From shanna@juniper.net Fri Apr 6 13:37:47 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9029011E8099 for ; Fri, 6 Apr 2012 13:37:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 46GyZsU8Il89 for ; Fri, 6 Apr 2012 13:37:47 -0700 (PDT) Received: from exprod7og107.obsmtp.com (exprod7og107.obsmtp.com [64.18.2.167]) by ietfa.amsl.com (Postfix) with ESMTP id C118611E8098 for ; Fri, 6 Apr 2012 13:37:46 -0700 (PDT) Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob107.postini.com ([64.18.6.12]) with SMTP ID DSNKT39UGn6se2l0pcxXS7NbRMBCY/+3Sjzz@postini.com; Fri, 06 Apr 2012 13:37:46 PDT Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 6 Apr 2012 13:37:43 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Fri, 6 Apr 2012 16:37:42 -0400 From: Stephen Hanna To: "nea@ietf.org" Date: Fri, 6 Apr 2012 16:37:41 -0400 Thread-Topic: Verifying Consensus from NEA WG Meeting Thread-Index: Ac0UNR0HxtrjylAaQNy6RIOBmjczYw== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Nea] Verifying Consensus from NEA WG Meeting X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Apr 2012 20:37:47 -0000 At the NEA WG meeting at IETF 83 last week, there were several hums that showed clear consensus. I'd like to verify this consensus on the NEA WG email list. So please review the statements below and respond by sending email to the nea@ietf.org email list to indicate your agreement or disagreement with these statements. If you don't agree, some explanation would be useful. * In PT-EAP, normative language should be moved out of the Security Considerations section into a separate Security Requirements section. * The NEA Asokan Attack Analysis document should be adopted as a WG draft. Please respond within one week (by 2000 GMT on Friday, April 13) so that we can move forward promptly. Even if you hummed at the NEA WG F2F, please respond now. Thanks, Steve From shanna@juniper.net Fri Apr 6 13:38:24 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6E7111E809C for ; Fri, 6 Apr 2012 13:38:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j9qfinq5n0Bv for ; Fri, 6 Apr 2012 13:38:24 -0700 (PDT) Received: from exprod7og107.obsmtp.com (exprod7og107.obsmtp.com [64.18.2.167]) by ietfa.amsl.com (Postfix) with ESMTP id 9A80711E8098 for ; Fri, 6 Apr 2012 13:38:23 -0700 (PDT) Received: from P-EMHUB02-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob107.postini.com ([64.18.6.12]) with SMTP ID DSNKT39UP+839PMs4HSDsZ743DuCuK2FUVSL@postini.com; Fri, 06 Apr 2012 13:38:23 PDT Received: from P-CLDFE02-HQ.jnpr.net (172.24.192.60) by P-EMHUB02-HQ.jnpr.net (172.24.192.36) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 6 Apr 2012 13:38:06 -0700 Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by p-cldfe02-hq.jnpr.net (172.24.192.60) with Microsoft SMTP Server (TLS) id 14.1.355.2; Fri, 6 Apr 2012 13:38:05 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Fri, 6 Apr 2012 16:37:21 -0400 From: Stephen Hanna To: "nea@ietf.org" Date: Fri, 6 Apr 2012 16:37:19 -0400 Thread-Topic: NEA Minutes from IETF 83 Thread-Index: Ac0UNRALCWnktoOlRoye3mRN4QLBFA== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Nea] NEA Minutes from IETF 83 X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Apr 2012 20:38:25 -0000 Here are the draft minutes from the NEA WG session at IETF 83 last week. Please review and send any comments or corrections within the next week. Thanks to Kathleen Moriarty and Yoav Nir for taking minutes during the session. Any errors are surely mine. Thanks, Steve ------------ These notes do not attempt to duplicate the content of the slides. Instead, they summarize the material presented, and focus on comments and discussion. The meeting was chaired by Steve Hanna and Susan Thomson. Notes were taken by Kathleen Moriarty and Yoav Nir. Agenda =3D=3D=3D=3D=3D=3D Date: Wednesday, March 28, 2012 Time: 1300-1500 WG Charter: http://www.ietf.org/html.charters/nea-charter.html WG Tools: http://tools.ietf.org/wg/nea WG email: nea@ietf.org 1300 Administrivia Jabber & Minute scribes Agenda bashing 1305 WG Status NEA Reference Model 1315 Discuss and Resolve WGLC PT-TLS Comments http://www.ietf.org/internet-drafts/draft-ietf-nea-pt-tls-02.txt 1350 Discuss and Resolve WGLC PT-EAP Issues http://www.ietf.org/internet-drafts/draft-ietf-nea-pt-eap-01.txt 1425 Discuss next steps for NEA Asokan I-D http://tools.ietf.org/id/draft-salowey-nea-asokan-01.txt 1450 Next Steps 1500 Adjourn Administrivia =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Steve got Jabber and minute scribes and reviewed the Note Well. The agenda was bashed with no changes needed. Steve mentioned that our documents are almost complete. In fact, they should be complete and off to the IESG before the next IETF meeting. So this may well be the last NEA WG meeting! WG Status =3D=3D=3D=3D=3D=3D=3D=3D=3D Steve reviewed the NEA Reference Model and Use Cases, as described in RFC 5209. Since the last IETF, the PT-TLS I-D has been revised to a -02 version and gone through a second WGLC. A few new issues have been raised. Similarly, PT-EAP has been revised to a -01 and gone through a first WGLC. A few new issues have been raised. The NEA Asokan Attack Analysis has been brought up to date and a decision has been taken by the WG to not generalize it beyond since that territory is already covered well by the original Asokan paper. Discuss and Resolve WGLC PT-TLS Comments =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Paul Sangster gave an update on PT-TLS, including a quick overview of the protocol and a description of the changes made in the -02 version. The largest change was simplifying things so that the NEA Server always starts the SASL authentication. This avoids a possible race condition. Some clarifications were also made. Stephen Farrell suggested that it might be useful to support DANE as an option for TLS server authentication here in addition to X.509. At least, we should consider whether we want to support DANE since it is available. We agreed to take this offline and decide whether it makes sense to do so. Paul moved on to review the comments on PT-TLS received during the second WGLC. He included proposed resolutions for the comments. First, we should add a mention of PT-EAP in the introduction. Second, rephrase the text in sections 3.5 describing the Message Identifier field to clarify its purpose and add normative text in section 3.9 saying that the Copy of Original Message field MUST contain a copy (up to 1024 bytes) of the original PT-TLS message that caused the error. Third, add text in the description of the SASL Mechanisms message type to say when this message type can be sent. Susan asked if the NEA Server is always required to send a SASL Mechanisms TLV in the PT-TLS Negotiation phase. If not, the NEA Client may not know when that phase has ended. Paul said that the NEA Server always ends the PT-TLS Negotiation phase by sending a SASL Mechanisms TLV with no mechanisms in it. He will improve the text to make this clear. The plan is to make these changes and then send PT-TLS off to the IESG. There were no objections in the room. Discuss and Resolve WGLC PT-EAP Issues =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Nancy Cam-Winget gave a quick overview of PT-EAP. She did not review all the issues that were addressed by draft -01 but she listed them in the slides for reference. Instead, she focused on a few issues raised before draft -01 was published that have not been resolved yet and also a few issues that have been raised since the -01 draft was published. First, should we move all normative text out of the Security Considerations section into a separate section so it isn't ignored? After a bit of discussion, a hum showed unanimous agreement within the room that the normative language should move out of the Security Considerations section into a separate Security Requirements section. This will be confirmed on the list. Second, should we have one MTI EAP tunnel method in section 4.3 to ensure interoperability? Or at least mention that a standard tunnel method is coming (TEAP)? Joe Salowey said that the TEAP effort is a bit behind PT-EAP but accelerating. He suggested that we include an informative reference to TEAP. And if TEAP catches up with PT-EAP, we can make that normative. Stephen asked why we don't make EAP-FAST or EAP-TTLS mandatory. Nancy said they're Informational RFCs and there's a Standards Track RFC coming soon. We're happy with TEAP but we don't want to wait for it. Stephen suggested that we add a sentence explaining why we're not including a MTI tunnel method. And we can revise the document to add one later. Nancy explained that the other comments received on -00 are listed in the slides. They were all addressed in -01. Nancy reviewed all the comments received since -01 was published. Most of these were minor editorial issues. Nobody had any objections to Nancy's proposed resolutions. The only comment for which she requested feedback was Carolin Latze's comment that the tls-unique channel binding only works with TLS. We'll mention that. Discuss next steps for NEA Asokan I-D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Joe Salowey outlined the NEA Asokan attack and described how this attack can be thwarted with an EMA such as a TPM and the tls-unique channel binding. This is all covered in draft-salowey-nea-asokan-01.txt. Putting all of this in one document avoids the need to duplicate it in the PT-EAP and PT-TLS drafts. At the IETF 82, we agreed to have Joe and Steve research whether this document should be made broader to cover Asokan attacks outside of NEA. Their recommendation is to not do so. The original Asokan paper already does a good job of describing how the Asokan attack works in authentication and how to address it there. And some new attacks based on Asokan in the ABFAB domain have recently been discovered and discussed in the EMU WG. Those should be discussed separately since the impact and countermeasures are different. Since IETF 82, the NEA Asokan Attack Analysis draft has been updated to reflect the latest changes and choices in the NEA WG (selecting PT-EAP and using the tls-unique channel binding). It's ready to be adopted as a WG draft (as agreed at IETF 82) and then to enter WGLC. Hao Zhou asked which requirements for the EAP tunnel method are imposed by this draft. Joe answered that the requirement is that the EAP tunnel method must export the tls-unique value to PT-EAP. Hao says this should be listed more clearly in the PT-EAP tunnel method requirements. Not just that the tunnel method must support tls-unique but also that the method must export the tls-unique value to PT-EAP. Joe said that we should also state this in the TEAP to say that implementations should support exporting the tls-unique value. Joe explained that the plan is to post this as a WG draft then run a quick WGLC so that this can catch up with the other drafts. Then we'll send this to the IESG. Steve checked consensus on adopting this document as a WG draft. The hum was unanimous in favor. A show of hands indicated that eight people in the room have read the document. Next Steps for NEA WG =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D For PT-TLS, the PT-TLS I-D will be updated to reflect WGLC comments. Then it will go to the IESG for Standards Track. For PT-EAP, the editors will update the I-D. Then it will go to EMU WG for review. We'll handle any comments received from them. If a second WGLC is needed, there will be one. And then the document will go to IESG for Standards Track. For the NEA Asokan Attack Analysis, we'll publish an updated version as a WG draft. Then it will go through a WGLC. And finally it will be sent to IESG for Informational. Steve reviewed a draft timeline based on these plans. See the slides for details. We hope that by the end of May, all of our drafts should be with the IESG. The NEA WG will need to respond to IETF LC comments and IESG comments but we shouldn't need to meet again unless something surprising happens. Meeting adjourned. From Kent_Landfield@mcafee.com Fri Apr 6 15:09:04 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C472211E8099 for ; Fri, 6 Apr 2012 15:09:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.598 X-Spam-Level: X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id he0uqyYcsoY0 for ; Fri, 6 Apr 2012 15:09:04 -0700 (PDT) Received: from dalsmrelay2.nai.com (dalsmrelay2.nai.com [205.227.136.216]) by ietfa.amsl.com (Postfix) with ESMTP id 0842811E8098 for ; Fri, 6 Apr 2012 15:09:03 -0700 (PDT) Received: from DALEXHT1.corp.nai.org (unknown [10.64.5.51]) by dalsmrelay2.nai.com with smtp id 1fea_1c2a_6facdf18_0875_43ce_b24c_46f86505b22c; Fri, 06 Apr 2012 17:08:59 -0500 Received: from AMERDALEXMB1.corp.nai.org ([fe80::b534:4a0d:1289:2d2d]) by DALEXHT1.corp.nai.org ([::1]) with mapi; Fri, 6 Apr 2012 17:08:58 -0500 From: To: , Date: Fri, 6 Apr 2012 17:09:33 -0500 Thread-Topic: [Nea] Verifying Consensus from NEA WG Meeting Thread-Index: Ac0UQd15EarRWHJQS/W/dpH5eWxlRg== Message-ID: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.14.0.111121 acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_CBA4D2F93063Dkentlandfieldmcafeecom_" MIME-Version: 1.0 Subject: Re: [Nea] Verifying Consensus from NEA WG Meeting X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Apr 2012 22:09:04 -0000 --_000_CBA4D2F93063Dkentlandfieldmcafeecom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I agree with both items. There is a need for a separate Security Requireme= nts section in PT-EAP and the Asokan Attack document should be moved forwar= d as a WG draft. Kent Landfield Director Content Strategy, Architecture and Standards McAfee | An Intel Company 5000 Headquarters Dr. Plano, Texas 75024 Direct: +1.972.963.7096 Mobile: +1.817.637.8026 Web: www.mcafee.com From: Stephen Hanna > Date: Fri, 6 Apr 2012 15:37:41 -0500 To: "nea@ietf.org" > Subject: [Nea] Verifying Consensus from NEA WG Meeting At the NEA WG meeting at IETF 83 last week, there were several hums that showed clear consensus. I'd like to verify this consensus on the NEA WG email list. So please review the statements below and respond by sending email to the nea@ietf.org email list to indica= te your agreement or disagreement with these statements. If you don't agree, some explanation would be useful. * In PT-EAP, normative language should be moved out of the Security Considerations section into a separate Security Requirements section. * The NEA Asokan Attack Analysis document should be adopted as a WG draft. Please respond within one week (by 2000 GMT on Friday, April 13) so that we can move forward promptly. Even if you hummed at the NEA WG F2F, please respond now. Thanks, Steve _______________________________________________ Nea mailing list Nea@ietf.org https://www.ietf.org/mailman/listinfo/nea --_000_CBA4D2F93063Dkentlandfieldmcafeecom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
I ag= ree with both items.  There is a need for a separate Security Requirem= ents section in PT-EAP and the Asokan Attack document should be moved forwa= rd as a WG draft.

Kent Landfield
Director Content Strategy, A= rchitecture and Standards


5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096 
Mobile: +1.817.637.8026
Web: www.mcafee.com

From: Stephen Hanna <shanna@juniper.net>
Date: Fri, 6 Apr 2012 15:37:41 -0500
To: "nea@ietf.or= g" <nea@ietf.org>
Subject: [Nea] Verifying Consensus from NE= A WG Meeting

At the NEA WG meeting at IETF 83 last week, th= ere were
several hums that showed clear consensus. I'd like to
verify this consensus on the NEA WG email list. So
please= review the statements below and respond by
sending email to the = nea@ietf.org email list to indicate
your agreement or disagreement with these statements.
If y= ou don't agree, some explanation would be useful.

= * In PT-EAP, normative language should be moved out of
 &nbs= p;the Security Considerations section into a separate
  = ;Security Requirements section.

* The NEA Asokan A= ttack Analysis document should be
  adopted as a WG dra= ft.

Please respond within one week (by 2000 GMT on= Friday,
April 13) so that we can move forward promptly. Even
if you hummed at the NEA WG F2F, please respond now.

<= /div>
Thanks,

Steve

_= ______________________________________________
 --_000_CBA4D2F93063Dkentlandfieldmcafeecom_-- From blueroofmusic@gmail.com Sat Apr 7 14:02:43 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D4D521F8548 for ; Sat, 7 Apr 2012 14:02:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.098 X-Spam-Level: X-Spam-Status: No, score=-3.098 tagged_above=-999 required=5 tests=[AWL=0.500, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GMECE85PwYV7 for ; Sat, 7 Apr 2012 14:02:42 -0700 (PDT) Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0641021F8546 for ; Sat, 7 Apr 2012 14:02:41 -0700 (PDT) Received: by wgbdr13 with SMTP id dr13so2100956wgb.13 for ; Sat, 07 Apr 2012 14:02:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mzecj5zCBTBk/h39QhP0DNkLRrwSylIae/3uXWd9ZC0=; b=m6zgVwF1XitPDaZkPF5fAPuNWKtBh2CQ8XXxdoW+cYe3NeV39gC4itEYzptJQ5tmva 3fKnepn5SoYFD0vaxAqWGI+aYHQoVVc7ldD7d4IqHdhBTi1omnahbe3sbsu3NprwJWue ifToyzG6y9hS9uaVBA2ZTMGgMvEfpNeftAOleVxphhml1T9RU7kmPvFlC/z5DQhI5srF 8YmH0bGJNFidUdfRq/ZvEzyerU3n+4E3dSPCdBXz7mMW/bt+RM/NyP00U0o4vQaBOHrJ wTbl59sYgRjEA91WhML8HFBJBOZZPOCgadSkfhFpbQjDSNunfquHw+ILIPklLEU08HFk C0iw== MIME-Version: 1.0 Received: by 10.180.104.231 with SMTP id gh7mr5106107wib.10.1333832561107; Sat, 07 Apr 2012 14:02:41 -0700 (PDT) Received: by 10.223.143.18 with HTTP; Sat, 7 Apr 2012 14:02:41 -0700 (PDT) In-Reply-To: References: Date: Sat, 7 Apr 2012 17:02:41 -0400 Message-ID: From: Ira McDonald To: Stephen Hanna , Ira McDonald Content-Type: multipart/alternative; boundary=f46d044288bcfea23104bd1d17d8 Cc: "nea@ietf.org" Subject: Re: [Nea] Verifying Consensus from NEA WG Meeting X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Apr 2012 21:02:43 -0000 --f46d044288bcfea23104bd1d17d8 Content-Type: text/plain; charset=ISO-8859-1 Hi Steve, Yes - I agree with both of the following statements below. Cheers, - Ira Ira McDonald (Musician / Software Architect) Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG IPP WG Co-Chair - TCG Trusted Mobility Solutions WG Chair - TCG Embedded Systems Hardcopy SG IETF Designated Expert - IPP & Printer MIB Blue Roof Music/High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto:blueroofmusic@gmail.com Winter 579 Park Place Saline, MI 48176 734-944-0094 Summer PO Box 221 Grand Marais, MI 49839 906-494-2434 On Fri, Apr 6, 2012 at 4:37 PM, Stephen Hanna wrote: > At the NEA WG meeting at IETF 83 last week, there were > several hums that showed clear consensus. I'd like to > verify this consensus on the NEA WG email list. So > please review the statements below and respond by > sending email to the nea@ietf.org email list to indicate > your agreement or disagreement with these statements. > If you don't agree, some explanation would be useful. > > * In PT-EAP, normative language should be moved out of > the Security Considerations section into a separate > Security Requirements section. > > * The NEA Asokan Attack Analysis document should be > adopted as a WG draft. > > Please respond within one week (by 2000 GMT on Friday, > April 13) so that we can move forward promptly. Even > if you hummed at the NEA WG F2F, please respond now. > > Thanks, > > Steve > > _______________________________________________ > Nea mailing list > Nea@ietf.org > https://www.ietf.org/mailman/listinfo/nea > --f46d044288bcfea23104bd1d17d8 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi Steve,

Yes - I agree with both of the following statements below.=

Cheers,
- Ira

Ira McDonald (Musician / Soft= ware Architect)
Chair - Linux Foundation Open Printing WG
Secretary -= IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG IPP WG
Co-Chair - TCG Trusted Mobility Solution= s WG
Chair - TCG Embedded Systems Hardcopy SG
IETF Designated Expert = - IPP & Printer MIB
Blue Roof Music/High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthincmailto:bluer= oofmusic@gmail.com
Winter=A0 579 Park Place=A0 Saline, MI=A0 48176=A0 734-944-0094
Summer= =A0 PO Box 221=A0 Grand Marais, MI 49839=A0 906-494-2434



On Fri, Apr 6, 2012 at 4:37 PM, Stephen = Hanna <shanna@ju= niper.net> wrote:
At the NEA WG meeting at IETF 83 last week, there were
several hums that showed clear consensus. I'd like to
verify this consensus on the NEA WG email list. So
please review the statements below and respond by
sending email to the nea@ietf.org email= list to indicate
your agreement or disagreement with these statements.
If you don't agree, some explanation would be useful.

* In PT-EAP, normative language should be moved out of
=A0the Security Considerations section into a separate
=A0Security Requirements section.

* The NEA Asokan Attack Analysis document should be
=A0adopted as a WG draft.

Please respond within one week (by 2000 GMT on Friday,
April 13) so that we can move forward promptly. Even
if you hummed at the NEA WG F2F, please respond now.

Thanks,

Steve

_______________________________________________
Nea mailing list
Nea@ietf.org
htt= ps://www.ietf.org/mailman/listinfo/nea

--f46d044288bcfea23104bd1d17d8-- From shanna@juniper.net Fri Apr 13 13:02:07 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98C9621F84DA for ; Fri, 13 Apr 2012 13:02:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0qgjikqmcsVe for ; Fri, 13 Apr 2012 13:02:07 -0700 (PDT) Received: from exprod7og115.obsmtp.com (exprod7og115.obsmtp.com [64.18.2.217]) by ietfa.amsl.com (Postfix) with ESMTP id B943321F84D9 for ; Fri, 13 Apr 2012 13:02:06 -0700 (PDT) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob115.postini.com ([64.18.6.12]) with SMTP ID DSNKT4iGPkQq4V5KsXnRkd8nkGM44mKXV+az@postini.com; Fri, 13 Apr 2012 13:02:06 PDT Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 13 Apr 2012 13:01:44 -0700 Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by p-cldfe01-hq.jnpr.net (172.24.192.59) with Microsoft SMTP Server (TLS) id 14.1.355.2; Fri, 13 Apr 2012 13:01:43 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Fri, 13 Apr 2012 16:01:43 -0400 From: Stephen Hanna To: "nea@ietf.org" Date: Fri, 13 Apr 2012 16:01:41 -0400 Thread-Topic: Consensus Verified from NEA WG Meeting, Next Steps Thread-Index: Ac0UNR0HxtrjylAaQNy6RIOBmjczYwFef/BQ Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Nea] Consensus Verified from NEA WG Meeting, Next Steps X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2012 20:02:07 -0000 Since the consensus checks at the NEA WG meeting were unanimously in favor of the statements below with a good number of people participating and we have had a consensus check on the email list with several people in favor, I declare as NEA WG chair that there's clearly=20 a WG consensus in favor of these statements. Therefore, I'd like to ask the PT-EAP editors to submit a new version of that draft that moves normative language out of the Security Considerations section into a separate Security Requirements section and addresses the other WGLC comments received. This draft will be sent to EMU WG for review. I'd also like to ask the editors of the NEA Asokan Attack Analysis to submit that as a WG draft. This draft will then go into a WGLC. Please do these things promptly so that we can maintain our positive momentum. Thanks, Steve > -----Original Message----- > From: nea-bounces@ietf.org [mailto:nea-bounces@ietf.org] On Behalf Of > Stephen Hanna > Sent: Friday, April 06, 2012 4:38 PM > To: nea@ietf.org > Subject: [Nea] Verifying Consensus from NEA WG Meeting >=20 > At the NEA WG meeting at IETF 83 last week, there were > several hums that showed clear consensus. I'd like to > verify this consensus on the NEA WG email list. So > please review the statements below and respond by > sending email to the nea@ietf.org email list to indicate > your agreement or disagreement with these statements. > If you don't agree, some explanation would be useful. >=20 > * In PT-EAP, normative language should be moved out of > the Security Considerations section into a separate > Security Requirements section. >=20 > * The NEA Asokan Attack Analysis document should be > adopted as a WG draft. >=20 > Please respond within one week (by 2000 GMT on Friday, > April 13) so that we can move forward promptly. Even > if you hummed at the NEA WG F2F, please respond now. >=20 > Thanks, >=20 > Steve >=20 > _______________________________________________ > Nea mailing list > Nea@ietf.org > https://www.ietf.org/mailman/listinfo/nea From internet-drafts@ietf.org Thu Apr 26 12:18:48 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3E3521E810F; Thu, 26 Apr 2012 12:18:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.501 X-Spam-Level: X-Spam-Status: No, score=-102.501 tagged_above=-999 required=5 tests=[AWL=0.098, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IwhphIaRHyx5; Thu, 26 Apr 2012 12:18:48 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 470EE21E8050; Thu, 26 Apr 2012 12:18:48 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.01p1 Message-ID: <20120426191848.662.50919.idtracker@ietfa.amsl.com> Date: Thu, 26 Apr 2012 12:18:48 -0700 Cc: nea@ietf.org Subject: [Nea] I-D Action: draft-ietf-nea-pt-tls-03.txt X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2012 19:18:48 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Network Endpoint Assessment Working G= roup of the IETF. Title : PT-TLS: A TCP-based Posture Transport (PT) Protocol Author(s) : Paul Sangster Nancy Cam-Winget Joseph Salowey Filename : draft-ietf-nea-pt-tls-03.txt Pages : 43 Date : 2012-04-25 This document specifies PT-TLS, a TCP-based Posture Transport (PT) protocol. The PT-TLS protocol carries the Network Endpoint Assessment (NEA) message exchange under the protection of a Transport Layer Security (TLS) secured tunnel. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-nea-pt-tls-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-nea-pt-tls-03.txt The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-nea-pt-tls/ From internet-drafts@ietf.org Thu Apr 26 19:24:10 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8967121E80A5; Thu, 26 Apr 2012 19:24:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.5 X-Spam-Level: X-Spam-Status: No, score=-102.5 tagged_above=-999 required=5 tests=[AWL=0.099, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GrCcVhwtZpg0; Thu, 26 Apr 2012 19:24:10 -0700 (PDT) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25A5521E8053; Thu, 26 Apr 2012 19:24:10 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 4.02 Message-ID: <20120427022410.20513.24023.idtracker@ietfa.amsl.com> Date: Thu, 26 Apr 2012 19:24:10 -0700 Cc: nea@ietf.org Subject: [Nea] I-D Action: draft-ietf-nea-asokan-00.txt X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2012 02:24:10 -0000 A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Network Endpoint Assessment Working G= roup of the IETF. Title : NEA Asokan Attack Analysis Author(s) : Joseph Salowey Steve Hanna Filename : draft-ietf-nea-asokan-00.txt Pages : 8 Date : 2012-04-26 The Network Endpoint Assessment protocols are subject to a subtle forwarding attack that has become known as the NEA Asokan Attack. This document describes the attack and countermeasures that may be mounted. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-nea-asokan-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-nea-asokan-00.txt The IETF datatracker page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-nea-asokan/ From shanna@juniper.net Fri Apr 27 07:43:10 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B78721F86AD for ; Fri, 27 Apr 2012 07:43:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-O5CMjftgUA for ; Fri, 27 Apr 2012 07:43:09 -0700 (PDT) Received: from exprod7og122.obsmtp.com (exprod7og122.obsmtp.com [64.18.2.22]) by ietfa.amsl.com (Postfix) with ESMTP id 5F4E721F8684 for ; Fri, 27 Apr 2012 07:43:09 -0700 (PDT) Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob122.postini.com ([64.18.6.12]) with SMTP ID DSNKT5qwfP80S+Z+BoeX6GzPEhaNJQ2fFrgi@postini.com; Fri, 27 Apr 2012 07:43:09 PDT Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 27 Apr 2012 07:41:59 -0700 Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by p-cldfe01-hq.jnpr.net (172.24.192.59) with Microsoft SMTP Server (TLS) id 14.1.355.2; Fri, 27 Apr 2012 07:41:58 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Fri, 27 Apr 2012 10:41:58 -0400 From: Stephen Hanna To: "nea@ietf.org" Date: Fri, 27 Apr 2012 10:41:57 -0400 Thread-Topic: Next Steps for NEA Thread-Index: Ac0kg+V1jRzE6ajdSDCp9ed5KDzlZA== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Nea] Next Steps for NEA X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2012 14:43:10 -0000 I'm pleased to see that the editors of PT-TLS and the NEA Asokan Attack Analysis posted new versions of those drafts yesterday. Thanks to them. As previously agreed, the next step is to start a WGLC for the NEA Asokan Attack Analysis and to send PT-TLS to the IESG with a request to publish it as a Standards Track RFC. I'll do those two things now. The editors of PT-EAP should prepare a revised draft that reflects the comments received during the first WGLC, which have all been resolved. Please do this ASAP so that draft can be sent to the EMU WG for their review and feedback. Thanks, Steve From stephen.farrell@cs.tcd.ie Fri Apr 27 07:48:04 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C070F21F8664 for ; Fri, 27 Apr 2012 07:48:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rKB8ijSfZfjh for ; Fri, 27 Apr 2012 07:48:04 -0700 (PDT) Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id F0D6B21F8659 for ; Fri, 27 Apr 2012 07:48:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 66DE9153593; Fri, 27 Apr 2012 15:48:03 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1335538082; bh=/3oq8UOHRY9f+r yXmwFcgoNGRzvZ1nsy4IgfpEGP4cw=; b=Ebkmfzb81eRWljvHrTd/Mk0yiZaF92 DiBL4bPrLKkwntlEciIxCkCyVnkd4bG6gGZw0PJV3v6VR8lJckBczhrSuPan2uQk ZPfa6LwispFkc6IaC/c2HkLLEDVMWG4SROA+hdDLzvPo/TxC9EElAN2sbz5DAkAm Ghj8XWbRoq9avFkj9I7MfxR/Z0W0e5nF9Eqr0vRMl39mNofTu8blXDjM2PTeq38U o1NLiyVboVP6sXj/T0/xV4eo7NbRtHlIO5ju4RuV+wUIoBcvGzDkMAdv5b9XMa8Y ARZE7QtwJVbCkX4ZzzpnSw55uYHT0ILzKKQR258Avx9P3IfH0wljBYDQ== X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id 3dpNrnuvWZm3; Fri, 27 Apr 2012 15:48:02 +0100 (IST) Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id B7F92153592; Fri, 27 Apr 2012 15:48:02 +0100 (IST) Message-ID: <4F9AB1A4.6020801@cs.tcd.ie> Date: Fri, 27 Apr 2012 15:48:04 +0100 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120423 Thunderbird/12.0 MIME-Version: 1.0 To: Stephen Hanna References: In-Reply-To: X-Enigmail-Version: 1.4.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "nea@ietf.org" Subject: Re: [Nea] Next Steps for NEA X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2012 14:48:04 -0000 Question for you: what's your preference for the timing of IETF LC and IESG processing of PT-TLS and PT-EAP? One at a time or both together? Default for me is to do 'em as they come, but whatever you prefer is fine by me. I assume the timing for the Asokan one doesn't matter. S. On 04/27/2012 03:41 PM, Stephen Hanna wrote: > I'm pleased to see that the editors of PT-TLS and > the NEA Asokan Attack Analysis posted new versions > of those drafts yesterday. Thanks to them. > > As previously agreed, the next step is to start > a WGLC for the NEA Asokan Attack Analysis and > to send PT-TLS to the IESG with a request to > publish it as a Standards Track RFC. I'll do > those two things now. > > The editors of PT-EAP should prepare a revised > draft that reflects the comments received during > the first WGLC, which have all been resolved. > Please do this ASAP so that draft can be sent > to the EMU WG for their review and feedback. > > Thanks, > > Steve > > _______________________________________________ > Nea mailing list > Nea@ietf.org > https://www.ietf.org/mailman/listinfo/nea > > From shanna@juniper.net Fri Apr 27 07:59:01 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C9E721F86A0 for ; Fri, 27 Apr 2012 07:59:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8Va5f2nMsGp for ; Fri, 27 Apr 2012 07:59:00 -0700 (PDT) Received: from exprod7og104.obsmtp.com (exprod7og104.obsmtp.com [64.18.2.161]) by ietfa.amsl.com (Postfix) with ESMTP id 3CFBF21F85F8 for ; Fri, 27 Apr 2012 07:59:00 -0700 (PDT) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob104.postini.com ([64.18.6.12]) with SMTP ID DSNKT5q0M9iWjKkiSH2vFta6pfkoH8wNgscy@postini.com; Fri, 27 Apr 2012 07:59:00 PDT Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 27 Apr 2012 07:58:24 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Fri, 27 Apr 2012 10:58:24 -0400 From: Stephen Hanna To: "nea@ietf.org" Date: Fri, 27 Apr 2012 10:58:22 -0400 Thread-Topic: WGLC on NEA Asokan Attack Analysis Thread-Index: Ac0khjD3jLgYUZt1S0iAh5TzwhaWvA== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [Nea] WGLC on NEA Asokan Attack Analysis X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2012 14:59:01 -0000 As previously agreed, the NEA Asokan Attack Analysis has been changed into a NEA WG draft. This draft has received several years of discussion and review in our WG, dating back to its initial publication as draft-salowey-nea-asokan-00.txt back in October 2010. We agreed to make this document a WG draft because we found its analysis essential to describing the need for TLS channel bindings to prevent Asokan attacks. Both PT-TLS and PT-EAP contain informational but important references to this document. For those documents to be fully understood, it's essential for the NEA Asokan Attack Analysis to become an informational RFC. Therefore, I'd like to ask all active NEA WG participants to please review the latest draft of the NEA Asokan Attack Analysis and to send comments, corrections, or questions to the WG list. Please complete this Working Group Last Call review within two weeks (by 1600 GMT on Friday, May 11 - noon EDT or 9 AM PDT). If any substantive issues have been raised, we'll get those resolved. And if there's WG consensus to ask the IESG to advance the document to Informational RFC status, we'll do that. If you don't have any comments on the document but you agree that it should advance to Informational RFC status, you can just send an email in response to this one saying so. And if you think that it should not advance, please send an email saying that also. These emails will be useful in judging WG consensus. Here's a link to the draft for review: http://datatracker.ietf.org/doc/draft-ietf-nea-asokan/ At only eight pages in length (and really only four pages of content), I think you will find it an easy but interesting read. In any event, you should learn something. And something quite relevant to NEA. If you've already read the document before, a quick skim should help you confirm that you're comfortable with the latest version (or not). Your brief review and comment would be greatly appreciated. Thanks in advance for your help, Steve From shanna@juniper.net Fri Apr 27 09:03:21 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5D0A21F8643 for ; Fri, 27 Apr 2012 09:03:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfTLxuJ6tFLf for ; Fri, 27 Apr 2012 09:03:21 -0700 (PDT) Received: from exprod7og118.obsmtp.com (exprod7og118.obsmtp.com [64.18.2.8]) by ietfa.amsl.com (Postfix) with ESMTP id A3D7421F85D4 for ; Fri, 27 Apr 2012 09:03:18 -0700 (PDT) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob118.postini.com ([64.18.6.12]) with SMTP ID DSNKT5rDRScJwLeKfKSBHqTB8tCJPqluzYBO@postini.com; Fri, 27 Apr 2012 09:03:21 PDT Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Fri, 27 Apr 2012 09:02:10 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Fri, 27 Apr 2012 12:02:10 -0400 From: Stephen Hanna To: Stephen Farrell Date: Fri, 27 Apr 2012 12:02:08 -0400 Thread-Topic: [Nea] Next Steps for NEA Thread-Index: Ac0khMG0PkEttqSkSGa6LT1spr0Q3gAAYplg Message-ID: References: <4F9AB1A4.6020801@cs.tcd.ie> In-Reply-To: <4F9AB1A4.6020801@cs.tcd.ie> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "nea@ietf.org" Subject: Re: [Nea] Next Steps for NEA X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2012 16:03:21 -0000 Stephen Farrell wrote: > Question for you: what's your preference for the > timing of IETF LC and IESG processing of PT-TLS > and PT-EAP? >=20 > One at a time or both together? Default for > me is to do 'em as they come, but whatever you > prefer is fine by me. I think it's best to let those documents proceed separately. PT-EAP needs to go through EMU WG review before it will be ready. And I think this approach (PT-TLS proceeding without waiting for PT-EAP) reflects the WG consensus. Certainly, it's what we discussed at IETF 83. And it's reflected in our newly updated milestones at http://datatracker.ietf.org/wg/nea/charter Since you're OK with this approach, let's use it. And I agree that the Asokan draft can also proceed on its own. No dependencies there. Thanks, Steve > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Sent: Friday, April 27, 2012 10:48 AM > To: Stephen Hanna > Cc: nea@ietf.org > Subject: Re: [Nea] Next Steps for NEA >=20 >=20 > Question for you: what's your preference for the > timing of IETF LC and IESG processing of PT-TLS > and PT-EAP? >=20 > One at a time or both together? Default for > me is to do 'em as they come, but whatever you > prefer is fine by me. >=20 > I assume the timing for the Asokan one doesn't > matter. >=20 > S. >=20 > On 04/27/2012 03:41 PM, Stephen Hanna wrote: > > I'm pleased to see that the editors of PT-TLS and > > the NEA Asokan Attack Analysis posted new versions > > of those drafts yesterday. Thanks to them. > > > > As previously agreed, the next step is to start > > a WGLC for the NEA Asokan Attack Analysis and > > to send PT-TLS to the IESG with a request to > > publish it as a Standards Track RFC. I'll do > > those two things now. > > > > The editors of PT-EAP should prepare a revised > > draft that reflects the comments received during > > the first WGLC, which have all been resolved. > > Please do this ASAP so that draft can be sent > > to the EMU WG for their review and feedback. > > > > Thanks, > > > > Steve > > > > _______________________________________________ > > Nea mailing list > > Nea@ietf.org > > https://www.ietf.org/mailman/listinfo/nea > > > > From cliffordk@juniper.net Sat Apr 28 20:37:33 2012 Return-Path: X-Original-To: nea@ietfa.amsl.com Delivered-To: nea@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FC5021F855F for ; Sat, 28 Apr 2012 20:37:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.598 X-Spam-Level: X-Spam-Status: No, score=-5.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, EXTRA_MPART_TYPE=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id alxVd17Zmu6l for ; Sat, 28 Apr 2012 20:37:31 -0700 (PDT) Received: from exprod7og112.obsmtp.com (exprod7og112.obsmtp.com [64.18.2.177]) by ietfa.amsl.com (Postfix) with ESMTP id 3A9D321F8555 for ; Sat, 28 Apr 2012 20:37:31 -0700 (PDT) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob112.postini.com ([64.18.6.12]) with SMTP ID DSNKT5y3eoNP+rB54HQCFTXJNhjJbei208RX@postini.com; Sat, 28 Apr 2012 20:37:31 PDT Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Sat, 28 Apr 2012 20:36:12 -0700 Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by p-cldfe01-hq.jnpr.net (172.24.192.59) with Microsoft SMTP Server (TLS) id 14.1.355.2; Sat, 28 Apr 2012 20:36:12 -0700 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Sat, 28 Apr 2012 23:36:11 -0400 From: Clifford Kahn To: "nea@ietf.org" Date: Sat, 28 Apr 2012 23:36:07 -0400 Thread-Topic: Review comments on Asokan Attack Analysis Thread-Index: Ac0luTadzWH/7W8CTAqOcgh8uNX3hg== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/related; boundary="_004_CBE35EDBE4727C4BAD013A73D993FE6B04B2870CA605EMBX01WFjnp_"; type="multipart/alternative" MIME-Version: 1.0 X-Mailman-Approved-At: Sun, 29 Apr 2012 02:48:11 -0700 Subject: [Nea] Review comments on Asokan Attack Analysis X-BeenThere: nea@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Network Endpoint Assessment discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Apr 2012 03:39:27 -0000 --_004_CBE35EDBE4727C4BAD013A73D993FE6B04B2870CA605EMBX01WFjnp_ Content-Type: multipart/alternative; boundary="_000_CBE35EDBE4727C4BAD013A73D993FE6B04B2870CA605EMBX01WFjnp_" --_000_CBE35EDBE4727C4BAD013A73D993FE6B04B2870CA605EMBX01WFjnp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello. I reviewed the latest version of the NEA Asokan Attack Analysis at = http://datatracker.ietf.org/doc/draft-ietf-nea-asokan/. I found it strong right up to the conclusions, but them I found unclear. =D8 The recommendations for addressing the NEA Asokan Attack are as follow= s: To whom are these recommendations? To implementers, or to writers of specs= ? =D8 1. Make use of cryptographic binding, however binding identities of th= e tunnel endpoints in the EMA may be useful. The "however" is confusing. I think it means that one should make use of c= ryptographic binding, and that in addition binding identities of the tunnel= endpoints in the EMA may be useful. Whether I got it right or not, please= consider rephrasing. =D8 2. Use the same mechanism in L2 and L3 PT transports that make use of = TLS (e.g. PT-TLS and PT-EAP). I take it that "the same mechanism" refers to the two mechanisms in recomme= ndation 1. But will others take it that way? Doesn't recommendation 1 entail recommendation 2? Why is 2 here? Since 2 = is here, I take it that 1 must have in mind transports other than the ones = 2 mentions. But 1 doesn't say what transports it has in mind - or I don't = understand. =D8 3. Neither TLS endpoint can be in sole control of the TLS pre-master s= ecret. This is not strictly necessary when tls-unique channel binding valu= es are used. I'm a bit confused by the double negative. The first sentence is a negativ= e, and the second negates that negative. I think it means that when TLS-unique channel binding values are used, it's= kind of OK for one TLS endpoint to be in sole control of the TLS pre-maste= r secret. Whether I got it right or not, please consider rephrasing. I hope that helps. Thanks for this important work. Clifford Kahn Clifford Kahn Pulse BU 1-978-589-0252 (or x20252) [cid:image001.png@01CD2597.1DABF330] --_000_CBE35EDBE4727C4BAD013A73D993FE6B04B2870CA605EMBX01WFjnp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello.=A0 I revi= ewed the latest version of the NEA Asokan Attack Analysis at http://datatracker.iet= f.org/doc/draft-ietf-nea-asokan/.=A0

 

I found it strong right up to t= he conclusions, but them I found unclear.

 

=D8  The recommendation= s for addressing the NEA Asokan Attack are as follows:

 

To whom are these = recommendations?  To implementers, or to writers of specs?   = ;

 

=D8  <= /span>1. Make use of cryptographic binding, however binding ident= ities of the tunnel endpoints in the EMA may be useful.

 

The “howeve= r” is confusing.  I think it means that one should make use of c= ryptographic binding, and that in addition binding identities of the tunnel= endpoints in the EMA may be useful.  Whether I got it right or not, p= lease consider rephrasing.

 <= /o:p>

<= span style=3D'mso-list:Ignore'>=D8  2. Use the same mechanism in L2 a= nd L3 PT transports that make use of TLS (e.g. PT-TLS and PT-EAP).

 

I take= it that “the same mechanism” refers to the two mechanisms in r= ecommendation 1.  But will others take it that way?  <= /p>

 

DoesnR= 17;t recommendation 1 entail recommendation 2?  Why is 2 here?  S= ince 2 is here, I take it that 1 must have in mind transports other than th= e ones 2 mentions.  But 1 doesn’t say what transports it has in = mind – or I don’t understand.

 

=D8  3. Neither TLS end= point can be in sole control of the TLS pre-master secret.  This is no= t strictly necessary when tls-unique channel binding values are used.<= /o:p>

 

I&#= 8217;m a bit confused by the double negative.  The first sentence is a= negative, and the second negates that negative. 

 

I think it means = that when TLS-unique channel binding values are used, it’s kind of OK= for one TLS endpoint to be in sole control of the TLS pre-master secret. W= hether I got it right or not, please consider rephrasing.

 

I hope that= helps.

 

Thanks for this important work.

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Cl= ifford Kahn

 

Clifford Kahn

Pulse BU

1-978= -589-0252    (or x20252)

 

=

 

 <= /o:p>

= --_000_CBE35EDBE4727C4BAD013A73D993FE6B04B2870CA605EMBX01WFjnp_-- --_004_CBE35EDBE4727C4BAD013A73D993FE6B04B2870CA605EMBX01WFjnp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=7114; creation-date="Sun, 29 Apr 2012 03:36:09 GMT"; modification-date="Sun, 29 Apr 2012 03:36:09 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAJQAAAAqCAIAAADanuWGAAAAAXNSR0IArs4c6QAAG4RJREFUeF7V XAl8FeW1n5m7kgQSQDZJQhIIhgQCJhAIURaVaMEqQlsUAQXRVrv8CvSn7z19r1rhVRQhQOjrUwtV IYRVKUgVqyBbIEJlyQYGQkJk35KQ5N47d2be/3xn7hAjN9zw6o92fnGcO/PN+c539nO+M8iGYUhB DjySZdl6yD+v3TQkQ9dlm6JqfrvNfm1cMHCSpKl+m91ObymKJEsApcsSXeEAcCCC6cR9HIqiaJom 6YZitxEaPB0NkE0IYiKD39Z1jMcFXrHZbHSW6ScOXSJQfA2wfl1z2Ox8zWuxFsXvWkDMdRiSrmlY JubVdM2m2PATZ56XV229KOaQND8tE8MUAe0atjQfwMgYz48IN0nGWcYyBZJNaa6L9TILVFV1OBxi PYCn8+vEDBPL6/1v+/btn3/+OZ7cc889w4YNY+hfFn5ZsHs3gA4ZMiRjyGC8j+lt5kKuA4URIs45 7FjbwpwcDIqJiRn3o/E8t+pXQVCTeYZxtf7qlk+2FOwpqK46WXrkSG1NDSEqy6As8O7atWtMdPTQ rKyMjIzBQ4aAp/zUYjmvs3Bv4c4dO+x2+7jx46NjohmH6pPVGzZ86PP6QCm7w675NZYSYqrf73K7 vB4voDmdTpzT0tJcTmd6erqkKKCYoUAcSG7wCJdgA3hJdwwDiDEEzLt+7TpgXnT48JEjR5lcwMHr 9WJM9+7d+/XtOyo7+4cPP0SvaDoIogn+gT8Wq1gUdL/W0NhQULBn7549xUVFoENdbS3GYAoMANjj FRUtMQ8jXhEHkPitOLB+vJ+7aHFOTg6ezpgx4+c//7kClgRk8LusY+HgF0mZVP8dd9yB6YdmZq7I XwnUiRYCeyzmSk3NktzcpUuXMkVY6EAUvIjXcYAQOLtdLp+qYkCHDh1enT373vvuJSBCcpkEOC9Z nAskMea9994bMjSTmbRnz56Jjz4GIEAAY3gKwMeLuIkLS9JZGnDHabePvPfeadOmAci11YGZTRSa NElRFi9c9M4779TV1TEv+eBX8JRmkmVV0yBbnTt3fm3u3FGjRtGzgKXhYSR5wjAsWmRCA2I+n495 xnLGMlFx4gSNu+7BtLbMJq+KbzIzTJyE7OA6mObxSFoHyIVhgnDMDIKjG2RCgZAsQ7KmTJ5cWlyM CWAWQDhQoVfvxNs6dNRBeggjrKiinKquLi8vtwsbcunSpWeefvqxiRNnz5nNnGMNY/Ix450uF9kq xbTrdkwNyMBAUfyqqtjtGA8CGZoGPmG8XUyNl3ETTyHk27Ztg/l5ZNwjEN+w8HAihNBCwGctqa2p nTZt6oGvDlhkgVT17NUrK2uo6gO/NIAqLSkpKyurPnnS4XbX1dQA7R/9+EdzX5vLToFlCwrqcrpq amqee+65woICQkxg63Y6eyclRbVrh+WBAmSo7A6YnKDMYyYzUJP6AQsDbHg+0ydhFU1cYzNRsICQ iSB5p9XSu4LlQvLodTx69tlny0pKwFIAHzRkyBNPTMkelc32nd0GaA2e4fr8+fObN2+GmJ85cwbo rczLS0hImD59Ohsioqnqx4swel4IrdfLr7OBZfl7eNwj48eNN6kGbqkqsRzMwxRCuUFoEPHIkSNb tmxhNV2/bn3NlZq33n4bGAM+iM7mATchc4cOHcI1IP9kwoTHJ05M6dcXc6nQGGGB6RC+s7S09L/n zCncuxcc+3Dd+v79Uic9McUiMjiHMTkLc2AqQQU/7FNW1vhx47Lvz3a5XA6HE1LOGs8yavptS82b Xbz88ss8NS6sR/PnvRnfI65XXHzO/AXwBWRe+H9BDrbROEgzNB3v4m/iYxNVr48lAOddO3b2jE9I jE/oldAzP28l4NFTQIWBgmfSyYJZQPgamvqbWbN6J/TEW/1S+uKnOYWYCEYMAONie+zeuYvhYOo9 uwuAds8ecSbmAOtTTawDE4ExPJjPJ6tOPv3U9ITYHngL765bs5ZnZy3HGTgk9uyFufqn9i/YtZvv E03EMPPsU2kVDFM3QMCEuHhAY7R5DM+L6UAcoI2/f3v+BbqJtwIvmtQOIGCGYd+1nIxE0/sW9VnE 2Ioy882I8Xr2l4HwuyQsAR2FNYAaWSZ048aNxEZNG/vI2AmPPQrptjsdtFYEaxBaWeJohZWe54EF gx3r1KUL7ngbGz/a9BEWiWssGLPAedAUdgTCpItkcmGFRCBq2hIgj1jXboMNAIqIPkRISXdIRxVY dB3n7rffDm37wejRvOply5ZRNKuSd8SivtxbuG7tOlbNFcuXD8kkv8jumYfxXLAHBBymW0TNM2bO /MEDD3h8vsbGxvz8VRy8kD7pOgw00VNRBg3O+P3c1xAWUViryDCVRAqgFPBZZLyvR3C6Z1lLU+kF D5hnxDbBfApeBSlbzhPYw5nONpBvwJ2AaMwSADx46JBwQ8ovf/lLIiXCF6CNF0FNUEHICLl9TgMC PAD/Zs6cCQgQ3n3799F4UA32GfmAw0FxPx6pKmEuYmtYUfhDmFRag42MD+cqfomMM3MRmQ+ZcTE7 nTFM11/6z5ego5gFhr2qspJjNBxr1q7h7OIXv/hFSt++lPCIgxdLPAuImrUoek2Wnn3uOVhCANzw 4YeWWOOVv37yCUN+evrTwIQ8vSwhvSEfL+AyHVi5gzLP4rDFXRMPiCSldyJNEZpHMhhMBAhP4iwJ F4uMImJrwX5mPH7ifllpKc7RMTGxPXrgLsIf/PGFeQ5QgYnFZywjY/BgMMPmcCCvsGTOjmxMWA5Y ZB5JWAitwoIxO+NLHBTwHcgDAnNR0tJkXuZfp06df/DgGFqyJMEdsr3BslntwsPDn/npM5psIHWw 6GaxzZxLRGeYjk1RcnIych7gX1RUxKkeo3f58mUSOlkelT3KwgTLEeiLP9YWFpHgZP9+n5DmCfYD VZg4ivcMI7p799bOilc4kSo/dgzZMb/Ooew/8IDtRfTIABHrMvkKCwuZE2PGjGkTFgYetOA+2Pbw mayuomQOzWQd3bt3r8VpBKWA2T06OhTkbxnzYMRZa8G5QwcP4Qx0EV+FgvS3xohEDSS4cOECuzdL 9oOBaubLW54R/KCgWhyQEpwR/bNXKygowB0sYdCgQaQIolgRDBq7IWYScVHTorsThwDnypUruM+z EGvpUUhCfMuYR5mKYB6ck8frYW/aas7hBSH7qInw4pmsLYFCDBQ4QuEi1a4svyXCLvbNOKq/qYbG w/5HR0cj8aMSUove37QHMJDCe6PGBATAfiQklgXChcvtDlGIbxnzsGaKCATF3S43kPaKNK7V/BOW hxNhS+1uyJUbDrDQIGPIZYSA8sFCsqJUVlWFh4VBbjIGDQJXqZ4Z3FxzoIEIADrHNTb4PMBh34xo E3e4eun1eBAVh0KHW8Y8Ro4cns+HP1wjC6WAvpUH6YJIIawQ5iY1OMi8nAzB3qHIggsk/ampqaRk gr4eVAAMYyFqWYsWoWaLwuHCBTnX/UPeuShn4ZIluYsXL87NzV20cOEHH36A6AXIo8rKtQW6Rm6D eDg0Otwy5kEMOYinGoSZgNyM2SS9ECaXki2Rb7E1bqUMBB3OMQhqIgcOHMBE3bp1S7vzTqY1RarC Zy/KyVm8cOEfcnMXBj/AszdxzHtz/vz5KLouWLBg7arVFO7abA31DYAGOIAP4YD5YQd5wyOkQTeE chMDYPTZ0LGpwRqQtIIJrQYlonYuuQEm50ChAOFhoQxG6fLVV19FWgb5uHvY3WzbOW/DdKwrZPlE qSjY1FQ1FRE1n0F32FuurQAy20yQAmfYoRDp0GrmMX4c41qIthBl8RiqegT4xNafSx58jT0qsntw AKHR/VsEEhVnfp3uo9LdYt6pKzInf1SOoSRPvBWQGVZcZirj/MHadWMfeqikqAiPwiIiUEOg2qao e0DzqCZkGMvz8vCXt2rV8vy8vPyV1/1buSp/xco8PmPAilX5765Ynrd6FX5i04p8P6o68IicUYRG h6CF6RaE17RRXJjm2LeFKEs4DCoOiYP1jAjUdO9RmE1oYogSF4piBRuDOj2S+l07dzKZEC6y7eLx xHjhh/bt3w9cDxcVNdbXc/gKtX7xxRdRQ6Cil4NiE0dAY7DnZxbEW9zXvC5KjAbRRMQsIRpMBtVq zePlWeFyiHRknKwzRVlIqIXFs5iKZYToqEOc9LrDOLSBD8tFADF//v+IY8mSJeytEHdQNLFoEer6 uwsK6uvr2YNGREbCUaHoSiaatpRFjUrEFw319Vac2ZIQB0Ga7TxH3bQ7Fsh2Qlljq5kHoFzbNaVV UL8Fs2lZIQ7bLFyJkU023pi1IYbIoSws2BjUtBgNpjgkkawBdvjE5hlRERmLkDKUqfB0UEbG6/Pm ffHFF2MefNCyHBwQYccfoBBwVVVVhu5rmyHGak0VsQDnMCBEOrSaeVgde1quiTBvWpA4xonMjojN LK21UiJ6JKp0FC6GZuv/P8yDswKhx44ft3TZsjVr1+bDUcFd5cMVrcTFytWr8/G3Zs0HGzYcRR2s omJFHvmkiPBw3vJmkWV3OHLESCb9mdNnaO/mppBna0S+VvwRjUKO2lrNPGAfHx+PoIg3LbmQ3xI1 hW20XN3Z06dFYkYOA/wXD839ChKCkPG+af5xOI7SVObQoekDB6alpw8ePBjVbfwNHDhw0MCBuOif mkpbBKLTiXeI2KVZZMVNLAGFFab7Xz/5GAMo0AheHmsZYc52QEyW7xDdR6uZBxHr2qULNA+KcvLk tUJ+UOSEKLF84QLizBayd2IiYm7GFXXOG0jATfPqOy8iOMT0pEAyWXtrmw1iTx0J2ABCe4GTmgxw Bz95686yMQyP9QNsZvex7bPPrTC1tZiy+JqHEGtA/r7MJkSsU5fOLCkVJyqsQn5QpAO6xVJZWVnJ iLZt29bcyBXrxxF6iNxaAjUdT20E2IANVIE5XaPtKuqToGtSOOgTcgixn4fA0urYsFjIr6MprU+f PiD3icpK7DCwa2gtbiwHptpZAUtoFrglzQOKlqHgHTLCTDdiY3tERkb6/P6DBw7uR0iN9aKfgBI3 sSXd7Ez1PLG3KSrCSHVIcm22Psl9qImRt5bFDji1ndzEVg568kTQjKCQjZjo7CRMeWPUtNgiEGf8 OSgnWQLmhrllyLtlvL33rX3EQG8Vk4LPvIeMi0mTJjHl//35Fy5fugxooIO178pbytZPMWGT7Sqx cNNTMsKcR4XsO4Iyz6oWMsbACWczsTOM4cOHoyaLiV9+5ZXaK1cwAty1Nk5pi1z4d9p7FH4YF1Cs d95+51h5OVYeHhGRff/9RAghYtgyxrWVbLVOeNmmMZ9EMysZAxHfM33JYjcpmLGKm5QKucjyXZQA BznihEcfRcEM1yhSow0JPUugg7leIRYWTZgUwJW4ZUh498/Llt0zcmRZaRmAU6UQSAp7ZknGDekQ lHlNQQBi+8goE65IzGfOmnW1vp472h6fNAk9uNQd5ScDQy1+4oLOolUV8ogWK5Rl58yejWABsfj0 p55iiWNb6na6uLJ3Q3SvO4DcGCcwos+MdvUCWmLKNVSRW75kCq+AA5l9kauIxCGkclqzqYEwyloQ zHnz5rGjKikpGTN6NHqQKHhmrYKKs7qRxoEipPTotkaWiS6H2b/7HToqZs74NSCTlw2gwZlYKKQI WmFhzQNE7kZNTklhcFaghZT2hRdewNPi4uLJkyfD+iNsS0xM7NWzJ4IZr+oLd7fBBfpcsV+1c+fO q7W1ThTuVDUlNfXJqU+yZpjpkYhoOPe4iYOViXtnuZGexCKwc00TIRiBZ0VZBDGILLvdbqzL6/OC +mZ5rPWzUhFStGajGfeNN96YNWsWMqhz587BkMbGxNx7330ZgzOiIqO6dusKL4OWZ09j48XLl9DH /fHHH6P11KLtgz/8IZOaYiVNB4nQaBMiOkGZx9CPHzvOFdWw8DCzXz2w2ztu3DjMgZZAtEBhTDEa vEtLWQZxRqsrzBd7TcABNCpGNDaiZ/4Pf/xjRHgEW2Mri2BfcjP7ecIQcSMF6R9a0ANdUmQbRXGO QqFAmzom8nho75fLwZaMWt49RMIBshWeoG+/T3Iy+Ac7hGT/m+rqPy9d+v6772K9ERERtD/XpB2b A1REDMNHjHjh+eeTkvvgJ8sB9BRNToRSaPuaQdWT2bBr9y4WaqQ+nOswuUmvFfnhhx/+8ssvf/az nwF1bi6GwabeJEXBRhdahYEEMEMkEtm+fdbwYRs3bXrv/fcR7ABIU74iVWBDwZtErT0YVXpLJOAs E6zKOHM8zPeheVxkwCscMfJxE5aTnEhgEw4QEH9t2rgRTYL4FAGLBW9ADXebNtyvhmvqv6ZEUEJ/ yhNTp6JpGH34KSkp7J5YVegsmhxVL30yccMj6LcKWBsqD1OmTAEINJWWHiG/asUUVjhDgaKgO3x1 +dGjZ86ePX78OLDhzzjatWuHLxM6duzY+447iEbCwXB4Bi/g1/zcl08awJ+htP6wEABwyxQTwIDZ Z17SvCKJ5k4FRsOcusV2/WB8Nb9vEpCtKgkvDLJYcbwCnSnwgugG46fYN0dxIzklOTwsnPcvWQf4 GysOqSysmqLXEkl4Yd89UM2DyjOh0dvKSagI5ulg1aELbi6mS5Jl3OceZL6ms+hEtl7EcDQGW+em ABl+MHyC3g8gYA0wEQtgcg0xICI0z5oIj2BUGJ9gxzXMv33Fb1mksNbLF4iJrLXwHaaDeS2IwH8A Av41nd3qDb8hKcyOHWscpgTbnnzySWY4RAN911ZL9s0Q94YofE8DIDZ+D9HX76G6oy42CAyP4a/F BcimQcaEUNFNw4f/DG+DgZtig9QrXsHPRvyn0ggeR081w2doPvz2qrpW69dx2wM24KbhwzsABkbV U/O6SmAxkRAagPYQC0moEfGKbwS8DbgNIBDzOnoAGKqAgLvX2vuvqcq3aUV9c9nZ2brYo7p44eKh w4cwwDIp7du3x6dy6QPTTT/XerN2q97Ysq1w49+P/vZXE25THF5FsqmNz76+bMm/PXfi7NVX3v8g zF/ntbtJOnXHTyeNyV/2/llneITNUytHufw1LhvoHzbj2Ym5S1e99esp/CHlp/tL9x4+/OKUn1D5 xab9aVNhny5hAwbduWlnUWHhvkse8tZt2nQYktpj4siBNrlh3Y4jH+8oqLM5w1DBsNn6J3SZeN/w zlGOnPzPHsjol9QzutGQ/7Jla/E5z0uPPnD+Su3C1Z9drrmoy+5G3dYrtv2cSdmUJQbCZiZjU9aY v/E/DtWapRfQv/LyY5YNhD20tP570pZ/INgPtx+csGD1vNWbSCfogxbPT2avgG4UHT83d8XfhBEj sw6lhJ6Qfojd/Klz3iL1wkrJGqsvLvjjV6XlpFte9T/e2zzx1bev1KDjyAeYT81ff+pS3davTsx6 cxlg0lu6UVJ1atbiFat2HPYZvg92lwEHD6bU/Q2N3tfX7Xhn405cv7x8G1N1599LMNhTfwG2YV7e R2+u20Maq+uV564UlVc1NXKWz2pGf/NjIU6SoqKiRtw9DDxDIIQJ8FFFfHwcpmGmUq94aMnjrdK2 pvPCuo3pF3/6bM3n+8ocVNjA53dO6landncvWtO9NvTbexDvO2TVKapYCKC9Njd9vMtZu2ZDNLi/ /Ay22i5fras9fzE9ud+u0mN48tXX1WFOBWq0dW/B2PuG9Y7r5KR9Qa1XTJfJ94zYUXjALqEZlWyz C8mLYTjdjpgOHS/Wkhlvg0+3XFHbDlSu/Gz3ryaMkcI6IlRr19bZKRKfJeg+qTa2U1hyXGdkOPSV TaDphMW6Gf0p7jE/MdI0fPe2dfsXb731FpLuhIT4Znra2kzo1rIQn+VEOY2pY7PX/3VH1eUaCV+e yA2SHemU7eszta8t3/zm8k/mrNi6KH/zVcOBkohN8Yqv4iW/1yc5DU1GvcqTNaDf378+A93Zd/xM Uo9OaQld9xThQwWl8OipQUndFcN3+rK3822d6VsQ9LPYEM0qfZNur/c0ypK3g1R3pbahuLqmtOL0 N5VVx6qP94zuIEuNEJ2/Hfx66SefRSendesUBq47fPqo1PS9Xx387Z8++lP+gU/3ldfWy/i8E/gw 83Aw8ZuVgszuBP4YiUcgW2Tbyt2JzHMSRLED+a9yKJJXs7dLuv22kSOH/uEv22vFNyBelBvVxphO bR+9a/CPR2SOzUwdn5UZrnsl7KDRzoLsMNz4whFZGWqAkqNN1w6RNqf98JHqHQfLBiTEDk6JrTh/ 6vSVxuKj1Zl942U5zK/73A7NqdfZda+iX3Uh7FB0VfF5JVed4iipPLv2i+K83UX/lbe9c5RrdOYA WXF7NGPfwUOT7828UHbw4NdnVI1kJS66/Wuznnoie2C/uPZHK6tm5L5bceIb4hmbOtS3Bf+a1e3N JN3abOQaFXMRN5ltfLZ+/kvwz2fYUUXFOsbfldLG3W7Vp1uRL6PoqTqosBIdd1uP6KikhM7dYtvj G2fxL05QFqj6ayTZSzkcTJ5sOG0SNGxXcfmx0xf79uzZxiEPSey1adcet1OO79JBk5WYjm1LzjXo SgTKE5Lh1GwRxWUVUc5IbC85Zf+I1JiXHh/2m0nDIhy+4QPS2iD5VGW/HDFhZOaotMRJo+9+d+MX vkafJtl9hhRhSEm3d7sro+8T4+7PSk0+UfmN79sVCzClmdcS9XWuEQu2stpZ7GEucgUSA/6FLCfM Zhuj0Sf7bT7PM6PT9399AV8521SzquLSJZdm2FQdF+jCpPqxMCsOmwtiDr45JXzaie1af1pcl92l J/ulpYe1xQfKav/ExD3l3wxIirVJflS7szP6r/l0y4kTFw2Zvs0sq7iQv6skKy0dm7kebDBLLptf bi/Jo0fe878btuHfELHZqW4ZG93Rq9hTkhBRJL67ZTdM7tq/bS0/f1GVGmTFo/s0qGx4ZFungzwx clFWPlS5m+3UmxvczCHmWTMO8U/B9pBK3f8kegnNgfI5dUlzurtGhU9/MMtv+PHvGTgk5VjVqcff eP/x3y+bsmDltNfehlsCJzR7YHWygz67tBnEVNmeEte9bXjEXdGR6PfE0tL7xBsNvoG9u0NdsFOZ MaDPQ+l35qz/eMrrqx+fmz9/w+b+se1/PCJJUww3+p5hpxHFG+4H0uLD3XLBoQqvHGY3rqJgiLDI IWnTxww8XHW5rORUeFjHeXmfTv193rQ31v5qfl5yjy5ZA3rTPhptTqIPA2VUVN8lbJo0Je8N/h2W fxJO3AQaGsJJCWqEGAJEd2jYJIbl120gqw0cBTGwbyP0UEceR/+iCn1SAkOF0FSU1ohMCFXoH+PR HXgLlhCaqMq6Hf8Kg5DowA47ABBsTGXu5FLkSsEPtAxvgeskHGgJo9qc2iA5wvyqpkCKNJuuaDL6 o13iH9IhTYc5wNtCkAhHyy6aGgWMxU0+/g/9GJKeoMkHzgAAAABJRU5ErkJggg== --_004_CBE35EDBE4727C4BAD013A73D993FE6B04B2870CA605EMBX01WFjnp_--