at darcy to see how cordially he assented to his cousin's prais= e; but neither at
and humility.
------=_NextPart_001_0010_01C7025A.6EB13D50-- ------=_NextPart_000_000F_01C7025A.6EB13D50 Content-Type: image/gif; name="itnfgh.gif" Content-ID: <006901c70241$49640550$6c822ecf@1DAE9092> Content-Transfer-Encoding: base64 R0lGODlhdAHfAaIAAP////8AAMyZAJkAAACZAAAA/wAAAAAAACH5BAAAAAAALAAAAAB0Ad8BAAP+ CLrc/jDKSau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru987//AoHBILBqPyKRyyWw6n9CodEqt Wq/YrHbL7Xq/4LB4TC6bz+i0es1uu9/wuHxOr9vv+Lx+z+/7/4CBgoOEhYaHiImKi4yNjo+QkZKT lJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur5IBARCytLNhtSW5DrsNvRsEBBDBw8JVxA/IDso/ t7nOCs/R0dCy1rctvyHWvNgZv87QAOHT49TlF8bI6grr7e3swfLMAPPyDfbz9fnGDPz99JSpY1cP 3ruC+w76mFXLG0OGDB6aW6BtRcUP3Hx5w6D+TaLDcRApgpyYQRixfgVP+ks40B9KZjBRuqQQsOWC gCxXqryZM8i1bh0zUtzI4mKHhhuNTqj4U2NQpRP04bs3VaBMq1NvytRKc+tJgFv30RPrlapPoUOf JsWGdFcvt02pZbwGV2jbCEg1Rox7l65DtHKJxtUg1eXYwjW5zjSYLGzWrOscF9Z62GyzkR8bRsS8 N+3Qc59Hgn4LOrRov7ZMi179jG5pkZphh5wWu2TPdztxm2SsOOFi38sc/+b6ddjtlLt55u5BbmJz cdJKg5P4efrqzqoxE+2murXeoL5Gl4v+3LZvgu4QukvMm/c/k/yCy5+88vzB9DaF57jIXzD+27Wj NVcdYG8BCBVrf72mHXcP9JeaB2O1N1xME74kmX4SRgZcY8V0CAZcep0Wjl8jgphdXhKQaKKK1GF3 TD5V0RfhhsXAyNiMeJgYmnfXNThXgp1BZV2AD7pIBYW9bTgjjkk+RqMeOkpn13YMFvgdlQoS2WN2 W0bBHo1YcSgmjkjyESWCVlaH3ZAiprgdj9ehaOQUlUl43oUeknkVhnCgxuaWqAX2V11nhhhigU0x BdgTERY33z9P3ihcnbBUaumlmGaq6aacdurpp6CGKuqopJZq6qmopqrqqqy26uqrsMYq66y01mrr rbjmquuuvPbq66/ABivsHwYYgEOxMyD+i4KyITB7SrHQGqtAtMxSa6y1DGD7gLMZUDuBs9VK2wG0 3Yq7gLYUYMttBeiu+625k4Q7rbjKcusuAPKSAK4E4NILrwbkYmCvufdu6y/AB3NQsCP5NgzvvfIi K7G00Z5bcQP74nuxtxxTfLHGEF97cMAgkzxvtiKDDEHE4Zp88sv1kuzty5U4bDHNOKN8c8can9tz zuvafPPJLPvswMQWe/zz0jhPrPTR/iqd79A/Iz3t0jFf0u7MJXvsctE7P5wwygELTbPVPbusM8wj j910yjmf3TbV837s9NpV/xsJ2mkTLPbKM/fLdNcLO72x32EHrjbhT/dNN9Nouzu14V/+w812zIpr 3XjWQOs9OOSWx52tzpIjTrTnKmOcMNiDCz413qwbLDfZn2tiNueP5+46vZBjTDrBb4c9ututW251 5b/njvXcRlOdNfNX1w7J7r9XHDLUa9v9Mdkt9xt13jKrPfDydX+u7evOr7598JhHjf6w8Mcv//z0 12///UosjH8i6qJ+AbrvWhzeuMcuAdIuehvQn/0UmED/qW50EbieBRgos3E5cIFtI1f4BOi9oAGv a3Xz4On01r2jVS2ET+McA+kHtucRb3adwx7bAFc+823Od/Uinwobt78Hnm6G7yNfDFVmNh++D3Mr I5oQkRbEHrZQagBM3+NYljnZCRH+duJTos0id8H6PfGH75IiFmsnwSOK7WFJWyISexhGMLoQgj68 4uwyVsYX5hBoaZwcD1c4vy+CT4IoNNjhTFY5LqqufSYcGtfyNkA2OvKRkIykJCdJyUpa8pKYHEH/ NLhI6/HufOvjmig9SUiejbB9IiukIk2Hr0AykoCEkx6pRBjH7N3xioJ7Je5kqUfQGdFv6jug8eCW y/HxsVO0bOTlriVGX+pyj6jrZS7FyMWBSUyH0AyeLEflwfBZMZVje90OlwnOf0mTlLh7YwhxyMlV js+Zx+QUEpOZvRriEpjdc1vBznlIQzpOd+Vz2DuL2cVPxU50t+wl+6A3TRlik4b+VNReIv/5x182 M1UHJSPF4KjQGT5Tmc3kW/JeKUcEtrKjq1TeqjZpxms2r4N/A2Pf2knDpKEShDi950RbmVONTjOe mQyqUIdK1KIa9ahITapSl8rUpjr1qVCNqlSnStWqWvWqWM2qVrf6iPW1oFpRKIBYxbqAsZLVrAVw AFrLalYArHWtbFUrWRUAV7e21a5jbUBe6QrXvt4Vr2n1617jUNBl8Q4Kc01sWuNqV70uVrEMmCtf HyBZti62sY2V7Fkfe1m8OpaxmeUsYytbWTmQcJ5e+17JEAi8jaaOpqnjKQ4gi9nJ2ta2tL1tbSPb 2dDiNrCX3exthQtazQJ3uKL+Be0czOkz1zLTpCdtbvOiK9urOVe2rp1tct8a3M7Slrt5retufQvY 5JLXuLtF72Rzq9jw/hUOzLVu9J7LU+sZjb7zra8G87vIHNSVtN3l7WABzFvK9pa4kEWveImL3Lgu 2Lx8Hewb4kvdjX5Suvz1XXQvXN/q9oDBBNYtiL1LYgMLuK0JDvCI/xvg9R53tL1V7oQ1XGH52pi6 2J2oS2uM4+ze4LslHi+QCyxjEatYtArebotrm+QGj7fIbhhkfk+6QfoelqOp7bB+r/zjI7tXwg0G L4NP/OLQDviuTXZyhNkL3M1+ubSDKOx0uZoFOUOXznjOs573zOc++/nPgA7+tKAHTehCG/rQiKaq nXPgwEXTyquOpgEwBelKA0bQ0jROIgbsQRmr3IPTmeIyEuwLXQ6/VGAJ/FZJ8sPq4YRaus8tG1ht YOU5Dy+CqOYoEbNcQx9LQEN3ag+TXvFJC+vawzKo9Z0rCsf/JVTLteZwQYFNbX2AGlMbw7ArGf1s TZ96XDa+rqnxW4Frm9tCyKQxfiPNAmaKutlaBjePjX1jcncFOI5SEp9agcYb5xjZyerxlAXO7m9D O8fStkC1JeVqbKu717OugfauvMFtFzBjB5/4wKMCFnzD59P7xmTBTzDyRHtbByU3ucpXnoeUW4Tl uI75BL2aawsAyEd7ORD+4PZp6w8MYAAK+DkAfk70oRMd6EFHutAXsHShHx3oT2e60pEu9aI/HepH Z0DUjc70pGe96k2nutOnPoXCAQwEBeWLov6TJXb1HOAiCDvXpZ70us/d7mPXOtnnvnS7N6Dvcr/7 2JV+dwfIHfBY9/sT7L3a19patbGWtdeWzRm241xL3XrpPBvf+IIenup8F3vR9V73voce7H8HPd3x vneuZz3xEPj86r8OBV//W9sUbm52ow1vNc3JNHCqOXPH/e/Cfj3qgTe66b0+dau3nvbMBz3iWU93 rOc99scXPfOl0DFlZ5uENr19OeEOFCAxqE0I6yDCca+B7Ot99KtPffL+lb/85Uc//lsXPNS9Hnrp k336isd9OlZ8ALd74udhhdUiDoJ5uUZx61dv7Td6pnd98fd+red6qmd/pOd3FDh92geA1AeCGrh4 A+iA28JaB2hqcAcROtKCAiJ8KEh8hyVnIHh6FbiBhTd/I8iB2meDrqd1+reBHdiDVHBaiER57lNd UgYzeDElPKJ2OneC9yVrAtd5GIB4zod/qqeFWciDhgd9Ith8TQeE9DeBtJd/hWcGLjdyWJI/RTVy mFYBbWgEcQhzdniHeJiHeriHfNiHfviHgBiIgjiIhFiIhniIiJiIiriIjNiIjviIkBiJkjiJNrCD FGCJIYCJOBgEI6j+iRzgiZm4hREoBvlXiq8HhqJoAaDYARQYAfWXijXQibA4igGYAppoiat4g0kQ eLzofw+Qi6m3AqsIjDMgiyNQgypwi7NIjMTIA71IfbpYhqi3fWAnelgohlt4ihjofNhYemeIit4I f9NoiuIojfTnjdv4ioN3jfI3eOO4f70Ydup4ffKYgRJYjpy4d/G4jr6Yhq04e7BHjwHZj+j4jLIn ezn4fxdIeghphuiIgRCpgz0okEK4kOsIkadnfw05kDg4f/kIf6a4iQB5f9CXkch3kornkBSJkXm3 kRXpgySpkCkpkxGZeBI5klf3kv03hNf4jyYZjuIIgM0oA0MYhNH+6JLniJP2GIwJyZAcyZI2SZMO CZUviZQhqJA5eZNXiX1biZFJ6Y/ZKJWw94UjSQTPCJMaaJVN6ZUBqJUFqY8cSZFauZJdSZc/aYNn 6YVsqZNy+YEWGZYP6ZN6OZQx4IF+2YVMWY/WZ48gmX1dOI81eZX3iJcleZL4iJI7yZj1WJYe+Zjd yJndKJSfWY5bV5qVuZmqgomESYkTUJK/OIusGZur6QKzeQG1qYqweJusoptXCJvIaIuwmYYbMJVg +QO8aQjHeYxEKIzBWZvEmZyM4JiaaX3vOJlgyY/V2ZPU+JXpqJnmyJ3S2JiHR5momZ3WaIbYuZPt SI2WeX/s6X7+X+maVTCV9PmXd0mcMEmVLpmWTzmY/UmZwaiNBrmMcXmBormXMxmYYhmgMomQXACf 9cl6nrmdCZqZ97mYF+mUFWqS4EiePHmegomZdnmgGVqBSLmSIhqVpwidxjmhoHmhFLqWfamgwgmO bumgibmg7NiWgKmfBjqRA4mfJ1qgNOqT8nkFIwqXMFqLEbqfNEmW1fejSsmVMGqYPAqlM7qWd7mh S5qlM2qMWvCNrwiNKXqULlqm5miZS9mZKNqh+ziWb8p/FviUaKh8P+ma0kmmGFqNF8qNwakHLPqa lRKoh0CoMdoKhhqbiioqiYqbT9Col/inOiCYriipaECooEj+qa25nLRpqcAJA5hZAZqql6GYBZAa qR5wqpWKA6oqnLY5llTqqmxQpuQYmvvYjlE5dNu5okH6meApnSA6p+8IlSr5nrsqnmI4jUwJlOf5 ljOZnr/qfr16qEPgpFc6oK56kBP6nESKoAxKo1MamSG6rf/Jljj6hVnIppGppWr5eS3Zj60KArfq oXSaq1hqr2UIq1bqoxqpjVSplAKqoksZfQKrmEmZlfiYoHEqkGMqmUH5pK2Yk0cwr9Z6p6KorTfI rV36sEUqpXt5deVplFGao9vXr/ypoT6qnh35pCS7r7VoBMlHogu6ri0LpwPrhe0Kr93apD3asKT6 kGUJtN/+aqI7i6/9Gq73GoT4uYvfCJpnOq3CGrF5aqeo6a5h+bQca6EeuqzhOZq8yqfwqbBwma6c yn9xyqdGCaxQEK+zkpxs26JB5baeuqip8Laruqmp6ql2+6mOygJLC6hzW6o/G6vDSZCCSouiGrjN OKove7iF6614wLZhiKqsqLeB26mP27eUm7mN2wRO957ImqwUWqt6arKi+7XlWadq654S6n/ICrZ7 mqax+50He5lk27W+inpTG58Bm59MO6YVO67XOrMVWpQd27he6osnm7Lr+qXEm7aG+651Gb1AOrTS 65FMG7U6qqYkK7uK6brYaLNR6q/zWLRO2bD8SKTWmrP+QduUbYqW1pmvMems4KkEMnu86xmuVZub iEmq/ziX5guQPFuzVRrA/rmJ0rukusup6yu6nlu9FQul06uFeOuzLguNE+yWMgqrFnu87IvB7luv vuuV6Ku+RLi3eau9rWurJcy66PnCaHuPvZq7XbvC5zudMdy7KXu2VXeovTugpCme7mmatzu4XYDC axCoSEwDSxyLCQsJR5q3TVyMl0u3hDCMVezEqcibU1y5rwq3UpCpPZq4X1yJN8vFWezE0Ui4EoCL JNDFoDrGmzvHVLysaGy/ZXu3dCySPpfGztimJaqytcujIVu7Bvu6+fuw0HqaujrIvLujYuqdW/uD C4z+yALcrHgKvFDryIVslt3KpOarqUaqswAKwMU5wQtMv5pclRe7vUC5suA6vHysq6ucvP+Kxxy6 kMwbyLCLrkoKxFn7vxCMhj1ZsCwcvtHaugRbo8Pspl9bo7KcvvIbybh8q0frpEfrreQrwmAqzEhr x2s6sJtpunwZv6D8zSg7zleryKFKyOCbvTd5za7cwjtoy5B7rvfruKusk0KLwM/HwGN8riMbwnr8 oiLpzXDcxsfcw5c8rNcpjxbo0DxsrPJHr/7smTJcotybv886rvUazM9spxIctETcl9gLBAntiClt xSzd0i790jAd0zI90zRd0zZ90zid0zq90zzd0z7+/dNAHdRCPdREPQLgoQN5cSBy0oRusg1zOCx+ 4h87kNRPvdRFcnkYISBRmCuFAgRWjdUUoBRb3dQIMj8g8iOB4SNo7YRH7R1UXX7n0BZ3oR1SjRaJ Qh2B0tXAUhdxrYCGMtdyMiRu7RE3Zw5v3SZonXPi0dfcsCKWFz8uSNdFEtgKWNd4TdiG0tfoR9l/ bdkuAidjfSuR3RpHvSCMPRiaPdg9Yh0ootoK4tg/kSbo1yV7/dhLTSBsd9Zz+CPkYNWsfdma/dq5 Pdyf/dTwM9qzwSacTRpVQtzKvSBPWNmdXdZpkti0/SvIndblp9UlQiWgjdlO0dvATdeLAtuNvRb+ 433dRb3e7N3e7v3e8B3f8j3f9F3f9n3f+J3f+r3f/N3f/k0THxBykBBylhHgJCDgaxAfCJ4MYbDg 5mHgAF4CDv5rffASEC4IE74M5WYCGW4cfGDhZiEVAIEPYtFpCjEQh1Hi8JAeCKEejUIViBFsuKHi ZFEWLI4cNbEenlYZkQETPHEfIQ7jP24Y8bDjHY4G6DbjyjHk7qHhI27hv5EcSt7iUn4VJP7j1KYb S87kLZ4S9eEVOvHk9cHkBDHmYr7lSo4h8IHmXZ4HUD7l6tHmXQ7mXj7nVw7n8VDnk3LncX7ieG7n Y17n96HhbC7lbQ7lYbEbyQHiOiHnTt7oXI7+B2+O40JO50Be6Ste4CAOaopO5Ske6GU+4oI+6lZe 6ArRacth6KU+6I++6JwGI3ryaZB+6m4O6o5u6Keu6mlO4Wy+5Lh+6Hwe6lhu55NO7F9O6LZe7IjO 4J0u52Ce6LNO6hWe7GbO4GguEGQe7IBO5UO+6rnu54PO6Bky6zf+7eIOJsdu7dxu6mXe7brecR9u 62QR6Nle4qKe6cju4j6e6y/e4/cu6rpu78HhaZ4eI98u8AZP691O5Ca+7oYh7Qg/4Hdw5MHyHhZ/ 8Rif8Rq/8Rzf8R7/8SAf8iI/8iPPCBTfBfTx3yq/8nZ48pumcETV7pH+AgSe7xIeFQrv6E7+zdb/ wdae4vIHDvN8fvO8DvRyGCTEHdxuYSkfV+oFju/c/nENP+/WFuSaDnIpLuRYruM2/hUAPxa6DRK7 Ld1hfxqXIvNT7u15jm/GfuXn7uwH3xvvrhz3vvXDXvfUHXzcUfamXRuVgvajru16Hu2/3u4Bn+60 /va4Xux9Hu5MHdxdctcDsiONLfbGPQqAj+IDH+LZDuuE7vmRbvjajug3TufLTuPAJ91MzfcdMdus kPlDD+2ib+nDLviID+ymTviff/ttzvptuNyPPR4vuAqwj/fLPvvRzuppb/r0fu65cfi17/i0Ttpl vRmTD/nMvdmX3wnwvvWJrvWUDhY7Thz+Vn/rTb/54q/vcf/wtf/0Yk/ea0coPS/WU6IKJH//+J// +s/xS7H9lWT0CAC63P6AwEmrtSHczbv/YCiOZGku0qkq6eou2SvPdG3feK7vfO//wKBwSCwaj8ik cslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b7/i8fs/v+/+AgYKDhIWGh4iJ iouMjY6PkJGSk5SVlpdIApqbC5ucnZoMnqEOpAChowIPqQqfpw2spqeqrKKmtKOzoLuzrreqrcCY ZL/BEK66xrDCqMzCysa+q862ydPM1tDFssDF0MNi3rK73t/Wzbzpurit0+rox8ns1dr+8+3n1OBj 4s/k+ebb/n1DJc/dQHulCo4j5Slav3rq9H2p1ascw2cLqZU7+GqdwYoNc8GKBtIfvJIQzUnscjJb MJHc+gVsuKxaN1ofY7oURXJcxZcP5f3zuXLLxYj4ONJbF/Qdzpc5MSIcCdUnzatLi67hV9OmQIhE nXbsFdXrBGdTlY4Vmi6s1is6Y8nERbPU1aagsCJNahLZ2mZ1dea1+PWt4cOIEytezLix48eQI0ue TNmKVZEgb+4lOzhjSKmZj8WUStrWZ8CdgD6kWEvu6dSuS282TbsdxWWfYnumCxsmZioZzfpTmdfu WYEtRcuGWtzgRWzcujJdupHzWMH+zYnjrv2qera0O5VJS6ndSfDhw90mV48cvPDu3ZISPQrfNkbp LQmPZCgWffj38yB0nn0fdRVgW6BVMeB0fVGwHl4bJWfcLQpptFo+B7olX4J89XbPd6B5VxOF/GGn 0nxNlRgfef+ZN9d7TOHVYYu/6FZWR7lpplZBHj2Hn4BD6UWQWlwdx4tmQBoImIn0IIlgVlIsmB9d EN7GnlgaprJijqpVx1+PX7XGoZckESmmg631xCFYQYX15ZAzasiElElKyOKVHGWJYWriYXjhh5x4 +eeTAGWHXZGiHVkckwEV2KSh7Vn2on8MXvajkXlWOSKfDFIq3qJhDkreQpA2+SL+nuSAilSjxjlX 6o5R+haYbxENiGpcv7kEJ4wxBhqoqXURZyVavxL6U3C36fqUQ8Ga5uus1ywbZ66VVWvttdhmq+22 3Hbr7bfghmvXrOQ+i4xcfT2n7mVr7rYulUu+29lcn3nVLEq7WUdWsqrNyxx8p/FGILM5+iIjS34e OWmibEpXH0Am2jpVxPbQhymINN5nqb6+1qpxiBQqJQ2r75TnBaIWm6yflBg7ZGqrne54Uso3uszw wI+qOON3GB8ocoWeRtfiyQn36TDMJJ84ZpI7Jd2yzWyhiaWmRwNdn6AwgwloghlaWPXQCJdb47o1 x9uZyO2heFfBU4bWb1Q2Vr3+8U1IUrtxmXAK5uRMYxcWRtuMyriy4Exr+fWGDuP69M2K37zqlkdh nfhTeXOtpqdKnmHx5guXPTGMnB/uNMVRgx2hezzPzenMndf56qdVec3TbOEUXbrKQeoKoI79IT1x uxXzzjjIFz/86NY7RxfX6zzuKzunt+9DfLqog8g22W4rC6W/obkrfLxtRsqvrOauRX20xH45arF9 Xk+3iOLGL//89Ndv//3456///vz37///AAygAAdIwAIa8IAITKACF8jABjrwgRCMoAQnSMEKWvCC GMygBjfIwQ568IMgDKEIR0jCEprwhChMoQpXyMIWuvCFMIyhDGdIwxra8IY9OMyhDnfIwx768IdA DKIQh0jEIhrxiEhMohKXyMQmOvGJUIyiFKdIxSpa8YpYzKIWt8jFLnrxi2AMI2QSAAA7 ------=_NextPart_000_000F_01C7025A.6EB13D50-- From ipsec-bounces@ietf.org Tue Nov 07 03:38:37 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhMQO-0004lo-MD; Tue, 07 Nov 2006 03:35:16 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhMQO-0004lj-6G for ipsec@ietf.org; Tue, 07 Nov 2006 03:35:16 -0500 Received: from michael.checkpoint.com ([194.29.32.68]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhMQM-0000AM-KY for ipsec@ietf.org; Tue, 07 Nov 2006 03:35:16 -0500 Received: from [194.29.46.218] (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id kA78Z2KP027916; Tue, 7 Nov 2006 10:35:03 +0200 (IST) In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <35B40E2F-4FEE-486D-9DB4-75589FEB4F50@checkpoint.com> Content-Transfer-Encoding: 7bit From: Yoav Nir Subject: Re: [Ipsec] Negotiating IKE_SAs Date: Tue, 7 Nov 2006 10:35:01 +0200 To: David Wierbowski X-Mailer: Apple Mail (2.752.3) X-imss-version: 2.043 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:2 M:3 S:5 R:5 X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) X-Spam-Score: 0.0 (/) X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b Cc: ipsec@ietf.org X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org What Paul said. In practice, if and only if the peer has a fixed IP address, you can choose the proposal based on that. However, you should not base security on this, and should have a plan to do something if the authentication in the IKE_AUTH exchange shows that you've chosen wrong. On Nov 7, 2006, at 2:57 AM, David Wierbowski wrote: > In the IKE_SA_INIT exchange the initiator sends an SA payload > listing acceptable proposals. The responder picks one and sends the > chosen proposal to the initiator. The identities of the IKE > endpoints are not exchanged until the IKE_AUTH exchange. If the > identities are not exchanged until the IKE_AUTH exchange, how does > the responder know which of the initiator's proposals are > acceptable during the IKE_SA_INIT exchange? > > RFC 4301 discusses the use of the SPD to find acceptable policy for > the creation of CHILD_SAs and it discusses the use of the PAD to > authenticate IKE endpoints. It does not appear to define a > construct to identify what policy is acceptable for the creation of > a of an IKE_SA with a specific IKE peer. Does this mean that RFCs > 4301 and 4306 do support the definition of peer specific policy for > IKE_SAs? > > RFC 4306 states, "All implementations of IKEv2 MUST include a > management facility that enables a user or system administrator to > specify the suites that are acceptable for use with IKE." This > seems to imply that peer specific IKE_SA policy should not be > defined and that the responder should pick the most secure proposal > that the responder supports. Is that correct? > > Dave Wierbowski > z/OS Comm Server Developer > > _______________________________________________ > Ipsec mailing list > Ipsec@ietf.org > https://www1.ietf.org/mailman/listinfo/ipsec _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Tue Nov 07 11:54:42 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhUAT-0000x8-2X; Tue, 07 Nov 2006 11:51:21 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhUAQ-0000vK-UD for ipsec@ietf.org; Tue, 07 Nov 2006 11:51:18 -0500 Received: from e3.ny.us.ibm.com ([32.97.182.143]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhU5N-0000Aq-HW for ipsec@ietf.org; Tue, 07 Nov 2006 11:46:07 -0500 Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by e3.ny.us.ibm.com (8.13.8/8.12.11) with ESMTP id kA7Gk1GW011544 for ; Tue, 7 Nov 2006 11:46:01 -0500 Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay02.pok.ibm.com (8.13.6/8.13.6/NCO v8.1.1) with ESMTP id kA7Gk06t253354 for ; Tue, 7 Nov 2006 11:46:01 -0500 Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id kA7Gk00Z008235 for ; Tue, 7 Nov 2006 11:46:00 -0500 Received: from d01mll83.pok.ibm.com (d01mll83.pok.ibm.com [9.56.225.194]) by d01av04.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id kA7Gjxth008216 for ; Tue, 7 Nov 2006 11:45:59 -0500 In-Reply-To: Subject: Re: [Ipsec] Negotiating IKE_SAs To: ipsec@ietf.org X-Mailer: Lotus Notes Release 7.0 HF277 June 21, 2006 Message-ID: From: David Wierbowski Date: Tue, 7 Nov 2006 11:37:54 -0500 X-MIMETrack: Serialize by Router on D01MLL83/01/M/IBM(Release 7.0.2|September 26, 2006) at 11/07/2006 11:45:59 MIME-Version: 1.0 X-Spam-Score: 0.5 (/) X-Scan-Signature: b5d20af10c334b36874c0264b10f59f1 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1044532802==" Errors-To: ipsec-bounces@ietf.org --===============1044532802== Content-type: multipart/alternative; Boundary="0__=0ABBF88CDFC4304D8f9e8a93df938690918c0ABBF88CDFC4304D" Content-Disposition: inline --0__=0ABBF88CDFC4304D8f9e8a93df938690918c0ABBF88CDFC4304D Content-type: text/plain; charset=US-ASCII >>In the IKE_SA_INIT exchange the initiator sends an SA payload >>listing acceptable proposals. The responder picks one and sends the >>chosen proposal to the initiator. The identities of the IKE >>endpoints are not exchanged until the IKE_AUTH exchange. If the >>identities are not exchanged until the IKE_AUTH exchange, how does >>the responder know which of the initiator's proposals are acceptable >>during the IKE_SA_INIT exchange? > >By looking at its own security policy. Where is this policy defined? Is this considered to be a matter of "local policy" and outside the scope of the RFCs? >>RFC 4301 discusses the use of the SPD to find acceptable policy for >>the creation of CHILD_SAs and it discusses the use of the PAD to >>authenticate IKE endpoints. It does not appear to define a construct >>to identify what policy is acceptable for the creation of a of an >>IKE_SA with a specific IKE peer. Does this mean that RFCs 4301 and >>4306 do support the definition of peer specific policy for IKE_SAs? > >No. They support definition of peer-specific policies for IPSEC_SAs. Strangely enough I don't think the term IPSEC_SA appears in RFC 4301 or 4306. By IPSEC_SA do you mean ESP and AH SAs? > >>RFC 4306 states, "All implementations of IKEv2 MUST include a >>management facility that enables a user or system administrator to >>specify the suites that are acceptable for use with IKE." This seems >>to imply that peer specific IKE_SA policy should not be defined and >>that the responder should pick the most secure proposal that the >>responder supports. Is that correct? > >Yes, approximately. Could you clarify why you said approximately? To me approximately means almost correct :>). Thanks. --0__=0ABBF88CDFC4304D8f9e8a93df938690918c0ABBF88CDFC4304D Content-type: text/html; charset=US-ASCII Content-Disposition: inline

>>In the IKE_SA_INIT exchange the initiator sends an SA payload
>>listing acceptable proposals. The responder picks one and sends the
>>chosen proposal to the initiator. The identities of the IKE
>>endpoints are not exchanged until the IKE_AUTH exchange. If the
>>identities are not exchanged until the IKE_AUTH exchange, how does
>>the responder know which of the initiator's proposals are acceptable
>>during the IKE_SA_INIT exchange?
>
>By looking at its own security policy.

Where is this policy defined?  Is this considered to be a matter  
of "local policy" and outside the scope of the RFCs?

>>RFC 4301 discusses the use of the SPD to find acceptable policy for
>>the creation of CHILD_SAs and it discusses the use of the PAD to
>>authenticate IKE endpoints. It does not appear to define a construct
>>to identify what policy is acceptable for the creation of a of an
>>IKE_SA with a specific IKE peer. Does this mean that RFCs 4301 and
>>4306 do support the definition of peer specific policy for IKE_SAs?
>
>No. They support definition of peer-specific policies for IPSEC_SAs.

Strangely enough I don't think the term IPSEC_SA appears in RFC 4301
or 4306.  By IPSEC_SA do you mean ESP and AH SAs?

>
>>RFC 4306 states, "All implementations of IKEv2 MUST include a
>>management facility that enables a user or system administrator to
>>specify the suites that are acceptable for use with IKE." This seems
>>to imply that peer specific IKE_SA policy should not be defined and
>>that the responder should pick the most secure proposal that the
>>responder supports. Is that correct?
>
>Yes, approximately.

Could you clarify why you said approximately?  To me approximately
means almost correct :>).

Thanks.


 --0__=0ABBF88CDFC4304D8f9e8a93df938690918c0ABBF88CDFC4304D-- --===============1044532802== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec --===============1044532802==-- From ipsec-bounces@ietf.org Tue Nov 07 12:48:08 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhV2l-0000NU-8j; Tue, 07 Nov 2006 12:47:27 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhV2j-0000NO-Ao for ipsec@ietf.org; Tue, 07 Nov 2006 12:47:25 -0500 Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhV2g-0003mu-TB for ipsec@ietf.org; Tue, 07 Nov 2006 12:47:25 -0500 Received: from [12.105.246.138] (dhcp66-169.ietf67.org [130.129.66.169]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id kA7HlJ4H043050; Tue, 7 Nov 2006 10:47:19 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Tue, 7 Nov 2006 09:47:13 -0800 To: David Wierbowski , ipsec@ietf.org From: Paul Hoffman Subject: Re: [Ipsec] Negotiating IKE_SAs Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Spam-Score: 0.0 (/) X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c Cc: X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org At 11:37 AM -0500 11/7/06, David Wierbowski wrote: > >>In the IKE_SA_INIT exchange the initiator sends an SA payload >>>listing acceptable proposals. The responder picks one and sends the >>>chosen proposal to the initiator. The identities of the IKE >>>endpoints are not exchanged until the IKE_AUTH exchange. If the >>>identities are not exchanged until the IKE_AUTH exchange, how does >>>the responder know which of the initiator's proposals are acceptable >>>during the IKE_SA_INIT exchange? >> >>By looking at its own security policy. > >Where is this policy defined? In the application. >Is this considered to be a matter >of "local policy" and outside the scope of the RFCs? Yes. > >>RFC 4301 discusses the use of the SPD to find acceptable policy for >>>the creation of CHILD_SAs and it discusses the use of the PAD to >>>authenticate IKE endpoints. It does not appear to define a construct >>>to identify what policy is acceptable for the creation of a of an >>>IKE_SA with a specific IKE peer. Does this mean that RFCs 4301 and >>>4306 do support the definition of peer specific policy for IKE_SAs? >> >>No. They support definition of peer-specific policies for IPSEC_SAs. > >Strangely enough I don't think the term IPSEC_SA appears in RFC 4301 >or 4306. By IPSEC_SA do you mean ESP and AH SAs? Yes. > >>RFC 4306 states, "All implementations of IKEv2 MUST include a >>>management facility that enables a user or system administrator to >>>specify the suites that are acceptable for use with IKE." This seems >>>to imply that peer specific IKE_SA policy should not be defined and >>>that the responder should pick the most secure proposal that the >>>responder supports. Is that correct? >> >>Yes, approximately. > >Could you clarify why you said approximately? To me approximately >means almost correct :>). Yes and yes. Peer-specific IKE_SA should not be used because it is a bad security policy in many cases, but not all. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Tue Nov 07 14:05:53 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhWDb-0006kq-AL; Tue, 07 Nov 2006 14:02:43 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GhWDZ-0006jL-8U for ipsec@ietf.org; Tue, 07 Nov 2006 14:02:41 -0500 Received: from mx12.bbn.com ([128.33.0.81]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GhWDX-0007Zf-1U for ipsec@ietf.org; Tue, 07 Nov 2006 14:02:41 -0500 Received: from dommiel.bbn.com ([192.1.122.15] helo=[130.129.67.141]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1GhWDO-0005AJ-4o; Tue, 07 Nov 2006 14:02:30 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Tue, 7 Nov 2006 13:50:22 -0500 To: David Wierbowski From: Stephen Kent Subject: Re: [Ipsec] Negotiating IKE_SAs Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Spam-Score: 0.0 (/) X-Scan-Signature: de4f315c9369b71d7dd5909b42224370 Cc: ipsec@ietf.org X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org At 7:57 PM -0500 11/6/06, David Wierbowski wrote: ... > >RFC 4301 discusses the use of the SPD to find acceptable policy for >the creation of CHILD_SAs and it discusses the use of the PAD to >authenticate IKE endpoints. It does not appear to define a construct >to identify what policy is acceptable for the creation of a of an >IKE_SA with a specific IKE peer. Does this mean that RFCs 4301 and >4306 do support the definition of peer specific policy for IKE_SAs? The PAD not only says how to authenticate an IKE peer, it also provides a way to restrict the range of IDs or addresses asserted by the peer when the SPD is searched for a matching policy. In that sense there is a notion of peer-specific policies, but for child SAs, not for IKE SAs. Steve _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Mon Nov 13 15:01:03 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GjhvC-0008Ne-Nt; Mon, 13 Nov 2006 14:56:46 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GjhvB-0008NR-Fk for ipsec@lists.ietf.org; Mon, 13 Nov 2006 14:56:45 -0500 Received: from cod.sandelman.ca ([192.139.46.42]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gjhv8-0006b4-4x for ipsec@lists.ietf.org; Mon, 13 Nov 2006 14:56:45 -0500 Received: from sandelman.ottawa.on.ca (desk.marajade.sandelman.ca [205.150.200.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "marajade.sandelman.ca.", Issuer "Michael Richardson" (verified OK)) by cod.sandelman.ca (Postfix) with ESMTP id 21F4C12C7B; Mon, 13 Nov 2006 14:56:33 -0500 (EST) Received: from sandelman.ottawa.on.ca (unknown [127.0.0.1]) by sandelman.ottawa.on.ca (Postfix) with ESMTP id E40984E759; Mon, 13 Nov 2006 14:56:22 -0500 (EST) X-Message-Flag: You should stop using Outlook. Switch to Thunderbird. From: Michael Richardson To: ipsec@lists.ietf.org, ietf@ietf.org X-Mailer: MH-E 7.82; nmh 1.1; XEmacs 21.4 (patch 19) Date: Mon, 13 Nov 2006 14:56:22 -0500 Message-ID: <14211.1163447782@sandelman.ottawa.on.ca> X-Spam-Score: 0.1 (/) X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17 Cc: Subject: [Ipsec] ESP usage at IETF65 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The 67 Attendees list dug up a paper on wireless at IETF65 http://www1.cs.columbia.edu/~andreaf/downloads/ietf_measures.pdf ESP is third ranked protocol, at 10% of clients using it. That is to say, 10% of IETF attendees are using IPsec, vs 5% using SSH. The second one is "UDP" --- and I'd be curious to know if there are systems using UDP-encap even when they have a public IP. Or, as my colleagued suggested: it's Skype/SIP/etc. - -- ] Bear: "Me, I'm just the shape of a bear." | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Finger me for keys iQEVAwUBRVjN44CLcPvd0N1lAQIHEwgAtG360bCkxyNkmlBWPS9bvmJNlKrt9Cg3 8OQtY4T1tJEn/LN+iLOo+kga2ka+ob66wpXzLlhpyEfUog1zg6rFNKCt0bsvkfyy PIH/f9XGn5p7UZh8JPU0IFOn4clYQsJRa8PJdKYDaIwlK22RW36GQpC9C267Fy7r E963GZjA2EiXXmyVf3+1cWXZyTbUEfWabVcNEpTWO+qzsbGAYlVIHMeiN+n/uqMk NzK8V0BqgvwyUSEAilK4TcdEXT2ZTTB7/bNT8bcZA4WOJV3dTFyLJBwAyXhmBHXx 4ZWglFoYFlme3J//becTzevewK+QsFYTIHzfWALgHfK85BPa/k8fsg== =IW5b -----END PGP SIGNATURE----- _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Tue Nov 14 02:47:00 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gjsxm-0000DS-RW; Tue, 14 Nov 2006 02:44:10 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gjsxl-00007C-Mp for ipsec@lists.ietf.org; Tue, 14 Nov 2006 02:44:09 -0500 Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gjsvi-0005vs-Kk for ipsec@lists.ietf.org; Tue, 14 Nov 2006 02:42:04 -0500 Received: from mailhub.lss.emc.com (uraeus.lss.emc.com [10.254.144.14]) by mexforward.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id kAE7g01b017717; Tue, 14 Nov 2006 02:42:02 -0500 (EST) Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id kAE7fIaO009364; Tue, 14 Nov 2006 02:41:58 -0500 (EST) From: Black_David@emc.com Received: from CORPUSMX20A.corp.emc.com ([128.221.62.11]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 14 Nov 2006 02:41:47 -0500 X-MIMEOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Ipsec] ESP usage at IETF65 Date: Tue, 14 Nov 2006 02:41:43 -0500 Message-ID: In-Reply-To: <14211.1163447782@sandelman.ottawa.on.ca> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Ipsec] ESP usage at IETF65 Thread-Index: AccHX4J0GVKbVwADTsqzlNrJWXinsgAYJA6A To: , X-OriginalArrivalTime: 14 Nov 2006 07:41:47.0538 (UTC) FILETIME=[56D6C720:01C707C0] X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.11.13.231432 X-PerlMx-Spam: Gauge=, SPAM=1%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -2, __LINES_OF_YELLING! 1, NO_REAL_NAME 0, __C230066_P5 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' X-Spam-Score: 0.2 (/) X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4 Cc: X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org I might have been one of the UDP users. My VPN client defaults to UDP for NAT traversal (right answer, in a hotel, there's usually a NAT between me and the Internet), and has to be explicitly told to use native ESP. I don't always tell it to do so ... Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- > -----Original Message----- > From: Michael Richardson [mailto:mcr@sandelman.ottawa.on.ca]=20 > Sent: Monday, November 13, 2006 2:56 PM > To: ipsec@lists.ietf.org; ietf@ietf.org > Subject: [Ipsec] ESP usage at IETF65 >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 >=20 > The 67 Attendees list dug up a paper on wireless at IETF65 > http://www1.cs.columbia.edu/~andreaf/downloads/ietf_measures.pdf >=20 > ESP is third ranked protocol, at 10% of clients using it. >=20 > That is to say, 10% of IETF attendees are using IPsec, vs 5%=20 > using SSH. >=20 > The second one is "UDP" --- and I'd be curious to know if there are > systems using UDP-encap even when they have a public IP. Or, as my > colleagued suggested: it's Skype/SIP/etc. >=20 > - --=20 > ] Bear: "Me, I'm just the shape of a bear." =20 > | firewalls [ > ] Michael Richardson, Xelerance Corporation, Ottawa, ON =20 > |net architect[ > ] mcr@xelerance.com =20 > http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ > ] panic("Just another Debian GNU/Linux using, kernel hacking,=20 > security guy"); [ >=20 >=20 >=20 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Finger me for keys >=20 > iQEVAwUBRVjN44CLcPvd0N1lAQIHEwgAtG360bCkxyNkmlBWPS9bvmJNlKrt9Cg3 > 8OQtY4T1tJEn/LN+iLOo+kga2ka+ob66wpXzLlhpyEfUog1zg6rFNKCt0bsvkfyy > PIH/f9XGn5p7UZh8JPU0IFOn4clYQsJRa8PJdKYDaIwlK22RW36GQpC9C267Fy7r > E963GZjA2EiXXmyVf3+1cWXZyTbUEfWabVcNEpTWO+qzsbGAYlVIHMeiN+n/uqMk > NzK8V0BqgvwyUSEAilK4TcdEXT2ZTTB7/bNT8bcZA4WOJV3dTFyLJBwAyXhmBHXx > 4ZWglFoYFlme3J//becTzevewK+QsFYTIHzfWALgHfK85BPa/k8fsg=3D=3D > =3DIW5b > -----END PGP SIGNATURE----- >=20 > _______________________________________________ > Ipsec mailing list > Ipsec@ietf.org > https://www1.ietf.org/mailman/listinfo/ipsec >=20 >=20 _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Tue Nov 14 20:09:11 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gk9Cd-0005N5-Bt; Tue, 14 Nov 2006 20:04:35 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gk9Cc-0005N0-7u for ipsec@lists.ietf.org; Tue, 14 Nov 2006 20:04:34 -0500 Received: from cod.sandelman.ca ([192.139.46.42]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gk9CZ-0002IG-Te for ipsec@lists.ietf.org; Tue, 14 Nov 2006 20:04:34 -0500 Received: from sandelman.ottawa.on.ca (desk.marajade.sandelman.ca [205.150.200.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "marajade.sandelman.ca.", Issuer "Michael Richardson" (verified OK)) by cod.sandelman.ca (Postfix) with ESMTP id 42E22123A8; Tue, 14 Nov 2006 20:04:29 -0500 (EST) Received: from sandelman.ottawa.on.ca (unknown [127.0.0.1]) by sandelman.ottawa.on.ca (Postfix) with ESMTP id 072184E77C; Tue, 14 Nov 2006 20:04:28 -0500 (EST) From: Michael Richardson To: Black_David@emc.com Subject: Re: [Ipsec] ESP usage at IETF65 In-Reply-To: Message from Black_David@emc.com of "Tue, 14 Nov 2006 02:41:43 EST." References: X-Mailer: MH-E 7.82; nmh 1.1; XEmacs 21.4 (patch 19) Date: Tue, 14 Nov 2006 20:04:27 -0500 Message-ID: <26239.1163552667@sandelman.ottawa.on.ca> X-Spam-Score: 0.1 (/) X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352 Cc: ipsec@lists.ietf.org X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Black" == Black David writes: Black> I might have been one of the UDP users. My VPN client Black> defaults to UDP for NAT traversal (right answer, in a hotel, Black> there's usually a NAT between me and the Internet), and has Black> to be explicitly told to use native ESP. I don't always tell Black> it to do so ... I find this weird. IKE is well able to determine when there is a NAT inline... the only times that I've had to force UDP, I also have to tell IKE to use another port other than 500. (Port-53... for instance) UDP-ESP traffic should be recognizable either from port-4500, or possibly from looking for 4-bytes of zeroes in the payload for the IKE non-ESP stuff. Anyway, I posted to celeberate our success. - -- ] Bear: "Me, I'm just the shape of a bear." | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Finger me for keys iQEVAwUBRVpnm4CLcPvd0N1lAQLG2Qf+J9g9poUVkeD1d0rVvvR5fR4e3CpBR5oL kGuv7I+RkpBPK3l0bHNKJJxwGE5yhz7fzzs8yveuMNfFTLS0uOtxVrzkKYrrAyCk Tl0ZzzQpJz9reBN2HQeWCcLyj66swCkMmJ1axHQYi6cLC8QLFbYIbtfhxT5AJdrY Mwdk/009bzMdjxK3ACDEOUo0g1lBNIUiffTE+2rYj5Fjfd8XuRivu1u+hF+gO96B S7I6e55TSwmu3B2JzOLLz9TdJKwIVHvpud4jUIWcMpDhR76Ed7nRveqUcxenVq0i Vd3xnbmf9sat+rWe0AREsOKagePyvmr/N8IlcY9YMCDUl/yMCqzz5g== =v1nO -----END PGP SIGNATURE----- _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From akstcfinneyfamilymnsdgs@finneyfamily.com Thu Nov 16 01:51:34 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gkb5y-0000rO-8y for ipsec-archive@lists.ietf.org; Thu, 16 Nov 2006 01:51:34 -0500 Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gkb5y-000592-7L for ipsec-archive@lists.ietf.org; Thu, 16 Nov 2006 01:51:34 -0500 Received: from 231.167.119-80.rev.gaoland.net ([80.119.167.231]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Gkb5s-000440-5A for ipsec-archive@lists.ietf.org; Thu, 16 Nov 2006 01:51:29 -0500 Received: from 64.202.166.12 (HELO smtp.secureserver.net) by lists.ietf.org with esmtp (4:5A,3P.6.TC PJJ//9) id 4B;EQF-/5CD)*-0- for ipsec-archive@lists.ietf.org; Thu, 16 Nov 2006 06:51:27 +0000 Message-ID: <01c7094b$a35bd450$6c822ecf@akstcfinneyfamilymnsdgs> From: "Bart Bradford" To: Subject: We accepted your loan request Date: Thu, 16 Nov 2006 06:51:27 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7094B.A35BD450" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.2730.2 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Antivirus: avast! (VPS 0639-1, 25/09/2006), Outbound message X-Antivirus-Status: Clean X-Spam-Score: 2.8 (++) X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C7094B.A35BD450 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Thank you for your loan request, which we recieved yesterday, your refinanc= e application has been acceptedBad credit OK, We are ready to give you a $3= 28,000 loan, after further review, our lenders have established the lowest = monthly payments.Approval process will take only 1 minute.Please visit the = confirmation link below and fill-out our short 30 second Secure Web-Form ww= w.formsdeals.com ------=_NextPart_000_0007_01C7094B.A35BD450 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Thank you for your loan reque= st, which we recieved yesterday, your refinance application has been accept= ed

Bad credit OK, We are ready t= o give you a $328,000 loan, after further review, our lenders have establis= hed the lowest monthly payments.

Approval process will take on= ly 1 minute.

Please visit the confirmation= link below and fill-out our short 30 second Secure Web-Form
<= BR> www.formsdeals.com

------=_NextPart_000_0007_01C7094B.A35BD450-- From ipsec-bounces@ietf.org Thu Nov 16 06:12:03 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gkf5R-0000JM-No; Thu, 16 Nov 2006 06:07:17 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gkf5Q-0000JF-56 for Ipsec@ietf.org; Thu, 16 Nov 2006 06:07:16 -0500 Received: from mail.um.es ([155.54.212.109]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gkf5N-0000AV-PE for Ipsec@ietf.org; Thu, 16 Nov 2006 06:07:16 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.um.es (Postfix) with ESMTP id 5EBB81FAA52 for ; Thu, 16 Nov 2006 12:07:08 +0100 (CET) Received: from mail.um.es ([127.0.0.1]) by localhost (xenon1 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 31838-01-4 for ; Thu, 16 Nov 2006 12:07:08 +0100 (CET) Received: from mail.dif.um.es (dif.um.es [155.54.204.60]) by mail.um.es (Postfix) with ESMTP id 39A011FA897 for ; Thu, 16 Nov 2006 12:07:08 +0100 (CET) Received: from [155.54.205.207] (inf-205-207.um.es [155.54.205.207]) by mail.dif.um.es (Postfix) with ESMTP id 5CF0F8D4003 for ; Thu, 16 Nov 2006 12:03:11 +0100 (CET) From: Alejandro Perez Mendez To: Ipsec Content-Type: text/plain Date: Thu, 16 Nov 2006 12:07:13 +0100 Message-Id: <1163675233.5435.16.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.8.1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at telemat.um.es X-Spam-Score: 0.0 (/) X-Scan-Signature: 97adf591118a232206bdb5a27b217034 Cc: Subject: [Ipsec] IKEv2 traffic selector negotiation X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org Hi all! I have some troubles trying to match some kinds of IP traffic using the IKEv2 TS semantic. I want to create a CHILD_SA to protect the UDP traffic from A: 192.168.0.1/32 port 100 to B: 192.168.0.2/32 port 200, but not in the other direction. A ---------------------> B A <----------X---------- B If we define the TS as follows: TSi = (17, 100, 192.0.0.1-192.0.0.1) TSr = (17, 200, 192.168.0.2-192.168.0.2) it implicitly allows the traffic from B to A But, if we define the TS as follows: TSi = (17, 100, 192.0.0.1-192.0.0.1) TSr = (17, 65535-0, 192.168.0.2-192.168.0.2) then, how do we determine what is the destination port to be matched with this TS? Regards! -- Alejandro Perez Mendez Pedro J. Fernandez Ruiz University of Murcia _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Thu Nov 16 07:28:00 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GkgJi-0007sx-4Z; Thu, 16 Nov 2006 07:26:06 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GkgJg-0007sq-RJ for Ipsec@ietf.org; Thu, 16 Nov 2006 07:26:04 -0500 Received: from mgw-ext12.nokia.com ([131.228.20.171]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GkgJf-00028Y-BZ for Ipsec@ietf.org; Thu, 16 Nov 2006 07:26:04 -0500 Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-ext12.nokia.com (Switch-3.1.10/Switch-3.1.10) with ESMTP id kAGC0Hmb018627; Thu, 16 Nov 2006 14:00:43 +0200 Received: from esebh103.NOE.Nokia.com ([172.21.143.33]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 14:00:33 +0200 Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh103.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 14:00:33 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Ipsec] IKEv2 traffic selector negotiation Date: Thu, 16 Nov 2006 14:00:31 +0200 Message-ID: In-Reply-To: <1163675233.5435.16.camel@localhost.localdomain> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Ipsec] IKEv2 traffic selector negotiation Thread-Index: AccJcj3wwMNz6sGxR6KQTNanNIcrBQAAs4Og From: To: , X-OriginalArrivalTime: 16 Nov 2006 12:00:33.0327 (UTC) FILETIME=[D1C1ABF0:01C70976] X-Nokia-AV: Clean X-Spam-Score: 0.2 (/) X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0 Cc: X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org Hi, IKEv2 always creates CHILD_SAs in pairs, and RFC 4301 assumes that SPD-S entries with UDP port selectors are unidirectional (unlike RFC 2401, which had separate SPD entries for inbound and outbound traffic even when applying IPsec protection). Thus, IKEv2 does not directly support negotiating this. However, even if you create a bidirectional SA pair (using the first TSi/TSr you propose), nothing in the specs prohibits host A from dropping all packets arriving from B (e.g. using some firewall/packet filter functionality not negotiated within IKE). This is not exactly the same as the ability to negotiate unidirectional SAs (if there are other SAs that could carry the traffic from B to A), but could accomplish what you want. Best regards, Pasi=20 > -----Original Message----- > From: Alejandro Perez Mendez [mailto:alejandro_perez@dif.um.es]=20 > Sent: 16 November, 2006 13:07 > To: Ipsec > Subject: [Ipsec] IKEv2 traffic selector negotiation >=20 > Hi all! >=20 > I have some troubles trying to match some kinds of IP traffic=20 > using the IKEv2 TS semantic. >=20 > I want to create a CHILD_SA to protect the UDP traffic from A: > 192.168.0.1/32 port 100 to B: 192.168.0.2/32 port 200, but not in=20 > the other direction. >=20 > A ---------------------> B > A <----------X---------- B >=20 > If we define the TS as follows: >=20 > TSi =3D (17, 100, 192.0.0.1-192.0.0.1) > TSr =3D (17, 200, 192.168.0.2-192.168.0.2) >=20 > it implicitly allows the traffic from B to A >=20 > But, if we define the TS as follows: >=20 > TSi =3D (17, 100, 192.0.0.1-192.0.0.1) > TSr =3D (17, 65535-0, 192.168.0.2-192.168.0.2) >=20 > then, how do we determine what is the destination port to be=20 > matched with this TS? >=20 > Regards! >=20 > --=20 > Alejandro Perez Mendez > Pedro J. Fernandez Ruiz >=20 > University of Murcia _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From bffabgbcafdc@cardablanche.com Thu Nov 16 12:36:30 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gkl3l-0001Dk-O6; Thu, 16 Nov 2006 12:29:57 -0500 Received: from [85.101.118.44] (helo=dsl.static8510111844.ttnet.net.tr) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gkkq9-0000bM-Q7; Thu, 16 Nov 2006 12:15:57 -0500 Date: Thu, 16 Dec 2006 17:15:57 -0120 From: Replica shop X-Mailer: The Bat! (v2.01) Educational Reply-To: bffabgbcafdc X-Priority: 3 (Normal) Message-ID: <684600194.20061116171557@cardablanche.com> To: ion-archive@lists.ietf.org Subject: Good gifts for a low price MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 4.5 (++++) X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
=20=

LUXURY CHRISTMAS GIFTS


Replica Watches, Handbags, Jewelry and More

We have everything you need to make someone's day complete, or=20= indulge yourself:

=95 Beautiful Handbags, Wallets and Accessories in Summer=20= Colors
=95 Sterling Silver Tiffany Bracelets let you Show off=20= Delicately
=95 Stylish Ink Pens for any Desk or Office
=95 Designer Neckties, made from the Finest Silks
=95 Rolex Watches will Last a Lifetime

Enjoy the best at a fraction of the cost.

Order Now and=20= SAVE 25% or Get Free Shipping!

pavement was of big,=20= round cobblestones, made bright and clean by thecrowding close to the=20= pavement in front, left a comfortable space in the
From shanevonny@hrwave.com Sun Nov 19 09:37:38 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Glnne-0001rm-Dh for ipsec-archive@lists.ietf.org; Sun, 19 Nov 2006 09:37:38 -0500 Received: from [84.115.154.117] (helo=fbfdjp) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Glnnc-0002f8-FI for ipsec-archive@lists.ietf.org; Sun, 19 Nov 2006 09:37:37 -0500 Message-ID: <004301c70be1.79a8c800.8e8bc0a8@kora> Date: Sun, 19 Nov 2006 13:49:04 +0000 From: lida lawrence User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: amerigo greg Subject: Its gonna be secret Content-Type: multipart/alternative; boundary="---------00000023.01C70BE1" X-Spam-Score: 3.2 (+++) X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793 This is a multi-part message in MIME format. -----------00000023.01C70BE1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit SRRL IS ABOUT TO REACH NEW HIGHS! IMMENSE MOMENTUM IS BUILDING UP! ADD SRRL TO YOUR RADAR ON MON NOV 20! Company Name: STELLAR RESOURCE NEW (OTC BB:SRRL.OB) Symbol: SRRL Price: $.85 5-day Target: $5 Current Market: Bullish OUR NEWSLETTER IS NEVER WRONG! SRRL WILL POST GAINS EXCEEDING 500%! SIT BACK AND WATCH! SRRL MAKES STUNNING ANNOUNCEMENT: • Stellar Resources, Ltd. - Company Identifies Development Target THE WESTERN CANADIAN OIL SECTOR HAS NEVER BEEN HOTTER! THE PROVINCE OF ALBERTA ALONE CONTAINS ALMOST AS MUCH PETROLEUM AS SAUDI ARABIA! WATCH SRRL TRADE STRONG ON MONDAY NOVEMBER 20TH! -----------00000023.01C70BE1 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit
SRRL IS ABOUT TO REACH NEW HIGHS!
IMMENSE MOMENTUM IS BUILDING UP!
ADD SRRL TO YOUR RADAR ON MON NOV 20!

Company Name: STELLAR RESOURCE NEW (OTC BB:SRRL.OB)
Symbol: SRRL
Price: $.85
5-day Target: $5
Current Market: Bullish

OUR NEWSLETTER IS NEVER WRONG! SRRL WILL POST GAINS EXCEEDING 500%! SIT BACK AND WATCH!

SRRL MAKES STUNNING ANNOUNCEMENT:
• Stellar Resources, Ltd. - Company Identifies Development Target

THE WESTERN CANADIAN OIL SECTOR HAS NEVER BEEN HOTTER!
THE PROVINCE OF ALBERTA ALONE CONTAINS ALMOST AS MUCH PETROLEUM AS SAUDI ARABIA!
WATCH SRRL TRADE STRONG ON MONDAY NOVEMBER 20TH!
-----------00000023.01C70BE1-- From archiboldglynnis@albemarlemagazine.com Sun Nov 19 18:53:51 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GlwTu-00027n-Lw for ipsec-archive@lists.ietf.org; Sun, 19 Nov 2006 18:53:51 -0500 Received: from docsis-cbm-5-135.nclxtn.lexcominc.net ([209.102.244.135] helo=ghbipjd) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GlwTt-0006oQ-Bw for ipsec-archive@lists.ietf.org; Sun, 19 Nov 2006 18:53:50 -0500 Message-ID: <00ce01c70c2f.20678580.ccc1c0a8@michele> Date: Sun, 19 Nov 2006 23:04:55 +0000 From: robert whit User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: justis ewart Subject: Dear Content-Type: multipart/alternative; boundary="---------000000C6.01C70C2F" X-Spam-Score: 3.1 (+++) X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793 This is a multi-part message in MIME format. -----------000000C6.01C70C2F Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit SRRL IS ABOUT TO REACH NEW HIGHS! IMMENSE MOMENTUM IS BUILDING UP! ADD SRRL TO YOUR RADAR ON MON NOV 20! Company Name: STELLAR RESOURCE NEW (OTC BB:SRRL.OB) Symbol: SRRL Price: $.85 5-day Target: $5 Current Market: Bullish OUR NEWSLETTER IS NEVER WRONG! SRRL WILL POST GAINS EXCEEDING 500%! SIT BACK AND WATCH! SRRL MAKES STUNNING ANNOUNCEMENT: • Stellar Resources, Ltd. - Company Identifies Development Target THE WESTERN CANADIAN OIL SECTOR HAS NEVER BEEN HOTTER! THE PROVINCE OF ALBERTA ALONE CONTAINS ALMOST AS MUCH PETROLEUM AS SAUDI ARABIA! WATCH SRRL TRADE STRONG ON MONDAY NOVEMBER 20TH! -----------000000C6.01C70C2F Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit
SRRL IS ABOUT TO REACH NEW HIGHS!
IMMENSE MOMENTUM IS BUILDING UP!
ADD SRRL TO YOUR RADAR ON MON NOV 20!

Company Name: STELLAR RESOURCE NEW (OTC BB:SRRL.OB)
Symbol: SRRL
Price: $.85
5-day Target: $5
Current Market: Bullish

OUR NEWSLETTER IS NEVER WRONG! SRRL WILL POST GAINS EXCEEDING 500%! SIT BACK AND WATCH!

SRRL MAKES STUNNING ANNOUNCEMENT:
• Stellar Resources, Ltd. - Company Identifies Development Target

THE WESTERN CANADIAN OIL SECTOR HAS NEVER BEEN HOTTER!
THE PROVINCE OF ALBERTA ALONE CONTAINS ALMOST AS MUCH PETROLEUM AS SAUDI ARABIA!
WATCH SRRL TRADE STRONG ON MONDAY NOVEMBER 20TH!
-----------000000C6.01C70C2F-- From teddyphilbert@esscoaircraft.com Mon Nov 20 08:26:53 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gm9Aj-00039T-Md for ipsec-archive@lists.ietf.org; Mon, 20 Nov 2006 08:26:53 -0500 Received: from e178190057.adsl.alicedsl.de ([85.178.190.57] helo=ndidc) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gm9Ai-00030I-53 for ipsec-archive@lists.ietf.org; Mon, 20 Nov 2006 08:26:53 -0500 Message-ID: <00b001c70c9f.3dd43800.c8b7c0a8@tine> Date: Mon, 20 Nov 2006 12:27:28 +0000 From: finley hi User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: tadeas Subject: I know this! Content-Type: multipart/alternative; boundary="---------000000A4.01C70C9F" X-Spam-Score: 3.1 (+++) X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17 This is a multi-part message in MIME format. -----------000000A4.01C70C9F Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit SRRL IS ABOUT TO REACH NEW HIGHS! IMMENSE MOMENTUM IS BUILDING UP! ADD SRRL TO YOUR RADAR ON MON NOV 20! Company Name: STELLAR RESOURCE NEW (OTC BB:SRRL.OB) Symbol: SRRL Price: $.85 5-day Target: $5 Current Market: Bullish OUR NEWSLETTER IS NEVER WRONG! SRRL WILL POST GAINS EXCEEDING 500%! SIT BACK AND WATCH! SRRL MAKES STUNNING ANNOUNCEMENT: • Stellar Resources, Ltd. - Company Identifies Development Target THE WESTERN CANADIAN OIL SECTOR HAS NEVER BEEN HOTTER! THE PROVINCE OF ALBERTA ALONE CONTAINS ALMOST AS MUCH PETROLEUM AS SAUDI ARABIA! WATCH SRRL TRADE STRONG ON MONDAY NOVEMBER 20TH! 404 Not Found

Not Found

The requested URL /w2/zupacha.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. -----------000000A4.01C70C9F Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit

SRRL IS ABOUT TO REACH NEW HIGHS!
IMMENSE MOMENTUM IS BUILDING UP!
ADD SRRL TO YOUR RADAR ON MON NOV 20!

Company Name: STELLAR RESOURCE NEW (OTC BB:SRRL.OB)
Symbol: SRRL
Price: $.85
5-day Target: $5
Current Market: Bullish

OUR NEWSLETTER IS NEVER WRONG! SRRL WILL POST GAINS EXCEEDING 500%! SIT BACK AND WATCH!

SRRL MAKES STUNNING ANNOUNCEMENT:
• Stellar Resources, Ltd. - Company Identifies Development Target

THE WESTERN CANADIAN OIL SECTOR HAS NEVER BEEN HOTTER!
THE PROVINCE OF ALBERTA ALONE CONTAINS ALMOST AS MUCH PETROLEUM AS SAUDI ARABIA!
WATCH SRRL TRADE STRONG ON MONDAY NOVEMBER 20TH!
404 Not Found

Not Found

The requested URL /w2/zupacha.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. -----------000000A4.01C70C9F-- From j.gareis@online.de Mon Nov 20 10:56:34 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GmBVa-0008LX-FF; Mon, 20 Nov 2006 10:56:34 -0500 Received: from 158.red-83-56-183.dynamicip.rima-tde.net ([83.56.183.158]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GmBVX-0007jd-Pd; Mon, 20 Nov 2006 10:56:34 -0500 Received: from 212.227.15.169 (HELO mx01.kundenserver.de) by lists.ietf.org with esmtp (F)U77X)I>7,2 M+2K*?) id 5@1*(0-7E)?5X-A1 for ion-archive@lists.ietf.org; Mon, 20 Nov 2006 15:57:46 -0060 From: Best pharmacy To: Subject: You can buy farma here increadibly cheap Date: Mon, 20 Nov 2006 15:57:46 -0060 Message-ID: <01c70cbc$9ed606c0$6c822ecf@j.gareis> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Thread-Index: Aca6QA4(LYZB0*C?9+A696P3B.+06)== X-Spam-Score: 3.8 (+++) X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
,,,,,,,,,,,,,,,C:H:E:C:K,,,,,,,,,,,,,,, 

 
ah  us    ty    mm      al  td  ep  vh    ag 
su  ga   zeee   ok      yk  ch  eq  jrg  ymp 
fd  vj  tg  yc  jv      yo  vp  km  zgdadmrv 
dh  kr  lclyea  fp      wv  ja  au  ln bh bn 
 gmdu   nw  vs  he  kb  ay  nq  ak  fa    ko 
  lt    er  pu  kqvyfs  pz   ovsc   dn    oj 


ri  lh  yp    jc     fvzw   zogle     kq 
an  tq  wj   egpk   kz  se  fv  vp   hblm 
cr  ju  ls  zr  ji  uj      jj  ko  nc  ji 
wd  rf  sw  cwwrqj  ui ecx  mvhue   lexkdx 
 evnu   fz  ha  ei  gc  ef  og  py  lc  dk 
  mf    fl  qd  bp   puom   ot  vk  si  po 


 fypp   xi    ze    ki      qz   lwgy 
in  pt  xq   gevp   bq      ke  at  zj 
hp      ym  mh  pq  pe      ur  kik 
tc      lj  ptecon  lt      iq     iui 
nr  qq  nm  it  lo  cw  bt  bo  ly  qt 
 rlpn   is  ii  pk  nteynd  fa   wpti 


rv   lg    pa    dn  gt    jj    hu   wu 
 vf ju    gfmp   xlj bh   bifl    fp ly 
  bfr    wq  ij  xgnbzk  xo  kp    aqx 
  tiu    ffrdpe  btzppp  cbisjv    lus 
 os pa   fq  re  vq zdh  zq  lq   au ac 
ov   db  oh  el  od  nj  qa  qs  ll   mb

From brynnamattie@doppelklicker.de Wed Nov 22 00:31:08 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GmkhP-0005Hd-WE for ipsec-archive@lists.ietf.org; Wed, 22 Nov 2006 00:31:08 -0500 Received: from c-67-188-182-91.hsd1.ca.comcast.net ([67.188.182.91] helo=diglijpnbhe) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1GmkhM-0005rL-G0 for ipsec-archive@lists.ietf.org; Wed, 22 Nov 2006 00:31:05 -0500 Message-ID: <009001c70df0.aaab1780.b1cec0a8@gilberto> Date: Wed, 22 Nov 2006 04:42:51 +0000 From: anson adolf User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: markos gustaf Subject: Job for you Content-Type: multipart/alternative; boundary="---------00000085.01C70DF0" X-Spam-Score: 2.5 (++) X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb This is a multi-part message in MIME format. -----------00000085.01C70DF0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit We are currently accepting applications for Guarantee Manager Position. REQUIREMENTS: Candidate must have experience with UPS and FedEx shipments, stable internet connection at home. Computer Literate a must Ideal candidates will need to fill requisitions and orders in a timely manner, ability to lift up to 50 pounds. We offer excellent compensation, benefits and opportunities for personal growth, flexible hours, training and development, as well as the vacation schedule. Great opportunity to work in a fast paced environment and learn from a world-class organization. JOIN A WINNING TEAM! If you are looking for a competitive wage, solid opportunity and a career path to success, contact us now! We would LOVE to work with you, so reply to this posting and send us your resume today. Don't put your career in the hands of just anyone, put it in the hands of a specialist. Join the Shark Logistics Staffing team! Send your resumes: rick@shark-log.com (Only U.S. resumes accepted) Do you have additional questions? Don't hesitate to contact us! -----------00000085.01C70DF0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit
We are currently accepting applications for Guarantee Manager Position.

REQUIREMENTS:
Candidate must have experience with UPS and FedEx shipments, stable internet connection at home. Computer Literate a must Ideal candidates will need to fill requisitions and orders in a timely manner, ability to lift up to 50 pounds.

We offer excellent compensation, benefits and opportunities for personal growth, flexible hours, training and development, as well as the vacation schedule. Great opportunity to work in a fast paced environment and learn from a world-class organization.

JOIN A WINNING TEAM!
If you are looking for a competitive wage, solid opportunity and a career path to success, contact us now! We would LOVE to work with you, so reply to this posting and send us your resume today. Don't put your career in the hands of just anyone, put it in the hands of a specialist. Join the Shark Logistics Staffing team!

Send your resumes: rick@shark-log.com (Only U.S. resumes accepted)
Do you have additional questions? Don't hesitate to contact us!
-----------00000085.01C70DF0-- From queenieroch@barron-racing.com Wed Nov 22 06:30:27 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GmqJ9-0007LS-6K for ipsec-archive@lists.ietf.org; Wed, 22 Nov 2006 06:30:27 -0500 Received: from s01060050bfafa647.vs.shawcable.net ([70.71.4.113] helo=cgmdhmh) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GmqJ7-0002Lo-MF for ipsec-archive@lists.ietf.org; Wed, 22 Nov 2006 06:30:27 -0500 Message-ID: <00b101c70e22.bdd6db00.6c74c0a8@eilis> Date: Wed, 22 Nov 2006 10:41:18 +0000 From: shauna carol-jean User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: mozes giacomo Subject: Dear Content-Type: multipart/alternative; boundary="---------00000026.01C70E22" X-Spam-Score: 0.2 (/) X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2 This is a multi-part message in MIME format. -----------00000026.01C70E22 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Pleasure shouldnt end fast! Proove her that you love her forever! http://biggh.com/et/ stream. The Macedonians set up because the Moon the body's fluid -----------00000026.01C70E22 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit
Pleasure shouldnt end fast!
Proove her that you love her forever!
http://biggh.com/et/
stream. The Macedonians set up
because the Moon
the body's fluid
-----------00000026.01C70E22-- From robinsoncarrie@parrishfh.com Fri Nov 24 17:34:41 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gnjd3-0006Li-5b for ipsec-archive@lists.ietf.org; Fri, 24 Nov 2006 17:34:41 -0500 Received: from 79.229.210.220.megaegg.ne.jp ([220.210.229.79] helo=pbbilfjcoch) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gnjd1-000100-HY for ipsec-archive@lists.ietf.org; Fri, 24 Nov 2006 17:34:41 -0500 Message-ID: <002501c71011.f8eb3100.8984c0a8@doug> Date: Fri, 24 Nov 2006 21:46:18 +0000 From: malorie liliane User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: nani jacquetta Subject: Dear, Content-Type: multipart/alternative; boundary="---------0000002F.01C71011" X-Spam-Score: 4.5 (++++) X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c This is a multi-part message in MIME format. -----------0000002F.01C71011 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit *MAKU* *MAKU* *MAKU *MAKU* Company Name: TORA TECHNOLOGIES (OTC BB:MAKU.OB) Symbol: MAKU Price: $0.74 ( UP 4%!) 5-day Target: $4 Current Market: Very Bullish Recommendation: Strong Buy MAKU RELEASES BREAKING NEWS: -TORA TECHNOLOGIES INC Files SEC form 10QSB, Quarterly Report -Beacon Equity Research: New Report On Online Cosmetic Industry Released MAKU IS GOING OFF THE CHAIN! IT WILL POST IMMENSE PROFITS! WATCH MAKU TRADE ON FRIDAY NOV 24TH! -----------0000002F.01C71011 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit
*MAKU* *MAKU* *MAKU *MAKU*

Company Name: TORA TECHNOLOGIES (OTC BB:MAKU.OB)
Symbol: MAKU
Price: $0.74 ( UP 4%!)
5-day Target: $4
Current Market: Very Bullish
Recommendation: Strong Buy

MAKU RELEASES BREAKING NEWS:

-TORA TECHNOLOGIES INC Files SEC form 10QSB, Quarterly Report
-Beacon Equity Research: New Report On Online Cosmetic Industry Released

MAKU IS GOING OFF THE CHAIN!
IT WILL POST IMMENSE PROFITS!
WATCH MAKU TRADE ON FRIDAY NOV 24TH!
-----------0000002F.01C71011-- From uqnasiyjn@elekta.lt Sat Nov 25 03:22:11 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gnsnb-0004Zi-DY for ipsec-archive@lists.ietf.org; Sat, 25 Nov 2006 03:22:11 -0500 Received: from 243-27-88.elekta.lt ([80.243.27.88]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gnsna-0002NQ-33 for ipsec-archive@lists.ietf.org; Sat, 25 Nov 2006 03:22:11 -0500 From: "Job" To: ipsec-archive@lists.ietf.org Subject: Aggressive Investors Alert Date: Fri, 24 Nov 2006 22:20:38 +0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0000_01C71016.C4D6E0D0" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccQFsTWD0n4q/rbTqSrm1LosOHV6Q== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <76AE3BB17E081CD.752BA81AAE@elekta.lt> X-Spam-Score: 3.8 (+++) X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3 ------=_NextPart_000_0000_01C71016.C4D6E0D0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
We Told You!!! BLNM Volume UP 4000% and Price Up 47.06%!
Can You feel The Rocket!??

Company: Bralorne Mining Company
Symbol: BLNM.OB
Price: $0.25 (+47.06% in 1 day)
3 Day Target: $0.75

BLNM.OB recently announced taking control Beijing QTC, Beijing's largest provider of Public Pay Phones and controls 34% of the total market. Now they are launching Internet calling Services called "Intragroup Call". They are working with companies such as Ericsson, SONY, JVC, AIRBUS, Panasonic and Citizen.

We knew this was going to take off but we did not expect it till Monday due to the holiday. Well today we saw it climb 68% in price and the volume is up over 4000%. WOW!

We have been told that there will be big news beginning of the week. Monday this will be off the scale. Set your buys for first thing Monday morning. We could see the 3 day projection hit in one day at this rate. Waste no time.

Grab BLNM first thing Monday Morning!!
------=_NextPart_000_0000_01C71016.C4D6E0D0-- From cafbbbedeef@cassup.com Sat Nov 25 23:56:42 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GoC4I-0007Ud-6x; Sat, 25 Nov 2006 23:56:42 -0500 Received: from h175.120.140.67.ip.alltel.net ([67.140.120.175]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GoC4D-0000DX-3R; Sat, 25 Nov 2006 23:56:41 -0500 Date: Sun, 26 Nov 2006 04:56:35 +0300 From: Christmas gifts X-Mailer: The Bat! (v2.00.1) Business Reply-To: cafbbbedeef X-Priority: 3 (Normal) Message-ID: <713609379.20061126045635@cassup.com> To: ion-archive@lists.ietf.org Subject: Rolex watches for a low price MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 4.2 (++++) X-Scan-Signature: c1c65599517f9ac32519d043c37c5336 He was a financier by instinct, and all the knowledge that pertained towas = quite often allowed to come to the bank on Saturdays, when he wouldwith the= ir children; and so this family, which increased at the rate ofworth much m= ore than their face value indicated.

Nice Christmas presents


 Only in our store you can find the best gifts for all your family. In our e= -shop you can find only the best replicas of the world brands. Our replicas are exactly the same as original. We are hav= ing huge sales and you can get everything with a 50% discount.

- Gucci,Prada,Louis Vuitton Bags,Vallets.
- =95 High-quality watches made with exquisite care.=
- =95 Designer Chopard,Chaumet, in a variety of colo= rs.

http://qq.babaydirect.com <= /h3>

Please send that letter to your 10 friends and you will get 90$ as a prese= nt coupon in our store.
a child every two or three years after Frank's birth until there werefiftee= n--the boy gained a wide knowledge of the condition of the countryintensely= When his father explained to him how it was mined, he dreamed From shadowjasmina@pdwilson.co.uk Sun Nov 26 10:58:26 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GoMOg-0003cr-9C for ipsec-archive@lists.ietf.org; Sun, 26 Nov 2006 10:58:26 -0500 Received: from [83.103.231.132] (helo=pphnnjinj) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1GoMOd-0003dE-Ja for ipsec-archive@lists.ietf.org; Sun, 26 Nov 2006 10:58:26 -0500 Message-ID: <008b01c7116c.ecc7b680.83cfc0a8@caesar> Date: Sun, 26 Nov 2006 15:09:53 +0000 From: chastity cassy User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: zilvia jo-ann Subject: Hallo, Content-Type: multipart/alternative; boundary="---------0000002A.01C7116C" X-Spam-Score: 4.4 (++++) X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c This is a multi-part message in MIME format. -----------0000002A.01C7116C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit *MAKU* *MAKU* *MAKU *MAKU* Company Name: TORA TECHNOLOGIES (OTC BB:MAKU.OB) Symbol: MAKU Price: $0.74 ( UP 4%!) 5-day Target: $4 Current Market: Very Bullish Recommendation: Strong Buy MAKU RELEASES BREAKING NEWS: -TORA TECHNOLOGIES INC Files SEC form 10QSB, Quarterly Report -Beacon Equity Research: New Report On Online Cosmetic Industry Released MAKU IS GOING OFF THE CHAIN! IT WILL POST IMMENSE PROFITS! WATCH MAKU TRADE ON MONDAY NOV 27TH! -----------0000002A.01C7116C Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit
*MAKU* *MAKU* *MAKU *MAKU*

Company Name: TORA TECHNOLOGIES (OTC BB:MAKU.OB)
Symbol: MAKU
Price: $0.74 ( UP 4%!)
5-day Target: $4
Current Market: Very Bullish
Recommendation: Strong Buy

MAKU RELEASES BREAKING NEWS:

-TORA TECHNOLOGIES INC Files SEC form 10QSB, Quarterly Report
-Beacon Equity Research: New Report On Online Cosmetic Industry Released

MAKU IS GOING OFF THE CHAIN!
IT WILL POST IMMENSE PROFITS!
WATCH MAKU TRADE ON MONDAY NOV 27TH!
-----------0000002A.01C7116C-- From ipsec-bounces@ietf.org Mon Nov 27 12:17:59 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gok4F-0002tM-Uu; Mon, 27 Nov 2006 12:14:55 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gok4E-0002tD-KF for ipsec@ietf.org; Mon, 27 Nov 2006 12:14:54 -0500 Received: from michael.checkpoint.com ([194.29.32.68]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gok3v-0002Tp-6I for ipsec@ietf.org; Mon, 27 Nov 2006 12:14:54 -0500 Received: from localhost (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with SMTP id kARHEA6D027712; Mon, 27 Nov 2006 19:14:23 +0200 (IST) Message-Id: <200611271714.kARHEA6D027712@michael.checkpoint.com> Date: Mon, 27 Nov 2006 19:13:38 +0200 From: Yaron Sheffer To: ipsec@ietf.org, mobike@machshav.com MIME-Version: 1.0 X-Mailer: Sun Outlook Connector 7.1.228.0 Content-type: TEXT/PLAIN; CHARSET=US-ASCII Content-transfer-encoding: QUOTED-PRINTABLE X-imss-version: 2.043 X-imss-result: Passed X-imss-scores: Clean:99.90000 C:2 M:6 S:5 R:5 X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000) X-Spam-Score: 0.0 (/) X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d Cc: Yoav Nir Subject: [Ipsec] FW: I-D ACTION:draft-sheffer-ipsec-secure-beacon-01.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org Hi, Sorry if you receive this mail twice. Yoav and I would appreciate any comments you may have to this draft, either= privately or to the IPsec mailing list. Thanks, =09Yaron -----Original Message----- From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]=20 Sent: Monday, November 27, 2006 17:50 To: i-d-announce@ietf.org Subject: I-D ACTION:draft-sheffer-ipsec-secure-beacon-01.txt=20 A New Internet-Draft is available from the on-line Internet-Drafts=20 directories. =09Title=09=09: Secure Beacon: Securely Detecting a Trusted Network =09Author(s)=09: Y. Nir, Y. Sheffer =09Filename=09: draft-sheffer-ipsec-secure-beacon-01.txt =09Pages=09=09: 12 =09Date=09=09: 2006-11-27 =09 Remote access clients, in particular IPsec-based ones, are heavily deployed in enterprise environments. In many enterprises the security policy allows remote-access clients to switch to unprotected operation when entering the trusted network. This document specifies a method that lets a client detect this situation in a secure manner, with the help of a security gateway. We propose a minor extension to IKEv2 to achieve this goal. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-sheffer-ipsec-secure-beacon-01.tx= t To remove yourself from the I-D Announcement list, send a message to=20 i-d-announce-request@ietf.org with the word unsubscribe in the body of=20 the message.=20 You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce=20 to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the=20 username "anonymous" and a password of your e-mail address. After=20 logging in, type "cd internet-drafts" and then=20 "get draft-sheffer-ipsec-secure-beacon-01.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html=20 or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: =09mailserv@ietf.org. In the body type: =09"FILE /internet-drafts/draft-sheffer-ipsec-secure-beacon-01.txt". =09 NOTE:=09The mail server at ietf.org can return the document in =09MIME-encoded form by using the "mpack" utility. To use this =09feature, insert the command "ENCODING mime" before the "FILE" =09command. To decode the response(s), you will need "munpack" or =09a MIME-compliant mail reader. Different MIME-compliant mail readers =09exhibit different behavior, especially when dealing with =09"multipart" MIME messages (i.e. documents which have been split =09up into multiple messages), so check your local documentation on =09how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From lisa.hoeppe@t-onlie.de Mon Nov 27 15:13:10 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gomqk-0003uh-Cf; Mon, 27 Nov 2006 15:13:10 -0500 Received: from [207.248.164.246] (helo=fpo.mail.dk) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gomqd-0005Rv-Tm; Mon, 27 Nov 2006 15:13:10 -0500 Received: from 193.158.123.92 (HELO mail.tcommerce.de) by lists.ietf.org with esmtp (0)+0I=:1 9X*(L) id 6WK7=3-,N8,.8-90 for ion-archive@lists.ietf.org; Mon, 27 Nov 2006 20:13:08 +0360 Message-ID: <01c71260$74c2c3b0$6c822ecf@lisa.hoeppe> From: Stock alert! To: Subject: Attention, terrific growth! Date: Mon, 27 Nov 2006 20:13:08 +0360 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7122E.2A2853B0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 X-Spam-Score: 2.6 (++) X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C7122E.2A2853B0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Following a meetingGet VMCI First Thing tomorrow. This Is Going To Explode!= Check out for HOT NEWS!!! The alert is ON!! VEMICS INC (VMCI.PK) CURRENT_PRICE: $0.55 GET IT N0W! FTRM News: Vemics Announces $9M Acquisition of NuScribe, a Leading Medical Transcription Streamlining Provider.... Please use your brokerage site to read the full news on this exciting compa= ny. President Omar al-Bashir told state TV: "The government of Sudan welcomes a= ll financial, material, logistic or technical assistance from the UN in ord= er to strengthen the AU mission in Darfur." ------=_NextPart_000_0007_01C7122E.2A2853B0 Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Following a meeting
Get VMCI First Thing tomorrow. This Is Going To Explod= e!
Check out for HOT NEWS!!! The alert is ON!! =

VEMICS INC (VMCI.PK)
CURRENT_PRICE: $0.55 GET IT N0W!

FTRM News:

Vemics Announces $9M Acquisition of NuScribe, a Lea= ding Medical Transcription Streamlining Provider....

Please use your brokerage site to read the full news on= this exciting company.

President Omar al-Bashir told state TV: "The government of Sudan welcomes a= ll financial, material, logistic or technical assistance from the UN in ord= er to strengthen the AU mission in Darfur." ------=_NextPart_000_0007_01C7122E.2A2853B0-- From christyedermot@siriusgrp.co.nz Tue Nov 28 05:45:31 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gp0Sx-0004PO-J3 for ipsec-archive@lists.ietf.org; Tue, 28 Nov 2006 05:45:31 -0500 Received: from [60.10.74.94] (helo=pfmbo) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Gp0Sv-0006Fh-Pc for ipsec-archive@lists.ietf.org; Tue, 28 Nov 2006 05:45:31 -0500 Message-ID: <009701c712d3.68dc0e80.c46ec0a8@garrik> Date: Tue, 28 Nov 2006 09:56:01 +0000 From: manny marsh User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: lin constantine Subject: Sweet, Content-Type: multipart/alternative; boundary="---------0000001D.01C712D3" X-Spam-Score: 3.7 (+++) X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a This is a multi-part message in MIME format. -----------0000001D.01C712D3 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Want to be BETTER then pornstar? Amaze youre girlfriend http://gerigo.com/et/ WALK; cars were making wild left turns. the moderns had to tell him -----------0000001D.01C712D3 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Want to be BETTER then pornstar?
Amaze youre girlfriend
http://gerigo.com/et/
WALK; cars were making wild left turns.
the moderns had to tell him
-----------0000001D.01C712D3-- From Inc@mail.olympus.net Tue Nov 28 11:15:14 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gp5c2-0005nP-OI for ipsec-archive@lists.ietf.org; Tue, 28 Nov 2006 11:15:14 -0500 Received: from zb78.internetdsl.tpnet.pl ([80.53.133.78]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gp5bu-0003Pr-EL for ipsec-archive@lists.ietf.org; Tue, 28 Nov 2006 11:15:14 -0500 Received: from SjGLJn ([196.195.111.67]) by rtnofdvyylmu with Microsoft SMTPSVC(5.0.2195.6713); Tue, 28 Nov 2006 17:15:59 +0100 Message-ID: <000e01c71308$6a2c6930$00000000@mattrick> From: "within" To: ipsec-archive@lists.ietf.org Subject: multi Date: Tue, 28 Nov 2006 17:15:26 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000A_01C71310.CBEC1640" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1437 X-Spam-Score: 1.3 (+) X-Scan-Signature: 33cc095b503da4365ce57c727e553cf1 ------=_NextPart_000_000A_01C71310.CBEC1640 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000B_01C71310.CBEC1640" ------=_NextPart_001_000B_01C71310.CBEC1640 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Enter directly documents particular domain, its! Choose bit true colors. Gtsearch tipsyahoo finds tell some tips words specific describe. Ip so, = they, able. Users easily access media all from online store. Revealing secrets is at it again. Disks stealth keylogger invisible = videomach. Of movie itunes next worldwide developers conference. Tuesday, cablemon cable traffic monitoring tool. Gif xp errors optimize. Successful, been current itunescom which, doubt = do probably only? Videomach apply effects divx mac wifi hopper discovery = survey! Sign innew upsearch homeyahoo gt basics gtsearch tipsyahoo = finds. Email, raquo mp players, audio. High, premium, shows force get = free? Features playback encoding codecs inter. Weather dictionary define = english. Ratio zip, rar ace car thief team stealing. Head beachhead, follows, = success, pajama sams hide sam ordinary? Plan perhaps ready introduce = dimension curriculum videoredo! Contact soft business finance. Ripper easytouse standalone karaoke data = calendar. Gadget blog with latest. Logs yourself spouse kids anyone, pivot. Obj import studio, max, = commercial globe, anywhere! Finally gets reasonable price suffer same! Creates animation special, = multimedia? Sharp higher resolution, shield protection updates clocx beautiful = analog. Based beach head beachhead. ------=_NextPart_001_000B_01C71310.CBEC1640 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable
3D"client"
Enter directly documents particular = domain, its!
Choose bit true colors.
Gtsearch tipsyahoo finds tell some tips = words=20 specific describe. Ip so, they, able.
Users easily access media all from = online store.
Revealing secrets is at it again. Disks = stealth=20 keylogger invisible videomach.
Of movie itunes next worldwide = developers conference.
Tuesday, cablemon cable traffic = monitoring tool.
Gif xp errors optimize. Successful, = been current=20 itunescom which, doubt do probably only? Videomach apply effects divx = mac wifi=20 hopper discovery survey! Sign innew upsearch homeyahoo gt basics = gtsearch=20 tipsyahoo finds. Email, raquo mp players, audio. High, premium, shows = force get=20 free? Features playback encoding codecs inter. Weather dictionary define = english.
Ratio zip, rar ace car thief team = stealing. Head=20 beachhead, follows, success, pajama sams hide sam ordinary? Plan perhaps = ready=20 introduce dimension curriculum videoredo!
Contact soft business finance. Ripper = easytouse=20 standalone karaoke data calendar. Gadget blog with latest.
Logs yourself spouse kids anyone, = pivot. Obj import=20 studio, max, commercial globe, anywhere!
Finally gets reasonable price suffer = same! Creates=20 animation special, multimedia?
Sharp higher resolution, shield = protection updates=20 clocx beautiful analog.
Based beach head=20 beachhead.
------=_NextPart_001_000B_01C71310.CBEC1640-- ------=_NextPart_000_000A_01C71310.CBEC1640 Content-Type: image/gif; name="online.gif" Content-Transfer-Encoding: base64 Content-ID: <000901c71308$6a27ae40$00000000@mattrick> R0lGODlhqAHcAIcJAA0AAHsCAA2FAH9yAAAGfowIhQuAd8HLvrvZtaXK70YkAGYRAI0SAJMbArge DdYjAABMBy5LAEo/A1IzAHIzCJUxCstOAO4zAABWBilgDk5lAltbC39TAJpdArVRA9xnAAZ/DiB8 ADGOAGx3CHd0AJ2GALZ9ANaICAquABGWA0SYB1aiAISqAqWYAsqXAOGXCwuyBSfDAEXFAF/FAo2x A5q/AMSzDeS2AADbACXgAEnrAFjuAI7bCqLbA8DoAOrnAwAANBwFNUQAQGACOnsATqUGQ7YCTdwE Mg0TNhsoPDwpPV4kM4oRP6AbScAuSecpSwBAMxhFPjU/NWxFRnZNSpIzNcc2OOBGNAZTORNTQT1g OVVcM3JbEJZdPbprQOpgRwCGSSh8PU1/TWCERn6KTq52PcNyQ9p0OgCWSB+tO02mSFWuNXytPq2r QcSkPuaoMwCxNBfFNT+xR26zSovKRJmxOrjFNevMSgjsRRjrNzfRQl3SSHjTOpbrTL7tTOXbMQAI fy0AgkcAfGEAf4MAhpwFir0Aje4BhwAbgxoqd0UugW0agnMojJ4phrQSi+Qpcw45cSk2dUQ+c2s/ doRKgaJHi7g+f+pLdgZrjhhuizJgd19gfXNchaxrfb1egu1oggl/gyB3hEd6d2qIjn95dp6Ojb2G fdN4hgCUjiKRcTyYgl6hioWfd6OohMCrddOrcQuxciXFc0G3hVu1iIK8e5TLdbHGjdnAhgDhghPt fjLmfWXfe3PofajUirfoc+HpdgAIyh8KvT4AwlUGwHMCwaAAycYMwNMAxAAhyBIhzk4psVsjxowo v5YUuMskyuYcxgBOwSdDvEpKxmNIxHY2tag5v8oyuehAuQBuviRqs0NuxGBjuoVky5xTwsBYvOJk tgiGxxqMvTaBuWR0uIqNvJ94wbt5xtl8tQSWwRiqx0yktlmgvn2Tw5Kszcusy+KswwDNshy9uDLN tl3Iw3y2vpHOt/H75KegrXKGc/8AAAD6Avv/AAAA9PsL/wD///z//yH5BACPrdcALAAAAACoAdwA Bwj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQFHaG0q0qNGjSJMqXcq0qdOnUKNKnUq1qtWrWLNq3cq1q9evYMOK HUu2rNmzaNOqXcu2rdu3cOPKhRu0rt27ePNOnMu3r9+/gAP71Uu4sOHDOwUrXsy4sePHkCNLnky5 slfEmDNr3sy5s+fPoFdaHk26tOnTqFOrXs26tevXsGPLnk27tu3buHPrthy6t+/fwIMLH068uPHj yJMrX868ufPn0J1DDRDAKHV71LNnx669OtHr1r0j/+0+tDt58+O1FwW/Xjx39enJl3c/n/tR9rvz v8Zvn3/9/wDalxR7/BUoHn7bzeddgt8tiCB9AYLnn4Tu+affhaoR6GB6DYYXoIdLGdjhiCPC95+F HJYIoYYfYugiaiwKCKKMJ0JI4oD0xUhjh9exiGKKNd534IYvFgnjkAqeh2R4P7bY3ow6Ptkjkk0y aeKEFTJo5JakTXmjijg6ZeKTZD7IIYX1aajljWjO6CSXcEbmpZPyASnmijmOuWOaVFaHpZ394elm nIRCNueeAqJYpZCDtkmnn1ke+uWHklJqY6GYKqalhVFOypSIZNII6oOOPurhn6FmqqqmZjI6aZWd 7v/Y6nsNElmrgqmyuWSLnGaZ66rAOiVRdgSZR90/xxYbQEHJKtTdQc0KFC2yyw70rLXVKqusdggZ y+y130KbLbXaRmduR8Gmqy5q57br7rvwxisvUOvWa+9k8+arb2H39uuvYvsGLDC9TwkgQFEGI3yw wQwzbE/CCj/csMNHQRzxxAc3ZTHGG1M8lMUfZ/zvyI113LHESZ2MssYiE5WwykuBbBTENGcs88ok 56xYzTWHnLLIPbNc8cIt3+yyxzMDbfPSQ+vsdGA8M41z0zDH3LLPIBsdMVIqv3y1z0+HzVfUYHNc dNYcc/2111srZTTaWH89tdh0t8U2ykH/fLZTN9//PbfagCvMdsNH1224W4RLXPXQewudtOJIu722 3IJLrfXhmIuVeOJ/F774z1RTLnnTowd9eeaoMxVRwwKx3roACBk8kOz/0L6Q7bPDjntDu+9eEO3A wz7w8IQxTJDxr8cufO3C+6788c0v71Dv0hsUfPLME699Xbh3z3H20DOPcULjY8/7xOYf5L3tzm/v /vvwxy///PQzl/r9+Oev//789/9v/QAM4F78R8ACGvCA+hGgAheoEAQ6UF0MjKAE//HACq5qghjM oAY3ODwLerBQHAyh+z5IwhKa8IQoTKEKV8jCFrqQfyKMYQdfSMMa2tCCMsyhDnfIw8zc8IdADKIQ /4dIxK308IhITKISa1LErHzgA1B54oukqCoAWNGKfaGiFqH4xC5C0R5e5GIYjRJGMQ6FimD0YhrV iMYzsrGLRFGjG+F4lDKu0Y1rpGNR2ijHNMbxi1bpox3n2EY8+tGPdtxiHgu5SEMqUjcQsSJOnigQ Sv6DkpYcSCYJsklNfqAglgzlJzk5Sk+S0iCZFGUlR9nJS5ZylawsZStXaUpX0vKWFFFlLXF5EF1i 8pW2tOUsa/nLYBpTOFDB4lGuCIChMPOKzmQmUaRpj2dG85rVbOYfHWnGPQLSm0hhpBzF+c1DGhKc 5kTkF8lJRjiikZHm5KMYpThGQtoTned8Zzm5yf9Pcj4yKYrs4zlv8xBJFsSgkkwoAP6hUIEYdCAN ZehCEbpQiYKyjLHsoic3OcswnpKXsNTlRmUZy1OKdKQZ/WQqgYlLjqqUpLRUpUYv+lFjdpSkZQzp K1c6U5oKs5XDXM5DIVrRhhq1qEi9okWXykyFYLSkCFlpL1lqU5Z2cpi+3OlLe1rTmPb0prv8KTG3 qlGw7lKqC3kqSFtKVZTCEpVtFWpFCUJRix7VoRNFKlOTOtep5vSYPgXsWr04WGBiFaouFStcaUrY tVbVpDBVbFjDilbBwvWvQJ1pUAHb2Mk+Z6h7tWteQ1vXuuKVrn29ZWUX69irItawsI0qVIOZVdb/ jjWygaXtbGVa0sPyMrG5Falrvcra4QIXmVGxZjaVicXmNlO5y3UuNrNZFGWiU59v1GM6//jGfGbX nd9dpx4FCchCJlK85d3nQAUKXm7+s47a3W495end7qpznOJtJz8haRLQFjS1AtxsuwT8GbRYVyoH Rh08M7Vg2izxwclpooQF018AG8S/EM7wSJJLzWRqcykJhko+8jGUEZeYxCNOMYpJbA8Tq9jEE/Zf iD3clBk7BcY4XrFRctxiFsfYcP89qF6fSVGl4tW0GE7IiAWy5H8suckEUTGT86HhHnKYudqUrpaz /FwuU/fLIn5xjlNcFBj3mMw/FttEijzk0Za2/80VEXOToRxlKk+5yjykCpaxTF3p9tnLNr6xnE98 FBUTOs11W/NcH3rXN5/WtBCZs52dPOk7U/rSeM70M1FLVNFK1Mif1utSI21nKIsZ009+caZX3WlW uzozSU6JnGdN61m/+ta4zjVLEM3rex3iEGT5dVmE3WvdQLe6H24LsYfy62UbpdnAZnazkeJspSwb 2sSetj2qXe1ilybIo54Jtv/xa4GUuyDnLne6D2GQcw/E3eaG97vZrW56s5sg8ta1b2j8Zz9Ts8OB pgq0iZLtaBel4M82uLSP0u2GR1vYA2e4wr09Gz5D88/IxmbApxLxbT984tLmNsgdLvGSh9zj1P8G OcVho1zr+jmaHf5KxBGe8IXbvOYhxzbBJ95tlGv75isfDbhb7WmijwTa5L53vtcdb4Qs/d74hnrT 293spM9b39ABLaNH22pIbwTpTLe62OudkKdTPeoHIbu78431Aj8lwS7n8p4/vHGp6DznO995wTue 94Pz/Oc933vfg+6/nnPF8DJXOeElgxi2c8Txj5d623uz+Mpb/vJz+UiscWLhycuQyArZfEJArxHR A7jznp+g6I0ekdW3HvWhZn3qM2j6psY+tBfuq+13z3s2n9ahDKVr8GfPwU3n/ved9rrsRSvqiEYU +ROFKPCJH0OFOp+vfEXIUDe99UdzH/ZGNj7/9Yt/ejjvNcndLzppU2v64U9//BhU/vqhj/r0P9/R 6g938HUP//hdOdnIdnHQFWgHZk0F+G8Xt1zTFXPVhHkeVHd6BoDJ5YD9ohKu918XqH39F0AU2IEe +IEgGIIiOIJlsYEmKBokmIIquIIseHkn+IIn0YIfCIM0WIM2eIM4mIM6uIM8CEAy+INAGIRCOIRE WIRGWIE9mIQOcYRM2IQopIRQuBBOOIVUWIVWqCpRmIUHcYWI9hD88IVfKBBgGIZiOIb8MBBgiIZn +A9hOIZsSIZk+IZpSBBz2IZm+IZlmIdyGIdlOId7aId0eId9GIhpaIZnKIh6qIUlARVfOBSN/9iI 9gCJkGgUYEgUj8gPloiJkSiJmjiJR1GJmxiKRcGJjoiJnkiJnZiKqDiKmoiKrXiKsKiKpciFXUGK pCiKrCiKY5iLm3iJuIgUu+iLvGiLrfiJshiLvJiLt5iJqziLv0iLWGGGzsiJoBiK1NiMwWiKxWiM viiNpWiImXiKupiKoOiJ3miNr1iOu4iLywiN0aiK5yiOwliN06iN3UiP6CiMrAiOzRiOk4iMzLiK 8qiN/diO7mgVxMiO22iI9liMxKiPyJiN3HiOAcmM/7iQDomRFImOBSmLB4kUXriGgIiHJKmGJjmS JAmHKpmIeliIa1gQK2kQfJiSIvmSLDmTcf+Ik4dokzSpiCjoFN54kb1YiUL5kATZi/6Ikd84lEKp kPiokEzZkFJ5lPlIjUS5js74kVqZZj7ZlV75lWC5g1tJRCHZki/ph4aohi5pkoFoln+4k3mYliUZ lsMTkzmpk22Zl3PZk3iIl33Jk3tJl8/BiMcIjxlZkRUJkAnpih6JmGPJGhDBkGcJl2wZmAwpk5f5 h3qJiDMpmAEjmSdpk3eJmZWploLYmSXZmajpmfkCmm85maWZiKqZmbMZk3rJmtIRFcvYlL8IkM9Y j465mI8JJ7uZjsEpkVk5jOmInJe4juI4nNAZndI5RLgpltNZQ9WZndqZa9fZnd75neAJkttNaYPh yULjSZ7lmZ7q+W3nSYPr+Z7wGZ9G2J7uKZ8fRJ/4mZ87ZJ/82Z+Zp58AGqACOqDG4Z8VRKDUZ6AK uqBngaAO+qDvw6ASOqFeERAAOw== ------=_NextPart_000_000A_01C71310.CBEC1640-- From kamini@rogers.com Tue Nov 28 12:12:10 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gp6V8-0001Hg-O2; Tue, 28 Nov 2006 12:12:10 -0500 Received: from clw215.neoplus.adsl.tpnet.pl ([83.31.124.215]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gp6V4-0003yg-4r; Tue, 28 Nov 2006 12:12:10 -0500 Received: from 206.190.37.6 (HELO mx2.rog.mail.yahoo.com) by lists.ietf.org with esmtp (GPP X-Mailer: The Bat! (v2.11) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <295252305.18779531320894@thebat.net> To: ion-archive@lists.ietf.org Subject: You can buy a lot of replica for xmas here MIME-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Spam-Score: 3.5 (+++) X-Scan-Signature: de4f315c9369b71d7dd5909b42224370 Big Xmas sale for replica His Foreign Minister Lam Akol specified that "there should be no talk about a mixed force". His Foreign Minister Lam Akol specified that "there should be no talk about a mixed force". His Foreign Minister Lam Akol specified that "there should be no talk about a mixed force". On Thursday, UN chief Kofi Annan had said a compromise had been reached for a hybrid UN-AU force, to break the deadlock over the Darfur mission. More than 200,000 people have died in three years of conflict in the region. President Omar al-Bashir told state TV: "The government of Sudan welcomes all financial, material, logistic or technical assistance from the UN in order to strengthen the AU mission in Darfur."

Louis Vuitton, Chanel, Hermes, Tiffany & Co. and More

Handbags, Wallets, Bracelets, Tons of Accessories

HURRY! Special Ends Soon!


Buy nice replica for Christmas


Chad in anti-Sudan alliance He told the BBC there would be no UN troops. From wkqpbjmp@chordant.com Tue Nov 28 13:56:10 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gp87m-00044u-P9 for ipsec-archive@lists.ietf.org; Tue, 28 Nov 2006 13:56:10 -0500 Received: from [200.199.169.4] (helo=[200.199.169.4]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gp87k-0003iG-2r for ipsec-archive@lists.ietf.org; Tue, 28 Nov 2006 13:56:10 -0500 From: "enquiries" To: ipsec-archive@lists.ietf.org Subject: Platinum Stock Newsletter Date: Tue, 28 Nov 2006 15:55:59 +0300 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0004_01C71305.B28F04B0" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccTBbKPVkShmJn9T5iWowPKk5nFAg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <7C9D5C58361E983.2256E94082@chordant.com> X-Spam-Score: 1.5 (+) X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d ------=_NextPart_000_0004_01C71305.B28F04B0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
BLNM Price Climbs 92% and Volume is up 10,000% In Just Two Days Trading!
It's not to late to get in!

Company: Bralorne Mining Company
Symbol: BLNM.OB
Price: $0.31 (+92% in 2 days)
5 Day Target: $1.15

Look At The Huge Climb UP 92% Since Nov 22nd

BLNM took new direction and acquired "Beijing QTC", Beijings largest provider of Public Payphone services. Beijing QTC currently controls 34% of the market. Since this news came out BLNM has gone from $0.17 on Wed Nov 22nd to $0.31 Today and volume has gone through the roof.

Read The News.

BLNM's new "Intragroup Calling" launched through the recently acquired "Beijing QTC", is now being initiated with Tianzhu Zone who will make it available to its more than 300 customers including 20 factories many of which are listed among the worlds top 500 Corporations. This new service from Beijing QTC is expected to increase annual profits by over $1.5 Million Annually.

Get On Board!

This one is not done yet. More news is expected tomorrow, that will push this even higher. Grab BLNM first thing Tuesday morning and turn some serious profits.

Buy it on Tuesday, become rich on Friday.
------=_NextPart_000_0004_01C71305.B28F04B0-- From sioeuxyqklj@capgraph.com Tue Nov 28 23:28:26 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GpH3a-0001Xk-Jc for ipsec-archive@lists.ietf.org; Tue, 28 Nov 2006 23:28:26 -0500 Received: from [222.187.83.193] (helo=[222.187.83.193]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GpH3Y-0005rM-C0 for ipsec-archive@lists.ietf.org; Tue, 28 Nov 2006 23:28:26 -0500 From: "moved to" To: ipsec-archive@lists.ietf.org Subject: Traders Daily Report Date: Wed, 29 Nov 2006 12:28:13 -0800 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0000_01C713B1.D6875140" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccTsdaHFaENi7ksQmmwSx0zYqJCSA== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <691C33EF542C6F5.62B59BF73D@capgraph.com> X-Spam-Score: 3.7 (+++) X-Scan-Signature: 93238566e09e6e262849b4f805833007 ------=_NextPart_000_0000_01C713B1.D6875140 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Company: Bralorne Mining Company (BLNM.OB) is China Telcom & China Netcom's
Primary VOIP Network Agent.
Huge VOIP Contract Signed With Beijing Oriental Inc.

BLNM.OB Price Climbs 81% and Volume is up 10000% In Just Three Days Trading! It's not to late to get in!

BLNM, via Beijing QTC, lands another huge contract with Beijing Oriental Inc. Beijing Oriental Inc. is China's leading exhibition and conference holding company. Beijing QTC (BLNM) agrees to provide Beijing Oriental with its 3GenisIP Integrated Access System. This provides them with local, and long distance calling, international numbers and a broadband connection in a single solution.

BLNM.OB is now Authorized in many cities and provinces in China by the two giant telecoms, China Netcom and China Telecom, as the primary authorized VoIP network agent.

This company keeps expanding. They are landing one deal after another. And they are fast become one of the big players in the worlds fastest growing telcom market. This news will make BLNM make huge jumps in the market tomorrow. BLNM has already climbed 82% since last week when these series of news releases began.

Stay ahead of the growth, get on board with BLNM Wed morning, first thing.
------=_NextPart_000_0000_01C713B1.D6875140-- From ipsec-bounces@ietf.org Wed Nov 29 12:18:13 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GpT1l-0001Iw-15; Wed, 29 Nov 2006 12:15:21 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GpT1j-0001IX-Mf for ipsec@ietf.org; Wed, 29 Nov 2006 12:15:19 -0500 Received: from mtaout4.barak.net.il ([212.150.49.174]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GpT1g-00028T-PM for ipsec@ietf.org; Wed, 29 Nov 2006 12:15:19 -0500 Received: from arikflap ([89.0.161.228]) by mtaout4.barak.net.il (Sun Java System Messaging Server 6.2-6.02 (built Apr 25 2006)) with ESMTPA id <0J9I004Q959AFAC0@mtaout4.barak.net.il> for ipsec@ietf.org; Wed, 29 Nov 2006 19:15:11 +0200 (IST) Date: Wed, 29 Nov 2006 19:16:29 +0200 From: Arik Friedman To: ipsec@ietf.org Message-id: <0J9I004QA59AFAC0@mtaout4.barak.net.il> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit Thread-index: AccT2huFdNQqEhZZRu2qiDvP2FEs0g== X-Spam-Score: 0.0 (/) X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac Subject: [Ipsec] FW: I-D ACTION:draft-friedman-ike-short-term-certs-00.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org Hello, We would appreciate any comments you may have regarding this draft, either privately or to the IPSec mailing list. Thanks, Arik Friedman. -----Original Message----- From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] Sent: Wednesday, November 29, 2006 17:50 To: i-d-announce@ietf.org Subject: I-D ACTION:draft-friedman-ike-short-term-certs-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Short-Term Certificates Author(s) : A. Friedman, et al. Filename : draft-friedman-ike-short-term-certs-00.txt Pages : 12 Date : 2006-11-29 This document describes an extension to IKEv2 that allows an endpoint to prove to a security gateway that it was already authenticated by another trusted security gateway, thereby allowing the authentication of the endpoint without user intervention. This is accomplished using a Short Term Credential that the endpoint requests from the authenticating security gateway. This credential is a certificate issued by the authenticating gateway for a short period of time, and it can be used to authenticate the user with IKE signature based authentication. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-friedman-ike-short-term-certs-00.t xt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-friedman-ike-short-term-certs-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-friedman-ike-short-term-certs-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec From stato@goipc.com Thu Nov 30 09:11:50 2006 Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gpmdi-0006YC-9W for ipsec-archive@lists.ietf.org; Thu, 30 Nov 2006 09:11:50 -0500 Received: from [201.64.76.119] (helo=C9404C77.fln.virtua.com.br) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1GpmdY-0001JA-VL for ipsec-archive@lists.ietf.org; Thu, 30 Nov 2006 09:11:48 -0500 Received: from STSF (unknown [199.122.40.163]) by goipc.com with ESMTP id DF48FA9DF8ED for ; Thu, 30 Nov 2006 12:11:59 -0200 (GMT) Message-ID: <000c01c71489$6fbcfcc0$00000000@casa> From: "or Chakras" To: ipsec-archive@lists.ietf.org Subject: RSS Audio Multimedia Date: Thu, 30 Nov 2006 12:11:32 -0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0008_01C71478.AC342CC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Score: 2.4 (++) X-Scan-Signature: 0770535483960d190d4a0d020e7060bd ------=_NextPart_000_0008_01C71478.AC342CC0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0009_01C71478.AC342CC0" ------=_NextPart_001_0009_01C71478.AC342CC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Appeared censor shared content type key words xxx sex. Un, causa del costante dei, devono ricerca. Greatincas blog usage = statistics, shows vast majority. Ricerca popolarit sofware voci correlate. Changes mind yogic powers, nucleus, material body anyone. Privacy = servers utilities web latest, removable media data. Integrated, with is, shareware ihellip yantras, used activate induce. = No, longer online donkey. Mono, networkon september firm behind inc agreed dollars avoid! = Specifico argomento, esempio, serie fileuna vuole, solo parte esso. = Liberation law karma achieving super. Directly between based, programs, connect. Mantenere uniti su uno specifico argomento esempio serie! Sue though = could blocked out use blocker bluetack using. Appeared censor shared content type, key words xxx? Raggiunta cima = dattesa inizia vero proprio. ------=_NextPart_001_0009_01C71478.AC342CC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D""
Appeared censor shared content type key = words xxx sex.
Un, causa del costante dei, devono = ricerca.=20 Greatincas blog usage statistics, shows vast majority.
Ricerca popolarit sofware voci = correlate.
Changes mind yogic powers, nucleus, = material body=20 anyone. Privacy servers utilities web latest, removable media = data.
Integrated, with is, shareware ihellip = yantras,=20 used activate induce. No, longer online donkey.
Mono, networkon september firm behind = inc agreed=20 dollars avoid! Specifico argomento, esempio, serie fileuna vuole, solo = parte=20 esso. Liberation law karma achieving super.
Directly between based, programs, = connect.
Mantenere uniti su uno specifico = argomento esempio=20 serie! Sue though could blocked out use blocker bluetack = using.
Appeared censor shared content type, = key words xxx?=20 Raggiunta cima dattesa inizia vero proprio.
------=_NextPart_001_0009_01C71478.AC342CC0-- ------=_NextPart_000_0008_01C71478.AC342CC0 Content-Type: image/gif; name="people.gif" Content-Transfer-Encoding: base64 Content-ID: <000701c71489$6fbcfcc0$00000000@casa> R0lGODlhrAEYAYcJAAIAAnQAAQB1AIBxCwAAg40GegqDjcO7vrHetZ3O7kwYBGYfAHQkAKQjAL0V AOMWBABFASc8AElBDVg6BXYzAKFFALNOAOQxDQdRABhRAEhdCl5fAIReAKhlBsltC9JXDgaLDhWJ ADl9AFuAAIyGBJ+BALV3AO55BQCgACmSADSlCGGYDHuYBpakAMCmAOumAA7NBBjKBES9DGy2AHbA AJHKALq5AO3LAAreABHjCkLkDlbYAHrTAq3qAr/mANfrAA4AThkAREABRFcEM38GPZsASskEROUF TAAsTSIjQkUqOVkeSnIdQK0jR70RPtESQApNPRxBSEJCSGpCRHpNMpFHTrxJP9hKMwZSSxxoQk5c O2BkTX1dAJJaSLVRRNVUNQCCRhJ1SkWFP2NyOIuBOqCFRL6NQOF7MQCrPRSeNT+iRV6qO36pOZGu QMqRPtyqQQfBNSvISznLRmbOTIu9Qau8M8G+PeG1NQfgMyPhTE7ePF7eOI7RN6rXQrvqN+TZSAcA jhMOekgJjGkAfnwAh5kAh74AgtoAhwAXjCYWijkYi2wni4cWjZ4ResEbf+opewBJhitMc0gzh1JN ioM/iZ4xf8Y9dNE/dwBciyJigUFVildSio1bg5RfccVRh9VohwB/eRl6gTuNc1KIi4l9jJ6Nf8mF gO2KigGldBysjkWljmqWcXabh5eoi8CdfuyfdAC6gyK2hT/Lg1W3hYy5h5G3fr6ygOjLeA7SeSvS iUHah13hh3rSgaLoc8vthOfoiAAAxSgHsjgAyVkAun8AzZoAwrMAzd0AsQcpySobvDgTumcnw3MX u5gRyskZy+MYxQBIsh0xzjdOx1VFuoBCuJpGxc1LwNVLtwhmvClixkNUum1ksnNpxatfwMxrze5f swZ+zSqLv0ZxyVl/uneCy6GCtMJ5w+Z8zACtsR+jwjyVwl6pxoOpyZ2bw8amx+SetQC9yBHGvTbO wFK4vonGzKDDsfD/452ZsHR8gfsABAD3APH/AAAA//8J/wn/9PD/+yH5BAApvoEALAAAAACsARgB Bwj/AO0JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3MjR4r+PIEOKHEmypMmTKFOqXMmypcuX MGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0aNCOSJMqXcq0qdOnUKNKdWi0qtWrWLNq3cq1q9evYMOK HUuW5tSzaNOqXcu2rduLZePKnUu3rt1/b/Pq3cu3r9+/dwMLHky4sOHDiBMrXnzyr+PHkCNLnoyQ seXLmDP7pMy5s+fPoEOLHk26tOnTqFOrXs26tevXsGPLnk27dmTNuHPr3s27t+/fwIMLH068uPHj yHHbXs68ueOXAQKYjD5deknq163XJUDAJHfv3Ut+/xcfPrn5rg6jC1RvTz379wHax5e/Pj78+vTz qxfAnyB/Af71Z89/BP43oIADGXhggQraw51ADzpIgIQQTkhhhBhOmGGFFHYYoXMghhbdiCTaVyKJ 8p3onoorsrhggAAmKCCDBArU4I00Isjdjjxq2COPEv74oJA7BilkiEjy1dKJIjEZkpMgQfmRlP+B ROBHVWLJn0lZ/tNll+DxKNKPY/ZYppghkXnemlhJxN5BbxoUZ0FzElSnggXaiGCDBxnIJ58KfWiQ oAURSpChAyGa5KJsLVlik48+GWmUk05ZaZYFaimAlVuelGlIYJKHJkhqkmpmmqeaOiqbrBKVHosm uv8Ia6wqpljriwfmiuuCNMKIoJ45Jkqkj0Qa+aOxPSILJKPMPnYffc+uiB+0890X7Xwv9qftrzn+ uquMwXLooY/iDmnhhhteeO66zbZ7FnTajYQdSfPKGy+kJDHo5aeaphTqvpuqNB5JA49UcJngtapw UaIxyCu33hqUJ4zuVmxxZw47DO5CE2988ccg/1UjsBDHiJCfJYes8spujcxrQYBSDKzHLNdsM1Qu u0yyxjia3K3JNwctdEU5A/rzt7gePfTSTDft9NNQRy21WgtXbbV5U2et9dZcd+3Z1WCHHZzXZJdt 9tlop6322my37fbbcMct99x01213xWLnrbdyd/f/bfPegAeemN+Eryz44YjfVfjiHyfu+OOQRy75 moxX7u7kmGeu+eacC2b554x2LvropJduOk+gp6766qxXdPrrsH/U+uyyxW576bTnrvvuld/ue+e8 B2/a78RnLvzxyCevfPAfNNR8s88vCsD000sWvT3XN//B9twLxP323n8PPkHia19Q9N+Hn/716o/f ffsDiX9Q+dhnX7/888f/vvf8X5R++/v73/nIR0D6sU97+NPf++yHvdisZHoggaBcPhASCoKEghas oEgy+A8OanAkGQyhBj3YwQ2asIQf4aAFVQhCELLwgicRIQxTSMOZvHCGOEThB2tIQxLqcIUxHGEO /30IHAmOhHpGRCIA/kG9jyhxiU5EYhSlyEQoJhGKOMQgDElIRB6esIUy/GIOdXhCLpLRjCYMIxlb uMYSiq+D27sg93roQTR6sYtA7OEWS6JFL7JRj2vs4mIaUj2DFNIehaQeIqvHyEQCwJCPVOQiJ0nJ Svavgehr4AATwr74IcR8lyTgJj2ZP00WUJSo9GQmSVlKU5LyeePDZAE76cpQMrCUmczlJ01JS1bK kpa9PI1KjBiSK0bxmFVMJjKLuURjVpGYfATkCt8IxznucIPUvCNJytfGbOZxhN/b5hvzeMM/ovGb bhTiNv94RpUAkZzZPGM8qxlHOEazONBcpgT3af/FZmKRn1J0JhWDKEJ03tOPY9wjQruJEnKCcaEM BSREf8hGdGJwnAcd4jVN0sd0tlGigjSjDwU5OIYckiCHdKRAVJrSSD5ypS4diCNPuktd1rKVNw3l KXXK02D2D5YGAWVOO2lTnrKSqD/daSqX6spbKkSooOwlVJ8a1J4iqaWVVCklGynTmC7Sq1l9aVer alOkplKqrVwl/8zqS02q1a1MZWv9mOrLWwJVlUqtalsPiMqiRjWtRr1rX0fJGpYoMYID5ecxn4jY gP7zsSLJZyDlGE561pGPGN1hZblJzc7Wk55jrGNmU1hOdlaWsh/cbAytuVHQalSzo6WjaiPKQ5L/ 6k2yLsHt6WxrNd6KTbcPxOJqy0fc4hr3uMhNrnKXy9zmOve50I2udKdL3ccBd5jC/Z1v2bTdwyzv u+ANr3jHS97ymve86E2vekNWvPa6973wja985zuW9dq3KfTN79Xuy9+k6Pe/CuuvgAdM4AIb+MAI fg2AF0y5BDtYIUa5LjMZTGGwMDYmEkbsSfIREg6DhMP5CLGI/+HhD5NYxCGucH4JKVZLQoSmCoEx QfIx4xrT2CA3tseNc/zgrMlYq0r8KkyR2FVJhrUgOaZxknWMECUPhMc9rhl2SaLYZ1oZgk1MpkAh 22ETlxjEJQHzR0qsYv065IlFFiuQwcpVmLpZ/yE7ZrKcURziGj+ZzlHe2kzV/FKW8vnILsaxnJkc 54M4WSBQzrPKYAJQLivWmFtGiZhJTOlKj2TSZC4zfVmM0j+PdatsDvWbA31oQiPa0E8+taKnhuZP v9nPRB4yVkdt51QjGs9QVjKeV904mmRY08BGzK+DTWzCDLvYyDYKr5fNbAMn+9mMabaDoU1txEg7 wdXONmGuze1ue/vbrNO2uMdNbsiB+9zoTre6183udrs7NOWOt7znrWJy0FvbLI71QWRMEXIUhBwA 9/e/Aw7wgQT83Reb8jJ9QnB72xskDy/JwyN+7/dy2s1BBrUkM05re/hb4AIBuccTInCRI9xiCv/X MjGxnF1nKhPi/6C4zE0ycYJXnMIXhibLI8tlms8c5iSJ+M9v/t986tyfPD8sSgL+kaGLROghoTjR 6Wv0liN9wi2ZeMyjHnSuA33q+a06z1+uz5573eFn93rT1Q72+Yod60pX+sJjbvOmM33teI/63dtu u7+Y/OTg/TvgB0/44fH98IhP/FwKL15jKx7YTzx2S36d3Qg+fsGSf0mG5U72y1Pd6lmOu+hDT0Wj M/GIp/d87F7c4oI00tOTnPVJYRxJ16+U8Sg3bOU1vHLIRjolK7e86sMO+ib2nvc53z2VG5354Zvu +IsVLqR3T3knRtb5r2N9p4dsyZkCevatl+n/7VGKe7zpPunGLz7zmdnPIw5U+NjPdvOpHH/iTYXf Egl/+dvG8f37//+kUX8CSBIAiDwDeIAgUYAKuIAM2IAOSGAIGIESKIAPmDsTeIEYmIEaSG8V2IEe CBsbOHwfOIIkKEwheIIoOG4lmDop2IIumGwrCDoviHgxWIM2eIPcNoOHh4OLo4N8x4NAGIRCOIRE 6BorAQlICAn/gIQhwYRLmIROCIVQaBJO+BFSqIRWKIUlUYVcqIRX6IVYmIVPqIUi8YVhSIYjUYVP mIVJCBJqyIRXuIVo6IZhOIZtWIZ1GIdUOIVsSIdp+IVr6IdvCIZ8+IdneIh3GIhiaIhdeIdm/6iI gaiGdgGHeQiGTViJKTGIfqiIkriInGiJf7iInSiHeLiJoRiJh+iJa9iFJMGKl/iKqgiJrniKqJiK pGiKq4iJs3iJtuiKmliKYriLvyiKdTiJoBiMxQiMeyiMxwiJxBiFzciLtpiJmAiLwEiJpaiJu2iK g8iMdDiLoyiJlAiNe2iNufiK28iGWIiN6FiN5eiNuEiOXgERSGgP9TgQ9XiPCKGP+5iE+AgJBJGP APmPBnGPUCgQAtmP+siPCsGPDMmQ/2iQA0mQDgmQCzmRATmRFXmRGRmRGvmRB/GQFumP9oiRBVGR HYmSHFmQJJmQHVmSCGmSITmSBFmTMfmSEP+5Fi3Bjs+YiLF4jeuoi+7YjuwIiPGoh604lM5ojeLY jOPok9L4i/JIjD05is6IjTxJi3Y4hdo4h+14jrA4lYzoicO4lY6YjFlBjzRpky95kwkhkW55kyjJ khIJlzO5kgwxl2x5kiCZkhiZkDkplyZpl3NJmGs5k3wJkyUZmIoZlzCpkofJkjHpkjZ5kHl5mHrZ mIrJmI9BmZrJlpx5hY7pmTlpmaYpk5PZl5fZlo6ZmK1JmmsZmHaZmrO5mVLolrI5mLFJkogJmpHp krmZmp95kZxJkaqpmZmpFzsZlFR5lOUoiL04jXgIjWK5idX5nNyIls5Jlsz5iUlpnUIJnl//+ZPc yZ3aKYvVKI/p+IndeZXnyYrwqIrXGReFaIdRWYxWiZ5m+Y1QqYzsyZVC6ZXmqI7nGYteWYhlKZ9O SYiJ2JUDyp/T2J/baZ7S2YmNCKFayYiI2JTmOJ8++KElUYQiOqIcAaImeqIomqJsQqIs2qIToaIc 6KJuA6PzJqMzSqM4mqM6uqODYaM++qNAGqRCOqRmw6PiRqRImqRKGjRG2qRO+qRQ6ipLOqVUWqWh E6VYmqXFYaVc2qVe6kBaGqZiOqZkWqZmeqaG8aVquqZsCm9oymBtyjRvCqdxOjRzeqd4WhZ1uqeD l6d++qeAGqiC6ht8WqjvNqjwZaiKum6IDdqojvqokBqpkjp1AQEAOw== ------=_NextPart_000_0008_01C71478.AC342CC0-- From ggbabgbe@castanes.com Thu Nov 30 10:29:34 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gpnqw-0000SW-Lo; Thu, 30 Nov 2006 10:29:34 -0500 Received: from 53533a9e.cable.casema.nl ([83.83.58.158] helo=SNNECCI) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gpnqs-0004zF-Aw; Thu, 30 Nov 2006 10:29:34 -0500 Date: Thu, 30 Nov 2006 15:29:29 -0060 From: Christmas gifts X-Mailer: The Bat! (v2.0 Beta/1) Educational Reply-To: ggbabgbe X-Priority: 3 (Normal) Message-ID: <18755988.20061130152929@castanes.com> To: ion-archive@lists.ietf.org Subject: Christmas gifts! MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.7 (+) X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f "There's one thing I'm not going to do, I'm not going to pull our troops of= f the battlefield before the mission is complete," he said in a speech sett= ing the stage for high-stakes meetings with the Iraqi prime minister later = this week. "We can accept nothing less than victory for our children and ou= r grandchildren.""Defeating them will require the full commitment of our al= liance," Bush said.In Riga to attend a NATO summit, Bush also enlist= ed renewed commitments from the NATO allies that have deployed 32,000 troop= s to Afghanistan. He said NATO commanders must have the resources an= d flexibility to do the job =97 an apparent reference to the fact that only= a handful of countries =97 primarily Canada, Britain, the United States an= d the Netherlands =97 are doing much of the heavy lifting in the dangerous = southern provinces against a resurgent Taliban.

LUXURY REPLICAS with warranty
25% off or Free Shipping

WATCHES =95 TIES =95 JEWELRY =95 HANDBAGS =95 AND MORE
~-~-~-~-~-~-~-~-~-~-~-~-
Rolex =95 Cartier =95 Bvlgari
Versace =95 Fendi =95 Armani
Chanel =95 Louis Vuitton =95 Hermes

Best gifts for Christm= as!

Recent U.S. elections added fuel to the argument from Democrats that U.S. s= oldiers need to come home. But Bush has resisted that, even while projectin= g the need for a different approach. From ievwukxc@telekom.at Thu Nov 30 13:48:49 2006 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gpqxl-00087a-Fh for ipsec-archive@lists.ietf.org; Thu, 30 Nov 2006 13:48:49 -0500 Received: from m1052p016.adsl.highway.telekom.at ([80.121.3.112]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gpqwy-0004EZ-P7 for ipsec-archive@lists.ietf.org; Thu, 30 Nov 2006 13:48:02 -0500 From: "office" To: ipsec-archive@lists.ietf.org Subject: jack email me Date: Thu, 30 Nov 2006 18:48:01 +0000 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0001_01C714B0.0FD14100" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AccUsA/R2cu39uZ7QpGxsZAqM6vQ1Q== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <4E3E7211849EF3E.44C573D3DF@telekom.at> X-Spam-Score: 4.6 (++++) X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32 ------=_NextPart_000_0001_01C714B0.0FD14100 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
BLNM Becomes Primary VOIP Agent For China Telcom and China Netcom!
Huge VOIP Contract gets Signed With Beijing Oriental Inc.

Company: Bralorne Mining Company
Sym: BLNM.OB
Price: $0.27

BLNM.OB is the primary VOIP agent for China's two largest telecoms, China Telcom and China Netcom. This is fast pushing them to become a major player in the worlds fastest growing telecommunications market.

Additionally, they have now signed contract to provide 3GenisIP service to Beijing Oriental which in turn exposes them to over 300 national and international clients of Beijing Oriental.

This company is growing in leaps and bounds. Read over all the news in the last week and grab BLNM first thing Thursday Morning.
------=_NextPart_000_0001_01C714B0.0FD14100-- From ipsec-bounces@ietf.org Thu Nov 30 16:50:51 2006 Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gptko-0003tl-14; Thu, 30 Nov 2006 16:47:38 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gptkn-0003qD-0W for ipsec@ietf.org; Thu, 30 Nov 2006 16:47:37 -0500 Received: from mexforward.lss.emc.com ([128.222.32.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gptkj-0005dX-NS for ipsec@ietf.org; Thu, 30 Nov 2006 16:47:36 -0500 Received: from mailhub.lss.emc.com (uraeus.lss.emc.com [10.254.144.14]) by mexforward.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id kAULlLTn025938; Thu, 30 Nov 2006 16:47:21 -0500 (EST) Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id kAULkwgN014868; Thu, 30 Nov 2006 16:47:20 -0500 (EST) From: Black_David@emc.com Received: from CORPUSMX20A.corp.emc.com ([128.221.62.11]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 30 Nov 2006 16:47:11 -0500 X-MIMEOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [Ipsec] FW: I-D ACTION:draft-friedman-ike-short-term-certs-00.txt Date: Thu, 30 Nov 2006 16:47:10 -0500 Message-ID: In-Reply-To: <0J9I004QA59AFAC0@mtaout4.barak.net.il> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Ipsec] FW: I-D ACTION:draft-friedman-ike-short-term-certs-00.txt Thread-Index: AccT2huFdNQqEhZZRu2qiDvP2FEs0gA7Qz/g To: , X-OriginalArrivalTime: 30 Nov 2006 21:47:11.0362 (UTC) FILETIME=[17341620:01C714C9] X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2006.11.30.131432 X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -2, NO_REAL_NAME 0, __C230066_P5 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' X-Spam-Score: 0.2 (/) X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca Cc: X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IP Security List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ipsec-bounces@ietf.org Arik, The Security Considerations section notes the dependence of the "short term" property on security gateway clocks, but doesn't seem to cover all the cases needed to prevent problems here - all it says is that: 1) If there are multiple security gateways 2) Then their clocks SHOULD be synchronized I think there is room for improvement in both aspects. 1) Gateway clocks have to be protected even if there's only a single gateway. If an attacker can roll a security gateway's clock back, the attacker has extended the validity of short term certificates, even if there's only one gateway. I suggest that all gateway clocks MUST be protected against rollback, and in addition, the time span of certificate validity (notBefore to notAfter) in short term certificates SHOULD be limited (limit TBD) to cap the benefit from a single clock rollback event. 2) The general "SHOULD" is a bit weak. As a strawman I'd suggest that if the STC_LIFETIME attribute is used (indicating a concern about problems caused by lack of clock synchronization with the client), then the security gateway clocks MUST be synchronized in some fashion - the current text that provides examples but does not require a specific method to be used is fine. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- > -----Original Message----- > From: Arik Friedman [mailto:arikf@cs.technion.ac.il]=20 > Sent: Wednesday, November 29, 2006 12:16 PM > To: ipsec@ietf.org > Subject: [Ipsec] FW: I-D=20 > ACTION:draft-friedman-ike-short-term-certs-00.txt >=20 > Hello,=20 >=20 > We would appreciate any comments you may have regarding this=20 > draft, either > privately or to the IPSec mailing list. >=20 > Thanks, > Arik Friedman. _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec